Big Fix Architectural Overview

Tivoli Software

© 2010 IBM Corporation

BigFix Architecture Overview

1

Tivoli Software


Who is BigFix?

BigFix is a leading provider of high-performance security and systems management software for enterprises and service providers

• Private, venture backed, company based in Emeryville, CA• 700+ customers, 7M+ devices under management• Particularly strong with large scale deployments (10,000+ devices) • 50%+ of bookings are channel related. Key partners include Trend Micro, HCL,

Wipro, SAIC, Lockheed Martin, Fiberlink• Diversified across all major industry verticals• 2009 financial summary:• $70M bookings, 20% growth (normalized)• $52M revenues, 64% growth• $18M free cash flow• EOY headcount 204, up 36%

Key Company Facts

*Normalized for one-time $8M MSP sale

2

Tivoli Software


What BigFix Offers

The BigFix Unified Management Platform provides real-time visibility and control through a single infrastructure, single agent and single console

3

Tivoli Software


Proven Return in the Real World

Plus, real-time visibility and granular control over every endpoint…

Plus, real-time visibility and granular control over every endpoint…

4

Area of Concern Previous Approach

With BigFix

90K device deployment 6 months 1 week

# of Management Servers 25 1

Annual Electricity Costs $6.9M $4M

Patch Cycle 7 Days 5 minutes

Software Inventory Cycle (license “true-up”)

3 weeks 20 minutes

Vulnerability Assessment Cycle 6 months 3 days

Security Configuration Cycle 5 months6 FTEs

2 weeks1 FTE

90K device deployment 6 months 1 week

4

Tivoli Software


Summary of market demand drivers

5

Security Event: a failure to defend the corporate infrastructure that exposes the performance gaps of the current systems and security management infrastructure

Compliance Mandate: a corporate wide requirement to demonstrate visibility and control of the infrastructure

Cost Reduction Mandate: a requirement for greater efficiency that drives customers towards:

Consolidation and automation of multiple activities under a single management infrastructure

Power management and asset management initiatives

Green Initiative: a mandate to reduce carbon footprint through power management initiatives

IT Operations (Desktop or Servers)

IT Operations (Desktop or Servers)

CISO officeCISO office

CFO officeCompliance office

Facilities

CFO officeCompliance office

Facilities

Primary Buying Center

Primary Influencer

Secondary Influencers

5

Tivoli Software


Cumulative Sales of New Units: New Customers + Add-On Products

Calls to BigFix L3 Support

BigFix Focuses on Quality

6

Tivoli Software


Product Overview

7

Tivoli Software


BigFix Platform Elements

Single Intelligent Agent• Continuous self-assessment• Continuous Policy enforcement• Minimal system impact (<2% cpu)

Single Server & Console• Highly secure, highly available• Aggregates data, analyzes & reports• Manages >250k endpoints

Powerful policy language (Fixlets)• Thousands of out-of-the-box policies• Best practices for ops and security• Simple custom policy authoring• Highly extensible / applicable across all platforms

Virtual Infrastructure• Designate any BigFix agent a relay or scan point• Built-in redundancy • Leverage existing systems/ shared infrastructure

An existing BigFix managed asset can become a relay in minutes

8

Tivoli Software


Intelligent Agent: Pervasive Real-time Visibility Heterogeneous Platform Support (Managed Assets)

Windows NT SP6a/95/98/ME/2000/XP/2003/Vista/Windows 7/Windows 2008 (Incl. x86, x64 and Itanium)

Suse Linux (32 and 64-bit), Suse Linux Enterprise Desktop

Redhat Linux (32 and 64-bit)

Solaris (incl. Sparc and x86)

HPUX

IBM AIX

Mac OSX

VMWare ESX

IBM zLinux

Wyse Thinclients

Windows XPembedded, WePOS, and Embedded Standard 2009

Windows Mobile 5 and 6, Windows CE

Unsupported but running in commercial environments; Debian, Ubuntu, and CentOS

Visibility into any IP enabled device through network scanning enabled in any BigFix managed asset (Unmanaged Assets)

9

Tivoli Software


BigFix Technology: The Fixlet

Fixlets are a key part of BigFix Architecture

Fixlets are a general purpose way to encapsulate:

– Issue identification - Relevance

– Description of an issue – HTML for users

– How to solve it – Action

Examples

– Fixlet to identify/fix if MS09-012 is needed

– Fixlet to identify/fix if Adobe Acrobat isn’t installed

– Fixlet to identify/fix if power settings aren’t right

– Fixlet to identify/fix if AV isn’t running or updated10

Tivoli Software


Fixlets

By decomposing problems into Fixlets, it makes it easy to identify, report, fix, manage issues

Fixlets are authored by BigFix or partners in Fixlet Sites

BigFix and partners offer thousands of Fixlets in dozens of Fixlet sites for many different areas:

– Patching, security configs, inventory, app deployment, AV management, …

When BigFix publishes new Fixlets, they are distributed to all customer’s BigFix Servers within an hour

Customers can easily create their own Fixlets

11

Tivoli Software


Relevance LanguageCustom made for managing endpoints

>100 faster than other solutions

Suitable for IT operations and Example RelevanceLanguage vs WMI

showing >100faster execution

12

Tivoli Software


Single Server & Console• Highly secure, highly scalable• Aggregates data, analyzes & reports• Pushes out pre-defined/custom policies

Single Intelligent Agent• Performs multiple functions• Continuous self-assessment & policy enforcement• Minimal system impact (< 2% CPU)

Lightweight, Robust Infrastructure• Use existing systems as Relays• Built-in redundancy • Support/secure roaming endpoints

13

Tivoli Software


Our Closed Loop Speed is Our Advantage

14

Tivoli Software


Closed Loop Speed is Our Advantage

Report Publish

Evaluate

Traditional Solutions BigFix

Enforce Evaluate

PublishReport

Challenge Traditional client/server tools BigFix Platform

Complete the policy enforcement loop

Everything is controlled by the server, which is slow

Distributed computing with intelligent, universal agent

Increase the accuracy and speed of your knowledge

It can take days to accurately close the enforcement loop

Policy enforcement is accomplished and proven in minutes instead of days

Scalability cannot be attained without large infrastructure investments

Administrators are still managing tools instead of being productive

Distributed processing means scalability is unlimited

Adjust system policies depending on environment, location

Scan-based assessment, leading to stale data false sense of awareness

Real-time situational awareness

Decide

Evaluate

Enforce

Decide

15

Tivoli Software


Comparative Example: Application Upgrade

1. Use the software distribution wizard to describe the package and generate an action policy

2. BigFix Agents continuously retrieve policies.

3. BigFix Agents continuously assess the policies against the hosts. If upgrade is required, the Agents take action

4. BigFix Console automatically reflects status in real-time

BigFix shortens the policy enforcement loop from weeks to hours, with 95-99% first-pass success rates

Legacy software install policy BigFix is faster and simpler1. Build a query to identify targets2. Build a package, method, and task to describe

the required action3. Build a report to return results4. Agents report their daily software inventory. 5. The server re-calculates target lists from this

inventory every hour.6. Each targeted agent downloads new policies

every day and takes action.7. The next day, agents report software inventory

with the new information. 8. The server re-calculates target lists from this

inventory every hour, removing the agents which installed the software.

9. Administrators manually run reports to find out what happened when. It will take custom scripting in most tools.

16

Tivoli Software


BigFix: Content Based Delivery Model

BigFix Content Sites

Patch Power SCM Anti-Malware

SW Dist. SW Asset Mgt. OS Prov. Other …Internet

Description and Benefits•Applications are delivered via subscriptions to content (fixlet) sites (e.g., “cable box” or “iTunes” model)•Content flows to the BigFix server and through the infrastructure•No on-premise reinstall•Speed – distribution is automated•Rapid, easy testing / POC•Model is key to account expansion strategy / cross selling

1717

Tivoli Software


3rd party integration Examples

• Anti-malware

• Application Virtualization

• Encryption

• Application Control

• Fine-grained Device Control

Single Intelligent Agent

Agent Side Integration

API or otherAPI or other

3rd Party Agents / Engine

3rd Party Agents / Engine

BigFix AgentBigFix Agent

BigFix Applications 3rd Party Applications

What else could BigFix do?

• Run book automation

• Application provisioning

• File Integrity Monitoring

• Application Performance Monitoring

• Back-up and Recovery

• Document Management

• End User Experience Monitoring

BigFix can automate almost any task at scale

18

Tivoli Software


Agent Side Integration Steps and Benefits

1. Expose third party agent control interface and method – trim “agent fat”

2. Create integration logic – typically creation of Fixlet content

3. Create UI content for console operator command and control (emulate third party’s console interface)

4. Publish application as new content site

Speed: typically 1Q

Effort: typically 2 FTEs (includes QA)

Performance: all Platform performance attributes (speed, visibility, quality of control) inherited by the new applications

Convenience: fully integrated into BigFix unified management platform single “pane of glass”

Go to market synergy: leverages the same content based delivery channel: no new install, no additional infrastructure, easy updates, etc.

BenefitsIntegration Steps

19

Tivoli Software


BES Platform

Database ServerDatabase Server

Web Reports ServerWeb Reports Server

Agent CommunicationsAgent Communications

Decision Support ServerDecision Support Server

BigFix Relay

BigFix Server

BigFixAgent

Policy EnginePolicy Engine

InspectorsInspectorsBigFixAgent


InspectorsInspectorsBigFixAgent


InspectorsInspectors

BigFix Console

BigFix Server API*SOAP for reads

*COM for writes

Application Services

Management Services

Failover/Failback/Backup/RecoveryFailover/Failback/Backup/Recovery

SecuritySecurityServer Auto-updateServer Auto-update

Web ReportsWeb Reports

DiagnosticsDiagnostics

Agent Deployment/UpdateAgent Deployment/Update

Scripted InstallationScripted Installation

Central Deployment LibraryCentral Deployment Library

Distribution InfrastructureDistribution Infrastructure

Platform Components

Asset DiscoveryAsset Discovery

Patch ManagementPatch Management

Power ManagementPower Management

Client Mgr for Endpoint SecurityClient Mgr for Endpoint Security

OS Deployment / reimagingOS Deployment / reimaging

Device ControlDevice Control Security Compliance AuditSecurity Compliance Audit

Software Asset ManagementSoftware Asset Management

Others…Others…

• CMDB• Asset Repository• Service Desk

• Workflow / Orchestration• 3rd party mgmt console

• Workflow / Orchestration• 3rd party mgmt console

Command and control of 3rd party agentsCommand and control of 3rd party agents

Command and control of BigFixCommand and control of BigFix

Data export to 3rd party systemsData export to 3rd party systems

20

Tivoli Software


Appendix A Messaging Architecture

Tivoli Software


BigFix Message Architecture

BES ServerBES Server

BigFix FixletPublishing Servers


BES RelayBES RelayBES ClientsBES Clients

BES RelayBES Relay

BES ClientsBES Clients

CorporateCorporate

BES ClientsBES ClientsBES Console

BES RelayBES Relay BES ClientsBES Clients

DMZDMZInternetInternet

Remote OfficeRemote Office

22

Tivoli Software







BES RelayBES Relay


CorporateCorporate





Automatic content retrieval (HTTP)

The BES Server retrievesFixlets (Policies) from

BigFix Fixlets Publishing Serversautomatically.

The BES Server retrievesFixlets (Policies) from

BigFix Fixlets Publishing Serversautomatically.

23

Tivoli Software







BES RelayBES Relay


CorporateCorporate





The BES Server notifies (UDP)its clients immediately of

new Fixlets content

The BES Server notifies (UDP)its clients immediately of

new Fixlets content

24

Tivoli Software







BES RelayBES Relay


CorporateCorporate





The notification propagatesthroughout the enterprise

within minutes

The notification propagatesthroughout the enterprise

within minutes

25

Tivoli Software







BES RelayBES Relay


CorporateCorporate





BES Clients retrieve the Fixletsupon connection, and

defined intervals

BES Clients retrieve the Fixletsupon connection, and

defined intervals

26

Tivoli Software







BES RelayBES Relay


CorporateCorporate





BES Clients continuouslyevaluate and enforce

received policies

BES Clients continuouslyevaluate and enforce

received policies

27

Tivoli Software


Appendix B Integration Architecture

Tivoli Software


BigFix API Architecture

BES Server

WebReportsdatabase

BESClientsBESClientsBESClients

BESConsole

SOAPAPI

ClientCompliance API

PlatformServer API

Database API

SessionInspectors

SessionInspectors

RelevanceInspectors

29

Tivoli Software


BigFix APIs

API Execute Against Language / Interface Read or Write

Client Compliance API BES Clients Relevance Language / MS COM

Read

Platform Server API BES Server Any Language / MS COM Write

Database API BES Database SQL / (ODBC, ADO, JDBC) Read

Client Inspectors BES Clients Relevance Language &

Action Script

Read

Session Inspectors BES Console &

Web Reports

Relevance Language Read

SOAP API Web Reports Relevance Language / SOAP Read

30

Tivoli Software


BigFix Agent Integration Architecture

API

ExtensibleInspectors

AV

AS

HIP

S

Anti-virus

Spyw

are

Patch

Vulnerability

Inventory

Roadm

ap

Custom

HIP

S/N

AC

EnforcementAPI

BigFix Agent

Fixlet ® message Libraries• Lightweight• Instant-on• Dynamic• Secure

BigFix Agent• Low impact• Small footprint• Bandwidth frugal• Secure

NA

C

Single Console, Single Infrastructure management for • Corporate LANS• Mobile Computers• Remote Offices

31

Tivoli Software


IBM / BigFix Roadmap

Key:

Integration

Lifecycle

Security

2H 20112H 2011

• BigFix Platform Version 8 • BigFix Platform “Foothill”

1H 20111H 2011

• BigFix Platform “Euclid”• Quick time to market with

competitive solution• Address both security and

lifecycle in one solution• Rapid Time to Value• Full IBM offering in IBM

Channels

2H 20102H 2010 1H 20121H 2012

• BigFix Platform “Gilman”• Integration with Tivoli ISM

solution for cross sell/up sell• Extended Run from support for

broader IBM Customer support• Expanded partnerships with

STG

• Simplified Chinese, Japanese, French, Italian, German, Spanish Language Support

• Data Integration for Asset and CCMDB

Blue Rinse• IBM Tivoli Branding• Traditional Chinese, Korean, Brazilian Portuguese Language Support

• Passport Advantage

• DB2 Support• ISM Integration (TAMIT, SRM, etc.)

•Software Repository Integration for MSI/EXE•OSD: MDT OS

reimaging/migration•Power Management 3.0

•TCM Upgrade: SPB Support for BigFix Software Distribution/Repository•Tivoli Remote Control

Integration•OSD: MDT Bare Metal & TPM

OSD Reimaging•App-V Support

•Software Repository 3.0•OSD: TPM OSD Bare Metal•DSS SAM 2.0•Expanded VDI Support

•OSD with “Peercast” support•Remote Control with “Direct

Connect” Support•Client Virtualization

•DSS SCM 1.0: Enhanced Compliance Reporting

•CMEP Open Architecture•Proventia Desktop on BigFix

Platform (ESC replacement) with Windows 7 Support•DSS SCM 1.1

•TSCM/Fusion Upgrade: BigFix support for TSCM policies•“ESC”: Data Leak Prevention•DSS SCM 1.2

•DSS SCM Policy Management•“ESC”: Site Protector

Roadmap Coding• Existing Roadmap• Integration Roadmap• Risk due to resource availability or blue rinse obligations

INTERNAL FACING ONLYNOT FOR EXTERNAL USE

32

Tivoli Software


Other Future Items

Integration

– Additional integrations with ISM products

– BigFix Server support on AIX, Linux

Lifecycle

– Endpoint support for Linux on Power

– Admin Command Line Interface

Security

– TAMOS Integration

33