BigFix 11 Inventory Documentation
Welcome to the BigFix Inventory documentation, where you can find information about how to install and configure BigFix Inventory. The application provides you with information about your inventory and license metrics. You can manage your software assets, gather information about your hardware, and ensure license compliance for your enterprise using BigFix Inventory.
Overview
Become familiar with key concepts that are necessary to understand how BigFix Inventory works and learn about features and functions that are introduced in every version of the application.
What's new in this release
BigFix Inventory provides new features and enhancements that facilitate your work with the application. For more information, follow BigFix Forum - Inventory (Release Announcements).
<discontinued> Updates and patches for BigFix Inventory up to version 10.0.13.1
This page provides information about application updates released for BigFix Inventory.
Keeping BigFix Inventory up-to-date
BigFix Inventory updates and content packs are released periodically. Ensure that you upgrade the BigFix Inventory server with each release to take advantage of the new features and apply the application patches.
Features and functions
BigFix Inventory provides useful features for managing physical and virtualized environments. It discovers the software that is installed in your infrastructure, helps you to analyze the consumption data, and allows you to generate reports.
Preview features
BigFix Inventory provides a set of preview features that give you a chance to take a sneak peek at what we are currently developing and researching. Whether it is a small function or an extended report, you can check how it works and tell us about your ideas. The previews can change with each release, which means that you can still influence their final form.
Limitations
Review the list of BigFix Inventory limitations. For information on IBM limitations, refer to IBM limitations.
Key concepts
There are several concepts that will help you to understand how BigFix Inventory works and how to use it effectively.
Scenarios
To understand the business goals that you can achieve with BigFix Inventory, familiarize yourself with the main user scenarios. Each scenario presents a real-life example of using the application and lists personas who are typically involved in achieving a business goal.
Installing
Learn about the requirements and available installation scenarios to ensure that the deployment of BigFix Inventory goes smoothly in your environment.
Planning the installation
Before you start the installation, review information about hardware and software requirements and other considerations to ensure that the installation completes successfully.
Detailed System requirements
The tables in this section provide detailed information about the system requirements for BigFix Inventory 10.
Software requirements
Ensure that all prerequisite software is installed on the computers in your infrastructure.
Hardware requirements
Before deploying BigFix Inventory review hardware specifications required to serve your environment.
Port requirements
When planning the infrastructure, ensure that port numbers used by BigFix Inventory, BigFix, and the database are free to enable communication between those components.
Firewall exceptions
Some of the fixlets require that the BigFix server connects to the Internet and downloads necessary files and updates. To ensure that they can be downloaded, relevant web addresses must be accessible from the computer where the server is installed. Add those addresses as firewall exceptions and ensure that they are accessible to the proxy server if you are using it.
Proxy exceptions
If the BigFix server uses a proxy for Internet connection to access fixlet sites or prefetch downloads, the BigFix Inventory server must be added to an exception list to ensure that the catalog propagation works properly.
Installation accounts
You can install all the infrastructure components as an administrative user. You can also install some components as a non-administrative user, but some limitations apply.
Coexistence scenarios
This topic describes supported scenarios for the coexistence of BigFix Inventory and License Metric Tool. tm 1402305288 1
Installing on Windows
A complete deployment of BigFix Inventory on Windows requires the installation of three components: the BigFix platform, the BigFix Inventory server, and an MS SQL database. Additionally, a BigFix client must be installed on every computer from which you want to collect software inventory data. You can install all components from scratch or add the BigFix Inventory server to the existing BigFix infrastructure. Depending on the environment size, you can install all components on a single computer, or distribute them among multiple computers.
Installing on Linux
A complete deployment of BigFix Inventory on Linux requires the installation of three components: the BigFix platform, the BigFix Inventory server, and DB2 database. Additionally, a BigFix client must be installed on every computer from which you want to collect software inventory data. Depending on the environment size, you can install all components on a single computer, or distribute them among multiple computers.
Configuring secure communication
To ensure secure communication, BigFix Inventory uses public key cryptography, which is based on algorithms that use two separate keys, a private key and a public key. This key pair is used to encrypt and decrypt communication
Installation-related tasks
If you encounter problems during the installation, you can check details related to the problem, fix it, and then resume the installation. If the BigFix and BigFix Inventory servers are in separated networks, you can disable the automatic address lookup to avoid problems with initial configuration. Learn how to check the current application and catalog version to make sure that your installation and initial configuration were successful.
Configuring
After you install BigFix Inventory, configure the application. Create accounts for the users who need access to the application and set up scans to collect software and hardware inventory data from your environment.
Creating users and groups
Each user who has access to BigFix Inventory must be assigned a role and a computer group. The role defines which reports and panels the user can view. The computer group narrows down the scope of these reports and panels to computers that meet certain criteria.
Setting up scans to discover software and hardware inventory
The scanner is an independent, well-defined component that is used by BigFix Inventory. It is installed and managed through the BigFix client, and it enables the software and capacity scans. Software and capacity scans collect data that is later on displayed on the BigFix Inventory reports. For environments with up to a few thousand computers, you can enable the default scan configuration. In this case, the analyses are activated and software and capacity scans as well as uploads of their results are scheduled automatically on the computers that are subscribed to the BigFix Inventory site. For larger environments, it is advisable to divide the computers into groups and manually configure a separate scan schedule for each group to avoid performance issues.
Performing optional configuration
You can perform optional configuration tasks to further customize the application.
Upgrading
A new version of BigFix Inventory is released periodically, typically at the end of each calendar quarter. Upgrade to the new version regularly to take full advantage of new features and application fixes.
Upgrading BigFix Inventory
BigFix Inventory is currently offered in single maintenance stream. Upgrading to the entire environment includes upgrading the BigFix Inventory server, VM Manager tool, the scanner, and the database. For best results, update the server regularly to benefit from new capabilities and defect fixes. Once you finish the upgrade, you must restart all ongoing actions to enable the fixlets.
Catalog Overview
This section provides information about catalog updates available with every release.
What's new in this Catalog release
BigFix Inventory provides new features and enhancements that facilitate your work with the application. For more information, follow BigFix Forum - Inventory (Release Announcements).
Catalog End-of-Support data schedule
Learn about the catalog end-of-support data schedule about the publishers.
Software Data Harvesting
We are introducing a BigFix Inventory Catalog Enhancement program. The purpose of this program is to provide BigFix Inventory clients with better discovery capabilities adjusted to software installed on their Windows endpoints.
Managing the infrastructure
After you complete the initial configuration of BigFix Inventory, learn how to manage components of its infrastructure: VM managers, server, database, and data sources.
Computer statuses
Computer statuses provide information about the condition of the computers that are monitored by BigFix Inventory. To properly discover the installed software and measure its license metric utilization, ensure that computers in your environment work correctly.
Managing VM managers
VM managers are pieces of software that create, manage, and monitor virtual machines. You configure connections to VM managers so that BigFix Inventory can gather data that is required to calculate utilization of license metrics in virtual environments.
Administering the server
Perform administering tasks on your server to configure advanced settings, or restart its services.
Administering the database
Perform administering tasks on your database to keep it in good condition, protect your data, or configure additional settings.
Removing inactive computers
When you decommission a computer in your infrastructure, it continues to report to BigFix Inventory. The data is still collected from this computer, and displayed on the metric reports. To ensure that all infrastructure changes are reflected in BigFix Inventory, you should remove each decommissioned computer from BigFix. If you cannot remove this computer from BigFix for a valid reason, you can use an alternative solution, and decommission the computer in BigFix Inventory.
Managing data sources
Computers in an organization can be divided into organizational units, and can be monitored by multiple BigFix infrastructures. Each infrastructure is referred to as a data source. Data from multiple data sources can be imported to one instance of BigFix Inventory.
Software inventory and license utilization
You can classify the discovered software so that reports in BigFix Inventory reflect your entitlements and properly show utilization of license metrics by particular products.
Collecting Oracle Measurements Data
Starting from version 10.0.15, BigFix Inventory extends its capability to collect Oracle Java SE measurements data. Since version 10.0.16, BigFix Inventory also collects Oracle Database options and measurements data.
Vendor-specific predefined reports available in dashboard Inventory Reports
Vendor-specific predefined reports available in dashboard Inventory Reports provide software discovery and licensing information for specific software vendors of BigFix Inventory customers. These reports help Software Asset Managers manage software for their vendors and prepare for contract negotiations and license audits. To view the reports, click on a vendor in the vendor-specific dashboard.
Reported license metrics
BigFix Inventory reports utilization for a number of license metrics for IBM and non-IBM products. It also shows products that are assigned any BigFix metric even if calculating utilization is not yet supported for this metric. It gives you an overview of all IBM metrics for which you should have licenses.
Software classification
After new components are discovered, they are assigned to products based on bundling rules. If the initial assignment does not reflect your entitlements, work with the software inventory until it matches the entitlements. To make metric calculation accurate, assign each component to a product, exclude, or suppress the instances that should not be included in the calculation, and confirm your actions. After you confirm the actions, the classification is complete, and the metric calculation is accurate.
Server Software Catalog
To correctly identify components of software products in your infrastructure, ensure that your server software catalog is always up-to-date. Periodically import a new server software catalog that contains the most recent software products. Also, manually add products that are installed in your infrastructure but do not have corresponding entries in the catalog.
Reports
Reports provide detailed information about the computers in your infrastructure and the software items that are installed on these computers. By viewing the reports regularly, you can check whether actual installations reflect the software inventory information and ensure that the capacity values are assigned to products correctly. You can decide what type of information you want to display by choosing the appropriate type of report. You can also customize the type and amount of information that is displayed in a report and save the report settings to reuse them.
Enterprise applications inventory
Software components are discovered during software scans. The scans correlate data that is collected from the computers with the content of the software catalog, and thus determine whether a component is installed. However, software scans do not discover details of some enterprise applications, for example licensable options of Oracle Database or editions of Microsoft Exchange. The details are discovered by dedicated fixlets. If you are interested in discovering additional details of enterprise applications, run the dedicated fixlets apart from scheduling software scans. Otherwise, running the fixlets is not required.
License metrics
BigFix Inventory provides two types of information about license metrics utilization: aggregated utilization and raw utilization. The former shows utilization of the assigned license metric by all instances of a particular product within the reporting period. However, it is limited to a subset of license metrics. The latter shows data that is collected from .slmtag files. It shows raw utilization of all license metrics that can be used by a particular product. The data is not aggregated and requires further processing.
Contracts management
The contracts management group shows all contract-related reports in one place. This allows you to easily manage all your contracts.
Software discovery in containers
BigFix Inventory supports discovery of software in container images through standard discovery methods that includes catalog signatures, template signatures, installation registry and ISO SWID tags to cover traditional model of software deployment.
Managing security threats
Learn how to use BigFix Inventory to manage security threats in your environment. You can view whether any of the installed components is prone to any Common Vulnerability and Exposure (CVE).
Collecting file checksums
Available from 9.2.3. Checksums are long strings that describe the content of files and act as their fingerprints. You can enable the calculation of checksums for files on your computers to check their integrity and to ensure that they were not altered or tampered with.
Preview: Checking Common Vulnerabilities and Exposures (CVEs)
Available from 9.2.12. The software catalog contains information about Common Vulnerabilities and Exposures (CVEs). Browse the software catalog to check for any potential threats. Checking CVE in BigFix Inventory is a preview feature.
Tutorials
Tutorials help you understand how to use BigFix Inventory. They consist of modules that focus on broad goals. Modules consist of tasks that show how to configure specific settings step-by-step.
Tutorial: Reporting subcapacity usage per computer group
Available from 9.2.2. In this tutorial, you will learn how to create computer groups that allow for managing software and generating audit snapshots for a subset of computers. You can use such groups to report PVU consumption for BigFix software installed in multiple BigFix subcapacity regions or to manage software per organizational business unit.
Tutorial: Managing software in the service provider environment
Available from 9.2.2. In this tutorial, you will learn how to create computer groups that allow a service provider to manage software and generate audit snapshots per customer.
Tutorial: Migrating software assignments between two BigFix Inventory servers
Available from 9.2.14This tutorial teaches you how to migrate the software assignments when you setting up new BigFix deployment including fresh BigFix Platform and BigFix Inventory setup.
Security
Configure different security features to adequately protect business assets and resources in the data model when using BigFix Inventory.
Flow of data
There are several different interactions that occur between the components of the BigFix Inventory infrastructure and between the user and tool.
Security configuration scenarios
Check what security options need to be enabled on the BigFix server and the BigFix Inventory server to achieve each of the supported security scenarios.
Configuring database connection encryption
You can encrypt the connection between BigFix Inventory server and the BigFix Inventory database. Encryption is established between BigFix Inventory server and the database engine using a JDBC driver. You can encrypt the connection while upgrading the server.
Configuring secure communication
To ensure secure communication, BigFix Inventory uses public key cryptography, which is based on algorithms that use two separate keys, a private key and a public key. This key pair is used to encrypt and decrypt communication
Assuring compliance with federal encryption standards
You can configure BigFix Inventory to be compliant with the Federal Information Processing Standard requirements that are related to encryption.
Authenticating users with LDAP
BigFix Inventory supports authentication through a Lightweight Directory Access Protocol (LDAP) server. To use this feature, you must configure the BigFix Inventory server.
Configuring and enabling single sign-on (SSO)
Available from 9.2.1. You can now use the two-factor authentication and use SSO to log on to BigFix Inventory and maintain login consistency with other applications in the enterprise. You can configure BigFix Inventory to use two-factor authentication with single sign-on based either on the exchange of Security Assertion Markup Language (SAML 2.0) token and Microsoft™ Active Directory Federation Services as Identity Provider or you can use the IBM Lightweight Third-Party Authentication (LTPA) technology and IBM Security Access Manager for Web as the authentication service.
Configuring passwords and encryption mechanisms
To improve the application security, define a security policy for user passwords. You can also configure passwords and encryption mechanisms for the keystore in which the passwords are stored, and the BigFix Inventory database.
Configuring user account lockout
Available from 9.2.8. By default, user account is locked for 5 minutes after the user attempts to log in to BigFix Inventory more than 10 times within 5 minutes. You can change the default settings or disable the user account lockout.
Configuring VM Manager tool to accept trusted VM manager certificates
By default, the VM Manager tool accepts all VM manager certificates regardless of whether they are trusted or not. You can change the default behavior to ensure that only trusted certificates are accepted by the VM Manager tool.
Relays
Relays lighten both upstream and downstream burdens on the server. Rather than communicating directly with a server, clients can instead be instructed to communicate with designated relays, considerably reducing both server load and client and server network traffic.
Troubleshooting and support
Learn about solutions to common problems that might arise when you use BigFix Inventory BigFix Inventory and how to find logs and trace files that help you troubleshoot those problems.
Troubleshooting a problem
Troubleshooting is a systematic approach to solving a problem. The goal of troubleshooting is to determine why something does not work as expected and explain how to resolve the problem.
Duplicate UUIDs problem
BigFix Inventory requires unique virtual machine UUID (Universally Unique Identifier) numbers to calculate the capacity for all virtual machines and to detect virtualization hierarchy. If there are computers with duplicated UUIDs, a message is displayed in the To Do list. The import log also shows a warning about duplicate UUIDs.
Interrupting software scan
BigFix Inventory scans run in the background. Fixlets, such as Initiate Software Scan and Initiate Software Scan on Shared Disks trigger the scan to run in the background.
Troubleshooting software discovery
Problems with software discovery usually fall into one of three categories. The most common category is when the software is discovered but the components are assigned to an incorrect product. In this case, it is enough to reassign the component. The remaining categories include false-positive discovery, or no discovery due to the lack of the signature on the computer.
Tuning performance
Learn how to plan the infrastructure of BigFix Inventory and to configure the application server to achieve optimal performance. The following guidelines are applicable in big data environments as well as in smaller environments that are running on low-performance hardware.
Setting up scans and import
Learn how to improve the scanning and importing activities to optimize the performance in your infrastructure.
Additional tasks for improving performance
Learn about additional tasks that you might want to perform to improve the performance in your infrastructure.
Tuning performance in medium and large environments
You can learn the possible causes of the most common performance issues in medium and large environments. Follow the tips and the known solutions to these issues to keep the system in good shape and avoid performance problems.
REST API considerations
You can use BigFix Inventory REST API to retrieve large amounts of data that is related to computer systems, software instances, and license usage in your environment. Such information can then be passed to other applications for further processing and analysis.
Integrating with REST API
External systems integration is one of the key features of BigFix Inventory. Business logic is enabled for integration and interfaces are provided for common integration points.
REST API
Managing large amounts of information by using the application user interface can be time-consuming. You can use the REST APIs as an alternative to the graphical user interface to reduce the time that is needed to manage your software inventory and the content of your software catalog.