System requirements

Learn more about the prerequisites and system requirements for the BigFix IVR v.4 Retriever service.

Software requirements

The following table lists the supported operating systems, platforms, and software prerequisites for the BigFix IVR components.

Category Details
BigFix component requirements
  • BigFix WebUI IVR App (v15) (minimum)
Prerequisites
  • MSSQL 2019 or MSSQL 2022
Operating system
  • Microsoft Windows 2016
  • Microsoft Windows 2019 
  • Microsoft Windows 2022
  • Microsoft Windows 2025
Supported BigFix versions
  • Windows-based BigFix Server, v10 or higher version
    Note:
    The BigFix IVR Retriever service does not currently support non-Windows-based BigFix Server environments.
BigFix License Requirements

  • BigFix Remediate

  • BigFix Lifecycle

  • BigFix Compliance

  • BigFix Workspace / Workspace

  • BigFix Enterprise / Enterprise+
Supported vulnerability management platforms Tenable
  • Tenable Vulnerability Management (formerly known as Tenable.IO)
    Note:
    It is required to use the administrator user role within Tenable to enable the generation of API keys that are used by IVR to maintain the interface with Tenable.
  • Tenable Security Center (formerly known as Tenable.sc)
  • Tenable assets that will be correlated with their BigFix computer id must be applicable for any of these Tenable Plugin ids:

    55817 - HCL BigFix Client Installed (Windows)

    159575 - HCL BigFix Client Installed (Linux)

    159628 - HCL BigFix Client Installed (macOS)

Qualys

  • Qualys Vulnerability Management
    Note:
    Used as the automation engine for Qualys data ingestion. Users typically use either Tenable or Qualys, not both.
Network requirements

BES IVR Retriever Service:

  • Inbound on port 9011 by default

  • Inbound on port 8099 during the setup process

  • Listens internally on localhost for these ports 9012, 9013, 9014, 9015, and 9016

  • NiFi Service (Required for Qualys only):
    Note:
    Inbound on ports 8443 and 10443 by default.

  • Connectivity to Tenable Vulnerability Management or Qualys VMDR API Server URL (outbound via port 443 by default)

  • Connectivity to SQL database (outbound via port 1433 by default)

  • BigFix Server (outbound via port 52311 by default)

  • BigFix WebUI Server (outbound via port 443 by default)

    Note:
    Note: All network ports are TCP and can differ from the default implementation.
System limitations
  • Only one type of source of vulnerability data for ingestion is supported

Hardware requirements

The hardware requirements for the IVR components depend on the deployment method chosen for your environment. You must ensure that the target machine meets the specific resource needs of the component being installed.

The following table lists the recommended hardware resources for the IVR components:

Hardware IVR Retriever (Tenable) IVR Retriever (Qualys)
CPU Minimum 2 cores (recommended 4 cores) Minimum 4 cores (Recommended)
RAM In addition to the host OS requirements:
  • 2GB per 20K endpoints
 Minimum 32 GB total system RAM (Recommended)
Note:
16 GB must be allocated specifically to the NiFi service heap
Disk Space With default settings, expect this sizing:
  • 4GB per 20K endpoints
 50 GB (Recommended)
  • Required for log retention and flow file storage
Execution Time The overall run time of data synchronization and processing depends on:
  • CPU Speed
  • Number of findings
  • Number of assets
  • Number of patch sites loaded within the BFE environment
  • API latency
  • Conflicting workloads on the IVR machine
 Depends on:
  • Data ingestion volume (e.g., Qualys payload size)
  • Complexity of automation workflows
  • Network latency between NiFi and the Qualys Cloud Platform
Note:
NiFi and IVR components can be installed on the same endpoint (Standalone mode). However, the host machine must meet the cumulative resource requirements for both services.