What is new in BigFix 10 Platform
BigFix 10 Platform provides new features and enhancements.
- Patch 12
-
- VMware Plugin enhancements
- The VMware Plugin has been extended with inspectors and action
commands to improve the management capabilities for both host and
guest systems.
For details, see Introduction to Cloud Plugins, Configuring cloud plugins, VMware Asset Discovery Plugin Inspectors and VMware Plugin Commands.
- Library and drivers upgrades
-
- The libcURL library was upgraded to Version 8.6.0.
- The ODBC driver was upgraded to Version 17.10.6.
- Patch 11
-
- Added support for BigFix Agent
- Added support for BigFix Agent running on VIOS 3.1.3.
- Library and drivers upgrades
-
- The libcURL library was upgraded to Version 8.5.0.
- The ODBC driver was upgraded to Version 17.10.5.
- Patch 10
-
- Use “Microsoft Print to PDF” printer driver for exporting PDF reports in Web Reports
- Starting from BigFix Platform 10.0.10, Web Reports can generate PDF reports using the “Microsoft Print to PDF” printer driver. BigFix recommends that you take advantage of this driver by running Task ID 5436. Refer to On Windows Systems for more information.
- Relay Drive Space Protection From Downloads
- BigFix Platform adds now the capability to prevent the BigFix Relay
ActiveDownloads folder from filling up, by using a new setting
named
_BESRelay_Download_ActiveDownloadsMaxSizeMB
, which represents the maximum size, specified in MB, that the folder can reach.For details, see Managing Downloads.
- Plugin Portal - Optimized devices data serialization
- Plugin Portal optimization in terms of memory usage of the plugin portal machine as well as in the evaluation time of fixlet and analysis, with this leading to an increased responsiveness in returning data and executing actions on discovered devices.
- New set of REST APIs
- BigFix Platform now supports a new set of Rest APIs that enable
exploiters such as the BigFix WebUI to access the Download status of
the actions. These Rest APIs allow also to re-submit failed
downloads.
For details, see Action.
- Added support for BigFix Agent
- Added support for BigFix Agent running on MacOS 14 ARM/x86 64-bit.
- Added support for new database level
-
- Microsoft SQL Server 2022 support.
- Microsoft SQL Server 2022 deployed in a docker container.
For details, see Installing a server with remote database deployed in a docker container and Database requirements.
- Library upgrades
-
- The libcURL library was upgraded to Version 8.1.2.
- The JQuery library was upgraded to Version 3.6.4.
- The OpenSSL library was upgraded to Version 1.0.2zh.
- The Xerces library was upgraded to Version 3.2.4.
- Patch 9
-
- Improved certificate management for HTTPS downloads
- Starting from BigFix Platform 10.0.9, BigFix introduces an improved
management for the CA bundles used in HTTPS downloads, in order to
grant more flexibility in the configuration.
For details, see Customizing HTTPS for downloads.
- MongoDB removal from Plugin Portal
- Starting from BigFix Platform 10.0.9, MongoDB is no longer a
prerequisite for installing and upgrading the Plugin Portal. The
migration of the reports from the MongoDB, if present, will not
require manual steps; it will be automatically executed at the
initial startup of the Plugin Portal after the upgrade.
For details, see The Plugin Portal.
- Support for AWS IMDSv2
- Starting from BigFix Platform 10.0.9, Amazon Web Services (AWS)
metadata are retrieved using Amazon IMDSv2 protocol.
For details, see cloud provider.
- Library upgrades
-
- The OpenSSL library was upgraded to Version 1.0.2zg.
- The libcURL library was upgraded to Version 7.88.1.
- Patch 8
-
- Optionally disable local operators to comply with most recent Cyber Security guidelines
- Starting from BigFix Platform 10.0.8, you can decide to optionally
disable all local operators from logging into the BigFix Console,
Web Reports and WebUI, in favour of the LDAP-based operators. This
feature may be used to comply with most recent cybersecurity
guidelines and standards.
For details, see Disabling local operators.
- Enhance audit capabilities of your BigFix deployment with new audit logs
- BigFix Platform 10.0.8 introduces a new audit log file which tracks
every access and action performed using the BigFix Administration
Tool when used via the GUI on Windows or when used via the command
line on Windows/Linux.
For details, see Server audit logs and Logging.
- Get more flexibility in writing relevance statements with regular expressions by leveraging the Perl Regular Expressions standard
- BigFix Platform 10.0.8 makes available a new client inspector which
allows writing regular expressions based on the Perl Regular
Expressions standard. This capability is available on Windows
only.
For details, see regular expression.
- BigFix Agent supports RHEL systems with FIPS mode enabled
- You can now install the BigFix Agent on Red Hat systems where FIPS
mode is enabled. This is possible as the RPM package delivered with
BigFix Platform 10.0.8 supports the sha256 digest in the RPM header,
adding another level of security, required to deal with systems in
FIPS mode.
For details, see Red Hat Installation Instructions.
- Enhanced flexibility for handling Linux BigFix services via full systemd support
- BigFix Platform 10.0.8 introduces full support for the systemd
services for all main Platform components while still supporting
init.d for backward compatibility.
For details, see Managing the BigFix Services.
- Simplify troubleshooting via new installation logs
- BigFix Platform 10.0.8 makes available new installation log files
for fresh Windows/Linux installations and upgrades. This release
also improves logging capabilities for CDT installations.
For details, see Logging.
- Enhanced prefetch actionscript command to deal with sites implementing the HTTP to HTTPS redirection
- BigFix Platform 10.0.8 adds the capability for the prefetch
actionscript command to deal with HTTP to HTTPS redirect requests.
The prefetch command will handle the redirections both for
server/relay and client.
For details, see Managing Downloads.
- Upgrade from SQL Server Native Client to Microsoft ODBC Driver
- Platform 10.0.8 moves from supporting and shipping SQL Server Native
Client 2012 to supporting and shipping the Microsoft ODBC Driver
17.
Given some differences in how the two drivers can be configured, any customization of the BigFix ODBC data sources done prior to upgrading to Version 10.0.8 might no longer work as expected after upgrading to Version 10.0.8. Therefore, if starting from a non-default configuration, after upgrading to Version 10.0.8, it is recommended to review and verify the consistency and effectiveness of the BigFix ODBC data source configurations.
For details, see Configuring ODBC data sources.
- Get a more current view of your infrastructure via the new automatic clean-up approach for proxied endpoints
- The Plugin Portal now implements a clean-up process for proxied
endpoints, allowing to automatically delete proxied endpoints that
are no longer discovered by the plugins (both cloud and MDM). This
will help you to get a more up-to-date status of your
infrastructure.
For details, see Discovering cloud resources.
- Use the Computer Remover to implement different clean up policies for native and proxied endpoints
- The Computer Remover is now able to deal with both native and
proxied endpoints. You can use Computer Remover to specify the type
of endpoint and implement different clean up policies based on that.
Additionally, the new version of the Computer Remover reduces to 7
days the minimum value accepted for the “Remove Deleted Computers”
option.
For details, see Computer Remover.
- BigFix Console logging and diagnostics
- Improvements have been made in logging and diagnostic approaches for the BigFix Console, to better understand system capability and bottlenecks. A future publication will provide guidance on leveraging this capability.
- Added support for BigFix Agent
- Added support for BigFix Agent
running on:
- Amazon Linux 2 on ARM Graviton 64-bit.
- Amazon Linux 2023 x86 64-bit.
- Amazon Linux 2023 on ARM Graviton 64-bit.
- Oracle Enterprise Linux 9 x86 64-bit.
- Red Hat Enterprise Linux 9 PPC 64-bit LE on Power 9 and Power 10.
- Rocky Linux 8 x86 64-bit.
- Rocky Linux 9 x86 64-bit.
- Library upgrades
-
- The libcURL library was upgraded to Version 7.86.0.
- The libssh2 library was upgraded to Version 1.10.0.
- The ICU library was upgraded to Version 54.2.
- The JQuery UI library was upgraded to Version 1.13.2.
- The SQLite library was upgraded to Version 3.39.3.
- Patch 7
-
- Enable Direct Download based on network
- This new feature enables you to allow the Direct Download only for
BigFix Clients connected to a specific subnet.
For details, see Managing Downloads.
- Restart download after Relay switch
- This new feature allows you to interrupt the download in progress on
a Relay switch.
For details, see Managing Downloads.
- Enhanced site Rest API to show the site display name and NMO permissions
- BigFix Platform 10.0.7 introduces enhancements to the site Rest API
to return a new element which consists in the site display name as
shown in the BigFix Console. The site Rest API has also been
enhanced to show the requester permissions on a specified site.
For details, see Site.
- Retrieve VM Custom Attributes via the VMware Cloud Plugin
- Starting with BigFix Platform 10.0.7, the VMware Plugin can also
retrieve VM Custom Attributes, in addition to the current retrieved
properties. This information is visible in the BigFix Console and in
the WebUI.
For details, see The cloud analyses data.
- Client certificate
- To comply with the modern industry standards, the lifespan of
BigFix Agent client certificates will be reduced to 13 months.
For details, see Client certificate.
- Web Reports reauthentication
-
To enhance security for Web Reports, changes to some specific pages now require to re-authenticate using your current credentials.
For details, see Performing the reauthentication.
- Added support for BigFix Relay
- Added support for BigFix Relay
running on:
- Red Hat Enterprise Linux 9 x86 64-bit.
- Ubuntu 22.04 LTS x86 64-bit.
- Added support for BigFix Agent
- Added support for BigFix Agent
running on:
- AIX 7.2 on Power 10.
- AIX 7.3 on Power 9 and Power 10.
- Debian 11 x86 64-bit.
- MacOS 13 ARM/x86 64-bit.
- Red Hat Enterprise Linux 8 on Power 10.
- Red Hat Enterprise Linux 9 x86 64-bit.
- SUSE Linux Enterprise 15 on Power 10.
- Ubuntu 22.04 LTS x86 64-bit.
- Added support for Active Directory 2016 or 2019
- Added support for Active Directory 2016 or 2019 with Forest
functional level Windows Server 2016 and Enterprise Certification
Authority for BigFix Server
running on Windows only.
For details, see Integrating the BigFix Windows server with Active Directory.
- Library upgrades
-
- The libcURL library was upgraded to Version 7.83.1.
- Patch 6
-
- Added support for BigFix Agent
-
Added support for BigFix Agent running on Raspberry Pi OS 11 on Raspberry Pi 4.
- Performance improvements in the Plugin Portal to reduce RunAction execution time
- The Plugin Portal supports full BigFix scale for cloud and mobile devices and is now more efficient than ever. Memory requirements have been reduced by 89% per plugin, with an 18% improvement in the Run Actions execution time.
- Library upgrades
-
- The OpenSSL library was upgraded to Version 1.0.2zd.
- The zlib library was upgraded to Version 1.2.12.
- The jQuery library was upgraded to Version 3.6.0.
- The jQuery UI library was upgraded to Version 1.13.1.
- Patch 5
-
- Specify custom installation path for the Plugin Portal
- When installing the Plugin Portal on Windows, you can now specify a
custom installation path.
For details, see The Plugin Portal.
- Added the possibility of limiting AWS plugin scanned regions
- When installing the AWS plugin, you can now specify the allowed
regions.
For details, see Limit AWS Regions to restrict the scope of device discovery.
- Added support for BigFix Server and BigFix Console
- Added support for BigFix Server and BigFix Console running on Windows Server 2022.
- Added support for BigFix Relay
- Added support for BigFix Relay running on Tiny Core 12.
- Library upgrades
-
- The libcURL library was upgraded to Version 7.79.1.
- The OpenSSL library was upgraded to Version 1.0.2zb.
- Patch 4
-
- AWS IAM role support
- You can now take advantage of AWS IAM roles to perform cloud
instance discovery and management. This adds further flexibility in
the management of AWS credentials as permissions may now be
leveraged either through IAM users or through IAM roles.
For details, see Installing cloud plugins.
- Simplified action targeting to correlated endpoints
- You can now create computer groups based on properties retrieved on
endpoints both by the BigFix Agent
and the Plugin Portal. This will allow for example creating groups
for cloud endpoints based on the properties associated to the cloud
instances which you can, then, use to target actions to be run by
the BigFix Agent.
For details, see Creating Server Based Computer Groups.
- Reduce network traffic by limiting PeerNest UDP messages on specific subnets
- When using the PeerNest feature, you can now reduce the network
traffic associated to PeerNest UDP messages exchanged by the
endpoints connected to the same subnet. This can be useful in
situations where you have a number of BigFix
Clients running in a VPN infrastructure.
For details, see Working with PeerNest.
- Leverage on MS-PowerShell on ActionScript
- Beside BigFix Action Script, UNIX Shell Script and AppleScript you can now also leverage on MS-PowerShell for Action Scripts.
- Simplify BigFix Agent deployments with improved CDT UI
- The User Interface of the Client Deployment Tool (CDT) has been
enhanced to allow users to provide more easily inputs with multiple
client settings and credentials. This will speed up the BigFix Agent
deployment in scenarios where you have multiple targets and the
targets have different credentials or you need to specify multiple
custom client settings.
For details, see Deploying clients from the console.
- Enhanced visibility of licensing information
- The BigFix License Overview Dashboard has been improved to provide a better
visibility of the licensing information associated to your BigFix
deployment. You can now have better insights on the status of the
different entitlements as well as get a better understanding of the
BigFix offerings your endpoints are subscribed to.
For details, see License Overview dashboard.
- Support 5x more endpoints through a single Plugin Portal instance
- In BigFix 10.0.4, the Plugin Portal management capabilities have grown from
10,000 to 50,000 endpoints per instance. This in turn will reduce
your total cost of ownership in scenarios where you have to manage a
high number of cloud or MCM endpoints.
For details, see The Plugin Portal.
- Added support for BigFix Console
- Added support for BigFix
Console running on:
- Windows 11 21H2.
- Windows 11 22H2.
- Windows 11 23H2.
- Windows 11 24H2.
- Added support for BigFix Relay
- Added support for BigFix Relay
running on:
- Tiny Core 11.
- Windows Server 2022.
- Windows 11 21H2.
- Windows 11 22H2.
- Windows 11 23H2.
- Windows 11 24H2.
- Added support for BigFix Agent
- Added support for BigFix Agent
running on:
- Windows Server 2022.
- Windows 11 21H2 x86-64.
- Windows 11 22H2 x86-64.
- Windows 11 23H2 x86-64.
- Windows 11 24H2 x86-64.
- MacOS 12 ARM/x86 64-bit.
- Security vulnerabilities and library upgrades
-
- The libcURL library was upgraded to Version 7.77.0.
- The OpenLDAP library was upgraded to Version 2.4.58.
- The SQlite library was upgraded to Version 3.35.5.
- Patch 3
-
- Added support for BigFix Relay, Console and Agent
-
Added support for BigFix Relay, Console and Agent running on Windows 10 Version 22H2.
- Added support for BigFix Relay, Console and Agent
-
Added support for BigFix Relay, Console and Agent running on Windows 10 Version 21H2.
- Added support for BigFix Relay, Console and Agent
-
Added support for BigFix Relay, Console and Agent running on Windows 10 Version 21H1.
- Added support for BigFix Agent
- Added support for BigFix Agent running on MacOS 11 ARM64.
- Security vulnerabilities and library upgrades
-
- The SQLite library was upgraded to Version 3.34.1.
- The OpenLDAP library was upgraded to Version 2.4.56.
- The OpenSSL library was upgraded to Version 1.0.2y.
- Added property to the operating system inspector
- A new property named
display version
was added to theoperating system
inspector. This property returns the Windows operating system version and returns valid information only for Windows 10 20H2 and later Windows 10 versions.
- Patch 2
-
- Install BigFix Agent on AWS or Azure VMs by using cloud APIs
- You can now install the BigFix Agent
in AWS and Azure environments by leveraging the cloud provider
services and APIs. With this enhancement, you can speed up the
deployment of agents without the need for deploying and configuring
the Client Deploy Tool (CDT), and providing OS access credentials
for target cloud instances.
For details, see BigFix Agent installation on cloud resources.
- Improved performance and resilience via guided tuning of the MS-SQL configuration
- The installer now checks for and optionally adjusts suboptimal
configuration in terms of DoP (Degree of Parallelism) and CTFP (Cost
Threshold for Parallelism) of an SQL Server instance. In case of
configuration issues that cannot be solved automatically, you are
provided with enough background and guidance.
For details, see SQL Server parallelism optimization.
- Leverage Docker images for root server DB in Windows
- You can now leverage official Ubuntu-based images of MS SQL Server
for Docker as a remote database for the Windows BigFix root
Server. Platform 10.0.2 officially certifies the MS SQL Server 2017
and MS SQL Server 2019 Docker containers.
For details, see Detailed system requirements.
- Improved PeerNest behavior in case of large payloads
- Starting with this release, you can elect peers to download files
based on the peer cache size too – only specific clients will
download large files directly from the Relay. This prevents clients
not having enough cache from initiating downloads which in turns
helps increase efficiency and reduce network bandwidth utilization.
For details, see Peer to peer mode.
- Accelerate responses by allowing clients to use additional CPU in download phase
- You can now speed up the operations to evaluate the hash
(sha1/sha256) code of downloaded files by temporarily directing the
BigFix Client to use additional CPU. This results in a consistent time
optimization for the download phase since the time required for the
hash evaluation decreases as the engaged CPU increases.
For details, see List of settings and detailed descriptions.
- Added support for BigFix Server
-
Added support for BigFix Server running on Red Hat Enterprise Linux (RHEL) 8 x86 64-bit.
- Added support for BigFix Relay
-
Added support for BigFix Relay running on Raspbian 10 on Raspberry Pi 4.
- Added support for BigFix Agent
-
Added support for BigFix Agent running on:
- Debian 10 x86 64-bit.
- MacOS 11 x86 64-bit.
- Ubuntu 20.04 LTS PPC 64-bit LE on Power 8.
- Added support for new database levels
-
- DB2 Version 11.5.4 / 11.5.5 / 11.5.6 / 11.5.7 / 11.5.8 /
11.5.9 Stardard Edition support.Note: Ensure that you upgrade BigFix to Version 10 Patch 2 or higher, before upgrading DB2 11.5.0 to 11.5.4 / 11.5.5 / 11.5.6 / 11.5.7 / 11.5.8 / 11.5.9.
- Microsoft SQL Server 2019 support.
- Microsoft SQL Server 2017 and 2019 deployed in a docker container.
- DB2 Version 11.5.4 / 11.5.5 / 11.5.6 / 11.5.7 / 11.5.8 /
11.5.9 Stardard Edition support.
- New RPM package required
- Starting from Patch 2, the unixODBC RPM package is a prerequisite for the Server components on Linux systems (see Server requirements).
- Upgraded libraries
- The libcURL file transfer library level was upgraded to Version 7.73.0.
- Patch 1
-
- Discover and report cloud assets, now also from Google Cloud Platform
-
With this feature, you can discover and manage visibility of your cloud assets across different cloud providers by using the Plugin Portal and plugins technology. To install the BigFix client on your discovered cloud assets, use the WebUI or the BigFix Console.
For details, see Extending BigFix management capabilities.
- Get more from audit logs
-
The audit log service now provides more details about logging in and out of the BigFix Server, and information on the IP addresses that the clients use to access the server.
For details, see Server audit logs.
- Enhanced security of TLS connections with support for Forward Secrecy
-
You can now leverage on the ephemeral Diffie-Hellman (DHE) and ephemeral elliptic curve Diffie-Hellman (ECDHE) for key exchange to increase the level of security of your deployment.
For details, see Using the DHE/ECDHE key exchange method.
- Mitigate network impact and bandwidth requirements with clients connected through VPN
-
You can now configure BigFix Client to take payloads directly from the internet based on a configurable list of sites. This helps you mitigate the network impact and bandwidth requirements associated with BigFix Relays that serve BigFix Clients connected through a VPN.
For details, see the configuration setting named
_BESClient_Download_DirectRecovery
described in List of settings and detailed descriptions. - Use Microsoft Office 365 as the email server for WebReports
-
In the earlier versions of BigFix Platform, Web Reports could only contact email servers by using the basic authentication over SMTP. In this release, you can schedule the sending of reports by using the Office 365 email server with OAuth 2.0 and credentials grant flow.
For details, see Setting Up Email.
- Added support for BigFix Relay
-
Added support for BigFix Relay running on Ubuntu 20.04 LTS on Intel.
- Added support for BigFix Agent
-
Added support for BigFix Agent running on:
- Ubuntu 20.04 LTS on Intel.
- Windows 10 Enterprise for Virtual Desktops.Note: For Windows 10 Enterprise for Virtual Desktops, the relevance expression "product info string of operating system" returns “Server RDSH”. This limitation is valid for Patch 1 only.
- Other enhancements
-
- Modified the installer to remove the setup of SQL Server
2016 SP1 - Evaluation from the options of the BigFix evaluation installation.
For details, see Performing an evaluation installation.
- Enhanced serviceability of PeerNest and BigFix Client debug log with more information and the
possibility to rotate and set a maximum size.
For details, see List of settings and detailed descriptions.
- Improved Client Deploy Tool (CDT) wizard. Simplified the
installation process for clients that are discovered by
the cloud plugins.
For details, see Installing the BigFix Agent on discovered resources.
- Upgraded the following external libraries:
- The libcURL file transfer library level was upgraded to Version 7.69.1.
- The Codejock library was upgraded to Version 19.2.0.
- The jQuery library was upgraded to Version 3.5.1.
- Modified the installer to remove the setup of SQL Server
2016 SP1 - Evaluation from the options of the BigFix evaluation installation.
- Version 10
-
- Multicloud support
-
BigFix 10 provides you with a single, comprehensive view of all your endpoints, regardless of whether they are in the cloud or on premise. This feature extends the BigFix capabilities to eliminate unmanaged cloud blind spots in your Amazon Web Services, Microsoft Azure, and VMware environments by using native cloud APIs to discover unmanaged servers across multiple cloud providers simultaneously. With this feature, you can also easily deploy the BigFix agent to provide deeper levels of visibility and control in order to bring your cloud devices into full management.
For details, see Extending BigFix management capabilities and Configuring cloud plugins.
- Enhanced security with an option to deploy relays as authenticating
-
As a BigFix Administrator, you can now choose to install Relays as authenticating at the time of deployment. By using this option, you can streamline the best practice of securing and configuring the internet-facing relays, thereby safeguarding your environment and data against threats.
For details, see Authenticating relays.
- Improved support for multiple Web Report servers for REST API calls
-
When you have multiple BigFix Web Reports servers in your environment, you can define a priority order in which you want specific queries sent to the REST API. This feature introduces more flexibility to the way you control your integrations, while avoiding potential impacts to your operational environment.
For details, see https://developer.bigfix.com/rest-api/api/webreports.html.
- Enhanced logging for the BigFix agent
-
The BigFix agent logs now include additional endpoint identification information (including OS, hostname, and IP address) and relay selection data to help you improve serviceability and simplify troubleshooting.
- Other enhancements
-
- Improvements to the Take Action Dialog to avoid targeting ‘all computers’ by default.
- Introduced MAC address as a reserved property.
- Added support for:
- BigFix Server on Windows Server 2019.
- BigFix Relay on SUSE Linux Enterprise Server (SLES) Version 15 on AMD/Intel.
- BigFix Relay on Red Hat Enterprise Linux Version 8 x86 64-bit on Intel.
- BigFix Relay and Agent on Amazon Linux 2. Note: For Amazon Linux 2, both the relay and the client packages are the Red Hat Enterprise Linux 6 packages.
- BigFix Agent on Oracle Enterprise Linux 8 on Intel.
- BigFix Agent on Red Hat Enterprise Linux 8 PPC 64-bit LE on Power 8 and 9.
- BigFix Agent on SUSE Linux Enterprise Server (SLES) Version 15 on s390x.
- The OpenSSL toolkit level was upgraded to Version 1.0.2u.
- OS and database support changes
-
BigFix 10 introduces some changes to the minimum supported versions of operating systems and databases for various BigFix components. Notable among these changes is that the BigFix 10 Server now requires:
- Either Windows Server 2012 R2 or later + SQL Server 2012 or later.
- Or Red Hat Enterprise Linux Version 7 + DB2 Version 11.5 GA.
For details, see Detailed system requirements.