Automatic Sync'ing of Baselines

(imported topic written by curth)

Ben Kus addressed this somewhat in 2007 in the following post:

http://forum.bigfix.com/viewtopic.php?id=831

However, I would like to ask again for BigFix to automatically sync the baselines when changes to Fixlets are modified. I understand from the above post that there are digital signatures involved. Maybe BigFix could have a “special” account for sync’ing baselines. This “special” hidden account would then digitally sign the baseline updates in a process that ran at a configurable interval (this could be an option to set in the BES Admin tool). The resync’ing process would then just mimick what a user would do (programatically of course) and then digitally sign the baselines for them to be committed.

There is always a balance of security and useability. I think in this case most of us would agree that the useability might win out.

Just my thoughts…

(imported comment written by BenKus)

Hey Curt,

We have long held the design goal in BigFix of:

“BigFix cannot propagate anything in our Fixlet sites that will change something on your systems without you authorizing it first.”

This is the fundamental reason why you need to resynchronize your actions and your baselines whenever we change something.

Imagine this scenario:

BigFix propagates some Fixlets, you see how many computers are relevant, you run through your tests, examine the relevance, etc. and then send out the actions based on the Fixlets (or put them in a Baseline and then send them out)… What if BigFix then changed the relevance (for any reason) and then your baseline and actions were auto-synced and then the actions started running places that you didn’t expect. That would be a violation of your change-control, it would potentially cause damage, and it would violate our design principle.

And it seems that this would be of great concern to companies where change-control procedures are strict and there are serious consequences if things go wrong…

Perhaps we can solve the same issue but in a different way if we try to make it easier to re-sync baselines?

Ben