BigFix Reviews

I like the inventory and life cycle management feature. It's simple to use. This platform is easier than Azure.

The remote software installation could be better. I would also like to see mobile device management within the BigFix itself. I would also like to have GlobalProtect management.

I have been using BigFix for approximately three years.

BigFix is a stable solution. You can deploy it and forget about it. 

BigFix is easy to scale. 

Technical support is very good.

The initial setup is straightforward and took us a day to implement.

I would recommend BigFix to new users.

On a scale from one to ten, I would give BigFix a seven.

We are using BigFix for software distribution, managing the network for our clients, and for updates.

The interface is easy to use, and it's not complicated to create tasks.

It offers all of the features that we require.

It's not an easy question as it provides all of the things we need. It meets our requirements.

We are resellers. We provide solutions to our clients.

I have been using BigFix for one year, but the company has been using it for approximately seven years.

It's a stable solution. We have not had any issues.

We have not had any support cases with technical support.

In my previous profession, we used SCCM from Microsoft, and I am familiar with NetApp Storage and Windows.

The price is reasonable, but our customers find it expensive.

It's a good solution. We have sold many solutions for clients. We don't have any project running at this time but expect that to change in the coming months.

I would rate BigFix a ten out of ten.

BigFix is a good product with good technical support. We are updating the package and everything, so there are no issues.

BixFix is good, but they have to update the product. For example, we need AI, ML, and IIT. We also want to edit the discovery of our assets less.

There are some status problems we can't really call a bug. We want them to improve and offer these things. I want a Manager of Manager. I also want to see the multiple control and a multiple report format. I want to get the whole report within a single console.

It's like you have a simple car and you want to buy a BMW. A simple car also works, and every car has four wheels. But we all want more power, to be more agile, and receive more status updates.

I have been using BigFix for six years.

The stability of BigFix isn't bad.

The scalability of BigFix isn't bad.

BigFix technical support is good.

On a scale from one to ten, I would give BigFix a seven.

Our primary use case is Patch Management.

This has very much improved our organization by saving time to deploy thousands of endpoints to our customers.

The most valuable feature is Patch Management.

We would like to see a different license plan, e.g. to include features from lifecycle with Patch Management, as an example.

We have been using BigFix for five years.

We use the HCL BigFix solution to provide patch-, software- and OS-image distribution services for our customers. In addition endpoint solution avcurat software, ILMT and hardware inventory. Since BigFix is base on the principle of pull, not push the administrators can afford precise information in real time about the status of distribution of patches and software.

The BigFix console deliver an excellent overview of all endpoints, and tasks and fixlets to be done. You do not need to click through an endless numbers of wysiwigs, one by one - With BigFix you can create dynamics group with thousands of endoints, selected by an excact numbers of criteria. When you need to do many tasks and distribute many patches at once, BigFix gives you the opurutnity to create baselinesr where you ochestras tasks to be fone to be performed in a specific order.

BigFix is base on the principle if something is relevant or not. The systems works more or less like an complex database the sends small messeges to endpoint and ask them to report back to the server. If a given condition is true, them it's relevant and server will ask the client to something It's simple as that. Therefore, BigFix is extrempower solution when it supports more than 90 diffferent OS. The system can manage whatever you you want!

"The heart of the Fixlet technology is the Relevance language that allows authors to interrogate the hardware and software properties of your managed clients using Inspectors. With the Relevance language, you can write expressions describing virtually any aspect of the client environment. Some Fixlets are simply designed to return Relevance information to the servers, but most of them suggest actions that can patch or update the client computer. The actions, in turn, also take advantage of Relevance expressions. Fixlet messages and Relevance expressions by themselves can only notify the user or the administrator. Actions, on the other hand, are specifically designed to modify the client, so there is a clear dividing line between a Relevance expression and its associated action - typically a human is required to deploy the action."

The support of other 3rd party ssytems could be better. ServiceNow is supported by BigFix - But there is a lot of other systems that BigFix could support and vice versa and make it even more powerful. With all the inventory information avout the osftware and hardware in the network of the organization - The BigFix database could be a very valuable source for other maniufactors and porviders of software and hardware.

I have been working with Bigfix for almost ten years where I use the it distribute patches and software for my customers. After a while, the Windows 7 and later Windows 10 clienent become very stable. From what I have learn, IBM and HCL who owned thd product, do an wxtra quality chack of the patches before the release them. Sometimes the team behind Bigfix discover need of patches that become recommended by Microsoft many years later.

The stability is great! We have not experienced any issues. 

The scalability is excellent!. The BigFix solution is organized like a pyramid with the main master server at top. From there BigFix use relays to distribute Fixlets and Tasks to the clients. You can organize your hierarchy to fit your organization. The number of endpoints should not pass 5000 clients pr. relay before you set up a new relay. The funnie matter of fact is that a relay can use workstation with a lot of disk space - It does need to be a Windows-server, it can also be a Linux server or a workstation. From my point of view, this is really remarkable, because how many endpoint management systems can handle everything from a small office with 10 computers to multitenant conglormerat with 300 000 endpoints with only one, yes 1 server? Waht you need at your backroom is a SQL-server that is able to handle all the data...

Technical support is above average, and in fact, I would say that they have superb support.

Like many other small IT-companies, I patch the clients manually or by Windows Update. When you get a lot of clients to be patched, it's impossible to do it manually. You need a tool to do the job and you need documentation what you have done and when. If patch goes wrong, you must be able to identify that one very wuick and removed before it do to much damage. With BigFix, you get control and you know excactly the status of patches. If you use tools like Microsoft InTune to do the patch job, it's like sending Voyager 2 to Pluto - It felles like the patch is lost in space and you never know if it will ever send information back home what happends. With BigFix, more than 90% of you patches will dsitrbuted at first try and report back home that they found a safe harbour.

The documentation is good. Follow the recommended configuration by HCL and you will be up and running very soon. It's pretty easy to set up with some knowledge. Be aware that DNS-isssues can be a challenge if the server is not visible at Internet by a public IP during the initial setup. The configuration at firewall can a challenge especially to get SQL-server vissible for the BigFix-server.

We mananged to do it by our self. 

Very high. In a short time, you will get your expenses paid back very shortly.

The licens price of the HCL BigFix is very fair. The challenge is the license of the MS SQL server. If you can handle DB2 - The DB2 database server that is included with BigFix is free to use. Because the MS SQL -server express cannot be used unless demo purposes, I recommend and SPLA license for the MS SQL server wich gives you the oppuritiny to connect an unlimited numbers of clients to the BigFix server. 

Other systems like Microsoft SCCM has been considered. The systems is too complex and require too many resources compared with BigFix. The BigFix server with the SQL server included could be running and on a singel portable workstation and mange the patch-management of ogf thousands of endpoint. How many SCCM do you need to do that? With Bigfix you can manage a small office with 10 clients as well as enterprise evirement with 250 000 endpoint with only one BigFix-server. 

BigFix is value for money - You get a simple, robust, dynamic and very powerful solution for a very reasonable price. Don't for get the hidden cost compared to other tool - How many ports do you need to configure by very expensive network assistant when running SCCM? With BigFix it's enough to open only one port. With BigFix you have a multitenant solution that make is possible for you as an service provider to use BigFix to manage many customers at the same time with same server, without setting up trust between different networks. Because BigFix has it's own secure comminication between the server and the clients.

Currently, we've got four big customers, and one is in mining. It's certainly for endpoint management, especially for patch compliance. That's normally our first use case. It's for Windows and Linux patch and patch compliance measurement. That's the biggest use case that we do. 

The main use for day-to-day operations is patching, and we are averaging 95 to 98% patch compliance, meaning we deployed almost 8,000. We put upgrades now in Africa, which is small. however, has 8,000 to 10,000 endpoints, and we have two people doing that, and it takes us about half a day a month.

The second use case is when we do compliance, and we replacing Microsoft DPOs, it makes it much easier to implement. On the compliance level, we always do level compliance due to the fact that BigFix has got the CIS, and we use the CIS standards for the checklist. 

Another company that we work with is in the energy sector. They are an energy company in Africa, and one of the things that we did was we helped them to migrate from Windows 7 to Windows 10 as one of the components of BigFix is Lifecycle OS Deployment. In that case, we helped them and they successfully migrated almost three and a half thousand Windows 7 and Windows 10 machines in three months. We used the BigFix OSD processor. 

Some of those countries, like Zimbabwe, Zambia, and Angola, didn't even have a network. We did the upgrade fully with memory sticks. We gave them USB thumb drives or memory sticks, and everything was on there, and they took that and actually went and the machines were upgraded that way.

The big drive at the end of the day is money-saving. You can accomplish a lot even if you have a very low-level resource and no access to other skilled resources. You give someone a thumb drive and he can plug it in, boot the machine, and 20 or 30 minutes later, the machine is fully completed from a pre-defined standard.

We used the solution to get control over licensing. We were able to avert a drop at the end of a three-year contract and in the process saved the client about $5 million in penalties.

The patch compliance is very good.

It's very easy to upgrade solutions, even in low-technology environments.

The stability is perfect.

The roll-out is super-easy.

The solution is unbelievably scalable.

We're not restricted on/off-network, and we don't have to be a member of a domain. You can be on a workgroup, laptop, Mac, et cetera.

Historically, the company used to belong to IBM, and there was competition between MaaS360 and BigFix components. They neglected the mobile portion, or the mobile device management portion of BigFix. It has been sold. IBM sold it two years ago to HCL of India. 

Therefore, that's one thing that's lacking - the mobile side. They don't have a proper mobile device management capability. They're working on it, however, that's the one thing that needs improvement so that you can have full unified endpoint management.

The ability to handle removable media encryption on the removable media label, et cetera, is lacking due to the fact that you cannot really control your USB device. Of course, recently, we had a use case where we had to lock down the USB devices, but there were, for instance, certain machines that were on a very specific model of USB drives that had a license key. This customer was using licensed software, and the license was on the USB stick. Now, the USB stick must be in the machine the whole time in order to use the application.

The solution needs to bring back the granular control of the USB devices that they offered a year or four years ago. That way, you can say "these devices are allowed" or "these devices are not allowed". That's the one major thing, in my opinion, that they could rethink, USB device control for removable media.

They're doing a lot of work on remote control. They are working on making it very, very simple. However, ti's not quite there yet.

I've been using the solution for five years at this point.

The stability on this solution is rock solid. I will put money up against it. BigFix is absolutely unbelievably stable. We never had any data corruption of any kind while using it.

You can do 250,000 endpoints with a machine that's got 32 bits of RAM and about 300 GB of disc space. That's the one thing about BigFix that makes it unique. The way you can easily scale is great. That's a biggie. Scalability is absolutely amazing.

I'm a little bit out of that department now, however, in Africa, in which that market is small, we've got between 20 or 30 customers. The big ones we have about 10,000 endpoints that we manage for them, and we are three people. There is only one team lead and two junior techs and we manage all the endpoints for them. Some of those endpoints are on the internet. Even if you're not on a corporate network, we can still monitor your environment on the same site. We can even give instructions in case of emergency to say, "Download this patch," or "Apply this patch," or "Change this compliance status," et cetera, with a GPO Microsoft directory.

The technical support, when the solution moved from IBM to HCL, improved dramatically. The technical documentation, the quality of the upgrades, et cetera, is really, really fantastic. I'm very glad IBM sold the product off to HCL as the quality of the product and everything surrounding it, including technical support, has improved dramatically. It's very good. We're quite satisfied.

The initial setup is not complex at all. It's very straightforward.

BigFix does license per server and per workstation. The cost depends on how many servers or work stations you are dealing with, and which tier of service you use.

BigFix consists of four modules. You get what we call the Platform Edition, which you get for free. The patch service is maybe $0.50 per workstation per month. Then there's the basic server cost, which is about $1.50 per server per month. You also get into Lifecycle which does power management, OSD remote control, and those types of things, and that might be about 10 times the price - which works out to about $13 per server and, maybe $5 per workstation per month.

It's all pretty customizable and you can just get the bare minimum or trade-up for a bit more.

We've looked at Microsoft SCCM, among others. At the end of the day, we looked for something fit for a really small company. We looked for something that can be simple, easy to deploy, and that was one of the reasons we chose BigFix. 

The main drive around BigFix was the fact that you don't need a lot of people to run it. That was one of the reasons we chose BigFix because it was small, or you can easily implement it on a very big scale, and one person can actually manage a lot of customers remotely. That was the reason we picked it. It was the only one that actually met those criteria at that point in time. 

I'm not using the latest version of the solution. I'm actually using the version before the latest.

I would advise that, before you buy the solution, you do a POC. You can do a 48-hour challenge where, if you start at 9 AM, you will be able to give patch compliance by 12 noon (for 1,000 endpoints). You've got three hours to install the product, get it up and running, deploy the agents, et cetera. Basically, take some time to test drive the product.

Overall, I'd rate the solution ten out of ten. I think it's a phenomenal product.

I support multiple customers who use BixFix for many uses including for security compliance, server automation, remote control, software distribution, patching, etc. 

One of the biggest benefits BigFix has had for our organization is the ease and efficiency to perform many different tasks, across pillars and platforms, all from one pane of glass.

It has immensely reduced network traffic when it comes to downloading patches. Across the board, I've had a number of customers who've had platform tools that I'm able to combine into one tool.

We've set up and started using BigFix to patch and have had much higher patch saturation rates than in the past. We do historical tracking with BigFix, and we can see that the success rate's gone way up.

It has also helped to reduce help desk calls because of the success rate that we have with the patching. As the success rate goes up, we get fewer calls. 

The power is all in the platform. It's great to be able to patch. It's great to have a bunch of stuff for security compliance, etc but the power truly is in the platform or the tool.

I would like to see SDK for Web UI included in the next release. 

Overall it's a very stable solution.

I've worked with customers that have a couple thousand endpoints to a couple hundred thousand endpoints. I've also looked at other competing technologies out there, and it is definitely one of the leading tools on the marketplace in terms of the scalability performance.

The initial setup is very straight forward. Depending on the customer, it can be complex as far as doing the necessary planning. Some customers can miss the point of doing a lot of that planning up front. If done right, it's not complex at all. You get really fast ROI from the tool.

My customers definitely do see ROI from using BigFix but it varies from customer to customer. 

BigFix has faster ROI than SCCM. It's more scalable, requires a lot less hardware, has faster reporting, quicker data to get out of it; it's better.

I would rate it a nine out of ten. Not a ten because there's always room for improvement. I've been working with tools like BigFix for quite a while and it's one of the best tools on the market.

I primarily consult with other companies for their software asset management purposes. I use BigFix to help deploy the IBM license metric tool and BigFix inventory.

The older version of the tools that I use also included the connectivity aspect, and the fact that the tool now has it separate from the collection of usage data makes the deployment of these tools much easier.

The fact that it works with endpoints so well is the most valuable feature. A big part of the collection of IBM License Metric Tool data is from the endpoint so it really helps.

Even at a very large number of endpoints, it's very stable.

Their technical support is very good. The PMRs I have had to open with IBM are answered pretty well. I have nothing but praise for these people.

I self-taught for this online, so the initial setup was a little difficult to pick up at first. I had to create a couple of testing environments and destroy them in order to learn how to use it. There was a lot of trial and error, a lot of reading of the manuals. 

I would rate this solution a ten out of ten. I'd give it an eleven but it's off the scale. It does what it says it's supposed to do. Once you get over the learning curve, it is pretty easy to use. Plugging in the endpoints is pretty simple.

I would advise someone considering this solution to hands down use it. 

We use this solution to successfully manage and control approximately thirty-five hundred machines in multiple, complex environments.

1. I can manage all of my assets from one place, no matter where they are in the world.
2. Manage deployments and authorized software assets.
3. Manage IMAGES for the entire organization from one place, and do it fast!
   
4. Patch management is no longer a problem.

The most valuable feature is patch management, a must have, even for Linux and iOS.

We have a strict standard for compliance, and this solution has simplified this. 

I would like to see the Self Service section made more user-friendly.

With respect to OSD, I would like to control the task sequence competently from the BigFix console.

My primary use case of this solution is for information security-related functions, like patching and threat detection.

BigFix has enabled us to have a highly successful endpoint patching program for the past decade. It's been enormously successful there. It's also become a core part of many of our business processes, from compliance monitoring of endpoints, encryption management, key escrow, and local administrator password escrow. It's built into our inventory. It's very much everywhere.

We do use BigFix as a system of investigation in the instance of lost and stolen devices to get an idea of what sort of data was possibly on it. It is an integral part of our compliance management system. Using BigFix to report on our encryption stance has been extraordinarily impactful in terms of avoiding fines for HIPAA violations and in terms of lost and stolen devices. We're definitely talking millions of dollars per year. We've got two hospitals, and probably lose a laptop a day. The scale is such that it's a huge number of machines wandering off. Now that we have good encryption coverage and good reporting on that coverage, in a lot of instances, we can acknowledge and verify that the device was lost but that it was verifiably encrypted, there were no records released, and we can then close an investigation. That's huge.

The custom content flexibility is the most important feature. Its ubiquity is also valuable. We've got very good adoption and it helps that it's one of the few tools that we have everywhere.

Network traffic is one of our current pain points. BigFix's high performance and high availability in our environment easily overwhelms our high-performance firewalls. Every time we push out patches to our entire population, it makes the firewalls very unhappy for about an hour and slows down some of our core enterprise apps. We're working to identify ways to fix that. We think that BigFix provides mechanisms for spreading out that load over time. We're going to be deploying that soon which will hopefully take care of the problem. Bandwidth is never a problem for us, we have enormous bandwidth. The number of sessions gets overwhelming when you have tens of thousands of machines all getting patched simultaneously. We're just going to spread that out over time and BigFix does offer that capability.

Around the scalability concern, I would like to see the ability to run teamed, clustered, or hierarchical root servers in order to provide a more robust, high availability system. The single monolithic root server model does somewhat bother me.

Until our most recent information security system that we stood up, which is unrelated to BigFix, BigFix was our most solid system, in terms of how much engineering effort it requires to keep up and running, relative to the number of servers involved. It's a pretty solid system. We do run into bugs and interesting functional quirks, usually around how the endpoint agent reports into the relays. It mostly just takes care of itself, for the most part. We do have to do a little care and feeding, but it's mostly self-sufficient.

We manage about 75,000 systems, most of them in a single instance and we have not run into serious performance issues at that scale. I have some concerns around the root server and the number of relays checking into it. We may be running into some performance issues there, but they're not impacting the functionality at this time.

Technical support has gone through its ups and downs, especially under IBM. The IBM support mechanism is clunky and somewhat challenging. They have made improvements recently. One thing that I really value about this organization is that we have a dedicated customer advocate, who is on the development team, and who is able to escalate serious issues as necessary, when the standard channels aren't working well. They've maintained that personal touch that has really improved our confidence in the support.

SCCM is not particularly effective as a cross-platform solution, so that alone makes it less of a contender. Also, BigFix is a lot more flexible, in terms of the types of content you can deploy, the types of reporting you can do, and the types of customizations you can do. We used to do a lot with the integration of the data from BigFix into many other systems, and so the customization is critical and SCCM doesn't offer anything like that.

I would rate it a solid eight out of ten. It's definitely not better than that, because it has a lot of Legacy code, a lot of early design decisions that it's still limping along with. On the other hand, I haven't found anything better out there. There are other competing products in this space, but nothing has convinced me that there is any compelling reason to switch. A lot of the value that we've gotten comes from the people that we're involved with, and the relationships that we've built with the community and vendor over time. I haven't found something that has a better security design. I'm a security guy, and a lot of the decisions that were made very early on in the BigFix product translate to enforcing good security practice, which I have not seen in other vendor solutions.

I would advise organizations looking at BigFix to not try to do everything all at once, but to get one process in place really solidly, and then move on to the next, all the while working on increasing coverage, and getting it on all of the systems. Both of those things take a long time. Don't try to build everything all simultaneously, because you will fail and it will probably take several iterations to get it right so make sure to take a very measured approach.

Our primary use case of this solution is for automated server patching. It integrates with our change management tool. It replaced SCCM for Windows. 

Servers are patched more consistently than they have been previously.

Some of the most valuable features are the development of the patches, the fixlets, and not having to bundle things ourselves. 

I would like to see integration of user security between the different products to be improved. There's separate security for compliance, separate security for web reports, and the console, and you have to manage those things separately. 

It's very stable.

It's very scalable. It handles it effortlessly for our needs. 

The first level two support was a little spotty a year ago. It's improved. I get a B, B plus from them. The knowledge of the first line of support seemed to be limited. 

Once you've done the setup once, it's not that complex. Initially, it can be a little bit complex to get your head around, but now that I've done it a couple of times, I don't deem it to be overly complex.

We used IBM Professional Services and it was a good experience. 

I would rate BigFix an eight out of ten. It's powerful, has low administrative overhead, it's reliable, and not too expensive. Not a ten because there's always room for improvement. 

I use BigFix to help collect information on endpoints to assist my team in troubleshooting break/fix tickets. I also use it to proactively create solutions for problems that come up and to help with patching of individual applications as well as for checking for compliance on an operating system level.

Being able to intelligently create reports, gather data, export CSVs and give that to the leadership of some of the client groups that my team supports has been a benefit to my organization. 

There are instances where we have been able to utilize BigFix to reduce help desk calls by automating certain things. Along with the concept of savings calls for the help desk it's saving individual help desk tickets that get navigated to our group by automating things which save us man-hours.

The most valuable feature is the ability to create my own properties and analyses to collect information so that folks who might only have access to web reports, but not the console, can gather information and I can create reports to give to the leadership of my client groups.

The stability is generally pretty good. The one thing that we came across is the battle between load on endpoints and load on our servers and relays versus how quickly, effectively and reliably actions can be taken. I'd like to not have to take an action on a system while I'm working with someone and then have to say whether something will happen between five seconds or thirty minutes from that point. 

I haven't messed with SCCM too much. There's a lot of things that are desirable in SCCM regarding scalability. There are lots of workflows that exist that SCCM is pretty universally used and can make things happen instantly. It can also help with a lot of the zero configuration, zero-touch computerization things but we get to get a little more specific with BigFix. We can employ a lot of things from all kinds of different sources to help tailor our solutions and we have better functionality with Mac and Lenox.

My experience is that you can get really deep and detailed with this solution and the sky is the limit in terms of how complicated you can get if you're willing to dig in and spend the time to learn how BigFix works and invent some of your own processes.

We use BigFix as our primary automation platform. We use it to tie in disparate tasks and services that we need to apply to our servers. We use it for patching, reporting, and compliance.

We are able to use BigFix through API connections to automate and reduce resources and time. The product's been great for us. It's increased the security posture ten-fold and it's increased our visibility across our endpoints enormously.

It has helped us to reduce network traffic when it comes to downloading patches. We don't have a million machines reach out in the middle of the night to get devices. We have BigFix on our cruise lines in which satellite connectivity is limited. We had to pay per byte that goes across the wire. 

We use BigFix to compare our past and present patch cycles. We use it to report on the success of patching and what patches are available. It lets us do postmortems to find out when a patch was first available, first supplied, and if it had any issues.

Using BigFix and the automation we built we've been able to reduce patch time from three hours and 37 minutes on average to less than twenty minutes per server. 

Through using our automation we've seen a reduction in failures, critical patch failures, probably by about three or four percent.

The most valuable feature would be its flexibility. It's one product that works across multiple OSs. We have one agent that will sit on six to seven different OSs in our environment. I can use one console to push a patch to six or seven different OSs in one view. I don't have to jump from screen to screen or remote log-in.

I don't like the peer to peer file transfers feature. Security wise, it's a bad format and it's not useful. 

I would like to see API connectivity, built-in API connectors to the standard toolsets, whether it's for ServiceNow or Qualys. More API connectivity to make it easier to integrate to other tools.

It's very stable. We haven't had any major issues from it. Most times, we have false positives. Our people tell us that BigFix is doing something and we go back and look and it doesn't.

It's been scalable for us. We've taken it from physical to virtual, from virtual to cloud, from on-prem to off-prem seamlessly.

Their technical support is above average. Sometimes, because there are different modules, we'd get bounced to different help desks. It's frustrating that we don't have a one-stop shop. Overall, when we do get the right person, it's quick and easy. 

We rebuilt it three years ago from the ground up and the setup wasn't complex.

We've seen ROI time-wise. We reduced compliance reporting from about 100 hours per server to less than six. We reduced patch time from three hours and a half to less than twenty, and we've reduced the patch man-hours from about five to six people per eight-hour shift. 

We also considered Red Hat and Microsoft. We chose BigFix because we saw more fidelity in reporting, more fidelity in accuracy, and more fidelity in security. 

It's a night and day difference between BigFix and SCCM. Anyone who's used SCCM before knows that BigFix provides a far better product in scalability, reporting, and the accuracy of patching.

I would rate it a ten out of ten. It's worked for what we wanted. It's provided one screen to look across different OSs. It's also provided speed and flexibility. We're able to integrate it to all of our tools, do things to other servers and automate things that aren't done on one platform.

My advice to someone considering this solution would be to find a tool that can span as many OSs as possible. If you're using three different patching tools to approach three different OSs, you're probably lost. 

Our primary use case is for the automation of patch compliance.

BigFix has drastically reduced the maintenance window period to patch and reboot servers.

It has helped to reduce network traffic when it comes to downloading patches. There's a single download to the primary BigFix server which is then replicated and cached on the Relays for all data center connected servers.

Due to the automation, we've been able to prevent a lot of human errors with BigFix so it's reduced our help desk calls by 50%.

Finally, it has helped us to compress patch cycles by around 75%.

The power is in the Platform!

I would like to see a WebUI SDK so we could take what is provided currently and be able to build our own customized web UI for particular customers that want to sell service.

It's extremely stable. 

It's very scalable. 

Their technical support is excellent. 

We've used BigFix in the past with other companies so we knew BigFix was a superior tool. Ten years prior, the current tool we were using had a lot of overhead, was time-consuming, used a lot of resources, and time spent on it. We knew there were better tools out there. 

It's far superior and there's no comparison to SCCM. It is so easy to navigate in the console. Everything's in a single view within a fixlet or a task. You can tell what actions are taking place versus having to go through separate menus in your console to figure it out. Just that alone and knowing instantly what your environment looks like based off of content makes BigFix superior. 

The initial setup was very straightforward. It's simple infrastructure to set up in comparison to other tools, like BladeLogic or SCCM, very simple infrastructure to set up.

We implemented ourselves. 

I would rate it a ten out of ten. It hasn't changed much since it's inception, so it's a superior product and it's just going to get better with the expansion of the API endpoint security and WebUI.

If you're considering BigFix, you should look deeper than just what's on the retail box of patch and compliance and software distribution. Look at the platform, what it can do on the back, and the relevance language, and the reporting capabilities. There's a lot more to this that you can use in your DevOps org to accomplish automation tasks.

Our primary use case of this solution is for endpoint management. 

Prior to BigFix we used Altiris, which was distributed. We had to manage multiple servers, and duplicate the tasks that we did on each server. BigFix tremendously reduced the amount of work that we had to do on each server in a centralized manner. We could minimize the work that we had to do, and we had a lot more control over the tasks and what machines they ran on.

It has helped to reduce help desk calls by 60-70%. Using the self-service portal allows our users a lot of access to fix their own problems as far as errors, as well as policies that auto-resolve issues as they come up without the user even knowing.

Finally, it has helped us to avoid compliance fines in the tens of thousands of dollars, if not more. We've used it for software audits numerous times and saved significant amounts of money with being able to clearly identify what machines have what software, then verify that we're licensed for the software that we have.

Power to query anything on the machine servers and problem resolution is where we find a lot of value in being able to turn around and find a fix, and identify machines that are having an issue, and being able to resolve that.

I believe that the peer to peer file transfers feature will speed up the time to get files to individual machines. I haven't used it myself, but I think that as far as clients go, instead of having to use one server for that, being able to get that data from their clients will be a lot faster and more efficient.

I would like to see for it to be a little easier for new users to be able to learn and create relevant statements. In my opinion, that's the hardest part for bringing on new people that haven't had BigFix experience. Being able to have easier ways to build relevance in ActionScript would be the biggest improvement I'd like to see.

It's very stable. There's minimal maintenance on the server infrastructure itself.

It's very scalable. We've had mergers that have come in and put a relay out there, and immediately get the information back for their clients. It's very scalable, we don't have to worry about putting too much burden on our other servers.

Their technical support is very good. 

We switched to BigFix mainly because of scalability and for centralizing the work that we did, rather than being distributed. From what I know of SCCM, and the little that I've used it, the granularity that relevance an ActionScript allows you over the endpoint, and the information coming back from the endpoint is fairly significant compared to the work that you would have to do to script all that out in SCCM to get that information back.

I would rate it an eight out of ten. Not a ten because of the training aspect of getting new users up and going on the technology. That would be the only downfall because it does take quite a bit of time to train new users. As far as the power, it's by far the best.

If you're considering BigFix look at the power that it allows you to have visibility into your system. If you don't have visibility into your systems, it takes a lot longer to get something resolved. Whereas if you can instantly get that information back from your client that's having a problem, being able to know that that issue needs to get fixed on that client's machine and being able to fix it instantly, could save you hundreds of hours.

Our primary use of this solution is for compliance management, patching, and security configuration management.

It allows us to quickly deploy capabilities that we need, whether it be security or non-security. We use it to keep systems up to date, deploy new drivers, and find the information we need in the case of security incidents. The capability allows us to gather a lot of information very quickly and it also allows us to have a centralized reporting feature and a centralized deployment capability, which is nice.

It has helped to reduce network traffic when it comes to downloading patches with the relay structure. Talking from the corporate server down to the relays and then to the endpoints, it has helped from that perspective. It still causes impacts, not because of the capability itself but because of the content that's being provided by Microsoft and other vendors is just so large that it starts having impacts whether you want it to or not, no matter what kind of infrastructure you put in place.

The flexibility of the capability of being able to use the out-of-the-box content that we get from the vendor as well as develop our own capabilities on top of the core capability is the most valuable feature. 

The scalability of the web UI product doesn't scale to the size that we need for our implementation so it needs to expand. I would also like to see the capability to develop on the back of the web UI capability. There are lots of web features and integrations that we could do with web UI that it would be nice to be able to put on top of what's already there, rather than waiting for IBM to develop what we need.

The core capability is very strong and hasn't changed a lot. Sometimes it is harder than others to get to some of the newer features, mostly just because we have a very large install base, and so having the time to roll out new capabilities is hard. Overall the stability and the upper trend of the capability is very good.

Scalability is good. 

Overall, technical support is very good. Sometimes you have to figure out a different way to get to what you want and you have to escalate through multiple layers to get to the right solution. We've been using the tool for long enough that we don't need the easy help, we need the hard help. Sometimes that's really hard to get to and then the turnaround cycle between when we report an issue and when we hear back and being able to get data to the right people at the right time, we end up having to re-open tickets over and over again because we don't have the data that they need. Sometimes they ask for something and we have to go ask somebody else for it and get it back to them and by then the SLA has run out, so that's not good.

We implemented internally. We've worked with IBM professional services for new capability and assistance with improving our overall capability but we didn't use them directly to implement. We've been using the tool for a really long time.

It's better than SCCM, it's more flexible. 

I would rate it a seven or eight out of ten. The pain points that we have are particular to us just because of the size of our implementation, the number of endpoints, etc. Overall, I think it's a great product and a product that most people would really get a lot of benefit out of. The things that we struggle with are things that are particular to our organization.

If you're considering this solution, get involved with the user community early, make relationships with the development organizations, learn how you can advocate for yourself. User group kind of things are the best way to learn. Learning from other people who have been using the tool for a long time is probably the easiest way to see the most effective implementation and best use of your resources using the tool.

Our primary use of this solution is for endpoint patching and to deply operating system level patches to seventy-five thousand plus Mac and Windows endpoints.

Before we had BigFix, we had problems with some malware. BigFix allows us to immediately patch all instances of endpoints that are vulnerable to antivirus and initiate scans. That's key.

It helps us to compress our patch cycles. With our patches, I can make sure 80% of the community has got their endpoint patching up to current standards, which is a current patch cycle within a week and a half.

Finally, it has helped us to avoid compliance issues, potentially by millions. We use it for device compliance. It's key that endpoints with a certain type of data, if they were to get lost and not encrypted, would need to be reported and those would need to be reported to a federal agency. This can mean associated fines in the hundreds of thousands if not millions. We have lost endpoints with data on there, but because we can confirm with BigFix that they were verifiably encrypted, we are protected and don't have to make those sorts of reports. It has saved us maybe millions in funds.

One of the most valuable features is the ability to be able to check relevance. You can see what's applicable for what patches and deploy only the required patches to those individual endpoints.

The peer to peer file transfers feature is scary to me. I'm a security engineer, so thinking about sending updates or any sort of infrastructure level software communications coming from an endpoint that I didn't build or maybe don't trust is a bit scary.

I want to see a solution for being able to deploy automated software to a Mac running OS X 10.13, something that's going to deal with kernel exceptions and answering prompts for user permissions for data folders and whatnot. They need to really streamline and automate the Mac software deployment.

Stability is totally safe. We've been using it for years and years and it hasn't done us wrong.

Scalability is awesome. We've gone from twenty thousand machines to seventy thousand machines and there's plenty of room for lots more.

Any time I've had to call or take it up with the support at BigFix, I've had nothing but the best support. The engineers get what it is we're trying to do. We've had an outstanding relationship with them, and some of them even know us on a first name basis. Very good support.

The initial setup was pretty straightforward, but that was 2006, 2007. A lot has changed. It would be a little bit more intense right now.

We also looked at Altiris but BigFix came in because of its unique capabilities. It was Mac and PC compliant and worked with our endpoints. At the time, the price was right for us. There was local support and we had a very personal relationship with BigFix.

SCCM will do most of the Mac stuff I want but doesn't give you the highly targeted capabilities I have in deploying anything I want to endpoints in any configuration that I choose.

I would rate BigFix a ten out of ten. It has saved me so much time in patching alone. The capabilities it gives me for very granular targeting of endpoints based on whatever criteria that I can come up with is great. It is very simply a tool that can do just about anything. There is always room for improvement. I want to see better capability in Mac software deployments. Apple changed some of their policies, so I'd like to see BigFix get up to speed with that. 

I would advise someone considering this solution to jump heavily into the community features. The BigFix forums are fantastic, we have an amazing user community that has been so helpful for me and it's a great learning resource for folks who are new to BigFix. It's a great community for people who are more experienced, people share that and help each other out. The community is fantastic.

Our primary use case of this solution is for security patching and application patching.

From a security standpoint, it allows us to make sure that we're not leaving ourselves vulnerable to exploits and things like that. That's the biggest advantage that we see to the product from a security standpoint. 

We use it to compare current and past patch cycles. We usually roll the baselines into every patch cycle. We do some recording on previous patch cycles and stuff like that, and how effective each baseline is.

It has helped to compress our patch cycles from a long time ago. We were patching individually each day, then we were able to compress them all into a month.

I'm not sure by what percentage but it has helped to reduce help desk calls, in terms of security vulnerabilities, but it has reduced the amount of vulnerabilities and the security notifications we get. Also, self-service lets us install notifications, not like sending a front line support personnel.

Some of the most valuable features would be: 

• The custom content 
• Baselines
• Inventory
• Application usage

I would like to see: 

• More custom content
• Better content for Mac 
• Automated patching. They have this but I'm looking for improvements.
• Automated baselines for patching.

Stability is good. It works well. When it works, it works great. It's pretty quick to respond.

Scalability is good. From my other experience using the relays and things like that, it scales pretty widely. We have a pretty good amount of endpoints and it works well for us.

Technical support is good. We have a close relationship with people who work in the company. We are fortunate where we get direct communication with them, so it's good.

We weren't previously using a solution, so we knew we had to invest in one. We brought in a bunch of different solutions and BigFix was the one that won out. 

The initial setup was was complex because it was new. The help that they gave us and the documents that they gave us were really straightforward. The first time I set it up there was a learning curve, but the second time it was real easy.

We also looked at Microsoft SCCM. We chose BigFix because it's more inclusive, it's centered towards Microsoft and Windows. There's a lot more content and things like that so, it's much more in-depth and widespread than SCCM.

I would rate BigFix an eight or nine. We've been using it for a really long time and we're happy customers. 

I would advise someone considering BigFix to split it up and compare it to what you're looking at. You'll see that it can do more than other competitors. 

The primary use case of this solution is for patch management, software distribution, inventory, and power management.

BigFix has helped us to compress our patch cycles. We typically do one release a month. Where we really benefited from this solution is that we now have one to two people whereas previously we would need thirty to forty people taking care of it. That's where we benefited from BigFix the most. We've never had central patching before, so BigFix has improved things quite a bit.

It has helped to reduce software spend. We do have the inventory component, but it's not fully implemented yet. We know that the software does take out certain data and so now we have better data.

We are able to go from patching thousands of machines by twenty to thirty people to one person. 

I would like better support on the backend.

It's stable. We occasionally run into hic-ups here and there. We've been working with BigFix for eight-plus years and occasionally things happen. 

We're in the tens of thousands and we're under twenty thousand endpoints. It's been pretty easy to maintain.

Their technical support can be helpful. We send a PMR and they are pretty helpful. I would give them, on a scale from one to five, with five being the best, around a four.

The initial setup was straightforward on the BigFix side. We had some internal stuff that caused some issues but otherwise it's pretty straightforward. 

We implemented in-house. 

We were looking for something that could run Mac and Windows. At the time SCCM didn't do anything with the backend side. We tried to set SCCM up but it seems to be more complicated than it needs to be. BigFix has one central database and is easier. 

I would rate it an 8.5 out of ten. BigFix has a great community, there's a lot of people that believe in it, it's whatever they advertise, and they listen to customers' feedback. We are heavily on-prem and with BigFix we have that option of staying on-prem. 

Our primary use of this solution is for the server side patching and compliance remediation. We use it for all of Windows server patching, remediation, vulnerability scanning, and inventory management of IBM licensing.

We're able to single console manage all departmental Windows, Linux, AIX servers, and from a single console, we can grant access via role base depending on department status and access. It's just easy to get a big picture on a single screen.

It reduces network traffic when it comes to downloading patches. It's a single patch repository on the root server, all patches start on the root server, and then they are disseminated via relevance as required, up above a chain and a single connection via the relays up until it gets to the bottom of the last relay and then it disburses to the client. Storage and network wise, it makes the smallest download possible down to the last band and then disseminates from there, so you can take your relays as far down as possible to make a small download chain size wise. 

We use it to compare current and past patch cycles. We do monthly compliance verification and we use external vulnerability scanning, and we compare that to the BigFix compliance results and make a mesh of the two for our monthly reports for executives. We do that on a monthly basis.

It has helped us to compress our patch cycles. It's been condensed 100 percent. Our patch cycle is now under 10 days for everything that we patch, and we get no complaints from our compliance people about that. They've given us requests and we recondense it. Depending on how much urgency we put on it we can take it down as much as possible.

Finally, it has helped to reduce help desk calls. We actually know if there's an issue before the help desk finds out. We'll report a server down sometimes before the server owner knows, and we'll let them know that there may be an issue and then we can actually roll back a patch via BigFix before the server owner knows that there's an issue. Altogether, help desk calls have been reduced by around 50%.  

Some of the most valuable features are its: 

• Ease of use
• The fact that it's a single port access across the board. There's only one firewall to be required.
• The user community is great, very helpful. 
• There's not a lot of overhead to the client. There's a bit of set up to do but it's pretty simple once it gets running to maintain it. It basically maintains itself. As such for as big of a system, it only requires a little manpower. There's only a couple of people that have to manage it.

My impressions of peer to peer file transfer in relation to BigFix, is that it's a relay structure that goes up and down the chain, as servers check in they check into their relays, the relays pass up and down the chain. It has tight security. They say it heals itself. It doesn't put a load on the system and doesn't give our guys any headaches or anything. It just seems to work pretty well and it's easy to maintain.

I'd like to see:

• More visibility
• Better reporting
• I'd like for it to be more futuristic, for it to be less plain Windows looking with a little more pizazz. 
• Better integration, with the different applications within BigFix. Instead of sometimes feeling like four or five different applications, they need to be integrated a little better within themselves. 
• Better folder structure internally.

I've been admining the system for two and a half years now and other than server side issues we have never had stability problems. My core system is four servers and they're not maxed out. We've never had any performance issues.

Scalability is amazing. We have over 10,000 systems and could easily add to that without a performance hit. We'd have to increase our relay structure to keep it manageable but I don't think we'd have any problems.

Between the user groups, the community, the AVP support, the direct access via technical route and the PMR support, half the time I don't even need to do a formal PMR because the solutions from the community resolve whatever issues we're having. It's the best community and support based system I've ever used.

We implemented in-house. 

The main reason why we chose BigFix is because at the time we were looking for a single solution for multiple OS, and SCCM at the time couldn't handle a Windows, Linux, and AIX coverage as BigFix does. I haven't directly managed SCCM myself, but I do feel that BigFix is a much simpler set up, simpler configuration. It's better accepted by our marketing solutions, to get into some of the restricted VLANs, we have a much easier time connecting to restricted LANs than they do. BigFix has better reporting, they're just better integration. The one part where I think SCCM is better is in the remote control. The BigFix solution remote control is a little dated. 

I would rate it an eight out of ten. An eight because of the stability and the ease of use. Not a ten because I'm looking for more modernization, but I do have to give the BigFix community credit because they seem to listen to us.

I would advise someone considering this solution to talk to the community. Talk to the BigFix users, ask their honest opinion on what they think is good and bad about it. 

We use BigFix to manage Windows and Mac OS. We also use it for deploying patches and software across the company.

BigFix helped us to identify the compliance of devices and has also improved the way that we manage our software inventory for reporting to vendors.

It has helped to reduce network traffic when it comes to downloading patches. It helps a lot because we have the ability to customize the uses of the bandwidth in our company, and it helps us to reach every region no matter the size of the link that we have in the network. We use patch management for deploying Microsoft patches and compliance to deploy security policy across the environment.

Finally, it has helped to compress the patch cycles. It has helped us to reduce the time that we need to use for patch management by at least 50 percent.

The scalability and the ability to manage different operating systems are the two most valuable features. 

I would like to see improvements in the web UI program and also a BigFix console for Mac OS.

Scalability is really great because we have the ability to scale the solution no matter how many endpoints we have. The last updates came with a lot of improvements regarding the scalability.

Their technical support needs some improvement. We have had some cases where we didn't get enough support from the support team but I think it's improving now.

We switched to BigFix because of the scalability and because it can be used across multiple platforms.

The implementation is really straightforward and it's easy to implement with the environment.

SCCM is a complex solution that needs a lot of licenses which means a lot of money. It only supports Windows and BigFix can be deployed across Linux and Microsoft operating systems.

I would rate BigFix a nine out of ten. Not a ten because there are some improvements that can be done to the product and the support that we get from the vendor needs improvement.
BigFix can do almost anything. You should know how to use it based on your specific requirements, but it can do almost anything.

I'm a long time user for endpoint management and now I do consulting so I design solutions for end customers.

It has improved my organization because we can automate a lot of tasks. We went from manually patching machines or doing our best and having very little visibility into it to us being able to "set it and forget it" and getting really good results on first-pass patching.

In addition, it has also helped us to reduce network traffic when it comes to downloading patches. It's very easy to throttle the network traffic, Instead of us taking down the network, downloading hundreds of patches, we're able to set a throttle, and then also spread it out over a period of time, which helps a lot.

It has helped to compress our patch cycles. In some cases, a hundred percent because in some areas, patching wasn't happening. We went from not patching to just automating it.

Finally, help desk calls have been reduced. We were able to look at help desk calls and find out which ones were most common and start automating that with BigFix. For some various organization, a quarter to half of our help desk calls were knocked out.

It's incredibly powerful and it's very extensible. Meaning, it's very easy for us to customize the platform to solve a number of different tasks for us.
We enjoy using peer-to-peer file transfers as a peering system for files. It provides built-in redundancy and we can control it all from the console, which is nice.

I would eventually like to see a SaaS offering, a cloud-hosted BigFix instance where we only have to put a relay in our environment. 

Stability is incredible. A lot of times people will let it run forever without touching it because it just keeps going. Once you stand up the solution, there's very little that you have to do. Just the occasional update and that's it.

Scalability is awesome. For one, it supports around a quarter of a million endpoints, which is a lot. It's also very easy to stand up relays anywhere in the world. It's incredibly scalable.

Technical support is pretty good. I have never had any issues with support. Primarily, though, I go to the BigFix community which has been super helpful.

We initially switched because we had different solutions for all different platforms. We had one for MAC OS, we had one for Windows, and we weren't really using them that much so we were able to use it to manage all of them with a single tool instead of a bunch of different ones.

The initial setup is very easy. 

BigFix is way better than SCCM. SCCM doesn't do MAC OS or Linux. It takes a lot of time to manage, it's a lot of work, there are all kinds of ports that you need to open, and it's just a pain to manage.

I would rate BigFix a nine out of ten because I really enjoy the tool but there's always room for improvement and there's always something to add. I've been really happy. There's a close-knit community. It's super easy to get help. They're always adding new features. I'm very happy with it.

I would advise someone considering this solution to try it out. Set up a demo, give it a shot, turn on some auto-patching, and then just watch as your organization self-heals.

We help our customers and ourselves do vulnerability and compliance implementations, licensing compliance, and patch management solutions.

I've worked with the product a very long time, almost eight and a half years now, and for my own company, we're able to make sure that our endpoints are secure, regardless of the location on or off network. Also, for a lot of our customers, a big benefit is being able to give with accuracy, the reporting of compliancies based on NIST or STIGs, compliance reporting tools and being able to know that what they're doing.

It has also helped to reduce network traffic when it comes to downloading patches. By only having to download the patch once to the central location and then utilizing the relay structure to then download the patch to a specific site and then everything gathering at local, it greatly reduces the bandwidth of multiple endpoints.

We use it to compare current and old patches. I don't necessarily want to deploy a roll-up patch, but we have to because that's how the vendors are producing them. By being able to evaluate whether the new patching is as successful as the old way, we're able to compare the different content of the patches and not just that the patch has been delivered, but that the vulnerability that the patch is supposed to fix no longer exists.

Before we started using this solution, patching was done per endpoint. What we're able to do now is, we can test the patches, deploy them, with certainty that they're not breaking anything else, and then large scale deploy the amount. I've seen customers reduce their patch cycle times from a 60-day turnaround window to a 15-day turnaround window.

Finally, it has helped reduce software spend. By having to look at the licensed tools and what's being utilized and not utilized, we're able to make informed decisions about software license levels. This product falls a little short as far as the licensing compliance capabilities. I would like to see some development surrounding that so that I could input ELA agreements, regardless of vendor, and be able to pull those compliance-based reports.

The ease of use is the most valuable feature. Underlying that is the truth that the information that's being derived from the endpoints is accurate. There's no gray matter, and we don't have to interpret the results.

I would like to see file consistency and sizing, and I would like to see more robust reporting in the power management features. Energy use and consumption has become a cry within IT development. It's an underserved piece of the product that has implications that could allow security and green IT and sustainability to be married better.

The stability is paramount. It has definitely reduced the need for multiple products down at the endpoint, it's reduced the number of agents needed at the endpoint, and overall because the product was created so many years ago when networks were not nearly as robust as they are now, the improvement of the product over time along with the improvement of the stability of large networks, has coincided. It is as stable today as when you could only transfer 15 bits across the line.

We're a partner, so we deliver technical support to customers. When we need to talk to the product support, traditionally, with the product over the last five years, I would not say support has been supportive. I hope that changes.

Our initial setup was very complex because we not only have it set up for our internal use, but we also have a managed service platform in which we service multiple clients. We have a cloud-based solution with it as well. We're called in for a lot of the crazy deployments that are out there in the customer world where they have massive amounts of endpoints and really complex network systems.

If you utilize the tool to the maximum capacity available to you, your ROI is significantly five to seven-fold over cost.

SCCM was a product that was originally designed to deploy Microsoft Office and to patch some of the underlying structures of the Microsoft operating system. It was never designed to be a large-scale security compliance or endpoint management tool. So when you look at it from those foundations, it doesn't compare. SCCM is a free product that's offered as part of an ELA agreement that can do those functions and features, but it's not designed to do it.

I would rate BigFix a nine out of ten. It is a world leader in the patch management, vulnerability management, and security compliance space. Not a ten because the product still has room for growth and maturity to be a full-scale platform for agnostic management.

I would advise someone considering this solution to start with the simplest thing that you need to be fixed, whether that's patch management or that's software-inventory, and learn how the product works. If you can conceptually understand that it's an agnostic platform, then what I would do for patching is the same thing that I would do for inventory, which is the same thing that I would do for compliance management. Then converting over those features until into a holistic environment is easy. If you're trying to eat the elephant all at once, it gets very overwhelming very quickly.

Our primary use for BigFix is in the industrial environment, we put BigFix into industrial facilities.

It allows for visibility into the OT, the industrial environments, that didn't exist before which is a big piece and has benefited my organization. Second, the speed at which people can patch is night and day versus SCCM or another similar solution.

When it comes to downloading patches it has helped our network tracking. Our networks are very low bandwidth and very sensitive. For instance, we're running a power plant and that power plant has to be up 99.99% of the time. That network that it's running on was built 35 or 40 years ago, without all the modern technologies, so we can't do it without BigFix.

Many of our clients have compliance requirements that they have to patch within a certain window and so we have to be able to give them data of when the cycle happened and if they complete the patches.

It has also helped to compress our client's patch cycles. For our clients, what was normally a full 30 days of work is now down to a couple of days to get the data in and actually get out and patch the thing. We tuned the BigFix console to enable that a little bit easier so it's a 75 to 80% reduction.

The ability for the agent to be customized, to both, run the fix list and the relevant language, but also to be able to be designed so that it only allows for outbound ports rather than inbound is the most valuable feature. We work in a lot of environments where there are segmented networks and we have to have an agent and a communication where we don't have any inbound ports into that environment. Having that agent be really small, and the ability to not have to have any open inbound ports into that environment is wonderful.

I would like to see different types of reporting and the ability to integrate closer with the cloud. 

It's very stable.

Their technical support is very good. The BigFix community is the best part. The support is nice, but the fact that we've got all those other practitioners out there, that's the best part.

Our clients have definitely seen ROI from using BigFix. 

I would rate it a nine out of ten. Not a ten because the reporting side of things could be improved and I'd like to see how they're going to fit it in with the cloud. 

I would advise someone considering BigFix to look at it and try it. It's really easy to say SCCM is free so you'll just use it but you don't know what you're missing until you actually give BigFix a shot and try it. It's dramatically easier. It significantly reduces the time and effort that it takes to do things and it's more certain. You know what you've got rather than getting in there and guessing each time.

Our primary use case of this solution is to develop custom content to deliver to restaurants.

It has improved reliability upon delivery of software and has also helped reduce software expenses. The extensibility of BigFix helps to create custom solutions where we may have considered purchasing something instead. 

We use it for PCI compliance and checking to see if endpoints are in a state where they need to be patched or not up to a certain level so it has helped us avoid compliance fees. 

Being able to report directly on aspects of the system is the most valuable feature for us. Meaning, instead of reporting on just an error code or something, you can inspect actual files, properties, registry keys, etc.

I would like to see much better web reporting because as it is now, it's convoluted, basic, it's not modern, and there are limitations to it.

The stability is excellent. I haven't had issues with BigFix crashing unexpectedly or anything like that.

The scalability seems solid. We're a smaller customer. We have about 16,000 endpoints, whereas other companies have hundreds of thousands.

Technical support is excellent, as far as the forum support. As far as new product needs, it's mixed. Sometimes if you are asked to submit an official request they go into a black hole.

We implemented in-house. 

I would rate it a seven out of ten. You can see all of the code of the custom content that is created for you. That's huge. With a lot of proprietary solutions, it's a black box where you can't see what they're doing and when it messes up you're on your own. With BigFix that was huge because if something goes wrong then you can create your own copy and start troubleshooting it.

I would advise someone considering this solution to have a developer on staff to fully leverage the features of it.

Our primary use of this solution is for patching all of our systems and maintaining their security compliance.

It enables us to patch our systems quickly and within expectations and to increase our volume as needed. It has also helped us compress our patch sites. We used to do it monthly but now we do it weekly.

Compared to SCCM, I always feel like I'm fighting the tool. I do not feel that way with BigFix.

The ability to build custom content and scale to additional endpoints without increasing staff time is the most valuable feature. 

I'd definitely like to see additional feature parody in the web UI versus the console. There are certain things that you can only do in the console and they're very cumbersome to do, like secure parameters, for example. That's definitely something that has a wide degree of utility but it needs to be easier to surface. At this particular juncture between the transition, between the Legacy console and the web UI, it's hard to justify dealing with the cumbersome aspects of the Legacy console when theoretically everything's been through the web UI.

Stability is very good. We have no issues with it.

Technical support has always been useful and they have always ultimately provided a solution.

The initial set up was very simple, single server. We've since grown to a server plus an array of relays and we even use relays to get into some difficult to reach network areas. It's been pretty useful.

We implemented in-house. 

I would rate it an eight out of ten and I'd advise someone considering this solution to start with one relay. Remember that it is a root shell robot. If you can do it on the shell you can do it with BigFix.

We rely on BigFix to provide patch remediations in conjunction with instant response engagements that we have. Once CyFIR finds a problem, we tend to leverage BigFix to automate the solution across the entire environment.

We rely on BigFix as part of our consulting engagements. It's more efficient from a visibility and discovery standpoint on the initial phase, the consulting engagement. It also increases our efficiencies on the remediation phase of our engagements. 

We use it to compare the current state of patch and diff that with where it should be and to also push CVE patches and things out that are specific to a problem we have found. 

The combination of CyFIR and BigFix has allowed one of our major customers, one of the top Fortune 50 financial firms in the world, to reduce their forensic investigator count by about 4 FTE with the combination of CyFIR and BigFix.

Compared to SCCM it's much more robust, much more capable, and you can be much more targeted with SCCM. The challenge with SCCM is it doesn't have much of a discovery module so if we're going in blind to a network, we really want to know what's there, not what they think is there. BigFix provides us that picture.

With BigFix, the ability to do device discovery and the installation of our CyFIR agent across the environment is a very autonomous, automatic-type function that is a very significant feature for us. We combine CyFIR and BigFix to provide a total cybersecurity solution, including computer forensics disk imaging, memory analysis imaging. As part of that, we tend to leverage BigFix from the remediation side and from the installation side. 

The peer to peer file transfers as a solution are fine. 

I'd like to see better API integration with BigFix. We have some tremendous API capability inside of CyFIR and the ability to take textual search results, for example, and bring that back into the BigFix dashboard. This would be of extreme interest to us and our customers. 

It's very stable. 

Scalability is very good. 

Their technical support is very responsive. 

We're always looking for innovation and the most efficient and effective way to serve our client base. BigFix came up on our radar as part of that continual enhancement search.

From our perspective, it's pretty easy engagement. It's not just for our network, we use this for our engagements with our clients so the complexity is typically not introduced by BigFix but by the customer client networks and their specific requirements.

We implemented it ourselves. 

The fewer consulting hours that we spend is ROI for us. BigFix enables us to produce maximum results.

I would rate it a 9.5 out of ten. It's pretty close to being perfect. It's stellar.

We use this solution to import management across all of our stores, desktops and server infrastructures.

Having higher visibility on patching level, on patching successful, and non-successful has been a way that BigFix has improved my organization. Also, the ability to customize the content to do what we need it to do is very powerful and very flexible for us. Finally, in the area of custom interfaces, like REST API, really gives us the ability to provide for our external customers.

It has immensely helped to reduce network traffic when it comes to downloading patches. Downloading once and distributing to all endpoints applicable greatly reduces bandwidth.

The most valuable feature is the ability to make the platform do almost anything you want it to do. Out-of-the-box features are very powerful, but with creativity you can make the platform do almost anything you want it to do.

I would like to see more flexibility on how queries are run through the API. We've got some of our desktop customers that use the API to query a lot, and that actually impacts our server automation plan sometimes. On a day when they might be heavily querying and it hits a web report server, that messes with our server automation plans and the reporting for it. The server automation should be hitting the actual BigFix database versus the web reports.

I would also like to see improvement on configuring where the logs go. It's been annoying for both of our desktop teams. Even on the Linux side, we should be able to set the property to have the logs go to a different location. It's annoying because sometimes if you need to clear out the best data you end up losing all the logs. You can try to save it off but it's an extra step. If you try to move those logs ahead of time with the client property it shouldn't be an issue, install the BigFix agent into a nonstandard location. It's important for some of our UNIX endpoints who don't give enough space. It should be supported from the install, out of the box.

It'll scale almost as big as you need it. You just throw hardware at it.

In regards to technical support, level 2 is very helpful, but when things need to get more visibility you can get their core developers to help which is really helpful.

The initial setup was complex. There are a lot of steps to set it up, at least on the Linux side.

License management isn't quite as easy as it should be to deal with the licensing. You need to take the server down to import the new licenses which I find to be annoying. 

I would rate it a nine out of ten. It's incredibly flexible. I've managed and worked with several endpoint management solutions like ITMS, or ZENworks. I haven't worked with SCCM, but it's like if SCCM was a Ferrari, BixFix is an incredibly tweak-able, tunable, indie car. It can do a lot of cool stuff but you have to tweak it, and you have to know how to use it. 

I would advise someone considering this solution to throw out all of your expectation on how you think things need to work. Throw out how you did things before. Don't try to shoehorn what you did before into a product you might move to because it's probably going to do things better than you did before. 

We use it for patching our AIX servers and we also use it for deploying and up keeping our Tivoli workload scheduler application.

We've been able to fully automate our TWS installs, to the point where a user requests it and we don't do anything. Also, our upgrades are much more refined than the manual processes we did before.

The most valuable feature for us is the ability to manage TWS, the relevance is really what sets it apart. Also, using it as a software deployment tool is the key for us.

I'm looking for them to make big web UI improvements.

Stability is very good. We've had very little downtime.

Scalability is very good. We're a smaller client in the BigFix realm. We're 4,500 clients around just the servers but it's very good for us.

Technical support has been good. When IBM first took over it was kind of rocky but in the last few years, it's definitely improved.

The initial setup was very straight forward and very easy to set up.

I would rate it a ten out of ten. It's very useful, very powerful, and you can do a lot with it. 

I would tell a colleague who's considering this solution to check it out, it's great.

Our primary use case is for content automation and application delivery.

The use of fast query has been extremely valuable providing insight in real time of the endpoints.

Reliability of the agent and the ability to troubleshoot actions after they've been taken are the most valuable features. 

The self-service application seems to need some work to replace the client UI. There are a lot of pop-ups if you use a baseline as the object that you're setting to a workstation. Unless you're using web UI, the message is not customizable in the user notification.

The stability is good overall. 

The scalability seems to be fine. 

I have to contact technical support infrequently, which is good. When I have to use them, I do get responses in a relatively timely manner.

Our previous solution was extremely unstable. We had a lot of downtime and the inability to reach clients. We ended up choosing BigFix because it was already in an aspect of our organization, and so it was easy to adopt for our endpoints.

I would rate it an eight out of ten. The applications are stable, although at times a little dated on how they display information or how they chunk through information. It's stable and it functions.

The best advice I can give is to reach out to the user community when you're running into trouble. You'll find a lot of the answers have already been asked and answered for you on the forums.

Our primary use case is for endpoint configuration management.

Our patch cycles are much faster. They usually all happen within a few days or less.

The most valuable feature is the patching. 

It's much more flexible than SCCM. There are more things we can do and especially the cross-platform support is better. 

It actually increased network traffic. Microsoft and Apple have incredibly large downloads, so when you're downloading to thousands of machines it's huge.

I would like to see more emphasis on using the web console, to have the same power as the full fat client console that they do they now. It's a lighter way to log in and it would be faster for our operators to do their work. The console tends to take a long time for a large number of clients.

It's stable. I've been running it for more than ten years and it's generally pretty good. 

Scalability is very good. It's scaled to our current needs.

Their technical support is decent. 

The initial setup was straightforward. 

We implement in-house. 

I would rate it an eight out of ten. 

I would advise a colleague considering this solution to definitely understand what your needs are and see if the product meets those needs. Don't try to shoehorn your needs into a tool.

Primarily my clients use it for being able to not only patch but also to be able to detect and remediate vulnerabilities in their environment. In addition, to be able to provide an accurate inventory of both the hardware and software of what they currently have deployed.

Some of my clients have gone from it taking months to be able to get through a patch cycle or to discover what's out there, down to days. A lot of it's been over a 90% improvement.

BigFix is incredibly fast and accurate in patching, reporting, and remediation.

• More integration with external data
• Extending the reporting capabilities
• Integration with some of the service ticket providers

The solution is extremely stable and it communicates very well.

Their support is very good. 

We had one of our clients with over 30,000 endpoints, and within two days all of those 30,000 endpoints were installed and reporting back, and they were ready to patch. Installation is fairly simple.

We always were able to get our client the best cost from the vendor, so pricing was not really an issue.

We also evaluated Microsoft. BigFix was more accurate in the reporting, the patching, and overall functionality.

I would rate it ten out of ten for reliability, dependability, and being able to get the job done the first time around. 

Try it in a test run, you'll be really satisfied with the results.

We use this solution for patch management and software distribution.

Initially, for the customers that we consult for,  their IT Security and IT Operations units were working in silos, especially with regards to patch management and vulnerability and compliance reporting. BigFix effectively bridged the gap between both teams while providing a single robust reporting interface for both teams.

Compliance is the most valuable feature. It allows you to build custom policy checklist while leveraging recommended industry security compliance checklists e.g DISA-STIG, CIS, PCI-DSS

Upgrading from an Evaluation license to a production license is not error free. Managed endpoints still gets stuck with the evaluation masthead and as such would not let you execute actions outside the BigFix management client maintenance actions. This needs to be improved

It's very scalable. The highest I did was between 9000 to 11,000 networks and I didn't lose any performance with that.

I initially onboarded with Microsoft SCCM. The user interface leaves a lot to be desired, performance impact as you go above 10,000 endpoints and also maintenance tasks like setting up of distribution points are not available at the click of a button.

The initial setup is straight forward. I deployed it in around three weeks. I started with installing the servers and the primary relay, then I installed 2 relays per subnet,  made the relays deployment points and then installed the BigFix clients locally from the deployment points.

Compliance, and lifestyle are a bit pricey especially to customers that get SCCM included as part of their ELA. It's makes convincing harder.

I would advise someone considering this product to go for it. It's easy to use, cheaper than the value, and there is tons and tons of support from the BigFix community. With almost every challenge we have someone who has encountered it, and we will have a solution right away. 

I would rate it an eight out of ten. To make it a ten they should improve on the issues stated above

I have various use cases for this solution. It has many varieties of infrastructure. For example, if you have a very high bandwidth in your network infrastructure, it will work very well. If it doesn't have an internet connection, it also works very well. If you have a lower bandwidth within your offices, it will also work very well. This is lacking in many other tools. 

My company provides support services to a lot of customers and companies. We have reduced a huge amount of man-effort. Along with the man-effort, we have reduced the timeline to fix the compliance and security gaps. We have an unbroken record. The documentation clearly says that we have done the patching of newly released patches, including Microsoft and third-party patches, in up to 80% of the computers, within 72 hours of the release of the production. That was a very massive benefit that we have seen. When I talk about the 80% endpoints, it is 100 or 200. I am talking about 25,000 endpoints.

There are 250,000 endpoint scans that can be handled by one single server. We can build a robust infrastructure within BigFix, which is a feature that other tools are lacking. Second, you can customize the tool. We can use the tool according to how we need it. By using IBM BigFix, we can get whatever we need done. All tools will have limitations but when compared to other solutions, BigFix has significantly fewer limitation. In terms of scalability, the limitations are in the data transfer from the main server to the regional servers, or regional endpoints, or the end users. It provides various aspects to what is endpoint protection management.

The first and foremost thing that I would like to see improved is the insight into the right-click menu context itself. The second thing is that IBM has sold IBM BigFix to another company. That's negative feedback that we can give them. For the next quarter, BigFix will not be a part of IBM. That's another drawback that we are going to see. 

I would request them to build robots, or an easier way for integration with other tools, like ITSM tools.

When it comes to stability, it is very stable and it has a robust infrastructure.

I have a good grip on this solution so I don't need to contact technical support for anything. 

When considering a solution the criteria we consider are the features, whether the specific tool provided by that vendor will cater to our services or our requirements. Second, we look into the credibility of the OEM. Third, is the cost.

The initial setup depends on the network infrastructure. Sometimes it will be very easy to implement, and sometimes it may become complex. I did the entire solution implementation in four hours but I took almost four months with another implementation because of the complexity. Sometimes it's straightforward, sometimes it's complex.

I would rate it an eight out of 10. It has great scalability and customization. It also has one console that can be used for many endpoint management tasks. I deducted two points because BigFix is not a brand that you can just use. It is not very user-friendly. You need to have some training before you use the tool.

• A central engine for endpoint posture improvements
• Excellent compliance reporting with customizable dashboards
• Scalability and expandability support any heterogeneous environment.

BigFix has helped us in improving the overall endpoint posture and lifecycle management of the workstations as well as applications.

• Compliance reporting is the best.
• Patch management makes it easy for out-of-band and in-band patching.
• Inventory correlation with third-party tools.

• Complex design and administration
• Offline management
• Remote support on unsupported platforms
• A large infrastructure required to implement for a medium-sized organization
• Also, I would like to see if BigFix could be application aware for more in-depth compliance and reporting.

My primary use case for this solution is for department management. It helps us manage about 25,000 individual workers, who are all at work stations.

The product is less costly when compared to other solutions, and this is a good solid solution for what we have paid.

It is very flexible, and very user-friendly.

I would like to see a system to erase a virus and then create an analysis to find a virus. This would be a nice additional feature for the product.

In addition, sometimes there is a lag time for our users.

The technical support was pretty good. The response time was good.

I did not find anything difficult in the implementation process.

When selecting a vendor, I think it is important to consider whether the product is going to be a long-term product. And, we also need to provide the best solution for the department.

It is cheaper than other solutions on the market.

• Patch Management
• Software Distribution
• Security Compliance
• Software Compliance

Patch compliance has improved. Using software distribution, the software distributed in the environment has been standardized. With the same software versions across the environment, compatibility issues have come down with a reduction in helpdesk tickets arising out of different software versions. There is also a check on software assets by means of implementing the software inventory module and a great deal of software compliance has been achieved.

Patch Management for a variety of operating systems makes it valuable as we can rely on a single tool for obtaining patch compliance of the entire compute infrastructure. This also ensures that we do not need to have different skills for different OS patch requirements.

• Relay selection and availability needs improvement as an incorrect relay selected can cause network chokes.
• Client reporting to the console is a minor issue but definitely needs improvement.
• Reporting needs to be enhanced with maybe a simple GUI based report generator with drag and drop features to create a custom report. The current mechanism is a bit clunky by use of filters.  

It is very stable.

No scalability issues. We have customers ranging from 250 endpoints to over 100,000 endpoints.

Customer support is excellent, but involving customer support and crossing the initial hurdles of getting past the first level of support personnel sometimes takes a while. But once it lands with the right support people the support is excellent. Level 1 support from IBM definitely needs improvement. 

No other tools were used.

The setup is pretty straightforward provided you have planned well for the deployment. Know the environment well prior to deployment: The architecture needs to be drawn up prior to deployment. Plan the deployment of main server, database server, BigFix application(s), relays, console, and finally the deployment of clients.

We are a BigFix vendor. We rate ourselves as excellent subject matter experts. Given the exposure and experience of handling fairly large deployments on Bigfix, we have gathered vast knowledge in the Patch, Security & Software compliance space.

ROI is pretty quick if you consider Security & Software Compliance as your primary use cases as Patch Management and Software Inventory Management. It has worked out to be under six months in many of our deployments. You may not be able to directly attach a ROI for security, but given the fact that Bigfix has been able to address many vulnerabilities that arise out of non patching makes Bigfix a compelling investment

Plan well to ensure you have a stable and scaleable deployment. If you have a need for many use cases: Patch Management, Software Distribution, Remote Control, OS Deployment, Software Asset Management, Vulnerability Management, Security Compliance, and Server Automation, make sure you prioritize your requirements before deployment. You should go about meeting the requirements in phases, not try and burn the entire ocean.  

No other products evaluated.

Get started with BigFix.

Server management patch management and software deployment, where we have multiple platforms, such as Windows Servers, Linux, Unix, etc.

• Patch compliance reached 100%.
• Patch management, because it significantly improved the patch compliance.

Patch management, because it very much improved the patch compliance and has the capability to manage Windows and non-Windows clients.

• OSD and other features listed in SCCM, like desired configuration management
• Internet-based client management
• Offline patching of virtual machines
• Network Access Protection (NAP) technologies to prevent computers with vulnerabilities from gaining access to networks.

Vulnerability scanning and patch automation.

Also, software deployment in distributed environments, as it provides control over compliance and saves us a lot of time.

Before an internal IT team performed all these activities manually, which took time and did not guaranteed full control over compliance. These activities required access to a corporate network via LAN, because VPN often generated errors. 

Now, the process is centrally controlled, reported, and has an independently formed location (also over Internet).

There is no support for patch management on SLES on IBM pSeries (only the Intel platform is supported). This should be improved as soon as possible. It is a stopper for us to roll-out BigFix to all datacenter servers (500+).

About three years for PCs and one year for servers.

No issues.

No issues.

There was a technology consultant available in Poland, who was very helpful, but recently he has left and no one has replaced him.

Yes, Itelligence Germany uses HP automation and we had a pilot implementation.

We have complex requirements.

We offer BigFix as a service for our datacenter hosting customers.

Patch is a given and it is the flagship feature since the late 1990s. The architecture for patching and the 100% correct reporting makes BigFix stand apart from other solutions. Software Distribution is another powerful and strong feature that automates deploying software and saves a ton of time. The BigFix framework also gives you the ability to remove software and updates files, like configuration.

Patching is completed usually within a day or two. 98% of the endpoints are patched in the first pass no matter if they are all the corporate or traveling.

The new EDR (Endpoint Detection and Response) feature, Detect, is new and still needs a few updates. This is close to being a great addition to help when an attack has occurred.

Five years.

No stability issues. If relays are not configured correctly, then this can cause a performance issue. An occasional health check is needed to ensure the solution is running at peak performance.

BigFix can scale up to 250,000 endpoints on one server.

The deep technical resources are very good and can isolate an issue very quickly.

We started with SCCM and decided to switch because of inaccurate reporting, limited OS support, and we were unable to patch remote endpoints.

Initial setup is very simple. With the Web User Interface, it makes the learning curve very short.

I would stay with the Managed Virtual Server license model, which is a 1-to-1 license per OS whether it is virtual or physical.

Yes. SCCM, LANDESK, Altiris, and Tanium.

You will not be impressed with the looks of the reports, but they are accurate. The BigFix.me forum is a great place to learn from others.

Ability to run custom reports and custom relevance.

It allowed us to proactively seek out issues as well as quickly react to issues and target only computers which needed fixes. It was very easy to streamline down to what was needed.

We need a much better multi-tenant option. 

We had 60 plus divisions and there was no real way to effectively give those people the help at the division sufficient rights within the console to see just their responsibilities. We wanted Bob at one of our divisions to have console access and only be able to manage his computers. We were not able to find a way to effectively do this. They had a web console that did not really handle our needs. 

My current company is a consulting firm. If they had a better way to have multi-tenant access, this could be a product that could potentially do great good for us. As it was, when I last used it, it would not work for us without setting up a new instance for every customer we manage. Not really effective for our needs.

I have used it for about four years.

Yes, occasionally we did.

Yes, we did find some “quirks” and had to get creative, but we were able to work within the solution to streamline transfer speeds to not saturate networks between sites when synchronizing enormous install packages to our relays scattered around the country. Also, we could not easily scale the management to multiple tenants as we hoped and as we were able to do with other products in the past.

I didn’t have to deal with them much. Others did. We frequently found that we were bringing solutions to them.

I did not do the initial setup.

This was not my responsibility.

I was not the decision-maker here.

It is a great product. Spend some time really learning about the capabilities and how things are organized within the product. Then, spend some time really planning your structure and how the organizational groups should play out. It will make things a lot easier down the road when you need to send something to just one area of your business. Unfortunately, it is usually after a product is implemented that we truly understand how to best implement for our environment.

• Patching support: IBM BigFix supports most of the major OSs with natively packages patches. This includes Windows, MacOSX, Oracle Linux, Solaris, AIX, RedHat, Ubuntu and others.
• Pre-packaged support for many third-party applications such as Adobe, Google, Mozilla, Sun (Java), WinZip, and others.
• Near real-time view of the environment. Most systems will report their current patch state within 15 minutes.
• The IBM BigFix console provides a single pane view into the entire environment. This also provides a common interface for taking actions, such as patching, to any operating system with a similar look and feel.
• Ease of installation, maintenance and troubleshooting. IBM BigFix is one of the easiest tools to install for an Endpoint Management tool, especially compared to IBM’s predecessors and Microsoft’s SCCM. As an example, the first time installing IBM BigFix in my lab with about 10 systems took approximately one hour from start of installation to applying OS patches. IBM BigFix is also very easy to scale by adding new relays. The design is flexible enough to be able to “add as you go” without having to perform a major architectural review.
• For troubleshooting, the log file structure is very simple, as most files are in the same place and have a standard format.
• Adding new components such as IBM BigFix Compliance or IBM BigFix Inventory does not require new agents to be installed. By enabling the content, by clicking on a hyperlink in the License Management Dashboard, and taking action with a couple packages, the infrastructure is ready to start gathering more information.
• Reporting capabilities: With the IBM BigFix console, I am able to quickly provide information to any group. With the use of the IBM BigFix Web Reports, I am able to design reports that I can save and provide to users to execute when they desire. These reports can also be scheduled to run and email the users.

Our primary use for IBM BigFix is around patching and reporting on Microsoft Windows servers. We are also using the reporting capabilities for patching state on AIX, Solaris, and Red Hat Linux. These reports are being presented to the Safeguards groups and are being used to report MSA compliance for our server environment.

IBM BigFix has provided our Windows server team more flexibility for scheduling the deployment of patches in their environment which has caused them a lot of issues in the past. Also with the near realtime reporting, the server teams know the state of their environment right away. We have also been able to see where patches are failing to install on systems that previously were assumed to have been installed. This has identified many systems that were thought to be in compliance, that were not.

Some other useful information that we are able to gather with IBM BigFix:

• Currently logged on user(s)
• Servers in pending restart state
• Hardware and software information
• Symantec Endpoint Protection state (client version, signature version, etc.)
• Installed MSSQL databases

We gather a lot of other information too. Although all of this information is available in other sources, with IBM BigFix, we are able to bring all of this into one console view which can be used for filtering and reporting.

We have also linked IBM BigFix into ServiceNow’s CMDB to “brand” systems with CMDB data. This is also useful for filtering, grouping, and reporting.

We have used IBM BigFix to develop software packages to deploy new versions of Symantec Endpoint Protection, Microsoft SCOM agents, Flexera agents, and others.

The most recent task that came up was the deployment of the MS17-010 patch to address the “WannaCry” malware. With IBM BigFix, we were able to quickly identify out of compliance systems and remediate them and validate the successful completion of the installation.

IBM has been heavily focused on adding and improving features to the tool, especially with new components like IBM BigFix Detect. While all these new features are great and provide useful information, IBM has not focused on the Web Reports capabilities. This is not to say that the Web Reports is bad, but at this time, it is currently the weakest part to me. IBM has also introduced the BigFix Web UI, which is a start to addressing the web based reporting. I believe that this is going to be the direction to modernize the web reporting capabilities along with providing a web based console.

We have used this for seven years.

No. Deployment of the server, relays and endpoints is very simple especially compared to other products that I have worked with.

I have not had any issues that were due to the product itself. I have had issues that are user related, such as admins using incorrect installer in DMZ, and other external issues that impacted IBM BigFix, but not the product itself.

The installer for the BigFix agent is comprised of an MSI and a file called masthead.afxm, which is the file that contains configuration information such as the BigFix Server host name and a key. With only these two files, the agent has to be able to communicate with the BigFix Server on port 52311. If the agent cannot communicate over this port, it will fail to register and will never connect to the BigFix Server. In order to get around this, a file called clientsettings.cfg is included to configure the agent to talk to a different BigFix server called a relay. This relay would have the ports open to allow communication between the agent and the BigFix server. This is a very standard practice for devices in secured networks. So even though I have provided this install method and the users have been provided documentation, it still seems to get missed once in a while. Here is an article on this http://www-01.ibm.com/support/docview.wss?uid=swg21505838

At a site I worked at a while back, the user insisted that every support tech, help desk person and server admin be allowed to have console access to the BigFix infrastructure. This ended up being about 350 users which is way more than they had in other tools and it was strongly recommended that they do not do this and we only give it to people who were trained and would actually use it. This leads to issues with people not using the tool correctly (lack of training) and not understanding the tool. As part of the administrators for the tool, there was no way for us to provide training to the 350 users. This again is not a tool issue, but a process issue.

Couple other external issues we have seen that impacted BigFix

- Proxy issues stopped content from being downloaded to BigFix server

- SAN issues caused performance problems. BigFix can be very I/O intensive, so degradation in I/O can really bottleneck transactions and console performance.

I am sure I could think of a couple more, but usually these are not tool issues, just user/process problems.

There were no issues with scalability. When we added more systems then originally scoped, all that was needed was a new relay. Since our IBM BigFix server is on a VM, we also added two CPUs and more RAM (currently at 16GB).

IBM Support has been pretty good. For the most part, solutions are provided quickly (couple days), but I have had one that required more analysis and it took a couple weeks. I also find that using the user forum (forum.bigfix.com) is also very useful as some of the IBM BigFix support people are there along with very knowledgeable users.

At the current site, they were using WSUS to patch the Windows servers and native tools for the AIX, Red Hat, and Solaris environments. Although these tools were “doing the job”, there was no easy reporting capabilities out of any of them. SCCM was also used in the Windows server environment at one point, but due to a major issue that was caused, it was removed from the servers.

For the extra data that IBM BigFix collects, there are other tools that provide the information, but required logging into the different tool consoles to gather and then manual consolidation.

IBM BigFix is one of the easiest client management tools to install. Once the operating system and database are installed and configured, installing the IBM BigFix server takes about 30 minutes to complete. After that, enabling content (Windows, AIX, etc., patching) takes a couple minutes. Once this is ready, deploying the agents can be done with a client deployment tool provided by IBM. This tool is capable of deploying to Windows and non-Windows systems. To deploy to one system will take about two minutes, but the tool is capable of parallel deployment, so deploying to 20 systems would take about five minutes. We were able to deploy about 400 Windows agents in a morning.

This was implemented in-house.

We estimate the ROI to be about 6 months, possibly less. The reason for this is the standardized reporting for all the platforms that we support. Each OS tool had capabilities to report on the patch compliance, but none were the same and some were very manual. We were also able to produce more timely reports as the process was simpler in BigFix. We used to only provide annual reports which could take a couple weeks to get all the data into a similar format. Once we standardized on the format, we now have reports that can be generated at any time within a few minutes.

Also our patching process is fairly standard across the various OSs. Once setup, the methods to deploy a patch is very similar for each OS.

With our new process, we have also reduced the number of "manually" patched servers as we have more flexibility for scheduling.

IBM BigFix comes with many different packages depending on the functions that are required. IBM BigFix Patch is the most basic package which provides the ability to patch almost any operating system with many third-party applications. It also provides the capability to create custom content such as software packages (called Fixlets), inventory scans (called Analysis) and create custom reports. All of the other IBM BigFix packages also provide patches.

When purchasing, buying with other IBM tools provided us with a very good discount in pricing. Also since we were deploying to a highly virtualized environment, the use of RVU (Resource Value License) was very beneficial for us.

We evaluated SCCM. This was already in-house, but not desirable by the Windows team. It also did not support the non-Windows platform (at least not to the extent that BigFix does).

IBM BigFix is simple to implement and can quickly provide insight into the environment. By looking for “pain points” that the various groups have, IBM BigFix can be used to quickly assist.

As an example, the Windows server team would at times leave themselves logged into a server which would cause account lockouts. They did have PowerShell scripts to detect this, but they took a while to report back and if the system was behind a firewall, they would not see it.

By using IBM BigFix, we were able to collect this information (default data collection) and present it in the console. Another example was identifying systems in a “Pending Restart state”.

I have been using the patch management and server automation feature of this product. In terms of vulnerability management, it gives tough competition by providing a single management console with multiple benefits. Customization as per the requirements is one of of best it offers and almost any form of scripts and any OS can be supported for those customization.

The automation aspect has surely reduced the manual efforts leading to diverting those into other productive areas. Instead of manually bringing down any application prior to maintenance, this tool offers the capability to bundle a script ahead of patching, so maintenance and the corresponding patching is just a click of a button.

The tool should be more friendly in terms of Web UI and should be having better vulnerability scanning mechanisms so a third-party application is not required to fulfill that aspect.

I have been using the product for almost five years and have explored quite a lot with respect to its utilization and benefits.

The tool has been quite stable. It has improvements within each version, which have made it become better and more powerful.

No issues. It can well support clients, even if it is more than 100,000, easily and efficiently.

The support from IBM is good. It sometimes takes them a while to identify and come up with a workaround which can impact the environment.

Not really, I have been using multiple tools like BigFix/SCCM/Tanium for vulnerability remediation/inventory management. I never really switched from any other tool, but used them in parallel for different projects.

The setup is pretty straightforward, if you have a good knowledge about the geographical spread of your clients, so the relays are appropriately mapped.

Understand the requirements and the amount of use before choosing it. If you are just managing Windows machines with the regular MS released updates, than WSUS might be a cheaper and more viable solution. If you are looking forward to a single tool with third-party vulnerability remediation and in-house customization, then this is product is good to go.

SCCM was an option at one point, but we zeroed in on BigFix due to the customization possible.

It is a niche tool with good exposure to required customization and automation, but still requires quite a lot of expertise to handle in comparison to its competitive tools.

Software distribution and patch management are the most valuable. Patch management is the native first usage of this product. Bulletin and Security Update are ready to use. Software deployment is fast and the product can be tuned for poor bandwidth network.

This product has massively reduced the wasted time for a technician to deploy or upgrade a security patch or a software version. With only one technician, you can deploy a large application in less 24 hours (Office, SAP, AutoCAD) in all your computers worldwide. We have used this product to upgrade Office 2000 to 2010 and now Office 365, for 80,000 users.

The console interface is not friendly, and requires training before using it in production. The levels of permissions are too complex to share the product with other teams. The technician must have all permissions to work easily. There is no web interface.

I have been using BigFix for three years.

We had problems with stability from the first use. There was network bandwidth outage when we deployed a huge application or a lot of security patches. This problem was solved by specific client settings and their management, and some changes to the architecture of the product.

Customer service and technical support people have a high level of knowledge. The forum and knowledge database are very interesting and up to date.

I previously used Symantec Altiris v6.5. We stopped using this product because the maintenance cost of the hardware infrastructure was too high. This solution requires high numbers of servers, as opposed to IBM BigFix.

The initial setup was straightforward. Installation was easy and a basic configuration is enough to start to work locally in the same network. But it is more complex when you need to deploy it worldwide.

Our implementation was done through a vendor partner team. My advice: choose a partner with real experience on this product. The settings and design of this product are not complex but require a great deal of experience to adapt it to your IT ecosystem.

I cannot reply about ROI.

I can estimate the reduced cost of servers maintenance to approximatively $500,000.

During deployment and design of this product you must involve the services that will use the product. You have to change the mindset (concept) of your team if you used another product in the past.

• Being able to see inside every asset that we have
• Finding those assets
• Being able to deep dive and pull reports of any kind that we want
• Customizable

If we're looking for some data that is not there natively, we can make it appear in our reports.

We get audited quite a bit because of PCI compliance. There are a lot of requirements that we have to meet on our endpoints to reach that certification for the compliance. BigFix allows us to see the data and remediate those vulnerabilities quickly and easily.

Providing information about areas with room for improvement is tough. I recently attended a roadmap session, and they're pretty much addressing a lot of the stuff we have.

I would like to see more automation, and that's the name of the game. That's our world: automation. I would like to see a way in which we could simplify things even further, so it would be almost like automation on top of automation. It's kind of a funny idea.

But if you have a solution to patch things, then we're going to automate the patching. That makes sense. Then we're going to automate the automation. That's pretty impressive.

When you look at the console of the tool, it is very basic. But basic can be good, too. Too much information is just going to convolute anything. It is just all text-based and it's kind of ugly, but you don't need it to be pretty either.

The stability is great. Any product that can basically run itself, requires minimal intervention, and is self-healing is a great tool.

The scalability is even better because all you have to do is just whip up another server, and boom, you can support another thousand clients. And that takes a whole five minutes.

It's been a few years since we used technical support, but we got direct contact from an engineer right away. He was not just a sales guy, but an actual engineer who came in and worked with us. That was good.

Currently, we have our solution and we put in the BigFix solution. It was all because of the PCI compliance. We got a new security team in and they were completely focused on PCI. The previous solution didn't quite meet the requirements that made it easy. Now with BigFix, it's a lot more straightforward.

The first setup was complex. The second time was much simpler, when we knew what we were doing.

The first setup was kind of wedged in and we had a very small time frame. It was a brand new tool that we didn't know much about. We also didn't know that we had engagement support available to us. That is why the second setup went smoother.

You've got to do a proof of concept and a proof of technology. Get it in there and see what it can do. But more importantly, as you're putting it in, see how quickly you can do it and then see how easy it is to remediate those vulnerabilities. You'll be amazed.

When it comes to selecting a vendor, it's got to be brand. You have the big names: Microsoft, Oracle, IBM, and all that good stuff. But price has to be considered as well. If you can get a great product at a good price, it's very important.

It eases automation. We have been using it to automate Windows. We are currently using it on our AIX boxes to deploy patches; basically, to automate patch installation and OS upgrades.

It saves time and reduces human error. We are still experimenting with more of its features, such as how we can roll back some of the patches that we have already installed and so on. It definitely looks good.

We use it on the AIX. I think it worked fine. I work on the AIX and we are still in the testing period, so it would be interesting to see, if there's an issue with it. But, the team that does most of the automation thinks that it should work fine. Because they didn't see any issues with Linux, they don't see any issues with the AIX either.

Maybe, if they could provide a better GUI, it would be a nice thing to have.

Stability is good.

We're using it on Windows and have used it on Linux. It worked well on Linux and now, we are actively moving to test it on the AIX.

We were using HPE Server Automation, which we were formerly using to automate most of the Linux patching. We were using HPE SA for our automation. It automates but it doesn't have the feature as to where we can back out the patches that were pushed and BigFix offers that to us.

In my opinion, trust and reputation are the most important criteria when selecting a vendor. IBM is known for that.

Definitely, without any hesitation, I would recommend that you should implement and use it. Try it out!

Being able to hit all of our endpoints is the most beneficial feature of this solution. It mainly gives us a lot of consistency. For example, with the previous product that we were using for endpoint management, we were getting like 70-80% completion on most tasks. With BigFix, it has moved past that and we're now achieving 98-99% completion.

It just streamlined the whole process, because it allows us to manage everything from one endpoint solution. It's reliable. So, we never had to spend time with the senior technicians for circling back to remediate all the ones that it missed.

Probably, there is need to just expand the WebUI and make it a full management console and really deprecate the Windows-based command console. They should definitely update the web reports to make it up to the executive level, something I'd actually want to show them, i.e., instead of having to rebuild everything outside in Excel.

In brief, it needs to expand the WebUI, get more granular permissions and then just getting web reports, that are on par with the year we're in.

We just ran into something, during the last update of version 9.5.3. We're still trying to figure out, if it was the update or not. But, we've had a couple of issues recently with some different things and as to how it's running, as far as the permissions go. Other than that, it has been great.

It goes back to reliability. I was in this company before they started using BigFix. We broke it over and over on our old endpoint system and it was just getting to the point where it wasn't even saving us time anymore. That's how we knew we had to invest in a new solution.

For us, initial setup wasn't complex because we are a fully owned subsidiary of a company that already had it all built out. Basically, they just added us in. For us, it was super straightforward, just like a simple click.

We looked really heavily at LANDesk; they offer a similar product. We ultimately ended up going with BigFix, because of its pricing. Being a subsidiary, we were able to jump on our parent company's license and get a volume license for the enterprise, versus having to going out and get our own solution.

There are so many things that I look at before selecting a vendor. The biggest ones are just honesty and a proven concept. We don't like to spend a lot of time sitting around the table, talking about what it can do, rather I want to see it, do it. So, those hands-on demos are a live proof of concept in our environment and that is what we always try to strive for.

Be careful. It's a super powerful tool. It can be unforgiving, i.e., if you do some of the things wrong, it can be a nightmare. There are a couple of things that we've learned in our environment, especially with the APIs and some of those things that can be devastating, if they're done wrong.

I'd probably say it's a great asset for inventory management. You don't know, especially in our environment, where everything is and it just appears. Then you can track down what belongs to whom, for inventory purposes.

There is some complexity, a learning curve, but overall it's a great product. I have and will recommend it to anybody.

The most valuable feature for me is being able to reach all systems at once.

I would probably just say the user interface and the web portal option. They came up with a GUI interface to use on the web, so it's very user-friendly. It's good for your lower level operators. Maybe a little more up-to-date interface would be better. It still has an older interface on the console.

Stability is great.

With regards to scalability, it's come a long way. I've only been working with it for about two years, and in those two years, it's evolved so much.

The technical support is always good.

I wasn't involved in the initial setup for this company.

Price and support were the most important factors we considered. I wasn't actually involved in this setup so I don't know which other professional endpoint security companies were on the shortlist.

It's great if you're looking for an all-in-one inventory management, patch management and security tool. Now they have also added Detect, which is an awesome response tool. It's almost getting to a one-stop shop solution for inventory and patch management and automation.

The most valuable feature of this solution is real-time recording.

We use it for planning a lot of distributions and we get results immediately, so as to see when it's being deployed.

We would like to see enhancement of the web UI.

The stability is great.

It scales well, this is a great product.

We have used technical support, we went through all of that. They're wonderful and have been really helpful. We're good now because of them.

We did a proof of concept, looked at the other competitors and after scaling all of them on a matrix, IBM ended up being the best option for us.

The most important criteria while selecting a vendor are the product's stability, relationship with the support team, salesperson and technicians.

The setup was very complex. It was very bumpy and we had network issues. But, they worked with us and we are happy now.

Talk to us, see what are your challenges and go for it!

Near world PCI compliance and patch. We share the modules that we own for BigFix. So, those are the most important.

Our compliance levels - i.e. our compliance percentage has improved.

Simulators could be introduced.

None that I can think of. It does what we purchased it for. So, there isn't really anything that I can think of to add to it.

It is very stable. Streaming, of course, will do it.

I manage and control the relays and everything, so it's easy to put new relays up and configure them.

The technical support is usually pretty good. However, I had a ticket that stayed open for a couple of weeks which I didn't get a response to. Then when we got the response it wasn't really good. So they could have told me sooner than two weeks.

We did an audit. A PCI audit. We were looking for reliability. Also cost and support were considerations.

I did the initial setup, it's fairly straightforward.

I wasn't part of the evaluation of other products.

Definitely look at BigFix to consider it as a solution.

The most valuable feature for me is patching, because it's helped me to make sure I am always compliant. It's completely transparent. I can take care of what I need to do because BigFix is doing the patching by itself.

It is always taking me to the right level of security compliance.

Maybe they could introduce a preview of what is going to happen next, because generally what the project is doing is just asking you to execute some actions. I'd like to see a pop-up which says you are expected to do this or that and then I can decide if I have to do that today.

I never had problems, so I think it's highly stable.

I don't know about scalability because I'm not using it for a larger scale.

I haven't used the technical support.

I was not involved in the initial setup.

For me, the perception that I can see in the market about stability, quality and all those kinds of things is important when selecting a vendor. Cost is definitely also a criteria.

I would advise them to just do it.

The most valuable feature of this solution is its ease of use.

It improves the productivity of our organization, by helping the technical guys in our team.

We would like to see more of the extended reporting feature. It would help the technical teams, so as to drill down into the reports further.

The stability is good.

Scalability is also good.

This solution is giving us the results that it's meant for.

You should definitely take a look at it.

The most important criteria while selecting a vendor are the reliability, cost and technical support.

The most valuable features are the endpoint management capabilities of what you can actually control on your endpoints, as far as vulnerability assessment, compliance, and making sure that they are up to date on multiple platforms. One single-user-stop-shop is really awesome.

A benefit is being able to do it from a single place; whether it's Windows, Linux or Solaris, the user interaction doesn't change for the operators. We can teach one on Windows and one on Solaris to do the same thing. For them it's very simple, because it all looks the same. That why I dig it.

Scalability is big for us. To be able to scale faster and quicker, with more people coming in. Probably, more of a cloud initiative presence would be good, possibly as a SaaS, that would be amazing. Yeah, I think that's what we are looking for.

Stability is solid. Very, very solid. We rarely have issues and if there are, it was usually due to old architecture issues, but we've taken care of that and since then, we really haven't had any.

Scalability could be better. I know they're improving it. They are talking about it. They preached about it a lot at a recent IBM conference, specifically. We are kind of looking forward to that.

Technical support is getting better. About five years ago, it was horrible. Over the last couple of years, it's gotten better; more engagement and more knowledge transfer, it seems like, to the first-tier level support for IBM.

I came into the company and it was already there. So, I'm not sure about previous solutions.

I was not involved in the initial setup.

It is a highly effective tool if you're cross-platform. It really gets the job done simply.

I really do dig it. I had worked with it previously, got a different job, not using it. After a little bit I came back and just looked for a job that was still using the BigFix tool. I sought out jobs specifically looking for it.

Knowledge of the tool is important when selecting a vendor. Anyone can come and take you out to lunch, or wine and dine you. That's fine, they all do it. But to be able to have someone walk up to you and know how the tool actually functions is most important to me. I don't know which vendors were evaluated.

It's easy to manage. It gives me great power over the devices that I manage with very little effort, compared to other products. With other products, it takes a lot more effort just to do the same kind of work.

It has one central location to manage all the different platforms that we have such as desktop, Windows Servers, Linux Server, Solaris, AIX and zLinux. It's great to be able to manage them all from one central location.

The feature that I would like them to implement is for the command line and I know this is probably against the design. We come from the command line and sometimes, you want to talk to the agent in real time. Seems like now with the new BigFix CLI, it's heading in that direction. It's something that we've been craving for, because sometimes you want to just talk to this agent and not have to wait. You just want to discuss things with them and get the result back. That will be great. Still, you have to dance around and probably do some voodoo in order to get that data back. We come from the old framework, in which you send a command and get your return back. This kind of power is gone in BigFix, but we love all the other stuff.

Usually after upgrades, you have some hiccups but they're manageable. It's kind of common between products, after upgrades; either it is a learning curve or it could be a bug and then it's fixed in subsequent patches. So, nothing out of the ordinary, but it scales well.

This solution scales well.

I use the technical support for stubborn kind of issues, that won't go away. However, not as much as for the other products. They're very knowledgeable and it sounds like a different breed with the IBM support.

Actually, we had all the tools and we pulled them out, after which we went to BigFix. The reason why we chose this solution is because the government paid for it.

The setup is very easy. I usually have to tell them how hard it is, but then I can do it within a day. So, this is also a very big feature.

This product is extremely easy. If you've never implemented this type of three-tier architecture tool, then you don't know it. But, for anybody who has carried out such an implementation before, it is very straightforward.

Support is the most crucial criteria while selecting a vendor, because when things hit the wall and everybody's heated and trying to finger-point, you want someone that have the backbone to say, "We'll take care of it." IBM can do that. They never try to say, "No." They take the heat really well and they control it. Big corporations are looking for that kind of security that the company can provide and they're going to put as much resources as needed, so as to get the problem solved.

For me, BigFix is my virtual operator, and the capabilities BigFix actually brings to our servers to do everything. I don't need a personal operator. I can reach out to our partners for the solution.

BigFix enables us to handle data from many vendors with the scale for our servers, improving our performance.

We are looking for better images for third-party operations like article databases, for example, other article application servers, and the SAP applications. We appreciate that BigFix can produce a better image for everything on a single product.

Also, the web console could be improved as we need to use it more than the desktop console.

I believe the solution is very stable and we have never had an outage of the solution. Communication with our agents is always well-synchronized. Stability is very nice.

It is scalable. We have, for example, 7000 servers communicating with only three or four structured servers on the BigFix environment and it responds very quickly for everything we do.

We usually use the technical support for some troubleshooting when we have a specific problem with agents because in an environment with 7000 servers, we have a certain rate of problems which are specific problems, not general problems. Every time, the support attends to us quickly and the success factor is high.

See if the solution has good capabilities for them and if the solution can communicate well. Integration with many vendors is necessary.

The most valuable feature for me is BigFix's multi platform. It's customizable and we're able to do API integration throughout our entire network.

We're able to to implement automation and reduce touch labor for level one technicalities so we're able to free up more manpower to take on more difficult tasks.

• I would like to see it go to the cloud. I want to see it as a management service.
• For us, we basically generate our own API documentation. So I think more API integration would also help.

We've had no problems, it's a very stable solution. It's very well supported and has a big forum of users. So you always have a resource to reach out to.

We've actually fixed the patching by improving our patch application by almost 60%. We went from applying 6,000 patches manually to 34,000 on average a month.

It's very scalable. Extremely scalable. Customization is always a big issue for us so we're always able to grow with it.

We've used technical support many times. They have great support. We've had international support. We've been on calls with Poland, Ireland, Germany and all our technical experts in the USA.

I wasn't involved in the installation process.

When choosing a vendor we think that knowledge of our market place is key. The Walt Disney Company is unique in the environment so we need someone who understands that we work in different ways than a lot of other companies. This also applies with regard to product scalability. We need growth, I don't need to be working with one product in a silo.

I would really encourage them to look into it and take a look at its abilities and think of it as a platform and not just a patching mechanism. Some people think BigFix is just patching. It's a lot more than that so I would ask them to look at the bigger modules.

The most valuable features for us are scalability and reliability. Hands down.

My organization came from a product that was not nearly as reliable. It was causing failures across our infrastructure and across our enterprise. Switching to BixFix has alleviated that to a great degree.

The other part is it's now allowing our company to think ahead how we can incorporate other pieces of BigFix that other solutions don't have integrated natively. So we can get five or six product sets out of BigFix as opposed to just a single product set on a solution that didn't even work to begin with.

IBM dropped what's called BigFix Detect on us here at Interconnect this year. That blew our socks off because we had just completed signing a contract with a software that does almost the exact same thing called Carbon Black. So we came here and noticed that they're putting a Carbon Black type solution into BigFix. I will be curious about how that particular application develops over time and into the future. I'd like to see them continue to scale that out.

A major feature that I think they need to add to Detect is application whitelisting. That will be incredibly important. If they can get that I might be able to convince my company to start using that.

Stability is excellent. It doesn't crash, it can handle whatever we throw at it. It does a good job with that. Other solutions that we've had haven't panned out that way.

Scalability is excellent. There are people here who are using BigFix in much larger deployments than what we have. We're not small by any means but we're also not the largest out there. We know we can trust with confidence that we'll scale up well over time.

We haven't had to use the technical support at all.

We were using a different solution before this and we outgrew it. My company has gone through a period of hypergrowth and we went from handling just a few years ago 60 stores with maybe 500 endpoints in them, to 1600 stores now with tens of thousands of endpoints. So we knew we needed a new solution because the one we had just kept breaking, over and over.

I was not involved in the initial installation.

For myself as a manager who makes business decisions like selecting a vendor, there needs to be a level of trust and a level of partnership where I can go back to this vendor and actually get support and help if we need it, when we need it. Interconnect has been a great resource for that. So there's got to be that trust level there, absolutely.

I will never push a product I don't believe in. So I have to see that it works. I would argue the same is the case for anyone above me in our business or enterprise. We don't want to work with vendors whose products are half-baked. They have got to work.

So we ended up with IBM because we are partnered with GameStop and they were already using the product and saw that it worked. So we didn't formulate a shortlist off the bat. We said let's try GameStop's product and see how well that works for us, and then if it's not working we will go out and make a shortlist. So we didn't have to do that, fortunately.

The advice I would give is not to be turned off from the learning curve. There is a little bit of a learning curve to it. But that learning curve is there for a reason and the talent that goes into actually using BigFix properly takes a little while to tune, but that is what makes BigFix so powerful. That being said, as a result of that you're going to get reliability and scalability and a much faster response time than probably most products out there.

The most valuable features of the BigFix solution are integration with a single agent and that the customer can deploy the Inventory module, the Lifecycle Management module, or the newly announced BigFix Detect Security module. That's really valuable because it allows for a very thin infrastructure on the end point, that the customer can exploit for multiple purposes.

It represents to a customer a very strong and quick ROI, so the investment and value becomes very positive early on. There is a higher level of security and awareness, along with a very high level of control at the end points.

The one feature that I would have like to see included (I know it is coming in the next release), is the block function of the newly announced BigFix Detect module.

In my opinion, the products are on the right track and we've had great success with them.

Stability has not been an issue at all.

There have been no scalability issues.

The most important factor while choosing a vendor is how much profit we can make after selling the solution. Secondly, how successful could I make the solution in the marketplace. The third factor would be the level of support from the provider.

Just do it!

I believe that the agent on the endpoint is very powerful. It can do a lot. It can patch, it can get information on the asset, and it's just a very powerful tool.

It helps maintain our environment, so all of our systems are patched and up to date. It also helps provide security settings to the endpoints as well. We can also push out applications and different settings.

They're actually adding some of the features that I wanted, such as detecting, which allows us to fix things remotely. If there's a security issue, we could actually stop the security issue in its tracks. I think they need to polish up a little bit, and it seems like IBM is now finally starting to invest money into the solution. I think that's going to help its brand name.

The product is very scalable, but it can also be very complex. If you don't set things up right then you could have problems. You just need to know what you're doing.

Technical support has sometimes been very good, and sometimes it's been not so good. It just depends. I would say that in tier one sometimes they know, sometimes they don't, but then once you go up to tier two or tier three they're definitely experts in their field.

Previously we were using the Microsoft solution, Windows Software Update Services. That's a very all or none solution which is not as granular. Regarding BigFix, I like that I can push out updates to systems within their patch window and make sure that they're complete and done within that patch window.

The setup could be simple or it could be complex. It depends on your environment.

I like the overall usage of it. It's easy to use, gives you great visibility into your envionment, customization of your reports, and the community of users that you can pull experience and knowledge from. So that's one of the main advantages for using BigFix.

It has definitely improved our patch process, being able to create compliance reports and hand those to management, executives and so on, and making the overall procedure of managing assets, managing end points, patching endpoints, etc. It has just made everything pretty easy.

It's not perfect, but it's close. There are some things here or there, for instance if you get down to the small details, such as if you could deploy and action it a different way, or you selected multiple endpoints and then from there, selected a right-click and deployed something from it, instead of the normal way etc.

If you could select one particular endpoint, look in the applicable fixlets, and then deploy an action from there, it would be helpful.

Of course there are many ways to achieve these aims, and you can't satisfy every possible little change here or there for everybody, these are just things that we've talked about or thrown out there in our environment.

I have been using the solution for almost two years already.

We haven't encountered any issues with stability.

We haven't encountered any issues with scalability.

I've used technical support quite often at times, when either having a small issue, or just trying to set something up new and different, and I've always had great experiences with support. They always either call me back, or email me back, or set up a WebEx to work through an issue. So I've had great experiences with support.

I haven't used a previous solution as such. I worked at a previous company, moved to the current company I am employed at now, and saw the process and how different it was.

Coming from a company that utilized BigFix, I knew that there was a better way here, and I pushed hard to get BigFix implemented. They went on my recommendation, spent the money, and we have it in place. It's been in place for almost two years now.

Regarding installation, I needed help from either support or our actual business partner or vendor. As I was just an operator previously, I never had to set it up from scratch. Actually it was pretty easy. Of course I had help, I had support, but it was nothing that was too difficult to do. Everything went seamlessly, went smoothly, and like I say we have been thoroughly enjoying it for the time we've had it.

Just do it.

Patch management: We've gone from hideous to amazing.

The most valuable feature is the extensibility of the tool. We're able to implement solutions through available APIs and custom solutions. We're able to provide services quickly. We're able to provide services completely.

A lot of my suggestions have already been submitted through RFEs; some of them involve inspector enhancements in the end point. We've got enhancement requests on the BigFix Inventory side. I know that it's not quite as mature a product as BigFix is.

I think the current tool is fairly robust. We have ways of breaking it, though.

We're pushing the limits of the tool. We've got over 250,000 devices in our environment; probably one of the larger customers. There are a few that are larger. But we're also doing a lot with the tool that I think other customers aren't. We're doing software distribution as well as patch management. We're also doing inventory and software usage analysis. I don't know of too many other customers that are doing that.

Technical support depends on who you get. I deal with some amazing support folks, and then I've dealt with some less-than-amazing support folks.

Our previous tool was the predecessor to BigFix, Tivoli Configuration Manager. We were entitled to migrate from TCM to BigFix, so it was kind of a no-brainer.

I was involved in the initial setup. It was very straightforward. The implementation was pretty easy.

BigFix was on our short list before they were IBM. We decided against them because they were a small company, even though their solution was better than some of their competitors. Management knew it was too much of a risk to go with BigFix. When they finally became IBM, again, it was a no-brainer because they were on the top of our list of vendors satisfying the feature requirements and now they had the backing of IBM, so it made sense.

We looked at Alteryx. We looked at Microsoft SCCM. SCCM was a big competitor.

I don’t have that many criteria when selecting a vendor.

The advice that I would give depends on the problem that you are trying to solve. I spoke with a number of people at an IBM conference (users looking for a high-end endpoint security software who were potentially going to install BigFix), and they had nothing but good things to say about the tool and the people supporting it.

It's a well-developed tool, supported by people who are passionate about it.

It gives us one tool that allows us to patch our systems, so we don't have multiple tools to patch our systems. We have one tool that allows us to patch multiple platforms, as well as inventory and provide insights on all of those different platforms. Also, we're currently using it for automation, so it's helping us innovate in all of those platforms, for us to look for new things and also address problems in real time. We're using it more as a platform more than we are as a tool.

I think the most valuable feature is its flexibility and the fact that there's one agent that allows you to do a lot of different things. We use it for compliance, primarily patching. Also, it becomes our master source collector for most of our information. We take that information and feed dashboards. It also helps us make decisions, so some of that has to do with compliance, as what our targets are; what we need to address, such as vulnerability leaks and that type of thing.

We also use it for inventory, like our source data. It feeds a lot of our dashboards. We actually take data from all over our company from other source systems and combine that with our BigFix data. It gives us insights on different areas that we need to target and challenges that we have that we wouldn't normally see just with one tool. We basically use it as our master source and then, from that, it helps us provide a source of truth.

I would like to see more multithreading, which I understand comes, clustering and we may end up doing some container-related work with Bluemix and lead some of that effort to allow us to scale on demand. Because there are times when you have a zero day and with our size and scale – we have a very large relay environment – it'd be nice to be able to scale on demand but as an enterprise, see it as one relay instead of several hundred. We'd like to be able to see everything be more integrated in the universe of BigFix with other tools. It seems like that's the direction it's going, in their original vision of having a single-agent type of approach, but we'd also like to remove some of the complexity by having more clustering and DR capabilities built in to the tool.

We have had scalability issues because we bend the laws of the physics for the tool. For some of our reporting needs, we've had to go and take our databases and put it in big data, only because we have so many different environments that we don't have one single pane of glass way of taking all of our environments and comparing it all together. We have to take the data outside and then still leverage the tool inside to give us all of the feeds, so that we can have one enterprise view across all of our different instances. That's just because of the number of machines that we have. It doesn't allow us to just take advantage of one environment.

I have used technical support. In fact, I at one point managed the technical side for the same customer. I was part of the strategic outsourcing, so I was with the customer, then I supported the customer on the IBM side and then I came back to the customer's side to help them innovate using that same tool and the same support team I used to manage. So, it was full circle.

I am happy with the support team. Actually, there are some challenges from time to time, only because our needs are a little bit more complex because of how complex an organization and how large we are. Our needs are a little bit more than the average company. We've been able to work through those challenges and become more on the innovative leader side of the tool, which also helps us to get better support because now we're going from the bleeding edge of trying to get our organization to address problems to leading the industry charge, hopefully. Maybe next year with what we're trying to do with BigFix, we might be able to present some of our findings.

I was not actually involved in the initial setup because we've had it for over ten years, but I've helped transform it from being a tool into a platform. The technical part of that transformation was not very complex. It was more of the internal challenges, getting support, and more the political side was a little more difficult than the technical side.

Understand where your focus is going to be. Then, based on your focus, start moving in that direction and then, don't get so myopic with your focus that you don't see the capabilities it can provide, where it can become a universal tool to help you solve a lot of problems and potential endpoint security risks. You don't want to compete in your organization with other tools that provide the same capabilities. Consolidate your efforts into BigFix and get rid of those competing tools. Put the money into the support, the services and the innovation it provides.

Openness and honesty are the most important criteria I look for in a vendor. What are the shortcomings of the tool? What are some of the challenges that others have had with the tool and how have you been able to overcome those challenges?

For me, Inventory Services is heavily used in our environment. The patch management suite, I would say is the second, and very important for us to ensure that we are maintaining our PCI and SOX compliance for the company I work with. In addition to that, we have server automation that we use, security and compliance module, lifecycle management, and OSD. So all of those things are really important for us.

Clearly, with Inventory Services, the speed is really key. In retail, we need answers very, very quickly. Other competitor products (which we do have in house) just don't compare.

Web reports. The interface for web reports is still pretty basic, and really hasn't changed in the seven years that we've had the product, so that would be one thing that would be really nice.

I really don't know that there's really much more that can be added that's already not currently in the pipeline, or currently exists.

It's been stable. I've used the product for seven years and I haven't had an issue that has brought things down. So it's been very stable.

Scalability is also really great. We have a very small client base in comparison to what we could potentially do, so scalability is wonderful.

In the seven years, I think I've submitted maybe four to five problems. That's it. Response time has always been good.

When we're selecting a solution, we want a vendor that we can trust, that is on top of it, on point, and thorough.

I would say I would give it a nine. Only because as I stated earlier, web reports, if that were to improve, I'd give it a ten. There's always room for improvement.

Really understand what your environment is like. Make sure that your network team is engaged with all of that.

The most valuable feature of BigFix is the ability to manage all the clients that we have in our environment. So, every PC that we have has to come in and BigFix aids in all that so that we can record it, add software to it and also inventory it. So, just having that ability to see everything and inventory everything helps everybody from the technical aspect, to know what's on the PC; especially when it needs to be reimaged.

One of the improvements is the patching process and being able to get security patches out. We have 50,000 PCs in our environment and are able to patch those PCs in a relatively quick timeline.

Dynamic messaging needs improvement because one of the things that we deal with a lot is the messaging when pushing releases out. I know that there is a message we can display, but it's post-installation. On the post-installation, we have to either check on the PC or reboot the PC. We just want to be able to have a static message and to be able to take an action at any time, as well.

Documentation is always key. I like simple documents and also being on a team with a small amount of people. There is a lot that can be done with the product, and it needs good documentation to where you can see how the different pieces of the product interact with each other and what they can and can't do; but on a layman’s level.

It is very stable. We haven't had any issues on any downtime that inhibits our ability to get things out, so it's been pretty stable.

It seems to be very scalable. We went from roughly 24-25,000 assets to 50,000 PCs in five years. So, we're looking to grow and it seems like it's very capable to handle what we have in store.

Support is very awesome. Every time we have needed something from technical support, they have been on top of everything with a very quick turnaround in the issues that we've had with the product.

We were using an old IBM solution framework solution and some custom scripts that we had built around the framework solution to do our software distribution. When BigFix came along, we went right into the BigFix framework.

When choosing a vendor, one thing that is always critical is, how much does it cost? It needs to be cost effective. Support is also one of the things that we look for. We have a small team so when we are looking at vendors, we want to know if they provide any training. Also, can any kind of training dollars be rolled into the product or can experts come on site to train? We also want to hear customer feedback about how the company or the product are doing at another company's site that is similar to ours.

I was not involved in the initial setup. A coworker of mine actually set it up and got it going, and I came in on the back end. Right now, I'm actually going to be taking that over.

The setup was straightforward. I don't think it was too complex. I know that we have some complexities with the way some things are set up in our environment, but the product itself is pretty straightforward.

If they are able to get it into the environment and run some type of proof of concept and be able to kick the tires a little bit, that would be the best way go with any product.