Welcome to the BigFix Blog, where you can read the perspectives from network and service assurance experts. This Blog provides insights into the endpoint management solution, as well as technical details about specific IBM products.
Hi everybody, We have been slowly transitioning our customer-facing documentation and technical info pages from our legacy BigFix sites to IBM systems. Here is a quick overview of some of the changes: New "Endpoint Management Community" -- This page basically links to all the pages discussed below. New "Endpoint Management" Blog -- (You are reading my first blog post.) We didn't have a blog at BigFix and instead used mailing list updates and forum posts. But... we think the blog is a better way to communicate and we... [More]
IBM is pleased to announce the next release of IBM Endpoint Manager for Mobile Devices. New Features in this release include: 1. Self-Service Portal End-users to manage their own devices. Users can login to the portal using their AD/LDAP credentials. They can view device details; and, in the event of loss or theft, they can issue wipe, lock, or reset password commands, among others. 2. Enhanced Enrollment Options Authenticated enrollment is now supported via AD/LDAP integration. Additionally, administrators can optionally present additional... [More]
Just a quick note to let you know that we have increased our deployment size upgrade recommendations to encourage deployments of less than 15,000 seats to begin the upgrade process. As always, we recommend that you upgrade your servers and consoles at the same time because older consoles will not be able to connect with the upgraded server. We'll be updating our deployment size recommendations more frequently now that the holidays are over, so please subscribe to the blog's RSS feed to make sure you're aware of the latest updates. We'll... [More]
We are currently working on the Sept 2012 out of band security bulletins. The English content will be out later today in the afternoon. We discovered that the patch for Internet Explorer 8 on Windows XP SP2 x64 doesn't exist yet from Microsoft. We will release the rest of the content and release this missing patch once Microsoft releases it. Thanks.
Content in the Patches for Windows (English) has been modified: Modified Fixlet Message: MS12-053: Vulnerability in Remote Desktop Could Allow Remote Code Execution - Windows XP SP3 - V2 (ID: 1205301) MS12-053: Vulnerability in Remote Desktop Could Allow Remote Code Execution - Windows XP SP3 - V2 - CORRUPT PATCH (ID: 1205303) MS12-055: Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege - Windows XP SP3 - V2 (ID: 1205501) MS12-055: Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of... [More]
IBM Tivoli Endpoint Manager for Security and Compliance Security Configuration Management (SCM) The Security and Compliance team at IBM has updated the content within the DISA and USGCB Checklists for Windows Operating Systems. 1) Additional DISA Vulnerability IDs have been added: 1. V-1077 2. V-1089 3. V-1095 4. V-1102 5. V-1103 6. V-1122 7. V-1126 8. V-1130 9. V-14250 10. V-14267 11. V-14268 12. V-14269 13. V-14270 14. V-15705 15. V-15706 16. V-15727 17. V-16021 18. V-16048 19. V-18010 20. V-3337 21. V-3481 22. V-3487 *Affected Sites* DISA... [More]
Summary A security vulnerability has been discovered in OpenSSL that affects some products in the IBM Endpoint Manager portfolio. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability to expose 64k of private memory and retrieve secret keys. This vulnerability can be remotely exploited, authentication is not required and the exploit is not complex. An exploit can only... [More]
Here is some simple steps for new users. Let's take Patch Overview dashboard for example. First, enable Patching Support site: 1. Locate License Overview dashboard in BES Support site: 2. Ctrl+F to launch the Find window and type in Patching Support, it will help you to locate the Patching Support site in the License Overview dashboard. Then click Enable: 3. Wait until the site is up-to-date, currently the latest version is 26: Second, go to Patch Management... [More]
IBM has released several new features in the Mobile Device Management Fixlet Site for IBM Tivoli Endpoint Manager. 1. Nitrodesk Touchdown support The TEM Agent now integrates with Nitrodesk Touchdown. This allows TEM to control a richer set of configurations on Android devices, such as selective wipe, and security polices like password length, encryption etc. 2. Google Cloud Messaging The Android agent can now use Google Cloud Messaging to provide much quicker response times to action commands. 3. Proxy Agent enhancements The Proxy Agent... [More]
IBM is pleased to announce the release of Tivoli Endpoint Manager OS Deployment 2.2. This release has two feature additions • Driver Management - A new dashboard will be added to allow for uploading and managing drivers that are used during reimage and capture. • Bootable Media Creation Tool - A new tool will be available to create self contained bootable media for imaging an offline bare metal computer. New Dashboard: • Driver Library – Found in Systems Lifecycle->OS Deployment->Manage Images and Drivers New... [More]
We've just released a new feature to
Labs- the Client Manager Builder. The Client Manager Builder can help you
manage anti-virus products from vendors that are not supported by the
Client Manager for Endpoint Protection (CMEP) site by generating
content for those unsupported anti-virus products. The CMEP site
currently supports the following vendors: McAfee, Symantec,
Trend Micro, Microsoft™, Sophos, Computer Associates, and IBM®.
For more information about how to use
this cool feature, please refer to this wiki: Using the Client... [More]
Just a quick post on some of the setup and configuration changes you can expect in version 8.2. On upgrade, all existing Console users will be migrated to local users. Console users will be asked to provide .pvk files on initial login for the purposes of verification only and will not be used for subsequent login attempts. Consoles in 8.2 connect to the Server through HTTPS 52313. This replaces the previous method of ODBC connections. This is configurable. Account provisioning is now handled by the Console, not the BESAdmin tool. However,... [More]
Have you ever wanted to measure the quality of your infrastructure? Perhaps you'd like to know the time it takes for your endpoints to respond to questions and for the data to make it into the database? Well, now you can. One of our engineers, Aram, has come up with a simple SQL statement to provide what we are calling "Travel Time". Travel Time is the average time it takes for all of your endpoints to answer a question, in this case "Last Report Time", and insert that answer into the database. Using this value can... [More]
IBM has released version 2.0 of IBM Endpoint Manager for Mobile Device Management (MDM). New Major Features: Enhanced Multi-Tenancy Support – MDM now supports multi-tenancy with the addition of “enrollment” tags. See Additional Links section for more details. BlackBerry 10 support - BlackBerry 10 devices can now be managed through the Exchange Extender via the ActiveSync interface. Windows Phone 8 and Windows Surface RT support - These devices can now be managed through the Exchange Extender via the ActiveSync interface. Deny Email Access for... [More]
Many companies look at Software Asset Management (SAM) as
something they can manage with spreadsheets and home grown software. Until a software company performs a license
audit and they find their spreadsheets are out of date and then the CEO wants
to know why the company is faced with a huge unplanned software bill. Or maybe their software costs are consuming
more and more of their limited IT budget and management wants to know if all
these software licenses are really being used.
Seems like a good question, but they can’t even... [More]
We are pleased to announce that TEM Power Management now supports MAC OS X Lion (10.7), Windows 2008, and Windows 2008 R2. Actions to Take: Please apply Fixlet ID 58 “Enable Power Tracking with Default Assumptions” to applicable computers. Please create new power profiles under “Manage Power Profiles” to change power settings for new supported OSes. Published site version: Power Management, version 32 As part of this Fixlet release and our ongoing review of all of our Fixlets, we have also successfully reduced the size of this Fixlet
IBM Endpoint Manager and MaaS360 have recently been named as leaders in the Gartner Magic Quadrant for Client Management Tools and Enterprise Mobility Management respectively for the 3 rd year in a row. This recognition comes at a critical time as the mobile workforce grows exponentially and initiatives like BYOD continue to become embedded in the workplace. IBM Endpoint Manager provides real time visibility and control over all endpoints - from servers to laptops - enabling organizations to find and fix problems in minutes. This... [More]
The IBM Endpoint Manager team is releasing 9.1 Patch 5 and 9.2 Patch 1 of the IBM Endpoint Manager platform. These new versions address security updates, including the POODLE vulnerability, and fixes from older versions of OpenSSL. The new patches use OpenSSL 1.0.1.j. IBM recommends upgrading whenever possible to take advantage of optimizations and bug fixes. Because these vulnerabilities are not of a critical nature, the upgrade should not be done in haste, but as part of a planned upgrade process. Upgrade fixlets are available... [More]