Discovering software and hardware with disconnected scanner on Windows and UNIX

Available from 9.2.7. You can discover software and hardware inventory by using disconnected scans that do not require direct connection between the scanned computers and the BigFix server. Scripts that are provided in the disconnected scanner package initiate software and capacity scans, and prepare scan results that you later on upload to BigFix Inventory.

Disclaimer

Restriction: If you use the disconnected scanner for BigFix Virtualization Capacity, also referred to as subcapacity licensing, you must comply with the following rules:
  • You must obtain the approval from BigFix Compliance to use disconnected scans. To request for such an approval, contact your Sales Representative who will instruct you on how to contact BigFix Compliance.
  • Disconnected scans can be applied when the BigFix client cannot be installed due to technical, legal, business,or security reasons, or in case of other valid justification.
  • The disconnected scanner for BigFix Virtual Capacity can be deployed only to supported and eligible operating systems.
IBM i The BigFix client is not available for IBM iSeries, and thus it is the only method of software and hardware discovery on these systems. Unlike on other operating systems, approval from BigFix Compliance is not required to use disconnected scans on IBM i. For more information, see: Discovering software and hardware on IBM i.

Disconnected scans should be used with caution, especially when you use BigFix Inventory for subcapacity reporting. They require much more user control and manual maintenance including scanner and catalog updates, periodic transfer of data, and manual health checks to assure report correctness. The maintenance is customer responsibility because it is not automated as in case of the BigFix client.

Disconnected scanner package

To collect the software and hardware inventory data, you need an endpoint package that consists of:
  • Scanner
  • Configuration files
  • Scripts to run the scans and prepare the scan result package
The scripts initiate software and capacity scans, gather scan results, and adjust them to the format that is compatible with BigFix Inventory. If the scripts are not appropriate for your environment, you can edit and customize them, or create new scripts that better fit your needs.

Scalability

The default number of the result packages that can be imported at a time is limited to 1000. However, the disconnected scanner provides support for more packages. It is recommended not to exceed 10 000. To increase the number of output capacity, configure the transaction logs size and increase java heap. For more information, see: Tuning performance in medium and large environments.

Linux Additionally, for Linux systems, change the ulimit -n value to 4096.

Scan frequency

For information about default and minimal scan frequency as well as recommended frequency of importing scan results, see: Frequency of scans and uploads of data.

Multiple environments

When you have multiple environments, for example test and production, ensure that the following requirements are met:
  • Every computer reports only one of the environments.
  • Results of the disconnected scan from one environment are not uploaded to BigFix Inventory that monitors the other environment.

Limitations

  • Resource utilization, and metering data are not supported. For more information, see: Raw utilization of license metrics.
  • Scanning remote shared file systems is not supported.
  • Detailed hardware scan cannot be collected if you use the disconnected scan.
  • The disconnected scanner always collects full scans, not delta scans.
  • The directories that are excluded from software scans by default cannot be used as installation directories. To view the full list, see: List of excluded directories.
  • Solaris The Package Data report does not provide any information in the Description column.
  • The information provided in the Operating System column might be slightly different for the computers that are scanned by the disconnected scan, and the computers scanned by a regular scan.
  • The disconnected scan does not include additional computer properties that are defined by the user. To collect these details, you need to define additional entries in the computer.yml file.