Glossary
- Action Password
- See signing password.
- Action Scripting Language
- The language used for crafting action scripts. Action can be crafted in different scripting languages, including AppleScript and Unix shells.
- Ambiguous software
- A software is considered 'ambiguous' when it a) has an executable that looks like another executable, or b) when it exists in more than one place in the catalog (Microsoft Word as a standalone product or bundled with Microsoft Office).
- BigFix Enterprise Suite (BES)
- The previous name for IBM Endpoint Manager.
- Client
- Software installed on each networked computer to be managed under the IBM Endpoint Manager. The Client accesses a pool of Fixlet messages, checks the computer it is installed on for vulnerabilities, and sends the Server a message when such a condition occurs. Previously known as the BES Client, it is now known as the IBM Endpoint Manager Client, or simply Client.
- Console
- A management program that provides an overview of the status of all the computers with the Client installed in the network, identifying which might be vulnerable and offering corrective actions. Previously known as the BES Console, it is now known as the IBM Endpoint Manager Console, or simply Console.
- CO2 Emissions
- CO2 is one of the primary greenhouse gases and power generation is one of the largest sources of CO2 emissions. The amount of CO2 emitted per kWh generated varies significantly based on how the electricity is generated. For example, hydroelectric and nuclear power plants do not emit CO2, but coal-fired power plants emit significant CO2.
- Custom Site
- You can create your own custom content and host it in a custom site. This can only be done by a Master Operator that has been granted the rights to create custom content (use the Admin program to allocate these users).
- Data stream
- A string of information that serves as a source of package data.
- Definitive package
- A string of data that identifies the presence of software and serves as the primary method for identifying the presence of software on a computer.
- DSA
- Disaster Server Architecture. Multiple Servers are linked to provide full redundancy in case of failure.
- Fixlet message
- A mechanism for targeting and describing a problematic situation on a computer and providing an automatic fix for it.
- Fixlet servers
- Web servers offering Fixlet site subscriptions. They can be either internal to the enterprise network or external to the network (if direct external web access is allowed).
- Fixlet site
- A trusted source from which the Client obtains Fixlet messages.
- Generator Install folder
- The directory on the installation computer where the Generator places the installation files for the IBM Endpoint Manager system.
- IBM Endpoint Manager
- A preventive maintenance tool for enterprise environments that monitors computers across networks to find and correct vulnerabilities with a few simple mouse-clicks.
- IBM Endpoint Manager database
- A component of the system that stores data about individual computers and Fixlet messages. The IBM Endpoint Manager Server's interactions primarily affect this database, which runs on SQL Server.
- Installation Computer
- A secure computer (separate from the IBM Endpoint Manager Server computer) that hosts and runs the Installation Generator.
- Installation Generator
- An application that creates installers for the core IBM Endpoint Manager system components.
- Management Rights
- Ordinary Console Operators can be limited to a specified group of computers. These limits represent the management rights for that user. Only a Site Administrator or a Master Operator can assign management rights.
- Master Operator
- A Console Operator with administrative rights. A Master Operator can do almost everything a Site Administrator can do, with the exception of creating new operators.
- Masthead
- Files containing the parameters of the IBM Endpoint Manager process, including URLs that point to where trusted Fixlet content is available. The IBM Endpoint Manager Client brings content into the enterprise based on subscribed mastheads.
- Mirror server
- A server required in the IBM Endpoint Manager system if the enterprise does not allow direct web access but instead uses a proxy server that requires password-level authentication.
- Operator
- A person who operates the IBM Endpoint Manager Console. Ordinary operators can deploy Fixlet actions and edit certain computer settings. Master Operators have extra privileges, among them the ability to assign management rights to other operators.
- Package
- A secondary artifact collected from computers, which is an identification string pulled from the Windows registry.
- Package data
- A type of data used in the Software Catalog to help distinguish between two similar executables - includes 'regular' and 'definitive' packages.
- Power States
- System Power States define the overall power consumption of a
system. IBM Endpoint Manager Power Management tracks four main power
states - Active, Idle, Standby or Hibernation, and Power Off.
For detailed information about power states, see the related Knowledge Base Article from the IBM Endpoint
Manager support website. Note: On Mac systems, Power State Tracking is limited to Active and Power Off.
- Price per kWh
- This is the amount you pay for electricity. One kWh is equal to 1,000 watts used for one hour. As a reference point, a standard desktop and monitor runs for approximately six hours on one kWh of electricity. A typical cost for a kWh is $0.10 in many regions of North America. However, electricity costs vary significantly depending on region and power provider, and different computer models vary power usage.
- Relay
- This is a Client that is running special server software. Relays spare your server and the network by minimizing direct server-client downloads and by compressing upstream data. Relays are automatically discovered by Clients, which dynamically choose the best Relay to connect to. Previously known as the BES Relay, it is now known as the IBM Endpoint Manager Relay, or simply Relay.
- Relevance Language
- The language in which relevance clauses are written.
- Root Server
- Refers to the HTTP or HTTPS services offered by the main Server as an alternative to IIS. The IBM Endpoint Manager Root Server is specially tuned to Fixlet traffic and is more efficient than IIS for this application. Previously known as the BES Root Server, it is now known as the IBM Endpoint Manager Root Server, or simply Root Server.
- SCAP Check
- A specific configuration check within a SCAP checklist. Checks are written in XCCDF and are required to include SCAP enumerations and mappings per the SCAP template.
- SCAP Checklists
- SCAP checklists are configuration checklists written in a machine readable language (XCCDF). SCAP checklists, also referred to as 'checklists' or 'baselines' have been submitted to and accepted by the NIST National Checklist Program. They also conform to a SCAP template to ensure compatibility with SCAP products and services. The SCAP template discusses requirements for including SCAP enumerations and mappings within the checklist.
- SCAP Content
- Consists of security checklist data represented in automated XML formats, vulnerability and product name related enumerations, and mappings between the enumerations.
- SCAP Enumerations
- Include a list of all known security related software flaws (CVE), a list of known software configuration issues (CCE), and a list of standard vendor and product names (CPE).
- SCAP Mappings
- Interrelate the enumerations and provide standards-based impact measurements for software flaws and configuration issues. Thus, for any given software flaw (CVE), one can determine the affected standard product names (CPE). For any given standard product name (CPE), one can determine the configuration issues that affect that product (CCE). For any given software flaw (CVE) or configuration issue (CCE), one can determine the standard impact score (CVSS).
- SCAP Reports
- SCAP reports are required to include SCAP enumerations and mappings per the SCAP template.
- SCAP Test Procedures
- SCAP checklists reference 'SCAP test procedures' for machine readable information on performing low level checks of machine state (OVAL). SCAP test procedures are used in conjunction with SCAP checklists.
- Server
- A collection of interacting applications (web server, CGI-BIN, and database server) that coordinates the relay of information to and from individual computers in the IBM Endpoint Manager system. The server processes may be hosted by a single server computer or segmented to run on separate server computers or replicated on redundant servers. Previously known as the BES Server, it is now known as the IBM Endpoint Manager Server, or simply Server.
- Signing password
- The password (specified when the IBM Endpoint Manager system was installed) used by a Console operator to sign an action for deployment. It is called the action password in the Console interface.
- Site Administrator
- The person in charge of installing IBM Endpoint Manager, authorizing and creating new Console operators.
- SQL server
- A full-scale database engine from Microsoft that can be acquired and installed into the IBM Endpoint Manager system to satisfy more than the basic reporting and data storage needs. A step up from SQLite
- Standard deployment
- A deployment of the IBM Endpoint Manager that applies to workgroups and to enterprises with a single administrative domain. It is intended for a setting in which all Client computers have direct access to a single internal server.
- System install folder
- The directory on the IBM Endpoint Manager Server where the Server software and related files (including Console and Client installers) will be installed.
- VPN
- Virtual Private Network. An encrypted channel (or tunnel) that allows companies to extend their local-area networks across the world by using an inexpensive Internet connection.
- Wake-from-Standby
- Windows and other operating systems allow applications to wake a computer from standby at pre-defined times. Using Wake-from-Standby, a computer wakes itself without the need for Wake-on-LAN.
- Wake-on-LAN
- Wake-on-LAN (WoL) is a standard mechanism for waking computers by sending them a specific network packet (known as the magic packet). Wake-on-LAN is difficult in many network environments because of network restrictions regarding broadcasts from other subnets. IBM Endpoint Manager Power Management handles these complexities by sending WoL packets from nearby agents in the same subnet.
- WAN
- Wide-area network. Many offices are connected by WAN. The bandwidth of your WAN determines the placement of Relays in your deployment, with thin WANs requiring more relays to aggregate downloads and reduce overhead.