What is new in BigFix 10 Platform

BigFix 10 Platform provides new features and enhancements.

Patch 12
VMware Plugin enhancements
The VMware Plugin has been extended with inspectors and action commands to improve the management capabilities for both host and guest systems.

For details, see Introduction to Cloud Plugins, Configuring cloud plugins, VMware Asset Discovery Plugin Inspectors and VMware Plugin Commands.

Library and drivers upgrades
  • The libcURL library was upgraded to Version 8.6.0.
  • The ODBC driver was upgraded to Version 17.10.6.
Patch 11
Added support for BigFix Agent
Added support for BigFix Agent running on VIOS 3.1.3.
Library and drivers upgrades
  • The libcURL library was upgraded to Version 8.5.0.
  • The ODBC driver was upgraded to Version 17.10.5.
Patch 10
Use “Microsoft Print to PDF” printer driver for exporting PDF reports in Web Reports
Starting from BigFix Platform 10.0.10, Web Reports can generate PDF reports using the “Microsoft Print to PDF” printer driver. BigFix recommends that you take advantage of this driver by running Task ID 5436. Refer to On Windows Systems for more information.
Relay Drive Space Protection From Downloads
BigFix Platform adds now the capability to prevent the BigFix Relay ActiveDownloads folder from filling up, by using a new setting named _BESRelay_Download_ActiveDownloadsMaxSizeMB, which represents the maximum size, specified in MB, that the folder can reach.

For details, see Managing Downloads.

Plugin Portal - Optimized devices data serialization
Plugin Portal optimization in terms of memory usage of the plugin portal machine as well as in the evaluation time of fixlet and analysis, with this leading to an increased responsiveness in returning data and executing actions on discovered devices.
New set of REST APIs
BigFix Platform now supports a new set of Rest APIs that enable exploiters such as the BigFix WebUI to access the Download status of the actions. These Rest APIs allow also to re-submit failed downloads.

For details, see Action.

Added support for BigFix Agent
Added support for BigFix Agent running on MacOS 14 ARM/x86 64-bit.

Added support for new database level
  • Microsoft SQL Server 2022 support.
  • Microsoft SQL Server 2022 deployed in a docker container.

For details, see Installing a server with remote database deployed in a docker container and Database requirements.

Library upgrades
  • The libcURL library was upgraded to Version 8.1.2.
  • The JQuery library was upgraded to Version 3.6.4.
  • The OpenSSL library was upgraded to Version 1.0.2zh.
  • The Xerces library was upgraded to Version 3.2.4.
Patch 9
Improved certificate management for HTTPS downloads
Starting from BigFix Platform 10.0.9, BigFix introduces an improved management for the CA bundles used in HTTPS downloads, in order to grant more flexibility in the configuration.

For details, see Customizing HTTPS for downloads.

MongoDB removal from Plugin Portal
Starting from BigFix Platform 10.0.9, MongoDB is no longer a prerequisite for installing and upgrading the Plugin Portal. The migration of the reports from the MongoDB, if present, will not require manual steps; it will be automatically executed at the initial startup of the Plugin Portal after the upgrade.

For details, see The Plugin Portal.

Support for AWS IMDSv2
Starting from BigFix Platform 10.0.9, Amazon Web Services (AWS) metadata are retrieved using Amazon IMDSv2 protocol.

For details, see cloud provider.

Library upgrades
  • The OpenSSL library was upgraded to Version 1.0.2zg.
  • The libcURL library was upgraded to Version 7.88.1.
Patch 8
Optionally disable local operators to comply with most recent Cyber Security guidelines
Starting from BigFix Platform 10.0.8, you can decide to optionally disable all local operators from logging into the BigFix Console, Web Reports and WebUI, in favour of the LDAP-based operators. This feature may be used to comply with most recent cybersecurity guidelines and standards.

For details, see Disabling local operators.

Enhance audit capabilities of your BigFix deployment with new audit logs
BigFix Platform 10.0.8 introduces a new audit log file which tracks every access and action performed using the BigFix Administration Tool when used via the GUI on Windows or when used via the command line on Windows/Linux.

For details, see Server audit logs and Logging.

Get more flexibility in writing relevance statements with regular expressions by leveraging the Perl Regular Expressions standard
BigFix Platform 10.0.8 makes available a new client inspector which allows writing regular expressions based on the Perl Regular Expressions standard. This capability is available on Windows only.

For details, see regular expression.

BigFix Agent supports RHEL systems with FIPS mode enabled
You can now install the BigFix Agent on Red Hat systems where FIPS mode is enabled. This is possible as the RPM package delivered with BigFix Platform 10.0.8 supports the sha256 digest in the RPM header, adding another level of security, required to deal with systems in FIPS mode.

For details, see Red Hat Installation Instructions.

Enhanced flexibility for handling Linux BigFix services via full systemd support
BigFix Platform 10.0.8 introduces full support for the systemd services for all main Platform components while still supporting init.d for backward compatibility.

For details, see Managing the BigFix Services.

Simplify troubleshooting via new installation logs
BigFix Platform 10.0.8 makes available new installation log files for fresh Windows/Linux installations and upgrades. This release also improves logging capabilities for CDT installations.

For details, see Logging.

Enhanced prefetch actionscript command to deal with sites implementing the HTTP to HTTPS redirection
BigFix Platform 10.0.8 adds the capability for the prefetch actionscript command to deal with HTTP to HTTPS redirect requests. The prefetch command will handle the redirections both for server/relay and client.

For details, see Managing Downloads.

Upgrade from SQL Server Native Client to Microsoft ODBC Driver
Platform 10.0.8 moves from supporting and shipping SQL Server Native Client 2012 to supporting and shipping the Microsoft ODBC Driver 17.

Given some differences in how the two drivers can be configured, any customization of the BigFix ODBC data sources done prior to upgrading to Version 10.0.8 might no longer work as expected after upgrading to Version 10.0.8. Therefore, if starting from a non-default configuration, after upgrading to Version 10.0.8, it is recommended to review and verify the consistency and effectiveness of the BigFix ODBC data source configurations.

For details, see Configuring ODBC data sources.

Get a more current view of your infrastructure via the new automatic clean-up approach for proxied endpoints
The Plugin Portal now implements a clean-up process for proxied endpoints, allowing to automatically delete proxied endpoints that are no longer discovered by the plugins (both cloud and MDM). This will help you to get a more up-to-date status of your infrastructure.

For details, see Discovering cloud resources.

Use the Computer Remover to implement different clean up policies for native and proxied endpoints
The Computer Remover is now able to deal with both native and proxied endpoints. You can use Computer Remover to specify the type of endpoint and implement different clean up policies based on that. Additionally, the new version of the Computer Remover reduces to 7 days the minimum value accepted for the “Remove Deleted Computers” option.

For details, see Computer Remover.

BigFix Console logging and diagnostics
Improvements have been made in logging and diagnostic approaches for the BigFix Console, to better understand system capability and bottlenecks. A future publication will provide guidance on leveraging this capability.
Added support for BigFix Agent
Added support for BigFix Agent running on:
  • Amazon Linux 2 on ARM Graviton 64-bit.
  • Amazon Linux 2023 x86 64-bit.
  • Amazon Linux 2023 on ARM Graviton 64-bit.
  • Oracle Enterprise Linux 9 x86 64-bit.
  • Red Hat Enterprise Linux 9 PPC 64-bit LE on Power 9 and Power 10.
  • Rocky Linux 8 x86 64-bit.
  • Rocky Linux 9 x86 64-bit.
Library upgrades
  • The libcURL library was upgraded to Version 7.86.0.
  • The libssh2 library was upgraded to Version 1.10.0.
  • The ICU library was upgraded to Version 54.2.
  • The JQuery UI library was upgraded to Version 1.13.2.
  • The SQLite library was upgraded to Version 3.39.3.
Patch 7
Enable Direct Download based on network
This new feature enables you to allow the Direct Download only for BigFix Clients connected to a specific subnet.

For details, see Managing Downloads.

Restart download after Relay switch
This new feature allows you to interrupt the download in progress on a Relay switch.

For details, see Managing Downloads.

Enhanced site Rest API to show the site display name and NMO permissions
BigFix Platform 10.0.7 introduces enhancements to the site Rest API to return a new element which consists in the site display name as shown in the BigFix Console. The site Rest API has also been enhanced to show the requester permissions on a specified site.

For details, see Site.

Retrieve VM Custom Attributes via the VMware Cloud Plugin
Starting with BigFix Platform 10.0.7, the VMware Plugin can also retrieve VM Custom Attributes, in addition to the current retrieved properties. This information is visible in the BigFix Console and in the WebUI.

For details, see The cloud analyses data.

Client certificate
To comply with the modern industry standards, the lifespan of BigFix Agent client certificates will be reduced to 13 months.

For details, see Client certificate.

Web Reports reauthentication

To enhance security for Web Reports, changes to some specific pages now require to re-authenticate using your current credentials.

For details, see Performing the reauthentication.

Added support for BigFix Relay
Added support for BigFix Relay running on:
  • Red Hat Enterprise Linux 9 x86 64-bit.
  • Ubuntu 22.04 LTS x86 64-bit.
Added support for BigFix Agent
Added support for BigFix Agent running on:
  • AIX 7.2 on Power 10.
  • AIX 7.3 on Power 9 and Power 10.
  • Debian 11 x86 64-bit.
  • MacOS 13 ARM/x86 64-bit.
  • Red Hat Enterprise Linux 8 on Power 10.
  • Red Hat Enterprise Linux 9 x86 64-bit.
  • SUSE Linux Enterprise 15 on Power 10.
  • Ubuntu 22.04 LTS x86 64-bit.
Added support for Active Directory 2016 or 2019
Added support for Active Directory 2016 or 2019 with Forest functional level Windows Server 2016 and Enterprise Certification Authority for BigFix Server running on Windows only.

For details, see Integrating the BigFix Windows server with Active Directory.

Library upgrades
  • The libcURL library was upgraded to Version 7.83.1.
Patch 6
Added support for BigFix Agent

Added support for BigFix Agent running on Raspberry Pi OS 11 on Raspberry Pi 4.

Performance improvements in the Plugin Portal to reduce RunAction execution time
The Plugin Portal supports full BigFix scale for cloud and mobile devices and is now more efficient than ever. Memory requirements have been reduced by 89% per plugin, with an 18% improvement in the Run Actions execution time.

Library upgrades
  • The OpenSSL library was upgraded to Version 1.0.2zd.
  • The zlib library was upgraded to Version 1.2.12.
  • The jQuery library was upgraded to Version 3.6.0.
  • The jQuery UI library was upgraded to Version 1.13.1.
Patch 5
Specify custom installation path for the Plugin Portal
When installing the Plugin Portal on Windows, you can now specify a custom installation path.

For details, see The Plugin Portal.

Added the possibility of limiting AWS plugin scanned regions
When installing the AWS plugin, you can now specify the allowed regions.

For details, see Limit AWS Regions to restrict the scope of device discovery.

Added support for BigFix Server and BigFix Console
Added support for BigFix Server and BigFix Console running on Windows Server 2022.
Added support for BigFix Relay
Added support for BigFix Relay running on Tiny Core 12.

Library upgrades
  • The libcURL library was upgraded to Version 7.79.1.
  • The OpenSSL library was upgraded to Version 1.0.2zb.
Patch 4
AWS IAM role support
You can now take advantage of AWS IAM roles to perform cloud instance discovery and management. This adds further flexibility in the management of AWS credentials as permissions may now be leveraged either through IAM users or through IAM roles.

For details, see Installing cloud plugins.

Simplified action targeting to correlated endpoints
You can now create computer groups based on properties retrieved on endpoints both by the BigFix Agent and the Plugin Portal. This will allow for example creating groups for cloud endpoints based on the properties associated to the cloud instances which you can, then, use to target actions to be run by the BigFix Agent.

For details, see Creating Server Based Computer Groups.

Reduce network traffic by limiting PeerNest UDP messages on specific subnets
When using the PeerNest feature, you can now reduce the network traffic associated to PeerNest UDP messages exchanged by the endpoints connected to the same subnet. This can be useful in situations where you have a number of BigFix Clients running in a VPN infrastructure.

For details, see Working with PeerNest.

Leverage on MS-PowerShell on ActionScript
Beside BigFix Action Script, UNIX Shell Script and AppleScript you can now also leverage on MS-PowerShell for Action Scripts.
Simplify BigFix Agent deployments with improved CDT UI
The User Interface of the Client Deployment Tool (CDT) has been enhanced to allow users to provide more easily inputs with multiple client settings and credentials. This will speed up the BigFix Agent deployment in scenarios where you have multiple targets and the targets have different credentials or you need to specify multiple custom client settings.

For details, see Deploying clients from the console.

Enhanced visibility of licensing information
The BigFix License Overview Dashboard has been improved to provide a better visibility of the licensing information associated to your BigFix deployment. You can now have better insights on the status of the different entitlements as well as get a better understanding of the BigFix offerings your endpoints are subscribed to.

For details, see License Overview dashboard.

Support 5x more endpoints through a single Plugin Portal instance
In BigFix 10.0.4, the Plugin Portal management capabilities have grown from 10,000 to 50,000 endpoints per instance. This in turn will reduce your total cost of ownership in scenarios where you have to manage a high number of cloud or MCM endpoints.

For details, see The Plugin Portal.

Added support for BigFix Console
Added support for BigFix Console running on:
  • Windows 11 21H2.
  • Windows 11 22H2.
  • Windows 11 23H2.
  • Windows 11 24H2.
Added support for BigFix Relay
Added support for BigFix Relay running on:
  • Tiny Core 11.
  • Windows Server 2022.
  • Windows 11 21H2.
  • Windows 11 22H2.
  • Windows 11 23H2.
  • Windows 11 24H2.
Added support for BigFix Agent
Added support for BigFix Agent running on:
  • Windows Server 2022.
  • Windows 11 21H2 x86-64.
  • Windows 11 22H2 x86-64.
  • Windows 11 23H2 x86-64.
  • Windows 11 24H2 x86-64.
  • MacOS 12 ARM/x86 64-bit.
Security vulnerabilities and library upgrades
  • The libcURL library was upgraded to Version 7.77.0.
  • The OpenLDAP library was upgraded to Version 2.4.58.
  • The SQlite library was upgraded to Version 3.35.5.
Patch 3
Added support for BigFix Relay, Console and Agent

Added support for BigFix Relay, Console and Agent running on Windows 10 Version 22H2.

Added support for BigFix Relay, Console and Agent

Added support for BigFix Relay, Console and Agent running on Windows 10 Version 21H2.

Added support for BigFix Relay, Console and Agent

Added support for BigFix Relay, Console and Agent running on Windows 10 Version 21H1.

Added support for BigFix Agent
Added support for BigFix Agent running on MacOS 11 ARM64.

Security vulnerabilities and library upgrades
  • The SQLite library was upgraded to Version 3.34.1.
  • The OpenLDAP library was upgraded to Version 2.4.56.
  • The OpenSSL library was upgraded to Version 1.0.2y.
Added property to the operating system inspector
A new property named display version was added to the operating system inspector. This property returns the Windows operating system version and returns valid information only for Windows 10 20H2 and later Windows 10 versions.
Patch 2
Install BigFix Agent on AWS or Azure VMs by using cloud APIs
You can now install the BigFix Agent in AWS and Azure environments by leveraging the cloud provider services and APIs. With this enhancement, you can speed up the deployment of agents without the need for deploying and configuring the Client Deploy Tool (CDT), and providing OS access credentials for target cloud instances.

For details, see BigFix Agent installation on cloud resources.

Improved performance and resilience via guided tuning of the MS-SQL configuration
The installer now checks for and optionally adjusts suboptimal configuration in terms of DoP (Degree of Parallelism) and CTFP (Cost Threshold for Parallelism) of an SQL Server instance. In case of configuration issues that cannot be solved automatically, you are provided with enough background and guidance.

For details, see SQL Server parallelism optimization.

Leverage Docker images for root server DB in Windows
You can now leverage official Ubuntu-based images of MS SQL Server for Docker as a remote database for the Windows BigFix root Server. Platform 10.0.2 officially certifies the MS SQL Server 2017 and MS SQL Server 2019 Docker containers.

For details, see Detailed system requirements.

Improved PeerNest behavior in case of large payloads
Starting with this release, you can elect peers to download files based on the peer cache size too – only specific clients will download large files directly from the Relay. This prevents clients not having enough cache from initiating downloads which in turns helps increase efficiency and reduce network bandwidth utilization.

For details, see Peer to peer mode.

Accelerate responses by allowing clients to use additional CPU in download phase
You can now speed up the operations to evaluate the hash (sha1/sha256) code of downloaded files by temporarily directing the BigFix Client to use additional CPU. This results in a consistent time optimization for the download phase since the time required for the hash evaluation decreases as the engaged CPU increases.

For details, see List of settings and detailed descriptions.

Added support for BigFix Server

Added support for BigFix Server running on Red Hat Enterprise Linux (RHEL) 8 x86 64-bit.

Added support for BigFix Relay

Added support for BigFix Relay running on Raspbian 10 on Raspberry Pi 4.

Added support for BigFix Agent
Added support for BigFix Agent running on:
  • Debian 10 x86 64-bit.
  • MacOS 11 x86 64-bit.
  • Ubuntu 20.04 LTS PPC 64-bit LE on Power 8.
Added support for new database levels
  • DB2 Version 11.5.4 / 11.5.5 / 11.5.6 / 11.5.7 / 11.5.8 / 11.5.9 Stardard Edition support.
    Note: Ensure that you upgrade BigFix to Version 10 Patch 2 or higher, before upgrading DB2 11.5.0 to 11.5.4 / 11.5.5 / 11.5.6 / 11.5.7 / 11.5.8 / 11.5.9.
  • Microsoft SQL Server 2019 support.
  • Microsoft SQL Server 2017 and 2019 deployed in a docker container.
New RPM package required
Starting from Patch 2, the unixODBC RPM package is a prerequisite for the Server components on Linux systems (see Server requirements).
Upgraded libraries
The libcURL file transfer library level was upgraded to Version 7.73.0.
Patch 1
Discover and report cloud assets, now also from Google Cloud Platform

With this feature, you can discover and manage visibility of your cloud assets across different cloud providers by using the Plugin Portal and plugins technology. To install the BigFix client on your discovered cloud assets, use the WebUI or the BigFix Console.

For details, see Extending BigFix management capabilities.

Get more from audit logs

The audit log service now provides more details about logging in and out of the BigFix Server, and information on the IP addresses that the clients use to access the server.

For details, see Server audit logs.

Enhanced security of TLS connections with support for Forward Secrecy

You can now leverage on the ephemeral Diffie-Hellman (DHE) and ephemeral elliptic curve Diffie-Hellman (ECDHE) for key exchange to increase the level of security of your deployment.

For details, see Using the DHE/ECDHE key exchange method.

Mitigate network impact and bandwidth requirements with clients connected through VPN

You can now configure BigFix Client to take payloads directly from the internet based on a configurable list of sites. This helps you mitigate the network impact and bandwidth requirements associated with BigFix Relays that serve BigFix Clients connected through a VPN.

For details, see the configuration setting named _BESClient_Download_DirectRecovery described in List of settings and detailed descriptions.

Use Microsoft Office 365 as the email server for WebReports

In the earlier versions of BigFix Platform, Web Reports could only contact email servers by using the basic authentication over SMTP. In this release, you can schedule the sending of reports by using the Office 365 email server with OAuth 2.0 and credentials grant flow.

For details, see Setting Up Email.

Added support for BigFix Relay

Added support for BigFix Relay running on Ubuntu 20.04 LTS on Intel.

Added support for BigFix Agent
Added support for BigFix Agent running on:
  • Ubuntu 20.04 LTS on Intel.
  • Windows 10 Enterprise for Virtual Desktops.
    Note: For Windows 10 Enterprise for Virtual Desktops, the relevance expression "product info string of operating system" returns “Server RDSH”. This limitation is valid for Patch 1 only.
Other enhancements
  • Modified the installer to remove the setup of SQL Server 2016 SP1 - Evaluation from the options of the BigFix evaluation installation.

    For details, see Performing an evaluation installation.

  • Enhanced serviceability of PeerNest and BigFix Client debug log with more information and the possibility to rotate and set a maximum size.

    For details, see List of settings and detailed descriptions.

  • Improved Client Deploy Tool (CDT) wizard. Simplified the installation process for clients that are discovered by the cloud plugins.

    For details, see Installing the BigFix Agent on discovered resources.

  • Upgraded the following external libraries:
    • The libcURL file transfer library level was upgraded to Version 7.69.1.
    • The Codejock library was upgraded to Version 19.2.0.
    • The jQuery library was upgraded to Version 3.5.1.
Version 10
Multicloud support

BigFix 10 provides you with a single, comprehensive view of all your endpoints, regardless of whether they are in the cloud or on premise. This feature extends the BigFix capabilities to eliminate unmanaged cloud blind spots in your Amazon Web Services, Microsoft Azure, and VMware environments by using native cloud APIs to discover unmanaged servers across multiple cloud providers simultaneously. With this feature, you can also easily deploy the BigFix agent to provide deeper levels of visibility and control in order to bring your cloud devices into full management.

For details, see Extending BigFix management capabilities and Configuring cloud plugins.

Enhanced security with an option to deploy relays as authenticating

As a BigFix Administrator, you can now choose to install Relays as authenticating at the time of deployment. By using this option, you can streamline the best practice of securing and configuring the internet-facing relays, thereby safeguarding your environment and data against threats.

For details, see Authenticating relays.

Improved support for multiple Web Report servers for REST API calls

When you have multiple BigFix Web Reports servers in your environment, you can define a priority order in which you want specific queries sent to the REST API. This feature introduces more flexibility to the way you control your integrations, while avoiding potential impacts to your operational environment.

For details, see https://developer.bigfix.com/rest-api/api/webreports.html.

Enhanced logging for the BigFix agent

The BigFix agent logs now include additional endpoint identification information (including OS, hostname, and IP address) and relay selection data to help you improve serviceability and simplify troubleshooting.

Other enhancements
  • Improvements to the Take Action Dialog to avoid targeting ‘all computers’ by default.
  • Introduced MAC address as a reserved property.
  • Added support for:
    • BigFix Server on Windows Server 2019.
    • BigFix Relay on SUSE Linux Enterprise Server (SLES) Version 15 on AMD/Intel.
    • BigFix Relay on Red Hat Enterprise Linux Version 8 x86 64-bit on Intel.
    • BigFix Relay and Agent on Amazon Linux 2.
      Note: For Amazon Linux 2, both the relay and the client packages are the Red Hat Enterprise Linux 6 packages.
    • BigFix Agent on Oracle Enterprise Linux 8 on Intel.
    • BigFix Agent on Red Hat Enterprise Linux 8 PPC 64-bit LE on Power 8 and 9.
    • BigFix Agent on SUSE Linux Enterprise Server (SLES) Version 15 on s390x.
  • The OpenSSL toolkit level was upgraded to Version 1.0.2u.
OS and database support changes
BigFix 10 introduces some changes to the minimum supported versions of operating systems and databases for various BigFix components. Notable among these changes is that the BigFix 10 Server now requires:
  • Either Windows Server 2012 R2 or later + SQL Server 2012 or later.
  • Or Red Hat Enterprise Linux Version 7 + DB2 Version 11.5 GA.

For details, see Detailed system requirements.