Jump to main content
BigFix Documentation Homepage
BigFix V9.5 Platform Documentation
Welcome to the BigFix Platform documentation, where you can find information about how to install, maintain, and use BigFix.
Getting Started
Familiarize yourself with the BigFix infrastructure and key concepts necessary to understand how it works.
BigFix is a suite of products that provides a fast and intuitive solution for compliance, endpoint, and security management and allows organizations to see and manage physical and virtual endpoints through a single infrastructure, a single console, and a single type of agent.
BigFix platform
All the BigFix applications run on top of the BigFix platform.
BigFix applications
The BigFix solution comprises several application products that provide consolidated security and operations management, simplified and streamlined endpoint management, while increasing accuracy and productivity.
A sample architecture
A sample architecture helps you planning your environment.
Types of content
BigFix is based on contents. The generic term of content might represent data to distribute to targets, or instructions to run on targets, or queries to run on targets.
How to identify on which targets to apply content
BigFix helps you identify on which targets to apply content.
A patch management scenario
Follow the steps listed in these topics to learn how to deploy a patch using the Patch Management application on a newly installed BigFix server. All the steps are run from the BigFix console.
Platform guides in PDF format
Following is a list of links to the BigFix Platform user guides in PDF format:
Detailed system requirements
The content of this page has moved to the HCL Support site. You will be redirected shortly. If the auto-redirect fails for some reason, use this link: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0088288.
HTTPS across BigFix applications
This topic describes how the SSL/HTTPS communication works in BigFix applications and links the tasks on how to configure it.
Installation Guide
Learn the system requirements, licensing and installation instructions, and how to configure and maintain BigFix.
BigFix aims to solve the increasingly complex problem of keeping your critical systems updated, compatible, and free of security issues. It uses patented Fixlet technology to identify vulnerable computers in your enterprise. With just a few mouse-clicks you can remediate them across your entire network from a central console.
BigFix Platform Unicode Support Overview
BigFix Platform V9.5 gathers data from BigFix clients deployed with different code pages and languages, encode the data into UTF-8 format, and report it back to the BigFix server.
Sample deployment scenarios
The following deployment scenarios illustrate some basic configurations taken from actual case studies. Your organization might look similar to one of the examples below, depending on the size of your network, the various bandwidth restrictions between clusters and the number of relays and servers. The main constraint is not CPU power, but bandwidth.
Requirements and assumptions
BigFix runs efficiently using minimal server, network, and client resources.
Types of installation
Before you install the product, decide if you want to do an evaluation or production installation.
Managing licenses
You must obtain a license key before you can install and use BigFix.
Before installing
Before running the installation make sure that you read the following topics and run the requested activities if needed.
Installing on Windows systems
Now that you understand the terms and the administrative roles, you are ready to get authorized and install the programs.
Installing on Linux systems
After understanding the terms and the administrative roles, you are ready to actually get authorized and install the programs.
Installing the clients
Install the BigFix client on every computer in your network that you want to administer, including the computer that is running the console.
BigFix Administration Tool
The BigFix Administration Tool, also called BESAdmin, is the tool we use to perform configuration changes and maintenance operations.
Post-installation configuration steps
After having run the installation, make sure that you read the following topics and run the requested activities if needed.
Managing relays
Relays can significantly improve the performance of your installation.
Introduction to Tiny Core Linux - BigFix Virtual Relay
Follow the step-by-step sequence of operations needed to build the virtual machine, from the downloading of the ISO image to the complete setup and configuration of the BigFix Virtual Relay.
Setting up a proxy connection
If your enterprise uses a proxy to access the Internet, your BigFix environment can use that communication path to gather content from sites.
Running backup and restore
You can schedule periodic backups (typically nightly) of the BigFix server and database files, to reduce the risk of losing productivity or data when a problem occurs by restoring the latest backup.
Upgrading on Windows systems
Upgrading on Linux systems
Known limitations and workarounds
This section describes the known limitations and possible workarounds.
This section describes the log files associated with the BigFix components.
Uninstalling the BigFix client
Configuration Guide
Learn how to configure BigFix according to your needs.
This guide explains additional configuration steps that you can run in your environment after installation.
BigFix Site Administrator and Console Operators
In BigFix there are two basic classes of users.
Integrating with LDAP
You can add Lightweight Directory Access Protocol (LDAP) associations to BigFix.
Enabling SAML V2.0 authentication for LDAP operators
Starting from Version 9.5.5, BigFix supports SAML V2.0 authentication via LDAP-backed SAML identity providers.
Using multiple servers (DSA)
Here are some of the important elements of multiple server installations:
Server object IDs
The BigFix server generates unique IDs for the objects that it creates: Fixlets, tasks, baselines, properties, analysis, actions, roles, custom sites, computer groups, management rights, subscriptions.
Customizing HTTPS for Gathering
You can gather license updates and external sites by using the HTTP or HTTPS protocol on a BigFix server or in an airgapped environment.
Configuring secure communication
Real Time AV Exclusions
BigFix Console, Server and Relay components of the architecture perform high volume file operations.
Downloading files in air-gapped environments
In air-gapped environments, to download and transfer files to the main BigFix server, use the Airgap utility and the BES Download Cacher utility.
Getting client information by using BigFix Query
The BigFix Query feature allows you to retrieve information and run relevance queries on client workstations from the WebUI BigFix Query Application or by using REST APIs.
Persistent connections
Starting from Patch 11, the capability to establish persistent connections was added to the product.
Relays in DMZ
Starting from Patch 13, the capability to establish a persistent TCP connection between the parent relay in the more secure zone and its child relay inside the DMZ network was added to the product. This allows you to manage systems in a demilitarized zone (DMZ network).
Working with PeerNest
The BigFix client includes a new feature named PeerNest, that allows to share binary files among clients located in the same subnet. The feature is available starting from BigFix Version 9.5 Patch 11.
Archiving Client files on the BigFix Server
You can collect multiple files from BigFix clients into an archive and move them through the relay system to the server.
BigFix Configuration Settings
A number of advanced BigFix configuration settings are available that can give you substantial control over the behavior of the BigFix suite. These options allow you to customize the behavior of the BigFix server, relays, and clients in your network.
Additional configuration steps
These topics explain additional configuration steps that you can run in your environment.
Migrating the BigFix Server (Windows/MS-SQL)
This section details the steps and operational procedures necessary for migrating the BigFix Server from existing hardware onto new computer systems.
Migrating the BigFix Server (Linux)
This section provides basic information on migrating your BigFix Server from existing Linux hardware onto new systems.
Server audit logs
Starting with BigFix version 9.5.11, the server audit logs include the following items:
List of advanced options
The following lists show the advanced options that you can specify in the Advanced Options tab of the BigFix Administrative tool on Windows systems, or in the BESAdmin.sh command on Linux systems using the following syntax:
Security Configuration Scenarios
BigFix provides the capability to follow the NIST security standards by configuring an enhanced security option.
Client Authentication
Client Authentication extends the security model used by BigFix to encompass trusted client reports and private messages.
Maintenance and Troubleshooting
If you are subscribed to the Patches for Windows site, you can ensure that you have the latest upgrades and patches to your SQL server database servers.
Console Operator's Guide
Learn how to work with the BigFix Console.
Accessing the console
The console is the visible face of BigFix, used by the operator to monitor and repair networked computers running the BigFix client.
Fixlets and Tasks
Actions are scripts that run on selected targets. They are used to fix policy violation and security exposures and to run configuration steps. Fixlet, tasks, and baselines depend on actions to run their remediation mission.
Client Computers
Computer Groups
Relays and Servers
Activating the license counting process
Displays and Reports
The Dialogs
Asset Discovery User's Guide
Learn how BigFix Asset Discovery works.
A brief overview on how BigFix discovers assets and on what are Scan Points.
Using Asset Discovery
How to operate and thing to know about Asset Discovery.
Unmanaged Asset Importer - NMAP
The following options will work as command line arguments to run the importer on its own. For example "UAImporter-NMAP -debugout output.txt -file testfile.xml".
Frequently asked questions
A list of the most frequently asked questions.
Web Reports Guide
Learn how the Web Reports feature extends the power of BigFix.
Configuring Web Reports
Web Reports is used whenever you want to view BigFix data that is spread over multiple databases in your deployment.
Using the Program
The Web Reports interface is simple and straightforward.
The Explore Data section of the program allows you to look at data collected from your entire BigFix network to filter it, and to create reports.
The Report List section of the program is accessed by clicking the appropriate tab from the top tab bar.
Administering the Program
The Administration section of the program lets you manage activities, filters, addresses, users, and databases.
Tasks for advanced users
Tasks unlikely to be needed by the typical user, but which can be of use to advanced users with specific customization needs.