We’re looking at IBM Endpoint Manager/Big Fix/Tivoli (Not even sure what it’s supposed to be called, the IBM reps referred to it as all 3 names in different slides).
Primarily for patch management. Possibly for Life Cycle Management.
Anyone use it? Comments?
Thanks
It answers to any of those names, due to rebrandings over the years, but it started as BigFix, ended up back as BigFix now, and informally was always called BigFix all along.
I’ve been using it for seven years in a government deployment. I was originally dragged into it protesting - why learn a new programming language just to run one piece of software when we could do something more common - PowerShell or Python or something more portable.
After a couple of months I saw some value, by the end of the year Relevance was my primary language. It’s great for pulling details off the endpoints without slowing them down - the main driver for having the relevance language is efficiency.
Some of the largest companies and governments in the world are using BigFix because of it’s scale. Not many other solutions can count endpoints in the hundreds of thousands or even millions.
In my company, over the course of four years we rapidly expanded our managed client count while also losing several of our engineers. I don’t think we could have handled that scaling without BigFix.
:edit: last line should read “without Bigfix”. The prior “with BigFix” would have an entirely different meaning 
I would echo everything @JasonWalker has said. The infrastructure footprint is much smaller that some other products, you can manage over 100k endpoints with just 1 application server and a suitable number of relays, which can be either server of workstation OS. It supports a variety of operating systems and though it does take some time to get used to the relevance query language, this one language allows you to inspect all the different platforms that are supported.
It is also great for inspecting so many things on your endpoints. Say you want to see how many Windows systems have a certain registry key or value, or maybe a certain file in a specific folder…you can get results back within minutes with very little development time. I know some other products it could take several steps and could take 24-48hrs to get back the results.
We use 2 patching solutions, 1 is like the postal service, the patches get there eventually and it takes a while longer to validate that the patches are installed. Bigfix is like UPS/Fedex/DHL and will get the patch there quickly and you will get the proof of delivery very shortly after.
Once you learn and embrace the relevance language, all sorts of things are possible that I just don’t think you can do with other products. Patching, while delivered more efficiently than most products, is pretty self-explanatory to compare - BigFix covers X products, SCCM covers Y products, something else covers Z products. It’s when you get into custom content that I think BigFix really shines.
I have an analysis that retrieves the BIOS versions of my machines, compares them to a list of known-good firmwares I built for all of my deployment’s hardware models, and tells me which machines are missing Spectre-protected firmware - and which ones I have to exclude because there is no BIOS update to be had. I have a rolling Web Report to track how many were updated on any given day and the compliance trend. I don’t know whether I could have done that in SCCM.
To to what is said already, at the current site that I am at, we are using Patch for our Windows and non-Windows servers (RedHat, Oracle, AIX and Solaris). We have been able to get our patch compliance for all OS security patches to above 98% and would be more, but every month there is some servers that just do not patch (OS issue not BigFix). At least when they fail we know what failed and where.
Even though we have Patch only, there is still a lot of information that we get from the systems based on custom (my own, this forum or from bigfix.me) such as drive space, up times, currently logged on users, Symantec install info and a ton more. I frequently have the server guys ask “can BigFix report this?” and pretty much every time, I either have it, or can have it ready in a couple hours.
Biggest thing is the near realtime information provided. I can look and know the state of systems and know where my environment sits.
When I first started using BigFix, it was when IBM bought them and I thought I would sit down in install the demo. Within about 1 hour I had it and 5 agents installed and I started deploying patches.
Start with the patching and then you can enable other products without having to do a bunch of work and redesign.
Once you spend a bit of time, you will find it a very useful tool.
A lot of what is said above is reflected here as well so worth having a glance.
It might also worth sharing with us what you currently use/current setup so we can provide some more specific comparison points - happy to take DM if you don’t want to share that publicly