Welcome to the Endpoint Management Blog, where you can read the perspectives from network and service assurance experts. This Blog provides insights into the endpoint management solution, as well as technical details about specific IBM products.
We've just released our first of many updates to Labs. Featured in this release: Relay Cache Management! One of the keys to BigFix great scalability is our awesome relay infrastructure and file caching system. This lets our agents download files directly from their parent relays over fast LAN connections, saving tons of time and bandwidth. The relay caches mostly take care of themselves, however sometimes you want to more detailed control over your cache, to save space on disk, to make sure large or critical files are not kicked out of... [More]
Now that labs is released to the world , I'll be spending some more time highlighting some of the cooler features we've included, as well as anything we will add in the future. Today's feature: Client Relevance Builder! The BigFix Relevance language is an immensely powerful and versatile tool, and is one of the main reasons BigFix is so capable a platform. There is a downside to this: if you want to start making custom Fixlet content to get the full potential out of your deployment, you have to learn this new language, which not... [More]
Hey Guys, We are nearing the official release of BigFix Labs! Here's a sneak peak: BigFix Labs is a new Domain we are offering for free to all our customers. Labs offers a wide variety of interesting as-is projects that help make your BigFix life easier. Tired of writing out common relevance expression by hand? Try the new Relevance Builder in Labs! Looking a way to import BigFix data directly into excel? Labs has your back. Want to set and manage local user passwords with BigFix? Oh you bet there is a Lab for that. This is just... [More]
We've released another cool new dashboard to labs today: Bandwidth Throttling! BigFix natively offers the ability to throttle the amount of bandwidth machines will use when communicating with its parents or children, within the BigFix relay hierarchy. This is great for deployments that have constrained network connections. Simply throttle your client or relay download speeds, and you can prevent your 56k connection from being overwhelmed, while still keeping your clients responsive and up to date. However as users of this feature... [More]
As we approach the release of BigFix Labs to the general public (currently slated to be around mid October), I thought it might be fun to highlight some of the more interesting features in Labs. Todays subject: Local User Management! There is a common problem experienced by BigFix Users. Say an administrator leaves the company, and you want to change the password to the "administrator" accounts on the computers they managed for security reasons. The solution seems simple, write a BigFix action to set the user password and... [More]
As you may have noticed,
for the last year or so we have been transitioning some of our old BigFix
systems to IBM-powered systems. This transition has been bumpy at times , but
hopefully this blog post will help explain our progress and where we stand.
Here is the breakdown:
BigFix system -- web pages at support.bigfix.com
IBM system -- DeveloperWorks wiki
The DeveloperWorks wiki is much easier for us (or
anyone) to modify and add more articles.... [More]
Hey folks, Just wanted to update everyone and apologize for some recent issues accessing our technical information... We had a string of untimely issues of all sorts and it caused some outages... Here were the recent issues: Our support.bigfix.com and forum website were down intermittently in the last few weeks due to one of our network providers connectivity failure. We completed our scheduled forum transition, which transitioned to the new system just fine, but some users were unable to login with their new IBM forum account. If you had... [More]
Hey guys, We have released our new BigFix Labs domain to the world! BigFix Labs is a special domain, which every deployment has free access to, that contains a bunch of cool/interesting/useful experimental features, such as the relevance builder and Local User Management. We will continue to update and add more features to Labs, but note that all the content is UNSUPPORTED. Use at your own risk. See our preview post for some more info. We've added Labs to everyone's license bundles. This means that you should see a message like this at the... [More]
IBM is pleased to announce version 9.2.0 of the IBM Endpoint Manager platform.
This is a major version upgrade that is available to all IBM Endpoint Manager customers at no charge.
The 9.2.0 release is focused on stability, performance, usability of proxy configuration and enhancements in the subject of Role Based Access Control.
Version numbers are now referred to by the Major.Minor.Patch triplet in Fixlets and Content.
This enables more seamless updates to different components within the platform.
9.1.1082 (9.1 patch 1) is an emergency patch release to close the OpenSSL Heartbleed vulnerability (CVE-2014-0160). This is a critical vulnerability that affects 9.1 servers and relays. If you are running a 9.1 deployment, you need to upgrade immediately in order to close the vulnerability.
Only deployments running 9.1.1065 are exposed to the Heartbleed vulnerability. Earlier versions are not vulnerable. After upgrading from 9.1.1065 to 9.1.1082, the following steps should be performed to revoke any potentially-compromised... [More]
"I feel the need, the need for speed!" The following checklist (with links to resources and reference articles) will help you to achieve the goal of keeping your systems and deployments working at peak performance and efficiency and will reduce the number of problems that can be experienced while working with TEM. * For any item with an asterisks by it, please refer to this Wiki article for more information:... [More]
We've just released our first Labs update of the new year: TEM Computer Browser! BigFix rocks at reporting and taking actions across hundreds of thousands of machines at a time. If you want to patch every machine in your deployment, you can do with just one click in BigFix. However, sometimes it can be difficult to get a simple all-in-one view of a specific computer from out many-computer-centric interface. This is where the new Computer Browser comes into play. Created by Lee Wei, the same guy that brought you such favorites as the... [More]
We have just released version 8.2.1093 of the Tivoli Endpoint Manager platform. Our dev and qa teams have been working hard to address issues found in previous releases. Updates in this release include (among others): Updates to the Windows 2000 and Mac OS X 10.7 clients A fix for a race condition which could cause clients to potentially miss UDP messages Fixes for Client UI issues where action links were not being displayed A fix for an issue where you could not assign an AIX relay to be a child of another AIX relay Non-Windows relay fixes... [More]
We are pleased to announce that TEM Power Management now supports MAC OS X Lion (10.7), Windows 2008, and Windows 2008 R2. Actions to Take: Please apply Fixlet ID 58 “Enable Power Tracking with Default Assumptions” to applicable computers. Please create new power profiles under “Manage Power Profiles” to change power settings for new supported OSes. Published site version: Power Management, version 32 As part of this Fixlet release and our ongoing review of all of our Fixlets, we have also successfully reduced the size of this Fixlet
Hi All, We've just released a new Fixlet site to deploy and
manage Proventia Desktop and IBM Security Server Protection for Windows.
The site is named "Client Manager for Host Protection". "Client Manager for Host Protection" includes the following key capabilities: - Deploy and upgrade Server Protection and Proventia Desktop agents - Report on Server Protection and Proventia Desktop agent status and version Note
that as with other Client Manager content, this site is not a
replacement for the SiteProtector... [More]
SCM Content has been updated for the DISA UNIX Checklists! * Only the Linux OS's are affected by this update -- here are the new versions of the checklists: Self-Parameterizing Checklists: DISA STIG Checklist for AIX 5.1 ---------- now site version 6 DISA STIG Checklist for AIX 5.2 ---------- now site version 5 DISA STIG Checklist for AIX 5.3 ---------- now site version 5 DISA STIG Checklist for AIX 6.1 ---------- now site version 5 DISA STIG Checklist for HPUX 11.00 --- now site version 5 DISA STIG Checklist for HPUX... [More]
We are looking to retire the following legacy sites in March 2012: Patches for RedHat Enterprise Linux Patches for RedHat Enterprise Linux (Outdated RPMs) Before anyone starts to panic, keep in mind that we replaced these sites with the Patches for RHEL 3|4|5 sites in 2009. The Patches for RHEL sites were developed to make our patch content easier to deploy by supporting RPM dependency resolution. By retiring the legacy Red Hat sites, we will be able to clear up confusion around the two different sets of content, reduce the maintenance... [More]
The IBM Endpoint Manager team is releasing 9.1 Patch 5 and 9.2 Patch 1 of the IBM Endpoint Manager platform. These new versions address security updates, including the POODLE vulnerability, and fixes from older versions of OpenSSL. The new patches use OpenSSL 1.0.1.j.
IBM recommends upgrading whenever possible to take advantage of optimizations and bug fixes. Because these vulnerabilities are not of a critical nature, the upgrade should not be done in haste, but as part of a planned upgrade process.
Patching Windows clusters is largely a manual effort that is time-consuming and leaves plenty of room for error. If a mistake is made in patching your “mission critical applications” it can cost $50k, $100k or for some customers $Millions per outage. Depending on what versions of Windows you’re using, there’s little-to-no tooling to help you with this important task, and unfortunately it’s not one you can delay due to the exposure to your organization of not having the latest security patches... [More]
The IBM Endpoint Manager SSL Heartbeat Vulnerability (CVE-2014-0160) Scanner, developed by the IEM AVP Team, is being made available to customers to assist in identifying potentially vulnerable systems through a distributed and automated approach. Customers can find the latest version of the scanner in the Bigfix Labs site version 35.
The Scanner has 2 different operating modes available:
- Filesystem scan to locate executables and libraries that may contain affected versions of OpenSSL (including applications... [More]