bigfix enterprise suite (bessupport.bigfix.com/product/documents/besevalguide-5.1.pdf · 2005. 5....

B IIG F X

TM

®B IG F IX ®TM

BigFix® Enterprise Suite (BES™)

Evaluation Guide

BigFix, Inc.

Emeryville, CA

Last Modified: 5/10/2005 Version 5.1

BES Evaluation Guide Page ii

© 1998–2005 BigFix, Inc. All rights reserved. BigFix®, Fixlet® and "Fix it before it fails"® are registered trademarks of BigFix, Inc. i-prevention, Powered by BigFix, Relevance Engine, and related BigFix logos are trademarks of BigFix, Inc. All other product names, trade names, trademarks, and logos used in this documentation are the property of their respective owners. BigFix’s use of any other company’s trademarks, trade names, product names and logos or images of the same does not necessarily constitute: (1) an endorsement by such company of BigFix and its products, and (2) an endorsement of the company or its products by BigFix. No part of this documentation may be reproduced, transmitted, or otherwise distributed in any form or by any means (electronic or otherwise) without the prior written consent of BigFix, Inc. You may not use this documentation for any purpose except in connection with your use or evaluation of BigFix software and any other use, including for reverse engineering such software or creating compatible software, is prohibited. If the license to the software which this documentation accompanies is terminated, you must immediately return this documentation to BigFix, Inc. and destroy all copies you may have. All inquiries regarding the foregoing should be addressed to:

BigFix, Inc. 5915 Hollis Street

Emeryville, CA 94608-2017

© 2005 by BigFix, Inc.

BES Evaluation Guide Page iii

Contents PREFACE 1

AUDIENCE .................................................................................................................... 1 ORGANIZATION OF THIS GUIDE ...................................................................................... 1 VERSIONS .................................................................................................................... 1

INTRODUCTION 2 THIS GUIDE .................................................................................................................. 2 BES FEATURES............................................................................................................ 2 HOW BES WORKS ........................................................................................................ 5 BES COMPUTER REQUIREMENTS .................................................................................. 7

BES INSTALLATION INSTRUCTIONS 8 INSTALLING THE EVALUATION VERSION .......................................................................... 9 INSTALLING THE BES CLIENT MANUALLY ..................................................................... 10 INSTALLING THE BES CLIENT USING THE BES CLIENT DEPLOY TOOL ........................... 11 TROUBLESHOOTING .................................................................................................... 11

USING THE BES CONSOLE 12 STARTING THE BES CONSOLE..................................................................................... 12 INTRODUCING THE BES CONSOLE ............................................................................... 13 FIXLET SITE SUBSCRIPTIONS....................................................................................... 15 FIXLET MESSAGES TAB ............................................................................................... 16 DEPLOYING ACTIONS .................................................................................................. 17 TASKS TAB ................................................................................................................. 19 COMPUTERS TAB........................................................................................................ 21 ACTIONS TAB.............................................................................................................. 23 ANALYSES TAB ........................................................................................................... 24 VISUALIZATION TOOL................................................................................................... 26 WEB REPORTS ........................................................................................................... 28 CUSTOM FIXLET MESSAGES, TASKS, AND ANALYSES.................................................... 29 USING HELP ............................................................................................................... 31

INDEX 32


BES Evaluation Guide PREFACE

Page 1

Preface

Audience This document describes the installation and operation of the evaluation version of the Bigfix Enterprise Suite. It includes a summary of how to use the BES Console to identify and remediate vulnerabilities in your test suite of networked BES Clients using a few simple keystrokes. In less than an hour, you can set up a working version of BES.

Organization of this Guide This guide is composed of three major sections:

• Introduction. This section provides an overview of the BigFix Enterprise Suite and describes its features, operation, and system requirements.

• Installation. This section provides step-by-step instructions for installing the components of the evaluation version of BES.

• Using BES. This section introduces the BES Console and shows you the most important features of BES, enabling you to monitor and remediate computers running the BES Client.

Versions T

he document describes the functionality in BES, Version 5.1 and later.


BES Evaluation Guide INTRODUCTION

Page 2

Introduction

This Guide

This Guide takes you through the installation of the Evaluation Version of the BigFix Enterprise Suite (BES). The Guide then quickly summarizes how to use the BES Console to manage computers throughout your enterprise. In less than an hour, you should be able to monitor and fix problems on your test suite of networked BES Clients – using just a few simple keystrokes. You’ll quickly learn how to use BES to perform real-time inventory, software deployment, usage and license tracking, patch management, asset discovery, and a wealth of security configuration management functions across your entire organization.

Once you’ve installed the Evaluation Version of BES, you’ll be able to preview other BigFix solutions, including Patch Management, Vulnerability Management, Endpoint Security and more. Evaluation versions of these and other BigFix add-on solutions are available at:

http://software.bigfix.com/bes/install/beseval.html.

You may also wish to evaluate BES Clients for supported UNIX, AIX, Solaris, Linux and Macintosh OS X platforms. BES Clients for these non-Windows platforms are available at:

http://software.bigfix.com/bes/install/besclients-nonwindows.html.

BES Features

BES solves the increasingly complex problem of keeping your critical systems updated, properly configured, and free of security vulnerabilities. BigFix’s patented Relevence Engine® and Fixlet® message technology enable you to discover configuration issues and vulnerabilities on computers on your network in real-time, and give you the ability to remediate problems across the entire network with a few simple mouse-clicks.

The BES platform is a highly scalable security configuration management solution designed to detect and correct problems on your network in real-time (seconds and minutes vs. days and weeks). BES add-on solutions such as Patch Management, Vulnerability Management and Endpoint Security provide pre-packaged and pre-tested detection and remediation for common enterprise security configuration management issues. The BES platform also provides authoring wizards and other tools to enable administrators to easily create or customize configuration management and security solutions to address issues specific to your own network.

BES platform extensions such Client Compliance and the BES Asset Connector provide integration with network enforcement and quarantine technologies and with enterprise asset management, reporting, and other tools to enable BES to cooperate and interoperate with existing enterprise network compliance and management infrastructure.


http://software.bigfix.com/bes/install/beseval.htmlhttp://software.bigfix.com/bes/install/besclients-nonwindows.html


Page 3

• y capabilities to detect and report computers unmanaged

• nded deployments with restart/shutdown control after the execution of a

•

•

ce or

BES is easy to install and deploy, meets strong enterprise security requirements, and restricts access to authorized administrators only. Yet the BES platform is flexible enough to allow multiple administrators with different privilege levels to simultaneously monitor and manage your enterprise computers.

BES has these important features:

• Provides real-time visibility into the hardware, software, and operating environment of all your managed computers.

• Provides the capacity to manage up to 125,000 computers from a single BES Server. For larger networks, multiple BES Servers can be deployed, and the results can be consolidated into a single server.

• Allows fast, easy remediation (patches, configuration settings, updates, etc.) over large networks using automated and batched deployments.

• Updates remote computers and mobile laptops automatically, within minutes of logging on to the network through the LAN or VPN. Optionally allows users to receive updates whenever they connect to the Internet.

• Includes easy-to-use software distribution capabilities. • Provides extensive, customizable web reporting on assets, vulnerabilities, and actions.

Includes integrated asset discoverby BES and other network assets.

Allows unatteFixlet action.

• Displays detailed, real-time information as an action is rolled out over the network. • Provides a comprehensive audit trail of each action taken.

Allows you to reduce the network load by creating distribution hierarchies, scheduling deployments, time-shifting Fixlet actions, automatic “download resume” capabilities for disconnected users, and throttling bandwidth.

Minimizes impact on client computers even while continuously checking for issues, with a small memory footprint, low CPU usage (< 1% on average), minimal network usage, and no user input required. Fixlet messages are tiny, typically less than 1 kilobyte compressed.

• Facilitates testing in a designated group of computers before embarking on a network-wide deployment.

• Contains options to immediately reapply actions for computers that go out of complianto retry if the action fails for any reason.

• Provides a graphical real-time representation of your network for monitoring assets, actions, and vulnerabilties.



Page 4

• Provides robust security, with up to 4 kbits of digital signature verification available based

public/private key algorithm.

• Supports leading third-party network enforcement and quarantine technologies. upon the RSA




Page 5

How BES works

At the heart of the BigFix solution lies the agent-basedreal-time vulnerability and configuration issue identifBES 5.1 Server can manage up to 125,000 computers throughout a geograenterprise, and more BES Servers can be add

BES is an agent-based technology, and as such requires computer you wish to manage. This can be accomplishcapabilities within your org

BE ication, investigation and remediation. A single

phically distributed ed as needed.

the BES Client to be deployed to every ed using standard software deployment

anization (such as login scripts, software distribution software, etc.) or by using the BES Client Deployment Tool for NT or Active Directory domains. The BES Client will be deployed to every server, desktop and laptop in your organization. The BES Clients can be deployed to thousands of computers in a matter of hours. Each BES Client contains a set of "Inspectors" that provides a detailed look at the software, hardware, and current operating state of each computer.

BE eadministrators with appropriate rights). Nowto identify and fix many security and configuenvironments.

T he BES Clients that one or more new Fixlet messages are available, and the BES Clients then retrieve the new messages from the BES Server – or from the nearest BES Relay. The BES Relays aggregate and compress communications between the agents and the BES Server and also cache and distribute downloads to the agents, minimizing bandwidth usage on the enterprise network.

S platform that enables targeted, secure,

The BES Server monitors BigFix's secure servers via the Internet for new Fixlet messages. These contain intelligence to detect a particular issue on a computer, a description of the issue to help the IT administrator prioritize it, and actions designed to remediate it. The BES Server downloads each Fixlet message once from the Internet, verifies its authenticity and then caches it on the server.

t messages directly into the BES Console (for administrators can quickly create custom Fixlet messages ration management issues specific to their enterprise

he BES Server notifies t

S 5.1 integrates the ability to author Fixl


Page 6

Each BES Client continuously evaluates the Fixlet messages that it has retrieved, using its inspectors

o the computer. The BES Client periodically notifies the essages, which in turn is monitored by the BES Console.

geted, authorizes the BES

now

e rec es

s.

rts and f

to determine if any are currently relevant tES Server of any newly relevant Fixlet mB

For each relevant issue, the BES Console displays the total number of computers affected and provides the administrator with a drill-down view to the actual computers that exhibit each issue. With this information, and the description provided by the Fixlet message, the BES Console operator can decide on an effective course of action.

The administrator, with full control of which desktops, laptops and servers are tarClients to take action – remediating the issue enterprise-wide, across tens of thousands of computers. The action can be deployed to fix an issue immediately or on a

specified schedule. It can also be deployed as an ongoing “policy action” that will fix the problem and in the future if the problem occurs on a new computer or occurs again on the same computer.

The BES Client runs the action, downloading any software or patches required. The BES Consoleiv up-to-the-minute feedback from each computer as the BES Clients run the action.

At any time, the state of the entire enterprise can be viewed from any web browser using BES Web ReportThis interface allows the authorized BES Console operator to monitor remediation efforts, create repoproduce asset inventories across hundreds of thousands onetworked computers.



Page 7

BES Computer Requirements

The BES Client computers don’t have stringent requirements. The BES Client software (also knowas the BES Agent) can be installed on almost any release of Windows, including 95, 98, Me, 2000, Server 2003 and XP. The BES Client can also run on Red Hat Linux, SUSE Linux, Solaris, HP-

n NT,

ndows version of the gFix website at

lients-nonwindows

UX, Macintosh OS X and AIX. The BES evaluation version comes with the WiBES Client. BES Clients for other OS platforms can be downloaded from the Bihttp://support.bigfix.com/cgi-bin/redir.pl?page=besc .

r 2003 computer. The hardware quirements for the production version of the BES Server vary depending on how many BES Clients

re reporting to the BES Server, but for the BES evaluation version you should use a computer with at least a 1.4 GHZ processor and at least 256 MB of RAM for the best performance. The latest BES Server recommendations can be found at http://support.bigfix.com/cgi-bin/redir.pl?page=serverreq

The BES Console runs on any Windows 2000, XP or 2003 Server computer. You will get the best performance if it is a newer computer with at least 1.4 GHZ and 256 MB of RAM, but older computers can work too.

The BES Server must be a Windows 2000 or Windows Serverea

.

The following network configuration is also recommended for security and performance reasons:

• The BES Server must access the Internet via port 80. The BES Gather service is the only component of the BES Server that accesses the Internet and by default it runs as the Windows SYSTEM account. If the SYSTEM account cannot reach the Internet because of proxy or firewall restrictions, then you will need to set the BES Gather service to log on to the BES Server as a user with Internet and administrative access. Detailed instructions on how to do this are in a knowledge base article and can be found at http://support.bigfix.com/cgi-bin/kbdirect.pl?id=105. After you install the BES Server, diagnostics will automatically be run, allowing you to see if your BES Server can access the Internet or if you have any other issues.

• The BES Server must be able to accept HTTP connections on port 52311 from all of the computers that have the BES Client installed.

• The BES Console must be able to communicate with the BES Server using ODBC. For more detailed information on the requirements for the various BES components, see the BES Administrator’s Guide.


BES Evaluation Guide BES INSTALLATION INSTRUCTIONS

Page 8

ructions his Guide shows you how to install the Evaluation Version of BES for your assessment. The

Eva ti to 30 BES Clients for any supporteevaluation is fully functional. For most networks, the installation can be done in about an hour or less.

Eva tihttp://sof

BES Installation InstT

lua on Version lets you set up a BES Server, a BES Console and up d operating system for a 30-day evaluation period. Apart from these limitations, the

lua on versions of these and other BigFix add-on solutions are available at tware.bigfix.com/bes/install/beseval.html.

re is no unauthorized usage. To install a BES uses a public key/private key inpro ti om BigFix, Inc., from which you then create your masversion a st period. T

frastructure to ensure theduc on version of BES, you request a site certificate fr

thead (see the BES Administrator’s Guide for more details). However, this evaluation utomates the process, granting you a limited certificate, good for a 30-day / 30-computer tehe following section describes the installation steps.



Page 9

Installing the Evaluation Version

11 Download the Evaluation Version of BES from BigFix, Inc. at http://support.bigfix.com/bes/install/beseval.html onto the computer that you wish to use as the BES Server.

22 Log on to Windows as a user with administrator rights and launch the program to install the software. After a progress dialog and a welcome screen, a dialog with two choices is displayed. Click the first button to install the Evaluation version of BES, then click Next

33 Click Yes if you accept the License Agreement. 4

.

t sites are checked. Add

55 first button to use the Express installation, then click Next.

ss of the local computer. If

t a conflict with port 52311, you may select a different port. Click Next.

77 n’s name. Enter the information into the fields and click Next.

ice to verify it and click Next. Note: You will use this password every time you deploy an action to the BES Clients, so protect it and do not lose it.

99 The program automatically generates your temporary license, and then installs all the needed software, including the BES Server, BES Console, BES Client and MSDE. Some parts of this process, especially the database, may take a few minutes. Once the components are installed, you may be prompted to restart your computer. Click Yes and then Finish.

1100 When the computer reboots, the installer will complete its work and display a dialog telling you where it saved the BES components (typically in "C:\BESInstallers\"). You are prompted to launch the BES Installation Guide. Click Yes.

1111 Click Install BES Components, and then click Install BES Clients. The Client Deploy tool is displayed. From here, follow the instructions for installing the BES Clients (see next section).

Should you ever need to launch the BES Installation Guide program at another time, you can do so from Start > Programs > BigFix Enterprise > BES Installation Guide.

4 Choose the Fixlet sites you wish to try during your evaluation. Each Fixlet site represents a different solution that you can add to the BES platform. Each Fixlet site has a descriptionwith details about what the solution provides. A default set of Fixleany Fixlet sites that sound interesting and remove any that you do not wish to try. On the following dialog, click the

66 A dialog is displayed, prompting you to supply the Server IP and the BES communications Port. The IP address will be filled in by default with the IP addreyou need to, you can change the IP address to a different IP address or DNS name. Each of the BES Client computers will need to be able to make an HTTP connection to the BES Server using this IP address or DNS name for BES to work properly. In the unlikely eventhat you haveImportant Note: The Server IP is central to your site’s identity. Once chosen, it can’t be changed without reinstalling BES. To create your security credential, a dialog prompts you for your Name, Email address, and Organizatio

88 You are prompted for a password, which adds another level of protection to your private key. Type it in tw



Page 10

Installing the BES Client Manually

The BES Client must be installed on every computer in your network that you want to administer withBES – including those computers running the BES Server and the BES Console. There are many ways

install the BES Client (for details, see the BES Administrator’s Guide).

If y us lled on t BClients mClients). ther small application. To dep th

from

tware is ES Client knows

which computer is the BES Server based upon the IP address you specified earlier in the

er properties to the BES Server. Depending on the speed of the computer, this information should appear in the BES Console withing 1 to 10 minutes.

cess on every computer in your network that you wish to place under BES

to

ou ed the “Express” option in the BES installer, you will have the BES Client already instahe ES Server computer. In your test environment, you may find it easiest to install more BES

anually (in a production environment, you would likely NOT manually deploy the BES Installing the BES Client is about the same as installing any o

loy e BES Clients manually, do the following:

11 Copy the C:\BESInstallers\Client installer folder to the desired computer using network shares, USB storage drives, FTP or any other file transfer method.

22 Once you've copied the Client folder to the target computer, double-click on setup.exe that folder to launch the installer.

33 After the welcome screen, you are prompted for a location to install the software. You may accept the default, or click Browse to select a different location.

44 After the files have been moved, click Finish to exit the installer. The BES Client sofnow installed and it automatically begins working in the background. The B

installation. 55 After it is installed, the BES Client will silently gather all the Fixlet messages, evaluate them,

and send the Fixlet message results and comput

66 Repeat this proadministration.



Page 11

Client Deploy Tool Installing the BES Client Using the BES On NT 4.0 Domains or Windows 2000 domains using Active Directory, you can use the BES Cli

eploy Tool to automate the procesent

s depending on the specific details of your network. Here’s how:

puters using Active Directory or NT 4.0 Domains.

omputers in the domain. It then checks each of the computers to see if the BES Client is already installed.

44 For NT 4.0 Domains, The program checks for all computers available in the same NT

and control-click to select the computers you want to administer with BES.

admin password and click Next again.

tials, the BES Client Deploy tool copies the BES Client installer files to the com ecutes a silent install that doesn’t require user intervention. When comp

Troubl

D

11 For the BES Client Deploy Tool to work properly, you must be logged in as a domain

administrator or an account with full permissions. Launch the BES Client Deploy tool fromStart > Programs > BigFix Enterprise > BES Client Deploy.

22 Choose from the two choices: find com33 For Active Directory, the program contacts the Active Directory server to get a list of all of

the c

domain. 55 After the list of computers is populated, shift-

66 Click Next and type in your domain

Using the supplied login credenputers you selected and ex

leted, a log of successes and failures is displayed.

eshooting If you have problems, first run the BES Diagnostics, a tool that makes sure your BES Server is cor tly ms > BigFix E more about the problem, click on the question mark to view the associated knowledge-base article or contact your Big

rec configured and working. You can run this tool at any time by going to Start > Progranterprise > BES Diagnostics. Any potential failures are clearly marked. To find out

Fix support technician. More information is available at http://support.bigfix.com/ along wl support contact information.

ith technica


BES Evaluation Guide USING THE BES CONSOLE

Page 12

sole he BES Console is the visible face of BES, used by the administrator to monitor and remediate

is guide is designed to quickly show you the most important features of the BES Console, and then

you

Using the BES ConTcomputers running the BES Client. Thturn you loose on the program itself. The BES Console has integrated documentation, available fromthe Help menu, which provides step-by-step procedures to help you get the most out of BES. Ifprefer written documentation, refer to the BES Console Guide, available at http://support.bigfix.com/product/. Before you dive in, we recommend that you read through the following short sections to get a feel fthe program.

Starting the BES Console

or

To use the BES Console, follow these steps:

11 Start the BES Console by double-clicking on its desktop icon:

Or select it from the Programs menu: Start / Programs / BigFix Enterprise / BES Console

22 To connect to the BES Server database, the BES Console prompts for a username and

password. Enter the Username and Password you created when you installed BES. Note: If you're logging into the BES Server computer with admin rights, you can use NT Authentication instead of entering a password. However, if you're running the BES Console from another computer, you'll be prompted for a username and password.

33 The first time you launch the BES Console, it needs to prime the database and propagate the

initial content. Enter your password to authenticate this action.

.

t messages to the BES

44 The BES Console opens and begins to import Fixlet messages (A Gathering Status message box appear after a few seconds). When it finishes, it sends the FixleClients, which evaluate them and return the results. This process can take a few minutes.



Page 13

Introducing the BES Console The BES Console

opens a window with several parts:

Note: The BES Console displays a lot of information to the user and works best with a high-resolution screen (1024x768 required, 1280x1024 or higher recommended).

• Navigation Bar: This panel provides shortcuts to the most popular functions of the BES Console. This is an excellent way for the novice to quickly learn about the program.



Page 14

• Main Tabs: These tabs each bring up a different filtered list box, including Fixlet Messages,

es, Actions, and Console Administrators.

• Filter Panel: Pick a value from a folder to filter the list on the right. You can shift- and ctrl-

list is only showing Critical Fixlet messages. Click a header to sort

• nts of the right-click menu depend on which main tab is selected.

When you click on an item in the list,documen It has its own t

• et action across your network, targeting

ny BES Console administrator can double-click a Fixlet message in a list and see its description in

vailable by selecting View > Fixlet Properties) lets you inspect the conditions used to determine relevance and the proposed remedial action, using the human-readable Relevance Language.

Note: It may take a few minutes for the BES Clients to gather the latest Fixlet messages and determine their relevance. If you do not see any Fixlet messages when you select the Fixlet Messages tab, make sure you install at least one BES Client on a computer and wait a few minutes for the computers to report their results.

Tasks, Computers, Analys

click on multiple values to include more items in the list.

• List Panel: Contains a list of items determined by which main tab is selected and which filters are used. Here the by that column. Double-click on an item in the list to view it in greater detail in the lower panel.

Right-click Menu: When you right-click on any item in the list, an option menu pops up.The conte

more detailed information will be displayed in the bottomt window. In this example, a Fixlet message has been selected to view in greater detail. abbed structure:

• Document Tabs: In the bottom window, another set of tabs is used to organize the information in the selected document. Each different document type has different tabs. In this example, the description tab of a Fixlet document has been selected.

• Fixlet Message: This is a description of the Fixlet issue in plain English. Action Button: This is a link that will deploy a Fixland fixing only those computers that are vulnerable.

Athe bottom window. Each Fixlet message describes a vulnerability that has been discovered on a given BES Client computer. The Fixlet Property panel (a



Page 15

ns Fixlet Site Subscriptio

Upon installation, BES automatically subscribes to the Fixlet sites that you selected in the evaluationinstaller. Each Fixlet site contains a collection of Fixlet messages that perform certain tasks. Some of the available Fixlet sites include:

d patches

ixlet messages that identify the top 10 classes of vulnerabilities as

Mobile Security Manager has Fixets that provide pretested best-practice security

• nti-Virus continuously monitors your AV Software on desktops, laptops

• MS Clients running smoothly by fixing a

To rn e, visit http://sof ll/beseval.html

• BES Support is a special site that keeps you apprised of updates or problems with any of the BES components themselves. You should periodically check the BES Support site to see if there are any issues found in your BES installation. Unlike other sites, this site cannot be deleted.

• Patch Manager provides you with Fixlet messages that alert you to uninstalleacross Windows, Solaris, Red Hat, Linux, Macintosh, AIX and HP-UX operating systems.

• SANS Top 10 has Fdefined by the SANS institute.

• Registry Vulnerability Solutions has Fixlets that detect and repair problems with unguarded Windows registry entries.

• configurations for your all your networked mobile computers.

Client Manager for Aand servers to ensure that it is running and current.

Client Manager for Microsoft SMS keeps your Svariety of common SMS Client problems.

lea more information about which Fixlet sites are available and what solutions they providtware.bigfix.com/bes/insta .



Page 16

Fixlet Messages Tab

Fixlet messages are used to indicate that there is an issue on a computer that needs to be addressed. The issue could be that a recommended patch is not present, your anti-virus definitions are obsolete, a computer has a configuration that allows for a security vulnerability, and more.

When a Fixlet message becomes applicable anywhere on your network, it gets added to the Fixlet list. the Fixlet message itself detects if it is needed on each computer. The term used to describe t the Fixlet message has become relevant. Depending on the Fixlet category you choose in

the t f e a look at th

Each Fixlet m em, a link to more information and a button to fix the problem.

Fixlet m

Try it: 11

22

33

44

55

66

Note thatthis is tha

lef ilter pane, you will see a list of the relevant Fixlet messages in the right pane. You can take entire set by selecting the category labeled All Relevant Fixlet Messages.

essage typically consists of a description of the probl

essages give you a high-level view of all the issues across your network and which computers are affected by each issue. The Fixlet messages allow you to fix the issues with a few mouse-clicks without writing custom scripts or doing custom packaging.

Click on the Fixlet Messages tab or select Fixlets > View All Relevant Fixlet Messages fromthe Navigation Bar. Double-click on a Fixlet message in the Fixlet list. A window is displayed below the list with the information divided into tabbed categories. Peruse the various tabs to view the Description, Comments, Relevant Computers and Action History. Most Fixlets include a link to more information so you can quickly conduct your own research on the problem. Notice the Fixlet message properties available in the Fixlet list such as Download Size, Source Severity, Release Date, etc. You can sort the list by clicking on the corresponding column headers. You can also filter the list by selecting properties from the filter tree at the top left of the screen. While you're looking at the Fixlet description, go to View > Show Message Properties to see what criteria were used to detect relevance and how to fix it. These are actually programexpressions in the BigFix Relevance Language, which is fairly straightforward to read and understand.



Page 17

Deploying Actions

ure behavior and much more.

t window) corresponding to the Fixlet action. The

At the heart of the BES is the ability to deploy Fixlet actions to tens of thousands of computers that are in need – and none that aren't. The Take Action interface is designed to grant you full control over the deployment of the action, including which computers to target, the restart behavior, the time the action runs, the fail

Try it: 11 Select a Fixlet message from the Fixlet list and read it carefully. Click the link or button

(usually toward the bottom of the FixleTake Action dialog box appears:

22 Choose the Target tab to select a subset of the affected BES Client computers. You’ll see a

list of computers that have reported back to the BES Console that this Fixlet message is relevant to them.

33 Filter the list of computers in the main window by selecting a filter from the tree view on the left.



Page 18

44 Select any desired subset of computers, then click OK to deploy the action to that subset.

he authentication password when prompted.

e

r

Message tab to create an optional message that will be displayed to the end user when the BES Clients run the action.

• Look at the Post-Action tab for restart/shutdown options. •

•

55 Enter t

The action is sent to all the computers you targeted. You are then shown an action status screen that allows you to monitor the progress of your action. As the Action propagates through your network, thfixed computers will stop reporting the Fixlet as relevant, and you can watch as the affected computer list shrinks.

That is the basic process for taking an action, but you can customize the deployment with several othefeatures of the Take Action dialog:

• Use the

• Use the Constraints and Execution tabs to see the different scheduling and failure/retry options available to you.

The Relevance and Action Script tabs provide advanced options that allow you to manually change the behavior of the action at a very detailed level. Generally, you won’t need to use these tabs except for certain advanced, custom deployments.

When you’ve finished customizing the deployment, you can click the Save Preset button to save your modifications for later use.



Page 19

Tasks Tab

Fixlet messages are used to alert you to essential issues and known bugs throughout your enterprise. There are many issues, however, that don't rise to the level of an essential fix, but are merely policies or configurations that you may wish to make common across your managed network. To accommodate these functions without cluttering the Fixlet list, BES has a feature called a Task. It is similar to a Fixlet message, except that a Task does not represent a problem to deal with, but instead allows you to perform common operations on your BES Client computers in a simple and repeatable fashion.

Try it: Click on the Tasks tab to see the relevant Tasks in your deployment, or select Tasks > View All Applicable Tasks from the Navigation Bar.



Page 20

Almost everything discussed previously about Fixlet messages applies to Tasks. Notice also that

BES Server, and BES Relay configurations (such as bandwidth throttling) are ks. This makes it simple to configure the advanced settings of

ES in the same way that you configure and remediate BES Client computers.

advanced BES Client, ccomplished using pre-defined Tasa

B



Page 21

Computers Tab

BES is designed to show you vulnerability information primarily through the Fixlet messages tab so an see the summary of vulnerabilities in your network instead of having to click on each

com mputers. Howeve e hardwareinformat

that you cputer to see the vulnerability status. This makes it easy to manage tens of thousands of co

r, you often want to see specific information about the BES Clients including the status of th and software, the relevant Fixlet messages, and the actions taken. You can view this

ion and more through the Computers tab.



Page 22

These properties are completely customizable to retrieve almost any information about the computer

below for information about how to add new properties to be retrieved by your information about computer properties is also available in the Analyses section

elow).

w Computer Properties from the Navigation Bar. You'll see a list of the BES Client computers in a panel at the upper right.

t can be sorted by clicking the column headers and it can be filtered by selecting

22 mputer in the list to bring up an information display in the lower

33 lecting items from the tree view in the left panel. Click on the All rties >

es, or

that you want. SeeBES Clients (moreb

Try It: 11 Select the Computers tab or select Assets > Vie

This lisproperties from the filter tree to the left of the list. Double-Click on a cowindow. The information is divided into tabbed categories, including Relevant Fixlet Messages, Retrieved Properties, etc. Filter the list by seComputers icon to the filtering possibilities. For instance, from the Retrieved PropeOS folder, you could select WinXP to display only XP computers.

44 You can add your own custom-designed properties to this list. This is an advanced topic notcovered in this guide, but in summary, you can choose from a list of common propertiyou can manually create them by going to Tools > Manage Properties. For more information, visit: http://support.bigfix.com/cgi-bin/redir.pl?page=retrievedproperties.

55 Right-click on a computer in the list to Edit Computer Settings. This gives you the ability to edit various BES Client settings. Most of these settings are beyond the scope of this document (see the BES Administrator’s Guide for more information), but if you examine the various options, you'll notice that virtually every piece of software or hardware installed on any BES Client may be inspected and modified.

66 You can group your networked computers into natural clusters. You might want to group the computers by department, like Marketing, Manufacturing and Finance. Or you might prefer a geographical breakdown, like San Jose, Bangalore and New York. Just right-click on a computer or set of computers and select Add to Group from the pop-up menu. You are presented with a dialog box that allows you to select an existing group or create a new one for your selected computer(s).



Page 23

Actions Tab

By now, you have probably taken several actions in your test deployment. You can view the astatus using the Actions Tab. This view gives a full history of all the actions including the current status of each action and all of the options you selected.

ction

ck on the Actions tab in the main window or select Fixlets > View Fixlet Actions from the Navigation Bar.

22 n

33

44

55

Try It: 11 Cli

A list of Actions is displayed in the top right panel. You can sort the list by any of the columheaders. You can also filter the list based on various Action properties using the filter tree to the left of the list. Double-Click on an action to see the Action information. The main window displays information about the Action, divided into several tabbed sections. You can double-click on an individual computer under the Computers tab to see complete status information about any currently executing Action(s) as well as a history of past Actions. This information is useful for monitoring or troubleshooting action deployments. Notice that you can right-click on an action in the Action list to stop or restart an action.



Page 24

An ysal es Tab

The omdeploymespeciall view.

An al computeand e sil

C puters tab gives you information about specific properties of each computer in your ent. There are times, however, where it is more convenient to summarize this information, y in large installations. The Analyses tab provides exactly this kind of over

An ysis is created to provide a summarized grouping of properties received from your networkedrs. Using the Analyses tab, you can view aggregate software or hardware properties quickly y. a

A single Analysis, then, can provide a wide-ranging yet compact summary of all your networked assets.



Page 25

Try It:

lyses tab in the main window or select Reports > View Analyses from the n the list on the right, you’ll see a list of Actions with status initially set to

Not Activated.

Click here to activate this

an see the specific information

plications, network information, and more.

11 Click on the AnaNavigation Bar. I

22 Double-click on an Analysis, such as the Hardware Information (Windows) Analysis, andlook at the Description tab to see the properties included in the Analysis.

33 You can activate this Analysis by clicking on the button Analysis. You can also activate a group of Analyses by selecting them from the top list and then choosing Activate Analysis from the right-click menu.

44 After it is activated, the BES Clients will begin to send the properties indicated in the Analysis. This may take a minute or two. You can view this information by looking at the Summary tab to see the properties grouped together or you creturned for each computer in the Results tab.

Explore the various Analyses in the list to understand how BES can retrieve information from each of your networked clients about hardware, installed ap



Page 26

Vis lua ization Tool

The ESnarrow d view of y

SometimThi th rep n kly run out of scr s ate the sphere to c

Select a hierarcActive Directo nges in your network a glin real-time as

B Console allows you to view your information in listings, using filters to help you quickly own and select the exact information you're looking for. This provides you with a fine-scaleour network.

es, however, a high-level graphical representation is the best way to monitor your network. s is e job of the Visualization Tool, which can display a continously updated hierarchicalrese tation of your entire network. In a large installation, a simple tree structure would quic

een pace, so the Visualization Tool maps your network onto a sphere. You can manipuloncentrate on any desired subsection of your network.

hy or property you wish to visualize, such as IP address, BES Relay Hierarchy or ry. You can attach a color to these properties, allowing you to monitor cha

t a ance. You might, for instance, attach a color to a software patch in order to visualize it it installs throughout your network.

A view of a large multi-national corporation’s BES deployment. The hierarchy is organized by IP address and the different colors represent different locations around the world. There are 80,000 BES Clients represented in this Visualization.



Page 27

Try It: ls > Launch Visualization Tool or select Assets > Launch Network Visualization

processing so if your BES Console computer has a weak video card,

your Visualiztion tool might be very slow or "choppy" (upgrade your video card for better

33

h

11 Go to TooTool from the Navigation Bar.

22 A dialog will appear leading you through the various options. Note: Visualization requiressome extensive video

results). In addition, you cannot run Visualization over a Remote Desktop connection because it is too graphics intensive. Experiment with the following hierarchies to see how the Visualization Tool works:

• Organize by IP address and color each node by the relevance of a specified Fixlet Message. A tree is displayed with each octet of the IP address representing a level in the tree hierarchy. The red nodes represent computers that need the Fixlet and the green nodes represent computers that don't need it or have already been fixed.

• Organize by IP address and color by a property (such as CPU). A tree is built with eacoctet of the IP address defining a level in the tree hierarchy and the different colors representing different CPU types. At a glance you can see which subnets have the fastest computers.

• The next time you take an action, open the Visualization Tool and organize by BES Relay Hierarchy. Color the nodes by the status of the action you just took. This will display the progress of the action update as the BES Clients apply the action.



Page 28

We Rb eports Using a web browser, you can view various reports, including the status of Fixlet messages and com S Servers to monitor a wid ne

puter settings. These reports can also be aggregated across multiple BEer twork of computers.



Page 29

22 33 Type yo

create a ma44 Select from iew computer settings.

You c crcustom pro

55 You c saadministra

66 Your reports can be formatted for printing, or saved in a form that can be imported into a spreadsheet or datab

More inform b Reports Guide at http://suppo

Try It: 11 Select Tools > View Web Reports or select Reports > Launch Web Reports from the

Navigation Bar. Select a server URL and click the Launch Web Reports button.

in ur username and password. The first time you log in, you will be prompted to ster account for web reports. The overview window is opened by default. the tabs to view a stored report, create a new report or v

an eate reports on the retrieved properties of your networked computers (including perties) as well as Fixlet messages and actions.

an ve your reports as private or public. Public reports may be read by any tor; private reports can be viewed only by you.

ase.

ation about web reports can be found in the BES Wert.bigfix.com/product/.

Tasks, and Analyses

Custom Fixlet Messages, Subscriptions to Fixle ost of your

y have unique situations across your network that are not cov fferings. For this situation, you can create your own custom solutions. Som

• Deploying custom• Enfo

• •

With BEscratch. details a us methods vailable to create custom content.

t sites and the built-in Tasks and Analyses are sufficient to handle mday-to-day patching, security and policy tasks. However, you ma

ered by these standard oe of the possibilities include:

software

rcing policy

• Modifying registry settings Manipulating files and patches

Resolving configuration issues

S, you can solve these problems by customizing existing Fixlets or creating your own from These same techniques can be applied to creating and customizing Tasks and Analyses. The re beyond the scope of this guide, but this section lays out some of the vario

a



Page 30

Here are some of the tools you can use to create custom content:

s: Wizards help you do common tasks such as deploying applications and setting registry keys so that you don't need to write the relevance or action scripts yourself. Here are

Wizards

s of

Windows Registry Wizard. This wizard will help you easily create a Task to set

ws Software Distribution Wizard. This wizard will help you easily create

• Wizard

some of the included wizards available from the menu:

• Location Property Wizard. This wizard will guide you through the procescreating a property that will allow the BES Clients to identify their current location based on subnet or other network information.

• arbitrary registry keys for Windows computers.

• Windoa Task to deploy applications to Windows computers.

• Initiate a custom Action: Go to Tools > Take Custom Action. This will display the standard Take Action dialog, but with no default action defined. You can fill in the action script, action parameters, and relevance that can be immediately sent to the BES Clients. You can think of this as a command window to all the computers in your deployment. For more information, visit: http://support.bigfix.com/bes/misc/customactions.html

• Create a brand new Fixlet: Go to Tools > Create New Fixlet Message and you’ll be presented with a dialog to help you create your own Fixlets from scratch. This same creationtechnique also applies to Tasks and Analyses.

. BigFix provides documentation and training classes to help customers write custom content so they can take full advantage of the advanced capabilities of BES.



Page 31

Using Help

BES Console has integrated documentation to help you quickly master the program. Context-sensitive help is available by clicking the F1 key whenever a dialog box or menu is displayed.

s are also available from the Help menu. Consult the Help section titled Using the o find step-by-step instructions for some common BES procedures. The main topics

covered include:

• Fixlet messages – including monitoring, creating, customizing, hiding and commenting on essages.

s – including viewing and selecting Fixlet sites, as well as cancelling subscriptions.

including viewing, monitoring, creati customizing hiding and commenting on

– including monitoring and stopping ey have been deployed.

• Client Computers – including adding and restoring retrieved properties as well as locking and monitoring your networked computers.

rs – including monitoring and assign ts for BES operators.

s – monitoring, creating, customizing, hiding and commenting on Actions.

• Displays and Reports – demonstrating how to visualize a network with tens of thousands of nodes and how to generate reports on all your managed computers over a web browser.

d Servers – including setting and using relays for greater system efficiency and tuning servers to maximize their throughput.

• Unmanaged Assets – showing how to view and manage assets that are beyond direct inspection by BES.

In addition, consult the BES Console Guide and the BES Administrator’s Guide for in-depth ormation about using and administering BES. These guides, along with an extensive and easy-to-e Knowledge Base, are all available online from Big p://support.bigfix.com

The

More help fileProgram t

Fixlet m

• xlet SiteFi• Tasks – ng,

Tasks.

• Actions actions after th

• toOpera ing management righ• Analyse

• Relays an

infus Fix, Inc., at htt . Be sure to visit the site for the latest information.


BES Evaluation Guide INDEX


Page 32

Index

A

Actions Tab · 23 Analyses Tab · 24 Audience · 1

B

BES: Server · 7 BES Asset Connector · 2 BES Client · 7 BES Console · 7, 13 BES Features · 2-4 BES Requirements · 7 BigFix · ii

C

Client Compliance · 2 Computers Tab · 21 Custom Content · 29

D

Deploying Actions · 17

F

firewall · 7 Fixlet Messages Tab · 16 Fixlet Site Subscriptions · 15

I

Installation · 7-11; Client Deploy Tool · 11; Manual Client Installation · 10

Introduction · 2

L

license · ii

P

proxy · 7

R

Relevance · ii Requirements · 7

T

Tasks Tab · 19 Troubleshooting · 11

U

Using Help · 31

V

Versions · 1 Visualization Tool · 26

W

Web Reports · 28

PrefaceAudienceOrganization of this GuideVersions

IntroductionThis GuideBES FeaturesHow BES worksBES Computer Requirements

BES Installation InstructionsInstalling the Evaluation VersionInstalling the BES Client ManuallyInstalling the BES Client Using the BES Client Deploy ToolTroubleshooting

Using the BES ConsoleStarting the BES ConsoleIntroducing the BES ConsoleFixlet Site SubscriptionsFixlet Messages TabTry it:

Deploying ActionsTry it:

Tasks TabTry it:

Computers TabTry It:

Actions TabTry It:

Analyses TabTry It:

Visualization ToolTry It:

Web ReportsTry It:

Custom Fixlet Messages, Tasks, and AnalysesUsing Help

Index

bigfix enterprise suite (bessupport.bigfix.com/product/documents/besevalguide-5.1.pdf · 2005. 5....

Documents