Welcome
Installing
Learn about the requirements and available installation scenarios to ensure that the deployment of BigFix Inventory goes smoothly in your environment.
Configuring secure communication
To ensure secure communication, BigFix Inventory uses public key cryptography, which is based on algorithms that use two separate keys, a private key and a public key. This key pair is used to encrypt and decrypt communication
Configuring Cipher suites
This topic describes how to manually select Cipher Suites that should be accepted by BigFix Inventory server.

BigFix Documentation Homepage
BigFix 11 Inventory Documentation
Welcome to the BigFix Inventory documentation, where you can find information about how to install and configure BigFix Inventory. The application provides you with information about your inventory and license metrics. You can manage your software assets, gather information about your hardware, and ensure license compliance for your enterprise using BigFix Inventory.
BigFix Platform
Overview
Become familiar with key concepts that are necessary to understand how BigFix Inventory works and learn about features and functions that are introduced in every version of the application.
Installing
Learn about the requirements and available installation scenarios to ensure that the deployment of BigFix Inventory goes smoothly in your environment.
- Planning the installation
  Before you start the installation, review information about hardware and software requirements and other considerations to ensure that the installation completes successfully.
- Detailed System requirements
  The tables in this section provide detailed information about the system requirements for BigFix Inventory 10.
- Software requirements
  Ensure that all prerequisite software is installed on the computers in your infrastructure.
- Hardware requirements
  Before deploying BigFix Inventory review hardware specifications required to serve your environment.
- Port requirements
  When planning the infrastructure, ensure that port numbers used by BigFix Inventory, BigFix, and the database are free to enable communication between those components.
- Firewall exceptions
  Some of the fixlets require that the BigFix server connects to the Internet and downloads necessary files and updates. To ensure that they can be downloaded, relevant web addresses must be accessible from the computer where the server is installed. Add those addresses as firewall exceptions and ensure that they are accessible to the proxy server if you are using it.
- Proxy exceptions
  If the BigFix server uses a proxy for Internet connection to access fixlet sites or prefetch downloads, the BigFix Inventory server must be added to an exception list to ensure that the catalog propagation works properly.
- Installation accounts
  You can install all the infrastructure components as an administrative user. You can also install some components as a non-administrative user, but some limitations apply.
- Coexistence scenarios
  This topic describes supported scenarios for the coexistence of BigFix Inventory and License Metric Tool. tm 1402305288 1
- Installing on Windows
  A complete deployment of BigFix Inventory on Windows requires the installation of three components: the BigFix platform, the BigFix Inventory server, and an MS SQL database. Additionally, a BigFix client must be installed on every computer from which you want to collect software inventory data. You can install all components from scratch or add the BigFix Inventory server to the existing BigFix infrastructure. Depending on the environment size, you can install all components on a single computer, or distribute them among multiple computers.
- Installing on Linux
  A complete deployment of BigFix Inventory on Linux requires the installation of three components: the BigFix platform, the BigFix Inventory server, and DB2 database. Additionally, a BigFix client must be installed on every computer from which you want to collect software inventory data. Depending on the environment size, you can install all components on a single computer, or distribute them among multiple computers.
- Configuring secure communication
  To ensure secure communication, BigFix Inventory uses public key cryptography, which is based on algorithms that use two separate keys, a private key and a public key. This key pair is used to encrypt and decrypt communication
  - Step 1: Creating private keys and certificates
    To improve security, create your own private key and a certificate instead of using the self-signed ones that are available in BigFix Inventory by default. You can use openSSL to create a private key and a certificate signing request (CSR) that can be transformed into a certificate after it is signed by a certificate authority (CA).
  - Step 2: Signing certificates
    Your certificate signing request (CSR) must be signed by a certificate authority (CA) to be transformed into a certificate that can be uploaded to BigFix Inventory. You can use the openSSL cryptographic library to create a private CA and sign your request.
  - Step 3: Enabling secure communication
    You can enable encrypted communication (HTTPS) to ensure secure communication between your server and all users that access it. You can base your communication on self-signed certificates that are provided by default in BigFix Inventory, but these certificates are not intended for production environments. To improve security, create your own private key and certificate, and upload them to BigFix Inventory.
  - Configuring Cipher suites
    This topic describes how to manually select Cipher Suites that should be accepted by BigFix Inventory server.
  - Structuring and formatting of private keys and certificates
  - Regenerating self-signed certificates
    BigFix Inventory allows you to regenerate self-signed certificate by setting the Common Name using BigFix Inventory server.
- Installation-related tasks
  If you encounter problems during the installation, you can check details related to the problem, fix it, and then resume the installation. If the BigFix and BigFix Inventory servers are in separated networks, you can disable the automatic address lookup to avoid problems with initial configuration. Learn how to check the current application and catalog version to make sure that your installation and initial configuration were successful.
Configuring
After you install BigFix Inventory, configure the application. Create accounts for the users who need access to the application and set up scans to collect software and hardware inventory data from your environment.
Upgrading
A new version of BigFix Inventory is released periodically, typically at the end of each calendar quarter. Upgrade to the new version regularly to take full advantage of new features and application fixes.
Catalog Overview
This section provides information about catalog updates available with every release.
Managing the infrastructure
After you complete the initial configuration of BigFix Inventory, learn how to manage components of its infrastructure: VM managers, server, database, and data sources.
Software inventory and license utilization
You can classify the discovered software so that reports in BigFix Inventory reflect your entitlements and properly show utilization of license metrics by particular products.
Managing security threats
Learn how to use BigFix Inventory to manage security threats in your environment. You can view whether any of the installed components is prone to any Common Vulnerability and Exposure (CVE).
Tutorials
Tutorials help you understand how to use BigFix Inventory. They consist of modules that focus on broad goals. Modules consist of tasks that show how to configure specific settings step-by-step.
Security
Configure different security features to adequately protect business assets and resources in the data model when using BigFix Inventory.
Troubleshooting and support
Learn about solutions to common problems that might arise when you use BigFix Inventory BigFix Inventory and how to find logs and trace files that help you troubleshoot those problems.
Tuning performance
Learn how to plan the infrastructure of BigFix Inventory and to configure the application server to achieve optimal performance. The following guidelines are applicable in big data environments as well as in smaller environments that are running on low-performance hardware.
Integrating with REST API
External systems integration is one of the key features of BigFix Inventory. Business logic is enabled for integration and interfaces are provided for common integration points.
Glossary
Guide in PDF format
DataFlow ServiceNow Integration

Configuring Cipher suites

This topic describes how to manually select Cipher Suites that should be accepted by BigFix Inventory server.

About this task

The list of vulnerable Cipher Suites is updated regularly. Accepted cipher suites are updated with new Java service packs so that vulnerable ciphers are not included. You can manually select the ciphers that should be enabled to address security risks before it is addressed by Java service pack or to comply with the security policy.

Below is the recommendation based on internal security scans.

To select the list of accepted cipher suites, modify the installation_directory/wlp/usr/servers/server1/customization.xml file, to make the file contents look like below:

<server>
<ssl id="defaultSSLConfig" enabledCiphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"/>
</server>

Restart BigFix Inventory application after you make the changes.