BigFix 11.0 Patch 4 is now available!

The BigFix Team is pleased to announce the release of version 11 Patch 4 (11.0.4.60) of BigFix Platform. The main features in this release are as follows:

You can now secure HTTPS communication in BigFix with your preferred Certificate Authority! (aka Bring Your Own CA)

• With the setcustomca BESAdmin command, you can install an external Certificate Authority (CA) in the BigFix Platform. When that happens, BigFix components at 11.0.4 and later versions will start using certificates generated from the imported CA to secure HTTPS traffic. Back level components will continue to use the current BigFix CA. For details, see Configuring the root server with a custom CA, BESAdmin Windows Command Line and BESAdmin Linux Command Line.

More console performance improvements!

• Prior releases have improved console load times and performance analytics. Our goal was to cut console load times in half, and customers generally meet or exceed this goal. With this release we have improved the general console performance, with a focus on process concurrency, efficiency, and device correlation impact. The net is through our cumulative improvements, you have a more responsive console!

More options for High Availability & Disaster Recovery (HADR)!

• The BigFix HADR solution until now has involved the Disaster Server Architecture (DSA) based on proprietary replication code. We now offer a full HADR solution based on a combination of database replication (e.g., and MS SQL Availability Group), cluster management, and shared file store. The solution aligns with industry best practices, has reference level data integrity, and is operationally more scalable and lighter weight than the DSA solution. This is especially important if you consider BigFix “mission critical” to your business! For details, see HA and DR configurations.

Enhanced PeerNest! Streamlined functionality and reduced network traffic

• Significant advancement in PeerNest efficiency: agents can exchange payloads among themselves without the need of Multicast UDP. Root Server and Relays will be used as trackers, sharing information about which clients are able to share which files. This means reduced network traffic, possibility to leverage the capability in diverse networking environments, and improved efficiency especially in the early phases of the communication. For details, see Configuring PeerNest without the multicast function and Peer to peer mode.

Higher Relay Scalability!

• A non-authenticating relay on Windows and Linux can now support up to 10000 endpoints!

Increased number of persistent connections!

• Persistent connections can be enabled on network configurations where UDP notifications are not available. The limit of endpoints that can be configured in this way is increased to 1000 per Relay.

BigFix Relay metrics collected and exposed!

• You can now monitor the status and efficiency of your relay infrastructure. The relay is now able to collect and expose metrics related to its HTTP server operations and lets you use Prometheus to collect them. The collected data can then be viewed and analyzed by a visualization application such as Grafana. For details, see Exposed Metrics and Exported Metrics.

Data upload infrastructure enhancement - Pass-Through mode on Relays!

• In file upload scenarios, BigFix Platform allows you to enable the BigFix Relays to immediately forward received file chunks upstream, instead of storing files locally, using a new setting named _BESRelay_PostFile_PassThrough. For details, see List of settings and detailed descriptions.

VMware cloud plugin connection secured with vCenter certificates!

• BigFix Platform allows you to install the vCenter certificates on the system where you intend to install the VMware cloud plugin; this allows it to open secure connections. For details, see Configuring cloud plugins.

Azure cloud plugin is able to put the VMs in a deallocated state!

• The Azure cloud plugin has a new command named deallocate instance; by leveraging this feature you can more closely control your infrastructure costs on Azure. For details, see Microsoft Azure Plugin Commands.

Added BESAdmin command to convert BigFix operators from one Identity Provider to another!

• With the converttoidpoperators BESAdmin command, you can convert BigFix operators from one Identity Provider to another already configured Identity Provider. This is useful if, for example, you want to convert your BigFix operators from referencing MSAD to referencing Entra ID. This command is available on Windows platform only. For details, see BESAdmin Windows Command Line.

Added BESAdmin​ command to set the priority in case of transaction deadlocks in the database!

• With the databaseDeadlockPriority BESAdmin command, you can set a “Low”, “Normal” or “High” priority for the BigFix Administration tool Computer Remover and Audit Trail Cleaner so that you can influence how Microsoft SQL Server resolves the deadlocks. In particular, setting the databaseDeadlockPriority option value to “High” ensures that critical transactions are most likely not interrupted. For details, see BESAdmin Windows Command Line, BESAdmin Linux Command Line, Computer Remover and Audit Trail Cleaner.

Added BESAdmin​ command to rotate the BigFix WebUI certificate!

• With the rotatewebuicredentials BESAdmin command, you can rotate one BigFix WebUI certificate associated to a given hostname, or the whole BigFix WebUI Certificate Authority (CA) and all BigFix WebUI certificates. For details, see BESAdmin Windows Command Line and BESAdmin Linux Command Line.

Inspector changes!

• New client inspector type named “cidr subnet” was added to represent the Classless Inter-Domain Routing (CIDR) value. For details, see cidr subnet.
• New “named” constructor for process inspector on MacOS to return the process object corresponding to the specified name. For details, see https://developer.bigfix.com/relevance/reference/process.html
• New inspector properties named “first line of” and “last line of” were added to return specific lines of a given file. For details, see file line.
• New inspector properties named “first rawline of” and “last rawline of” were added to return specific rawlines of a given file. For details, see file rawline.
• New inspector properties named “enabled of”, “global state of” and “stealth enabled of” were added on MacOS to return specific firewall information. For details, see firewall.

Added Support for BigFix Server on Windows and Linux with database Amazon RDS for Microsoft SQL Server 2022

• Starting from Patch 4, BigFix Server on Windows Server (2019 or later) and on Red Hat 9 supports Amazon RDS for Microsoft SQL Server 2022 database.

Added Support for BigFix Server on Windows and Linux with database Azure SQL Managed Instance for Microsoft SQL Server 2022

• Starting from Patch 4, BigFix Server on Windows Server (2019 or later) and on Red Hat 9 supports Azure SQL Managed Instance for Microsoft SQL Server 2022 database.

Added Support for BigFix Agent

• Added support for BigFix Agent running on Alma Linux 9.5 x86 64-bit.

Library and driver upgrades

• The boost library was upgraded to Version 1.87.0.
• The jQuery-UI library was upgraded to Version 1.14.0.
• The libssh2 library was upgraded to Version 1.11.1.
• The OpenSSL library was upgraded to Version 3.2.4.
• InstallShield was upgraded to Version 2024 R2.
• The Xerces-C++ XML Parser library was upgraded to Version 3.3.0

Additional information about this release

• The standalone BigFix tools are published under the 11.0 Utilities section in BigFix Enterprise Suite Download Center
• A Non-Functional Requirements checklist, covering both performance and security management of your BigFix deployment, is available at BigFix Performance & Capacity Planning Resources

References

• See the full technical changelist

Pre-Upgrade Considerations

Important considerations to keep into account before upgrading to BigFix Platform Version 11 are:

• BigFix Version 10.0.7 is the minimum version supporting the upgrade of the BigFix server components to Version 11

• You must enable the “Enhanced Security” before upgrading BigFix Platform to Version 11

• The minimum TLS supported protocol in BigFix V11 is TLS 1.2

• The SHA1 hashing algorithm for content and action signature will no longer be supported. SHA1 is still supported for file download in actionscript. For details, see the BigFix Platform V11 Overview Page

• The unixODBC RPM package is a prerequisite for the Server components on Linux systems (see Server Requirements). This applies to installations with a DB2 database.

• The msodbcsql17 RPM package is a prerequisite for the Server components on Linux systems (see Server Requirements). This applies to installations with a MSSQL database

• For detailed information on the specific changes to minimum supported versions of operating systems and databases for BigFix 11, see Detailed system requirements.

• Before getting started with the upgrade process, stop any active application that is connected to the BigFix database (such as Web Reports, WebUI, BigFix Inventory, or BigFix Compliance).

Useful links

• BigFix downloads and release information

• BigFix 11 Platform Documentation

• Upgrade Windows considerations

• Upgrade Linux considerations

• Detailed system requirements

A blog that discusses the benefits of BigFix 11 is available here

Upgrade Fixlets are available in BES Support version 1500 (or later).

– HCL BigFix – Platform Team