Home
Configuring
After you install BigFix Inventory, configure the application. Create accounts for the users who need access to the application and set up scans to collect software and hardware inventory data from your environment.
Setting up scans to discover software and hardware inventory
The scanner is an independent, well-defined component that is used by BigFix Inventory. It is installed and managed through the BigFix client, and it enables the software and capacity scans. Software and capacity scans collect data that is later on displayed on the BigFix Inventory reports. For environments with up to a few thousand computers, you can enable the default scan configuration. In this case, the analyses are activated and software and capacity scans as well as uploads of their results are scheduled automatically on the computers that are subscribed to the BigFix Inventory site. For larger environments, it is advisable to divide the computers into groups and manually configure a separate scan schedule for each group to avoid performance issues.
Discovering software and hardware on IBM i
Available from 9.2.5. You can discover software and hardware inventory on IBM i systems by using disconnected scans that do not require direct connection between the scanned computers and the BigFix server. Scripts that are provided in the disconnected scanner package initiate software and capacity scans, and prepare scan results that you later on upload to BigFix Inventory.
Disconnected scanner maintenance and troubleshooting
Available from 9.2.5. You can use the maintenance and troubleshooting tasks related to the disconnected scanner to monitor the scan progress, optimize the processor usage during the scan, understand and fix the most common issues, or learn more about the log files.
Using NFS to automate the transfer of scan results
Available from 9.2.5. You can use NFS to automate the transfer of scan results from your IBM i systems to the BigFix Inventory server. The results will be stored in a shared directory and imported by BigFix Inventory without any additional actions.

Configuring
After you install BigFix Inventory, configure the application. Create accounts for the users who need access to the application and set up scans to collect software and hardware inventory data from your environment.
- Creating users and groups
  Each user who has access to BigFix Inventory must be assigned a role and a computer group. The role defines which reports and panels the user can view. The computer group narrows down the scope of these reports and panels to computers that meet certain criteria.
- Setting up scans to discover software and hardware inventory
  The scanner is an independent, well-defined component that is used by BigFix Inventory. It is installed and managed through the BigFix client, and it enables the software and capacity scans. Software and capacity scans collect data that is later on displayed on the BigFix Inventory reports. For environments with up to a few thousand computers, you can enable the default scan configuration. In this case, the analyses are activated and software and capacity scans as well as uploads of their results are scheduled automatically on the computers that are subscribed to the BigFix Inventory site. For larger environments, it is advisable to divide the computers into groups and manually configure a separate scan schedule for each group to avoid performance issues.
  - Frequency of scans and uploads of data
    By default, software and capacity scans are scheduled with a frequency that meets auditing requirements. If you want to change the default frequency, ensure that the new setup fulfills the minimal requirements and all considerations.
  - Default scan configuration
    Default scan configuration is advised for environments with up to a few thousand computers. It ensures that the required analyses are activated and software and capacity scans as well as uploads of their results are scheduled automatically. These actions are necessary to collect data from the computers in your infrastructure and to display it on the BigFix Inventory reports. You can enable the default scan configuration during the configuration of BigFix Inventory connections to the databases or when adding another data source.
  - Manual scan configuration
    Manual scan configuration is advised for environments with more than a few thousand computers. It requires that analyses are activated and software and capacity scans as well as uploads of their results are scheduled manually after the installation. These actions are necessary to collect data from the computers in your infrastructure and display in on the BigFix Inventory reports. Flexibility of the manual scan configuration allows for avoiding performance issues that might occur when you scan too many computers at the same time.
  - Advanced scan configuration
    After you successfully schedule software and capacity scans and the scan data is displayed on the BigFix Inventory reports, you can further customize the scans. For example, you can exclude directories from software scans or scan remote shared file systems.
  - Discovering software and hardware on IBM i
    Available from 9.2.5. You can discover software and hardware inventory on IBM i systems by using disconnected scans that do not require direct connection between the scanned computers and the BigFix server. Scripts that are provided in the disconnected scanner package initiate software and capacity scans, and prepare scan results that you later on upload to BigFix Inventory.
    - Disconnected scanner requirements
      Available from 9.2.5. The list of disk space requirements, the supported IBM i version compatible with the disconnected scanner and other relevant requirements.
    - Adding a new data source for disconnected scans
      Available from 9.2.5. All scan results are imported to BigFix Inventory from a directory dedicated to disconnected scans. You must add this directory as a data source to allow BigFix Inventory to check its content and import all packages that are stored within. The packages are imported during each data import.
    - Preparing installation files for disconnected scans
      Available from 9.2.5. After you add the data source, prepare the installation package and distribute it to IBM i endpoints. The package should contain the disconnected scanner and configuration files used to initiate the scans. These files are downloaded from the BigFix console. The package should also contain the software catalog that is downloaded from BigFix Inventory.
    - Installing the scanner and gathering initial data
      Available from 9.2.5. After you copied the installation files and the software catalog to your IBM i systems, start the installation and the initial scans.
    - Running software scans and gathering scan results
      Available from 9.2.5. The script that is responsible for the software scan collects the results of the catalog-based, package data, and software ID tags scan as well as retrieves results of the capacity scan and the computer.yml file. All these results are combined and compressed into a common ZIP package that can be imported to BigFix Inventory.
    - Importing scan results to BigFix Inventory
      Available from 9.2.5. To import new scan results to BigFix Inventory, copy the package to the disconnected scans directory that you added as a data source.
    - Disconnected scanner maintenance and troubleshooting
      Available from 9.2.5. You can use the maintenance and troubleshooting tasks related to the disconnected scanner to monitor the scan progress, optimize the processor usage during the scan, understand and fix the most common issues, or learn more about the log files.
      - Updating the scanner and the scripts
        Available from 9.2.5. Both the scanner and the scripts are updated on a regular basis to introduce improvements and new functions. To update the scanner, once again download all the required files, and copy them into the /cit directory in IFS on your IBM i system, or other directory where the previous version is already located.
      - Decommissioning computers with disconnected scanners
        Available from 9.2.5. When you decommission a computer that is no longer in use, you can mark it as decommissioned on the Computers report, so that it is not displayed in BigFix Inventory.
      - Uninstalling the disconnected scanner
        Available from 9.2.5. If you no longer need the disconnected scanner to scan the IBM i system, you can uninstall it from any endpoint.
      - Understanding the Deployment Health and Scan Health
        Available from 9.2.5. Deployment Health and Scan Health contain information about your clients and the scans that were initiated. You can view this information on the Deployment Health, and Scan Health widgets on the dashboard, or on the Computers report. Deployment Health excludes all the disconnected datasource endpoints. To properly understand values that are displayed for IBM i systems, see the explanation of particular columns on the Computers report.
      - Using NFS to automate the transfer of scan results
        Available from 9.2.5. You can use NFS to automate the transfer of scan results from your IBM i systems to the BigFix Inventory server. The results will be stored in a shared directory and imported by BigFix Inventory without any additional actions.
      - Monitoring the scan progress
        Available from 9.2.5. In case of any problems with the software scan, you can check whether the scan was started or completed, and view some extra information about the scanned directories.
      - Troubleshooting the discovery
        Available from 9.2.5. The troubleshooting section lists the most common issues you might encounter while discovering software and hardware inventory with the disconnected scanner. The main objective of troubleshooting is to determine why something does not work as expected and explain how to resolve the problem.
    - (Optional) Manually installing the scanner and running the scans
      Available from 9.2.5. scripts that automate the scans are not appropriate for your environment, and you need to customize the execution of scans without changing the required scan frequency, refer to this appendix. The appendix describes how to run each scan, how to collect the results, and finally how to create the final package that can be uploaded to BigFix Inventory manually. The automated scripts, however, remain a recommended way of discovering on IBM i systems.
- Performing optional configuration
  You can perform optional configuration tasks to further customize the application.
- Classifying the BigFix client used by multiple BigFix products
  BigFix client is a component that is common for all products from the BigFix family. If you have a number of BigFix products installed, the client must be classified as used by these products. Because the client is usually installed on all computers in the enterprise, its manual classification can be time-consuming. To reduce the amount of time and resources that are needed to perform this task, you can generate license tags. The tags mark the client as used by the BigFix products that are installed in your infrastructure. The information is later on reflected in BigFix Inventory without the need of manual classification.

Using NFS to automate the transfer of scan results

Available from 9.2.5. You can use NFS to automate the transfer of scan results from your IBM i systems to the BigFix Inventory server. The results will be stored in a shared directory and imported by BigFix Inventory without any additional actions.

About this task

You can use NFS in several configurations:

BigFix Inventory acts as an NFS server
Each IBM i acts as an NFS server
You use a separate NFS server

In this procedure, BigFix Inventory installed on Linux acts as an NFS server and shares a directory with an IBM i system that acts as an NFS client. The scan results saved into the shared directory on IBM i system are readily available to BigFix Inventory. The scenario can be adopted to be used in the Windows environment.

Procedure

Configure the BigFix Inventory server to allow transfer by using NFS.
1. Install the nfs-utils package.
2. Configure the firewall to allow the NFS-related traffic from IBM i systems.
3. Create a directory for the disconnected scans results, and change its ownership and rights.
```
mkdir /disconnected
chown nfsnobody:nfsnobody /disconnected
chmod 755 /disconnected
```
4. Add this directory as a data source.
5. Edit /etc/exports, and add the directory to the list of shared directories. The following example shows a single IP address of an IBM i system, but you can specify a range of addresses.
```
/disconnected 	172.16.0.31(rw,sync)
```
6. Refresh the NFS configuration.
```
exportfs -a
```
On the IBM i system, create an output directory for scan results and mount the shared directory from the BigFix Inventory server.
This step connects these directories. Whenever you save files into /bfi_server, they will also be available in the /disconnected directory on the BigFix Inventory server.
```
MKDIR '/bfi_server'
ADDMFS TYPE(*NFS) MFS('IP_address_of_BFI_server:/disconnected') MNTOVRDIR('/bfi_server') OPTIONS(*DFT)
```
Open the default /cit directory, or other directory where you store the disconnected scan scripts, and modify the following property in the configure_scan.sh script to save all scan results into the new output directory.
```
PACKAGE_OUTPUT_DIR="/bfi_server"
```
Run the software scan to collect new scan results. When the scan is complete, the package with scan results can be imported to BigFix Inventory by running a data import.