BigFix Patch Management 7.2
Strengths: Many useful technical features under the hood of the overall architecture.
Weaknesses: Steep learning curve with repeated prompts for authentication when making significant changes.
Verdict: Overall, a solid product offering for organizations which are drawn to a high degree of flexibility and control.
SummaryBigFix Patch Management is a client server patching solution that integrates with the company's asset discovery, configuration management, endpoint protection and vulnerability management technologies to help manage endpoints in the enterprise. Installed on a single Windows-based machine, the solution is comprised of a console, server, client agents and relays. The solution can analyze and deploy patches for several different operating systems, including Windows, Linux, UNIX, Mac, ESX and Windows mobile devices.
Product installation is fairly straightforward, but expect several security-driven steps to create license and certificate files. The goal of the numerous security measures during component initialization is to ensure that the actions taken against the hosts are valid. Expect several password prompts when installing the solution, as well as executing any actions that require significant changes to the target hosts.
BigFix definitely does not have the most user-friendly interface and some may find it challenging to learn. However, once you peak under the hood it provides a large number of technical bells and whistles. There is extensive support for managing assets and patch rules for various operating systems and applications. The technology is driven by Fixlet messages, which are tasks that administrators ultimately decide to act on or disregard. Messages include anything from administering the solution itself to reports from the endpoints regarding what patches might be missing and configuration of how-to-administer deployment.
Patch management is driven by a series of external subscriptions to BigFix for each OS or configuration supported. The architecture of the solution has redundancy and performance in mind, as agents report to various relays (depending on the size of the environment), leaving the console to use less processing power. However, the bane of the solution is its complexity. Expect a much steeper learning curve than most solutions, as it takes quite a bit of time to become acclimated to the very technical interface. Other features - such as managing hosts to particular baselines, configuration standards, deploying patches and running reports - are all top notch.
Documentation for the solution is solid, including some guides and task enumeration to help administrators through the inevitable learning curve. The BigFix support site contains a customer form and knowledge base.