Speaking from a Big Fix customer point of view, we have RH Satellite to provide packages/patches to our Red Hat systems. We looked at the Satellite patching options a while ago and didn’t like them. Haven’t looked at many of the other features of Satellite. Frankly, we constantly have issues with Satellite so we use it minimally. We use Ansible for configuration management and patching our servers, but are slowly shifting more to Big Fix for those.
You mentioned you have Linux clients/endpoints. Are these servers (i.e. always on and running) or user controlled clients, (i.e. I turned off my system while I was on vacation)? We initially used Ansible to try to manage our clients and quickly discovered it assumes the systems are always available, which doesn’t work for this environment. We then moved to puppet and while it handled configuration management well, not so much patch management as it prefers to bring systems up to a defined baseline for everything.
I should mention we also manage Ubuntu clients, so we needed something that would work with both RHEL and Ubuntu. That’s when we found Big Fix. We have both Patch and Inventory and it’s been a game changer for us. We still maintain our Satellite (and Ubuntu Landscape server) for local mirrors, but all of our configuration management is handled by Big Fix. We use Big Fix for client patching, setting up multi-package baselines to apply the Red Hat patches. Ubuntu is just a task to do the patches (Wish Big Fix had the multiple-package option for Ubuntu)
Inventory has been wonderful. Last year I was able to generate reports on the log4j vulnerability quicker than the Mac or Windows teams and just last week I was able to give our Vendor Management Office what Linux systems were running a software package for an audit.