The BigFix team is pleased to announce the release of version 9.5 Patch 11 (9.5.11.191) of the BigFix Platform. The main features in this release are as follows:
Reduce network traffic and relay infrastructure costs by exchanging cached files with peers (aka PeerNest)
This version introduces peer-to-peer configuration which will help you reduce the relay infrastructural costs.
In a peer-to-peer setup, endpoints in a subnet coordinate their download activities in order to download binaries only once from the relay, thus reducing the network traffic outside of the subnet. With this setup, you can facilitate a faster and direct exchange of binaries between endpoints and remove the need for every client to download the same binary from a relay, allowing the removal of dedicated relays from branch offices.
For details, see Peer to peer mode.
Improve real-time visibility by delivering notifications to clients across firewalls through client-established, persistent connections
The BigFix Query function relies on a UDP based notification where the relay notifies the clients of a new query. Firewalls or NAT may block this notification mechanism. Through the new persistent connection feature, a persistent connection initiated by the client is used by the relay to manage the UDP based notification. This allows the delivery of any type of notification, thus offering a faster alternative to command polling. A persistent connected client also acts as a UDP notification forwarder (proxy) for the other clients in the same subnet which can reduce the number of connections and optimize relay performance.
For details, see Persistent connections.
Prevent BES server overload and network congestion by defining a fallback relay
You can now define a fallback relay for your clients when they fail to connect to any relay specified in their settings.
For details, see Requesting a license and creating a masthead and Editing the masthead on Linux systems.
Simplify the installation and upgrade of the WebUI component including it as part of the BigFix Platform installation
The installation of the BigFix Platform (both evaluation and production versions) on both Windows and Linux now includes the option to install the WebUI component as well, offering a convenient alternative to the fixlet based installation. The upgrade of the WebUI component will be executed as part of the platform components update process, and as noted in 9.5.10, the WebUI can now scale to manage 120,000 endpoints from either a Linux or Windows BES Server installation.
For details, see Installing the WebUI (for Windows) and (Optional) - Installing the WebUI Standalone (for Linux).
Enhance corporate security by specifying the TLS ciphers that can be used in network communications between the BigFix components and the internet
Starting in this version, master operators can control which TLS ciphers should be used for encryption. A master operator can set a deployment-wide TLS cipher list in the masthead by using BESAdmin.
For details, see Working with TLS cipher lists.
Enhance security and reduce load on the BES root server by automatically shutting down the BigFix Console after a period of inactivity
Starting in this version, you can control the maximum amount of time to keep an inactive session of BigFix console alive. After the timeout, the BigFix console is closed.
For details, see List of advanced options.
Enhance the security of your BigFix Server by optionally disabling access to the Internet
Starting in this version, you can control whether your server accesses the Internet for updating the license and gathering the sites or not by using a configuration setting.
For details, see Airgap Mode.
Gather WebUI content more securely through HTTPS and in an optimized manner
- WebUI: Gather BES sites with HTTPS by default
You can gather license updates and external sites by using the HTTPS protocol on a BigFix server or in an airgapped environment. For details, see Customizing HTTPS for Gathering. - Optimize Gathering from Synch Servers
The Gathering process has been optimized with more effective handling of Gather errors.
Establish an increased level of security when creating new users by assigning them minimal permissions
When you create users, they are assigned minimum permissions (read-only) by default, which offers an additional level of security.
For details, see List of Advanced Options (look up ādefaultOperatorRolePermissionsā) and Adding local operators.
Enhanced security and visibility with more detailed server audit logs
The server audit logs now include the following items:
ā¢ Messages for deletion of computers from the console or through API
ā¢ Messages for deletion of actions
ā¢ Audit entries are presented in a single line and contain the same number of field delimiters. Field delimiters are present even if no value exists for a specific field. Since the format of the audit fields is subject to change over time, each line has a version number as the first entry. The current format includes texts from existing audit log messages (which are in old format) and presents them in the last field.
The server generates audit logs for two new events: the deletion of an action and the removal of a computer.
For details, see Server audit logs.
Reduce the costs of managing relay infrastructure through a new Dashboard that summarizes relay health across the entire network
You can now monitor the status of your relays across the entire network by using the Relay Health dashboard. The Relay Health Dashboard shows you specific details about the relays in your BigFix environment.
For details, see Relay Health Dashboard.
Configure the default behavior of Timeout Override on clients
Starting in this version, you can define the default behavior for timeout and disposition on a specific client for all the programs or processes triggered by any wait or waithidden commands, unless it is specified differently in an override section of that specific wait or waithidden command definition.
For details, see List of settings.
Optimize and accelerate Platform REST API interactions
You can now control/reduce the number of fields returned by a REST request by using the ?fields= parameter to limit the fields returned for a given resource when using the API resources /api/actions and /api/action/{action id}/status.
For details, see Action and Computer.
Accelerate fixlet creation and testing by using the FastQuery interface in Fixlet Debugger
Fixlet Debugger is extended to use FastQuery interface in addition to Local Fixlet Debugger Evaluator and Local Client Evaluator. You can choose a remote endpoint to evaluate relevance.
For details, see Fixlet Debugger.
Save time when working in tight maintenance windows by enabling group actions to start before sub action downloads are available
Group actions with pre-cached downloads now start without requiring all sub-action downloads to be available on the client, provided the downloads for the first relevant sub-action are available. Additionally, the server and relay caches are primed by continuing with as many download requests as possible even under a ādisk limitedā constraint.
For details, see Enabling data pre-cache.
Other Enhancements
- Improved documentation on configuration settings. For details, see Configuring the behavior of BigFix.
- Added changes to the client component for enabling a new version of the self-service application (SSA)
- Added support for running Agent and Relay on Windows Server 2019
- APAR and defect fixes
- Security enhancements
References
See further details in the 9.5.11 Release Notes
See the full technical changelist.
Pre-Upgrade Considerations
- All BigFix Platform components are being released in this patch.
- Ensure to STOP the WebUI and any other active application connecting to the BigFix database BEFORE starting the upgrade
- A manual Server upgrade is required if you upgrade from a version earlier than 9.5.5. Refer to the 9.5.5 release notes for more information.
Useful links
BigFix downloads and release information
Upgrade documentation in IBM Knowledge Center
