Contact Us
BigFix

BigFix

HCL BigFix offers robust, scalable endpoint management and security.

Basic Information

  • Model: HCL BigFix Platform
  • Latest Stable Version: BigFix Platform 11.0
  • Release Date (BigFix Platform 11.0): September 13, 2023
  • Minimum Requirements (Server): Quad-core or two dual-core processors (2.40 GHz), 4 GB RAM, 2 GB storage for installation with an average of 2 MB per client in the database.
  • Supported Operating Systems:
    • Servers: Windows Server (2016, 2019, 2022, 2025), Red Hat Enterprise Linux (7.0, 8.0, 9.0, 10), SUSE Linux Enterprise Server (11, 12, 15), AIX (7.1, 7.2, 7.3), Oracle Linux, Amazon Linux, Rocky Linux.
    • Clients/Agents: Windows (10, 11, Server versions), macOS (13.x, 14.x, 15.x, 17.x), Linux distributions (RHEL, CentOS, Ubuntu, Debian, OpenSUSE, Oracle Linux, Amazon Linux, Rocky Linux, AlmaLinux, Raspbian), AIX, Solaris, HP-UX.
    • Console: Windows.
  • End of Support Date:
    • BigFix Platform 9.2: April 30, 2022
    • BigFix Platform 9.5: June 30, 2024
  • End of Life Date: Not explicitly defined as a separate date from End of Support in available information, often coinciding.
  • Auto-update Expiration Date: Not explicitly specified as a distinct feature or date.
  • License Type: Perpetual or Term software licenses, typically including Software Subscription and Support (S&S) for 12 months or the term duration.
  • Deployment Model: Client-server architecture with relays for distributed management. Components include Root Server, Console, WebUI, Client, and Relays. Supports on-premise and cloud-based endpoint security.

Technical Requirements

  • Processor: Minimum 1 GHz for relays. For servers, quad-core or two dual-core processors at 2.40 GHz. BigFix Compliance Analytics recommends 2-3 GHz quad-cores.
  • RAM: Minimum 512 MB for relays. Minimum 4 GB for servers. BigFix Compliance Analytics recommends 8 GB, scaling up to 64 GB+ for large deployments. BigFix IVR Retriever requires an additional 2 GB per 20K endpoints.
  • Storage: Minimum 2 GB for server installation, plus an average of 2 MB per client in the database. BigFix Compliance Analytics requires 3 GB free disk space for the application server and 60 GB for the database server for 30,000 clients, with an additional 1.5 GB per 1,000 clients.
  • Display: Minimum 800x600 pixels for automated server installation.
  • Ports: TCP/IP network card required. Default ports include 52311 (UDP and TCP/IP) for BigFix server, 8083 (TCP/IP) for Web Reports. BigFix IVR Retriever uses 9011 (inbound), 8099 (setup), and internal ports 9012-9015.
  • Operating System: Server components primarily support Windows Server and various Linux distributions (RHEL, SUSE).

Analysis of Technical Requirements

HCL BigFix is designed for scalability, with core server requirements being moderate for initial deployments but scaling significantly with the number of managed endpoints. The architecture leverages relays to distribute load and optimize bandwidth, allowing a single server to manage hundreds of thousands of computers. Specific component requirements, such as those for BigFix Compliance Analytics or IVR Retriever, add to the base platform needs, emphasizing the importance of planning based on deployment size and chosen modules. Database requirements are substantial and grow with the number of clients and data retention policies.

Support & Compatibility

  • Latest Version: BigFix Platform 11.0.
  • OS Support: Extensive support across Windows (client and server), Linux (various distributions including RHEL, SUSE, Ubuntu, CentOS, Oracle Linux, Amazon Linux, Rocky Linux, AlmaLinux), macOS, AIX, Solaris, and HP-UX for agents, relays, and server components.
  • End of Support Date: BigFix Platform 9.2 reached End of Support on April 30, 2022, and 9.5 will reach End of Support on June 30, 2024. HCL encourages upgrades to versions 10.0 or 11.0.
  • Localization: BigFix Platform V10 processes data from clients with different code pages and languages, encoding it into UTF-8 format for the server.
  • Available Drivers: BigFix OS Deployment allows explicit binding of drivers to machine models and checking for missing drivers before image deployment.

Analysis of Overall Support & Compatibility Status

HCL BigFix demonstrates broad compatibility across a diverse range of operating systems and platforms, reflecting its enterprise focus on managing heterogeneous environments. The platform's ability to handle various languages and code pages indicates strong localization support. HCL maintains a clear lifecycle policy with defined end-of-support dates for older versions, prompting users to upgrade to benefit from the latest features and security updates. This structured approach ensures that the platform remains current and secure.

Security Status

  • Security Features: Patch management for OS and third-party applications, vulnerability remediation, continuous compliance enforcement (CIS, DISA STIG, PCI baselines), security configuration management, real-time enforcement of security policies, network self-quarantine, removable device control, Advanced Persistent Threat (APT) CVE Analyzer, CISA Known Exploited Vulnerability Exposure Analyzer, Insights for Vulnerability Remediation, Protection Level Agreements.
  • Known Vulnerabilities: Past vulnerabilities include CVE-2021-41526 (privilege escalation in InstallShield for console, client, and server API installers), CVE-2021-27761 (Web Transport Security TLS), CVE-2024-30126 (missing X-Frame-Options HTTP header), CVE-2024-30125 (server-side error leading to process termination), and CVE-2024-23551 (potential Oracle database credentials exposure). These have been addressed through updates.
  • Blacklist Status: No specific blacklist status is mentioned in the provided information.
  • Certifications: While not explicitly listing certifications, BigFix supports compliance with industry security benchmarks and standards such as CIS, DISA STIG, and PCI.
  • Encryption Support: BigFix Platform 11.0 includes support for OpenSSL3, SHA384, and TLS 1.3. The system authenticates Fixlets and actions using secure public-key infrastructure (PKI) signatures.
  • Authentication Methods: Supports LDAP and Microsoft Entra ID for Remote Control. Smart card authentication is also available for Remote Control.
  • General Recommendations: HCL advises upgrading to the latest BigFix Platform releases (10.0 or 11.0) to benefit from security enhancements. Patching supporting platforms and securing database configurations are also critical.

Analysis on the Overall Security Rating

HCL BigFix offers a robust security posture, providing comprehensive tools for endpoint management, vulnerability remediation, and continuous compliance across diverse IT environments. Its features, such as real-time policy enforcement, advanced analytics for threat prioritization, and support for industry security benchmarks, contribute to a strong defense against cyber threats. The platform's commitment to addressing identified vulnerabilities, as evidenced by patches for past CVEs and the adoption of modern encryption standards like TLS 1.3 in newer versions, indicates an active and responsive security development lifecycle.

Performance & Benchmarks

  • Benchmark Scores: Specific benchmark scores are not provided in the available information.
  • Real-world Performance Metrics:
    • Scales to manage hundreds of thousands of endpoints.
    • A single management server can support up to 300,000 endpoints.
    • Relays can typically handle over 1,000 BigFix Clients, with a recommendation of one relay per 1,000 clients for optimal responsiveness.
    • Shortens patch times with no loss of endpoint functionality, even over low bandwidth or globally distributed networks.
    • Remediates configuration drifts in minutes.
    • Efficiently uses minimal server, network, and client resources.
    • Automated audit cycles, which previously took days or weeks, can now be completed in minutes.
  • Power Consumption: Not explicitly detailed in the provided information.
  • Carbon Footprint: Not explicitly detailed in the provided information.
  • Comparison with Similar Assets: Users note BigFix offers "extra possibilities like run scripts on the servers, schedule patchings and the most important feature its auto applying something when an item is relevant" compared to other tools. It is praised for its scalability, real-time visibility, reporting, analytics, and comprehensive endpoint management and security.

Analysis of the Overall Performance Status

HCL BigFix is engineered for high performance and scalability, particularly in large and geographically dispersed enterprise environments. Its distributed architecture, utilizing relays, effectively minimizes network bandwidth usage and enhances responsiveness for endpoint management tasks. The platform excels in rapid remediation of vulnerabilities and configuration drifts, significantly reducing the time required for critical IT operations from days or weeks to minutes. While specific benchmark scores are not available, real-world metrics and user feedback consistently highlight its efficiency and ability to manage a vast number of endpoints with minimal resource impact.

User Reviews & Feedback

User reviews for HCL BigFix highlight several strengths and weaknesses, along with recommended use cases.

Strengths

  • Scalability and Real-time Visibility: Users frequently praise BigFix for its ability to manage a large number of endpoints and provide real-time visibility into the IT infrastructure.
  • Comprehensive Endpoint Management and Security: The platform offers extensive features for endpoint management, security, and compliance, including easy application of hardening and security patches.
  • Reporting and Analytics: Strong reporting and analytics capabilities help identify and troubleshoot problems efficiently.
  • Flexibility and Automation: BigFix provides flexibility for developing and deploying custom jobs, running scripts, scheduling patching, and automating tasks based on relevance.
  • Proactive Issue Identification: The problem management module helps proactively identify issues, improving SLA management and end-user experience.
  • Cost-Effectiveness: Some users note cost-effectiveness in improving end-user satisfaction and optimizing IT operations.

Weaknesses

  • Integration Challenges: Integrating with other third-party systems can be challenging.
  • Cost: Licensing and implementation costs can be high, making it less accessible for smaller organizations.
  • Learning Curve: The platform has a steeper learning curve, particularly for its powerful "Relevance" scripting language, requiring more time for new administrators to become proficient.
  • User Interface and Customer Support: Some feedback suggests the user interface and customer support could be improved. The thick client can be slow, and the web-based console may lack full features.
  • MDM Functionality: The Mobile Device Management (MDM) functionality is noted as still improving and lacking some critical features.

Recommended Use Cases

  • Asset Management
  • Patch Management for operating systems and third-party applications
  • Vulnerability Remediation and continuous compliance
  • Security Configuration Management
  • Software Distribution and OS Deployment
  • Managing kiosks, IoT devices, and multicloud environments
  • Optimizing IT Operations and enhancing digital employee experience.

Summary

HCL BigFix stands as a comprehensive enterprise asset management platform, excelling in endpoint management, security, and compliance across diverse and large-scale IT environments. Its core strength lies in its highly scalable client-server architecture, which, supported by relays, efficiently manages hundreds of thousands of endpoints with minimal network impact. The platform offers robust features for real-time visibility, automated patch management, rapid vulnerability remediation, and continuous enforcement of security configurations against industry benchmarks.

Key strengths include its extensive compatibility with a wide array of operating systems, strong localization support, and a commitment to addressing security vulnerabilities through regular updates, including the adoption of modern encryption standards like TLS 1.3 in its latest versions. Users consistently praise its ability to automate tasks, provide detailed reporting, and proactively identify and resolve issues, leading to improved operational efficiency and end-user satisfaction.

However, BigFix presents some challenges. Its high licensing and implementation costs can be a barrier for smaller organizations, and the platform's powerful but complex "Relevance" scripting language contributes to a steep learning curve for new administrators. Users also note occasional difficulties with third-party integrations and suggest improvements to the user interface and mobile device management functionalities.

Overall, HCL BigFix is a powerful solution for enterprises requiring robust, scalable, and automated endpoint management and security. Its continuous development, evidenced by new platform releases and security enhancements, ensures its relevance in a dynamic threat landscape. Organizations with complex, distributed IT infrastructures that can invest in the initial setup and training will find BigFix an invaluable tool for maintaining security, compliance, and operational efficiency.

Note: The information provided is based on publicly available data and may vary depending on specific device configurations. For up-to-date information, please consult official manufacturer resources.

Simplify your IT ecosystem with InvGate Asset Management

30-day free trial - No credit card needed

Get started

Clear pricing

No surprises, no hidden fees — just clear, upfront pricing that fits your needs.

View Pricing

Easy migration

Our team ensures your transition to InvGate is fast, smooth, and hassle-free.

View Customer Experience