[BESAdmin-Announcements] BigFix 11.0 Patch 4 is now available!
Announcements for BES Administrators
besadmin-announcements at bigmail.bigfix.com
Mon Apr 14 10:42:04 PDT 2025
The BigFix Team is pleased to announce the release of version 11 Patch 4
(11.0.4.60) of BigFix Platform. The main features in this release are as
follows:
You can now secure HTTPS communication in BigFix with your preferred
Certificate Authority! (aka Bring Your Own CA)
With the setcustomca BESAdmin command, you can install an external
Certificate Authority (CA) in the BigFix Platform. When that happens,
BigFix components at 11.0.4 and later versions will start using
certificates generated from the imported CA to secure HTTPS traffic. Back
level components will continue to use the current BigFix CA.
For details, see Configuring the root server with a custom CA
<https://help.hcl-software.com/bigfix/11.0/platform/Platform/Config/c_custom_CA.html>
, BESAdmin Windows Command Line
<https://help.hcl-software.com/bigfix/11.0/platform/Platform/Installation/c_besadmin_windows_cli.html>
and BESAdmin Linux Command Line
<https://help.hcl-software.com/bigfix/11.0/platform/Platform/Installation/c_besadmin_linux_cli.html>
.
More console performance improvements!
Prior releases have improved console load times and performance analytics.
Our goal was to cut console load times in half, and customers generally
meet or exceed this goal. With this release we have improved the general
console performance, with a focus on process concurrency, efficiency, and
device correlation impact. The net is through our cumulative improvements,
you have a more responsive console!
More options for High Availability & Disaster Recovery (HADR)!
The BigFix HADR solution until now has involved the Disaster Server
Architecture (DSA) based on proprietary replication code. We now offer a
full HADR solution based on a combination of database replication (e.g.,
and MS SQL Availability Group), cluster management, and shared file
store. The solution aligns with industry best practices, has reference
level data integrity, and is operationally more scalable and lighter weight
than the DSA solution. This is especially important if you consider BigFix
“mission critical” to your business!
For details, see HA and DR configurations
<https://help.hcl-software.com/bigfix/11.0/platform/Platform/Installation/c_ha_dr_configurations.html>
.
Enhanced PeerNest! Streamlined functionality and reduced network traffic
Significant advancement in PeerNest efficiency: agents can exchange
payloads among themselves without the need of Multicast UDP. Root Server
and Relays will be used as trackers, sharing information about which
clients are able to share which files. This means reduced network traffic,
possibility to leverage the capability in diverse networking environments,
and improved efficiency especially in the early phases of the
communication.
For details, see Configuring PeerNest without the multicast function
<https://help.hcl-software.com/bigfix/11.0/platform/Platform/Config/c_peernest_without_multicast.html>
and Peer to peer mode
<https://help.hcl-software.com/bigfix/11.0/platform/Platform/Config/r_client_set.html#r_client_set__peer>
.
Higher Relay Scalability!
A non-authenticating relay on Windows and Linux can now support up to 10000
endpoints!
Increased number of persistent connections!
Persistent connections can be enabled on network configurations where UDP
notifications are not available. The limit of endpoints that can be
configured in this way is increased to 1000 per Relay.
BigFix Relay metrics collected and exposed!
You can now monitor the status and efficiency of your relay infrastructure.
The relay is now able to collect and expose metrics related to its HTTP
server operations and lets you use Prometheus to collect them. The
collected data can then be viewed and analyzed by a visualization
application such as Grafana.
For details, see Exposed Metrics
<https://developer.bigfix.com/other/metrics-api/> and Exported Metrics
<https://developer.bigfix.com/other/metrics-api/metrics.html>.
Data upload infrastructure enhancement - Pass-Through mode on Relays!
In file upload scenarios, BigFix Platform allows you to enable the BigFix
Relays to immediately forward received file chunks upstream, instead of
storing files locally, using a new setting named
_BESRelay_PostFile_PassThrough.
For details, see List of settings and detailed descriptions
<https://help.hcl-software.com/bigfix/11.0/platform/Platform/Config/r_client_set.html>
.
VMware cloud plugin connection secured with vCenter certificates!
BigFix Platform allows you to install the vCenter certificates on the
system where you intend to install the VMware cloud plugin; this allows it
to open secure connections.
For details, see Configuring cloud plugins
<https://help.hcl-software.com/bigfix/11.0/platform/Platform/Config/c_config_cplugins.html>
.
Azure cloud plugin is able to put the VMs in a deallocated state!
The Azure cloud plugin has a new command named deallocate instance; by
leveraging this feature you can more closely control your infrastructure
costs on Azure.
For details, see Microsoft Azure Plugin Commands
<https://help.hcl-software.com/bigfix/11.0/platform/Platform/Config/c_azure_cloudplugins_commands.html>
.
Added BESAdmin command to convert BigFix operators from one Identity
Provider to another!
With the converttoidpoperators BESAdmin command, you can convert BigFix
operators from one Identity Provider to another already configured Identity
Provider. This is useful if, for example, you want to convert your BigFix
operators from referencing MSAD to referencing Entra ID. This command is
available on Windows platform only.
For details, see BESAdmin Windows Command Line
<https://help.hcl-software.com/bigfix/11.0/platform/Platform/Installation/c_besadmin_windows_cli.html>
.
Added BESAdmin command to set the priority in case of transaction deadlocks
in the database!
With the databaseDeadlockPriority BESAdmin command, you can set a "Low",
"Normal" or "High" priority for the BigFix Administration tool Computer
Remover and Audit Trail Cleaner so that you can influence how Microsoft SQL
Server resolves the deadlocks. In particular, setting the
databaseDeadlockPriority option value to "High" ensures that critical
transactions are most likely not interrupted.
For details, see BESAdmin Windows Command Line
<https://help.hcl-software.com/bigfix/11.0/platform/Platform/Installation/c_besadmin_windows_cli.html>
, BESAdmin Linux Command Line
<https://help.hcl-software.com/bigfix/11.0/platform/Platform/Installation/c_besadmin_linux_cli.html>
, Computer Remover
<https://help.hcl-software.com/bigfix/11.0/platform/Platform/Installation/c_clean_up_computer.html>
and Audit Trail Cleaner
<https://help.hcl-software.com/bigfix/11.0/platform/Platform/Installation/c_audit_trial_cleaner.html>
.
Added BESAdmin command to rotate the BigFix WebUI certificate!
With the rotatewebuicredentials BESAdmin command, you can rotate one BigFix
WebUI certificate associated to a given hostname, or the whole BigFix WebUI
Certificate Authority (CA) and all BigFix WebUI certificates.
For details, see BESAdmin Windows Command Line
<https://help.hcl-software.com/bigfix/11.0/platform/Platform/Installation/c_besadmin_windows_cli.html>
and BESAdmin Linux Command Line
<https://help.hcl-software.com/bigfix/11.0/platform/Platform/Installation/c_besadmin_linux_cli.html>
.
Inspector changes!
-
New client inspector type named "cidr subnet" was added to represent the
Classless Inter-Domain Routing (CIDR) value. For details, see cidr subnet
<https://developer.bigfix.com/relevance/reference/cidr-subnet.html>.
-
New "named" constructor for process inspector on MacOS to return the
process object corresponding to the specified name. For details, see
https://developer.bigfix.com/relevance/reference/process.html
-
New inspector properties named "first line of" and "last line of" were
added to return specific lines of a given file. For details, see file
line <https://developer.bigfix.com/relevance/reference/file-line.html>.
-
New inspector properties named "first rawline of" and "last rawline of"
were added to return specific rawlines of a given file. For
details, see file
rawline
<https://developer.bigfix.com/relevance/reference/file-rawline.html>.
-
New inspector properties named "enabled of", "global state of" and
"stealth enabled of" were added on MacOS to return specific firewall
information. For details, see firewall
<https://developer.bigfix.com/relevance/reference/firewall.html>.
Added Support for BigFix Server on Windows and Linux with database Amazon
RDS for Microsoft SQL Server 2022
Starting from Patch 4, BigFix Server on Windows Server (2019 or later) and
on Red Hat 9 supports Amazon RDS for Microsoft SQL Server 2022 database.
Added Support for BigFix Server on Windows and Linux with database Azure
SQL Managed Instance for Microsoft SQL Server 2022
Starting from Patch 4, BigFix Server on Windows Server (2019 or later) and
on Red Hat 9 supports Azure SQL Managed Instance for Microsoft SQL Server
2022 database.
Added Support for BigFix Agent
Added support for BigFix Agent running on Alma Linux 9.5 x86 64-bit.
Library and driver upgrades
-
The boost library was upgraded to Version 1.87.0.
-
The jQuery-UI library was upgraded to Version 1.14.0.
-
The libssh2 library was upgraded to Version 1.11.1.
-
The OpenSSL library was upgraded to Version 3.2.4.
-
InstallShield was upgraded to Version 2024 R2.
-
The Xerces-C++ XML Parser library was upgraded to Version 3.3.0
*Additional information about this release *
- The standalone BigFix tools are published under the 11.0 Utilities
<https://support.bigfix.com/bes/release/> section in BigFix Enterprise
Suite Download Center
- A Non-Functional Requirements checklist, covering both performance and
security management of your BigFix deployment, is available at BigFix
Performance & Capacity Planning Resources
<https://help.hcl-software.com/bigfix/landing/Technical+Documents/Landing_page_shared/Technical_Documents.html>
*References*
- See the full technical changelist
<https://support.bigfix.com/bes/changes/fullchangelist-110.txt>
*Pre-Upgrade Considerations *
Important considerations to keep into account before upgrading to BigFix
Platform Version 11 are:
- BigFix Version 10.0.7 is the minimum version supporting the upgrade of
the BigFix server components to Version 11
- You must enable the “Enhanced Security” before upgrading BigFix
Platform to Version 11
- The minimum TLS supported protocol in BigFix V11 is TLS 1.2
- The SHA1 hashing algorithm for content and action signature will no
longer be supported. SHA1 is still supported for file download in
actionscript. For details, see the BigFix Platform V11 Overview Page
<https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Installation/c_overview.html>
- The unixODBC RPM package is a prerequisite for the Server components
on Linux systems (see Server Requirements). This applies to installations
with a DB2 database.
- The msodbcsql17 RPM package is a prerequisite for the Server
components on Linux systems (see Server Requirements). This applies to
installations with a MSSQL database
- For detailed information on the specific changes to minimum supported
versions of operating systems and databases for BigFix 11, see Detailed
system requirements
<https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0104120>
.
- Before getting started with the upgrade process, stop any active
application that is connected to the BigFix database (such as Web Reports,
WebUI, BigFix Inventory, or BigFix Compliance).
*Useful links *
- BigFix downloads and release information
<https://support.bigfix.com/bes/release/>
- BigFix 11 Platform Documentation
<https://help.hcltechsw.com/bigfix/11.0/platform/welcome/BigFix_Platform_welcome.html>
- Upgrade Windows considerations
<https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Installation/c_upgrading1.html>
- Upgrade Linux considerations
<https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Installation/c_upgrading1_linux.html>
- Detailed system requirements
<https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0104120>
A blog that discusses the benefits of BigFix 11 is available here
<https://bigfix-mark.github.io/Blogs/BigFix%2011%20Improvements%20v1.pdf>
Upgrade Fixlets are available in BES Support version 1600 (or later).
Continue to discuss on the forum
https://forum.bigfix.com/t/bigfix-11-0-patch-4-is-now-available/51502
– HCL BigFix – Platform Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20250414/9e2f5e77/attachment.html>
More information about the Besadmin-announcements
mailing list