So, how many FTEs? and for what, exactly?


Looking for some quick data points for a discussion in a couple days. Any information you can provide would be helpful. If you’re not comfortable sharing the information here in the forum, feel free to PM me for my e-mail address and we can take it off-list.

How many FTEs do you have assigned to BigFix and what portions of the platform are you using (and, if possible, how is the FTE/portion broken down)? Also, how big is your deployment?

We’ve got around 12,500 regularly reporting devices and are really only using the patching portion of BigFix Lifecycle (no Software Deployment Wizard, no Self-Service, no OSD). We’re looking to expand our use to the rest of Lifecycle and to Compliance, Inventory, and (Automated) Patch, but we have no realistic idea how much people-power this is going to take to do well.

Also, how much time to you and yours spend on system curation, user education and support, content creation, etc.? We’re a very distributed environment with over 100 operators, 60 of whom have logged in within the last month. We’re hoping to exercise more control over what’s available in the system, but that’s going to be a bit if a cat-herding experience. Does anyone else operate in a similar environment? How long does it take how many of you to do this?

Thanks for any responses!

– John


Do we work at the same place?
Under 20k devices, Lifecycle, SCA, PCI, BFI. 2 FTE (1 admin, 1 Patch SME), pt packager/coder, pt BFI, pt patcher for a snowflake dept. I have asked for a FTE backup admin and a FTE API/Relevance coder.
Don’t really have time to dev stuff, just trying to stay ahead of monthly Windows patching, reporting and compliance audits. We also handle OS issues (non-BF) oncall. Herding cats should be on my resume.

1 Like

About 6,500 endpoints, half directly supported by my team. (The rest are supported by client teams in an MSA-type arrangement.)

We have three primary contributors to BigFix:
Person doing BigFix sysadmin/architecture/care-and-feeding, some content development, some patch deployments. (me)
Person doing most patch deployments, some content development, most patch deployments.
Person doing some content development.

None of these are 100% BigFix. I’d guess it’s about 1.5-2.5 FTE depending on the tides. One thing that impressed us greatly was that our population has about doubled since we got BigFix, but the FTE costs haven’t changed.

(There are also many operators deploying actions on an ad-hoc basis.)



I’ve managed BigFix implementations since 2003.

I currently manage an installation with ~49k endpoints (fluctuates between 48k and 50k).
I am the only FTE allocated to the product as the Primary Support body. I do have a “Backup” for when I’m on vacation, but he has other primary responsibilities.

That said, I don’t manage the endpoints. I manage only the BigFix environment itself. I also help Console Operators when they have custom needs in terms of custom Tasks/Fixlets that can’t be covered by Software Distribution, or when a custom Analysis needs to be written.

  • 2 BigFix Servers in a DSA Pair (Windows with MS SQL).
  • 40 Linux Based Relays, 40 Windows Based Relays
  • Web Report Server
  • OS Deployment
  • Software Distribution
  • I’m retiring our BigFix Inventory implementation.
  • Upgrading our SCM implementation
  • Implementing ILMT (due to retiring of BFI)

I support a population of 60 active Console Operators (124 total due to backups in each group). These Operators manage the endpoints and use BigFix for patching and general Software Distribution.

I also support 3 other Applications so my time is split across all of them, but BigFix has the largest footprint and takes the bulk of my time.

  • IBM Workload Scheduler
  • IBM BigFix Remote Control
  • VMware Airwatch (aka Workspace ONE)

In the region of 120000 endpoints across varying platforms with 2 FTEs. The FTE’s are primarily using Bigfix on a daily basis but perform other roles too. A small number of tasks (probably accounts for 2% off an FTE workload) have been off-loaded to another group via WebUI. Bigfix is mainly used for patch and application security updates but there is also a lot of custom content created by the FTE’s.


Sorry to came late to the party.
I used to work for an organization with ~150,000 Endpoints.

  • 200 Relays
  • Linux, Windows and AIX Endpoints

BigFix Modules:

  • Patch Management(Main solution)
  • BigFix Inventory

Dedicated Resources:

  • 2 Entry Level Engineers for basic developments and troubleshooting of agents
  • 2 Senior Engineers doing Advanced Content Development and Administration/Architecting of the BigFix Environment.

The four resources were 100% BigFix.

I guess it would depend on how important the organization takes BigFix.


Curious as to why you’re retiring your BigFix Inventory Implementation.


Not enough BFI licenses for the number of endpoints that would need to be covered, and I must have ILMT for an ongoing Audit from IBM.

At some point, I may look at putting BFI back into production, but I would still need the ILMT implementation to track License usage for those systems not licensed for BFI.

1 Like