The Provost has directed that BigFix systems-management software should be installed on all campus-owned or -managed desktop and laptop computers starting in 2016. (The UC Davis Health System is not part of this installation.) Much of the campus already uses it, as do several other UC campuses.
BigFix software, made by IBM, is used to remotely manage computers. IT professionals use it to identify security vulnerabilities, respond quickly to cyber-attacks, and centrally apply updates, patches, security upgrades, and applications to desktop and laptop computers (“endpoints”). A small software program is installed on each managed computer, and runs in the background.
At UC Davis, BigFix is set up to assign each local IT administrator rights to a specific group of workstations, which allows each administrative unit to have full management control over the machines in BigFix to which they are assigned. The software leverages campus Active Directory for authentication, requiring every administrator to login using their campus account and password. Every action that a BigFix administrator performs on managed computers is signed digitally and logged centrally.
BigFix helps IT staff deliver services efficiently and effectively to the people they support.
Faculty who manage their own computers can use BigFix to help protect their machines, satisfy cybersecurity requirements, and not worry about keeping up with software updates.
It can help identify all devices and software on the campus network, plus monitor basic inventory information (e.g., the presence or absence of critical security updates, IP address, operating system, and some hardware data).
It helps the campus respond quickly to threats or cyber-attacks, by identifying and protecting computers that may be vulnerable.
It helps the campus comply with security policies, regulations (e.g., HIPAA, FIRPA), and software license agreements.
For IT staff:
You can identify and apply operating system and application patches needed on any client, and can verify that the patch was installed correctly.
Applications can be deployed immediately or during specific times, whether a user is logged in or not. System restarts can be scheduled as a part of deployment.
Applications can be deployed to one machine, or to all machines to which an administrator has rights. Applications can also be installed if the system meets conditions set by the administrator.
Software can be installed over the network in the background, with minimal disruption to the customer.