2018-03-19T12:06:00Z
Nurit Sherman - PeerSpot reviewer
Content Operations Manager at PeerSpot (formerly IT Central Station)
  • 11
  • 889

Is IBM BigFix Better Than SCCM?

One of the most popular comparisons on IT Central Station is IBM BigFix vs SCCM

Which of these two solutions would you recommend and why?

Thanks!

--Rhea

13
PeerSpot user
13 Answers
Onyegbule Uche - PeerSpot reviewer
Technical Consultant at Activedge Technologies
Consultant
2018-03-23T08:04:34Z
Mar 23, 2018

SCCM is good for managing windows endpoints but it uses WMI which is a headache and has slower reporting. it also has limited support(in most cases none) for Unix/Linux based OS, and third-party vendor applications.

if you're a very large environment, SCCM becomes a headache when you try to scale over 10,000 endpoints

The upside is that if you're a heavy windows environment, SCCM can be the ideal way to go, but if you plan on introducing different OS, you should consider BigFix.

SCCM can be free with the enterprise version of windows,

With IBM BigFix, you have support for over 90 different Operating systems, and over 9000 application vendors and over 250,000 third-party applications. and can roll out patches and achieve compliance in minutes and hours.

BigFix uses an intelligent agent(with local inspectors) and a relevance language for making sure that only the correct patches are applied to an endpoint and complete granular visibility into an endpoint (e.g applications installed, processes running, hardware information, etc)

With BigFix setting up distribution points has become much simpler and it can be done simply from the console. no extensive configuration is necessary.

When it comes to scalability, a single BgFix server can manage up to 250,000 endpoints.

The downside to IBM BigFix is the learning curve to it, its a bit high.

Product comparison that may be of interest to you
it_user777042 - PeerSpot reviewer
Sr. Systems Engineer at a consultancy with 51-200 employees
User
2018-03-21T16:39:06Z
Mar 21, 2018

I am going to talk about IBM BigFix and Microsoft SCCM.

SCCM is a Windows dedicated platform for OS Confguration Management. It is powerful for managing Windows environments but very limited for managing UNIX environments (in particular OS provisioning, patch management, audit, compliance, remote control, etc.). It doesn’t integrate well with mixed Windows -Linux/ Unix setups and .

IBM BigFix, formerly Tivoli Endpoint Manager (TEM), is powerful for managing all OS (Windows, UNIX, VMware ESX, Linux, OSX) and for daily tasks and activities (remote control, patch management, software distribution, OS deployment, compliance, audit, reporting, network access and protection)

Both of them have their own inventory database and use Master-slave architecture (agent should be installed for both of SCCM and BigFix managed nodes).

If you are going to manage more Windows than UNIX systems, so it is better to use SCCM. If your main focus is to manage different OS using GUI and command line, I would recommend to use BigFix. It is flexible and offers many features and functionalities that help administrators automate and orchestrate infrastructure with few clicks rather than do it manually and lose more much time fixing and fixing issues.

Talking Licensing model, SCCM is more expensive than BigFix.

For those who are interested, there are also other tools that manage infrastructure and OS (Ansible, Puppet, OO, SA, etc.).

Martin Carnegie - PeerSpot reviewer
Senior Consultant at a tech services company with 501-1,000 employees
Consultant
2018-04-06T12:46:54Z
Apr 6, 2018

As a couple people have mentioned, understanding your requirements would help to point you in the right direction.

One person above made the comment "SCCM isn't just for patching like BigFix". Just to be very clear BigFix does all of the same stuff as SCCM, but the usual entry for BigFix is the Patch Management. BigFix does have inventory, software distribution, OS deployment for Windows and Linux, Compliance (very extensive).

If you were just interested in Windows OS deployment, I might point you to SCCM, but the OS deployment from BigFix has improved quite a bit, so it is a good product also.

For setup, I can 100% tell you that BigFix is way easier. Getting an infrastructure up and running with the BigFix server and say 200 clients is about a 4 hour job. By the end of the 4 hours, BigFix can show you the patch status for any systems checking in and this is not just Windows. With the client deploy tool, I can easily deploy hundreds of clients in a few minutes.

Adding infrastructure for scalability (relays) is also very easy and only takes a few minutes to add. If you want to service Internet connected devices, then you add a relay in the DMZ (and firewall rules) and you are able to connect to a device pretty much like they are on the LAN. This does not require a different infrastructure to make it work.

When I was first introduced to BigFix back when IBM bought them, I downloaded the trial version and attempted an installation without reading documentation. For my home lab, I was able to install the server and 5 clients in about 1 hour. I was also able to see the patch info and deploy patches to these systems. I mainly did this just to see how hard it would be to set up. Once set up, I started to read the documentation.

I know people that use SCCM, BigFix and Dell Kace that they really like the simplicity, scalability and power of BigFix over the others.

My current site that I am at, we have BigFix Patch only as we were mainly interested in the patch status for servers (Windows, AIX, RedHat, Oracle Linux and Solaris) as there was no simple way to get this information and consolidate it in a common view. Even though we only have Patch, we can still create custom content to deploy software like Symantec Endpoint Protection, SCOM agents and others. We can also use it to collect custom data like, currently logged on users, SCOM agent configuration, hardware information and a lot more. Some of this is in-house developed from scratch, others are built using samples from the BigFix community.

Hope that helps a bit.

Michelle McGough - PeerSpot reviewer
BigFix Offering Manager at HCL
Real User
2018-09-13T16:14:42Z
Sep 13, 2018

BigFix is the obvious choice in these scenarios: Scale (e.g. 50K endpoints and well beyond), Heterogenous Endpoint Support via single pane of glass (e.g. *nix distros, Windows, macOS, etc), Requirement for Vulnerability Remediation with High First Pass Success Rate (e.g. you need to patch/remediate and see results quickly), Require to avoid binding to AD/LADP (e.g. no binding or mixed environment with some endpoints bound and some not). If these requirements are not present it would be important to list out the top requirements and evaluate capabilities between the solutions from there.

it_user634815 - PeerSpot reviewer
IT Specialist with 5,001-10,000 employees
MSP
2018-03-25T11:18:18Z
Mar 25, 2018

Concerning in a multi-tenant scenario, multi-OS, complex network environments, BigFix can fully attend all or most of your requirements. For specific situations, you can use SCCM since you do not have complex requirements.

BigFix will attend better on using Security Checklists like CIS, PCI-DSS, DISA; or when you need to reach large network organizations and want to have a centralized management configuring remote “caches”; when you have complex network topology and restricted network security policies and many network segments, you can manage it well using BigFix.

TomWeizeorick - PeerSpot reviewer
Security Brand Channel Account Manager at IBM
Real User
2018-03-23T13:58:22Z
Mar 23, 2018

SCCM will take you much longer. If you have more than 1000 PCs to migrate you should consider BigFix.

There are automation tools along with Big Fix to help cut the cost by 1/4 an SCCM. Also, the time is cut by more than 1/4 the time.

The key problem: the sheer number of apps that you need to find, check and review for Windows 10. For each app, how many versions are being used?

You can deploy Big Fix to all the endpoints in a few days. Once done, you will have complete visibility into all the apps deployed on each PC and what version they are running.
You can then run some test prior to deployment using BigFix.

There are a lot f Desk Top engineers who will use SCCM only because they are unaware of a better way.

Find out what your peers are saying about BigFix vs. Microsoft Endpoint Configuration Manager and other solutions. Updated: November 2022.
653,584 professionals have used our research since 2012.
it_user634815 - PeerSpot reviewer
IT Specialist with 5,001-10,000 employees
MSP
2018-03-22T01:43:03Z
Mar 22, 2018

Concerning in a multi-tenant scenario, multi-OS, complex network environments, BigFix can fully attend all or most of your requirements. For specific situations, you can use SCCM since you do not have complex requirement.
BigFix will attend better on using Security Checklists like CIS, PCI-DSS, DISA; or when you need to reach large network organizations and want to have a centralized management configuring remote “caches”; when you have complex network topology and restricted network security policies and many network segments, you can manage it well using BigFix;

it_user881058 - PeerSpot reviewer
Security Consultant at a tech services company with 1,001-5,000 employees
MSP
2018-05-31T09:17:34Z
May 31, 2018

can anyone share me proper comparison sheet for me(BigFix Vs SCCM)

JE
IT Lead Systems Engineer with 1,001-5,000 employees
User
2018-03-26T17:26:02Z
Mar 26, 2018

I am sorry to not have any concrete information to share on either SCCM or IBM BigFix. My agency attempted a proof of concept with BigFix. Our interest was mostly to have a single tool for updating both Windows and Linux OS environments. However, IBM dropped the ball during the POC period so we never satisfactorily tested what we needed to in order to make a purchasing decision. Needless to say, if the support we had during the POC period is what we could expect had we purchased, we would have been gravely disappointed.

it_user214275 - PeerSpot reviewer
Server Support Analyst at a government with 51-200 employees
Real User
2018-03-25T11:16:54Z
Mar 25, 2018

For myself, I like SCCM which interfaces well with Microsoft products across the board. With DoD standardizing on Windows 10 for computers and mobile devices, SCCM is clearly the path to follow. SCCM and SCOM can provide a multitude of information. This is what the government is using in a big way. With defense spending getting a financial boost, I would clearly go with the product the government is going to be using, SCCM and SCOM.

it_user422691 - PeerSpot reviewer
Sr. Systems Engineer at a financial services firm with 5,001-10,000 employees
Vendor
2018-03-25T11:15:31Z
Mar 25, 2018

I designed, configured and implemented both in the last company but found SCCM with more features and tools with integrations with other apps, like service now, than BigFix. SCCM isn't just for patching like BigFix, application deployment, compliance, patching and license management are a few that supersedes

it_user706596 - PeerSpot reviewer
Marketing Analyst at Zoho Corporation
Vendor
2018-03-21T14:00:36Z
Mar 21, 2018

I would recommend either Patch Manager Plus or Desktop Central.

it_user770193 - PeerSpot reviewer
User at BMC Software, Inc.
Consultant
2018-03-21T13:49:04Z
Mar 21, 2018

I really didn't use these tools. However, I think SCCM has more focus working with all windows systems. IBM has some tools but they are not the core of their business.

Could you share with me your use cases in order to recommend maybe a better tool?

Maybe SCCM is my initial recommendation.

Related Questions
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Dec 1, 2021
Which is better and why?
2 out of 5 answers
Sumit Dubey - PeerSpot reviewer
Technical Lead at HCL Technology
Nov 23, 2021
My recommendation is to use MS Intune as a solution and you can drop both SCCM and ManageEngine Desktop Central.  Intune is the best solution for managing mobile devices and endpoints. You can also manage your servers but there will be some difficulty in managing on-premises servers. 
MW
User at a healthcare company with 501-1,000 employees
Nov 24, 2021
Quest's Unified Endpoint Management - please have a look at this solution: easy to manage, best for mass task deployment, comprehensive and customized reporting.
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Nov 4, 2021
How does Ansible compare to Microsoft Endpoint Configuration Manager (SCCM)? Which is better?
See 1 answer
Dovid Gelber - PeerSpot reviewer
Tech blogger
Nov 4, 2021
Microsoft Endpoint Configuration Manager takes knowledge and research to properly configure. The length of time that the set up will take depends on the kind of technical architecture that your organization is using. The deployment of Microsoft Endpoint Configuration Manager usually takes about 3 months to complete. This relatively long amount of time can make all the difference for companies that take substantial revenue hits when time is wasted implementing solutions. Ansible’s setup is much simpler and less time consuming than Microsoft Endpoint Configuration Manager. Ansible requires the person setting it up to have a very basic knowledge of Linux coding. This person needs to create and run a simple one-line Linux command. That is all that is needed to get the program up and running. In less than an hour your organization can have Ansible supporting your applications. The speed at which Ansible can be configured gives it a clear advantage over Microsoft Endpoint Configuration Manager. There is no set price for Microsoft Endpoint Configuration Manager. The overall price model is constantly being revised and changed. Furthermore, each individual company’s price model can differ based on a number of factors. Therefore, there is no baseline to look at when considering the monetary cost of this product. The same cannot be said about Ansible’s price model. It is open source and absolutely free. The program by itself can be accessed and used by any user free of cost. Organizations that pay close attention to their budget would find Ansible to be a very attractive option. This is something with which Microsoft Endpoint Configuration Manager simply cannot compete. Microsoft Endpoint Configuration Manager is a fairly stable solution. It does not have the tendency to crash or freeze as some other products might. Ansible offers a solution which is also very stable. It does not require people to constantly attend to it in order to function properly. If the correct code is in place, it will run as it is supposed to. Conclusion Microsoft Endpoint Configuration Manager offers a stable and effective product. However, the advantages that Ansible offers seem to make it the more valuable and cost-effective solution.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 3, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Server Monitoring Software Tools t...
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 3, 2022
Top 8 Server Monitoring Software Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our FREE report comparing BigFix and Microsoft Endpoint Configuration Manager based on reviews, features, and more! Updated: November 2022.
DOWNLOAD NOW
653,584 professionals have used our research since 2012.