BigFix 10.0 Patch 1 is now available

flupini · August 5, 2020, 5:44pm

The BigFix team is pleased to announce the release of version 10 Patch 1 (10.0.1) of the BigFix Platform.
The main features in this release are as follows:

Discover and report cloud assets, now also from Google Cloud Platform
With this feature, you can discover and manage visibility of your cloud resources on Google Cloud Platform by using the Plugin Portal and plugins technology.
To install the BigFix client on your discovered cloud resources, use the WebUI or BES Console.

For details, see Extending BigFix management capabilities.

Get more from audit logs
The audit log service now provides more details about logging in and out of the BigFix Server, and information on the IP addresses that the clients use to access the server.

For details, see Server audit logs.

Enhanced security of TLS connections with support for Forward Secrecy
You can now leverage on the ephemeral Diffie-Hellman (DHE) and ephemeral elliptic curve Diffie-Hellman (ECDHE) for key exchange to increase the level of security of your deployment.

For details, see Using the DHE/ECDHE key exchange method.

Mitigate network impact and bandwidth requirements with clients connected through VPN
You can now configure BigFix Client to download payloads directly from the internet based on a configurable list of sites. This helps you mitigate the network impact and bandwidth requirements associated with BigFix Relays that serve BigFix Clients connected through a VPN.

For details, see List of settings and detailed descriptions.

Use Microsoft Office 365 as the email server for Web Reports
In the earlier versions of BigFix Platform, Web Reports could only contact email servers by using the basic authentication over SMTP. In this release, you can schedule the sending of reports by using Office 365 email server with OAuth 2.0 and client credentials grant flow.

For details, see Setting Up Email.

Other enhancements

Modified the installer to remove the setup of SQLServer2016SP1-Evaluation from the options of the BigFix Evaluation installation.
For details, see Performing an evaluation installation on Windows.
Enhanced serviceability of PeerNest and BES Client debug log with more information and the possibility to rotate and set a maximum size.
For details, see List of settings and detailed descriptions.
Improved Client Deploy Tool (CDT) wizard: Simplified the installation process for clients that are discovered by cloud plugins.
For details, see Installing the BigFix Agent on discovered resources.
Upgraded the following external libraries: libcurl to version 7.69.1, Codejock to version 19.2.0, jQuery to 3.5.1
Fixed DAs and defects. For details, see the technical specification section below.
Fixed security vulnerabilities. For details, see the technical specification section below.

References

See the full technical changelist.

Pre-Upgrade Considerations

This release includes all the BigFix Platform components. It also includes the Plugin Portal that enables the Multicloud and Modern Client Management capabilities.
Upgrade paths to BigFix 10 begin with v9.5.10 or later. For details, see Upgrade paths (Windows) and Upgrade paths (Linux).
For detailed information on the specific changes to minimum supported versions of operating systems and databases for BigFix 10, see Detailed system requirements.
BEFORE getting started with the upgrade process, stop any active application that is connected to the BigFix database (such as Web Reports, WebUI, BigFix Inventory, or BigFix Compliance).

Known Issues

A problem with the version of curl used in BigFix Platform 9.5.16 and 10.0.1 might cause a high number of sockets in TIME_WAIT state on the BigFix Web Reports machine. This can lead to issues with network communication between the BigFix Platform Components, especially if the Web Reports service is co-located on the Root Server. For more details, including recommendations and workarounds, please see this article.

Useful links

BigFix downloads and release information
BigFix 10 documentation
- Home page
- Upgrade considerations
  - Windows
  - Linux
- Detailed system requirements

Upgrade Fixlets are available in BES Support version 1438 (or later).

– The BigFix Platform Team

mark_b · August 12, 2020, 10:49am

Does this new upgrade also include WebUI upgrades or new features ??

brolly33 · August 13, 2020, 4:41pm

New Inspectors in Windows Client:

instance data of <cloud provider>: instance data
json of <instance data>: json value
keys of <instance data>: json key
path <string> of <instance data>: json value
uuid of <dmi system_information>: uuid

mbartosh · August 19, 2020, 2:47pm

Has anyone discovered any issues with this release?

brolly33 · August 19, 2020, 7:29pm

It’s perfect. (I may be biased)

JasonWalker · August 19, 2020, 8:04pm

This in particular is a huge boon to work-from-home:

Mitigate network impact and bandwidth requirements with clients connected through VPN
You can now configure BigFix Client to download payloads directly from the internet based on a configurable list of sites.

There is also an option to try Internet download first, and then ask the Relay if the download fails. So you can now do Internet downloads for patches, and still have your local-hosted SWD packages work too.

fermt · August 20, 2020, 1:26pm

I’ve seen an issue with version 10.0.0, where if I disable an Analysis, the properties/values remain reporting.
If I query the REST API for an specific property that is part of the analysis I’m still able to get results back.
In console, I still can see the property values.
The only option is to delete the analysis so the properties associated to it go away.

I didn’t see in the changelog if this is something that has been fixed.
Could someone confirm if this is something happening only in version 10.0.0?
Or perhaps this is a normal behavior and I didn’t noticed in previous versions of BigFix?

JasonWalker · August 20, 2020, 2:29pm

I may have reported something similar, and found it actually goes back to much older versions.

results (Bes property, Bes computer) includes results where the computer is no longer relevant for the analysis.

results of Bes property does not have the same issue.

Of course, when querying multiple properties, the problematic first form is much more efficient.

Same issue is in 10.0.1 and at least as far back as 9.5.7, the earliest version I have handy to check. I’m afraid you can’t upgrade your way out of it yet, and may need to refactor queries to work around it.

itsmpro92 · August 20, 2020, 2:59pm

That’s useful knowledge - thanks for digging into it.

fermt · August 20, 2020, 3:49pm

Yes, I’m using a similar query results (Bes property, Bes computer) to pull data from BigFix.
I thought it was just an issue with BigFix 10. For now I have removed the analysis as many of our queries would need to be refactor.

system · September 4, 2020, 5:55pm

This topic was automatically closed after 30 days. New replies are no longer allowed.

Viking · February 1, 2021, 8:51pm

Any other “gotchas” that we should be aware of?

fermt · February 2, 2021, 1:40pm

You can’t upgrade from BigFix > 9.5.15 to 10.0.1. The Web Reports service will stop working.