HCL BigFix offers a Unified Endpoint Management platform that enhances security, reduces costs, and simplifies IT operations across hybrid, multi-cloud environments through a centralized control structure.
| Product | Mindshare (%) |
|---|---|
| BigFix | 1.7% |
| Microsoft Defender for Endpoint | 6.8% |
| CrowdStrike Falcon | 6.0% |
| Other | 85.5% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Endpoint Protection Platform (EPP) | Jun 23, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jun 23, 2026 | Download |
| Comparison | BigFix vs CrowdStrike Falcon | Jun 23, 2026 | Download |
| Comparison | BigFix vs Microsoft Defender for Endpoint | Jun 23, 2026 | Download |
| Comparison | BigFix vs SentinelOne Singularity Endpoint | Jun 23, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| CrowdStrike Falcon | 4.3 | 6.0% | 97% | 140 interviewsAdd to research |
| Microsoft Intune | 4.1 | N/A | 95% | 378 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 23 |
| Midsize Enterprise | 7 |
| Large Enterprise | 58 |
| Company Size | Count |
|---|---|
| Small Business | 348 |
| Midsize Enterprise | 183 |
| Large Enterprise | 668 |
BigFix streamlines enterprise IT management by integrating infrastructure security, endpoint remediation, and employee experience automation within a single platform. It enables IT Operations and Security teams to function efficiently from a unified control plane, managing over 155 million endpoints. Its robust architecture supports continuous compliance and automated vulnerability remediation, closing the gap between detection and fix. It excels in digital employee experience by ensuring proactive monitoring and utilizing agentic AI for self-healing workflows and intelligent automation, thereby reducing manual efforts and enhancing productivity.
What are BigFix's key features?Industries such as telecom, finance, and industrial facilities leverage BigFix for comprehensive patch management, software deployment, and inventory solutions. They benefit from its capacity to support endpoint security, compliance, and diverse operational needs, using it for vulnerability assessment and custom content creation.
BigFix was previously known as Tivoli Endpoint Manager.
US Foods, Penn State, St Vincent's Health US Foods, Sabadell Bank, SunTrust, Australia Sydney, Stemac, Capgemini, WNS Global Services, Jebsen & Jessen, CenterBeam, Strauss, Christian Hospital Centre, Brit Insurance, Career Education Corporation
| Author info | Rating | Review Summary |
|---|---|---|
| Founder Director at Techsa Services | 4.5 | I've used BigFix for over 16 years, valuing its patch management, compliance, and efficient software distribution, though reporting and application control need improvement. Setup is straightforward, support is reliable, and I highly recommend it for larger organizations. |
| Technical Director at SYSTEX | 5.0 | I find BigFix effective for managing diverse operating systems like Windows and Linux, offering valuable features like inventory and software management. Despite some distribution delays, it outperforms alternatives such as Symantec when handling varied systems. |
| RPA Developer at Hexaware Technologies Limited | 3.5 | I use BigFix for endpoint security management, leveraging its integration capabilities with IBM tools and ILMT. It's effective for capturing inventory, although integration challenges exist. Despite some hardware configuration issues, it has positively impacted audit processes. |
| CEO at Novilis | 4.5 | We use BigFix for security patching and server automation, appreciating its lifecycle and compliance features, especially patching for multiple OS environments. While it enhances efficiency and reduces errors, its interface is less intuitive compared to competitors like SCCM and ManageEngine. |
| Solution Sales Specialist at TD SYNNEX | 5.0 | I've used BigFix for 1.5 months and appreciate its patch management and software deployment features, though pricing could improve. Support is responsive, and I'd recommend it, rating the product 8 out of 10 overall. |
| Security Architect at CDW | 4.5 | I use BigFix primarily for patch management, security templates, and software distribution across companies. Its valuable features include integration with vulnerability scanners and real-time compliance capabilities. However, the console speed needs improvement for a smoother experience. |
| Freelance Senior IT Consultant at smak | 4.0 | BigFix provides stable, scalable, single-console management for inventory, compliance, and patching. I appreciate its simplicity and effectiveness, though I wish it supported more databases. New users should get initial support. |
| Global Tech Delivery Lead Win & EUC at Mondelēz International | 4.0 | I find BigFix to be strong security-wise and highly customizable, though it's not beginner-friendly. Its most valuable feature is patching, but improvements are needed for cloud capabilities and content delivery. Previously, I used Microsoft SCCM and evaluated Microsoft Engine. |
| Security Administrator at Dev Information Tech Pvt Ltd | 5.0 | As a BigFix administrator, I manage infrastructure tasks including patch deployment and vulnerability assessment. BigFix excels in real-time endpoint detection and prevents redundant deployments, though its console can be slow. It supports custom scripting for flexible deployments. |
| Chief Executive Officer at Catnip infotech private limited | 4.0 | I use BigFix for its security, patch management, and compliance features, which are crucial for large enterprises. It supports multiple platforms and offers robust auto patch updating, but could improve by incorporating local caching to minimize network usage during patching. |
BigFix has been serving us and our customers effectively, doing it for very large customers, banking customers, and stock market customers.
These implementations are mainly focused on patch management, compliance, and security configuration, including compliance reporting regarding whether the system is compliant to configurations and the latest updates.
Patch Compliance and Configuration Compliance of endpoints will see a dramatic increase once the BigFix solution is operational.
BigFix supports something known as Patch Policies, which allows users to define that whenever critical patches are released, they should get evaluated against machines and automatically deploy them.
Their software distribution is very efficient because they use a pull mechanism rather than a push mechanism, allowing each machine to download from the closest repository and install themselves.
The same assessment mechanism applies for real-time vulnerability remediation, allowing identification, evaluation, and automatic remediation across machines.
Compliance metrics typically measure the patch percentages deployed against the number of endpoints, which could be various device types including virtual machines and mobile devices.
Measurements are taken against each device type, looking into compliance percentages for browsers such as Chrome and Edge based on their versions.
The reporting still needs improvement since customers want specific reporting, such as N-1 month patching reports.
In addition to reporting improvements, there should be a feature for application control to allow or disallow certain applications from being executed on endpoints.
BigFix has been in use for over 16 years.
Technical support from HCL is satisfactory unless there are customization requirements, for which we engage with professional services.
Positive
Implementation was absolutely straightforward since we have been doing this for many years.
Typical implementation timing depends on the customer's environment; for 500 machines it could take about a week, while for 50,000 machines it could be a month.
The pricing is pretty good and now follows a subscription model similar to other major software solutions, making it easier for customers to subscribe and unsubscribe.
We will be starting with AppScan soon, but we continue to remain a BigFix partner.
I have been both partner and reseller of HCL.
I recommend BigFix for companies with over 500 endpoints.
We don't deal with any company smaller than a 500 count.
On a scale of 1-10, I rate BigFix a 9 out of 10.
A typical use case for BigFix involves managing a diverse range of clients, such as Windows, Linux, and various versions of Red Hat. My clients use BigFix since it is particularly beneficial when a company has many different types of operating systems. If a user has only one type, like just Windows, the benefit may not be as clear compared to other vendors. However, BigFix is a good solution for companies with diverse systems.
The BigFix features that have proven most effective include inventory, software delivery, software distribution, software catalog, and both software and hardware management. BigFix is a very powerful tool if you want to know how many clients are in your enterprise and control or distribute software effectively.
Implementing a business solution with BigFix has some issues, primarily concerning the time required for distribution to clients if there are too many.
Building a management console is quick and simple, taking only one to two hours for setup. However, a demo or trial may take over a week or two for completion.
I have worked with BigFix since 2011, which gives me over a decade of experience.
I would rate the stability of BigFix highly. On a scale from one to ten, with ten being the highest stability, I believe BigFix can handle large solutions effectively. It is suitable for installations in very small sizes of two hundred computers and medium sizes of up to fifteen thousand.
Budget considerations need to be accounted for, but the architecture is reliable for both small and large deployment needs.
I rate technical support from BigFix very highly. On a scale from one to ten, with ten being the highest quality, enterprise support provides timely responses, typically within four to eight hours. The response time is quick for test responses, and the quality is very good.
Positive
I have worked with solutions like Symantec alongside other endpoint collection tools. Many free or third-party providers offer these utilities. For enterprise solutions, Microsoft provides alternatives. This is my perspective, and other scenarios are similar, requiring a similar range of products.
In my experience, the initial setup of BigFix is very quick and simple.
I think BigFix is a very good solution, and I rate it ten out of ten.
I use BigFix for endpoint security management in my industry. It is an integrated solution that I use in collaboration with BigFix and IBM tools. I have integrated BigFix with ILMT and utilize it for operational purposes.
I use BigFix to capture the latest hardware and software information from all the endpoints and push that information to ILMT dashboard.
It has been reliable for endpoints that give accurate information. It has been effective in many cases. It has saved us from audits, so it has been effective in our use scenario.
I still work with BigFix. HCL Notes has been some time, more than eight to nine months now. I have been working with BigFix for more than seven years.
It is reasonable to have other endpoint management. BigFix was previously owned by IBM. I use this mainly to capture inventory for IBM products, and as BigFix was part of IBM, it gets easily integrated with IBM solutions.
While performing integration, we face many issues with IBM solution. We need detailed information about those issues that can help users to mitigate them.
The problem was related to the hardware configuration and hardware specifications. BigFix requires some minimum configuration requirements. It was not a critical issue, but we managed to resolve it.
I have been working with BigFix for more than seven years.
While performing integration, we face many issues with IBM solution. We need detailed information about those issues that can help users to mitigate them.
The problem was related to the hardware configuration and hardware specifications. BigFix requires some minimum configuration requirements. It was not a critical issue, but we managed to resolve it.
I am no longer working with anything by HCL or associated with that.
It has been effective in many cases. It has saved us from audits, so it has been effective in our use scenario.
I do not have experience with these.
I have not come across any difficulties. I integrated it with ILMT (IBM License Metric Tool).
It lets us identify all software being used in my organization with BigFix. It provides input of all types of software being used, including details and information about hardware specifications. I am more involved in software licensing and procurement, so I utilize this tool for procuring more licenses if needed for our company.
After integration, we get different dashboards showcasing our IBM infrastructure, highlighting various issues in our environment that we can mitigate.
I recommend BigFix to others. I rate BigFix a seven out of ten.
First, we use it for security patching on Windows and Linux.
Second, we use it for server automation procedures.
Third, we use the remote control feature of this solution.
The solution is very good and very advanced. It has so many elements that the other solutions don't have. For example, for organizations that are heterogeneous in their environment, BigFix is the best solution. For example, we don't only use Windows environments. We're using other environments, too. This is the reason why BigFix is better than SCCM.
We use the elements of lifecycle and compliance. First of all, the patching feature is very crucial.
First of all, the patching feature and the third-party patching feature. BigFix is one of the solutions that provides this not only for Windows but for other environments like Linux and Unix. This is very crucial for us. We are not using only Windows.
Secondly, there are always security breaches and so on. So whenever every vendor releases a patch, we don't have to worry as an organization. We receive the patches automatically, and BigFix spreads them automatically to our endpoints. This is the idea.
Moreover, we are aware that there are AI elements in BigFix that enhance endpoint management capabilities in the new version called Workspace Plus and Enterprise Plus. We are looking at it, and probably we will go for it in the next renewal. So the idea is in the plans.
From the perspective of the team that's handling the environment, it's not so user-friendly compared to other solutions, the competitors.
We hire new teams from time to time, and they are complaining, look, although BigFix is very robust and cross-platform, it's not so fun to work with. The user interface for the technical teams is not so advanced. It's not so intuitive compared to SCCM, compared to ManageEngine. And this is the fact that they have, with the teams, because they have the rejection.
The look and feel of the system are old-fashioned. For new employees, it's less easy to find someone I don't need to educate on how to work with BigFix.
Although it's easy, it's not as intuitive as the other solutions, and the functionality of the other solutions is less advanced. Let's summarize: The user interface has to be changed from the perspective of the teams that are managing the product. It's old school.
I have been using it for five years. We currently use version 11.
I would rate the stability a nine out of ten.
It is very stable. I don't have any complaints about the stability.
I would rate the scalability a nine out of ten. It is quite scalable. There are around 300 end users in the company.
We don't plan to increase further usage. It depends more on the organization's growth.
The initial setup is difficult for first-timers because the user interface for IT people is not so intuitive.
I would rate my experience with the initial setup a five out of ten, with ten being easy and one being difficult because of the user interface.
Deployment is quite fast if you know what you are doing. It can take one to two days.
I'm a manager. I was not the one who configured the system.
Regarding ROI, first of all, we use less human hours to do these procedures for our use cases. So this is the main cost-effective issue here. Less manpower, skilled manpower doing this.
There will also be fewer mistakes. Why? Because from time to time, the team forgets something or doesn't have enough time to do the right patching. So this solution reduces the manpower hours and mistakes. This is the idea of human manpower. This is perfect.
It reduces human mistakes and the time of manpower. I need less team. We are putting less workers' effort on this patching element or server automation element. We're reducing cost this way.
If you buy the whole package right now, this is what we are considering: the workspace and the enterprise. The cost of the whole package, the biggest package with the full functionality, is not high.
But if I use only the patch element, it's somehow expensive. Because the other solutions are quite cheap. But when we go higher to the fullest functionality, BigFix provides us with a better solution, even pricing-wise.
Overall, I would rate it a nine out of ten.
My advice: First of all, look at BigFix not only from the perspective of patching functionality. Most organizations, when it comes to BigFix, think about patching. This was the first functionality that BigFix came out with. You should consider BigFix as a total solution, replacing more than three or four tools. For example, do not purchase the solution as a patching solution only. Consider it for the whole offerings that BigFix offers you. This BigFix solution replaces more than three or four other products. For example, we are considering replacing our current remote control product and use BigFix functionality for remote control instead. And there are other solutions. So, you should look at BigFix from a wider perspective. Look, purchase it for the whole bundle, not only patching. Although there's still the option to purchase only patching, it's not wise. In my opinion, look at it and purchase the whole bundle.
I have been working at Tech Data for the last 12 plus years.
BigFix's patch management automation feature is impressive. The real-time vulnerability remediation feature regarding BigFix's software distribution effectiveness across large networks is valuable. BigFix's unified console for software deployment is a strong asset.
I have concerns about BigFix's pricing, which I find to be slightly on the higher side. While it may not be the most affordable or competitive option, there is room for improvement. Additional features could enhance the product further. I would rate BigFix as an 8 out of 10 as a product.
I have been using the solution for one and a half months.
Whenever we need any kind of support, the BigFix team is present and available. They help us effectively with our needs.
Positive
I would definitely recommend BigFix if I were in sales. I cannot say that BigFix is not the best option on the market. When I am selling this product, I would rate it on a higher side because I would not rate a product I am selling to a partner or end customer on a lower side. BigFix needs more promotion to increase awareness. The people who know this product are well-versed about it, but additional promotion is necessary to penetrate further into the market. Every market needs continuous promotion to grow. My overall rating for this review is 8 out of 10.
Our primary use cases for BigFix range from patch management and security templates to software distribution. These are essential tasks for endpoint management across various companies.
The tool's most valuable features are patching and integration with vulnerability scanners.
The compliance module in BigFix helps to maintain security compliance. It addresses standards such as CIS, DISA STIG, NIST, GDPR, and others, providing real-time capabilities to ensure adherence to these security templates.
The tool streamlines the endpoint patch management process through one console and agent. It's straightforward to deploy patches and policies, making the entire process intuitive.
The solution needs to improve console speed. I would like to see one console that does everything. It doesn't need to have a big client console.
I have been working with the product for 15 years.
The solution is very stable.
BigFix can support deployments ranging from as few as five hundred endpoints to as many as three hundred thousand endpoints on a single server. For larger deployments, additional servers can be added as needed. I rate its scalability a nine point five out of ten. My company has 50,000 users. Our clients are enterprise businesses.
The solution's support is good. The support is from India, and it's a challenge to get the right person.
Neutral
The solution's deployment is straightforward. However, implementation can be a challenge. Once everything is deployed, it is easy. The deployment process involves several steps: first, opening a firewall port; second, configuring antivirus exclusions; third, installing a database such as SQL Server or DB2. These tasks must be completed before deploying the solution. The overall process takes two days to complete.
The solution's deployment is done in-house.
You can see a quick ROI when you start exploring all the features.
The tool's price continues to go up. The cost per endpoint can vary, ranging from approximately 30 to 80 dollars per year. Compared to other products, pricing is in the middle. You need to buy an additional database license, but most users already have it.
When considering BigFix, I recommend exploring its capabilities beyond managing enterprise endpoints. It's beneficial to leverage its integration with mobile endpoints and compatibility with vulnerability scanners and platforms like ServiceNow.
I rate the overall product a nine out of ten. BigFix is integrating with AI through its new digital end-user experience feature. This capability automatically resolves issues such as performance problems and service restarts.
Our customers mainly use BigFix for inventory, compliance, patch management, and software deployment. We also use it with the IBM License Metrics Tool. Our customers are mostly in the telecom and financial sectors.
The solution has many useful features. Its main advantage is simplicity - you can do everything from one console, regardless of the task. It supports many operating systems and is scalable to up to 250,000 clients.
The solution is great for automation. It uses relevant language, and each client can send requests for information about files or other data. Based on the results, you can set up analyzers and actions. For example, in patch management, you can automatically deploy patches to clients that don't have the newest version.
For improvements, it would be good if BigFix supported more databases. Currently, it only supports DB2 and Microsoft SQL. Adding support for other databases like Oracle would be beneficial.
I have been working with the product for 15 years.
The tool is stable. I rate it a ten out of ten.
With BigFix, I've had customers manage from just one client to 80,000. I rate its scalability a nine out of ten.
The support from HCL is very helpful.
Positive
You need to consider network and firewall settings during deployment. But once you know what to do, it's quite simple - click through. I'd rate the setup process seven out of ten for ease.
The deployment process for BigFix, whether cloud or on-premises, takes about 3-4 hours. To deploy it, you first install the database and need a license file from HCL. The download is free and open to everyone. There's an installation generator for Windows, and you just run the download and set up.
I haven't faced challenges with BigFix, probably due to my 15 years of experience. I can usually handle any issues during installation or upgrades.
For those considering using the tool, I recommend having someone who can support you at the beginning of the implementation and installation. It's a quick learning process, but it's very important to understand how BigFix works at the start. Once you get that, you'll see it's quite good.
I rate the overall product an eight out of ten.
We have found that the solution is good security-wise. It’s customizable; however, you need good knowledge of the tool. It’s not for beginners.
In terms of compliance, we utilize compliance checklists and templates to ensure success. These templates help us evaluate the compliance and rating of our devices. For devices that do not meet compliance standards, we generate actionable items to address and fix the issues. Our security posture is improving by utilizing compliance analysis for all our devices.
I’ve found patching to be the most valuable feature of the solution.
The product should become cloud-based. Also, the peer nesting ability of the product is a little backward. It has a Peer messaging capability, like a peer-to-peer feature, but it's a bit backward compared to Microsoft's content delivery gateway. The content delivery needs to improve to accommodate new technology and move away from the old ways of deploying content.
In future releases, BigFix should become a complete cloud solution.
Regarding stability, I rate the solution a seven on ten. The solution requires a lot of customization. So, if you’re making a small change, you’ll need to ensure that everything is aligned with the change.
If you make a small mistake, then it's gonna be a problem.
The solution is not user-based but device based. We have 46,000 devices running 24/7. Since it’s a management tool, we manage it 24/7. We use it to its maximum capacity.
In terms of scalability, I would give the solution an eight on ten. It is scalable, but we need to purchase additional licenses. From a technical perspective, I would say eight. However, from a financial standpoint, it may be considered lower. Adding more devices requires purchasing more licenses, so in terms of the financial aspect, I would rate it around six or seven.
The customer service and support team is pretty good.
Positive
I used Microsoft System Center Configuration Manager (SCCM) before this solution. I switched because of CPO detection in the said solution.
I would rate my experience with the initial setup a seven out of ten, where one is difficult and ten is easy to set up. It's not straightforward.
We work with HCL directly. The solution was implemented through them. We installed it ourselves, from scratch, with the vendor shadowing us. We had to build servers and set up the infrastructure. The solution is currently deployed on-premises. That's why it's not straightforward, as we have to build the infrastructure.
That's why a cloud-based solution would be better, where everything is provisioned like a SaaS-based solution, similar to Microsoft.
The deployment took us around six months to complete the entire project, with multiple deliverables. Even with the features from BigFix, it took us at least a year for preparation and deployment.
We deployed the BigFix agent, and from there, we could deploy various fixes, logs, commands, and scripts. So, in simple terms, we just deployed the BigFix agent.
Around 20 people, including the vendor, were involved in the deployment process. It's like an entire project management team. You would have a project manager, a delivery lead, a technical delivery architect, and then you would have support teams for layers one to three.
There is regular maintenance required to fix any issues that arise. Currently, we have 20 people from HCL for day-to-day support.
Currently, I would rate seven on ten for the ROI of the solution, where one is zero percent, and ten is 100% ROI.
However, I will need another two to three years to probe the ROI.
From a technical standpoint, it's strong in security and flexibility, but it requires a lot of customization. It's not straightforward. If we compare it to Azure and ForceWise, it might be considered a bit costly. I'm not sure how to articulate it, but it's costly because I have to build my own infrastructure, whereas with other SaaS solutions, I don't need to do that.
So, the pricing is slightly more expensive than the others. I have to keep buying licenses every time I add a new device. If I require 1000 devices, I’ll need 1000 more licenses. So, the price mainly depends on the number of devices.
I evaluated Microsoft Engine before choosing this option. Overall, I would rate the solution an eight out of ten.
I’d like to advise them to learn, be certified, and hold a lot of discussions with the vendor.
Overall, I would rate the solution an eight out of ten.
I am supporting a client and serving as an administrator of BigFix. My responsibilities include taking care of the whole infrastructure, patch deployment, vulnerability scanning, vulnerability assessment, third-party application vulnerability mitigation, generating reports, and ensuring compliance with security standards such as the CIS checklist. We handle all the security standards related to BigFix.
BigFix has several good features. Firstly, its client on the endpoints consumes less than 2% of CPU memory. Unlike other solutions like CrowdStrike or Tenable, where clients communicate with the database once a day or collect data every two days, BigFix offers real-time detection of endpoints. For example, if we have predefined conditions for monthly OS patches on various operating systems like AIX, Windows, Linux, and Mac, BigFix provides its own external sites where patches released by Microsoft or Mac are stored. These patches and content are integrated with the BigFix network. Each patch or package has relevant conditions that continuously evaluate the endpoints to determine if they are applicable. When creating software packages, we ensure that relevant conditions are met to prevent redundant deployments. This is important as continuous patching without checks can lead to system corruption or device issues.
We are currently managing more than a hundred devices. So, upon creating a package with the relevant condition in place, there are already thousands of devices that have that specific package deployed. The condition checks to ensure that the package is not redeployed to those devices, avoiding any potential issues that can arise from repeated deployments.
In some internal solutions, continuously deploying patches to an endpoint can lead to system corruption, device hang-ups, or other problems. However, BigFix prevents such issues by evaluating the relevance of each patch and ensuring it is only deployed when necessary.
BigFix is an endpoint customer solution that offers various capabilities. It enables compliance management, pack management, software and OS deployment, and power management. You can also integrate One Ready scanning tools like Qualys or Tenable, allowing vulnerability feeds to be directly evaluated within BigFix.
If BigFix does not have a pre-existing solution, we can create our own scripts using its action script and relevant language. The platform supports multiple scripting languages, including PowerShell and Python, providing flexibility for deployments.
One aspect that could be improved is the speed of the console. Sometimes it can be slow, which is something that needs to be addressed. When compared to other solutions like Tenable or CrowdStrike, BigFix constantly communicates with the database in real time, which can cause some slowness.
I have been working dedicatedly with BigFix for the past five years. We are currently using version 10.0.4 of BigFix.
BigFix is stable overall. However, like any software, you may encounter occasional issues, but they are manageable.
It is a scalable solution. Scalability is relatively easy to achieve with BigFix. We already have a capacity planning guide in place that outlines predefined steps to check and scale the environment. It provides guidelines for designing the infrastructure to meet scalability requirements.
Currently, I'm working with a large enterprise that uses BigFix.
The technical support for BigFix is really amazing. There are dedicated technical support engineers available, and you can open tickets or seek help through the BigFix forum. Additionally, there are technical solution architects who can assist you. Just open a ticket with the Excel support team, and they will be there to help you.
The support is generally excellent, but there may be occasional delays due to their workload.
Positive
When it comes to the root server, you have the option to use either Windows or Linux. Deploying the root server is a straightforward process. Deploying the root server is the first step. After that, if you're considering deploying the complete infrastructure, you'll need to follow the capacity planning guidelines. It will help determine the appropriate infrastructure requirements. For instance, if you have 10,000 devices, it is recommended to use a server with at least 128 GB of RAM, 32-core processors, and a robust server configuration. You can choose to host it in a cloud-based environment or a dedicated environment, but it should meet the necessary specifications in terms of RAM and processor capacity.
Once you have the server set up, you will define your release strategy. This involves setting up top-level releases and renewal releases. The reason for having multiple releases is to distribute the load and avoid overburdening the root server. Top-level releases communicate with the root server and receive data from it, which they then distribute to the lower-level releases. These releases, in turn, distribute the data to the endpoints.
As for the installation process, it is quite straightforward. Once the root server is installed, you need to install the console. Once the console is installed, you can proceed to deploy clients or agents on the endpoints.
BigFix provides a built-in client deployment tool called the Data Tool. Using this tool, you can leverage your active directory credentials to scan and analyze your network, identifying devices that have or do not have BigFix installed. Once the scanning process begins, the tool will start deploying the agents to the appropriate endpoints. The installation of the agents does not require a reboot. However, when deploying the infrastructure itself, a reboot may be necessary. But for clients deployed on agents or endpoints, whether it's servers, Windows 10 machines, or Linux machines, the agent installation does not require a reboot.
Once the agents are installed, they automatically refresh themselves every 15 minutes. They communicate with the nearest relay to check if any new content needs to be deployed to that particular endpoint. The agent keeps checking with the relay and deploys content if there is any to be received.
For the complete infrastructure deployment, you need to follow capacity planning guidelines. This will help determine the required infrastructure.
Recently, we have set up new infrastructure, and capacity planning is a time-consuming process. Depending on the client and their requirements, it can take a couple of days to two weeks to finalize the agreement, especially if there are cost constraints. Companies often have limitations on project expenses. Once everything is finalized, it takes just one day to get the entire infrastructure up and running.
As for the endpoints, when we start deploying agents on laptops or desktops used by end users (not servers), it can take up to 30 days. This is because the agents are deployed as the endpoints come online intermittently. We keep the deployment policy open for five business days to accommodate this.
So, to summarize, infrastructure installation is typically completed within six to eight hours. After that, the network team checks the network utilization and load, and if necessary, they adjust the bandwidth. Deployment of agents onto clients usually takes about a week, but in server environments with a large number of servers (e.g., 5,000 servers), all the clients can be deployed within an hour or two. Once the entire infrastructure is up and running, we need to monitor the dashboards to ensure that BigFix is performing as expected. This monitoring period lasts for 30 days. Once everything is set up and functioning properly, we can start using BigFix.
For the basic setup of BigFix, you would typically require two architects: one familiar with Windows and another familiar with Linux. Additionally, networking expertise is needed to enable and disable certain ports. The involvement of various teams is necessary, especially the network team, which handles port opening and tunnel creation. For environments larger than 20,000 endpoints, two architects are needed. However, if the environment has around 5,000 to 10,000 endpoints, one architect is sufficient. Apart from the architects, you would also need two sole operators to manage all the modules within BigFix, such as inventory, compliance, cash management, and lifecycle management, which includes package deployment and patch deployment.
Currently, we have two people managing the maintenance of over a thousand devices. However, we recently increased the team to three members. They provide 24/5 support and handle various issues, including configuration and web application problems. If you require 24/5 support, it's recommended to have two architects and two operators who have a good understanding of BigFix. During peak times, the architects are available, and during off-peak hours, the operators can handle the tasks.
I would say that with great power comes great responsibility. As a BigFix admin, it is crucial to be careful and use the tool wisely. You have the ability to bring positive outcomes, but one incorrect deployment can have severe consequences and potentially disrupt the entire network.
Overall, I will give BigFix an alpha ten out of ten.
The use case for BigFix is for security, patch management, and compliance which is one of the most important parameters in large banking, and large enterprises where the customers would want to comply with their latest operating system protocols. The solution is also complying with the latest ISO 27001, which is a security compliance protocol as per ISO audit. BigFix helps in getting all these operating systems, and applications to the latest patch management levels possible. The solution makes the system more compliant and ready for our business and other IT operations.
The best feature of BigFix is its multi-platform support. Unlike other products, the solution supports Windows, Linux, and Unix. BigFix is able to support any operating system. When a customer buys, they don't need to look at multiple options. The second valuable feature is, BigFix also has an auto patch updating feature, where the latest patches, and what is required for my system are automatically downloaded and kept ready for me. The solution applies the patch and notifies me after applying the patch. BigFix also gives me a ping saying that I should reset my system within a certain period of time, while the patch is being applied. Let's say, the patch is being applied and if there's an issue, the solution can revoke the applied patch, and revert back to the old state.
BigFix is also a tool that has inventory management, where it can go ahead and find the inventories associated with the enterprise, and it can detect the auto inventory feature, which will help me in detecting those devices that have not been already accounted for. The solution can also help me in doing SAM, Software Asset Management work. Apart from this, BigFix also is something that works with tools such as VAPT, Vulnerability Assessment, and Penetration Testing tools, if the VAPT test is being done, whatever shortcomings were being taken by VAPT can be auto-updated using BigFix.
Only one thing has room for improvement, BigFix should create some amount of localization in the product. For example, in most enterprises, being a large bank doesn't mean that they have the best network. Their remote branches can be working on a minimal network. The solution should have some kind of a local caching methodology, where the patches can be taken locally into a localized relay server, and from there, the patch can be applied, so that there is not much usage of the network required. What is happening today is, every system, even for it to be patched, has to be on the internet. I would like to be able to apply patches locally without the requirement of the internet or at least minimal internet usage to apply a patch.
I have been using the solution for the last two years.
I give the stability of BigFix a nine out of ten. The solution is very stable.
I give the scalability of BigFix an eight out of ten.
The technical support for BigFix is really good.
Positive
The initial setup of BigFix is a seven out of ten because BixFix is not easy. BigFix is easy for the customer to use, but it is obviously going to be the details the customer provides.
The deployment might take approximately one to two months. But if the customer's network is bad, and they haven't done patching for many years, then it might extend well up to three to five months.
The deployment factors are going to be on three aspects. One is, how we work. What the customer's expectation is, then we have BigFix architecture, aligning it with the customer's expectation, and then deploy the central servers, put the relay servers, install agents, and start applying patches.
For deployment, we require a minimum of one to two people, and the maximum depends on the scalability of the business.
Our clients have seen a big return on investment with BigFix. More than 70 percent. The reason is, that when we take a BigFix sale to an organization with around 3,000 or 5,000 users, on average, as an implementation vendor, I'm able to make decent margins for the product, as well as it is yielding me a good amount of service revenue. The profits come out around more than 30, 40 percent overall, including the services put together, and the grand business that I get. By doing these things, I'm able to understand the customer's infrastructure very well. I'm able to look at their infrastructure, I'm able to look at how old the infrastructure is, what kind of devices they're using, and what is the new solution, which I can then propose to the client.
I give the cost of the solution a five out of ten. The price is moderate.
There's not much big cost. We only have to pay the agents' cost for the server, and for the systems.
I give the solution an eight out of ten.
BigFix is not going to give us the data automatically. As a system integration, from a technical vendor, we have to go onsite and look at the information, and then arrive at a solution, which is what we do. BigFix gives me a lot of drag revenue also.
I would recommend partners and customers use this solution because it makes them compliant, and in terms of security, levels are being upgraded. Last but not least, this is all part of security and compliance procedures, and keeping our system up to date. I recommend BigFix very strongly to my customers. The most important thing is the solution is a nice and stable product.
