it.ucsf.edu

BigFix Endpoint Manager

Michael Kearns's picture

Install BigFix Endpoint Manager - UCSF IT Does the Rest!

 

Overview

When it comes to securing UCSF IT resources, we can't fix what we can't see. The BigFIx Endpoint Manager allows UCSF IT find, fix and secure IT resources attached to the UCSF network.

By using BigFix we can track a computer, associate the computer with a user, and collect system information (OS, CPU, RAM, hard drive space) to ensure you have the UCSF IT Security Suite to protect your computer and the UCSF network. Using BigFix we can ensure your computer is patched, encrypted and protected from viruses and malware.

BigFix is required for ALL computers conducting UCSF business; whether it's UCSF owned or it's your personal computer.

 


Verify if BigFix is Installed

BigFix allows us to track a computer, associate the computer with a specific user, and collect system specifics (OS, CPU, RAM, hard drive space) which allow us to determine if a system can support encryption. BigFix can also be leveraged to verify patch levels and anti-virus/malware software version. Having BigFix on your computer is important because UCSF is implementing Network Access Control which will prevent computers without encryption and potentially anti malware/virus and minimum patch levels from connecting to the UCSF network.

 

On a Windows computer click on the icon with purple circle and a green arrow in the system tray (lower right hand corner of your screen).

 

On your Mac OS X computer in the upper-right of the menu bar near the clock, look for the purple circle with a green arrow.

 

Install BigFix 

If you do not see the BigFix icon, download the appropriate installer for your computer or server (Windows, Mac OS X, Linux).

Installers:

Additional information:

 

What To Expect After Installing BigFix

Desktops and Laptops:

  • A registration web page will be presented either at the time of installation or some period thereafter. Registering your computer is a simple, quick process. You will be asked to login to MyAccess. Please follow the instructions on Registering Your Computer
  • The BigFix icon will appear on the System Tray (Windows) or Menu Bar (Mac OS X)
  • The BigFix Client will run in the background and report the initial status of your system to the BigFix Server
  • If the system needs patching, you will be prompted to accept the patching task. You can defer the task, but if the task is deferred for too long, the patching task window will stay in the foreground, and you will not be able to dismiss it.
    • The system will reboot after the patching task has completed
    • If the system is significantly behind in patching, multiple reboots may be necessary.
  • BigFix will run in the background, consuming minimal CPU resources, periodically checking in with the server to provide ongoing updates of the system status as well as check for new tasks (e.g., patching to run)

Servers and Linux workstations:

  • BigFix will be started automatically, and show up in the Services Snap-in (Windows) or as a process (Linux / Unix) 
  • The BigFix client will run in a locked state. It will report back to the server, but not run any jobs that would apply patches or make changes on the system
  • BigFix will run the background, consuming minimal CPU resources and periodically check in with the server to provide ongoing updates of the system status 

BigFix on Lab Computers and Data Collection Computers

The default BigFix installer will work on most computers attached to data collection devices.  However, under unusual circumstance the BigFix Client might install and reboot for patching rather than indefinitely deferring patched.  For those cases, your computer can be categorized to require communication before an automated unscheduled reboot.  To request your computer be placed in this category, please contact the IT Service Desk at 415-514-4100 with the computer hostname. Registration is required for these systems. An exemptions request process has been integrated into the manual registration form: https://ucsf.service-now.com/ess/device_registration.do