Learn how to configure BigFix according to your needs.
Things to consider when configuring custom certificates.
Welcome to the BigFix Platform documentation, where you can find information about how to install, maintain, and use BigFix.
The content of this page has moved to the HCL Support site. You will be redirected shortly. If the auto-redirect fails for some reason, use this link: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0087327.
Following is a list of links to the BigFix Platform user guides in PDF format:
BigFix 10.0.1.41 complies with the requirements of the standard ISO/IEC 15408 (Common Criteria) v. 3.1 for the assurance level: EAL2
Use this section to become familiar with BigFix infrastructure and key concepts necessary to understand how it works.
This topic describes how the SSL/HTTPS communication works in BigFix applications and links the tasks on how to configure it.
Learn the system requirements, licensing and installation instructions, and how to configure and maintain BigFix.
This guide explains additional configuration steps that you can run in your environment after installation.
In BigFix there are two basic classes of users.
You can add Lightweight Directory Access Protocol (LDAP) associations to BigFix.
Starting from Version 9.5.5, BigFix supports SAML V2.0 authentication via LDAP-backed SAML identity providers.
Starting from BigFix Version 10.0.8, this feature provides a mechanism where the creation and use of any local operator is prohibited in favor of LDAP-based operators.
Some important elements of multiple server installations.
The BigFix server generates unique ids for the objects that it creates: Fixlets, tasks, baselines, properties, analysis, actions, roles, custom sites, computer groups, management rights, subscriptions.
By default, BigFix 10.0 Patch 1 components use the DHE/ECDHE key exchange method if the version of the BigFix component on the other side of the SSL communication allows it.
Ensure that the private key and the certificate files have the following format and structure.
Procedure to register a certificate.
Procedure to generate a self-signed certificate (cert.pem) from a certificate request file (cert.csr).
cert.pem
cert.csr
To encrypt HTTPS Web Reports with a certificate that browsers implicitly trust, request a signed certificate from a trusted Certificate Authority (or CA) such as Verisign as follows.
The BigFix root server is configured to use HTTPS by default when it gets installed and creates its own certificate during the installation. If you want to replace it, you need to configure HTTPS manually.
BigFix Console, Server and Relay components of the architecture perform high volume file operations. This activity is a substantial part of the functionality that these BigFix architecture components provide.
In air-gapped environments, to download and transfer files to the main BigFix server, use the Airgap utility and the BES Download Cacher utility.
The BigFix Query feature allows you to retrieve information and run relevance queries on client workstations from the WebUI BigFix Query Application or by using REST APIs.
The Plugin Portal is a new component introduced in BigFix 10 to help manage cloud devices as well as modern devices such as Windows 10 and MacOS endpoints enrolled to BigFix. For details on modern client management, see the Modern Client Management documentation.
BigFix 10 delivers a few significant new functions for enhancing the visibility and management of devices on your network regardless of whether the devices are physical or virtual.
The capability to establish persistent connections was added to the product.
The capability to establish a persistent TCP connection between the parent relay in the more secure zone and its child relay inside the DMZ network was added to the product. This allows you to manage systems in a demilitarized zone (DMZ network).
The BigFix Client includes a new feature named PeerNest, that allows to share binary files among Clients located in the same subnet. The feature is available starting from BigFix Version 9.5 Patch 11.
You can collect multiple files from BigFix clients into an archive and move them through the relay system to the server.
A number of advanced BigFix configuration settings are available that can give you substantial control over the behavior of the BigFix suite. These options allow you to customize the behavior of the BigFix server, relays, and clients in your network.
These topics explain additional configuration steps that you can run in your environment.
This section details the steps and operational procedures necessary for migrating the BigFix Server from existing hardware onto new computer systems.
This section provides basic information on migrating your BigFix Server from existing Linux hardware onto new systems.
The BigFix Server generates a server audit log file which contains the access information (login/logout) and information about the actions performed through the Console or the WebUI by the different users.
The following lists show the advanced options.
BigFix provides the capability to follow the NIST security standards by configuring an enhanced security option.
To comply with the modern industry standards, starting from product version 10.0.7, the client certificate of the BigFix Agent will have a validity period of 13 months.
Client Authentication (introduced in version 9) extends the security model used by BigFix to encompass trusted client reports and private messages.
If you are subscribed to the Patches for Windows site, you can ensure that you have the latest upgrades and patches to your SQL server database servers.
Learn how to work with the BigFix Console.
Learn how BigFix Asset Discovery works.
Learn how the Web Reports feature extends the power of BigFix.
Read this guide for an introduction to the WebUI tools, concepts, and terminology.
Read this guide for information about installing and administering the WebUI.
This glossary provides terms and definitions for the Modern Client Management for BigFix software and products.