it.ucsf.edu

BigFix Endpoint Manager

Michael Kearns's picture

Install BigFix Endpoint Manager - UCSF IT Does the Rest!

 

Overview

BigFix is required for ALL computers conducting UCSF business, whether it's UCSF owned or it's your personal computer. When it comes to securing UCSF IT resources, we can't fix what we can't see. The BigFIx Endpoint Manager allows UCSF IT to find, fix, and secure IT resources attached to the UCSF network. By using BigFix we can track a computer, associate the computer with a user, and collect system information (OS, CPU, RAM, hard drive space) to ensure you have the UCSF IT Security Suite to protect your computer and the UCSF network.It allows us to verify that your computer is patched, encrypted, and protected from viruses and malware.
 

Having BigFix on your computer is important because UCSF IT will install required security software via BigFix automatically. This security software helps verify devices meet UCSF’s minimum security standards, search for signs that a system has been compromised, and collect forensic data if a security alert is triggered. It will prevent computers without encryption and potentially anti malware/virus and minimum patch levels from connecting to the UCSF network.

 

Verify if BigFix is Installed

 

BigFix allows us to track a computer, associate the computer with a specific user, and collect system specifics (OS, CPU, RAM, hard drive space) which allow us to determine if a system can support encryption. BigFix can also be leveraged to verify patch levels and anti-virus/malware software version. Having BigFix on your computer is important because UCSF is implementing Network Access Control which will prevent computers without encryption and potentially anti malware/virus and minimum patch levels from connecting to the UCSF network.

 

On a Windows computer click on the icon with purple circle and a green arrow in the system tray (lower right hand corner of your screen).

 

On your Mac OS X computer in the upper-right of the menu bar near the clock, look for the purple circle with a green arrow.

Install BigFix 

If you do not see the BigFix icon, download the appropriate installer for your computer or server (Windows, Mac OS X, Linux).

Installers:

Additional information:

What To Expect After Installing BigFix

Desktops and Laptops:

  • You will be prompted to register your computer through a simple, quick process. Please follow the instructions on Registering Your Computer.
  • BigFix will run in the background and the BigFix icon will appear on the System Tray (Windows) or Menu Bar (Mac OS X).

BigFix will install required security software automatically, such as ForeScout SecureConnector, so you do not have to install the software on your own. Security software will verify devices meet UCSF’s minimum security standards, search for signs that a system has been compromised, and collect forensic data if a security alert is triggered.

  • If the system needs patching, you will be prompted to accept the patching task through a pop-up window. You can defer the task, but if the task is deferred for too long the pop-up will stay in the foreground, and you will not be able to dismiss it.
    • The system will reboot after the patching task has completed
    • If the system is significantly behind in patching, multiple reboots may be necessary.

Servers and Linux workstations:

  • BigFix will be started automatically, and show up in the Services Snap-in (Windows) or as a process (Linux / Unix) 
  • The BigFix client will run in a locked state. It will report back to the server, but not run any jobs that would apply patches or make changes on the system
  • BigFix will run the background, consuming minimal CPU resources and periodically check in with the server to provide ongoing updates of the system status 

BigFix on Lab Computers and Data Collection Computers

The default BigFix installer will work on most computers attached to data collection devices.  However, under unusual circumstance the BigFix Client might install and reboot for patching rather than indefinitely deferring patched.  For those cases, your computer can be categorized to require communication before an automated unscheduled reboot.  To request your computer be placed in this category, please contact the IT Service Desk at 415-514-4100 with the computer hostname. Registration is required for these systems. An exemptions request process has been integrated into the manual registration form: https://ucsf.service-now.com/ess/device