Welcome to the BigFix Blog, where you can read the perspectives from network and service assurance experts. This Blog provides insights into the endpoint management solution, as well as technical details about specific IBM products.
IBM Tivoli Endpoint Manager for Security and Compliance Security Configuration Management (SCM) The Security and Compliance team at IBM has updated content for the DISA Solaris 10 checklists. In-line parameterization, requires TEM 8.1+ : - DISA STIG Checklist for Solaris 10 v16 Action Script based parameterization: - SCM Checklist for DISA STIG on Solaris 10 v32 Changelist: - Added zone support for GEN003540 and GEN005720 *Site versions provided for air-gap customers. Please... [More]
I wanted to take a minute to highlight two recent success stories with IBM Endpoint Manager and how customers are gaining real value from the solution, which may prompt you to think about additional uses in your own environment. I think it is important to look at actual customer savings to understand the value of a solution. This reminds me of a story that I heard on NPR yesterday concerning the G8 Summit in Ireland. Ireland was hit very hard by the 2008 financial crisis, but David Cameron wanted things to look nice for the... [More]
I BM recently released IBM Endpoint Manager 9.0 (IEM) on Linux. With the new release of IEM 9.0, server component of IEM can now be installed on RHEL 6.1 and above, with IBM DB2 10.x as the database. In order to explore the new features and capabilities of IBM Endpoint Manager 9.0, lets quickly install the IEM 9.0 evaluation version. Before you start creating a POC image, its recommended to read tutorial: How to create a YUM repository from an ISO image or mounted CD. You may download the IEM Linux Server installer from... [More]
Detecting installations of a particular software on Windows is a simple job, but things get worst in case of Linux and UNIX, especially if the software was not installed using native binaries like rpm or deb packages. Windows has the registry (start -> run -> regedit.exe) to list all the required details of a product like install path, product version, locale or product type etc., but on Linux or UNIX it may not be that easy. There's a similar problem about detecting DB2 installations on Non-Windows OS without running ab IBM DB2... [More]
Content in the OS Deployment and Bare Metal Imaging site has been modified. Updated Content: * Bare Metal Server Management Dashboard * Image Library Dashboard * MDT Bundle Creator 3.1.35 * Deploy MDT Bundle Creator (ID: 46) * Change Upload Maintenance Service Scan Delay Period (ID: 8) * Warning: Server is Low on Free Disk Space (ID: 28) * Update Server Whitelist for OS Deployment (ID: 36) Reasons for Update: * Fix issues involving deploying multiple partitions * Fix issues with endpoint manager server configuration fixlets ran on Linux... [More]
IBM Mobile Device Management Due to a change in iTunes App requirements, we will be discontinuing support of OS 3.0 and below in our 9.0.20021 release of the IBM Endpoint Manager Mobile App on iTunes. This affects iPhone 3G and older devices. These devices will no longer be able to download or update the IBM app, but will continue to be managed with IBM Mobile Device Management. Application Engineering Team IBM Endpoint Manager
We are pleased to announce the support for Solaris Live Upgrade. We have released a new site called “Patches for Solaris Live Upgrade”, which contains Fixlets for patching Solaris inactive boot environments. Supported Solaris Versions: - Solaris 9 - Solaris 10 - Solaris 10x86 Type of Patches: - Oracle Recommended patches - Oracle Security patches - Oracle Critical Patch Updates (CPU) Supported Versions of IBM Endpoint Manager: IBM Endpoint Manager 8.0 and later Refer to the... [More]
Here is some simple steps for new users. Let's take Patch Overview dashboard for example. First, enable Patching Support site: 1. Locate License Overview dashboard in BES Support site: 2. Ctrl+F to launch the Find window and type in Patching Support, it will help you to locate the Patching Support site in the License Overview dashboard. Then click Enable: 3. Wait until the site is up-to-date, currently the latest version is 26: Second, go to Patch Management... [More]
After a bit of a hiatus, we've released a new update for labs featuring the Baseline Synchronization Dashboard! This dashboard provides an easily searchable and filterable overview of all the baselines in your deployment, with along with their synchronization status. For example, lets say you've created and tested a new set of Patch Tuesday baselines, when Microsoft reports that their was an error with some of their patches, prompting a release (and an update to our fixlets). How do you know which of your many new... [More]
Apple released their iOS6 update today, which is now available to all end-users on supported devices. More info about iOS 6 is available from Apple's website: http://www.apple.com/ios/ The IBM Endpoint Manager for Mobile Devices team is pleased to announce same-day support for the new Apple iOS6 release. Here is what to expect: The previous versions of IBM Endpoint Manager components (including the Management Extender for Apple iOS and the IBM Mobile Client app) will support iOS6 without any issues. However, the previous versions won't... [More]
IBM Tivoli Endpoint Manager for Security and Compliance Security Configuration Management (SCM) The IBM Endpoint Manager team is pleased to announce the availability of two new wizards for creating custom Fixlets within the Security and Compliance product. The two new wizards -- " Create Custom Relevance SCM Content " and " Create Custom Unix SCM Content " -- allow you to easily create custom SCM Fixlets within the TEM Console without having to use an external tool. These wizards provide significant benefits over creating... [More]
Here are two articles you will want to bookmark and continually come back to. The articles will be frequently updated to include new information, tips, and the most common problem solutions as well as procedures for gathering data for troubleshooting and engaging Support for assistance in problem resolution. Featured Documents for Tivoli Endpoint Manager http://www-01.ibm.com/support/docview.wss?uid=swg21600475 What information do I include when I open a Support case with IBM? http://www-01.ibm.com/support/docview.wss?uid=swg21505708 ... [More]
Have you ever wanted to measure the quality of your infrastructure? Perhaps you'd like to know the time it takes for your endpoints to respond to questions and for the data to make it into the database? Well, now you can. One of our engineers, Aram, has come up with a simple SQL statement to provide what we are calling "Travel Time". Travel Time is the average time it takes for all of your endpoints to answer a question, in this case "Last Report Time", and insert that answer into the database. Using this value can... [More]
IBM starts to support CPU fixlets for Solaris platform. Fixlets for Critical Patch Update(CPU) 2012 April were released in the Patches for Solaris site. The latest version of Solaris Download plugin, v1.7 and Solaris download cache v6.0 are available to support CPU fixlets. fixlets released: 20120403 Critical Patch Update 2012-04 - Solaris 10 20120404 Critical Patch Update 2012-04 - Solaris 10 - Outdated Packages 20120401 Critical Patch Update 2012-04 - Solaris 10_x86 20120402 Critical Patch Update 2012-04 - Solaris 10_x86 -... [More]
IBM Tivoli Endpoint Manager
for Security and Compliance Security Configuration
Management (SCM) The security and Compliance team at IBM has modified the
content within SCM Reporting ---- Affected Sites ---- SCM
Reporting v32 ----
Changelist ---- -
The “Security and Compliance Analytics” deployment dashboard has been updated
to point to the latest msi to support SCA 1.2 -
The “Create Custom Checklist Wizard” has been updated with individual check
selection functionality. The radio buttons now present in the wizard to... [More]
Just wanted to let you guys know that our Patch Tuesday kernel fixlets
for Jan 2012 are live. They are going to be in Enterprise Security version 1557. For
now, we have content for: MS12-001 thru MS12-006. MS12-007 should be
coming out a little later. You can find the security bulletin releases from Microsoft here. Happy patching.
Just a quick note to let you know that we have increased our deployment size upgrade recommendations to encourage deployments of less than 15,000 seats to begin the upgrade process. As always, we recommend that you upgrade your servers and consoles at the same time because older consoles will not be able to connect with the upgraded server. We'll be updating our deployment size recommendations more frequently now that the holidays are over, so please subscribe to the blog's RSS feed to make sure you're aware of the latest updates. We'll... [More]
Earlier today, Microsoft released an out-of-band security bulletin related to vulnerabilities in the .NET Framework. We published the Fixlets for this bulletin in Patches for Windows site at around 3pm PST. The Fixlets in localized versions of the sites are now available as well.
IBM is pleased to announce the general availability of application update management content for Mac OS X client. Published Site Versions: Updates for Mac Applications (version 2) Highlights include: - Supported applications include Adobe Reader, Adobe Flash Player, and Adobe Shockwave. - The fixlets only handle updates of the applications. Software deployment or uninstallation is not included. Actions to Take: Lifecycle Management, Security and Compliance, and Patch Management customers who wish to use the new content should use the... [More]
As part of our ongoing efforts to reduce the size of our Fixlets, we are publishing a new version of the OS Deployment Fixlet today. There is no change to function, but this new version will require less disk space. The new version number is 11.
Security Configuration Management (SCM) for Unix Systems The Security and Compliance team at IBM has modified the content within the UNIX System checklists to add enhancements. ---- Site Versions ---- Self-Parameterizing Sites: DISA STIG Checklist for AIX 5.1 v9 DISA STIG Checklist for AIX 5.2 v8 DISA STIG Checklist for AIX 5.3 v8 DISA STIG Checklist for AIX 6.1 v8 DISA STIG Checklist for HPUX 11.00 v8 DISA STIG Checklist for HPUX 11.11 v8 DISA STIG Checklist for HPUX 11.23 v8 DISA STIG Checklist for RHEL 3 v8 DISA STIG Checklist for... [More]
Just wanted to give everyone a heads up that we are in the process of reviewing and updating our fixlets. The good news is that these changes will have a positive impact on your environments by reducing the size of the fixlets while maintaing all of the same function. As we progress I will post to the blog which fixlets are being updated each day. We will begin rolling out these changes next week, updating between 4-6 sites a day.
Just a quick post on some of the setup and configuration changes you can expect in version 8.2. On upgrade, all existing Console users will be migrated to local users. Console users will be asked to provide .pvk files on initial login for the purposes of verification only and will not be used for subsequent login attempts. Consoles in 8.2 connect to the Server through HTTPS 52313. This replaces the previous method of ODBC connections. This is configurable. Account provisioning is now handled by the Console, not the BESAdmin tool. However,... [More]
We just published the Fixlets for Patches for Windows sites for German, Japanese and Chinese (Simplified) languages. The Patch Tuesday content for the remaining language sites should be available by Wednesday evening PST.
Just wanted to let you guys know that our Patch Tuesday fixlets for November 2011 are live. They hit the world roughly forty minutes ago. We also published the re-release of MS11-037 as part of that push. We'll be working next on the non-English Patch Tuesday fixlets.
Just a heads up, our tenative delivery times for this upcoming Patch Tuesday are 2:00PM PST for all patches. We'll release non-English security patches shortly afterwards. You can find more information about the upcoming November Patch Tuesday here: http://technet.microsoft.com/en-us/security/bulletin/ms11-nov
There is a document created listing all the supported endpoint protection products for CMEP at this wiki page: https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/Client%20Manager%20for%20Endpoint%20Protection%20%E2%80%93%20Supported%20Products It will be updated once a support for a new product is published.