BigFix Reviews

It matches with the ILMT tool. We're trying to validate the licensing for IBM software. 

We're using the permanent discovery tool for septic for hardware and software too. For IBM, we have to use that due to the reporting of sub-capacity licenses.

It's mostly easy to use.

The sub-capacity licensing is the most valuable aspect of the product right now for us. 

It's good for reporting hardware and software. 

The solution is stable.

Technical support is helpful.

It scales well.

It's got some complexity when we're trying to figure out the IBM setup for software.

The sub-capacity licensing was a challenge for some of it. We had trouble getting it to calculate right.

It's better for hardware discovery. We get to increase its capabilities for hardware discovery. They need to enhance their sub-capacity capabilities, so we can use it easier for sub-capacity so that it is less of an art form and more of a science.

We'd like agents to be able to collect usage.

I've used the solution on and off for about eight years or so. I've used it for quite a while now. 

It is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze.

The solution has scaled well for what we are doing. 

Technical support has been very good. Sometimes they can't do things if it is not a function of the system; however, if the function of the system is possible, they help us and make it work. We are satisfied with the level of support we get. 

The initial setup was not overly complex. The complexity was the handling of configurations. 

The pricing was good. We had government pricing going into the project and it was pretty fair. 

I am using the latest version of the solution. I am not sure of the exact version number. I help different companies. Some are on the latest, and some aren't.

I'd advise people to understand what data they need and that the solution can actually pull that data in the right format for them.

I'd rate the solution eight out of ten. 

We use BigFix for deploying applications for updating, setting up configurations, making modifications, or customizing Windows. For example, what are the applications that need to run, and what configure is needed.

The most valuable point is when you deploy an application, you have to make sure that the application has been deployed to all computers and that is working perfectly. This solution works well at deployments. 

Other solutions can have failures, such as ManageEngine, and you have to deploy the application again. In BigFix, once the computer has communicated with the BigFix server, the agent workstation, you can be sure that the application will be deployed and delivered properly.

Sometimes the workstations communicate back to the BigFix server two or three days in a week or something similar. Sometimes there can be a delay reporting back to the server for a variety of reasons, such as users turning their computer off when they go home. When the user comes back and turns the computer back on BigFix needs to synchronize and sometimes it can take some time, approximately one week. The communication between the agent and the server should be faster, there is room for improvement in this area.

I have been using BigFix for approximately two years.

BigFix is reliable and stable, it is perfect.

Performance-wise is the best. When you have to do deployments you are sure that all the workstations will receive it, even though that there is sometimes a delay in reporting back to the server. The only time the deployment would not work is if the computer is decommissioned or not available.

BigFix is simple to scale, we are using the solution regularly. We use it every other week whenever we have meetings, we rely on it.

We have approximately 10 technicians and 3,000 users who receive a patch or use the solution in some way.

We have not had any big issues that would need the support. However, we did have some minor issues and the support was good and responsive.

I have used ManageEngine previously.

In my usage, I have found BigFix is more professional than ManageEngine. The reason that I'm saying this is when you deploy an application, you are sure and you are guaranteed that all workstations will receive it. However, for the ManageEngine, for some reason, you will find it may fail for 13 workstations. You might have to redeploy again, otherwise, you have to do it manually.

One of the positives of ManageEngine is it can be easy for users to deploy an application compared to BigFix.

The deployment process of BigFix was straightforward. You need to have a small number of programming skills or scripting skills to complete it. If you have skills, it is very easy to deploy. For somebody who's experienced, and has knowledge of some programming or scripting skills, it's very easy.

There were approximately three people, the vendors, and our technical teams that did the implementation.

BigFix requires specific maintenance, whenever there is a new release we manage it.

You are charged per server and per workstation when using BigFix. ManageEngine is a lot cheaper than BigFix. There are some additional costs, such as support.

I recommend BigFix as long as they have the budget. If they don't have that much money, they can use ManageEngine, which is satisfying for small and medium companies. For example, companies that have 250 computers. I have used ManageEngine at companies that had multiple locations. You can use some ManageEngine on one central location and then deploy it to all your branch offices.

I rate BigFix a nine out of ten.

Our customers mainly use BigFix for inventory, compliance, patch management, and software deployment. We also use it with the IBM License Metrics Tool. Our customers are mostly in the telecom and financial sectors.

The solution has many useful features. Its main advantage is simplicity - you can do everything from one console, regardless of the task. It supports many operating systems and is scalable to up to 250,000 clients.

The solution is great for automation. It uses relevant language, and each client can send requests for information about files or other data. Based on the results, you can set up analyzers and actions. For example, in patch management, you can automatically deploy patches to clients that don't have the newest version.

For improvements, it would be good if BigFix supported more databases. Currently, it only supports DB2 and Microsoft SQL. Adding support for other databases like Oracle would be beneficial.

I have been working with the product for 15 years. 

The tool is stable. I rate it a ten out of ten. 

With BigFix, I've had customers manage from just one client to 80,000. I rate its scalability a nine out of ten. 

The support from HCL is very helpful.

Positive

You need to consider network and firewall settings during deployment. But once you know what to do, it's quite simple - click through. I'd rate the setup process seven out of ten for ease.

The deployment process for BigFix, whether cloud or on-premises, takes about 3-4 hours. To deploy it, you first install the database and need a license file from HCL. The download is free and open to everyone. There's an installation generator for Windows, and you just run the download and set up.

I haven't faced challenges with BigFix, probably due to my 15 years of experience. I can usually handle any issues during installation or upgrades.

For those considering using the tool, I recommend having someone who can support you at the beginning of the implementation and installation. It's a quick learning process, but it's very important to understand how BigFix works at the start. Once you get that, you'll see it's quite good.

I rate the overall product an eight out of ten. 

Our primary use of this solution is for the server side patching and compliance remediation. We use it for all of Windows server patching, remediation, vulnerability scanning, and inventory management of IBM licensing.

We're able to single console manage all departmental Windows, Linux, AIX servers, and from a single console, we can grant access via role base depending on department status and access. It's just easy to get a big picture on a single screen.

It reduces network traffic when it comes to downloading patches. It's a single patch repository on the root server, all patches start on the root server, and then they are disseminated via relevance as required, up above a chain and a single connection via the relays up until it gets to the bottom of the last relay and then it disburses to the client. Storage and network wise, it makes the smallest download possible down to the last band and then disseminates from there, so you can take your relays as far down as possible to make a small download chain size wise. 

We use it to compare current and past patch cycles. We do monthly compliance verification and we use external vulnerability scanning, and we compare that to the BigFix compliance results and make a mesh of the two for our monthly reports for executives. We do that on a monthly basis.

It has helped us to compress our patch cycles. It's been condensed 100 percent. Our patch cycle is now under 10 days for everything that we patch, and we get no complaints from our compliance people about that. They've given us requests and we recondense it. Depending on how much urgency we put on it we can take it down as much as possible.

Finally, it has helped to reduce help desk calls. We actually know if there's an issue before the help desk finds out. We'll report a server down sometimes before the server owner knows, and we'll let them know that there may be an issue and then we can actually roll back a patch via BigFix before the server owner knows that there's an issue. Altogether, help desk calls have been reduced by around 50%.  

Some of the most valuable features are its: 

• Ease of use
• The fact that it's a single port access across the board. There's only one firewall to be required.
• The user community is great, very helpful. 
• There's not a lot of overhead to the client. There's a bit of set up to do but it's pretty simple once it gets running to maintain it. It basically maintains itself. As such for as big of a system, it only requires a little manpower. There's only a couple of people that have to manage it.

My impressions of peer to peer file transfer in relation to BigFix, is that it's a relay structure that goes up and down the chain, as servers check in they check into their relays, the relays pass up and down the chain. It has tight security. They say it heals itself. It doesn't put a load on the system and doesn't give our guys any headaches or anything. It just seems to work pretty well and it's easy to maintain.

I'd like to see:

• More visibility
• Better reporting
• I'd like for it to be more futuristic, for it to be less plain Windows looking with a little more pizazz. 
• Better integration, with the different applications within BigFix. Instead of sometimes feeling like four or five different applications, they need to be integrated a little better within themselves. 
• Better folder structure internally.

I've been admining the system for two and a half years now and other than server side issues we have never had stability problems. My core system is four servers and they're not maxed out. We've never had any performance issues.

Scalability is amazing. We have over 10,000 systems and could easily add to that without a performance hit. We'd have to increase our relay structure to keep it manageable but I don't think we'd have any problems.

Between the user groups, the community, the AVP support, the direct access via technical route and the PMR support, half the time I don't even need to do a formal PMR because the solutions from the community resolve whatever issues we're having. It's the best community and support based system I've ever used.

We implemented in-house. 

The main reason why we chose BigFix is because at the time we were looking for a single solution for multiple OS, and SCCM at the time couldn't handle a Windows, Linux, and AIX coverage as BigFix does. I haven't directly managed SCCM myself, but I do feel that BigFix is a much simpler set up, simpler configuration. It's better accepted by our marketing solutions, to get into some of the restricted VLANs, we have a much easier time connecting to restricted LANs than they do. BigFix has better reporting, they're just better integration. The one part where I think SCCM is better is in the remote control. The BigFix solution remote control is a little dated. 

I would rate it an eight out of ten. An eight because of the stability and the ease of use. Not a ten because I'm looking for more modernization, but I do have to give the BigFix community credit because they seem to listen to us.

I would advise someone considering this solution to talk to the community. Talk to the BigFix users, ask their honest opinion on what they think is good and bad about it. 

I'm a long time user for endpoint management and now I do consulting so I design solutions for end customers.

It has improved my organization because we can automate a lot of tasks. We went from manually patching machines or doing our best and having very little visibility into it to us being able to "set it and forget it" and getting really good results on first-pass patching.

In addition, it has also helped us to reduce network traffic when it comes to downloading patches. It's very easy to throttle the network traffic, Instead of us taking down the network, downloading hundreds of patches, we're able to set a throttle, and then also spread it out over a period of time, which helps a lot.

It has helped to compress our patch cycles. In some cases, a hundred percent because in some areas, patching wasn't happening. We went from not patching to just automating it.

Finally, help desk calls have been reduced. We were able to look at help desk calls and find out which ones were most common and start automating that with BigFix. For some various organization, a quarter to half of our help desk calls were knocked out.

It's incredibly powerful and it's very extensible. Meaning, it's very easy for us to customize the platform to solve a number of different tasks for us.
We enjoy using peer-to-peer file transfers as a peering system for files. It provides built-in redundancy and we can control it all from the console, which is nice.

I would eventually like to see a SaaS offering, a cloud-hosted BigFix instance where we only have to put a relay in our environment. 

Stability is incredible. A lot of times people will let it run forever without touching it because it just keeps going. Once you stand up the solution, there's very little that you have to do. Just the occasional update and that's it.

Scalability is awesome. For one, it supports around a quarter of a million endpoints, which is a lot. It's also very easy to stand up relays anywhere in the world. It's incredibly scalable.

Technical support is pretty good. I have never had any issues with support. Primarily, though, I go to the BigFix community which has been super helpful.

We initially switched because we had different solutions for all different platforms. We had one for MAC OS, we had one for Windows, and we weren't really using them that much so we were able to use it to manage all of them with a single tool instead of a bunch of different ones.

The initial setup is very easy. 

BigFix is way better than SCCM. SCCM doesn't do MAC OS or Linux. It takes a lot of time to manage, it's a lot of work, there are all kinds of ports that you need to open, and it's just a pain to manage.

I would rate BigFix a nine out of ten because I really enjoy the tool but there's always room for improvement and there's always something to add. I've been really happy. There's a close-knit community. It's super easy to get help. They're always adding new features. I'm very happy with it.

I would advise someone considering this solution to try it out. Set up a demo, give it a shot, turn on some auto-patching, and then just watch as your organization self-heals.

I am supporting a client and serving as an administrator of BigFix. My responsibilities include taking care of the whole infrastructure, patch deployment, vulnerability scanning, vulnerability assessment, third-party application vulnerability mitigation, generating reports, and ensuring compliance with security standards such as the CIS checklist. We handle all the security standards related to BigFix.

BigFix has several good features. Firstly, its client on the endpoints consumes less than 2% of CPU memory. Unlike other solutions like CrowdStrike or Tenable, where clients communicate with the database once a day or collect data every two days, BigFix offers real-time detection of endpoints. For example, if we have predefined conditions for monthly OS patches on various operating systems like AIX, Windows, Linux, and Mac, BigFix provides its own external sites where patches released by Microsoft or Mac are stored. These patches and content are integrated with the BigFix network. Each patch or package has relevant conditions that continuously evaluate the endpoints to determine if they are applicable. When creating software packages, we ensure that relevant conditions are met to prevent redundant deployments. This is important as continuous patching without checks can lead to system corruption or device issues. 

We are currently managing more than a hundred devices. So, upon creating a package with the relevant condition in place, there are already thousands of devices that have that specific package deployed. The condition checks to ensure that the package is not redeployed to those devices, avoiding any potential issues that can arise from repeated deployments. 

In some internal solutions, continuously deploying patches to an endpoint can lead to system corruption, device hang-ups, or other problems. However, BigFix prevents such issues by evaluating the relevance of each patch and ensuring it is only deployed when necessary.

BigFix is an endpoint customer solution that offers various capabilities. It enables compliance management, pack management, software and OS deployment, and power management. You can also integrate One Ready scanning tools like Qualys or Tenable, allowing vulnerability feeds to be directly evaluated within BigFix. 

If BigFix does not have a pre-existing solution, we can create our own scripts using its action script and relevant language. The platform supports multiple scripting languages, including PowerShell and Python, providing flexibility for deployments.

One aspect that could be improved is the speed of the console. Sometimes it can be slow, which is something that needs to be addressed. When compared to other solutions like Tenable or CrowdStrike, BigFix constantly communicates with the database in real time, which can cause some slowness.

I have been working dedicatedly with BigFix for the past five years. We are currently using version 10.0.4 of BigFix.

BigFix is stable overall. However, like any software, you may encounter occasional issues, but they are manageable.

It is a scalable solution. Scalability is relatively easy to achieve with BigFix. We already have a capacity planning guide in place that outlines predefined steps to check and scale the environment. It provides guidelines for designing the infrastructure to meet scalability requirements.

Currently, I'm working with a large enterprise that uses BigFix.

The technical support for BigFix is really amazing. There are dedicated technical support engineers available, and you can open tickets or seek help through the BigFix forum. Additionally, there are technical solution architects who can assist you. Just open a ticket with the Excel support team, and they will be there to help you.

The support is generally excellent, but there may be occasional delays due to their workload.

Positive

When it comes to the root server, you have the option to use either Windows or Linux. Deploying the root server is a straightforward process. Deploying the root server is the first step. After that, if you're considering deploying the complete infrastructure, you'll need to follow the capacity planning guidelines. It will help determine the appropriate infrastructure requirements. For instance, if you have 10,000 devices, it is recommended to use a server with at least 128 GB of RAM, 32-core processors, and a robust server configuration. You can choose to host it in a cloud-based environment or a dedicated environment, but it should meet the necessary specifications in terms of RAM and processor capacity.

Once you have the server set up, you will define your release strategy. This involves setting up top-level releases and renewal releases. The reason for having multiple releases is to distribute the load and avoid overburdening the root server. Top-level releases communicate with the root server and receive data from it, which they then distribute to the lower-level releases. These releases, in turn, distribute the data to the endpoints.

As for the installation process, it is quite straightforward. Once the root server is installed, you need to install the console. Once the console is installed, you can proceed to deploy clients or agents on the endpoints. 

BigFix provides a built-in client deployment tool called the Data Tool. Using this tool, you can leverage your active directory credentials to scan and analyze your network, identifying devices that have or do not have BigFix installed. Once the scanning process begins, the tool will start deploying the agents to the appropriate endpoints. The installation of the agents does not require a reboot. However, when deploying the infrastructure itself, a reboot may be necessary. But for clients deployed on agents or endpoints, whether it's servers, Windows 10 machines, or Linux machines, the agent installation does not require a reboot. 

Once the agents are installed, they automatically refresh themselves every 15 minutes. They communicate with the nearest relay to check if any new content needs to be deployed to that particular endpoint. The agent keeps checking with the relay and deploys content if there is any to be received.

For the complete infrastructure deployment, you need to follow capacity planning guidelines. This will help determine the required infrastructure.

Recently, we have set up new infrastructure, and capacity planning is a time-consuming process. Depending on the client and their requirements, it can take a couple of days to two weeks to finalize the agreement, especially if there are cost constraints. Companies often have limitations on project expenses. Once everything is finalized, it takes just one day to get the entire infrastructure up and running.

As for the endpoints, when we start deploying agents on laptops or desktops used by end users (not servers), it can take up to 30 days. This is because the agents are deployed as the endpoints come online intermittently. We keep the deployment policy open for five business days to accommodate this.

So, to summarize, infrastructure installation is typically completed within six to eight hours. After that, the network team checks the network utilization and load, and if necessary, they adjust the bandwidth. Deployment of agents onto clients usually takes about a week, but in server environments with a large number of servers (e.g., 5,000 servers), all the clients can be deployed within an hour or two. Once the entire infrastructure is up and running, we need to monitor the dashboards to ensure that BigFix is performing as expected. This monitoring period lasts for 30 days. Once everything is set up and functioning properly, we can start using BigFix.

For the basic setup of BigFix, you would typically require two architects: one familiar with Windows and another familiar with Linux. Additionally, networking expertise is needed to enable and disable certain ports. The involvement of various teams is necessary, especially the network team, which handles port opening and tunnel creation. For environments larger than 20,000 endpoints, two architects are needed. However, if the environment has around 5,000 to 10,000 endpoints, one architect is sufficient. Apart from the architects, you would also need two sole operators to manage all the modules within BigFix, such as inventory, compliance, cash management, and lifecycle management, which includes package deployment and patch deployment.

Currently, we have two people managing the maintenance of over a thousand devices. However, we recently increased the team to three members. They provide 24/5 support and handle various issues, including configuration and web application problems. If you require 24/5 support, it's recommended to have two architects and two operators who have a good understanding of BigFix. During peak times, the architects are available, and during off-peak hours, the operators can handle the tasks.

I would say that with great power comes great responsibility. As a BigFix admin, it is crucial to be careful and use the tool wisely. You have the ability to bring positive outcomes, but one incorrect deployment can have severe consequences and potentially disrupt the entire network.

Overall, I will give BigFix an alpha ten out of ten. 

We are a global security and cloud integrator, and we are also a reseller with a capability of up to 69 brands, but we're not married to anybody. Our goal is to give customers exactly what they need based on the scenario. We build everything that we sell. So, we have a large distribution partner that enables us to resell a lot of things. We definitely and always see what's hot in the market, and we are constantly reviewing technologies.

Patching and mobile device management are probably two of the biggest use cases of BigFix. 

In terms of the version, some of the clients have the latest version. BigFix is not a subscription as a service. It is not a SaaS model. It is an on-prem model for infrastructure teams to manage folks through the web or through the network, and it is not provided as a service. There is no open-source capability, so it doesn't really have an ecosystem around it. It's basically sold to clients for specific use.

For security these days, patching is obviously mission-critical. If you leave something unpatched, the vulnerability is easily found by the adversary, so that's critical. 

Mobile device management is also critical from the security aspect. BigFix is useful in scenarios where if a device is lost, you can disable it, and you can wipe it. All the company data that is available is completely encrypted, and it is basically illegible or not usable. People even have BigFix Mobile that they put on phones and other peripheral devices. You are basically putting a wrapper around the applications that are company applications in the bring your own device (BYOD) scenario.

It is for multiple use cases. A lot of people are looking at it just for security, and that's really endpoint security. The endpoint management part of it in terms of being able to constantly do patching for Windows, Unix, macOS, Cloud, Raspberry, VMware, and all Linux flavors is important, and they are very good at that. They have support for virtually every OS on the market.

A lot of people also use it for infrastructure value. HCL has changed the focus a little bit because it was originally looked at as a pure security tool on the IBM side for mobile device security, but since HCL took it over, it has become more focused on other different components. They've created REST APIs for the cloud, and there is now a scripting language that's associated with it. So, there are more broad use cases because the industry requires that. They also have their own development tool in BigFix.

HCL is India-based, and they've done a good job with BigFix, and they're also able to deliver the software at a lower price now. The integration is better with other security and vulnerability management tools. To remediate endpoint issues that are out there, they integrate with Tenable, Qualys, and others. So, you can manage all of your patches and fixes through one platform, even for all cloud services, which is a good thing. 

Training is obviously important, and HCL has done a better job than IBM at making that training available. Usually, there are different ways to do that, such as through video or self-service, etc.

I remember doing restarts a few times. So, making sure that it is rock solid from an executable perspective is important.

I have been working with all kinds of security tools, including this one, since 2001 or so. It has been 21 years.

We have interacted with them. They've been good and better probably in BigFix than some of the other tools that they acquired in that IBM divestiture. 

It is pretty easy to implement.

I would rate it an eight out of ten. It does everything reasonably well. There are so many competitors who do just one piece of this, or they're not really head-up competitors because some are into mobile security, and some are more into mobile endpoint management and patching.

We use the HCL BigFix solution to provide patch-, software- and OS-image distribution services for our customers. In addition endpoint solution avcurat software, ILMT and hardware inventory. Since BigFix is base on the principle of pull, not push the administrators can afford precise information in real time about the status of distribution of patches and software.

The BigFix console deliver an excellent overview of all endpoints, and tasks and fixlets to be done. You do not need to click through an endless numbers of wysiwigs, one by one - With BigFix you can create dynamics group with thousands of endoints, selected by an excact numbers of criteria. When you need to do many tasks and distribute many patches at once, BigFix gives you the opurutnity to create baselinesr where you ochestras tasks to be fone to be performed in a specific order.

BigFix is base on the principle if something is relevant or not. The systems works more or less like an complex database the sends small messeges to endpoint and ask them to report back to the server. If a given condition is true, them it's relevant and server will ask the client to something It's simple as that. Therefore, BigFix is extrempower solution when it supports more than 90 diffferent OS. The system can manage whatever you you want!

"The heart of the Fixlet technology is the Relevance language that allows authors to interrogate the hardware and software properties of your managed clients using Inspectors. With the Relevance language, you can write expressions describing virtually any aspect of the client environment. Some Fixlets are simply designed to return Relevance information to the servers, but most of them suggest actions that can patch or update the client computer. The actions, in turn, also take advantage of Relevance expressions. Fixlet messages and Relevance expressions by themselves can only notify the user or the administrator. Actions, on the other hand, are specifically designed to modify the client, so there is a clear dividing line between a Relevance expression and its associated action - typically a human is required to deploy the action."

The support of other 3rd party ssytems could be better. ServiceNow is supported by BigFix - But there is a lot of other systems that BigFix could support and vice versa and make it even more powerful. With all the inventory information avout the osftware and hardware in the network of the organization - The BigFix database could be a very valuable source for other maniufactors and porviders of software and hardware.

I have been working with Bigfix for almost ten years where I use the it distribute patches and software for my customers. After a while, the Windows 7 and later Windows 10 clienent become very stable. From what I have learn, IBM and HCL who owned thd product, do an wxtra quality chack of the patches before the release them. Sometimes the team behind Bigfix discover need of patches that become recommended by Microsoft many years later.

The stability is great! We have not experienced any issues. 

The scalability is excellent!. The BigFix solution is organized like a pyramid with the main master server at top. From there BigFix use relays to distribute Fixlets and Tasks to the clients. You can organize your hierarchy to fit your organization. The number of endpoints should not pass 5000 clients pr. relay before you set up a new relay. The funnie matter of fact is that a relay can use workstation with a lot of disk space - It does need to be a Windows-server, it can also be a Linux server or a workstation. From my point of view, this is really remarkable, because how many endpoint management systems can handle everything from a small office with 10 computers to multitenant conglormerat with 300 000 endpoints with only one, yes 1 server? Waht you need at your backroom is a SQL-server that is able to handle all the data...

Technical support is above average, and in fact, I would say that they have superb support.

Like many other small IT-companies, I patch the clients manually or by Windows Update. When you get a lot of clients to be patched, it's impossible to do it manually. You need a tool to do the job and you need documentation what you have done and when. If patch goes wrong, you must be able to identify that one very wuick and removed before it do to much damage. With BigFix, you get control and you know excactly the status of patches. If you use tools like Microsoft InTune to do the patch job, it's like sending Voyager 2 to Pluto - It felles like the patch is lost in space and you never know if it will ever send information back home what happends. With BigFix, more than 90% of you patches will dsitrbuted at first try and report back home that they found a safe harbour.

The documentation is good. Follow the recommended configuration by HCL and you will be up and running very soon. It's pretty easy to set up with some knowledge. Be aware that DNS-isssues can be a challenge if the server is not visible at Internet by a public IP during the initial setup. The configuration at firewall can a challenge especially to get SQL-server vissible for the BigFix-server.

We mananged to do it by our self. 

Very high. In a short time, you will get your expenses paid back very shortly.

The licens price of the HCL BigFix is very fair. The challenge is the license of the MS SQL server. If you can handle DB2 - The DB2 database server that is included with BigFix is free to use. Because the MS SQL -server express cannot be used unless demo purposes, I recommend and SPLA license for the MS SQL server wich gives you the oppuritiny to connect an unlimited numbers of clients to the BigFix server. 

Other systems like Microsoft SCCM has been considered. The systems is too complex and require too many resources compared with BigFix. The BigFix server with the SQL server included could be running and on a singel portable workstation and mange the patch-management of ogf thousands of endpoint. How many SCCM do you need to do that? With Bigfix you can manage a small office with 10 clients as well as enterprise evirement with 250 000 endpoint with only one BigFix-server. 

BigFix is value for money - You get a simple, robust, dynamic and very powerful solution for a very reasonable price. Don't for get the hidden cost compared to other tool - How many ports do you need to configure by very expensive network assistant when running SCCM? With BigFix it's enough to open only one port. With BigFix you have a multitenant solution that make is possible for you as an service provider to use BigFix to manage many customers at the same time with same server, without setting up trust between different networks. Because BigFix has it's own secure comminication between the server and the clients.