Jump to main content
BigFix Documentation Homepage
BigFix V9.5 Platform Documentation
Welcome to the BigFix Platform documentation, where you can find information about how to install, maintain, and use BigFix.
Familiarize yourself with the BigFix infrastructure and key concepts necessary to understand how it works.
BigFix is a suite of products that provides a fast and intuitive solution for compliance, endpoint, and security management and allows organizations to see and manage physical and virtual endpoints through a single infrastructure, a single console, and a single type of agent.
BigFix platform
All the BigFix applications run on top of the BigFix platform.
BigFix applications
The BigFix solution comprises several application products that provide consolidated security and operations management, simplified and streamlined endpoint management, while increasing accuracy and productivity.
A sample architecture
A sample architecture helps you to plan your environment.
Types of content
BigFix is based on contents. The generic term of content might represent data to distribute to targets, or instructions to run on targets, or queries to run on targets.
How to identify on which targets to apply content
BigFix helps you to identify on which targets to apply content
A patch management scenario
Follow the steps listed in these topics to learn how to deploy a patch using the Patch Management application on a newly installed BigFix server. All the steps are run from the BigFix console.
Platform guides in PDF format
Following is a list of links to the BigFix Platform user guides in PDF format:
Detailed system requirements
The tables in this section provide detailed information about the system requirements for BigFix 9.5.
HTTPS across BigFix applications
This topic describes how the SSL/HTTPS communication works in BigFix applications and links the tasks on how to configure it.
Learn the system requirements, licensing and installation instructions, and how to configure and maintain BigFix.
BigFix aims to solve the increasingly complex problem of keeping your critical systems updated, compatible, and free of security issues. It uses patented Fixlet technology to identify vulnerable computers in your enterprise. With just a few mouse-clicks you can remediate them across your entire network from a central console.
BigFix Platform Unicode Support Overview
Sample deployment scenarios
The following deployment scenarios illustrate some basic configurations taken from actual case studies. Your organization might look similar to one of the examples below, depending on the size of your network, the various bandwidth restrictions between clusters and the number of relays and servers. The main constraint is not CPU power, but bandwidth.
Assumptions and requirements
Security Configuration Scenarios
Types of installation
Managing licenses
Before installing
Installing on Windows systems
Installing on Linux systems
After understanding the terms and the administrative roles, you are ready to actually get authorized and install the programs.
Post-installation configuration steps
Managing relays
Introduction to Tiny Core Linux - BigFix Virtual Relay
Follow the step-by-step sequence of operations needed to build the virtual machine, from the downloading of the ISO image to the complete setup and configuration of the BigFix Virtual Relay.
Setting up a proxy connection
Running backup and restore
Upgrading on Windows systems
Upgrading on Linux systems
Known limitations and workarounds
This section describes the known limitations and possible workarounds.
This section describes the log files associated with the BigFix components.
Uninstalling the BigFix client
Learn how to configure BigFix according to your needs.
This guide explains additional configuration steps that you can run in your environment after installation.
BigFix Site Administrator and Console Operators
Integrating with LDAP
Enabling SAML V2.0 authentication for LDAP operators
Using multiple servers (DSA)
Server object IDs
The BigFix server generates unique ids for the objects that it creates: Fixlets, tasks, baselines, properties, analysis, actions, roles, custom sites, computer groups, management rights, subscriptions.
Customizing HTTPS for Gathering
Configuring secure communication
Real Time AV Exclusions
Downloading files in air-gapped environments
In air-gapped environments, to download and transfer files to the main BigFix server, use the Airgap utility and the BES Download Cacher utility.
Getting client information by using BigFix Query
The BigFix Query feature allows you to retrieve information and run relevance queries on client workstations from the WebUI BigFix Query Application or by using REST APIs.
Persistent connections
Starting from Patch 11, the capability to establish persistent connections was added to the product.
Relays in DMZ
Starting from Patch 13, the capability to establish a persistent TCP connection between the parent relay in the more secure zone and its child relay inside the DMZ network was added to the product. This allows you to manage systems in a demilitarized zone (DMZ network).
Peer to peer mode
Starting from Patch 11, the BigFix client includes a new feature named PeerNest, that allows to share binary files among clients located in the same subnet.
Archiving Client files on the BigFix Server
BigFix Configuration Settings
A number of advanced BigFix configuration settings are available that can give you substantial control over the behavior of the BigFix suite. These options allow you to customize the behavior of the BigFix server, relays, and clients in your network.
Additional configuration steps
These topics explain additional configuration steps that you can run in your environment.
Migrating the BigFix Server (Windows/MS-SQL)
This section details the steps and operational procedures necessary for migrating the BigFix Server from existing hardware onto new computer systems.
Migrating the BigFix Server (Linux)
This section provides basic information on migrating your BigFix Server from existing Linux hardware onto new systems.
Server audit logs
List of advanced options
Maintenance and Troubleshooting
Learn how to work with the BigFix Console.
Accessing the console
Fixlets and Tasks
Actions are scripts that run on selected targets. They are used to fix policy violation and security exposures and to run configuration steps. Fixlet, tasks, and baselines depend on actions to run their remediation mission.
Client Computers
Computer Groups
Relays and Servers
Activating the license counting process
Client-Relay-Server Authentication
Displays and Reports
The Dialogs
Learn how BigFix Asset Discovery works.
A brief overview on how BigFix discovers assets and on what are Scan Points.
Using Asset Discovery
How to operate and thing to know about Asset Discovery.
Unmanaged Asset Importer - NMAP
The following options will work as command line arguments to run the importer on its own. For example "UAImporter-NMAP -debugout output.txt -file testfile.xml".
Frequently asked questions
A list of the most frequently asked questions.
Learn how the Web Reports feature extends the power of BigFix.