BigFix vs SCCM

(imported topic written by hgiljr91)

Hello everyone. We are currently an SCCM Shop, have been since 2.0. After SCCM upgrade we finally decided to move all our sites (total 17) to SCCM and push out patching under one application. We have about 5k endpoints receiving updates. We have been experiencing several difficulties across the board and have worked long hours with Microsoft to resolve some and still pending resolving others.

Now new management is taking about moving to Bigfix, an application that is supposed to be better then SCCM. I have not seen bigfix so I cannot comment and have no idea how it works. DOes anyone have feedback between these two applications and why bigfix would be preferred over SCCM? Just want to be ready gathering facts since in the end we are the admins. Here are several more questions:

  1. One thing I have read is that bigfix requires a lot of scripting of packages to be deployed? Is it true?

  2. Bigfix does not do software inventory, a third party tool is needed?

  3. Can one create queries and specific collections in bigfix as you can in SCCM?

  4. What are recommended hardware specs for bigfix? Will a distribution point be needed at each site? Keep in mind that some of our sites are satellite links of either 256 or 512…

Any info appreciated. Thanks

(imported comment written by hgiljr91)

Good morning. By chance did I get the wrong forum? If I should post this somewhere else, please let me know and I will. Would really like to find some answers…


(imported comment written by SystemAdmin)

We used to run SCCM (and LanDesk), but happily abandoned it when we deployed Bigfix. During a bake-off between various vendors, we had a list of common things to query, patch, or deploy. We piloted with each vendor using the same criteria on the same hardware. We finished the pilot list in about five hours with Bigfix (counting installation time). With SCCM, we were about 85% done after a week (in spite of having a dedicated MS engineer on-site all week).

Bigfix comes with quite a few completely ‘canned’ scripts and packages for not only MS security patches, but also patches for Apple, linux, and unix platforms. There are also pre-made jobs for common third-party things like Adobe Acrobat Reader.

It relatively easy to customize and script your own jobs as well. The syntax is easy to pick up and concise. It is very powerful, flexible, and reliable. You get near real-time results. I’ve written hundreds of custom jobs that manage our 8700 machines.

Bigfix does do software inventory. See

Querying specifically-targeted machines for answers is easy and extremely powerful in Bigfix. For a simple question, I can create the query (analysis in Bigfix-ese), run it against my whole environment, and export the answers in less than a half hour. Targeting machines is much simpler than SCCM. You should download the trial version and check it out.

Hardware requirements are listed here:

With slow links, a relay (Bigfix-ese for distribution point) is recommended at remote sites. It does not require dedicated hardware. The relay aggregates agent communicates to the main server (automatically compressing attachments). We have used Bigfix successfully for several years to 1100 WAN sites on 56K or 128K circuits. We have at least one relay per site (larger/higher bandwidth sites have multiple).

Hopefully that helps …

(imported comment written by BenKus)

Perhaps the feedback here might help:


(imported comment written by hgiljr91)

Thanks Ben. Now if someone can provide me answers to these questions I would appreciate it:

  1. Does BigFix offer Desired Configuration Management?

  2. Does BigFix offer Operating System Deployment (light touch, zero touch, WDS, etc)?

  3. Does BigFix offer Internet Based Client Management?

  4. Does BigFix offer capabilities like SCCM’s Asset Intelligence?

  5. Does BigFix offer offline patching of virtual machines?

  6. Does BigFix utilize Network Access Protection (NAP) technologies to prevent computers with vulnerabilities from gaining access to networks?

  7. Does BigFix offer mobile device management?

  8. Does BigFix offer application virtualization?

(imported comment written by BenKus)

Hi hgiljr,

I think it is best if you talk to one of our sales engineers to get answers to these questions in more detailed form. Partly because we (or at least I) am not familiar with all the SCCM details… but also, this type of thread can quickly devolve into a vendor battle of who is better than who and even though BigFix has the upper hand here (after all, we moderate the forum and as you can see we clearly have lots of loyal fans of our product), it is not the intention of this forum.

Here is what I can tell you to answer your questions:

  1. I believe we do, but we don’t call it that. Basically, we let you identify a known set of issues/configurations and the BigFix Agent will detect and then change them based on what you would like to do.

  2. Yes. We partner with a company Acronis to provide OS Deployment with all the expected bells and whistles (PXE, multicast, support for various OSes, etc.)…

  3. I don’t know what your term “Internet Based Client Management” means, but if it means managing remote computers that are not in your office, then definitely yes. This is nothing special to us because it is built into our platfrom to allow this if you enable a relay in your DMZ. Once you do that, you manage your Internet connected computers the same as you manage your internal computers.

  4. Again don’t know the term “Asset Intelligence”, but BigFix has extensive inventory abilities… Out of the box includes: Almost all types of hardware, network info, installed applications, software usage (available with our DSS SAM module), and if we don’t provide something out-of-the-box, it is pretty simple to write a custom property and you should have the results within minutes (regardless of the size of your deployment).

  5. We are looking into this, but if you are asking about Virtual Server, we aren’t currently looking at that… VMWare is requested most often by our customers.

  6. We have a Network Access Control module of BigFix that lets you define policies (i.e., is AV running? is AV updated? are the right patches installed? are the right configs in place?) that you can use to integrate with a NAC technology. Our NAC framework is vendor independent, but we have done work with Infoblox, Cisco NAC, MS NAP, and some other vendors.

  7. Yes. Support Windows CE 4.2 and higher is in BETA, but I can’t say too much more about it because of an upcoming formal announcement that will have more details.

  8. Yes. We have an application virtualization partner, but again there is an upcoming announcement.

As mentioned before, it is best to talk to one of our sales engineers rather than use my quick notes here. Depending on your company size and needs, there might be some more refined answers we can give you.

There are also a lot of other benefits that customers will often note of using BigFix over SCCM, but again, trying to maintain the integrity of the forum and so it is best to ask your salesperson or sales engineer for those details.

Hope that helped,