Tivoli Software © 2010 IBM Corporation BigFix Architecture Overview 1
May 22, 2015
Tivoli Software
© 2010 IBM Corporation
BigFix Architecture Overview
1
Tivoli Software
© 2010 IBM Corporation
Who is BigFix?
BigFix is a leading provider of high-performance security and systems management software for enterprises and service providers
• Private, venture backed, company based in Emeryville, CA• 700+ customers, 7M+ devices under management• Particularly strong with large scale deployments (10,000+ devices) • 50%+ of bookings are channel related. Key partners include Trend Micro, HCL,
Wipro, SAIC, Lockheed Martin, Fiberlink• Diversified across all major industry verticals• 2009 financial summary:• $70M bookings, 20% growth (normalized)• $52M revenues, 64% growth• $18M free cash flow• EOY headcount 204, up 36%
Key Company Facts
*Normalized for one-time $8M MSP sale
2
Tivoli Software
© 2010 IBM Corporation
What BigFix Offers
The BigFix Unified Management Platform provides real-time visibility and control through a single infrastructure, single agent and single console
3
Tivoli Software
© 2010 IBM Corporation
Proven Return in the Real World
Plus, real-time visibility and granular control over every endpoint…
Plus, real-time visibility and granular control over every endpoint…
4
Area of Concern Previous Approach
With BigFix
90K device deployment 6 months 1 week
# of Management Servers 25 1
Annual Electricity Costs $6.9M $4M
Patch Cycle 7 Days 5 minutes
Software Inventory Cycle (license “true-up”)
3 weeks 20 minutes
Vulnerability Assessment Cycle 6 months 3 days
Security Configuration Cycle 5 months6 FTEs
2 weeks1 FTE
90K device deployment 6 months 1 week
4
Tivoli Software
© 2010 IBM Corporation
Summary of market demand drivers
5
Security Event: a failure to defend the corporate infrastructure that exposes the performance gaps of the current systems and security management infrastructure
Compliance Mandate: a corporate wide requirement to demonstrate visibility and control of the infrastructure
Cost Reduction Mandate: a requirement for greater efficiency that drives customers towards:
Consolidation and automation of multiple activities under a single management infrastructure
Power management and asset management initiatives
Green Initiative: a mandate to reduce carbon footprint through power management initiatives
IT Operations (Desktop or Servers)
IT Operations (Desktop or Servers)
CISO officeCISO office
CFO officeCompliance office
Facilities
CFO officeCompliance office
Facilities
Primary Buying Center
Primary Influencer
Secondary Influencers
5
Tivoli Software
© 2010 IBM Corporation
Cumulative Sales of New Units: New Customers + Add-On Products
Calls to BigFix L3 Support
BigFix Focuses on Quality
6
Tivoli Software
© 2010 IBM Corporation
Product Overview
7
Tivoli Software
© 2010 IBM Corporation
BigFix Platform Elements
Single Intelligent Agent• Continuous self-assessment• Continuous Policy enforcement• Minimal system impact (<2% cpu)
Single Server & Console• Highly secure, highly available• Aggregates data, analyzes & reports• Manages >250k endpoints
Powerful policy language (Fixlets)• Thousands of out-of-the-box policies• Best practices for ops and security• Simple custom policy authoring• Highly extensible / applicable across all platforms
Virtual Infrastructure• Designate any BigFix agent a relay or scan point• Built-in redundancy • Leverage existing systems/ shared infrastructure
An existing BigFix managed asset can become a relay in minutes
8
Tivoli Software
© 2010 IBM Corporation
Intelligent Agent: Pervasive Real-time Visibility Heterogeneous Platform Support (Managed Assets)
Windows NT SP6a/95/98/ME/2000/XP/2003/Vista/Windows 7/Windows 2008 (Incl. x86, x64 and Itanium)
Suse Linux (32 and 64-bit), Suse Linux Enterprise Desktop
Redhat Linux (32 and 64-bit)
Solaris (incl. Sparc and x86)
HPUX
IBM AIX
Mac OSX
VMWare ESX
IBM zLinux
Wyse Thinclients
Windows XPembedded, WePOS, and Embedded Standard 2009
Windows Mobile 5 and 6, Windows CE
Unsupported but running in commercial environments; Debian, Ubuntu, and CentOS
Visibility into any IP enabled device through network scanning enabled in any BigFix managed asset (Unmanaged Assets)
9
Tivoli Software
© 2010 IBM Corporation
BigFix Technology: The Fixlet
Fixlets are a key part of BigFix Architecture
Fixlets are a general purpose way to encapsulate:
– Issue identification - Relevance
– Description of an issue – HTML for users
– How to solve it – Action
Examples
– Fixlet to identify/fix if MS09-012 is needed
– Fixlet to identify/fix if Adobe Acrobat isn’t installed
– Fixlet to identify/fix if power settings aren’t right
– Fixlet to identify/fix if AV isn’t running or updated10
Tivoli Software
© 2010 IBM Corporation
Fixlets
By decomposing problems into Fixlets, it makes it easy to identify, report, fix, manage issues
Fixlets are authored by BigFix or partners in Fixlet Sites
BigFix and partners offer thousands of Fixlets in dozens of Fixlet sites for many different areas:
– Patching, security configs, inventory, app deployment, AV management, …
When BigFix publishes new Fixlets, they are distributed to all customer’s BigFix Servers within an hour
Customers can easily create their own Fixlets
11
Tivoli Software
© 2010 IBM Corporation
Relevance LanguageCustom made for managing endpoints
>100 faster than other solutions
Suitable for IT operations and Example RelevanceLanguage vs WMI
showing >100faster execution
12
Tivoli Software
© 2010 IBM Corporation
Single Server & Console• Highly secure, highly scalable• Aggregates data, analyzes & reports• Pushes out pre-defined/custom policies
Single Intelligent Agent• Performs multiple functions• Continuous self-assessment & policy enforcement• Minimal system impact (< 2% CPU)
Lightweight, Robust Infrastructure• Use existing systems as Relays• Built-in redundancy • Support/secure roaming endpoints
13
Tivoli Software
© 2010 IBM Corporation
Our Closed Loop Speed is Our Advantage
14
Tivoli Software
© 2010 IBM Corporation
Closed Loop Speed is Our Advantage
Report Publish
Evaluate
Traditional Solutions BigFix
Enforce Evaluate
PublishReport
Challenge Traditional client/server tools BigFix Platform
Complete the policy enforcement loop
Everything is controlled by the server, which is slow
Distributed computing with intelligent, universal agent
Increase the accuracy and speed of your knowledge
It can take days to accurately close the enforcement loop
Policy enforcement is accomplished and proven in minutes instead of days
Scalability cannot be attained without large infrastructure investments
Administrators are still managing tools instead of being productive
Distributed processing means scalability is unlimited
Adjust system policies depending on environment, location
Scan-based assessment, leading to stale data false sense of awareness
Real-time situational awareness
Decide
Evaluate
Enforce
Decide
15
Tivoli Software
© 2010 IBM Corporation
Comparative Example: Application Upgrade
1. Use the software distribution wizard to describe the package and generate an action policy
2. BigFix Agents continuously retrieve policies.
3. BigFix Agents continuously assess the policies against the hosts. If upgrade is required, the Agents take action
4. BigFix Console automatically reflects status in real-time
BigFix shortens the policy enforcement loop from weeks to hours, with 95-99% first-pass success rates
Legacy software install policy BigFix is faster and simpler1. Build a query to identify targets2. Build a package, method, and task to describe
the required action3. Build a report to return results4. Agents report their daily software inventory. 5. The server re-calculates target lists from this
inventory every hour.6. Each targeted agent downloads new policies
every day and takes action.7. The next day, agents report software inventory
with the new information. 8. The server re-calculates target lists from this
inventory every hour, removing the agents which installed the software.
9. Administrators manually run reports to find out what happened when. It will take custom scripting in most tools.
16
Tivoli Software
© 2010 IBM Corporation
BigFix: Content Based Delivery Model
BigFix Content Sites
Patch Power SCM Anti-Malware
SW Dist. SW Asset Mgt. OS Prov. Other …Internet
Description and Benefits•Applications are delivered via subscriptions to content (fixlet) sites (e.g., “cable box” or “iTunes” model)•Content flows to the BigFix server and through the infrastructure•No on-premise reinstall•Speed – distribution is automated•Rapid, easy testing / POC•Model is key to account expansion strategy / cross selling
1717
Tivoli Software
© 2010 IBM Corporation
3rd party integration Examples
• Anti-malware
• Application Virtualization
• Encryption
• Application Control
• Fine-grained Device Control
Single Intelligent Agent
Agent Side Integration
API or otherAPI or other
3rd Party Agents / Engine
3rd Party Agents / Engine
BigFix AgentBigFix Agent
BigFix Applications 3rd Party Applications
What else could BigFix do?
• Run book automation
• Application provisioning
• File Integrity Monitoring
• Application Performance Monitoring
• Back-up and Recovery
• Document Management
• End User Experience Monitoring
BigFix can automate almost any task at scale
18
Tivoli Software
© 2010 IBM Corporation
Agent Side Integration Steps and Benefits
1. Expose third party agent control interface and method – trim “agent fat”
2. Create integration logic – typically creation of Fixlet content
3. Create UI content for console operator command and control (emulate third party’s console interface)
4. Publish application as new content site
Speed: typically 1Q
Effort: typically 2 FTEs (includes QA)
Performance: all Platform performance attributes (speed, visibility, quality of control) inherited by the new applications
Convenience: fully integrated into BigFix unified management platform single “pane of glass”
Go to market synergy: leverages the same content based delivery channel: no new install, no additional infrastructure, easy updates, etc.
BenefitsIntegration Steps
19
Tivoli Software
© 2010 IBM Corporation
BES Platform
Database ServerDatabase Server
Web Reports ServerWeb Reports Server
Agent CommunicationsAgent Communications
Decision Support ServerDecision Support Server
BigFix Relay
BigFix Server
BigFixAgent
Policy EnginePolicy Engine
InspectorsInspectorsBigFixAgent
Policy EnginePolicy Engine
InspectorsInspectorsBigFixAgent
Policy EnginePolicy Engine
InspectorsInspectors
BigFix Console
BigFix Server API*SOAP for reads
*COM for writes
Application Services
Management Services
Failover/Failback/Backup/RecoveryFailover/Failback/Backup/Recovery
SecuritySecurityServer Auto-updateServer Auto-update
Web ReportsWeb Reports
DiagnosticsDiagnostics
Agent Deployment/UpdateAgent Deployment/Update
Scripted InstallationScripted Installation
Central Deployment LibraryCentral Deployment Library
Distribution InfrastructureDistribution Infrastructure
Platform Components
Asset DiscoveryAsset Discovery
Patch ManagementPatch Management
Power ManagementPower Management
Client Mgr for Endpoint SecurityClient Mgr for Endpoint Security
OS Deployment / reimagingOS Deployment / reimaging
Device ControlDevice Control Security Compliance AuditSecurity Compliance Audit
Software Asset ManagementSoftware Asset Management
Others…Others…
• CMDB• Asset Repository• Service Desk
• Workflow / Orchestration• 3rd party mgmt console
• Workflow / Orchestration• 3rd party mgmt console
Command and control of 3rd party agentsCommand and control of 3rd party agents
Command and control of BigFixCommand and control of BigFix
Data export to 3rd party systemsData export to 3rd party systems
20
Tivoli Software
© 2010 IBM Corporation
Appendix A Messaging Architecture
Tivoli Software
© 2010 IBM Corporation
BigFix Message Architecture
BES ServerBES Server
BigFix FixletPublishing Servers
BigFix FixletPublishing Servers
BES RelayBES RelayBES ClientsBES Clients
BES RelayBES Relay
BES ClientsBES Clients
CorporateCorporate
BES ClientsBES ClientsBES Console
BES RelayBES Relay BES ClientsBES Clients
DMZDMZInternetInternet
Remote OfficeRemote Office
22
Tivoli Software
© 2010 IBM Corporation
BigFix Message Architecture
BES ServerBES Server
BigFix FixletPublishing Servers
BigFix FixletPublishing Servers
BES RelayBES RelayBES ClientsBES Clients
BES RelayBES Relay
BES ClientsBES Clients
CorporateCorporate
BES ClientsBES ClientsBES Console
BES RelayBES Relay BES ClientsBES Clients
DMZDMZInternetInternet
Remote OfficeRemote Office
Automatic content retrieval (HTTP)
The BES Server retrievesFixlets (Policies) from
BigFix Fixlets Publishing Serversautomatically.
The BES Server retrievesFixlets (Policies) from
BigFix Fixlets Publishing Serversautomatically.
23
Tivoli Software
© 2010 IBM Corporation
BigFix Message Architecture
BES ServerBES Server
BigFix FixletPublishing Servers
BigFix FixletPublishing Servers
BES RelayBES RelayBES ClientsBES Clients
BES RelayBES Relay
BES ClientsBES Clients
CorporateCorporate
BES ClientsBES ClientsBES Console
BES RelayBES Relay BES ClientsBES Clients
DMZDMZInternetInternet
Remote OfficeRemote Office
The BES Server notifies (UDP)its clients immediately of
new Fixlets content
The BES Server notifies (UDP)its clients immediately of
new Fixlets content
24
Tivoli Software
© 2010 IBM Corporation
BigFix Message Architecture
BES ServerBES Server
BigFix FixletPublishing Servers
BigFix FixletPublishing Servers
BES RelayBES RelayBES ClientsBES Clients
BES RelayBES Relay
BES ClientsBES Clients
CorporateCorporate
BES ClientsBES ClientsBES Console
BES RelayBES Relay BES ClientsBES Clients
DMZDMZInternetInternet
Remote OfficeRemote Office
The notification propagatesthroughout the enterprise
within minutes
The notification propagatesthroughout the enterprise
within minutes
25
Tivoli Software
© 2010 IBM Corporation
BigFix Message Architecture
BES ServerBES Server
BigFix FixletPublishing Servers
BigFix FixletPublishing Servers
BES RelayBES RelayBES ClientsBES Clients
BES RelayBES Relay
BES ClientsBES Clients
CorporateCorporate
BES ClientsBES ClientsBES Console
BES RelayBES Relay BES ClientsBES Clients
DMZDMZInternetInternet
Remote OfficeRemote Office
BES Clients retrieve the Fixletsupon connection, and
defined intervals
BES Clients retrieve the Fixletsupon connection, and
defined intervals
26
Tivoli Software
© 2010 IBM Corporation
BigFix Message Architecture
BES ServerBES Server
BigFix FixletPublishing Servers
BigFix FixletPublishing Servers
BES RelayBES RelayBES ClientsBES Clients
BES RelayBES Relay
BES ClientsBES Clients
CorporateCorporate
BES ClientsBES ClientsBES Console
BES RelayBES Relay BES ClientsBES Clients
DMZDMZInternetInternet
Remote OfficeRemote Office
BES Clients continuouslyevaluate and enforce
received policies
BES Clients continuouslyevaluate and enforce
received policies
27
Tivoli Software
© 2010 IBM Corporation
Appendix B Integration Architecture
Tivoli Software
© 2010 IBM Corporation
BigFix API Architecture
BES Server
WebReportsdatabase
BESClientsBESClientsBESClients
BESConsole
SOAPAPI
ClientCompliance API
PlatformServer API
Database API
SessionInspectors
SessionInspectors
RelevanceInspectors
29
Tivoli Software
© 2010 IBM Corporation
BigFix APIs
API Execute Against Language / Interface Read or Write
Client Compliance API BES Clients Relevance Language / MS COM
Read
Platform Server API BES Server Any Language / MS COM Write
Database API BES Database SQL / (ODBC, ADO, JDBC) Read
Client Inspectors BES Clients Relevance Language &
Action Script
Read
Session Inspectors BES Console &
Web Reports
Relevance Language Read
SOAP API Web Reports Relevance Language / SOAP Read
30
Tivoli Software
© 2010 IBM Corporation
BigFix Agent Integration Architecture
API
ExtensibleInspectors
AV
AS
HIP
S
Anti-virus
Spyw
are
Patch
Vulnerability
Inventory
Roadm
ap
Custom
HIP
S/N
AC
EnforcementAPI
BigFix Agent
Fixlet ® message Libraries• Lightweight• Instant-on• Dynamic• Secure
BigFix Agent• Low impact• Small footprint• Bandwidth frugal• Secure
NA
C
Single Console, Single Infrastructure management for • Corporate LANS• Mobile Computers• Remote Offices
31
Tivoli Software
© 2010 IBM Corporation
IBM / BigFix Roadmap
Key:
Integration
Lifecycle
Security
2H 20112H 2011
• BigFix Platform Version 8 • BigFix Platform “Foothill”
1H 20111H 2011
• BigFix Platform “Euclid”• Quick time to market with
competitive solution• Address both security and
lifecycle in one solution• Rapid Time to Value• Full IBM offering in IBM
Channels
2H 20102H 2010 1H 20121H 2012
• BigFix Platform “Gilman”• Integration with Tivoli ISM
solution for cross sell/up sell• Extended Run from support for
broader IBM Customer support• Expanded partnerships with
STG
• Simplified Chinese, Japanese, French, Italian, German, Spanish Language Support
• Data Integration for Asset and CCMDB
Blue Rinse• IBM Tivoli Branding• Traditional Chinese, Korean, Brazilian Portuguese Language Support
• Passport Advantage
• DB2 Support• ISM Integration (TAMIT, SRM, etc.)
•Software Repository Integration for MSI/EXE•OSD: MDT OS
reimaging/migration•Power Management 3.0
•TCM Upgrade: SPB Support for BigFix Software Distribution/Repository•Tivoli Remote Control
Integration•OSD: MDT Bare Metal & TPM
OSD Reimaging•App-V Support
•Software Repository 3.0•OSD: TPM OSD Bare Metal•DSS SAM 2.0•Expanded VDI Support
•OSD with “Peercast” support•Remote Control with “Direct
Connect” Support•Client Virtualization
•DSS SCM 1.0: Enhanced Compliance Reporting
•CMEP Open Architecture•Proventia Desktop on BigFix
Platform (ESC replacement) with Windows 7 Support•DSS SCM 1.1
•TSCM/Fusion Upgrade: BigFix support for TSCM policies•“ESC”: Data Leak Prevention•DSS SCM 1.2
•DSS SCM Policy Management•“ESC”: Site Protector
Roadmap Coding• Existing Roadmap• Integration Roadmap• Risk due to resource availability or blue rinse obligations
INTERNAL FACING ONLYNOT FOR EXTERNAL USE
32
Tivoli Software
© 2010 IBM Corporation
Other Future Items
Integration
– Additional integrations with ISM products
– BigFix Server support on AIX, Linux
Lifecycle
– Endpoint support for Linux on Power
– Admin Command Line Interface
Security
– TAMOS Integration
33