Systems Management @ Penn State

This is the home page for Systems Management @ Penn State, a centrally-provided service based on the BigFix Systems Management Platform.

Please sign up for the training if you're interested in learning about or implementing BigFix in your area. BigFix Administrator training session have been scheduled for: November 13, 2009 from 12:30 pm to 5pm in 116 Wagner November 18, 2009 from 12:30 pm to 5pm in 116 Wagner Click on the date link to register.

Contents

• Purpose
• Background
• Support Operating Systems
• Features
• Costs
• How to get started

Purpose

"Green" IT

One of the drivers behind Systems Management @ Penn State is its ability to provide a consistent and reliable way to configure power management without sacrificing usability and management of a client computer. The BigFix platform can empower IT staff at Penn State to remotely configure power settings for the computers they manage so the computers enter a power-saving state when idle. It can also control how and when machines wake from a power-saving state, including Wake-on-LAN and scheduled wakeups.

Reducing the power consumption of idle computers can significantly reduce Penn State's power and cooling costs. Through the BigFix platform administrators can rapidly configure power-saving settings in order to save energy and participate in the University’s green initiatives.

Systems Management

Penn State’s implementation of BigFix is designed to save IT staff time and licensing costs by maintaining a single BigFix infrastructure centrally for all areas of Penn State. While it is a single environment, control is fully delegated to the local IT staff.

Systems Management @ Penn State aims to provide IT staff throughout the University with several valuable systems management capabilities:

• Security - Software and Operating System patch management features help protect systems from both vulnerabilities, which are a constant threat to computers on the Penn State network.
• Asset Intelligence - The advanced hardware and software inventory features provide real-time reporting of assets for greater visibility in their environment.
• Software Deployment - BigFix’s software deployment technology allows IT staff to create, deploy, and share unattended software installation packages as well as configure system settings, regardless of a pre-existing infrastructure such as Active Directory.

Background

In Spring 2009, Information Technology Services (ITS), the Office of Physical Plant (OPP), and the Applied Research Lab (ARL) participated in a proof-of-concept with BigFix Inc. to determine BigFix's ability to decrease Penn State computer power consumption when using the BigFix Systems Management Platform. BigFix was evaluated for its usefulness in conserving power while maintaining or increasing the manageability of the computers.

For several weeks, the BigFix platform was used to monitor the power consumption and usage of approximately 5,800 computers throughout Penn State. Energy reduction settings were then applied to a subset of the computers through the BigFix platform and power consumption was monitored for several more weeks. A significant power consumption difference was documented between the computers that had the power-saving setting applied and the control group that did not.

Based on the results of the proof-of-concept, it was determined that BigFix’s power management features had the potential to save the University between $25 and $60 per machine per year by placing machines in a reduced power state when not in use. In addition to the power-saving results, it was found that the system management features of the BigFix Systems Management Platform were very robust and useful for saving time performing system management and maintenance.

Supported Operating Systems

BigFix supports various Operating Systems and architectures, as listed below:

• 32-Bit Support
  • Fedora Linux Core 3, 4, 5
  • Microsoft Windows 95, 98, ME, NT4, 2000, XP, 2003, Vista, 2008, 7
  • SUSE Linux Enterprise 8, 9, 10
  • Red Hat Linux 8, 9
  • Red Hat Enterprise Linux 3, 4, 5
  • VMware ESX Server 3, 3.5
  • Solaris 10
• 64-Bit Support
  • Red Hat Enterprise Linux 4, 5
  • Windows XP, 2003, Vista, 2008, 7, 2008 R2
  • VMware ESX Server 4
• SPARC
  • Solaris 7, 8, 9, 10
• Architecture Independent
  • Mac OS X 10.3, 10.4, 10.5, 10.6
  • IBIBM AIX 5.1, 5.2, 5.3, 6.1
  • IBM zLinux
  • HP-UX 11, 11.11, 11.23
  • SUSE Linux Enterprise 9, 10

Features

BigFix has many tools and features to help IT staff manage the systems they are responsible for with greater efficiency.

• Power management - BigFix is able to set the power management settings for Windows and Mac clients while also addressing some limitations of the OS. Power settings can be configured and applied through the BigFix management console. The BigFix agent can monitor a system for idle usage and estimate the potential power savings by applying power-saving settings. There are several ways to wake machines that are in a power-saving state:
  • Wake on LAN - BigFix can enable Wake on LAN for systems that have support for the standard in hardware. BigFix's Wake on LAN support includes an important feature, called Last Man Standing, that allows administrators to designate one or more machines per network to act as Wake on LAN relays. Wake on LAN packets are broadcast packets that cannot go beyond a physical network. These machines are used by the central BigFix server to wake up machines by having the local Last Man Standing machine send the Wake on LAN packet.
• Self Wake - The BigFix agent has the ability at the client to wake itself up at a given time that is set by an administrator through a BigFix Task or Fixlet.
• Wake on Touch - BigFix can set a client so that the mouse and keyboard can be used to wake up a machine that is in standby.
• Application Deployment - Administrators can deploy and update applications silently on client machines. 
  • Applications can be deployed immediately, at specific time periods, and/or while a user is logged into the machine or not. System restarts can also be scheduled as a part of application deployment.
  • BigFix can identify application deployments that have failed and notify administrators of the failure that needs their attention.
  • Applications can be deployed to a single machine or all the machines an administrator has rights over. Applications can also be installed if the system meets conditions set by the administrator. 
  • Only BigFix administrators with the appropriate authority over a given system can perform this task and all these actions are digitally signed and logged centrally.
• Patch management - The BigFix platform allows IT professionals to easily identify and apply Operating System and application patches that are needed on any client, and can verify that the patch was installed correctly.  
  • To ensure quick and reliable patch management, BigFix Inc. develops and publishes Fixlets, which are ready-to-deploy update packages specifically for use on the BigFix platform.
  • BigFix Inc. publishes Fixlets for multiple products from vendors including Adobe, Mozilla Firefox, Symantec, and Microsoft. BigFix also allows IT professionals the ability to create their own custom Fixlets for software packages that are not currently published by BigFix Inc.
• Inventory - BigFix collects the hardware and software inventory of each machine that has the BigFix agent installed. The BigFix agent continuously monitors the inventory of a system for changes, and sends inventory updates to the server as needed.
  • Included in the BigFix platform is a robust web interface for generating hardware and software inventory reports.
• Cross Platform - BigFix provides a central system management for Windows, Mac, and Linux based systems. Please see the full list of supported Operating Systems.
• Environment Independent - BigFix is not dependant on Active Directory, and it can fully support machines that are not joined to any Active Directory domain. However, it can also display and sort machines by domain and organizational unit if they are part of an Active Directory domain.
• Security - BigFix requires every BigFix administrator to login using a username, password, and digital certificate.
  • For every action that a BigFix administrator performs, BigFix requires them to type their BigFix password to perform the action. The action is then digitally signed by that BigFix administrator and logged centrally.
  • No action can be executed on a BigFix client without a valid digital signature and all files transferred used for an action must match the SHA-1 hash that BigFix generated when the action was created.
• Delegated Authority - BigFix allows for granular control of environments, which allows each administrative unit to have full management control over the machines in BigFix which they are assigned. 

Cost

BigFix is licensed annually per operating system installation and by the type of operating system. If a physical machine has multiple operating systems installed using virtualization technologies, each of the operating systems uses a separate license and is displayed in the BigFix console as separate machines.

Types of BigFix License:

• Workstation operating system licenses  - All supported workstation versions of Mac, Linux, and Microsoft Windows.
  • Workstation operating system licenses for University owned computers are being funded centrally by the Office of Physical Plant (OPP) and Information Technology Services (ITS) until at least June 30, 2012.
  • If you wish to use BigFix Workstation operating system licenses on non-university owned computers, please contact SysMan@psu.edu for more details.
• Microsoft Windows Server operating system licenses - All supported Windows server versions.
  • Are available for purchase through the Penn State Computer Store, direct link.
• Mac, Linux, or Unix Server operating system licenses - All supported server versions of Mac, Linux, and Unix.
  • Are available for purchase through the Penn State Computer Store, direct link.

How to get started

1. Contact your ITS Consultant.
   • If your Administrative Area has not already signed the Memo of Understanding (MOU) for the service, your ITS Consultant will assist your area in completing the document.
   • Determine the division structure that best fits your administrative area.  Your ITS consultant will also assist you in this task.
2. Select the IT staff in your area that you wish to be Penn State BigFix Administrators for each division. Each person will need to attend BigFix Administrator Training before being granted administrative control over a BigFix division.
3. After successfully completing the BigFix Administrator Training, the new BigFix Administrator will be granted administrative control to each division they are assigned.  Administrators are also joined to a community list serve and a support web site and given access to a server to log into and access the BigFix management console.
4. ITS BigFix staff will provide each BigFix division's administrators with two MSI installers that will need to be installed on the computers you wish to manage using BigFix.
   • The first will be the BigFix client installer.
   • The second will be an installer that instructs the BigFix client what division it is supposed to be a member of.
5. Once both MSI's have been installed on the client machines, the client will join the Penn State BigFix environment and be joined to the correct division. The division's BigFix administrators will then be able to manage the machines using BigFix.

Further Information

Questions from potential partners about this program can be addressed to your ITS consultant or to SysMan@psu.edu.

---

© 2009, The Pennsylvania State University. All rights reserved.
This site maintained by the Classroom and Lab Computing group of Information Technology Services.
Suggestions and comments about this web site: CLC Webmasters; Other contacts here.

This page was last modified: 11/13/2009 8:35:58 AM.