IBM BigFix
IBM BigFix formerly IBM Endpoint Manager, Tivoli Endpoint Manager (TEM) and before that, BigFix, is a systems-management software product developed by IBM for managing large groups of computers running Windows, Mac OS X, VMware ESX, Linux or UNIX, as well as various mobile operating systems such as Windows Phone, Symbian, iOS and Android. [1] IBM Endpoint Manager provides system administrators with remote control, patch management, software distribution, operating system deployment, network access protection and hardware and software inventory functionality. [2]
History
The software is the result of the integration of assets acquired from BigFix into the IBM portfolio, and extends IBM's capabilities to manage the security and compliance of servers, desktops, roaming laptops, and point-of-sale devices, such as ATMs and self-service kiosks. [3] The software combines endpoint and security management into a single solution and enables organizations to see and manage physical and virtual endpoints.[4]
Capabilities
IBM BigFix has the following capabilities:[5]
- Single agent for endpoint self-assessment and policy enforcement
- Utilize a single network port, TCP/UDP port 52311, for all server, relay, and client communication
- Near real-time visibility and control from a single management console
- Manage hundreds of thousands of endpoints regardless of location, connection type or status
- Target specific actions to an exact type of endpoint configuration or user type
- Provide patch management, software distribution, OS deployment
- Support heterogeneous platforms
- Provide Mobile Device Management
- Automatically assess endpoints and remediate vulnerabilities according to National Institute of Standards and Technology (NIST) standards
- Provide real-time protection from malware and other vulnerabilities.
Fixlets
IBM BigFix, Fixlet messages are the method by which software, patches, and configurations are deployed to managed clients. Fixlet messages use an IBM BigFix-specific query language called the Relevance Language to apply only to computers that meet an administrator-defined criterion. If a client is found to meet that criterion then another part of the Fixlet message called the Action Script determines what change is made to the client as a result of its failing to meet applicability criteria.
Relevance Language
The Relevance Language is a query language created by IBM for use by the BigFix platform. The purpose of the relevance language is to provide an interface by which properties of a client (such as cpu, disk space, etc.) could be retrieved. The value of the relevance language is that it, to a certain extent, abstracts away platform-specific query mechanisms like WMI, /Proc, and SIM. This allows an operator to learn one query language that works across all supported platforms.[6]
Action Script
The Action Script language is a scripting language created by IBM for use by the BigFix platform. The purpose of the action script language is to provide an interface by which changes can be made to a client. The value of the action script language is that it, to a certain extent, abstracts away platform-specific scripting differences like directory traversal, script execution and flow control. This allows an operator to learn one scripting language that works across all supported platforms. [7]
Platform components
The core IBM BigFix platform can be extended using additional components delivered by IBM:
IBM BigFix for Lifecycle Management includes Patch Management, Remote Control, Software Distribution, and OS Deployment. Patch Management includes patches for Microsoft, UNIX, Linux, and Macintosh operating systems.[8] Remote Control gives you the ability to monitor and control PCs and servers. Software distribution provides a package library and automation toolkit for endpoint administrators. OS Deployment provides imaging and provisioning of operating systems as well as operating system migration capabilities.[9]
IBM BigFix for Patch Management includes vendor patches for Microsoft, UNIX, Linux, and Macintosh operating systems as well as patches for third-party applications by Adobe, Google, and Microsoft.[10]
IBM BigFix for Core Protection delivers anti-malware functionality via protection methods such as file and web reputation, personal firewall, and behavior monitoring. The Core Protection software helps protect physical and virtual endpoints from damage caused by viruses, Trojan horses, worms, spyware, rootkits, web threats, and their variants.[11]
IBM BigFix for Security and Compliance provides common STIG, CIS, and third-party security baselines, network self quarantine, and removable device control.[12]
IBM BigFix Inventory gathers information about installed software and hardware in a customer's infrastructure. Software Use Analysis tracks application usage on endpoints to determine the number and type of licenses required for licensed software.[13]
IBM BigFix for Server Automation provides hypervisor operations to build and manage virtual machines in a datacenter environment. In addition, the Server Automation component provides the ability to do middleware management tasks to support operating system patching for clustered systems.[14]
Architecture
The IBM BigFix system has the following main components:
IBM BigFix Agents are installed on every computer that is managed using IBM BigFix. The agents access collections of content called, "Fixlets" that allow the agent to automatically detect and correct security exposures, incorrect configurations, and other vulnerabilities. IBM BigFix Agent software can run in Windows, Linux, Solaris, HP-UX, AIX, and Macintosh operating systems.
IBM BigFix Relays acts as a cache between IBM BigFix clients and their server. The relays cache patch content for clients to download and the relays aggregate client reports for the IBM BigFix server. IBM BigFix relays do not need to run on dedicated hardware and can run on any number of client and server operating systems. IBM BigFix relays can connect also to other relays allowing for a hierarchy of relays in the environment.
IBM BigFix Servers provide a collection of interacting services, including application services, a web server, and a database server, forming the core of the IBM BigFix system. The server coordinates the flow of information to and from individual computers and store the results in the IBM BigFix database. The IBM BigFix supports multiple servers in a replication topology allowing for high availability and disaster recovery.
IBM BigFix Web Reports is a web based reporting module that allows authorized users to view all of the information available for managed endpoints including vulnerabilities, actions, and more. A single IBM BigFix Web Reports server can aggregate reporting information from multiple IBM BigFix servers.
IBM BigFix Consoles allow administrators, also called operators, to view and interact with all of the clients and servers in the IBM BigFix environment. The IBM BigFix Console allows an authorized user to quickly and easily distribute software patches and configuration settings. You can run the IBM BigFix console on any modern 64-bit Windows operating system that has network access to the IBM BigFix Server. BigFix also offers a new WebUI for administration via a Web Browser.
External links
- http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=AN&subtype=CA&htmlfid=897/ENUS213-080
- http://www.ibm.com/security/bigfix/endpoint-management/
- https://forum.bigfix.com/
- http://bigfix.me/
- http://auditoriadesoftware.com/gestiona-tiempo-real-los-puntos-mas-debiles-una-empresa-bigfix/
- http://auditoriadesoftware.com/que-es-bigfix/
- http://auditoriadesoftware.com/caracteristicas/
- http://auditoriadesoftware.com/arquitectura-2/
References
- ↑ "IBM Endpoint Manager Platform Support Policy". Retrieved 18 June 2015.
- ↑ University of California IT Services: Tivoli Endpoint Manager (TEM). Accessed 14 June 2013
- ↑ "IBM Closes Acquisition of BigFix". Retrieved 18 June 2015.
- ↑ CIOinsight. "Tivoli Endpoint Management Software Gives IBM New Security Tool". Cioinsight.com. Retrieved 2014-05-20.
- ↑ "IBM BigFix Endpoint Manager". Retrieved 18 June 2015.
- ↑ "Endpoint Manager Relevance Language Guide" (PDF). Retrieved 19 June 2015.
- ↑ "Action Guide" (PDF). Retrieved 19 June 2015.
- ↑ "IBM Endpoint Manager for Patch Management" (PDF). Retrieved 18 June 2015.
- ↑ "IBM Endpoint Manager for Lifecycle Management" (PDF). Retrieved 18 June 2015.
- ↑ "IBM Endpoint Manager for Patch Management" (PDF). Retrieved 18 June 2015.
- ↑ "IBM Endpoint Manager for Core Protection" (PDF). Retrieved 18 June 2015.
- ↑ "IBM Endpoint Manager for Security and Compliance" (PDF). Retrieved 18 June 2015.
- ↑ "IBM Endpoint Manager for Software Use Analysis V9.0" (PDF). Retrieved 18 June 2015.
- ↑ "IBM Endpoint Manager for Server Automation" (PDF). Retrieved 18 June 2015.