BigFix Reviews

We use the solution to manage servers in the data center. Then the other client monitors the server, including Windows 10.

BigFix is integrated with the development process, making it easy for developers to remediate vulnerabilities directly from the outside.

Some clients have adopted it but have expressed concerns about its flexibility. They have other tools that effectively address this flexibility. BigFix offers basic vulnerability management capabilities, but it lacks integration.

I have been using the solution for eight and a half years. We are using the V10 of the solution.

The product is stable.

The solution has high scalability. Most of our clients are the big ones like National Banking.

I rate the solution’s scalability a nine out of ten.

There have been some technical issues that have required us to contact support. Support has helped troubleshoot and fix these issues, but it can sometimes be a problem, depending on the case.

Positive

The initial setup is easy and takes an hour.

The tool offers a good return on investment. There are many defects, but it can provide solutions for the company.

The product is affordable. I rate the solution’s pricing a three out of ten, where one is cheap, and ten is high.

BigFix provide a comprehensive set of device monitoring features. BigFix can monitor not only the device's hardware and software, but also its security posture and performance. This information can be used by the IT team to troubleshoot problems, improve performance, and maintain security.

Overall, I rate the solution a ten out of ten.

I am supporting a client and serving as an administrator of BigFix. My responsibilities include taking care of the whole infrastructure, patch deployment, vulnerability scanning, vulnerability assessment, third-party application vulnerability mitigation, generating reports, and ensuring compliance with security standards such as the CIS checklist. We handle all the security standards related to BigFix.

BigFix has several good features. Firstly, its client on the endpoints consumes less than 2% of CPU memory. Unlike other solutions like CrowdStrike or Tenable, where clients communicate with the database once a day or collect data every two days, BigFix offers real-time detection of endpoints. For example, if we have predefined conditions for monthly OS patches on various operating systems like AIX, Windows, Linux, and Mac, BigFix provides its own external sites where patches released by Microsoft or Mac are stored. These patches and content are integrated with the BigFix network. Each patch or package has relevant conditions that continuously evaluate the endpoints to determine if they are applicable. When creating software packages, we ensure that relevant conditions are met to prevent redundant deployments. This is important as continuous patching without checks can lead to system corruption or device issues. 

We are currently managing more than a hundred devices. So, upon creating a package with the relevant condition in place, there are already thousands of devices that have that specific package deployed. The condition checks to ensure that the package is not redeployed to those devices, avoiding any potential issues that can arise from repeated deployments. 

In some internal solutions, continuously deploying patches to an endpoint can lead to system corruption, device hang-ups, or other problems. However, BigFix prevents such issues by evaluating the relevance of each patch and ensuring it is only deployed when necessary.

BigFix is an endpoint customer solution that offers various capabilities. It enables compliance management, pack management, software and OS deployment, and power management. You can also integrate One Ready scanning tools like Qualys or Tenable, allowing vulnerability feeds to be directly evaluated within BigFix. 

If BigFix does not have a pre-existing solution, we can create our own scripts using its action script and relevant language. The platform supports multiple scripting languages, including PowerShell and Python, providing flexibility for deployments.

One aspect that could be improved is the speed of the console. Sometimes it can be slow, which is something that needs to be addressed. When compared to other solutions like Tenable or CrowdStrike, BigFix constantly communicates with the database in real time, which can cause some slowness.

I have been working dedicatedly with BigFix for the past five years. We are currently using version 10.0.4 of BigFix.

BigFix is stable overall. However, like any software, you may encounter occasional issues, but they are manageable.

It is a scalable solution. Scalability is relatively easy to achieve with BigFix. We already have a capacity planning guide in place that outlines predefined steps to check and scale the environment. It provides guidelines for designing the infrastructure to meet scalability requirements.

Currently, I'm working with a large enterprise that uses BigFix.

The technical support for BigFix is really amazing. There are dedicated technical support engineers available, and you can open tickets or seek help through the BigFix forum. Additionally, there are technical solution architects who can assist you. Just open a ticket with the Excel support team, and they will be there to help you.

The support is generally excellent, but there may be occasional delays due to their workload.

Positive

When it comes to the root server, you have the option to use either Windows or Linux. Deploying the root server is a straightforward process. Deploying the root server is the first step. After that, if you're considering deploying the complete infrastructure, you'll need to follow the capacity planning guidelines. It will help determine the appropriate infrastructure requirements. For instance, if you have 10,000 devices, it is recommended to use a server with at least 128 GB of RAM, 32-core processors, and a robust server configuration. You can choose to host it in a cloud-based environment or a dedicated environment, but it should meet the necessary specifications in terms of RAM and processor capacity.

Once you have the server set up, you will define your release strategy. This involves setting up top-level releases and renewal releases. The reason for having multiple releases is to distribute the load and avoid overburdening the root server. Top-level releases communicate with the root server and receive data from it, which they then distribute to the lower-level releases. These releases, in turn, distribute the data to the endpoints.

As for the installation process, it is quite straightforward. Once the root server is installed, you need to install the console. Once the console is installed, you can proceed to deploy clients or agents on the endpoints. 

BigFix provides a built-in client deployment tool called the Data Tool. Using this tool, you can leverage your active directory credentials to scan and analyze your network, identifying devices that have or do not have BigFix installed. Once the scanning process begins, the tool will start deploying the agents to the appropriate endpoints. The installation of the agents does not require a reboot. However, when deploying the infrastructure itself, a reboot may be necessary. But for clients deployed on agents or endpoints, whether it's servers, Windows 10 machines, or Linux machines, the agent installation does not require a reboot. 

Once the agents are installed, they automatically refresh themselves every 15 minutes. They communicate with the nearest relay to check if any new content needs to be deployed to that particular endpoint. The agent keeps checking with the relay and deploys content if there is any to be received.

For the complete infrastructure deployment, you need to follow capacity planning guidelines. This will help determine the required infrastructure.

Recently, we have set up new infrastructure, and capacity planning is a time-consuming process. Depending on the client and their requirements, it can take a couple of days to two weeks to finalize the agreement, especially if there are cost constraints. Companies often have limitations on project expenses. Once everything is finalized, it takes just one day to get the entire infrastructure up and running.

As for the endpoints, when we start deploying agents on laptops or desktops used by end users (not servers), it can take up to 30 days. This is because the agents are deployed as the endpoints come online intermittently. We keep the deployment policy open for five business days to accommodate this.

So, to summarize, infrastructure installation is typically completed within six to eight hours. After that, the network team checks the network utilization and load, and if necessary, they adjust the bandwidth. Deployment of agents onto clients usually takes about a week, but in server environments with a large number of servers (e.g., 5,000 servers), all the clients can be deployed within an hour or two. Once the entire infrastructure is up and running, we need to monitor the dashboards to ensure that BigFix is performing as expected. This monitoring period lasts for 30 days. Once everything is set up and functioning properly, we can start using BigFix.

For the basic setup of BigFix, you would typically require two architects: one familiar with Windows and another familiar with Linux. Additionally, networking expertise is needed to enable and disable certain ports. The involvement of various teams is necessary, especially the network team, which handles port opening and tunnel creation. For environments larger than 20,000 endpoints, two architects are needed. However, if the environment has around 5,000 to 10,000 endpoints, one architect is sufficient. Apart from the architects, you would also need two sole operators to manage all the modules within BigFix, such as inventory, compliance, cash management, and lifecycle management, which includes package deployment and patch deployment.

Currently, we have two people managing the maintenance of over a thousand devices. However, we recently increased the team to three members. They provide 24/5 support and handle various issues, including configuration and web application problems. If you require 24/5 support, it's recommended to have two architects and two operators who have a good understanding of BigFix. During peak times, the architects are available, and during off-peak hours, the operators can handle the tasks.

I would say that with great power comes great responsibility. As a BigFix admin, it is crucial to be careful and use the tool wisely. You have the ability to bring positive outcomes, but one incorrect deployment can have severe consequences and potentially disrupt the entire network.

Overall, I will give BigFix an alpha ten out of ten. 

We are using BigFix for sending patches to our servers and desktops, such as security and regular updates.

BigFix has enhanced our organization by demonstrating its efficacy in delivering software updates to endpoints. For example, Microsoft releases patches and we are able to easily make them available for our end-user computing platforms. Additionally, by utilizing the network inventory feature in BigFix, we have been able to substantially improve error percentages and completion statuses, and generate reports on patching percentages within a day and subsequent weeks.

The most valuable aspect of BigFix is its ability to patch desktops. While we have complete control over servers and can easily push patches to them, desktops pose a greater risk for leaks and vulnerabilities if patches are not installed in a timely manner. By using BigFix, we have significantly improved our ability to patch desktops, whether they are laptops, desktops, or other mobile devices used by end-users.

In order to derive maximum benefit from BigFix, it is essential that we configure all of its features and implement them effectively. If the automation could be improved we would be able to mitigate the risks associated with zero-day threats.

I have used BigFix within the last 12 months.

The solution is stable. The primary role of the solution is to patch the systems to the latest released security updates. We have not had any issues once we had deployed the solution correctly.

During our exploration of available solutions, we found that very few in the market offer comprehensive security features. In our evaluation of BigFix, we were particularly impressed with its VMware functionality, which far exceeded that of other solutions we considered. Rather than having to configure multiple solutions, BigFix provided us with basic security information and VMware management detection and response all in one. While the effectiveness of BigFix is certainly a key consideration, its ability to consolidate security features was a major factor in our decision to choose it.

I rate the stability of BigFix an eight out of ten.

I rate the scalability of BigFix an eight out of ten.

I rate the support of BigFix an eight out of ten.

Positive

We were using Microsoft SCCM prior to BigFix. We switched toBigFix because we wanted to have a complete solution. Microsoft SCCM was lacking features, such as managing the network endpoints, the discovery of the endpoints, VMware functionality, and Linux patching.

The deployment of BigFix is complicated. There are a lot of firewall ports that need to be configured and with a company with 50,000 employees, this can be a challenge. The configuration could improve by being more streamlined in the future.

We were assigned a project manager from the BigFix team who provided us with a comprehensive list of requirements for establishing effective communication. However, implementing these requirements across multiple countries and coordinating with various network teams posed a challenge, particularly in terms of opening the necessary communication channels through firewalls. This was a daunting task, especially if the application utilizes codes that are commonly blocked by firewalls.

The full deployment of the solution took three months.

The price of the solution is high. There are not any additional fees from the standard license.

I rate the price of BigFix a seven out of ten.

For those considering the use of BigFix, my advice is to pay close attention to the deployment phase. This involves identifying the necessary firewall ports and ensuring that the servers are configured to communicate with the internet to download patches. Proper deployment is critical for ensuring smooth operation in the future, as troubleshooting can be difficult once the solution is fully deployed.

I rate BigFix an eight out of ten.

It matches with the ILMT tool. We're trying to validate the licensing for IBM software. 

We're using the permanent discovery tool for septic for hardware and software too. For IBM, we have to use that due to the reporting of sub-capacity licenses.

It's mostly easy to use.

The sub-capacity licensing is the most valuable aspect of the product right now for us. 

It's good for reporting hardware and software. 

The solution is stable.

Technical support is helpful.

It scales well.

It's got some complexity when we're trying to figure out the IBM setup for software.

The sub-capacity licensing was a challenge for some of it. We had trouble getting it to calculate right.

It's better for hardware discovery. We get to increase its capabilities for hardware discovery. They need to enhance their sub-capacity capabilities, so we can use it easier for sub-capacity so that it is less of an art form and more of a science.

We'd like agents to be able to collect usage.

I've used the solution on and off for about eight years or so. I've used it for quite a while now. 

It is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze.

The solution has scaled well for what we are doing. 

Technical support has been very good. Sometimes they can't do things if it is not a function of the system; however, if the function of the system is possible, they help us and make it work. We are satisfied with the level of support we get. 

The initial setup was not overly complex. The complexity was the handling of configurations. 

The pricing was good. We had government pricing going into the project and it was pretty fair. 

I am using the latest version of the solution. I am not sure of the exact version number. I help different companies. Some are on the latest, and some aren't.

I'd advise people to understand what data they need and that the solution can actually pull that data in the right format for them.

I'd rate the solution eight out of ten. 

It's mostly patch-inflated. For the company I currently work for, we manage about 7,000 servers, and we use BigFix Enterprise to do most of the relevant software updates and patches to stay within compliance and away from vulnerabilities for many of our product users.

I'm not sure how the company functioned before. I'm fairly new.

The product is easily accessible. We already did the network setup and things like that. It is to manage servers conveniently throughout the company if it's already listed on BigFix. Where it has the BigFix client on it, it's just a matter of sending the patches and waiting for it to run.

We have the management side of BigFix as well. Most of the time, we typically don't have any problem, however, every once in a while, we try to find out why a patch didn't work, and things like that. It helps us keep on top of things.

BigFix has always been easier to use when managing servers, especially when you deal with so many servers. We have 7,000. That's a lot of services to manage, and it's convenient to patch them all at once.

It's easy to set up. 

Once in a while, some servers don't get patched, usually from our end of things. Maybe a server hasn't been reported in the last few weeks, and we don't know whether that server has been decommissioned or not. That's not on in BigFix in particular.

The relevant language takes a little getting used to since it's not used anywhere else in the industry. It's just in the BigFix environment. If there's anything that could be improved, it would be making the relevant language more readable and more common. 

We'd like the solution to be agentless, similar to, for example, Ansible. 

I've used the solution for six months. 

It's been around for a while, according to what I've seen. It used to be an IBM product before the move to an HTC, so I'm pretty sure it doesn't have a lot of complications. It'll still be a pretty stable product moving on into the future.

For now, it seems like BigFix has been the most popular for server management.

Considering the fact that the company I work for is pretty big, if that's the product they're using for their server management, I would say it's offering pretty good scalability. It's a very scalable application for managing servers. Some people use it for one or two servers, or maybe 30 or 40. We use it for pretty much all the servers managed here, and to my knowledge, that's about 7,000. It used to be 10,000. However, we decommissioned a bunch of irrelevant servers.

We do not plan to expand usage just yet.

We talk to HTC from time to time. We do lunch and learns with them and take most of our questions directly. They're quite easily contactable for the company to reach out to and set up a meeting, and they're usually very helpful. They're a great resource.

Positive

I did not previously use a different solution. The company's been around for a long time, and it seems like everybody's just known BigFix to be one we used. I'm a bit newer to the company.

The implementation was fairly straightforward. Documentation was online, so you just have to read it and follow instructions. It's pretty straightforward.

The deployment strategy more or less depends on our current environment for the company. It took me a while, not due to BigFix, just due to the company restrictions for onboarding employees. You have to have permission to access this and that. So it took a little longer than it would if it was on a local system, my private system, or something like that. 

Currently, we have two teams that can handle deployment and maintenance. There are those on the Window side, for managing the Windows servers, and there's the Linux OS applications team. They both pretty much do the same thing for two different operating systems.

The deployment was handled in-house. However, we are looking to try and automate more in Ansible going forward. 

I don't deal directly with licensing. 

My understanding is that it is  affordable. We have had conversations about other licenses, and other applications like Splunk, and we know that one is more expensive. Pricing hasn't been anything that's even come up in conversation.

While we are using the on-premises deployment, we are moving towards the private cloud. 

I'd advise new users to read a lot of the documents before subscribing to their licensing. Read much of the documentation and know what use cases would work for you. Before you get into it, try the trial version, as it might help to test it out to see what it is.

I'd rate the solution eight out of ten. 

We used BigFix internally at my previous org. My current company is a BigFix reseller. A lot of people are looking at endpoint security now, but we primarily used BigFix for true endpoint management.

Endpoint security has become the main thing, but we used BigFix for patching and a lot of the other use cases in the past, and I think it worked pretty well. Obviously, the market has gotten much more crowded. 

The UEM component evolved into reunified endpoint management. Many of our customers used it for deployment and patching. HCL has a new endpoint security approach now, but it was really for managing that. 

BigFix can manage lost devices, so you can wipe them remotely to ensure the IP doesn't get out in public. Unified endpoint security is a new perspective. I know that HCL is also collaborating with IBM, but I'm not sure if there is any cooperation between them and MaaS360 or other endpoint components.

The main shortcoming of BigFix was integration with vulnerability management. If you had a vulnerability in your software and BigFix on the endpoint, you needed integration with Qualys, Tenable, or another vulnerability management solution to fix that. It was like, "Okay, we can identify issues, and get that information back from the endpoint, but what are we doing about it?" 

The stability has been solid when I've used BigFix with customers in the past. In that space, I don't think everybody is doing as much innovation as in other areas in the endpoint management or security market. 

I delineate between those two because endpoint management is a different use case. I think it's probably become a lot more important since the pandemic started.

We never had any challenges with scalability. Some of our customers had tens of thousands of endpoints. 

I used a few competitors a while back, but I don't know what LANDESK is up to these days. They were a big player in the market, but I don't know what other contenders are out there now.

The patching tool is $250 per client device per year. The inventory and discovery tool is $15 per client per year. They have a lifecycle management tool that is the central component for managing endpoints, which costs around $43 per year. BigFix Compliance is the other part, and that's also around $43.

I rate BigFix nine out of 10. I wouldn't recommend it to everyone. It depends on your infrastructure. If you have a pure Microsoft shop, you can probably get by deploying and managing endpoints their way. 

However, if you have a mixed environment of any kind, BigFix is good at what it does. Patch management is vital for security posture, so I wouldn't be surprised if BigFix is becoming increasingly popular.

We use BigFix for deploying applications for updating, setting up configurations, making modifications, or customizing Windows. For example, what are the applications that need to run, and what configure is needed.

The most valuable point is when you deploy an application, you have to make sure that the application has been deployed to all computers and that is working perfectly. This solution works well at deployments. 

Other solutions can have failures, such as ManageEngine, and you have to deploy the application again. In BigFix, once the computer has communicated with the BigFix server, the agent workstation, you can be sure that the application will be deployed and delivered properly.

Sometimes the workstations communicate back to the BigFix server two or three days in a week or something similar. Sometimes there can be a delay reporting back to the server for a variety of reasons, such as users turning their computer off when they go home. When the user comes back and turns the computer back on BigFix needs to synchronize and sometimes it can take some time, approximately one week. The communication between the agent and the server should be faster, there is room for improvement in this area.

I have been using BigFix for approximately two years.

BigFix is reliable and stable, it is perfect.

Performance-wise is the best. When you have to do deployments you are sure that all the workstations will receive it, even though that there is sometimes a delay in reporting back to the server. The only time the deployment would not work is if the computer is decommissioned or not available.

BigFix is simple to scale, we are using the solution regularly. We use it every other week whenever we have meetings, we rely on it.

We have approximately 10 technicians and 3,000 users who receive a patch or use the solution in some way.

We have not had any big issues that would need the support. However, we did have some minor issues and the support was good and responsive.

I have used ManageEngine previously.

In my usage, I have found BigFix is more professional than ManageEngine. The reason that I'm saying this is when you deploy an application, you are sure and you are guaranteed that all workstations will receive it. However, for the ManageEngine, for some reason, you will find it may fail for 13 workstations. You might have to redeploy again, otherwise, you have to do it manually.

One of the positives of ManageEngine is it can be easy for users to deploy an application compared to BigFix.

The deployment process of BigFix was straightforward. You need to have a small number of programming skills or scripting skills to complete it. If you have skills, it is very easy to deploy. For somebody who's experienced, and has knowledge of some programming or scripting skills, it's very easy.

There were approximately three people, the vendors, and our technical teams that did the implementation.

BigFix requires specific maintenance, whenever there is a new release we manage it.

You are charged per server and per workstation when using BigFix. ManageEngine is a lot cheaper than BigFix. There are some additional costs, such as support.

I recommend BigFix as long as they have the budget. If they don't have that much money, they can use ManageEngine, which is satisfying for small and medium companies. For example, companies that have 250 computers. I have used ManageEngine at companies that had multiple locations. You can use some ManageEngine on one central location and then deploy it to all your branch offices.

I rate BigFix a nine out of ten.

Currently, we've got four big customers, and one is in mining. It's certainly for endpoint management, especially for patch compliance. That's normally our first use case. It's for Windows and Linux patch and patch compliance measurement. That's the biggest use case that we do. 

The main use for day-to-day operations is patching, and we are averaging 95 to 98% patch compliance, meaning we deployed almost 8,000. We put upgrades now in Africa, which is small. however, has 8,000 to 10,000 endpoints, and we have two people doing that, and it takes us about half a day a month.

The second use case is when we do compliance, and we replacing Microsoft DPOs, it makes it much easier to implement. On the compliance level, we always do level compliance due to the fact that BigFix has got the CIS, and we use the CIS standards for the checklist. 

Another company that we work with is in the energy sector. They are an energy company in Africa, and one of the things that we did was we helped them to migrate from Windows 7 to Windows 10 as one of the components of BigFix is Lifecycle OS Deployment. In that case, we helped them and they successfully migrated almost three and a half thousand Windows 7 and Windows 10 machines in three months. We used the BigFix OSD processor. 

Some of those countries, like Zimbabwe, Zambia, and Angola, didn't even have a network. We did the upgrade fully with memory sticks. We gave them USB thumb drives or memory sticks, and everything was on there, and they took that and actually went and the machines were upgraded that way.

The big drive at the end of the day is money-saving. You can accomplish a lot even if you have a very low-level resource and no access to other skilled resources. You give someone a thumb drive and he can plug it in, boot the machine, and 20 or 30 minutes later, the machine is fully completed from a pre-defined standard.

We used the solution to get control over licensing. We were able to avert a drop at the end of a three-year contract and in the process saved the client about $5 million in penalties.

The patch compliance is very good.

It's very easy to upgrade solutions, even in low-technology environments.

The stability is perfect.

The roll-out is super-easy.

The solution is unbelievably scalable.

We're not restricted on/off-network, and we don't have to be a member of a domain. You can be on a workgroup, laptop, Mac, et cetera.

Historically, the company used to belong to IBM, and there was competition between MaaS360 and BigFix components. They neglected the mobile portion, or the mobile device management portion of BigFix. It has been sold. IBM sold it two years ago to HCL of India. 

Therefore, that's one thing that's lacking - the mobile side. They don't have a proper mobile device management capability. They're working on it, however, that's the one thing that needs improvement so that you can have full unified endpoint management.

The ability to handle removable media encryption on the removable media label, et cetera, is lacking due to the fact that you cannot really control your USB device. Of course, recently, we had a use case where we had to lock down the USB devices, but there were, for instance, certain machines that were on a very specific model of USB drives that had a license key. This customer was using licensed software, and the license was on the USB stick. Now, the USB stick must be in the machine the whole time in order to use the application.

The solution needs to bring back the granular control of the USB devices that they offered a year or four years ago. That way, you can say "these devices are allowed" or "these devices are not allowed". That's the one major thing, in my opinion, that they could rethink, USB device control for removable media.

They're doing a lot of work on remote control. They are working on making it very, very simple. However, ti's not quite there yet.

I've been using the solution for five years at this point.

The stability on this solution is rock solid. I will put money up against it. BigFix is absolutely unbelievably stable. We never had any data corruption of any kind while using it.

You can do 250,000 endpoints with a machine that's got 32 bits of RAM and about 300 GB of disc space. That's the one thing about BigFix that makes it unique. The way you can easily scale is great. That's a biggie. Scalability is absolutely amazing.

I'm a little bit out of that department now, however, in Africa, in which that market is small, we've got between 20 or 30 customers. The big ones we have about 10,000 endpoints that we manage for them, and we are three people. There is only one team lead and two junior techs and we manage all the endpoints for them. Some of those endpoints are on the internet. Even if you're not on a corporate network, we can still monitor your environment on the same site. We can even give instructions in case of emergency to say, "Download this patch," or "Apply this patch," or "Change this compliance status," et cetera, with a GPO Microsoft directory.

The technical support, when the solution moved from IBM to HCL, improved dramatically. The technical documentation, the quality of the upgrades, et cetera, is really, really fantastic. I'm very glad IBM sold the product off to HCL as the quality of the product and everything surrounding it, including technical support, has improved dramatically. It's very good. We're quite satisfied.

The initial setup is not complex at all. It's very straightforward.

BigFix does license per server and per workstation. The cost depends on how many servers or work stations you are dealing with, and which tier of service you use.

BigFix consists of four modules. You get what we call the Platform Edition, which you get for free. The patch service is maybe $0.50 per workstation per month. Then there's the basic server cost, which is about $1.50 per server per month. You also get into Lifecycle which does power management, OSD remote control, and those types of things, and that might be about 10 times the price - which works out to about $13 per server and, maybe $5 per workstation per month.

It's all pretty customizable and you can just get the bare minimum or trade-up for a bit more.

We've looked at Microsoft SCCM, among others. At the end of the day, we looked for something fit for a really small company. We looked for something that can be simple, easy to deploy, and that was one of the reasons we chose BigFix. 

The main drive around BigFix was the fact that you don't need a lot of people to run it. That was one of the reasons we chose BigFix because it was small, or you can easily implement it on a very big scale, and one person can actually manage a lot of customers remotely. That was the reason we picked it. It was the only one that actually met those criteria at that point in time. 

I'm not using the latest version of the solution. I'm actually using the version before the latest.

I would advise that, before you buy the solution, you do a POC. You can do a 48-hour challenge where, if you start at 9 AM, you will be able to give patch compliance by 12 noon (for 1,000 endpoints). You've got three hours to install the product, get it up and running, deploy the agents, et cetera. Basically, take some time to test drive the product.

Overall, I'd rate the solution ten out of ten. I think it's a phenomenal product.