BigFix Suite Automates IT Patching Process

Enter BigFix Enterprise Suite (BES) 4.0, a comprehensive security and patch management system for enterprise networks. BES automates much of the security and patching process by deploying centrally managed agents to supported devices on the network. Those agents keep track of the status of various devices and apply approved patches to those devices when needed, eliminating much of the manual labor associated with deploying patches.




Technology Editor

CRN Test Center engineers installed BES on a Windows Server 2003-based network. The product uses a client/server approach, which requires a system to be selected to function as the BES console server while agent applets are pushed out to the client systems. The agent approach offered by BES offers several advantages over patch management products that use live network scanning. Agents help to reduce the network traffic generated by a patch management system and allow systems that are only occasionally attached, such as mobile devices and notebooks, to be managed.

Four services are built around the patch management engine: Patch Manager handles security patches, VIR (vulnerability identification and remediation) Manager handles security issues that reach beyond the typical patching process, Configuration Manager can be used to author custom patches, and Client Manager extends patching technology to third-party software.

All of those components are wrapped around an intuitive management console that provides context-sensitive help along with advanced reporting.

Sponsored post

Out of the box, BES supports Windows 95, 98, NT, 2000, ME, XP and Server 2003. Solution providers can also add support for Red Hat Linux, SUSE Linux, Solaris, HP-UX and IBM AIX.

BES uses a technology referred to as fixlets, which are patch elements that store changes that are needed for a system. The product uses a process of comparing assigned fixlets to what an agent reports is on any given system. If that system needs to be patched, the fixlet is automatically pushed down to the client system. Fixlets are maintained by a fixlet server, which controls downloading and updating fixlets from BigFix. Fixlets are created for all of the supported operating systems as new patches become available. Administrators can also design custom fixlets to push other changes, such as policy enhancements.

BES has extended fixlet technology to include non-patch-related updates. For instance, administrators can create fixlets to enforce password rules or to make changes to a client system's network settings. Additional fixlets can be created to make password-protected screensavers mandatory in a corporate environment. What's more, by using agent-based technology, fixlets can be applied to mobile workers only when they are attached to the network, allowing the workers to undo fixlet based changes when not attached. Via the product's client manager module, administrators can create fixlets to patch and update third-party applications, such as antivirus and antispam software and a host of other products.

Reporting is another strong element of BES. The integrated reporting engine allows administrators to quickly create ad hoc reports on a variety of elements, ranging from a system's status to what fixlets are in place. Reports can be created to identify systems that fall out of set parameters to assist in enforcing the patching process. Solution providers will like the ability to design reports that help highlight the product's ROI. A simple report that shows the number of patches applied and the problems solved can be presented to management to illustrate how much time the product has saved by eliminating manual chores.

BES is priced on a per-seat model, with each element priced separately. The agent lists for $13.50 per seat; Patch Manager for $8; VIR for $5; and Client Manager for Antivirus, Client Manager For SMS and the Authoring tool for $2 each. The complete suite, with a minimum of 2,500 agents, comes to $32.50 per node, or $81,250 total. Not all of the elements are required.

BigFix's multitier channel program assigns partners to one of two levels based upon their business model and revenue performance. Margins are based on partner level and revenue potentials. Partners are required to attend technical- and business-oriented Partner Bootcamps, or their equivalent, and are required to maintain two technical staffers specialized in the BES product.

BigFix offers sales and marketing support, road shows, weekly product Webinars and various demand-generation activities. Technical support is available from 7 a.m. to 7 p.m. PST by telephone or e-mail.


Emeryville, Calif.
(510) 652-6700
DISTRIBUTORS: Direct from vendor


Note: Vendors can earn up to five stars for technical merit and five for their channel program. If the average of these two scores is four stars or greater, the product earns CRN Test Center Recommended status.