BigFix Reviews

Our primary use case is for the automation of patch compliance.

BigFix has drastically reduced the maintenance window period to patch and reboot servers.

It has helped to reduce network traffic when it comes to downloading patches. There's a single download to the primary BigFix server which is then replicated and cached on the Relays for all data center connected servers.

Due to the automation, we've been able to prevent a lot of human errors with BigFix so it's reduced our help desk calls by 50%.

Finally, it has helped us to compress patch cycles by around 75%.

The power is in the Platform!

I would like to see a WebUI SDK so we could take what is provided currently and be able to build our own customized web UI for particular customers that want to sell service.

It's extremely stable. 

It's very scalable. 

Their technical support is excellent. 

We've used BigFix in the past with other companies so we knew BigFix was a superior tool. Ten years prior, the current tool we were using had a lot of overhead, was time-consuming, used a lot of resources, and time spent on it. We knew there were better tools out there. 

It's far superior and there's no comparison to SCCM. It is so easy to navigate in the console. Everything's in a single view within a fixlet or a task. You can tell what actions are taking place versus having to go through separate menus in your console to figure it out. Just that alone and knowing instantly what your environment looks like based off of content makes BigFix superior. 

The initial setup was very straightforward. It's simple infrastructure to set up in comparison to other tools, like BladeLogic or SCCM, very simple infrastructure to set up.

We implemented ourselves. 

I would rate it a ten out of ten. It hasn't changed much since it's inception, so it's a superior product and it's just going to get better with the expansion of the API endpoint security and WebUI.

If you're considering BigFix, you should look deeper than just what's on the retail box of patch and compliance and software distribution. Look at the platform, what it can do on the back, and the relevance language, and the reporting capabilities. There's a lot more to this that you can use in your DevOps org to accomplish automation tasks.

Our primary use of this solution is for compliance management, patching, and security configuration management.

It allows us to quickly deploy capabilities that we need, whether it be security or non-security. We use it to keep systems up to date, deploy new drivers, and find the information we need in the case of security incidents. The capability allows us to gather a lot of information very quickly and it also allows us to have a centralized reporting feature and a centralized deployment capability, which is nice.

It has helped to reduce network traffic when it comes to downloading patches with the relay structure. Talking from the corporate server down to the relays and then to the endpoints, it has helped from that perspective. It still causes impacts, not because of the capability itself but because of the content that's being provided by Microsoft and other vendors is just so large that it starts having impacts whether you want it to or not, no matter what kind of infrastructure you put in place.

The flexibility of the capability of being able to use the out-of-the-box content that we get from the vendor as well as develop our own capabilities on top of the core capability is the most valuable feature. 

The scalability of the web UI product doesn't scale to the size that we need for our implementation so it needs to expand. I would also like to see the capability to develop on the back of the web UI capability. There are lots of web features and integrations that we could do with web UI that it would be nice to be able to put on top of what's already there, rather than waiting for IBM to develop what we need.

The core capability is very strong and hasn't changed a lot. Sometimes it is harder than others to get to some of the newer features, mostly just because we have a very large install base, and so having the time to roll out new capabilities is hard. Overall the stability and the upper trend of the capability is very good.

Scalability is good. 

Overall, technical support is very good. Sometimes you have to figure out a different way to get to what you want and you have to escalate through multiple layers to get to the right solution. We've been using the tool for long enough that we don't need the easy help, we need the hard help. Sometimes that's really hard to get to and then the turnaround cycle between when we report an issue and when we hear back and being able to get data to the right people at the right time, we end up having to re-open tickets over and over again because we don't have the data that they need. Sometimes they ask for something and we have to go ask somebody else for it and get it back to them and by then the SLA has run out, so that's not good.

We implemented internally. We've worked with IBM professional services for new capability and assistance with improving our overall capability but we didn't use them directly to implement. We've been using the tool for a really long time.

It's better than SCCM, it's more flexible. 

I would rate it a seven or eight out of ten. The pain points that we have are particular to us just because of the size of our implementation, the number of endpoints, etc. Overall, I think it's a great product and a product that most people would really get a lot of benefit out of. The things that we struggle with are things that are particular to our organization.

If you're considering this solution, get involved with the user community early, make relationships with the development organizations, learn how you can advocate for yourself. User group kind of things are the best way to learn. Learning from other people who have been using the tool for a long time is probably the easiest way to see the most effective implementation and best use of your resources using the tool.

Our primary use case of this solution is to develop custom content to deliver to restaurants.

It has improved reliability upon delivery of software and has also helped reduce software expenses. The extensibility of BigFix helps to create custom solutions where we may have considered purchasing something instead. 

We use it for PCI compliance and checking to see if endpoints are in a state where they need to be patched or not up to a certain level so it has helped us avoid compliance fees. 

Being able to report directly on aspects of the system is the most valuable feature for us. Meaning, instead of reporting on just an error code or something, you can inspect actual files, properties, registry keys, etc.

I would like to see much better web reporting because as it is now, it's convoluted, basic, it's not modern, and there are limitations to it.

The stability is excellent. I haven't had issues with BigFix crashing unexpectedly or anything like that.

The scalability seems solid. We're a smaller customer. We have about 16,000 endpoints, whereas other companies have hundreds of thousands.

Technical support is excellent, as far as the forum support. As far as new product needs, it's mixed. Sometimes if you are asked to submit an official request they go into a black hole.

We implemented in-house. 

I would rate it a seven out of ten. You can see all of the code of the custom content that is created for you. That's huge. With a lot of proprietary solutions, it's a black box where you can't see what they're doing and when it messes up you're on your own. With BigFix that was huge because if something goes wrong then you can create your own copy and start troubleshooting it.

I would advise someone considering this solution to have a developer on staff to fully leverage the features of it.

The most valuable feature of BigFix is the ability to manage all the clients that we have in our environment. So, every PC that we have has to come in and BigFix aids in all that so that we can record it, add software to it and also inventory it. So, just having that ability to see everything and inventory everything helps everybody from the technical aspect, to know what's on the PC; especially when it needs to be reimaged.

One of the improvements is the patching process and being able to get security patches out. We have 50,000 PCs in our environment and are able to patch those PCs in a relatively quick timeline.

Dynamic messaging needs improvement because one of the things that we deal with a lot is the messaging when pushing releases out. I know that there is a message we can display, but it's post-installation. On the post-installation, we have to either check on the PC or reboot the PC. We just want to be able to have a static message and to be able to take an action at any time, as well.

Documentation is always key. I like simple documents and also being on a team with a small amount of people. There is a lot that can be done with the product, and it needs good documentation to where you can see how the different pieces of the product interact with each other and what they can and can't do; but on a layman’s level.

It is very stable. We haven't had any issues on any downtime that inhibits our ability to get things out, so it's been pretty stable.

It seems to be very scalable. We went from roughly 24-25,000 assets to 50,000 PCs in five years. So, we're looking to grow and it seems like it's very capable to handle what we have in store.

Support is very awesome. Every time we have needed something from technical support, they have been on top of everything with a very quick turnaround in the issues that we've had with the product.

We were using an old IBM solution framework solution and some custom scripts that we had built around the framework solution to do our software distribution. When BigFix came along, we went right into the BigFix framework.

When choosing a vendor, one thing that is always critical is, how much does it cost? It needs to be cost effective. Support is also one of the things that we look for. We have a small team so when we are looking at vendors, we want to know if they provide any training. Also, can any kind of training dollars be rolled into the product or can experts come on site to train? We also want to hear customer feedback about how the company or the product are doing at another company's site that is similar to ours.

I was not involved in the initial setup. A coworker of mine actually set it up and got it going, and I came in on the back end. Right now, I'm actually going to be taking that over.

The setup was straightforward. I don't think it was too complex. I know that we have some complexities with the way some things are set up in our environment, but the product itself is pretty straightforward.

If they are able to get it into the environment and run some type of proof of concept and be able to kick the tires a little bit, that would be the best way go with any product.

I have used BigFix for patch management, compliance for security, and inventory OS deployment to software.

The most valuable feature of BigFix is the software deployment.

The solution could improve by adding support drivers for different systems and equipment. When you have a lot of different computers if they could fix how to install any updates, firmware, or drivers for different systems or servers it would be good.

In an upcoming release, they should add database support included and deliver the solution as a cloud service similar to the services on Microsft Azure.

I have been using BigFix for approximately 10 years.

BigFix is extremely stable.

I have found BigFix to be highly scalable. BigFix can be used on 10 computers, 10,000 and 1,000,000 computers. It doesn't matter the number of computers.

We have approximately 50 people using this solution in my organization. We use the solution daily.

BigFix is suitable for both SMB and enterprise customers.

The support from BigFix is excellent.

I rate the support from BigFix a five out of five.

I have used other similar solutions previously. The main difference between the other solutions and BigFix is you can do more for a lesser price with BigFix. You can do more with less effort to get it up and work properly. Its broader support for different OS systems.

I rate the implementation difficulty of BigFix a five out of five.

If you choose, for example, Microsoft SSM Configuration Manager, you need a lot of servers, databases, and the configuration of firewalls, et cetera. It's a tremendous cost before you get up and running. With BigFix, in 10 to 15 minutes, you're up and running. Everything is working well.

The price of BigFix is better than the solutions. You are able to pay monthly or annually. There are not any hidden costs with BigFix. There is an additional cost for the SQL database.

I rate the price of BigFix a five out of five.

I would recommend this solution to others. I would advise others the solutions are suitable for small to medium-sized companies, and enterprises.

I rate BigFix a ten out of ten.

We use BigFix as our primary automation platform. We use it to tie in disparate tasks and services that we need to apply to our servers. We use it for patching, reporting, and compliance.

We are able to use BigFix through API connections to automate and reduce resources and time. The product's been great for us. It's increased the security posture ten-fold and it's increased our visibility across our endpoints enormously.

It has helped us to reduce network traffic when it comes to downloading patches. We don't have a million machines reach out in the middle of the night to get devices. We have BigFix on our cruise lines in which satellite connectivity is limited. We had to pay per byte that goes across the wire. 

We use BigFix to compare our past and present patch cycles. We use it to report on the success of patching and what patches are available. It lets us do postmortems to find out when a patch was first available, first supplied, and if it had any issues.

Using BigFix and the automation we built we've been able to reduce patch time from three hours and 37 minutes on average to less than twenty minutes per server. 

Through using our automation we've seen a reduction in failures, critical patch failures, probably by about three or four percent.

The most valuable feature would be its flexibility. It's one product that works across multiple OSs. We have one agent that will sit on six to seven different OSs in our environment. I can use one console to push a patch to six or seven different OSs in one view. I don't have to jump from screen to screen or remote log-in.

I don't like the peer to peer file transfers feature. Security wise, it's a bad format and it's not useful. 

I would like to see API connectivity, built-in API connectors to the standard toolsets, whether it's for ServiceNow or Qualys. More API connectivity to make it easier to integrate to other tools.

It's very stable. We haven't had any major issues from it. Most times, we have false positives. Our people tell us that BigFix is doing something and we go back and look and it doesn't.

It's been scalable for us. We've taken it from physical to virtual, from virtual to cloud, from on-prem to off-prem seamlessly.

Their technical support is above average. Sometimes, because there are different modules, we'd get bounced to different help desks. It's frustrating that we don't have a one-stop shop. Overall, when we do get the right person, it's quick and easy. 

We rebuilt it three years ago from the ground up and the setup wasn't complex.

We've seen ROI time-wise. We reduced compliance reporting from about 100 hours per server to less than six. We reduced patch time from three hours and a half to less than twenty, and we've reduced the patch man-hours from about five to six people per eight-hour shift. 

We also considered Red Hat and Microsoft. We chose BigFix because we saw more fidelity in reporting, more fidelity in accuracy, and more fidelity in security. 

It's a night and day difference between BigFix and SCCM. Anyone who's used SCCM before knows that BigFix provides a far better product in scalability, reporting, and the accuracy of patching.

I would rate it a ten out of ten. It's worked for what we wanted. It's provided one screen to look across different OSs. It's also provided speed and flexibility. We're able to integrate it to all of our tools, do things to other servers and automate things that aren't done on one platform.

My advice to someone considering this solution would be to find a tool that can span as many OSs as possible. If you're using three different patching tools to approach three different OSs, you're probably lost. 

The most valuable feature for me is BigFix's multi platform. It's customizable and we're able to do API integration throughout our entire network.

We're able to to implement automation and reduce touch labor for level one technicalities so we're able to free up more manpower to take on more difficult tasks.

• I would like to see it go to the cloud. I want to see it as a management service.
• For us, we basically generate our own API documentation. So I think more API integration would also help.

We've had no problems, it's a very stable solution. It's very well supported and has a big forum of users. So you always have a resource to reach out to.

We've actually fixed the patching by improving our patch application by almost 60%. We went from applying 6,000 patches manually to 34,000 on average a month.

It's very scalable. Extremely scalable. Customization is always a big issue for us so we're always able to grow with it.

We've used technical support many times. They have great support. We've had international support. We've been on calls with Poland, Ireland, Germany and all our technical experts in the USA.

I wasn't involved in the installation process.

When choosing a vendor we think that knowledge of our market place is key. The Walt Disney Company is unique in the environment so we need someone who understands that we work in different ways than a lot of other companies. This also applies with regard to product scalability. We need growth, I don't need to be working with one product in a silo.

I would really encourage them to look into it and take a look at its abilities and think of it as a platform and not just a patching mechanism. Some people think BigFix is just patching. It's a lot more than that so I would ask them to look at the bigger modules.

For me, Inventory Services is heavily used in our environment. The patch management suite, I would say is the second, and very important for us to ensure that we are maintaining our PCI and SOX compliance for the company I work with. In addition to that, we have server automation that we use, security and compliance module, lifecycle management, and OSD. So all of those things are really important for us.

Clearly, with Inventory Services, the speed is really key. In retail, we need answers very, very quickly. Other competitor products (which we do have in house) just don't compare.

Web reports. The interface for web reports is still pretty basic, and really hasn't changed in the seven years that we've had the product, so that would be one thing that would be really nice.

I really don't know that there's really much more that can be added that's already not currently in the pipeline, or currently exists.

It's been stable. I've used the product for seven years and I haven't had an issue that has brought things down. So it's been very stable.

Scalability is also really great. We have a very small client base in comparison to what we could potentially do, so scalability is wonderful.

In the seven years, I think I've submitted maybe four to five problems. That's it. Response time has always been good.

When we're selecting a solution, we want a vendor that we can trust, that is on top of it, on point, and thorough.

I would say I would give it a nine. Only because as I stated earlier, web reports, if that were to improve, I'd give it a ten. There's always room for improvement.

Really understand what your environment is like. Make sure that your network team is engaged with all of that.