BigFix Reviews

It matches with the ILMT tool. We're trying to validate the licensing for IBM software. 

We're using the permanent discovery tool for septic for hardware and software too. For IBM, we have to use that due to the reporting of sub-capacity licenses.

It's mostly easy to use.

The sub-capacity licensing is the most valuable aspect of the product right now for us. 

It's good for reporting hardware and software. 

The solution is stable.

Technical support is helpful.

It scales well.

It's got some complexity when we're trying to figure out the IBM setup for software.

The sub-capacity licensing was a challenge for some of it. We had trouble getting it to calculate right.

It's better for hardware discovery. We get to increase its capabilities for hardware discovery. They need to enhance their sub-capacity capabilities, so we can use it easier for sub-capacity so that it is less of an art form and more of a science.

We'd like agents to be able to collect usage.

I've used the solution on and off for about eight years or so. I've used it for quite a while now. 

It is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze.

The solution has scaled well for what we are doing. 

Technical support has been very good. Sometimes they can't do things if it is not a function of the system; however, if the function of the system is possible, they help us and make it work. We are satisfied with the level of support we get. 

The initial setup was not overly complex. The complexity was the handling of configurations. 

The pricing was good. We had government pricing going into the project and it was pretty fair. 

I am using the latest version of the solution. I am not sure of the exact version number. I help different companies. Some are on the latest, and some aren't.

I'd advise people to understand what data they need and that the solution can actually pull that data in the right format for them.

I'd rate the solution eight out of ten. 

We use BigFix for deploying applications for updating, setting up configurations, making modifications, or customizing Windows. For example, what are the applications that need to run, and what configure is needed.

The most valuable point is when you deploy an application, you have to make sure that the application has been deployed to all computers and that is working perfectly. This solution works well at deployments. 

Other solutions can have failures, such as ManageEngine, and you have to deploy the application again. In BigFix, once the computer has communicated with the BigFix server, the agent workstation, you can be sure that the application will be deployed and delivered properly.

Sometimes the workstations communicate back to the BigFix server two or three days in a week or something similar. Sometimes there can be a delay reporting back to the server for a variety of reasons, such as users turning their computer off when they go home. When the user comes back and turns the computer back on BigFix needs to synchronize and sometimes it can take some time, approximately one week. The communication between the agent and the server should be faster, there is room for improvement in this area.

I have been using BigFix for approximately two years.

BigFix is reliable and stable, it is perfect.

Performance-wise is the best. When you have to do deployments you are sure that all the workstations will receive it, even though that there is sometimes a delay in reporting back to the server. The only time the deployment would not work is if the computer is decommissioned or not available.

BigFix is simple to scale, we are using the solution regularly. We use it every other week whenever we have meetings, we rely on it.

We have approximately 10 technicians and 3,000 users who receive a patch or use the solution in some way.

We have not had any big issues that would need the support. However, we did have some minor issues and the support was good and responsive.

I have used ManageEngine previously.

In my usage, I have found BigFix is more professional than ManageEngine. The reason that I'm saying this is when you deploy an application, you are sure and you are guaranteed that all workstations will receive it. However, for the ManageEngine, for some reason, you will find it may fail for 13 workstations. You might have to redeploy again, otherwise, you have to do it manually.

One of the positives of ManageEngine is it can be easy for users to deploy an application compared to BigFix.

The deployment process of BigFix was straightforward. You need to have a small number of programming skills or scripting skills to complete it. If you have skills, it is very easy to deploy. For somebody who's experienced, and has knowledge of some programming or scripting skills, it's very easy.

There were approximately three people, the vendors, and our technical teams that did the implementation.

BigFix requires specific maintenance, whenever there is a new release we manage it.

You are charged per server and per workstation when using BigFix. ManageEngine is a lot cheaper than BigFix. There are some additional costs, such as support.

I recommend BigFix as long as they have the budget. If they don't have that much money, they can use ManageEngine, which is satisfying for small and medium companies. For example, companies that have 250 computers. I have used ManageEngine at companies that had multiple locations. You can use some ManageEngine on one central location and then deploy it to all your branch offices.

I rate BigFix a nine out of ten.

Our customers mainly use BigFix for inventory, compliance, patch management, and software deployment. We also use it with the IBM License Metrics Tool. Our customers are mostly in the telecom and financial sectors.

The solution has many useful features. Its main advantage is simplicity - you can do everything from one console, regardless of the task. It supports many operating systems and is scalable to up to 250,000 clients.

The solution is great for automation. It uses relevant language, and each client can send requests for information about files or other data. Based on the results, you can set up analyzers and actions. For example, in patch management, you can automatically deploy patches to clients that don't have the newest version.

For improvements, it would be good if BigFix supported more databases. Currently, it only supports DB2 and Microsoft SQL. Adding support for other databases like Oracle would be beneficial.

I have been working with the product for 15 years. 

The tool is stable. I rate it a ten out of ten. 

With BigFix, I've had customers manage from just one client to 80,000. I rate its scalability a nine out of ten. 

The support from HCL is very helpful.

Positive

You need to consider network and firewall settings during deployment. But once you know what to do, it's quite simple - click through. I'd rate the setup process seven out of ten for ease.

The deployment process for BigFix, whether cloud or on-premises, takes about 3-4 hours. To deploy it, you first install the database and need a license file from HCL. The download is free and open to everyone. There's an installation generator for Windows, and you just run the download and set up.

I haven't faced challenges with BigFix, probably due to my 15 years of experience. I can usually handle any issues during installation or upgrades.

For those considering using the tool, I recommend having someone who can support you at the beginning of the implementation and installation. It's a quick learning process, but it's very important to understand how BigFix works at the start. Once you get that, you'll see it's quite good.

I rate the overall product an eight out of ten. 

We are using BigFix for sending patches to our servers and desktops, such as security and regular updates.

BigFix has enhanced our organization by demonstrating its efficacy in delivering software updates to endpoints. For example, Microsoft releases patches and we are able to easily make them available for our end-user computing platforms. Additionally, by utilizing the network inventory feature in BigFix, we have been able to substantially improve error percentages and completion statuses, and generate reports on patching percentages within a day and subsequent weeks.

The most valuable aspect of BigFix is its ability to patch desktops. While we have complete control over servers and can easily push patches to them, desktops pose a greater risk for leaks and vulnerabilities if patches are not installed in a timely manner. By using BigFix, we have significantly improved our ability to patch desktops, whether they are laptops, desktops, or other mobile devices used by end-users.

In order to derive maximum benefit from BigFix, it is essential that we configure all of its features and implement them effectively. If the automation could be improved we would be able to mitigate the risks associated with zero-day threats.

I have used BigFix within the last 12 months.

The solution is stable. The primary role of the solution is to patch the systems to the latest released security updates. We have not had any issues once we had deployed the solution correctly.

During our exploration of available solutions, we found that very few in the market offer comprehensive security features. In our evaluation of BigFix, we were particularly impressed with its VMware functionality, which far exceeded that of other solutions we considered. Rather than having to configure multiple solutions, BigFix provided us with basic security information and VMware management detection and response all in one. While the effectiveness of BigFix is certainly a key consideration, its ability to consolidate security features was a major factor in our decision to choose it.

I rate the stability of BigFix an eight out of ten.

I rate the scalability of BigFix an eight out of ten.

I rate the support of BigFix an eight out of ten.

Positive

We were using Microsoft SCCM prior to BigFix. We switched toBigFix because we wanted to have a complete solution. Microsoft SCCM was lacking features, such as managing the network endpoints, the discovery of the endpoints, VMware functionality, and Linux patching.

The deployment of BigFix is complicated. There are a lot of firewall ports that need to be configured and with a company with 50,000 employees, this can be a challenge. The configuration could improve by being more streamlined in the future.

We were assigned a project manager from the BigFix team who provided us with a comprehensive list of requirements for establishing effective communication. However, implementing these requirements across multiple countries and coordinating with various network teams posed a challenge, particularly in terms of opening the necessary communication channels through firewalls. This was a daunting task, especially if the application utilizes codes that are commonly blocked by firewalls.

The full deployment of the solution took three months.

The price of the solution is high. There are not any additional fees from the standard license.

I rate the price of BigFix a seven out of ten.

For those considering the use of BigFix, my advice is to pay close attention to the deployment phase. This involves identifying the necessary firewall ports and ensuring that the servers are configured to communicate with the internet to download patches. Proper deployment is critical for ensuring smooth operation in the future, as troubleshooting can be difficult once the solution is fully deployed.

I rate BigFix an eight out of ten.

Our primary use of this solution is for the server side patching and compliance remediation. We use it for all of Windows server patching, remediation, vulnerability scanning, and inventory management of IBM licensing.

We're able to single console manage all departmental Windows, Linux, AIX servers, and from a single console, we can grant access via role base depending on department status and access. It's just easy to get a big picture on a single screen.

It reduces network traffic when it comes to downloading patches. It's a single patch repository on the root server, all patches start on the root server, and then they are disseminated via relevance as required, up above a chain and a single connection via the relays up until it gets to the bottom of the last relay and then it disburses to the client. Storage and network wise, it makes the smallest download possible down to the last band and then disseminates from there, so you can take your relays as far down as possible to make a small download chain size wise. 

We use it to compare current and past patch cycles. We do monthly compliance verification and we use external vulnerability scanning, and we compare that to the BigFix compliance results and make a mesh of the two for our monthly reports for executives. We do that on a monthly basis.

It has helped us to compress our patch cycles. It's been condensed 100 percent. Our patch cycle is now under 10 days for everything that we patch, and we get no complaints from our compliance people about that. They've given us requests and we recondense it. Depending on how much urgency we put on it we can take it down as much as possible.

Finally, it has helped to reduce help desk calls. We actually know if there's an issue before the help desk finds out. We'll report a server down sometimes before the server owner knows, and we'll let them know that there may be an issue and then we can actually roll back a patch via BigFix before the server owner knows that there's an issue. Altogether, help desk calls have been reduced by around 50%.  

Some of the most valuable features are its: 

• Ease of use
• The fact that it's a single port access across the board. There's only one firewall to be required.
• The user community is great, very helpful. 
• There's not a lot of overhead to the client. There's a bit of set up to do but it's pretty simple once it gets running to maintain it. It basically maintains itself. As such for as big of a system, it only requires a little manpower. There's only a couple of people that have to manage it.

My impressions of peer to peer file transfer in relation to BigFix, is that it's a relay structure that goes up and down the chain, as servers check in they check into their relays, the relays pass up and down the chain. It has tight security. They say it heals itself. It doesn't put a load on the system and doesn't give our guys any headaches or anything. It just seems to work pretty well and it's easy to maintain.

I'd like to see:

• More visibility
• Better reporting
• I'd like for it to be more futuristic, for it to be less plain Windows looking with a little more pizazz. 
• Better integration, with the different applications within BigFix. Instead of sometimes feeling like four or five different applications, they need to be integrated a little better within themselves. 
• Better folder structure internally.

I've been admining the system for two and a half years now and other than server side issues we have never had stability problems. My core system is four servers and they're not maxed out. We've never had any performance issues.

Scalability is amazing. We have over 10,000 systems and could easily add to that without a performance hit. We'd have to increase our relay structure to keep it manageable but I don't think we'd have any problems.

Between the user groups, the community, the AVP support, the direct access via technical route and the PMR support, half the time I don't even need to do a formal PMR because the solutions from the community resolve whatever issues we're having. It's the best community and support based system I've ever used.

We implemented in-house. 

The main reason why we chose BigFix is because at the time we were looking for a single solution for multiple OS, and SCCM at the time couldn't handle a Windows, Linux, and AIX coverage as BigFix does. I haven't directly managed SCCM myself, but I do feel that BigFix is a much simpler set up, simpler configuration. It's better accepted by our marketing solutions, to get into some of the restricted VLANs, we have a much easier time connecting to restricted LANs than they do. BigFix has better reporting, they're just better integration. The one part where I think SCCM is better is in the remote control. The BigFix solution remote control is a little dated. 

I would rate it an eight out of ten. An eight because of the stability and the ease of use. Not a ten because I'm looking for more modernization, but I do have to give the BigFix community credit because they seem to listen to us.

I would advise someone considering this solution to talk to the community. Talk to the BigFix users, ask their honest opinion on what they think is good and bad about it. 

I'm a long time user for endpoint management and now I do consulting so I design solutions for end customers.

It has improved my organization because we can automate a lot of tasks. We went from manually patching machines or doing our best and having very little visibility into it to us being able to "set it and forget it" and getting really good results on first-pass patching.

In addition, it has also helped us to reduce network traffic when it comes to downloading patches. It's very easy to throttle the network traffic, Instead of us taking down the network, downloading hundreds of patches, we're able to set a throttle, and then also spread it out over a period of time, which helps a lot.

It has helped to compress our patch cycles. In some cases, a hundred percent because in some areas, patching wasn't happening. We went from not patching to just automating it.

Finally, help desk calls have been reduced. We were able to look at help desk calls and find out which ones were most common and start automating that with BigFix. For some various organization, a quarter to half of our help desk calls were knocked out.

It's incredibly powerful and it's very extensible. Meaning, it's very easy for us to customize the platform to solve a number of different tasks for us.
We enjoy using peer-to-peer file transfers as a peering system for files. It provides built-in redundancy and we can control it all from the console, which is nice.

I would eventually like to see a SaaS offering, a cloud-hosted BigFix instance where we only have to put a relay in our environment. 

Stability is incredible. A lot of times people will let it run forever without touching it because it just keeps going. Once you stand up the solution, there's very little that you have to do. Just the occasional update and that's it.

Scalability is awesome. For one, it supports around a quarter of a million endpoints, which is a lot. It's also very easy to stand up relays anywhere in the world. It's incredibly scalable.

Technical support is pretty good. I have never had any issues with support. Primarily, though, I go to the BigFix community which has been super helpful.

We initially switched because we had different solutions for all different platforms. We had one for MAC OS, we had one for Windows, and we weren't really using them that much so we were able to use it to manage all of them with a single tool instead of a bunch of different ones.

The initial setup is very easy. 

BigFix is way better than SCCM. SCCM doesn't do MAC OS or Linux. It takes a lot of time to manage, it's a lot of work, there are all kinds of ports that you need to open, and it's just a pain to manage.

I would rate BigFix a nine out of ten because I really enjoy the tool but there's always room for improvement and there's always something to add. I've been really happy. There's a close-knit community. It's super easy to get help. They're always adding new features. I'm very happy with it.

I would advise someone considering this solution to try it out. Set up a demo, give it a shot, turn on some auto-patching, and then just watch as your organization self-heals.

We are a global security and cloud integrator, and we are also a reseller with a capability of up to 69 brands, but we're not married to anybody. Our goal is to give customers exactly what they need based on the scenario. We build everything that we sell. So, we have a large distribution partner that enables us to resell a lot of things. We definitely and always see what's hot in the market, and we are constantly reviewing technologies.

Patching and mobile device management are probably two of the biggest use cases of BigFix. 

In terms of the version, some of the clients have the latest version. BigFix is not a subscription as a service. It is not a SaaS model. It is an on-prem model for infrastructure teams to manage folks through the web or through the network, and it is not provided as a service. There is no open-source capability, so it doesn't really have an ecosystem around it. It's basically sold to clients for specific use.

For security these days, patching is obviously mission-critical. If you leave something unpatched, the vulnerability is easily found by the adversary, so that's critical. 

Mobile device management is also critical from the security aspect. BigFix is useful in scenarios where if a device is lost, you can disable it, and you can wipe it. All the company data that is available is completely encrypted, and it is basically illegible or not usable. People even have BigFix Mobile that they put on phones and other peripheral devices. You are basically putting a wrapper around the applications that are company applications in the bring your own device (BYOD) scenario.

It is for multiple use cases. A lot of people are looking at it just for security, and that's really endpoint security. The endpoint management part of it in terms of being able to constantly do patching for Windows, Unix, macOS, Cloud, Raspberry, VMware, and all Linux flavors is important, and they are very good at that. They have support for virtually every OS on the market.

A lot of people also use it for infrastructure value. HCL has changed the focus a little bit because it was originally looked at as a pure security tool on the IBM side for mobile device security, but since HCL took it over, it has become more focused on other different components. They've created REST APIs for the cloud, and there is now a scripting language that's associated with it. So, there are more broad use cases because the industry requires that. They also have their own development tool in BigFix.

HCL is India-based, and they've done a good job with BigFix, and they're also able to deliver the software at a lower price now. The integration is better with other security and vulnerability management tools. To remediate endpoint issues that are out there, they integrate with Tenable, Qualys, and others. So, you can manage all of your patches and fixes through one platform, even for all cloud services, which is a good thing. 

Training is obviously important, and HCL has done a better job than IBM at making that training available. Usually, there are different ways to do that, such as through video or self-service, etc.

I remember doing restarts a few times. So, making sure that it is rock solid from an executable perspective is important.

I have been working with all kinds of security tools, including this one, since 2001 or so. It has been 21 years.

We have interacted with them. They've been good and better probably in BigFix than some of the other tools that they acquired in that IBM divestiture. 

It is pretty easy to implement.

I would rate it an eight out of ten. It does everything reasonably well. There are so many competitors who do just one piece of this, or they're not really head-up competitors because some are into mobile security, and some are more into mobile endpoint management and patching.

We use the HCL BigFix solution to provide patch-, software- and OS-image distribution services for our customers. In addition endpoint solution avcurat software, ILMT and hardware inventory. Since BigFix is base on the principle of pull, not push the administrators can afford precise information in real time about the status of distribution of patches and software.

The BigFix console deliver an excellent overview of all endpoints, and tasks and fixlets to be done. You do not need to click through an endless numbers of wysiwigs, one by one - With BigFix you can create dynamics group with thousands of endoints, selected by an excact numbers of criteria. When you need to do many tasks and distribute many patches at once, BigFix gives you the opurutnity to create baselinesr where you ochestras tasks to be fone to be performed in a specific order.

BigFix is base on the principle if something is relevant or not. The systems works more or less like an complex database the sends small messeges to endpoint and ask them to report back to the server. If a given condition is true, them it's relevant and server will ask the client to something It's simple as that. Therefore, BigFix is extrempower solution when it supports more than 90 diffferent OS. The system can manage whatever you you want!

"The heart of the Fixlet technology is the Relevance language that allows authors to interrogate the hardware and software properties of your managed clients using Inspectors. With the Relevance language, you can write expressions describing virtually any aspect of the client environment. Some Fixlets are simply designed to return Relevance information to the servers, but most of them suggest actions that can patch or update the client computer. The actions, in turn, also take advantage of Relevance expressions. Fixlet messages and Relevance expressions by themselves can only notify the user or the administrator. Actions, on the other hand, are specifically designed to modify the client, so there is a clear dividing line between a Relevance expression and its associated action - typically a human is required to deploy the action."

The support of other 3rd party ssytems could be better. ServiceNow is supported by BigFix - But there is a lot of other systems that BigFix could support and vice versa and make it even more powerful. With all the inventory information avout the osftware and hardware in the network of the organization - The BigFix database could be a very valuable source for other maniufactors and porviders of software and hardware.

I have been working with Bigfix for almost ten years where I use the it distribute patches and software for my customers. After a while, the Windows 7 and later Windows 10 clienent become very stable. From what I have learn, IBM and HCL who owned thd product, do an wxtra quality chack of the patches before the release them. Sometimes the team behind Bigfix discover need of patches that become recommended by Microsoft many years later.

The stability is great! We have not experienced any issues. 

The scalability is excellent!. The BigFix solution is organized like a pyramid with the main master server at top. From there BigFix use relays to distribute Fixlets and Tasks to the clients. You can organize your hierarchy to fit your organization. The number of endpoints should not pass 5000 clients pr. relay before you set up a new relay. The funnie matter of fact is that a relay can use workstation with a lot of disk space - It does need to be a Windows-server, it can also be a Linux server or a workstation. From my point of view, this is really remarkable, because how many endpoint management systems can handle everything from a small office with 10 computers to multitenant conglormerat with 300 000 endpoints with only one, yes 1 server? Waht you need at your backroom is a SQL-server that is able to handle all the data...

Technical support is above average, and in fact, I would say that they have superb support.

Like many other small IT-companies, I patch the clients manually or by Windows Update. When you get a lot of clients to be patched, it's impossible to do it manually. You need a tool to do the job and you need documentation what you have done and when. If patch goes wrong, you must be able to identify that one very wuick and removed before it do to much damage. With BigFix, you get control and you know excactly the status of patches. If you use tools like Microsoft InTune to do the patch job, it's like sending Voyager 2 to Pluto - It felles like the patch is lost in space and you never know if it will ever send information back home what happends. With BigFix, more than 90% of you patches will dsitrbuted at first try and report back home that they found a safe harbour.

The documentation is good. Follow the recommended configuration by HCL and you will be up and running very soon. It's pretty easy to set up with some knowledge. Be aware that DNS-isssues can be a challenge if the server is not visible at Internet by a public IP during the initial setup. The configuration at firewall can a challenge especially to get SQL-server vissible for the BigFix-server.

We mananged to do it by our self. 

Very high. In a short time, you will get your expenses paid back very shortly.

The licens price of the HCL BigFix is very fair. The challenge is the license of the MS SQL server. If you can handle DB2 - The DB2 database server that is included with BigFix is free to use. Because the MS SQL -server express cannot be used unless demo purposes, I recommend and SPLA license for the MS SQL server wich gives you the oppuritiny to connect an unlimited numbers of clients to the BigFix server. 

Other systems like Microsoft SCCM has been considered. The systems is too complex and require too many resources compared with BigFix. The BigFix server with the SQL server included could be running and on a singel portable workstation and mange the patch-management of ogf thousands of endpoint. How many SCCM do you need to do that? With Bigfix you can manage a small office with 10 clients as well as enterprise evirement with 250 000 endpoint with only one BigFix-server. 

BigFix is value for money - You get a simple, robust, dynamic and very powerful solution for a very reasonable price. Don't for get the hidden cost compared to other tool - How many ports do you need to configure by very expensive network assistant when running SCCM? With BigFix it's enough to open only one port. With BigFix you have a multitenant solution that make is possible for you as an service provider to use BigFix to manage many customers at the same time with same server, without setting up trust between different networks. Because BigFix has it's own secure comminication between the server and the clients.