BigFix 11: More Secure & More Efficient – A Simply Better BigFix!

Authors: Mark Leitch & Valeria Mazza @ HCL Technologies

BigFix is renowned for its economy of scale: with modest server resources and a small team of operators, hundreds of thousands of endpoints may be managed and secured.  This has been achieved through secure design principles and distributed processing models.  However, the BigFix team is committed to constant improvement, and is happy to announce BigFix 11 is more secure and more efficient than any prior BigFix release.  Simply upgrade, and the “magic” happens!  Let us explain how we achieved this.

The figure shows an abstraction for a large BigFix deployment.  Most deployments consist of a hierarchy of relays to manage content and reports.  This hierarchy offers high scale through a tree structure.  Content traverses this tree structure between the root server(s), and the endpoints, through what we will refer to as a “relay chain”.  Essentially, a bi-directional tree traversal path.  All paths may be OpenSSL enabled, permitting an industry standard for secure deployments. 

With BigFix 11, the following improvements have been made.

• OpenSSL has been upgraded to 3.1.1 with TLS 1.3 support.  TLS 1.3 offers a more efficient and more secure handshake negotiation, resulting in more efficient systems under load. 
• This is on top of improvements for relay connection management and the TLS handshake in the BigFix 10.0.5 release.
• SHA384 support has also been added, which is more efficient than SHA256 on 64-bit architectures. 

The net is BigFix 11 is more secure and efficient.  We did not stop there! 

We have added improved threading and diagnostic logging for the BigFix Console.  The console is the cornerstone for BigFix administration.  With the improvements, we have reduced load times. The actual load time improvements are highly dependent on customer content and system resources.  For example, in medium scale deployments we have seen a 20% reduction in console load times with a full cache refresh. Your own experience may differ: some experiences will be better, some potentially not as good.  Either way, the authors would be happy to hear about your BigFix 11 console experience!

If you would like more information on security and capacity management, it is highly recommended to read the BigFix Capacity Planning and BigFix Non-Functional Requirements guides.    

BigFix continues to “find it and fix it… fast!”… with unprecedented security and efficiency! 

Further Reading

In the event further reading is desired, the following technical resources are available.

BigFix Platform Documentation: URL
BigFix Capacity Planning Guide: URL
BigFix Non-Functional Requirements Guide: URL