During the two years since eWEEK Labs last looked at BES, BigFix has added a drastically improved asset collection, streamlined software delivery and new security features, such as integrated anti-spyware and oversight over third-party anti-spyware and anti-virus solutions. With all this functionality packed into a platform that requires only a single client agent on each managed machine, BES 6.0which started shipping in Aprilis much more an asset lifecycle management platform than a patching platform.BES 6.0 is highly modular, allowing administrators to add features as necessary. This is a good thing, given the overwhelming amount of settings, tasks and reports to look at or configure in a fully licensed deployment. Classes of services are added by subscribing to Fixlet Sites, which can include patches for various operating systems, vulnerability remediations and many other types of Tasks (BigFix-ese for "stuff you can do"). Once Fixlet Sites were enabled, we could individually activate the Analysis modules we needed at the time. For instance, we started our test deployment primarily with patching services for Windows-based clients and then added Fixlet Sites and activated the Analysis modules for hardware and software inventory capabilities, anti-spyware protections, and anti-virus monitoring modules, among others. As we added and used new features, the management console automatically refreshed to add links to the features in the prominent shortcut bar on the left side of the screen. These shortcuts automatically trigger filters to show only the settings relevant for each feature. With Version 6.0, BES offers role-based administration and workflow that are much more complex and granular than permissions schemes weve seen with other products. BES allowed us, for example, to customize a junior administrators viewmaking visible only those settings, fixes and assets deemed necessary for the administrators job. Designed to manage thousands or tens of thousands of clients, BES 6.0 let us create dynamic computer groups based on a variety of characteristics. We could define criteria to populate groups according to CPU type, IP address ranges, computer naming conventions, operating systems or Active Directory locations, among many other settings. We also could create our own groups for specific groupings. With BES 6.0, we could create base-line policies that were automatically applied to computers within the groups to which the base line was applied. We particularly liked the ability to nest base lines: We created a base-line patching policy for all Windows XP machines in our network, but we could also create and nest within this policy a secondary patch base line for Microsofts Patch Tuesdays. The products hardware asset inventory capability has been much improved. After we activated a few Analysis modules and applied a collection task to our clients, we could view each machines make, CPU type and speed, as well as the type of audio, video and network adapters installed. We also could drill down to see the maximum memory supported, the number of memory slots available and even the number of available PCI slots. BES 6.0s enhanced asset reporting extends to application and services inventory. After the Application Information and Programs Run at Startup analysis modules are activated, BES 6.0 collects each clients installed applications and services daily, enumerating which services are running at scan time and which programs automatically load at start time. With the new Software Usage Tracking analysis module, we could take application inventory a step further, logging whenever a specified application is used anywhere across the network. This allowed us to identify software licensing requirements across the company. The Application Usage Information Dashboard listed several common applications we could track (including Microsofts Word and Excel and Apple Computers iTunes, among others), or we could manually list any other process. The Dashboard graphically depicts the number and percentage of clients with that application installed, as well as several customizable views of how frequently the application gets used. Because large companies will need to leverage inventory data for use with other enterprise applications, BigFix offers several integration options, such as modules that integrate with several help desk applications, including solutions from BMC Software. BigFix also publishes its database schema, allowing customers to suck asset inventory into the application or tool of their choice. Similarly, to use data from other applications, BigFix offers its Asset Connector to import data into BES. Next Page: New spyware options.
For patch management services, BigFix charges $23 per agent per year for workstations, $69 per year for each Windows server, and $115 per year for Unix or Linux servers. With asset management and software distribution added to the mix, BES 6.0 costs $30 (per agent), $90 and $125 per year, respectively. When you throw in access to vulnerability assessment and third-party anti-spyware management, the costs are $40 (per agent), $120 and $125 per year, respectively. All prices assume a BigFix deployment of 5,000 managed agents.