1. What Is Bigfix?
BigFix, formerly IBM Tivoli Endpoint Manager is software that runs on your computer and collects information about your computer. BigFix collects hardware and software information to help IT inventory devices that are attached to the network. Knowing what is attached to the UCSF network is critical to identify and remediate security vulnerabilities. At UCSF, registration of desktops and laptops connected to the network is accomplished by installing BigFix.
2. Why do we need BigFix?
Every business enterprise needs protection against security threats. One of the best ways of securing a business enterprise is applying better security to portholes, vulnerabilities points and the endpoints which if left open may create a big network disaster. IBM BigFix is the most effective method for Endpoint security and critical business assets management.
3. Will Bigfix Cause Any Harm To My Computer? Will It Uninstall Any Of My Existing Programs?
The BigFix client will not harm your PC or uninstall your applications. In a very small number of incidents, BigFix may be incompatible with an application and cause some minor issue. We will work with you to resolve these as issues as necessary.
4. Why Is Ucsf Requiring The Installation Of Bigfix On All Desktops And Laptops On The Network?
Having visibility into all devices on the network is critical to protecting UCSF data and computing resources. This will provide UCSF IT with an accurate inventory of what devices are on the network, their patch status, and to whom they belong. Unknown or unidentified devices on the UCSF network are a risk to every other device on the UCSF network and will be subject to removal from the UCSF network.
5. What To Expect After Installing Bigfix?
The BigFix icon will appear on the System Tray (Windows) or Menu Bar (Mac OS X. The BigFix Client will run in the background and report the initial status of your system to the BigFix Server. If the system needs patching, you will be prompted to accept the patching task. You can defer the task, but if the task is deferred for too long, the patching task window will stay in the foreground, and you will not be able to dismiss it. The system will reboot after the patching task has completed. If the system is significantly behind in patching, multiple reboots may be necessary. BigFix will run in the background, consuming minimal CPU resources, periodically checking in with the server to provide ongoing updates of the system status as well as check for new tasks.
6. Who Has Access To The Administrator Controls For Bigfix System?
Designated UCSF IT Staff has access to the administrator controls for BigFix. All access to BigFix, and actions performed within, are logged and regularly audited.
7. What Processes Are In Place To Prevent Unauthorized Use Of The Bigfix System Both From Internal And External Users?
In accordance with the University of California Electronic Communication Policy, administrator rights are limited to professional IT staff that follow industry best practices for system administration, including accessing the minimum amount of data to do their work. The BigFix system is housed in the Data Centre with restricted physical access and continuous monitoring. Regular patches are applied to ensure system integrity. Administrator access logs are reviewed regularly to ensure appropriate access.
8. What Is The Difference Between The Bigfix Client And The Scanner?
The BigFix client is common for all IBM products that are based on the BigFix platform, and it is used to perform multiple tasks on the endpoints. The client provides information about a set of computer properties like the host name or the IP address, and it is a tool that is used to install the scanner on the computers, and manage the scanner through fixlets. The scanner, on the other hand, is an independent component that is used by LMT/BFI. It collects information about the hardware and software that is installed on the computers in your infrastructure. The data that is then sent to the BigFix server can be imported to the LMT/BFI server.
9. What Will It Be Doing With Bigfix on My Server?
BigFix will collect system configuration data such as operating system, CPU, RAM, hard drive space, patch status, and list of local accounts on the server. BigFix will not collect any personal data or information, such as browser history or user data, stored on the server. IT will not install patches, or alter files, without consulting with the system owner. However, IT reserves the right to disconnect servers from the network or install patches if the system owner has not responded in a timely manner.
10. What Impact Does Running Bigfix On My Server Have On System Performance?
The default CPU usage settings are optimized to avoid using too much CPU on your server. You can expect the BigFix client to use at most 2% of the CPU, calculated based on a single processor, so if you have multiple processors, the overall % of agent CPU is reduced significantly.
11. How Compatible Is Bigfix with Other Processes/services That Typically Run On Most Servers?
BigFix is a widely used system management tool with a proven track record to not interfere other server processes. UCSF has experienced running BigFix on tens of thousands of desktops and hundreds of servers over the past few years with minimal issues.
