Suggestions for custom site organization and best practices

adeilson · October 2, 2023, 12:58pm

Hello folks,

I am here to ask for help with some best practices and suggestions for custom site organization. Documentations, ideas are welcome.

Maybe if any of you could share how you do it and how you keep the environment healthy would be great!

Our environment has more than 4000 computers and it is diverse. We have a lot of custom fixlets for dealing with a lot of things we mapped.

So if any of you could share how you’ve been doing in your environment to keep things out of Master Action Site and thus improving the client report cycle.

Thanks in advance!

orbiton · October 2, 2023, 1:56pm

The main thing you need to remember is every content on the Master ActionSite is visible to all of the computers and operators.

Do you have different OS’s you are managing?
Do you have different Teams which managing their own infrastructure?

adeilson · October 2, 2023, 2:13pm

I have multiple OS, from Linux to Windows, even Win2003.
We have many team members, but as far as I know, all of them are from Vulnerability Remediation.

orbiton · October 2, 2023, 2:26pm

Minimize the usage of Master Operator - I think that there should be:
1 Local Administrator Account
1 Domain Account that is associated to the person that is managing the BigFix Infra itself. (Root Server, Relays …) not the Clients

After that, ask yourself what does the other team member are doing with BigFix?

Are they Managing specific machines or all of the machines in the organization?
Which content they should see? (Analysis, Fixlets, Tasks)

I’ve encountered a case on which an operator was able to see content from Analysis that he should not have seen - that was because the Analysis was created on the MasterAction Site and not on a Custom Site that was restricted to specific Operators and Relevant Compouters

In the end, you will want to create an environment where

each computer will only report back the content it should report and will not waste - evaluation cycles to evaluate content that is not relevant to it
each operator will only see the content he is supposed to see and manage specific machines

Rickm19 · October 6, 2023, 1:55am

If you develop your own content, you may want to create an Engineering TEST site just for that. Creating and testing fixlets, testing relevance, baselines and such. This will limit the evaluations and noise from your production environment. When content is ready, you can copy them to the Production site.