IBM BigFix

IBM BigFix Inventory
9.x
Documentation
IBM

9.x
Documentation
IBM
ii
Contents
Chapter 1. Overview . . . . . . . ..
What's new in this release . . . . . . . .
Features and functions . . . . . . . . .
Beta features . . . . . . . . . . . .
Limitations . . . . . . . . . . . . .
Business benefits . . . . . . . . . . .
Key concepts . . . . . . . . . . . .
Processor value unit licenses . . . . . .
Processor value unit table . . . . . . .
Resource value unit licenses (RVU MAPC) .
Resource value unit tier table . . . . .
High-water mark . . . . . . . . .
Products, components, and bundles . . .
Main background application tasks . . .
Raw data discovery and matched signatures
Contracts . . . . . . . . . . . .
Scenarios . . . . . . . . . . . . .
Software and hardware discovery . . . .
License consumption verification and
reconciliation . . . . . . . . . . .
Continuous license compliance . . . . .
1
2
3
4
6
7
7
9
10
10
11
13
15
16
17
17
17
..
..
18
19
Chapter 2. Installing BigFix Inventory

Installation roadmap . . . . . . . . . ..
Installation checklist . . . . . . . . . ..
Planning and preparing for the installation . . ..
BigFix Inventory infrastructure . . . . . ..
Scalability guide . . . . . . . . . . ..
Supported operating systems . . . . . ..
Software requirements . . . . . . . . ..
Hardware requirements . . . . . . . ..
Hardware requirements for the server on
Windows . . . . . . . . . . . ..
Hardware requirements for the server on
Linux . . . . . . . . . . . . ..
Hardware requirements for the client . . ..
Port requirements . . . . . . . . . ..
Firewall exceptions . . . . . . . . . ..
Installation users . . . . . . . . . ..
Coexistence scenarios . . . . . . . . ..
Adding License Metric Tool to your BigFix
Inventory deployment . . . . . . . ..
Adding a second BigFix Inventory server ..
Installing the infrastructure components . . . ..
Installation checklist . . . . . . . . ..
Installing IBM BigFix . . . . . . . . ..
Installation diagram . . . . . . . ..
Prerequisite tasks . . . . . . . . ..
Installation scenarios . . . . . . . ..
Installing the IBM BigFix clients . . . ..
Installing BigFix Inventory . . . . . . ..
Installation diagram . . . . . . . ..
Prerequisite tasks . . . . . . . . ..
Installing in interactive mode . . . . ..
Installing in silent mode . . . . . . ..
Copyright IBM Corp. 2002, 2015
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
21
21
22
23
23
25
25
34
36
36
39
42
44
44
44
45
46
50
54
54
56
56
56
59
65
67
68
68
73
75
Configuring BigFix Inventory connections ..

77
Related tasks . . . . . . . . . . ..
82
Installing and configuring Software Knowledge
Base Toolkit . . . . . . . . . . . ..
86
Component architecture of Software
Knowledge Base Toolkit . . . . . . ..
86
Installing Software Knowledge Base Toolkit . 88
Configuring catalog servers . . . . . ..
89
Uninstalling . . . . . . . . . . . . ..
90
Uninstalling a scanner . . . . . . . . ..
90
Deactivating the analyses . . . . . . . ..
91
Uninstalling the server in interactive mode . ..
91
Uninstalling the server in silent mode . . ..
92
Chapter 3. Configuring . . . . . . ..
93
Configuring the product after installation . . ..

93
Performing basic configuration . . . . . ..
93
Required: Setting up a proxy exception list for
environments with proxy servers . . . ..
93
Setting the code page for double-byte
languages . . . . . . . . . . . ..
93
Setting up roles . . . . . . . . . ..
94
Setting up users . . . . . . . . . ..
97
Configuring mail notifications . . . . ..
97
Configuring the application to display inventory 98
Setting up computer properties . . . . ..
98
Setting up computer groups . . . . ..
100
Scheduling the imports of scan data . . ..
101
Managing VM managers . . . . . ..
101
Applying important IBM updates . . . . ..
102
Uploading a PVU table . . . . . . . ..
102
Uploading the software catalog . . . . ..
102
Uploading part numbers . . . . . . ..
103
Setting up scans . . . . . . . . . . ..
104
Distribution of scans for improved performance 104
Enabling software and hardware discovery ..
105
Activating the analyses . . . . . . ..
105
Setting up analysis properties . . . . ..
106
Installing the scanner . . . . . . . ..
106
Initiating software scans . . . . . . ..
108
Uploading scan results . . . . . . ..
112
Initiating the capacity scan . . . . . ..
114
Enabling software discovery on Mac OS X. ..
116
Changing the publisher name for software
detected on Mac OS X computers. . . ..
118
Manually creating signatures for detecting
software on Mac OS X . . . . . . ..
120
Enabling the monitoring of software usage ..
121
Disabling the monitoring of software usage
122
Rerunning a data import . . . . . . ..
122
Excluding directories from being scanned . ..
123
Retrieving excluded directories . . . ..
123
Adding excluded directories . . . . ..
124
Removing excluded directories . . . ..
125
Manually excluding directories . . . ..
127
iii
Defining the scan frequency and schedule . ..

127
Updating the fixlet site . . . . . . . . ..
128
Checking the version of the fixlet site . . ..
128
Updating the content of the fixlet site on
Windows . . . . . . . . . . . . ..
129
Updating the content of the fixlet site on Linux 129
Caching the files . . . . . . . . . ..
130
Configuring server settings . . . . . . . ..
131
Advanced administration server settings . ..
131
Performing optional configuration . . . . ..
133
Optimizing the volume of scanned file data ..
133
Disabling subcapacity calculations . . . ..
135
Configuring the application usage statistics ..
136
Updating scanner catalogs . . . . . . ..
137
Configuring data retention period . . . ..
138
Shortening the retention period gradually to
avoid problems with growing database size . 138
Setting the home page . . . . . . . ..
139
Chapter 4. Upgrading . . . . . . ..
Upgrading to BigFix Inventory 9.2.1 . . . . ..
Backing up the server . . . . . . . ..
Upgrading the server with a Fixlet . . . ..
Upgrading the server in interactive mode . ..
Upgrading the server in silent mode . . ..
Configuring the server after the upgrade . ..
Optimizing the volume of scanned file data
Configuring without optimizing the volume
of the scanned file data . . . . . . ..
Restoring the server after a failed upgrade ..
Migrating from License Metric Tool 9.2.1 . . ..
Backing up the server . . . . . . . ..
Extending the license entitlements . . . ..
Migrating the server in interactive mode . ..
Migrating the server in silent mode . . . ..
Performing post-migration tasks . . . . ..
Restoring the server after a failed migration ..
Migrating from License Metric Tool and Tivoli
Asset Discovery for Distributed 7.2.2 and 7.5 . ..
Overview and requirements . . . . . ..
Migrated items . . . . . . . . . . ..
Migrating in parts . . . . . . . . . ..
Step 1: Preparing for migration . . . . ..
Step 2: Mapping the agents. . . . . . ..
(Optional) Step 3: Migrating Software
Knowledge Base Toolkit . . . . . . . ..
Step 4: Scanning your environment . . . ..
Optional: Optimizing the software scan ..
Step 5: Migrating your environment . . . ..
Verifying the migration . . . . . . . ..
Verifying the export to csv files . . . ..
Verifying the simulation and migration
reports . . . . . . . . . . . ..
Verifying the environment . . . . . ..
Migrating from Software Use Analysis 2.2 . . ..
Overview and requirements . . . . . ..
Migrated items . . . . . . . . . . ..
Adding endpoints by BigFix computer group
Step 1: Grouping migrated and unmigrated
endpoints . . . . . . . . . . . ..
Step 2: Applying the migration patch . . ..
iv
141
141
141
142
142
143
143
143
144
144
145
145
145
146
147
148
152
153
153
155
158
158
159
160
162
163
164
167
167
170
177
182
182
183
185
185
186
Step 3: Installing BigFix Inventory 9.2.1. . ..

Step 4: Migrating endpoints . . . . . ..
Step 5: Verifying that endpoints are migrated
Identifying migrated endpoints in BigFix
Inventory 9.2.1 . . . . . . . . . ..
Step 6: Migrating data objects . . . . . ..
Step 7: Verifying the completed migration . ..
Migration reports . . . . . . . . ..
Statuses in migration reports . . . . ..
Increasing the number of file and filter rules for
custom signatures . . . . . . . . . ..
Chapter 5. Managing the

infrastructure . . . . . . . . . ..
Scalability guide . . . . . . . . . . ..
Infrastructure administrator dashboard . . . ..
Viewing hardware inventory . . . . . . ..
Computer statuses. . . . . . . . . ..
Managing VM managers . . . . . . . ..
Supported virtualization types. . . . . ..
VMware vSphere . . . . . . . . ..
Microsoft Hyper-V . . . . . . . ..
Kernel-based Virtual Machine . . . . ..
Capacity data flow . . . . . . . . ..
Basic VM management (central) . . . . ..
Understanding the VM Managers panel ..
Adding VM managers . . . . . . ..
VM manager statuses. . . . . . . ..
Troubleshooting: Enabling the VM Managers
panel . . . . . . . . . . . . ..
Advanced VM management (distributed) . ..
Deployment scenarios . . . . . . ..
Installing additional VM Manager Tool . ..
Uploading collected data . . . . . ..
Adding VM managers . . . . . . ..
Running VM Manager Tool. . . . . ..
Additional configuration . . . . . ..
Collecting capacity data directly from KVM
hosts . . . . . . . . . . . . . ..
Removing capacity scan data from the host
Maintenance tasks . . . . . . . . . ..
VM Manager Tool installation requirements
Log files . . . . . . . . . . . ..
Changing the upload schedule . . . ..
Forcing the upload of collected data . . ..
Checking the VM Manager Tool version ..
Updating VM Manager Tool . . . . ..
Uninstalling VM Manager Tool . . . ..
Scanning remote shared file systems. . . . ..
Identifying computers on public clouds . . ..
Importing software scan data . . . . . . ..
Configuring catalog servers . . . . . . ..
Starting the server . . . . . . . . . . ..
Linux icon Starting the server on Linux . ..
Windows icon Starting the server on Windows
Stopping the server . . . . . . . . . ..
Linux icon Stopping the server on Linux . ..
Windows icon Stopping the server on Windows
Managing multiple data sources . . . . . ..
Adding a data source. . . . . . . . ..
Deleting a data source . . . . . . . ..
188
189
191
191
192
194
194
196
198
201
201
201
202
202
204
204
204
206
212
213
215
215
216
218
219
222
222
225
226
227
228
229
235
236
236
236
237
237
238
239
239
240
241
243
243
244
244
245
245
245
245
245
246
247
247
Updating the database password .
..
Chapter 6. Managing software

inventory . . . . . . . . . . . ..
Software asset management dashboard . . . ..
Maintaining accurate software inventory . . ..
Software catalogs . . . . . . . . . . ..
Catalog customization process . . . . . ..
Step 1: Prioritize the work . . . . . ..
Step 2: Analyze your software . . . . ..
Step 3: Review information about files and
packages . . . . . . . . . . . ..
Step 4: Create component signatures . ..
Downloading the software catalog . . . ..
Updating the software catalog . . . . . ..
Creating and deleting custom catalog entries
Searching the catalog . . . . . . . ..
Creating custom catalog entries . . . ..
Editing custom catalog entries . . . . ..
Deleting custom catalog entries . . . ..
Creating signatures from package data . ..
Creating signatures from scanned file data
Software discovery process after customizing
the catalog . . . . . . . . . . ..
Exporting and importing custom signatures ..
Exporting signatures . . . . . . . ..
Importing signatures . . . . . . . ..
Synchronizing software catalog content with
other BigFix Inventory instances . . . . ..
Managing the catalog content in Software
Knowledge Base Toolkit . . . . . . . ..
Software model. . . . . . . . . ..
Software Knowledge Base Toolkit signatures
supported in BigFix Inventory . . . . ..
Updating the software catalog in Software
Knowledge Base Toolkit . . . . . . ..
Customizing the catalog content . . . ..
Reviewing software inventory . . . . . . ..
IBM Software Classification . . . . . ..
Automated bundling . . . . . . . . ..
Part numbers . . . . . . . . . ..
Partition collocation . . . . . . . ..
Infrastructure collocation . . . . . ..
Stand-alone product discovery . . . ..
Confirming the assignment of a software
instance . . . . . . . . . . . . ..
Reassigning software instances . . . . ..
Excluding software instances from pricing
calculations . . . . . . . . . . . ..
Including software instances in pricing
calculations . . . . . . . . . . . ..
Sharing software instances . . . . . . ..
Adding custom bundling options. . . . ..
Removing custom bundling options . . ..
Software utilization . . . . . . . . . ..
PVU and RVU MAPC usage . . . . . ..
Viewing PVU and RVU MAPC utilization
Creating audit snapshots of PVU and RVU
MAPC utilization . . . . . . . . ..
Utilization of other license metrics . . . ..
Viewing utilization of other license metrics
247
249
249
252
253
254
254
254
255
256
257
258
258
259
259
261
261
262
263
265
266
266
267
267
268
268
271
272
277
284
284
286
287
289
290
290
291
292
294
295
296
297
299
299
299
300
303
306
308
Disabling the collection of other license

metrics . . . . . . . . . . .
Reports . . . . . . . . . . . . .
Available reports . . . . . . . . .
Managing reports . . . . . . . . .
Applying report filters . . . . . .
Exporting reports to a file . . . . .
Saving customized report views . . .
Scheduling report emails . . . . .
Contracts . . . . . . . . . . . . .
Maintaining contracts . . . . . . .
Creating contract custom fields . . . .
Creating contracts . . . . . . . . .
Contract usage report . . . . . . .
Extended discovery of Oracle Database. . .
Coverage of Oracle licensable options . .
Discovering Oracle Database software . .
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
Chapter 7. Tutorials . . . . . . . ..
309
310
310
314
314
315
315
317
317
318
319
319
321
322
322
323
327
Tutorial: Simplified catalog management . . ..

Lesson 1: Downloading a new IBM software
catalog . . . . . . . . . . . . ..
Lesson checkpoint . . . . . . . . ..
Lesson 2: Updating the software catalog . ..
Lesson 3: Importing software scan data. . ..
Lesson 4: Creating software signatures . . ..
Tutorial: Bulk software classification using external
tools . . . . . . . . . . . . . . ..
Lesson 1: Reassigning large quantities of
software instances . . . . . . . . . ..
Lesson 2: Excluding software instances from
usage calculations . . . . . . . . . ..
Chapter 8. Security . . . . . . . ..
327
327
328
328
329
329
329
330
333
333
334
337
339
Flow of data. . . . . . . . . . . . ..
Security configuration scenarios . . . . . ..
Configuring secure communication . . . . ..
Creating private keys and certificates . . ..
Signing certificates . . . . . . . . ..
Enabling secure communication . . . . ..
Assuring compliance with federal encryption
standards. . . . . . . . . . . . . ..
Federal Information Processing Standard 140-2
Configuring the server to achieve FIPS
compliance . . . . . . . . . . . ..
SP800-131 compliance . . . . . . . ..
Enabling SP800-131 compliance . . . . ..
Authenticating users with LDAP . . . . . ..
Configuring the connection to a directory server
Editing a directory server configuration ..
Deleting a directory server configuration ..
Linking users to directories. . . . . . ..
User provisioning . . . . . . . . . ..
Integrating users with Web Reports . . . ..
Configuring and enabling single sign-on . . ..
Option 1: Configuring single sign-on based on
Security Assertion Markup Language token ..
339
341
342
343
344
345
Contents
346
346
347
347
347
348
348
349
349
349
350
350
352
352
Single sign-on based on the exchange of

Security Access Markup Language token ..
Step 1: Configuring single sign-on settings
Step 2: Configuring claim rule of relaying
party trust on the AD FS server . . . ..
Step 3: Enabling single sign-on . . . ..
Reverting disabled SSO configuration for
SAML . . . . . . . . . . . . ..
Option 2: Configuring single sign-on based on
IBM Lightweight Third-Party Authentication ..
Exporting the LDAP server SSL certificate
embedded in IBM Security Access Manager .
Configuring LTPA single sign-on . . . ..
Importing LTPA keys into IBM Security
Access Manager . . . . . . . . ..
Importing the BigFix Inventory server
certificate into IBM Security Access Manager .
Configuring a virtual junction . . . . ..
Enabling the LTPA single sign-on. . . ..
Reverting disabled SSO configuration for
LTPA . . . . . . . . . . . . ..
Logging out of the BigFix Inventory server ..
Disabling the single sign-on configuration . ..
Deleting the single sign-on configuration . ..
Relays . . . . . . . . . . . . . . ..
Chapter 9. Troubleshooting and

support . . . . . . . . . . . . ..
Troubleshooting a problem . . . . . . . ..
Troubleshooting software inventory problems ..
Changing and analyzing scanner trace settings
Changing scanner trace settings . . . ..
Analyzing scanner trace settings . . . ..
Initiating and uploading diagnostic data . ..
Initiating diagnostic data collection . . ..
Uploading scanner diagnostic data . . ..
Common problems . . . . . . . . . ..
Installation and upgrade problems . . . ..
Server operation problems . . . . . . ..
Database problems . . . . . . . . ..
Agent problems . . . . . . . . . ..
Scan problems . . . . . . . . . . ..
Data import problems . . . . . . . ..
Catalog problems . . . . . . . . . ..
User interface problems . . . . . . . ..
Security problems . . . . . . . . . ..
Hardware inventory problems . . . . . ..
Migration problems . . . . . . . . ..
Backing up and restoring the database . . . ..
Backing up the SQL Server database. . . ..
Restoring the SQL Server database . . . ..
Backing up the DB2 database . . . . . ..
Restoring the DB2 database . . . . . ..
Checking why a Fixlet or task is not relevant . ..
Checking the client installation date . . . . ..
Removing the server manually . . . . . ..
Updating scanner catalogs . . . . . . . ..
Logs and return codes . . . . . . . . ..
Server installation and upgrade logs. . . ..
Server log file . . . . . . . . . . ..
vi
352
353
355
355
356
357
357
358
358
360
362
367
367
368
368
368
369
371
371
373
375
375
375
375
375
376
377
377
378
381
381
383
384
387
389
392
392
395
402
403
404
406
406
407
409
410
410
411
412
413
Enabling the logging of memory

consumption . . . . . . . . .
Import logs . . . . . . . . . . .
Enabling debug logging for the import
process . . . . . . . . . . .
Database creation logs and return codes .
Server installation and uninstallation return
codes . . . . . . . . . . . . .
Manually adjusting the PVU per core value .
Contacting IBM Software Support . . . .
..
..
414
414
..
..
416
416
..
..
..
417
418
419
Chapter 10. Tuning performance . ..

Infrastructure . . . . . . . . . . .
Memory performance . . . . . . .
Storage performance . . . . . . . .
Running hard disk tests . . . . . .
Tuning VM manager performance . . .
Tuning performance in big data environments
Configuring the transaction logs size . .
Increasing Java heap size . . . . . .
Maintaining the DB2 database . . . . .
421
..
..
..
..
..
..
..
..
..
Chapter 11. Integrating . . . . . ..

REST API . . . . . . . . . . . . ..
REST API resources and HTTP methods . ..
Common connectors and operators . . . ..
REST API for retrieving authentication token
REST API for retrieving the BigFix Inventory
version . . . . . . . . . . . . ..
REST API for retrieving the data import status
REST API for software inventory management
Retrieval of software products . . . . ..
Retrieval of releases of a product . . . ..
Retrieval of release instances . . . . ..
Retrieval of releases to which a software
instance can be reassigned . . . . . ..
Retrieval of releases to which a release
instance can be reassigned . . . . . ..
Retrieval of instances to reassign to a release
Retrieval of instances shared by releases ..
REST API for software classification . . . ..
Share an instance with more than one
product . . . . . . . . . . . ..
Inclusion of instances in a pricing calculation
Exclusion of instances from pricing
calculations . . . . . . . . . . ..
Reassignment of instances to a product. ..
Reassignment of instances to a product for a
list of releases . . . . . . . . . ..
Confirmation of instances to bundle or assign
Confirmation of the assignment of instances
for a release . . . . . . . . . . ..
REST API for administration server settings ..
Retrieval of the administration server settings
Configuration of the administration server
settings . . . . . . . . . . . ..
REST API for retrieving computer systems,
software instances, and license usage . . ..
Scenarios . . . . . . . . . . . ..
Retrieval of computer systems. . . . ..
421
421
422
422
423
424
424
425
425
427
427
427
428
429
430
432
434
434
436
438
441
442
445
446
448
448
450
451
453
455
457
458
460
460
462
463
464
467
Retrieval of software instances. . . . ..

Retrieval of license usage . . . . . ..
REST API for export and import of saved report
views . . . . . . . . . . . . . ..
Exporting and importing a saved report view
Export of saved report views . . . . ..
Import of saved report views . . . . ..
REST API for import of contracts . . . . ..
Import of contracts . . . . . . . ..
Importing contracts from a file in CSV
format . . . . . . . . . . . . ..
471
475
478
478
479
481
483
483
Integrating with SmartCloud Control Desk . ..

Importing your data . . . . . . . . ..
Viewing your data. . . . . . . . . ..
Viewing computers and installed software
Viewing PVU and RVU consumption . ..
Notices . . . . . . . . . . . . ..
487
488
489
489
489
491
Trademarks . . . . . . . . . . . . ..
Terms and conditions for product documentation
493
493
Contents
vii
485
viii
Chapter 1. Overview
Use this section to become familiar with IBM BigFix Inventory infrastructure and
key concepts that are necessary to understand how the application works.
What's new in this release

BigFix Inventory 9.2.1 provides new features and enhancements that facilitate your work with the
application.
v Discovery of software installed on Mac computers
You can discover software that is installed on Mac computers and monitor its usage. The functionality
is supported for Mac OS X version 10.8, 10.9, and 10.10. For more information, see: Enabling software
discovery on Mac OS X on page 116
v Extended discovery of Oracle Databases
You can retrieve granular information about the edition (Standard or Enterprise), options, and
Management Packs (including Oracle Real Application Cluster, RAC) of Oracle Databases that are
deployed in your environment. When you combine this information with the collected hardware
inventory data, you can use it to calculate the demand for Oracle Database licenses. The functionality
is supported for Oracle Database 10.2, 11.2, and 12.1. For more information, see: Extended discovery
of Oracle Database on page 322.
v Monitoring utilization of license metrics other than PVU and RVU MAPC
Resource Utilization report provides information about the maximum utilization of license metrics
other than PVU and RVU MAPC over the last 30 days. If a product can use five license metrics, each
metric is shown as a separate row on the report. What is more, all metrics that are available for a
product are displayed, not only the metrics that are defined by your license agreement. You can export
the history of license utilization and aggregate it manually outside BigFix Inventory according to the
information that is provided in the license agreement. The data is available only for products that
deliver resource utilization data (.slmtag files). For more information, see: Utilization of other license
metrics on page 306.
v Two-factor authentication and single sign-on support in BigFix Inventory
You can now use the two-factor authentication and use single sign-on to log on to BigFix Inventory
and maintain login consistency with other applications in the enterprise. You can configure BigFix
Inventory to use two-factor authentication with single sign-on based either on the exchange of Simple
Access Markup Language (SAML 2.0) token and Microsoft Active Directory Federation Services as
Identity Provider or you can use the IBM Lightweight Third-Party Authentication (LTPA) technology
and IBM Security Access Manager for Web as the authentication service. For more information, see:
Configuring and enabling single sign-on on page 352.
v Coexistence of multiple instances of BigFix Inventory on one BigFix platform
You can connect two instances of BigFix Inventory to one BigFix platform. To enable the coexistence,
divide the computers in your infrastructure into two groups by assigning them with unique computer
settings, and creating an analysis that retrieves the values of these settings. Then, modify the data
import so that each server imports data only from computers that have a particular setting, and omits
the remaining ones. As a result, each server manages a separate group of computers. For more
information, see: Adding a second BigFix Inventory server on page 50.
v Identifying computers running on public clouds
If a computer that runs on a public cloud is not identified as such, PVU values might be incorrectly
calculated for the software that is installed on it. To ensure that PVU is calculated in accordance with
the IBM Eligible Public Cloud BYOSL policy, identify computers that run on public clouds and specify
the types of clouds. For more information, see: Identifying computers on public clouds on page 243.
Creating custom signatures based on non-standard file types
You can create custom signatures that are based on any file extension, not only a predefined set of
extensions. The process of creating signatures is the same in both cases. However, the process of
software discovery differs. For more information about creating custom signatures, see: Creating
custom catalog entries on page 259. For more information about differences in software discovery, see:
Software discovery process after customizing the catalog on page 265.
Adding custom bundling options
The IBM software catalog defines which components can be assigned to which products to create
software bundles. The bundles reflect sets of products that are offered under a single entitlement or
license. If a bundle that you purchased does not have a relation that is defined in the IBM software
catalog, add a custom bundling option. It will allow you to assign components to the proper product
to reflect your entitlement. For more information, see: Adding custom bundling options on page 297.
Adding comments to the audit snapshot
When you create the audit snapshot, you can add comments or attach a file with details regarding the
information that is contained in the snapshot. For more information, see: Creating audit snapshots of
PVU and RVU MAPC utilization on page 303.
Checking why a Fixlet or task is not relevant
When a Fixlet or task is not relevant on a particular endpoint, you can create an analysis that checks
which part of the relevance expression is not matched. This way, you can identify the exact reason why
the Fixlet or task cannot be run on an endpoint and troubleshoot the problem. For more information,
see: Checking why a Fixlet or task is not relevant on page 407.
Manually adjusting the PVU per core value
The number of PVUs is assigned per processor core based on the information that is provided in the
PVU table. However, it might happen that the value that is assigned to a processor in your
environment is incorrect. In such case, contact IBM Support to get a permission to manually adjust the
PVU value. When the problem with incorrect detection of the PVU value is solved, remove the manual
adjustment. For more information, see: Manually adjusting the PVU per core value on page 418
Importing delta file system scan
The file system scan generates two outputs: full file system scan and delta file system scan. The former
contains information about all files that were discovered on the endpoint. The latter contains
information only about files that changed between the last two full file system scans. Delta file system
scan is imported to BigFix Inventory in the first place to improve the import performance. For more
information, see: Types of software scans on page 111.
Retention period is enabled by default for new installations
Data retention period is the period after which historical data or resource utilization data is removed
from the BigFix Inventory database. Retention period is set by default in fresh installations of BigFix
Inventory. If you upgraded from Software Use Analysis, your original settings were preserved. For
more information, see: Configuring data retention period on page 138.
Support for new platforms
The BigFix Inventory server can be installed on Red Hat Enterprise Linux 7. The BigFix client can be
installed on Windows 10 and Ubuntu. For more information, see: Supported operating systems on
page 25.
Features and functions

IBM BigFix Inventory 9.2.1 provides useful features for managing virtualized environments. It discovers
the software that is installed in your infrastructure, helps you to analyze the consumption data, and
allows you to generate reports.
Software discovery and identification

BigFix Inventory scans your infrastructure to determine what software is installed on the monitored
computers.
Signature discovery and creation

BigFix Inventory discovers signatures that allow products to be detected by inventory and usage scans.
The application uses the software catalog to match signatures that are discovered with software products
that are installed in your infrastructure. You can create new signatures for software items that are
installed on your computers, but are not included in the catalog.
Software usage counting

BigFix Inventory provides you with information about how software that is installed in your enterprise is
used.
Reports
Reports contain detailed information about the computers in your infrastructure and the software items
that are installed on these computers. By viewing the All IBM Metrics report regularly, you can check
whether actual installations reflect the software inventory information and ensure that the capacity values
are assigned to products correctly.
Contracts
Contracts are used to manage information about licenses for the software products that are installed in
your infrastructure and to track spending that is associated with those licenses. A contract contains
information about the cost of acquiring and maintaining a license, as well as its entitlement start and end
dates.
IBM license compliance

BigFix Inventory provides the information that is needed to ensure compliance with processor value units
(PVU), and resource value units (RVU MAPC) audit reports licensing terms.
BigFix Inventory calculates the maximum core capacity of the server that is available to the installed IBM
software. The application also determines the number of processor value units (PVU) or processor-core
entitlements that are required. If you deploy a supported virtualization technology, the tool provides
processor core capacity information for the whole virtualized environment.
IBM license usage monitoring
You can generate PVU and RVU MAPC audit reports that show the product and processor value units.
The audit reports can be viewed in the application or printed.
Beta features
BigFix Inventory provides a set of beta features that are disabled by default. You can enable these
features, try them out, and provide your feedback to influence how they work when they are officially
released.
Available features
Currently, the following beta features are available:
v Retrieving raw scan results by REST API
Chapter 1. Overview
You can retrieve raw scan results through REST API to improve the monitoring of your environment
by quickly discovering software that was recently installed or modified. Thanks to the new type of
data import, Raw Data Only, data about the software reaches the server much quicker.
For more information about these features and related documentation, see the beta community.
Enabling beta features

Beta features are disabled by default. To enable them, go to https://host_name:port/management/
beta_feature and select the appropriate check box. Identification of computers that are running on public
clouds does not have to be enabled in the BigFix Inventory user interface. To use the feature, run the
Identify Computers on Public Clouds fixlet from the BigFix console.
Providing your feedback

Your feedback is crucial for the development team and your comments and suggestions are very much
appreciated. Test the new features and let us know what you think and what can be improved. Use the
following communication channels to provide your feedback:
v Write a post on the beta forum
v Email us at: [email protected]
Limitations
Review the list of BigFix Inventory limitations.
v When Software Use Analysis 2.2 and BigFix Inventory 9.2.1 are installed on the same computer you
cannot use both applications at the same time
When you log in to Software Use Analysis 2.2, you are automatically logged out from BigFix Inventory
9.2 and the other way round. You can be logged in to only one version of the application at a given
time.
v Distributed Server Architecture (DSA) is not supported
Distributed Server Architecture (DSA) allows for setting up multiple BigFix servers that can replicate
data between themselves. If the main server is disabled, a backup server takes over its role ensuring
continuous work. The architecture is not supported because BigFix Inventory can be connected only to
one of the replicated servers at a time. When you try to add another server, a message is displayed
saying that such a database is already connected.
v Changing the host name of the BigFix server is not supported
The host name of the BigFix server cannot be changed because it is recorded in the license certificate
during the installation. To change the host name of BigFix, reinstall the application.
v SP800-131a compliance cannot be enabled with Microsoft SQL Server
If the SP800-131a cryptographic standard is enabled in strict mode in BigFix Inventory and the
enhanced security mode is configured on the BigFix and MS SQL servers, connection between the
BigFix Inventory server and the SQL Server cannot be established.
v Automatic update of the software catalog from Software Knowledge Base Toolkit does not work if
the SP800-131a standard is enabled in strict mode
If you are using the SP800-131a cryptographic standard in strict mode, the software catalog cannot be
automatically downloaded from Software Knowledge Base Toolkit. To update the catalog, you must
manually download it from Software Knowledge Base Toolkit and upload it to BigFix Inventory.
v Reports show the current PVU per core value instead of the value that occurred during the license
peak time
IBM PVU Subcapacity and All IBM Metrics reports as well as the audit snapshot show the current PVU
per core value instead of the value that occurred during the license peak time. It does not affect the
calculation of PVU subcapacity and full capacity. To display the value that occurred during the license
peak on the reports, change the start date of the report to a more recent date. Try changing the date
until you find the date when the PVU per core value changed. It allows you to have consistent
information displayed on the reports.
Creating contracts and catalog customizations for IBM products is limited
IBM provides catalog content that allows for discovering practically all IBM products. Due to internal
reasons, entries for some products are duplicated in this catalog. Thus, it is not possible to modify the
correct entry and creating contracts for IBM products might not work correctly. Moreover, BigFix
Inventory supports contracts only for installation-based licenses which are not applicable to the
majority of IBM products. Creating contracts for IBM products and customizing IBM products in the
software catalog is discouraged.
Signatures with the same GUID and different rules might be overwritten
When you import a signature that has the same GUID as a signature that already exists in BigFix
Inventory and the new signature has a different number of rules than the existing one, the signatures
are not merged. Instead, the new signature overwrites the existing one. The problem does not occur
when the imported signature has a different or no GUID.
Specific start time cannot be set for actions by using REST API
BigFix REST API requires that the start time for an action is specified as an offset from the time on the
BigFix server. The solution is prone to network latency problems. It might cause that the action starts
at time different from the intended one.
On some panels, users with access to selected computer groups can see data for all computers
On the panels that are connected with reporting license usage and software classification, all users can
see all computers in the environment regardless of the computer group that they have assigned in their
user profiles. The data is displayed this way because limiting the scope of computers would affect
license usage information and would require recalculation of the values that are based on the current
user access restrictions.
Incorrect number of rows can be displayed on reports that are saved as PDF files
The number of rows that is displayed in the upper right corner of a PDF file can differ from the
number of rows that is displayed on the user interface. This problem was only encountered with
Mounted Shared Disks column in the Computers report because it contains multiline entries.
Time values are provided in different time zones on the user interface and in PDF or CSV reports
On some reports, time values are expressed in the local time zone when the report is viewed on the
user interface but in the UTC time when the report is exported to a PDF or CSV file. What is more, the
format of the date and time is hardcoded in PDF reports.
Time ranges on the IBM PVU Subcapacity report and on the IBM PVU Subcapacity Product panel
are in different time zones
When you open the IBM PVU Subcapacity report, the time range is specified in the UTC+02:00 time
zone. However, when you click a product name and go to the IBM PVU Subcapacity Product panel,
the time is expressed in UTC+01:00 time zone.
Fixlet for distributing scanner catalogs to the endpoints is not translated
The Catalog Download (Version: version) fixlet is a custom fixlet that is not delivered with the BigFix
Inventory fixlet site. Such fixlets are not translated.
Language of the installer depends on the system locale
To run the BigFix Inventory installer in a language other than English, system locale must be set to that
language.
Language on the IBM Software Classification panel depends on the browser settings
BigFix Inventory can be configured to use either the web browser locale or the locale that is set in the
application profile. The Software Classification panel does not support the customized locale setting
that is specified in the user profile. It uses only the locale that is specified in the browser settings.
Audit Trail limitations
Chapter 1. Overview
v
v
Audit Trail report cannot be filtered by the Details column and does not contain information about
uploads and imports of part numbers.
Computer running AIX 5.3 Technology Level lower than 8 has the Outdated Version status on the
Deployment Health widget
BigFix client version 8.1 is the highest version that supports AIX 5.3 Technology Level lower than 8.
Even though there is no newer version of the client for this particular operating system, the computer
has the Outdated Version status on the Deployment Health widget.
Permissions that are defined for the Administrator role cannot be changed
The Administrator role is assigned all available permissions. It prevents from creating separate
Administrator roles, for example one responsible for data, the other for users.
Catalog search does not work during the catalog import
Catalog search does not work during the import of the catalog. It works correctly during imports that
do not contain a new catalog.
Signature definitions are not available on the Catalog Audit report for custom signatures that were
deleted
When you delete a custom signature from the software catalog, definition of this signature is not
available on the Catalog Audit report. The definition section is empty.
Process IDs are not present in audit snapshots
Sending reports to your email
When you schedule multiple reports to be sent to your email, you must ensure that they are not being
sent at the same time. The reason is that each report is managed in a different session that starts when
the report is being sent, and ends when the action is completed. Each closed session, however,
terminates also other sessions, in this case the delivery of other reports. The schedule therefore must be
different for each report. The sufficient interval is about 5-10 minutes, you can specify it while setting
the start time.
Filtering computers based on their IP addresses
When you filter your computers based on their IP addresses and specify the relation as ends with, no
computers are displayed even if some computers match the criteria. To work around this issue, you
can choose other relations, such as contains or begins with. This limitation concerns all reports.
Business benefits
IBM BigFix Inventory offers valuable benefits to your enterprise.
By using BigFix Inventory, you will:
Know what you have
BigFix Inventory identifies software, hardware, and license models in your infrastructure.
Manage what you have
By analyzing the consumption data, BigFix Inventory helps you to:
v Understand current license consumption
v Determine a root cause of license compliance discrepancies
v Prioritize and run follow-up actions
Optimize your license consumption
BigFix Inventory helps you to predict and plan future license consumption. Optimize your
software consumption periodically to avoid not meeting your contractual licensing conditions.
Reduce your costs
Optimize your license costs by removing unused software. Plan your budget based on the BigFix
Inventory reports. You can also avoid making license compliance payments by aligning software
assets with legal licenses and ensuring that no unlicensed software is used.
Key concepts
There are several concepts that will help you to understand how BigFix Inventory works and how to use
it effectively.
Processor value unit licenses

A processor value unit (PVU) is a unit of measurement that is used for determining the licensing costs of
IBM middleware products. It is based on the types of processors that are deployed on servers where the
software is installed. For each product, you must acquire the appropriate number of PVUs that is defined
for the specific processor on which the software is deployed.
The number of required PVUs is based on the processor technology and the number of processors that
are available to the software product. For PVU-based licensing, IBM defines a processor as a processor
core on a chip. For example, a dual-core processor chip has two processor cores. PVUs are assigned per
core, not per processor. The number of PVUs that are assigned to a processor core is defined in the PVU
per core table.
Processor value unit license types

Entitlements can be full capacity or subcapacity. Full capacity is based on the overall number of processor
cores on the physical server on which a product is installed. Subcapacity licensing is available only in a
virtualized environment. It is based on the number of PVUs that are available to the licensed software,
not the total PVU count on the physical server. PVUs are transferable among systems by product within
an enterprise.
Subcapacity licensing can significantly reduce the licensing cost, especially with a move to a newer
processor core technology. However, subcapacity licensing requires that a number of requirements are
met. For more information, see: Passport Advantage Virtualization Capacity (Subcapacity) Licensing.
Below are described three scenarios that describe how the cost of software license is calculated. The
calculations are based on sample values and should be treated as examples.
Scenario 1: Full capacity on a physical server
IBM MQ software is installed on a server that has two Intel Xeon 3400 processors, each processor
with eight cores (16 cores in total).
Server 1
MQ
16 physical
WebSphere
cores
Because the environment is not virtualized, subcapacity license does not apply. Full capacity
license is counted as the highest number of PVUs on the server where the software is installed.
According to the PVU table, when the server has two sockets, this processor model is assigned 70
PVUs per core. The following table shows how the cost of full capacity license is calculated for
IBM MQ software that is installed on this server.
Table 1. Cost of full capacity license for IBM MQ software
Description
Full capacity
Cores to license
16
PVU per core
70
Chapter 1. Overview
Table 1. Cost of full capacity license for IBM MQ software (continued)

Description
Full capacity
Software cost per PVU
$50
License cost
1670$50 =$56,000
Scenario 2: Subcapacity on two virtual machines

Two virtual machines are deployed on a server that has two Intel Xeon 3400 processors, each
processor with eight cores (16 cores in total). Each VM is assigned eight virtual cores. WebSphere
software is installed only on the first virtual machine and has access to eight cores. IBM MQ
software is installed on both virtual machines and thus has access to 16 cores.
Server 1 | 2 processors | 16 cores in total
Virtual
machine 1
8 virtual
cores
MQ
WebSphere
Virtual
machine 2
8 virtual
cores
MQ
Virtual machines or partitions that restrict the available processor capacity can be created by
using eligible virtualization technologies. The license is counted as the highest number of PVUs
that are available for the VM on which the product is installed. You acquire licenses for the lower
value: subcapacity or full capacity.
PVUs per core. The following table shows how the cost of full capacity license and subcapacity
license is calculated for IBM MQ software and WebSphere software that is installed on this server.
Table 2. Cost of full capacity and subcapacity license for IBM MQ software and WebSphere software
Description
Full capacity for IBM MQ

and WebSphere software
Subcapacity for IBM MQ

software
Subcapacity for
WebSphere software
Cores to license
16
16
PVU per core
70
70
70
$50
$50
$50
License cost
1670$50 =$56,000
1670$50 =$56,000
870$50 =$28,000
Scenario 3: Capacity in a virtual environment where the VM manager is not defined

Important: This scenario is not supported. It is provided to explain the consequences on not
defining the VM manager that control resources that are available to the virtual machines. VM
managers must be defined to properly report PVU consumption.
Two virtual machines are deployed on a server that has two Intel Xeon 3400 processors, each
with eight cores (16 cores in total). The first VM is assigned 12 virtual cores. The second VM is
assigned 10 virtual cores. IBM MQ software is installed on both VMs.
Server 1 | 2 processors | 16 cores in total
Virtual
machine 1
12 virtual
cores
MQ
Virtual
machine 2
10 virtual
cores
MQ
If a virtual machine manager is not defined, BigFix Inventory does not have access to information
about the number of sockets and physical cores on the server on which the VMs are deployed. It
has access only to information about the processor model and the number of virtual cores that
each virtual machine is assigned. The sum of virtual cores to which IBM MQ software has access
is greater than the number of physical cores that are available on the server.
The number of PVUs per core that is assigned to a processor depends on the number of sockets
on the host. Because BigFix Inventory does not have access to this information, it assigns the
highest PVU per core value that is defined for the particular processor in the PVU table.
PVUs per core. However, due to the lack of information about the number of sockets, software is
charged 120 PVUs per core. It is the highest number of PVUs that is defined in the PVU table for
this type of processor. The following table shows the cost of license for the IBM MQ software
depending on whether the VM manager is defined.
Table 3. Cost of license for IBM MQ software depending on whether the VM manager is defined
Capacity for IBM MQ software when the VM manager
is defined
Description
Full capacity
Subcapacity
Capacity for IBM MQ

software when VM
manager is not defined
Cores to license
16
22 capped to 16
22
PVU per core
70
70
120
$50
$50
$50
License cost
1670$50 =$56,000
1670$50 =$56,000
22120$50 =$132,000
Processor value unit table

A processor value unit table contains information about the conversion ratio that is used for available
processor types.
The processor value unit table supports processor-based pricing models in which charges differ according
to the type of processor on which the licensed product is installed and running. In the table, a number of
units is assigned to each processor type for which this type of pricing model is available. It is necessary
to ensure that the table is updated to reflect the ratios for all processors in use.
If a processor cannot be properly identified by an agent, it is shown in the processor table as OTHER.
This case can occur because it is a new processor type and its discovery is not yet supported. In this
situation, upload the newest processor value unit table.
Chapter 1. Overview
Resource value unit licenses (RVU MAPC)

Resource value unit (RVU) licensing provides the means for pricing structures to be based on the number
of activated processor cores used or managed by a product (MAPC - manage activated processor cores).
An activated processor core is a processor core that is managed or used by a product, regardless of
whether the capacity of the processor core can be limited through virtualization technologies.
Entitlements can be full capacity or subcapacity.
Agents retrieve information about the number of processors used to determine the level of license use in
terms of resource value units.
Resource value unit license types

The following license types base the calculation of license use on the number of activated processor cores
managed or used by products:
v Full Capacity License
The license is counted as the highest number of resource value units in the physical hardware
environment that are managed by the product.
v Subcapacity License
The license is counted as the highest number of resource value units that are available for use by the
product. The virtualization capacity license counting rules that define how many activated processor
cores must be counted, is at: Virtualization Capacity License Counting Rules.
Resource value unit tier table

The resource value unit (RVU) tier table is used to apply a factor for different numbers of activated
processor cores. The greater the number of activated processors, the fewer RVUs are required.
Table 4. The RVU tier table for activated processor cores
Tier
From quantity
To quantity
Factor
2500
1.00
2501
10000
0.80
10001
50000
0.60
50001
150000
0.40
150001
0.20
To license in the following core environment:

v Servers with 45,000 activated processor cores
Follow these steps:
1. Begin with the total number of activated processor cores to be purchased for a single RVU-based
product.
2. Divide the quantity into tiers based on the RVU tier table. For example, if 15,000 activated processor
cores are purchased, tier 1 has 2,500, tier 2 has 7,500, and tier 3 has 5,000.
3. Multiply the number for each tier by the applicable factor to determine the RVUs per tier.
4. Add the RVUs for each tier to determine the total RVUs required for the product.
5. Multiply the total RVUs by the product price.
The following table shows the 45,000 activated processor cores divided into quantity tiers.
10
Table 5. Activated processor cores divided into quantity tiers

Tier
Number of managed cores
RVUs
2500
2500
7500
6000
35000
21000
Total
45000
29500
The following calculation is used to determine the number of RVUs required to license the 45,000
activated processor cores in the server environment.
v The first tier is used to calculate the first 2,500 activated processor cores at the factor of 1 per core
(2,500 x 1).
v The second tier is used to calculate the activated processor cores from 2,501 to 10,000 at the factor of
0.8 per core (7,500 x 0.8 = 6,000).
v The third tier is used for those activated processor cores from 10,001 to 50,000 at the factor of 0.6 per
core (35,000 x 0.6 = 21,000).
v Adding the RVUs together for each tier, 29,500 RVUs are required to license the 45,000 activated
processor cores.
High-water mark
The high-water mark is the highest peak in a PVU or RVU value for a product over a reporting period.
The license consumption for a product can fluctuate depending on the location and configuration of
virtual machines in the physical environment. The high-water mark identifies a maximum consumption
value that represents the number of PVUs or RVUs needed to license a product for a specified reporting
period.
BigFix Inventory monitors your infrastructure and records the high-water mark in PVU and RVU
consumption by each product for each virtual machine in your environment. You can compare your
report totals to your inventory of license entitlements to confirm your compliance.
In these examples, the reporting period is four weeks. PVU is the license type. DB2 enterprise is the
product that is licensed, and the number of PVUs consumed by DB2 are recorded for each week.
Example of high-water mark for a single server with one virtual machine
In this example, a single virtual machine has DB2 installed. The configuration of the virtual
machine changes over time so that the number of processor cores available to DB2 changes. DB2
consumed 800 PVUs in week one, 400 in week two, 1200 in week three, and 800 in week four.
The high-water mark for DB2 in this four-week period occurs in week three. 1200 is the number
of PVUs assessed for this 4-week period.
Chapter 1. Overview
11
DB2 ESE on server A

1400
1200
1000
800
600
400
200
Virtual machine 1
Week 1
800
Week 2
400
Week 3
1200
Week 4
800
Example of high-water mark for a single server with many virtual machines and no CPU
overcommitment to the virtual machines
In this example, a server has four virtual machines that have different PVU values that are
discovered over time. To simplify this example, the virtual machines do not share any processor
cores, and no capping is needed. The server level PVU calculation is the sum of all the virtual
machine level PVU calculations. The chart and table show the number of PVUs consumed by
DB2 for each virtual machine.
The single highest peak is 1200 PVUs in week three. However, DB2 is installed on more than one
virtual machine on the server. To calculate the high-water mark, all of the values from all of the
virtual machines must be counted, and not just one. The high-water mark for DB2 in this
four-week period occurs in week two. 1500 is the number of PVUs assessed for this four-week
period.
DB2 ESE on server A

1600
1400
1200
1000
800
600
400
200
Week 1
Virtual machine 4
Virtual machine 3
Total
12
Week 3
Week 4
400
400
300
400
200
200
400
800
400
1200
800
1200
1500
1400
1400
Virtual machine 2
Virtual machine 1
Week 2
Example of high-water mark for the whole infrastructure

In this example, there are three servers with many virtual machines. The infrastructure PVU
calculation is the sum of all of the server level calculations, and a server level calculation is the
sum of the virtual machine level calculations on that server. The chart and table show the number
of PVUs consumed by DB2 for each server.
The high-water mark for DB2 in this four-week period occurs in week one. 4800 is the number of
PVUs assessed for this four-week period.
DB2 ESE in the whole infrastructure

6000
5000
4000
3000
2000
1000
Week 1
Week 2
Week 3
700
Week 4
1500
Server B
1600
1600
1600
1600
Server A
3200
4800
2000
3600
800
3100
800
3900
Server C
Total
Products, components, and bundles

IBM BigFix Inventory uses catalog based discovery.
The software catalog is a knowledge database that contains information about:
Software product (Offering)
A software product is a logical unit of software packaging and sharing that has a managed
development and maintenance lifecycle and customer visible attributes. It can be a collection of
components, software products whose licensing can be dependent on the licensing of the offering
as a whole.
Component
A component is a unit of software that can be detected as installed or running on computer
systems independently of other software items. It can be a part of a software product, and might
be separately identified, but is not individually licensed.
Signature
A signature is a set of data that is unique to a given distributed software release. It is used to
identify a distributed software release as installed or running on a computer system. There are
two types of signatures:
v Inventory recognition signatures detect if a product or component release is installed on the
system.
v Usage monitoring signatures detect if a product or component release is running on the
system.
A signature can be a file, registry entry, or another identifier, that acts as a fingerprint for
identifying software products. The catalog can be augmented with information about custom or
proprietary software products in your IT environment.
Chapter 1. Overview
13
Software catalog
A software catalog is a collection of software product definitions and data (signatures) that are
used to detect software as installed or used in an IT environment.
An initial software catalog is included in the tool. Be sure to update it regularly, especially if you
install new IBM software on your network. IBM delivers and maintains the IBM Software Catalog
that includes IBM products and a set of non-IBM product definitions.
The following diagram represents the catalog definition for the product IBM Product X. It shows
how the various catalog definitions are related and how they provide a structure that supports
identification of the software.
Product
IBM Product X
Version
IBM Product X 1
IBM Product X 2
Release
IBM Product X 1.1
IBM Product X 1.2
IBM Product X 2.1
IBM Product X 2.2
IBM Product X
Application 1.1
IBM Product X
Application 1.2
IBM Product X
Application 2.1
IBM Product X
Application 2.2
Component
Signature
IBM_Product
IBM_Product
_X_Application _X_Application
-1.1.0.swtag
-1.1.1.swtag
IBM_Product
IBM_Product
-1.2.0.swtag
-1.2.1.swtag
IBM_Product IBM_Product
-2.1.0.swtag
-2.1.1.swtag
IBM_Product
_X_Application
-2.2.0.swtag
IBM_Product
_X_Application
-2.2.1.swtag
The catalog also contains information to support processor value unit (PVU), and resource value
unit managed activated processor cores (RVU MAPC) license metrics. This information includes
indicating which products use one of these metrics and how the license quantity is calculated.
Hierarchy
A hierarchy is a structure that represents software versions, releases, and variations.
Bundle
A bundle is set of products that are offered under a single entitlement or license with no dedicated
components. In the catalog, a bundle is modeled as a software product with setup relationships
to all of the software products that it consists of.
When a file systems is scanned, components are discovered by matching registry information
against signatures that are defined in the catalog. A default product is selected for each
component. You can change the default bundling.
14
Main background application tasks

The main goal of BigFix Inventory is to generate PVU, and RVU audit reports based on the collected
data. All calculations are done in accordance with PVU, and RVU license pricing rules that are described
in the official subcapacity licensing documents.
Aggregation
Aggregation is the main calculation task in BigFix Inventory. The aggregation process is a scheduled
background task that is run on a daily basis at a particular hour. By default it is performed when the
server time is midnight. The task calculates the PVU, and RVU values based on the data that is collected
from the agents during software and capacity scans.
Reaggregation
If the initial software bundles are correct after software discovery and rebundling is unnecessary,
aggregation is the only calculation process that is required on the side of the BigFix Inventory server and
the data that was once calculated is always correct. However, this is rarely the case. You must always
modify some parts of the initial bundles that are proposed by BigFix Inventory. You must always confirm
which bundles are correct for complex products. A complex product is a product that can be bundled
with more than one software offering. After rebundling is complete, the PVU and RVU values that were
already calculated must be refreshed. Reaggregation tasks were designed to recalculate or refresh PVU
and RVU values that were already calculated. Manual actions that might trigger the data reaggregation
include:
v Rebundling a software instance from one product to another
v Confirming the default bundle
v Including software instance in PVU, or RVU calculations
v Excluding software instance from PVU, or RVU calculations
v Sharing an instance
These five actions are very basic operations that the application users perform frequently to adjust the
bundling data. In addition to manual actions, refresh of the calculated data can also be triggered by
automated bundling.
Aggregation versus reaggregation

The aggregation process was designed to calculate the data from many agents for all products over a
short time. In contrast, reaggregation process was designed to perform quick recalculation of PVU, and
RVU values for a selected subset of products that were already aggregated. Aggregation of all products
from all agents is much quicker (even hundreds of times) than reaggregation of the same amount of data.
However, when you must recalculate the PVU and RVU values of only one product, reaggregation
should be quicker than aggregation, which cannot recalculate the reporting value of only one product,
but must reaggregate it for all discovered products simultaneously.
Inventory builder
Inventory builder is another background task that is executed periodically. During this time, the software
inventory is built based on the data from the agent software scans. In other words, this task transforms a
list of discovered software components to a list of the discovered software products. In most cases, the
initial software bundling of detected components performed by the inventory builder has a very low
level of confidence.
Automated bundling
Similarly to aggregation, automated bundling is a periodic background task. It is strictly related to the
inventory builder task when the execution of inventory builder ends, automated bundling starts.
Chapter 1. Overview
15
When the automated bundling task runs, it determines the best bundle connections to all unconfirmed
product instances. If the newly calculated bundles have a higher level of confidence than the current
product bundles, automated bundling rebundles those product instances to the new product with the best
match. In the vast majority of cases, subsequent automated bundling runs calculate the same level of
confidence for most or even for all of the unconfirmed product instances. However, from time to time,
especially in large environments with a large percentage of unconfirmed instances where it can actually
happen frequently, the newly calculated confidence level can turn out to be higher then the old one. In
this case, the software instance is rebundled. The most common reasons why automatic bundling is able
to rebundle some old unconfirmed product instances are:
v Import of a new set of part numbers
v Import of a new software catalog
v After manual rebundling or manual confirmation of one product instance, other unconfirmed product
instances can be better bundled by using partition or infrastructure collocation rules
v Detection of a new simple software component (a component that can be assigned to only one product)
by agents might also change the calculations for other unconfirmed instances due to partition or
infrastructure collocation automated bundling rules.
However, automated bundling does not replace the manual work that must be done to confirm or
rebundle all unconfirmed product instances. The confidence level that is calculated by automated
bundling is supposed to facilitate manual bundling by providing the best potential bundling options for
all unconfirmed product instances.
Extract, Transform, Load (ETL)

In general, Extract, Transform, Load (ETL) is the process in database usage that combines three database
functions that aim at transferring data from one database and placing it into another. The first stage,
Extract, involves reading and extracting data from various source systems. The second one, Transform,
converts the data from its original form into the form that meets the requirements of the target database.
The last stage, Load, saves the new data into the target database, thus finishing the process of
transferring the data.
In BigFix Inventory, the Extract stage involves extracting data from the IBM BigFix server. Such data
includes information about the infrastructure, installed agents and detected software. ETL also checks if
the new software catalog is available, gathers information about the software scan and files that are
present on the endpoints, and collects data from the VM managers.
The extracted data is then transformed to a single format that can be loaded to the BigFix Inventory
database. This stage also involves matching scan data with the software catalog, calculating processor
value units (PVU), processing the capacity scan, and converting information that is contained in the XML
files.
After the data is extracted and transformed, it is loaded to the database and can be used by BigFix
Inventory.
Raw data discovery and matched signatures

Raw data is the unprocessed data that can be used to create new signatures in the software catalog for
unmatched software items.
Raw data includes a list of files that were found on the system and native installation registry entries.
The data is obtained by monitoring process tables of the endpoints in your infrastructure. It can be used
to create and diagnose signatures. Signatures are file names, registry entries, and other types of
information that are unique to a particular software item and can be used to identify it.
BigFix clients, also called agents, are installed on every computer that is managed under BigFix. The
clients collect information about the software that is installed on the endpoints in your infrastructure and
16
send the raw data to the BigFix server. You import this data into the BigFix Inventory server by using the
Extract, Transform, and Load (ETL) import process. The BigFix Inventory server matches discovery data
with the software catalog and generates the inventory and usage reports. If you view the raw usage data
report and find a software item that is not matched by any signature from your current software catalog,
you can create a signature for that item that is based on the raw data.
Contracts
A contract contains information about the cost of acquiring and maintaining a license and its entitlement
start and end dates. You use contracts to manage information about licenses for the software products
that are installed in your infrastructure.
You can assign contracts to specific computer groups to indicate which computers are entitled to use
particular software.
Contract usage reports show the number of software instances that you are entitled to, and the actual
number of software instances that are used. You can reduce spending on unused licenses, and track
computers that use unlicensed instances of a particular software product. You can also track the spending
that is associated with software licenses and manage the costs of extending or downsizing licenses.
Scenarios
To understand the business goals that you can achieve with IBM BigFix Inventory, familiarize yourself
with the main user scenarios. Each scenario presents a real-life example of using the application and lists
personas who are typically involved in achieving a business goal.
Software and hardware discovery

You can use BigFix Inventory to automatically discover hardware and software within your IT
infrastructure.
Workflow
Participants who are involved in the scenario:
v Ian - Inventory Administrator
Ian wants to deploy a tool for license consumption monitoring and basic license compliance management.
He also wants to create an inventory of all hardware in the enterprise. The following flow describes how
he can accomplish his goals.
1. First, Ian obtains a baseline of computers that exist within the IT infrastructure of the enterprise. He
can do this by referring to any existing inventory reports.
2. Then, he reviews a list of operating systems on which agents can be installed. He compares this list
with operating systems on which the discovered computers are running and installs clients on the
endpoints with a supported operating system.
3. When the deployment is complete, Ian organizes computers into computer groups to avoid
overloading the infrastructures.
4. Next, he also configures different types of scans so that they do not interrupt business workloads of
the enterprise. To enable scanning of remote systems and applications, for example VM hypervisors,
or cloud management software, he collects IP addresses and access credentials for these systems and
applications.
5. Clients then perform an automatic capacity scan on the systems on which they are installed. They
collect hardware information about processors that is required for pricing calculations, for example,
processor vendors, brands, types, and number of cores.
Chapter 1. Overview
17
6. Next, Ian finds out what software exists on the computers and meters its use. Clients perform
software inventory discovery. They scan discovered computers and use a software catalog to identify
the software that is installed on these computers. They also collect information about the use of
software products, including information about the level and duration of the use of a product.
7. Periodically, Ian verifies whether up-to-date artifacts are used for software and hardware discovery.
He checks whether the latest approved software catalog or remote discovery plug-ins are used. He
also reviews the operational status of the discovery. For example, he checks whether all infrastructure
scans are successful. If any artifacts are outdated, or problems with discovery occur, Ian takes or
requests a corrective action, such as endpoint troubleshooting, reconfiguration, redeployment; or
performs ad hoc scans to gather the missing information.
8. When Ian verifies the operational status of discovery, he proceeds with verification of the quality of
the discovered data. For products that are sold as a part of bigger offerings, he ensures that the
discovered software is properly associated with its parent products. It is especially important for
middleware software that can come with different bundles that influence software licensing. To
support decision process, he reviews entitlement reports and existing inventory reports or retrieves
details of particular software installations directly from system and application owners. If there are
any discrepancies, he fixes the bundle assignment. For ISV and in-house developed tools, Ian
periodically reviews endpoint operating system data to verify quality of software detection, and
creates new software discovery signatures.
Results
Ian identified the scope of the deployment and deployed BigFix Inventory. He configured different types
of scans, and verified discovery status. He also verified the quality of software inventory data. He
possesses accurate and up-to-date data about hardware and software in the infrastructure of the
enterprise. He can provide this information to Sam, the Software Asset Manager, who is responsible for
identifying unlicensed and unauthorized software, license use optimization, and for software contracts
negotiation.
License consumption verification and reconciliation

You can use BigFix Inventory to verify license consumption, reconcile it with software entitlements, and
to identify and resolve any discrepancies.
Workflow
v Sam - Software Asset Manager
Sam wants to verify software license consumption. The following flow describes how he can accomplish
his goal.
1. Sam reviews effective license entitlements. He analyzes the consumption data and compares it with
license entitlements. He analyzes how license consumption was determined. For example, which
software installations or which software and hardware metrics affect particular license consumption.
He determines root causes of any discrepancies between license entitlement and consumption.
2. Sam retrieves detailed information from system and application owners for particular software
installations to understand why each software product was installed. He takes corrective actions to
properly classify software. His actions result in updated license consumption count. For software that
is no longer used, Sam requests uninstallation or license transfer. For unlicensed software, he either
requests uninstallation, or the purchase of missing licenses.
Results
When these two steps are performed, license compliance baseline is achieved. Sam can now focus on the
continuous license compliance process.
18
Continuous license compliance

You can optimize your license spending and avoid non-compliance issues by periodically analyzing how
changes to the IT infrastructure influence license consumption.
Workflow
v Sam - Software Asset Manager
v Ian - Inventory Administrator
v Robert - Resource Capacity Administrator
Sam wants to ensure that the most efficient licenses are purchased for products that are used in the
enterprise. The following flow describes how he can accomplish his goal.
1. Ian analyzes changes in the IT infrastructure to determine discovery completeness. He checks whether
there are any new systems provisioned or whether any systems are decommissioned. Having this
information, Ian reviews changes to the discovered data and discovery statuses, and determines
corrective actions to ensure full infrastructure coverage.
2. Periodically, Sam reviews changes to license consumption and how they were affected by changes in
the infrastructure. If there are any discrepancies between license consumption and entitlement, Sam
takes corrective actions.
3. Based on the license consumption trends and software usage view, Sam helps in budget planning and
optimizes license cost by removing or transferring unused software. He also performs what-if analysis
and compares available license models to identify most cost-effective schema of software licensing.
4. Sam periodically meets with Robert, the Resource Capacity Administrator, to analyze the impact of
infrastructure on license cost and recommends infrastructure changes. He also analyzes planned
infrastructure changes to assess their impact on license compliance, and to eliminate any potential
non-compliance issues.
Results
By periodically reviewing changes in the IT infrastructure of the enterprise and how they affect license
consumption, Sam can optimize license cost. He can request the removal or transfer of unused software,
and identify the most effective licensing models for future purchases.
Chapter 1. Overview
19
20

Read this section to learn how to install BigFix Inventory.
Tip: To learn more about the new product versioning scheme, visit the BigFix
Inventory wiki page.
Installation roadmap
Review the installation roadmap to be able to see the most important tasks that are to be performed
during installation and configuration.
Stage 1
Plan and prepare
for installation
Stage 2
Install the infrastructure
components
Stage 3
Configure the product
Stage 4
Apply important
IBM updates
Stage 5
Set up scans
Note: Step 2.1

does not apply
if you already have
the infrastructure.
1.1 Plan the topology
2.1 InstallI the BigFix

server and agents
3.1 Perform basic

application
configuration
4.1 Upload a PVU

table
5.1 Enable software

and hardware
discovery
1.2 Review
the operating system
requirements
2.2 Install the BigFix

Inventory server
3.2 Configure
the application
to display inventory
4.2 Upload the

latest software
catalog
5.2 Enable software

use monitoring
(optional)
1.3 Verify other

software
requirements
2.3 Install Software

Knowledge Base
Toolkit (optional)
4.3 Upload part

numbers
1.4 Verify hardware

requirements
1.5 Review security

requirements
21
Installation checklist
Use the following checklist to ensure that you complete all the necessary steps. The Windows and Linux
icons that are used indicate the operating system on which the BigFix Inventory server is installed.
Table 6. The checklist for installing and configuring BigFix Inventory
Stage
Installation step
1.
Plan the installation - ensure that the computer on which you plan to install BigFix Inventory:
__ v Fulfills the minimum hardware requirements
__ v Has sufficient disk space
__ v Has the required software installed on a supported operating system:
Windows
Linux
SQL Server 2008, 2008 R2, or 2012
DB2 10.1 Fix Pack 2 or higher, or DB2 10.5 FP5 or higher, Workgroup Server Edition, Enterprise Server
Edition, or Advanced Enterprise Server Edition
Linux
X server
Linux
Korn shell (ksh)
web browser: Firefox 17 Extended Support Release or higher, Internet Explorer 8.0 or higher, Chrome 35 or higher
2
Install the IBM BigFix server

__ v Download IBM BigFix.
__ v Create the license authorization file.
__ v Install a database for IBM BigFix.
__ v
Windows
Request a certificate and create the masthead.
__ v Install the IBM BigFix server, either on Windows or Linux.

__ v Install the IBM BigFix console on a Windows computer. If you installed the server on Linux, see how to deploy the
console.
__ v Subscribe to the fixlet site.
__ v Install a client on each endpoint that you want to administer under IBM BigFix.
3
Install the BigFix Inventory server

__ v Deploy the BigFix Inventory installer.
__ v Install database software.
__ v Install the BigFix Inventory server, either in interactive or silent mode.
__ v Create the database and configure a connection between BigFix Inventory and BigFix
__ v Optional: Install Software Knowledge Base Toolkit
Configure the application - to ensure the efficiency of BigFix Inventory:

v Perform basic configuration
__ Important: Set up a proxy exception list for environments with proxy servers
__ Set up roles
__ Set up users
__ Optional: Configure mail notifications
v Configure the application to display inventory
__ Set up computer properties
__ Set up computer groups
__ Schedule the imports of scan data
__ Configure data retention period
__ Add VM managers
Apply important IBM updates - to support the processor-based pricing model, to keep your software inventory up-to-date,
and to increase the accuracy of automated bundling, perform the following tasks:
__ v Upload a PVU table
__ v Upload the latest software catalog
__ v Import part numbers
22
Table 6. The checklist for installing and configuring BigFix Inventory (continued)
Stage
Installation step
Set up scans - to ensure that data is gathered and uploaded to IBM BigFix Inventory, perform the following tasks:
__ v Enable software discovery
__ v Enable the software usage monitoring
__ v Rerun a data import
Planning and preparing for the installation

Before you start the installation, review this information on hardware and software requirements and
other considerations.
About this task

You are here:
Stage 1
Plan and prepare
for installation
Stage 2
components
Stage 3
Stage 4
Apply important IBM
updates
Stage 5
Set up scans
BigFix Inventory infrastructure

The typical deployment of IBM BigFix Inventory reuses the BigFix infrastructure: the server, its clients,
which are also called agents, the database, and the console. The Software Knowledge Base Toolkit
application is used for advanced management of the software catalog.
To use IBM BigFix Inventory, BigFix server and clients are required.
The following diagram shows how the BigFix Inventory application interfaces with BigFix server
installation.
Figure 1. Software Use Analysis infrastructure
23
Web user
interface
Software Knowledge Base

Toolkit server
Database
Web user
interface
BigFix Inventory server
Database
BigFix server
Database
Console
BigFix client
BigFix client
BigFix client
BigFix infrastructure
Software Knowledge Base Toolkit

The Software Knowledge Base Toolkit server manages the content of the software catalog. The
Software Knowledge Base Toolkit database contains information about the current knowledge
base content such as manufacturers, software products, and signatures. It also contains license
relationships between software products, and the history of changes that you made in the
knowledge base content. You can use this application for advanced management of the software
catalog content that is outside of the scope of simple catalog management that is available in
BigFix Inventory.
Software Knowledge Base Toolkit runs on Windows, Linux, Solaris, HP-UX, and AIX operating
systems.
The BigFix Inventory server provides a reporting interface for the inventory and limited
application usage data that is collected on the endpoints that are managed by BigFix. Inventory
data is extracted from the BigFix server database and imported into the BigFix Inventory
application database using an Extract, Transform, and Load (ETL) import process. BigFix
Inventory users access the application server from their computers by using a web browser.
BigFix server
The BigFix server offers a collection of services, including application services, a web server, and
a database server, forming the heart of the BigFix system. The server coordinates the flow of
information to and from individual computers and stores the results in the BigFix database.
BigFix console
The BigFix console ties several components together to provide administrators with a
system-wide view of all computers in a network, together with their configurations. An
authorized user can quickly distribute fixlets to each computer and a task to be executed, such as
scheduling or starting a software scan.
BigFix clients
BigFix clients, also called agents, are installed on every computer that is to be managed under
24
BigFix. They collect information about the software that is installed on the computers in your
infrastructure and send this data to the BigFix server. You can then import the data to the BigFix
Inventory server by using a function on the BigFix Inventory web user interface.
The client software runs on Windows, Linux, Solaris, HP-UX, and AIX operating systems.
Scalability guide
Scalability guide is intended to help system administrators plan the BigFix Inventory infrastructure and
to provide recommendations for configuring the BigFix Inventory server to achieve optimal performance.
The guide explains how to:
v Divide computers into scan groups.
v Schedule software scans.
v Run data imports.
It also provides information about other actions that can be undertaken to avoid low performance. The
guide is available on the BigFix Inventory wiki.
Supported operating systems

Ensure that computers on which you want to install the BigFix Inventory components run on supported
operating systems and have all prerequisite software installed.
Supported operating systems for the servers

Table 7. Supported operating systems for the servers
Component
Operating system
IBM BigFix server
Version
Red Hat Enterprise

Linux
Windows
For information about

supported versions of the
operating systems, see IBM
BigFix Server System
Requirements specific to your
version of IBM BigFix:
v 9.2
v 9.1
v 9.0
Red Hat Enterprise

Linux
6.3 for x86 (64-bit) or a

higher 6.x version
7.x for x86 (64-bit)
Windows
2008 R2 (64-bit)
2012 (64-bit)
2012 R2 (64-bit)
Note: Installation with
Server Core option is not
supported.
Database server
DB2
Red Hat Enterprise

Linux
6.3 for x86 (64-bit) or a

higher 6.x version
AIX
6.1
7.1
SQL Server
Windows
2008 R2
2012
25
Supported operating systems for BigFix clients

Some operating systems are supported only by lower versions of IBM BigFix clients. It does not mean
that the whole BigFix platform must be downgraded to a lower version to support a specific operating
system. The latest versions of BigFix support all lower clients. You can install BigFix 9.2 and yet connect
to a client in version 8.2, 9.0 or 9.1.
For information about virtualization technologies and operating systems eligible for PVU subcapacity,
click here. For information about processor technologies eligible for PVU full capacity and subcapacity,
click here.
AIX
Table 8. Supported versions of AIX
Version
Supported virtualization technologies
7.1
PowerVM
Comments
BigFix client
version
9.2
9.1
9.0
8.2
v LPAR
v DLPAR
v Single Shared Processor Pool
v Micro-Partitioning
v Multiple Shared Processor Pools
v Shared Dedicated Processor
v Mobility (Live Partition Mobility)
v System WPARs (Both regulated and un-regulated, also RSET bound)
v WPAR mobility (Live Application Mobility)
IBM zEnterprise BladeCenter Extension (zBX)
Processor Core Deconfiguration
6.1
PowerVM
9.2
9.1
9.0
8.2
v LPAR
v DLPAR
v Multiple Shared Processor Pools
v Shared Dedicated Processor
v Mobility (Live Partition Mobility)
v System WPARs (Both regulated and un-regulated, also RSET bound)
IBM zEnterprise BladeCenter Extension (zBX)
Processor Core Deconfiguration
Debian
Table 9. Supported versions of Debian
Version
Comments
BigFix
client
version
7.0 for x86 (32

and 64-bit)
The support does not include 9.2

subcapacity calculations.
9.1
9.0
6.0 for x86 (32

and 64-bit)

9.1
9.0
26
HP-UX
Table 10. Supported versions of HP-UX
Version
11i v3 IA64
HP Integrity Virtual Machines
Comments
BigFix client
version
9.2
9.1
9.0
v 3.5
v 4.0
v 4.1
v 4.2
v 4.3
nPAR
vPAR
All except for version 6
HP Instant Capacity (iCAP) version 9

11i v3 PA-RISC
nPAR
vPAR
11i v2 IA64
HP Integrity Virtual Machines
9.2
9.1
9.0
8.2
9.2
9.1
9.0
8.2
v 3.5
v 4.0
v 4.1
v 4.2
v 4.3
nPAR
vPAR
HP Instant Capacity (iCAP) version 9

11i v2 PA-RISC
nPAR
vPAR
11i v1 PA-RISC
9.2
9.1
9.0
8.2
9.2
9.1
9.0
8.2
nPAR
vPAR
Mac OS X
Table 11. Supported versions of Mac OS X
Version
Comments
BigFix
client
version
10.10 (Yosemite)
9.2
9.1
9.0
8.2
10.9 (Mavericks)
9.2
9.1
9.0
8.2
10.8 (Mountain
Lion)
9.2
9.1
9.0
8.2
27
Oracle Solaris
Important: If you are installing agents on a Solaris platform that is partitioned by using the Containers
partitioning technology, the Host ID of the local zone must be the same as the Host ID of the global zone.
Table 12. Supported versions of Solaris
Version
Comments
11 SPARC
Dynamic System Domains
Solaris in Dynamic System Domains

and Dynamic Domains are not
supported for full capacity. Full
capacity PVU values will need to be
adjusted upward manually for the
number of activated cores on the
server.
Dynamic Domains
Solaris Containers (including Zones)
BigFix client
version
9.2
9.1
9.0
8.2
Inside Dynamic System Domains and

Dynamic Domains
Node OS
Oracle VM Server for SPARC (formerly Logical Domains also called

LDOMs)
v 2.0
v 2.1
v 2.2
v 3.0
11 x86-64
9.2
9.1
9.0
8.2
BIOS (SMBIOS 2.5 or higher) & Operating System boot core limit
10 SPARC

Dynamic Domains

server.
9.2
9.1
9.0
8.2
Inside Dynamic System Domains and

Dynamic Domains
Node OS
Oracle VM Server for SPARC (formerly Logical Domains also called

LDOMs)
v 2.0
v 2.1
v 2.2
v 3.0
10 x86-64
9.2
9.1
9.0
8.2
9 SPARC

Dynamic Domains
8 SPARC
28

server.
9.1
9.0
8.2
Red Hat Enterprise Linux

Table 13. Supported versions of Red Hat Enterprise Linux
BigFix client
version
Version
Comments
7 for IBM Power

Systems (64-bit)
PowerVM
To properly calculate PVU values,

manually set the PVU per core rating
to 70. For more information, see:
Manually adjusting the PVU per
core value on page 418
9.2
9.1.1141.0
Single Server, Cluster, Mobility

(VMware Vmotion)
9.2
9.1.1134.0
or higher
v DLPAR
v LPAR
v LPAR mobility (Live Partition Mobility)
Processor Factory Deconfiguration
7 for x86 ( 64-bit)
VMware vCenter ESX/ESXi

v 3
v 3.5
v 4
v 4.1
v 5
v 5.1
v 5.5
v 6
Kernel-based Virtual Machine (KVM)
On RHEV with RHEV-M (Red Hat

Linux Virtualization Manager) 3.0 and
3.1
9.2.0.2
RHEV-M is no longer
required to collect capacity data from
KVM.
6.5 for IBM
POWER8 (64-bit)
PowerVM
6 for IBM Power

Systems (64-bit)
v LPAR
v DLPAR

9.2
9.1.1141.0
Starting from z/VM 6.3

PTF for APAR VM65418 must be
applied
9.2
9.1
9.0
8.2

6 for IBM System z
(64-bit)
CPU pooling
Minimum scanner version: 2.7.0.2043

Tip: To check the version of the
scanner, see the Scanner Information
analysis.Minimum site version: 34
z/VM
LPAR
29
Table 13. Supported versions of Red Hat Enterprise Linux (continued)

Version
Comments
6 for x86 (32 and

64-bit)
VMware ESX/ESXi

(VMware Vmotion)
v 3
v 3.5
BigFix client
version
9.2
9.1
9.0
8.2
v 4
v 4.1
v 5
v 5.1
v 5.5
v 6

3.1
9.2.0.2
RHEV-M is no longer
KVM.
Microsoft Hyper-V
v Windows Server 2008
v Windows Server 2008 R2
v Windows Server 2012 R2 (VM Manager Tool: 1.0.1.3 or later)
5 for IBM Power
Systems
PowerVM
v DLPAR
v LPAR

9.2
9.1.1141.0

applied
9.2
9.1

5 for IBM System z
(64-bit)
CPU pooling

z/VM
LPAR
30
Table 13. Supported versions of Red Hat Enterprise Linux (continued)

Version
Comments
5 for x86 (32 and

64-bit)

(VMware Vmotion)
v 3
v 3.5
BigFix client
version
9.2
9.1
9.0
8.2
v 4
v 4.1
v 5
v 5.1
v 5.5
v 6

3.1
9.2.0.2
RHEV-M is no longer
KVM.
Microsoft Hyper-V
4 for x86 (32 and
64-bit)
VMware ESXi
8.2
v 3
v 3.5
v 4
v 4.1
v 5
v 5.1
v 5.5
v 6

3.1
9.2.0.2
RHEV-M is no longer
KVM.
SUSE Linux
Table 14. Supported versions of SUSE Linux
Version
Comments
11 SP 3 for IBM
POWER8 (64-bit)
PowerVM
11 for IBM Power

Systems (64-bit)

v DLPAR
BigFix client
version
9.2
LPAR
LPAR mobility (Live Partition Mobility)
31
Table 14. Supported versions of SUSE Linux (continued)

Version
Comments
11 for x86 (32 and

64-bit)

(VMware Vmotion)
v 4
v 4.1
BigFix client
version
9.2
9.1
9.0
8.2
v 5
v 5.1
v 5.5
v 6
System scaling using Intel QuickPath Interconnect
Microsoft Hyper-V
Hyper-V R2 can be stand alone or

role.

11 for IBM System z
(64-bit)
CPU pooling

applied
9.2
9.1
9.0
8.2

z/VM
LPAR
10 for IBM Power
Systems (64-bit)
PowerVM
v DLPAR

9.2

(VMware Vmotion)
9.2
9.1
9.0
8.2
LPAR
LPAR mobility (Live Partition Mobility)
10 for x86 (32 and
64-bit)

v 4
v 4.1
v 5
v 5.1
v 5.5
v 6
Ubuntu
Table 15. Supported versions of Ubuntu
Version
Comments
BigFix
client
version
14.04 for x86 (32

and 64-bit)

9.1
9.0
12.04 for x86 (32

and 64-bit)

9.1
9.0
32
Windows
Table 16. Supported versions of Microsoft Windows for the server
Version
Server 2012 for x86 (
VMware ESXi
Server 2012 R2 for

x86 (32 and 64-bit)
Comments
BigFix client
version
9.2
9.1
9.0
8.2
v 5
v 5.1
v 5.5
Server 2012 for x86

(32 and 64-bit)32 and
64-bit)
v 6
Microsoft Hyper-V
Server 2008 R2
Enterprise Edition
for x86 (64-bit)
Server 2008
Enterprise Edition
for x86 (32 and
64-bit)
v 4.1
Server 2008 R2
Standard Edition for
x86 (64-bit)
9.2
9.1
9.0
8.2
v 3.5
v 4
Only version
9.1 agents can
be installed
on Windows
Server 2008
R2 Standard
Edition.
v 5
v 5.1
v 5.5
v 6
ibm knowledge center
Microsoft Hyper-V
System scaling using Intel QuickPath Interconnect

3.1
9.2.0.2
RHEV-M is no longer
KVM.
Table 17. Supported versions of Microsoft Windows for the desktop
Version
Supported virtualizations
Comments
10 Enterprise and
Professional for x86
(32 and 64-bit)
VMware vCenter ESXi

(VMware Vmotion)
v 5
BigFix client
version
9.2.5
v 5.1
v 5.5
v 6
Microsoft Hyper-V

role.

33
Table 17. Supported versions of Microsoft Windows for the desktop (continued)
Version
Supported virtualizations
Comments
8 for x86 (32 and

64-bit)
VMware vCenter ESXi

(VMware Vmotion)
v 5
v 5.1
BigFix client
version
9.2
9.1
9.0
8.2
v 5.5
v 6
Microsoft Hyper-V

role.

7 Enterprise and
Professional for x86
(32 and 64-bit)
VMware ESX/ESXi
The Home Premium

edition is not
supported.
v 5
9.2
9.1
9.0
8.2
v 4
v 4.1
v 5.1
v 5.5
v 6
Microsoft Hyper-V
Vista for x86 (32 and

64-bit)
The Home Premium

edition is not
supported.
v 4
v 3.5
Service Pack 2 for Microsoft Hyper-V

Server 2012 is required.
9.2
9.1
9.0
8.2
v 4.1
v 5
v 5.1
v 5.5
v 6
Microsoft Hyper-V
Service Pack 2 for Microsoft Hyper-V

Server 2012 is required.

Software requirements
Ensure that all prerequisite software is installed on the computers in your infrastructure.
Server requirements
For information about operating systems on which BigFix, DB2 and SQL Server are supported, see:
Supported operating systems on page 25.
34
Table 18. Requirements for the BigFix Inventory server

Version
BigFix
9.2
Description
For information about the requirements, see:
9.1
BigFix 9.2 product documentation
9.0

DB2
DB2 10.1 with Fix

Pack 2 or higher
To use DB2 as a database, BigFix Inventory must be installed on

Linux.
DB2 10.5 with Fix

Pack 5 or higher
DB2 Workgroup Server Edition is sufficient to work with BigFix

Inventory regardless of the number of endpoints. You can use DB2
Enterprise Server Edition, or Advanced Enterprise Server Edition to
have access to advanced features of DB2.
(Workgroup Server
Edition, Enterprise
Server Edition, or
Advanced Enterprise
Server Edition)
DB2 requirements
For information about the requirements, see
DB2 10.1 product documentation.
DB2 10.5 product documentation.
Download DB2 software
For more information, see Downloading and installing DB2.
SQL Server
2008
2008 R2
2012
2014
X server
X11R7.x
To use SQL Server as a database, BigFix Inventory must be installed

on Windows. Also, ensure that snapshot isolation is enabled in the
SQL Server. For information about the requirements, see the
Microsoft SQL Server documentation.
Important: If you use SQL Server 2012, install cumulative update 5
for SQL Server 2012 SP2 to prevent possible corruption of the
database.
Linux
The X server is required if you want to install or uninstall
the BigFix Inventory server in interactive mode on Red Hat
Enterprise Linux. It is also required if you want to complete the
server configuration by using a browser that is available on the
computer where the BigFix Inventory server is installed.
Restriction: XMing X Server for Windows is not supported.
Other software requirements

Table 19. Other software requirements for BigFix Inventory
Required
software
Browser
Required versions
Comments
v Internet Explorer 10 or higher

Note: Internet Explorer must have TLS 1.2 enabled if you want
to use TLS 1.2 for secure communication with SSL. You can also
use TLS 1.0 for secure communication with SSL. This is the
default setting for Internet Explorer.
JavaScript must be enabled

in the browser.
Restriction: The minimal
supported screen resolution
is 1360x768 pixels.
v Firefox 17 Extended Support Release (ESR) or higher ESR

editions
Note: Firefox does not support TLS 1.2. You can use TLS 1.0 for
secure communication with SSL. This is the default setting for
Firefox.
v Chrome 35 or higher
KornShell
Linux
Original ksh package can be obtained from the Red Hat
Enterprise Linux installation disc. Open source alternatives, such as
pdksh and mksh, are not supported.
35
Table 19. Other software requirements for BigFix Inventory (continued)

Required
software
National
language pack
for PDF reader
Required versions
Comments
To display PDF reports in a native language, a language pack that

displays the native language fonts might be required.
Red Hat packages

The following packages are required if you install the components on Red Hat Enterprise Linux.
Table 20. Red Hat packages that are required for the installation
Component
Required packages
IBM BigFix
cyrus-sasl-lib.x86_64
krb5-libs.x86_64
libaio.x86_64
libstdc++.i686
libstdc++.x86_64 and all dependencies
libXext.x86_64 (Web Reports only)
libXrender.x86_64 (Web Reports only)
zlib.x86_64 (Web Reports only)
BigFix Inventory
ksh
DB2
libstdc++.so.6.0.8
Hardware requirements
During setup, match your optimum deployment size to your hardware specifications. Use the
recommendations as a general guidance.
Hardware requirements for the server on Windows

Ensure that the computer on which you are installing the BigFix Inventory meets the minimal CPU, and
memory requirements for the server and database elements.
Virtualized environment
The ETL (extract, transform, and load) import heavily uses the database resources. BigFix Inventory and
SQL Server can be installed on a virtualized environment. However, for large deployments that consist of
more than 50.000 computers, it is recommended that dedicated hardware is used.
In a virtual environment for medium size deployments that consist of 10.000 - 50.000 computers, it is
recommended that dedicated resources are considered for processor, memory, and virtual disk allocation.
The virtual disk that is allocated for the VM should be dedicated RAID storage, with dedicated IO
bandwidth for that VM.
Use SQL Server that is dedicated for BigFix Inventory and is not shared with BigFix or other applications.
Fine-tuning based on the above mentioned recommendations might be required.
36
Processor and RAM

The following values were calculated for maximum five concurrent application users.
Table 21. Processor and RAM requirements for BigFix Inventory
Environment size
Topology
Processor
Memory
Small
environment
1 server
IBM BigFix, BigFix Inventory, and SQL Server
2-3 GHz, 4 cores
8 GB
2/3
servers**
IBM BigFix
2-3 GHz, 4 cores
16 GB
BigFix Inventory and SQL Server
2-3 GHz, 4 cores
12 - 24 GB
2/3
Large environment servers**
IBM BigFix
2-3 GHz, 4 - 16
cores
16 - 32 GB
50 000 - 150 000

endpoints*
2-3 GHz, 8 - 16
cores
32 - 64 GB
IBM BigFix
2-3 GHz, 16 cores 32 - 64 GB
2-3 GHz, 8 - 16
cores
Up to 5 000
endpoints
Medium
environment
5 000 - 50 000
endpoints*
Very large
environment
2/3
servers**
More than 150 000

endpoints*
64 - 96
GB***
* For environments with more than 35 000 endpoints, scan groups are required. For more information,
see the Scalability guide.
** A distributed environment, where BigFix Inventory is separated from the database, is advisable.
*** SQL Server must be throttled to 3/4 RAM capacity.
Disk space
The following tables show disk space requirements for each component.
BigFix Inventory
Table 22. Disk space requirements for BigFix Inventory installed on Windows
Default Directory
Space
required
Comments
C:\Program Files
(x86)\BigFix Enterprise\BES
Installers\BFI_installer
300 MB
Compressed installer that is downloaded to a chosen endpoint from

BigFix. It can be deleted after extracting.
370 MB
Extracted installer.
%TEMP%
314 MB
Temporary files used during the installation.
C:\Program Files\IBM\BFI
1.1 GB
BigFix Inventory installation directory.
%USERPROFILE%
1 MB
The home directory of the user running the installation.
SQL Server
37
Table 23. Disk space requirements for SQL Server installed on Windows
Space
required
Comments
C:\Program Files\Microsoft
SQL Server
1 GB
Database installation directory.
SQL Server\
MSSQL11.MSSQLSERVER\MSSQL\
DATA
See Comments
Database server instance.
Default Directory
The amount of disk space that is required for the database server
depends on the number of computers in your environment and the
average size of scan files and analyses. It can be calculated
according to the following formula*:
v <The number of computers> x 1 MB + 6 GB of initial disk space
For example:
10 000 computers
10 000 x 1 MB + 6 GB = 16 GB
100 000 computers
100 000 x 1 MB + 6 GB = 106 GB
SQL Server\
DATA
See Comments
Database transaction logs.

During the data import (ETL process), BigFix Inventory requires
some additional free disk space for database server transaction logs.
The amount of disk space that is required can be significant because
transaction logs store two sets of data:
v Data that is used for recovery if the ETL fails
v Data that is used to create new ETL results
The amount of disk space that is necessary for the transaction logs
depends on the number of computers in your environment as well
as the number of computers for which new scan results are available
and processed during the data import.
To lower the amount of disk space that is necessary for transactions
logs, distribute the scans over time so they are processed during
several data imports instead of one.
The size of transaction logs can be calculated according to the
following formula*:
v <The number of computers> x 1.2 MB + <the number of computers for
which new scan results are imported> x 1 MB + 1 GB
For example:
10 000 computers and 10 000 scan results
10 000 x 1 MB + 10 000 x 1 MB + 1 GB = 21 GB
100 000 x 1 MB + 15 000 x 1 MB + 1 GB = 116 GB
SQL Server\
DATA
See Comments
tempdb database that is used to store and manage temporary

objects.
The size of tempdb can be calculated according to the following
formula*:
v <The number of computers> x 0.5 MB
For example:
15 000 computers
15 000 x 0.5 MB = 7.5 GB
38
* The formulas apply to typical environments that are configured to run weekly software scans, daily
data imports, and whose endpoints have about 60 software installations each. The results also depend on
the amount of data returned by the scans, which means that in some environments the required amount
of disk space might be smaller or bigger. In case of irregular data imports or accumulated scans, the
required disk space increases.
Note: The retention period in this typical environment is set to the last 7 days. For more information
about tuning this parameter, see Shortening the retention period gradually to avoid problems with
growing database size on page 138.
IBM BigFix
Table 24. Disk space requirements for IBM BigFix installed on Windows
Space
required
Comments
C:\Program Files\BigFix
Enterprise\BES Server
1.8 GB
IBM BigFix installation directory.
Enterprise\BES Console
50 MB
IBM BigFix console.
Default Directory
Hardware requirements for the server on Linux

Ensure that the computer on which you are installing the BigFix Inventory meets the minimal CPU, and
memory requirements for the server and database elements.
Virtualized environment
The ETL (extract, transform, and load) import heavily uses the DB2 database resources. BigFix Inventory
and DB2 server can be installed on a virtualized environment. However, for large deployments that
consist of 50 000 - 100 000 computers, it is recommended that dedicated hardware is used.
In a virtual environment for medium size deployments that consist of 10 000 - 50 000 computers, it is
recommended that dedicated resources are considered for processor, memory, and virtual disk allocation.
The virtual disk that is allocated for the VM should be dedicated RAID storage, with dedicated IO
bandwidth for that VM.
Use DB2 server that is dedicated for BigFix Inventory and is not shared with BigFix or other applications.
Fine-tuning based on the above mentioned recommendations might be required.
Processor and RAM

The following values were calculated for maximum five concurrent application users.
Table 25. Processor and RAM requirements for BigFix Inventory
Environment size
Topology
Small
environment
1 server
IBM BigFix, BigFix Inventory, and DB2
Processor
Memory
2-3 GHz, 4 cores
8 GB
Up to 5 000
endpoints
39
Table 25. Processor and RAM requirements for BigFix Inventory (continued)
Environment size
Topology
Processor
Memory
Medium
environment
2/3
servers**
IBM BigFix
2-3 GHz, 4 cores
16 GB
BigFix Inventory and DB2
2-3 GHz, 4 cores
12 - 24 GB
2/3
Large environment servers**
IBM BigFix
2-3 GHz, 4 - 16
cores
16 - 32 GB
50 000 - 150 000

endpoints*
2-3 GHz, 8 - 16
cores
32 - 64 GB
IBM BigFix
2-3 GHz, 16 cores
32 - 64 GB
2-3 GHz, 8 - 16
cores
64 - 96 GB
5 000 - 50 000
endpoints*
Very large
environment
2/3
servers**
More than 150 000

endpoints*
* For environments with more than 35 000 endpoints, scan groups are required. For more information,
see the Scalability guide.
** A distributed environment, where BigFix Inventory is separated from the database, is advisable.
Disk space
The following tables show disk space requirements for each component.
BigFix Inventory
Table 26. Disk space requirements for BigFix Inventory installed on Linux
Default Directory
Space
required
Comments
300 MB
Compressed installer that is downloaded to a chosen endpoint from BigFix.

It can be deleted after extracting.
370 MB
Extracted installation files.
/tmp
314 MB
Temporary files used during the installation.

Important: The installer must be able to run executable files in this directory.
/opt/ibm/BFI
850 MB
BigFix Inventory installation directory.
$HOME
1 MB
Home directory of the user running the installation.
/etc
1 MB
Directory that stores scripts that start the server.
user_directory/
BFI_installer
DB2
Table 27. Disk space requirements for DB2 installed on Linux or AIX
Default Directory
Space
required
Comments
/opt/IBM/db2
1 GB
DB2 installation directory.
40
Table 27. Disk space requirements for DB2 installed on Linux or AIX (continued)
Default Directory
/home/db2inst1
Space
required
See
Comments
Comments
Database server instance.
The amount of disk space that is required for the database server depends
on the number of computers in your environment and the average size of
scan files and analyses. It can be calculated according to the following
formula*:
v <The number of computers> x 1 MB + 6 GB of initial disk space
For example:
10 000 computers
10 000 x 1 MB + 6 GB = 16 GB
100 000 computers
100 000 x 1 MB + 6 GB = 106 GB
/home/db2inst1/db2inst1/ See
Comments
Database server transaction logs.

During the data import (ETL process), BigFix Inventory requires some
additional free disk space for database server transaction logs. The amount
of disk space that is required can be significant because transaction logs store
two sets of data:
v Data that is used for recovery if the ETL fails
v Data that is used to create new ETL results
The amount of disk space that is necessary for the transaction logs depends
on the number of computers in your environment as well as the number of
computers for which new scan results are available and processed during the
data import.
To lower the amount of disk space that is necessary for transactions logs,
distribute the scans over time so they are processed during several data
imports instead of one.
The size of transaction logs can be calculated according to the following
formula*:
v <The number of computers> x 1 MB + <the number of computers for which new
scan results are imported> x 1 MB + 1 GB
For example:
10 000 x 1 MB + 10 000 x 1 MB + 1 GB = 21 GB
100 000 x 1 MB + 15 000 x 1 MB + 1 GB = 116 GB
/home/db2fenc1
1 MB
Home directory of the DB2 fenced user.
* The formulas apply to typical environments that are configured to run weekly software scans, daily
data imports, and whose endpoints have about 60 software installations each. The results also depend on
the amount of data returned by the scans, which means that in some environments the required amount
of disk space might be smaller or bigger. In case of irregular data imports or accumulated scans, the
required disk space increases. . To learn more about configuring retention period to avoid
Note: The retention period in this typical environment is set to the last 7 days. For more information
about tuning this parameter, see Shortening the retention period gradually to avoid problems with
growing database size on page 138.
41
IBM BigFix
Table 28. Disk space requirements for IBM BigFix installed on Linux
Default Directory
Space
required
Comments
/var/opt/BESServer
340 MB
IBM BigFix installation directory.
Enterprise\BES Console
50 MB
IBM BigFix console installation directory. The console must be installed on

Windows.
/var/opt/BESInstallers
45 MB
Directory with console and client installers.
/opt/BESServer
50 MB
Directory with server binaries.
/var/log
1 MB
Directory with log files.
For disk speed, see: Storage performance on page 422.
Hardware requirements for the client

Review important information about hardware requirements for the IBM BigFix client and the software
and capacity scans that are embedded in it.
Processor and RAM

An IBM BigFix client alone can consume up to 2% of the processing power of one processor core on an
endpoint. However, the client is complemented with software and capacity scans that collect necessary
software and hardware information from your endpoints. Although the capacity scan reports very low
CPU usage, the software scan can consume substantial CPU resources while a scan is in progress. To
decrease the impact of a software scan on production system, it can be scheduled to run on the weekends
or in the evenings. You can also run the software scan with the CPU threshold option that limits the
consumption of your CPU resources.
Table 29. CPU and RAM usage for IBM BigFix clients
Component
CPU
RAM
Comments
IBM BigFix client
<2%
< 20 MB
For more information, see

http://www-01.ibm.com/support/
docview.wss?uid=swg21505815.
Software scan
up to 100 %
< 80 MB
The software scan runs on demand, and

can be monitored by checking the following
processes: wscansw, wscanfs.
< 20 MB
The capacity scan runs every 30 minutes,

and can be monitored by checking the
following process: wscanhw.
You can limit the usage

by running the scan with
the CPU threshold
attribute.
Capacity scan
42
<1%
Disk space
Ensure that your endpoints have enough disk space before you start installing the IBM BigFix clients.
Table 30. Disk space requirements for clients installed on UNIX
Operating
system
Directory
Space required
Comments
UNIX
/opt/BESClient
60 MB
Client installation directory.
/var/opt/BESClient
100 MB
Client data directory. This directory

contains all scan results.
Installing the
VM Manager
Tool might add
additional 200
MB.
The tool is required only on selected

endpoints.
/opt/tivoli/cit
50 MB
Software and capacity scanners

installation directory.
/opt/tivoli/cit/cache_data
100 MB on
average
Software and capacity scanners cache

files.
The required disk space depends on
the number of files, directories, and
subdirectories to be scanned. Can be
estimated by multiplying the number
of files to be scanned by 60 bytes.
/etc/cit
under 1 MB

configuration files.
/var/ibm/tivoli/common/CIT
10 MB
Software and capacity scanners log

files.
Table 31. Disk space requirements for clients installed on Windows

Operating
system
Windows
Directory
Space required
Comments
C:\Program Files (x86)\BigFix

Enterprise\BES Client
150 MB
Client installation and data directory.

This directory contains all scan results.
Installing the
VM Manager
Tool might add
additional 300
MB.
The tool is required only on selected

endpoints.
C:\Program Files\tivoli\cit
20 MB

installation directory.
C:\Program Files\tivoli\cit\
cache_data
50 MB on
average
Software and capacity scanners cache

files.
The required disk space depends on the
number of files, directories, and
subdirectories to be scanned. Can be
estimated by multiplying the number of
files to be scanned by 60 bytes.
%WINDIR%
under 1 MB

configuration files.
C:\Program Files\tivoli\ibm\tivoli\
common\CIT\logs
10 MB
Software and capacity scanners log

files.
43
Port requirements
When planning the infrastructure, ensure that port numbers used by BigFix Inventory, IBM BigFix, and
the database are free to enable communication between those components.
The following is the list of default ports used by the BigFix Inventory infrastructure. You can change
them during the installation of each component:
Table 32. Default ports used by the BigFix Inventory infrastructure
Type
Port number
Description
BigFix Inventory
9081
The web browser connects to the

server (HTTPS) to display the user
interface.
The BigFix server uses this port to
connect to the BigFix Inventory
server.
DB2
50000
The server connects to DB2.
SQL Server
1433
The server connects to SQL Server.
IBM BigFix
52311
BigFix clients and console connect to

the server.
The BigFix Inventory server uses this
port to connect to the BigFix server.
For more information about port numbers and interactions between components of the BigFix Inventory
infrastructure, see: Flow of data.
Firewall exceptions
Some of the fixlets require that the BigFix server connects to the Internet and downloads necessary files
and updates. To ensure that they can be downloaded, relevant web addresses must be accessible from the
computer where the server is installed. Add those addresses as firewall exceptions and ensure that they
are accessible to the proxy server if you are using it.
Ensure that the following web addresses are accessible from the computer where the BigFix server is
installed
v esync.bigfix.com
v gatherer.bigfix.com
v software.bigfix.com
v support.bigfix.com
v sync.bigfix.com
The HTTP port 80 must be open for communication.
Installation users
You can install all the infrastructure components as the administrative user. You can also install some
components as a non-administrative user but some limitations apply.
44
Table 33. Installation users for the BigFix Inventory infrastructure components
Component
User
Limitations
Server on Linux
root or non-root user
Server that is installed by a non-root user is

not registered as a system service. It also
cannot be upgraded with a fixlet. It must
be upgraded in interactive or silent mode.
Server on Windows
User with administrative privileges with

the log on as a service permission.
If you want to use the Windows
authentication mode and your database
server is remote, ensure that the user that
will access the database is a domain user.
This user needs to have the dbcreator or
sysadmin rights in MS SQL database.
DB2
root or non-root user
There are limitations with installing DB2 as

a non-root user, see: Non-root installation
overview DB2 10.1 documentation and
Non-root installation overview DB2 10.5
documentation.
SQL Server
User with administrative privileges
IBM BigFix server

(Windows) or root (Linux)
IBM BigFix client

(Windows) or root (Linux)
Coexistence scenarios
This topic describes supported scenarios for the agent, server, or Fixlet site coexistence. All listed
scenarios are supported for BigFix Inventory 9.2.1.
Limited scenarios
There are several coexistence scenarios that can be used in your environment, but have some limitations,
such as extra computers that are displayed in the user interface, or problems with the software catalog.
Some of these limitations can be worked around by thoroughly monitoring your environment, or by
completing extra steps. For more information about these scenarios, see Coexistence scenarios on the
wiki.
Agent coexistence
Two agents are installed on the same computer.
Table 34. List of applications that can coexist with BigFix Inventory 9.2.1
Coexisting Application
BigFix Inventory 9.2.1, or later
License Metric Tool V7
Tivoli Asset Discovery for Distributed V7
45
Server coexistence
Two application servers are installed on the same computer.
License Metric Tool V7
Tivoli Asset Discovery for Distributed V7
Fixlet site coexistence

Two Fixlet sites are enabled in the same BigFix Inventory server.
License Metric Tool 9.2.1, or later
Considerations:
v Separated clients, reporting to one application at a given moment.
Adding License Metric Tool to your BigFix Inventory deployment

You can add License Metric Tool to your environment to monitor those endpoints that do not require the
extended capabilities of BigFix Inventory. License Metric Tool can be connected to the same IBM BigFix
server as your BigFix Inventory. By connecting the applications to a common server, you can manage
them from within one console, which makes the monitoring of your environment much easier. Using
License Metric Tool requires that you designate a set of endpoints that will use this application.
Although connected to a common server, License Metric Tool and BigFix Inventory work as separate
applications, and must be installed on separate computers. Each of them manages a separate set of
endpoints that can report to only one application at a given moment. The applications also use different
Fixlet sites and dedicated sets of Fixlets for installation and configuration. Apart from the common server,
all other aspects, such as software and capacity scans or the software catalog, are specific to each
application.
Limitations
v Separate installation
BigFix Inventory and License Metric Tool must be installed on separate computers.
v VM managers
You can use the user interface to add VM managers only for one of the applications, namely the one
that has the IBM BigFix server subscribed to its Fixlet site. This is because VM managers added in the
user interface must be managed by the VM Manager Tool that is installed on the BigFix server. For the
other application, you can use advanced VM management, in which you install additional tool on any
endpoint. For more information, see: Managing VM managers.
v Many re-subscriptions
You might encounter problems with the missing software catalog or scan results if you often
re-subscribe your endpoints between the two applications. These problems occur only if you
re-subscribe your endpoints more than once, for example if you re-subscribe an endpoint from BigFix
Inventory to License Metric Tool, and then subscribe it back to BigFix Inventory. For more information,
see: Problems with many re-subscriptions.
Procedure
46
Enabling the License Metric Tool Fixlet site:

The license for BigFix Inventory already includes entitlements for License Metric Tool. You can enable the
License Metric Tool Fixlet site in IBM BigFix. The site is displayed next to your BigFix Inventory Fixlet
site.
Before you begin
In air-gapped environments, you must use the Airgap Tool to enable the site and load its Fixlets. For
more information, see Air-gapped environments.
Procedure
1. Log in to the BigFix console.
2. In the bottom-left corner, click BigFix Management.
3. In the navigation tree, click License Overview, and complete the following steps:
a. Locate the entry called BigFix Inventory and expand it.
b. Click Enable next to the IBM License Reporting (ILMT) v9 Fixlet site. The Fixlet site is enabled.
c. Return to the previous view by clicking All Content in the bottom-left corner.
4. To view the enabled Fixlet site, click Sites > External Sites > IBM License Reporting (ILMT) v9.
Results
You enabled the License Metric Tool Fixlet site. The Fixlet sites are completely separate, but they can be
managed in the same console.
Dividing endpoints between computer groups:
Before you start subscribing your endpoints to particular sites, divide your environment into endpoints
that will report to License Metric Tool, and endpoints that will report to BigFix Inventory. Separate
computer groups facilitate the site subscriptions and the management of your endpoints. You can create
either manual or automatic computer groups.
Creating manual computer groups:
Choose manual computer groups if you want to quickly create a group, and then click on any endpoint
to add it to this group. You do not need to specify any conditions for manual groups.
Before you begin
The names of manual computer groups cannot be changed.
Procedure
1. In the BigFix console, click Tools > Create New Manual Computer Group.
2. Enter the name, and click OK. The computer group is created.
3. Repeat those steps to create another computer group.
4. Add your endpoints to the computer groups:
a. In the navigation tree, click Computers.
b. Right-click on any endpoint, and then click Add to Manual Group.
c. Select the group, and click OK.
47
Creating automatic computer groups:

Choose automatic computer groups if you want to add endpoints to this group while it is being created.
You specify conditions, such as computer names or operating systems, at the time of creation. You can
add extra conditions later.
Procedure
1. In the BigFix console, click Tools > Create New Automatic Group.
2. Enter the name, and select the site and domain you want it to be located in.
3. Select any to include endpoints that match at least one of the specified properties.
4. Enter a property, a relation, and a value into the three boxes at the bottom of the dialog. You can
choose a number of properties to include your endpoints.
5. Click Create.
6. Repeat those steps to create another group.
Subscribing and refreshing endpoints:
After enabling the Fixlet sites in the BigFix console, you must distribute your endpoints between them.
Each site must have a separate set of endpoints. You must also run a Fixlet that refreshes the endpoints
capacity data and properties whenever you re-subscribe them to a different site.
About this task
Your endpoints must be subscribed to only one Fixlet site, either the License Metric Tool or the BigFix
Inventory one, because multiple site subscriptions lead to issues with software discovery. You can
re-subscribe the endpoints between the sites at any time. To avoid problems with re-subscribed
endpoints, you must run a Fixlet that forces the upload of capacity data and refreshes the properties to
ensure that they are always related to the relevant site. The endpoints are refreshed after each
re-subscription.
Procedure
1. Subscribe a group of endpoints to the License Metric Tool site.
a. Click the IBM License Reporting (ILMT) v9 Fixlet site.
b. In the pane on the right, click the Computer Subscriptions tab.
48
c. Select the Computers which match the condition below check box.
d. From the drop-down list, select Group Membership and choose the computer group that contains
the License Metric Tool endpoints.
2. Subscribe a group of endpoints to the BigFix Inventory site.
a. Click the IBM BigFix Inventory Fixlet site.
b. In the pane on the right, click the Computer Subscriptions tab.
c. Select the Computers which match the condition below check box.
d. From the drop-down list, select Group Membership and choose the computer group that contains
the License Metric Tool endpoints.
3. Ensure that each of your endpoints is subscribed to only one Fixlet site.
a. From Fixlets and Tasks, select the WARNING: Endpoints Subscribed to Multiple Sites Fixlet.
b. If the Fixlet can be applied to any of your endpoints, remove those endpoints from one of the
sites.
4. Ensure that capacity data and properties of each re-subscribed endpoint are refreshed.
a. Open one of the Fixlet sites.
b. From Fixlets and Tasks, select the Refresh Re-Subscribed Endpoints Fixlet.
c. Click Take Action, and select all endpoints in the Fixlet site.
d. Repeat those steps for another Fixlet site.
Stopping all active actions:
After reassigning endpoints that were previously reporting to BigFix Inventory to a new Fixlet site, you
must stop all actions that are running for those endpoints, and replace them with corresponding tasks
from the License Metric Tool site.
Before you begin
Actions must be stopped and deleted whenever you re-subscribe an endpoint to a different site.
Procedure
1. Go to the BigFix console.
2. In the navigation tree, click Actions.
3. Stop and delete all actions from the BigFix Inventory site that target the reassigned endpoints.
a. Right-click on the chosen actions, and click Stop Action.
b. Right-click on the chosen actions, and click Delete Action.
Note: You cannot stop an action for a single endpoint if you previously run it for a group of
endpoints. In such case, you can delete the actions and then rerun them only for those endpoints
that remain in the BigFix Inventory site.
Results
You deleted all actions for endpoints that were reassigned to the License Metric Tool site. You will run
the corresponding tasks from the new site after you download and install License Metric Tool.
Problems with many re-subscriptions:
Multiple re-subscriptions of your endpoints from one Fixlet site to another might lead to problems with
the software catalog, or with the scan results. Such problems occur only if you re-subscribed your
endpoints more than once, for example if you re-subscribed an endpoint from BigFix Inventory to License
Metric Tool, and then subscribed it back to BigFix Inventory.
49
Missing software catalog:

Your endpoints might be missing the software catalog, because it was not delivered during the data
import. The catalog can be delivered automatically only once for each application. In the case of multiple
re-subscriptions, the catalog was previously delivered and then overwritten by another application, which
now requires that you deliver it manually. Each later re-subscription also requires the manual delivery.
Before you begin
Before you re-subscribe the endpoints, ensure that all scan results are uploaded. Otherwise, one of the
applications might use incorrect results, because the file names of scan results are the same both for
License Metric Tool and BigFix Inventory. If all results are uploaded, the Upload Software Scan Results
task is disabled.
Procedure
1. Log in to the application to which you re-subscribed the endpoints.
2. In the top navigation bar, click Management > Catalog Upload.
3. To download the fixlet file to your computer, click the question mark sign. Then, click Catalog
Download Fixlet. Choose the location where you want to save the catalog_download.bes file, and
click Save.
4. Copy the file to the computer where the BigFix console is installed.
6. To import the fixlet, click File > Import.
7. Open the directory where you store the catalog_download.bes file, select the file, and click Open. The
file is imported.
8. In the left pane, click Sites > Master Action Site > Fixlets and Tasks. A list of available fixlets opens
in the upper right pane.
9. To run the fixlet on the endpoints, select Catalog Download (Version: version), and click Take Action.
Missing scan results:
Your endpoints might be missing the scan results, because the changes on those endpoints were not
detected, and there is no need for an upload of scan results. In such a case, you must reinstall the scanner
and rerun the scans. After you do so, the old results are deleted, and the new ones collected and
uploaded.
Before you begin
To know which endpoints are missing scan results, open the application dashboard. The Scan Health
widget shows the problematic endpoints.
Procedure
1. Stop all actions that are running against the problematic endpoints.
2. Open the Fixlet site.
3. From Fixlets and Tasks, select Uninstall Scanner, and click Take Action.
4. Select all problematic endpoints, and click OK. Wait until the action is complete.
5. Reinstall the scanner and rerun the scans. For more information, see Setting up scans.
Adding a second BigFix Inventory server

You can connect more than one BigFix Inventory server to one IBM BigFix platform by completing some
extra steps. These steps include dividing your computers into two separate groups by giving them
unique computer settings, and creating an analysis that retrieves the values of these settings. You can
50
then modify the data import so that each server imports data only from computers that have a particular
setting, and omits the remaining ones. As a result, each server manages a separate group of computers.
Before you complete these steps, you must install two instances of BigFix Inventory and connect them to
a common IBM BigFix platform. Both these instances must use the same Fixlet site. From the BigFix
perspective, the separation of servers is not visible. The servers use not only the same Fixlet site, but also
computers, and tasks that are used to scan your environment and discover software. The separation
occurs only when the data is imported from BigFix to your BigFix Inventory servers. Based on unique
computer settings, each server imports data only from a specific group of computers that is assigned to it.
Note: If you already have one server installed, choose a computer for the second server, and deploy the
installer from the dashboard in the BigFix console.
The coexistence of two servers can be used for the following scenarios:
v Separate license consumption
You can have separate reports about your PVU and RVU MAPC consumption. Each server calculates
this data for a specific set of computers.
v Separate teams
You can assign certain parts of your environment to different teams. Each team manages a specific set
of computers and has access to limited data.
v Workload distribution
You can decrease the workload on your servers by importing data from a smaller number of
computers.
Before you begin
Both servers must use the same database software, either SQL Server or DB2, and have the same software
catalog uploaded. This is required, because you will later disable the catalog delivery in one of the
servers, so that a common catalog is always delivered to all computers. Different signatures in catalogs
for SQL Server and DB2 would cause problems in software discovery. For more information, see
Additional considerations.
Complete the following procedures to enable the coexistence:
Dividing computers between servers:
Divide your computers between two servers by specifying unique computer settings. Based on these
settings, the servers choose specific computers to import the data from. As a result, each of your servers
manages a separate group of computers. Plan the division, and then mark your computers as either BFI1
or BFI2.
About this task
This procedure shows only one way of dividing your computers between two servers. You can specify
also other settings, or use relevance expressions to divide the computers according to their operating
systems, computer groups, or any custom criteria. For more information about creating properties and
analyses that are required to retrieve them, see Creating retrieved properties and Creating analyses.
Procedure
1. Log in to the IBM BigFix console.
2. Add new computer settings to your computers. Based on these settings, your computers are divided
between two instances of BigFix Inventory.
a. In the navigation tree, click Computers.
b. Select a group of computers that you want to add to one of the servers.
51
c. Right-click these computers, and then click Edit Computer Settings.

d. Select the Custom Setting check box, and enter the following values:
Setting Name: Instance
Setting Value: BFI1 or BFI2
The value, BFI1 or BFI2, depends on the instance that you want to add a specific computer to.
Specify BFI1 for a group of computers, and BFI2 for another group.
e. Click OK to save the setting. Repeat the preceding steps until all your computers have a value
BFI1 or BFI2 specified.
3. Create a custom analysis to retrieve the specified settings from your computers.
a. To create an analysis, click Tools > Create New Analysis.
b. Specify the name as Instance Assignment.
c. Click the Properties tab, and then click Add Property.
d. Specify the name of the property as Instance.
e. In the relevance field, enter the following string:
value of setting "Instance" of client|""
This relevance expression returns the value of the setting Instance that you added to your
computers. It can return either BFI1 or BFI2.
f. Click OK to save the analysis. The analysis is added to your Master Action Site.
4. Verify that the analysis is returning correct values.
a. Click Sites > Master Action Site.
b. Select your custom Instance Assignment analysis.
c. Click the Results tab. The analysis shows a property called Instance, which returns either BFI1 or
BFI2. If you did not set this property for some computers, the value is empty.
Results
You divided your computers based on specific computer settings. You can now modify the data import
settings in both instances of BigFix Inventory to specify whether the servers should import data about
either BFI1 or BFI2 computers.
Modifying servers to include specific computers:
Modify the data import settings so that each of your servers imports the data only from a specific group
of computers. The servers choose only those computers that meet the specified criteria, for example, that
are marked with a value BFI1, but not BFI2. Other computers are omitted during the import.
About this task
The main element that decides which computers report to which server is the custom analysis that you
created to retrieve some information about your computers, in this case specific values like BFI1 or BFI2.
The server checks the analysis results to verify values that are attached to your computers. If a computer
has a value that meets the server criteria, then data from this computer is imported. Otherwise, the
computer is discarded.
Procedure
1. Go to installation_directory/wlp/usr/servers/server1/config.
2. Edit the etl_settings.yml file and specify the following properties and values:
scoped_etl_enabled: 1
Specifies whether a scoped data import should be enabled. If set to 0, data from all computers
is imported.
52
scoped_etl_site_name: ActionSite
Specifies the name of the Fixlet site that contains your custom analysis. ActionSite stands for
Master Action Site.
scoped_etl_site_is_custom: false
Specifies whether the Fixlet site is a custom site.
scoped_etl_analysis_name: Instance Assignment
Specifies the name of your custom analysis.
scoped_etl_analysis_property_id: 1
Specifies the ID of the analysis property Instance. If you added just one property, it has the ID
of 1. However, you can check it by exporting the analysis to a bes file and opening it in a text
editor.
scoped_etl_based_on: MATCH
Specifies conditions of a scoped data import. In this case, you can enter any value that is
different from the default SITE_URL_FOR_SITE_NAME. The default value would import data from
all computers in a Fixlet site.
scoped_etl_resultstext_match: "BFI1%"
Specifies the value based on which the server selects its computers. Specify BFI1 for one
server, and BFI2 for another. A value returned by the analysis might include a space or a new
line at the end. Enter a percent sign (%) after the value to include such occurrences instead of
discarding a computer.
scoped_etl_overwrite_on_migration: false
Specifies whether to overwrite these settings with default ones after an upgrade or migration.
3. Restart the server.
4. Run a data import.
Results
You modified the servers to import data only from specific computers. You can open the Computers
report to verify that only chosen computers are shown.
What to do next
Review additional considerations and apply them to your environment to avoid problems with
coexistence.
Additional considerations:
To ensure that no problems occur while working with coexisting servers, review the following
considerations and apply them to your environment.
Software catalogs
To ensure that software on your computers is discovered based on the same software signatures, upload
the same software catalogs to both servers. You can then disable the catalog delivery on one of them to
avoid overwriting. The remaining server will deliver the catalog to all computers, regardless of the server
that they report to, because the computers are in the same Fixlet site.
To disable the catalog delivery, run the following query on the database:
UPDATE DBO.SYSTEM_GLOBALS SET VALUE = --- false
WHERE NAME=catalog_download_actions_enabled;
Important: Use the same database software for both servers, either DB2 or SQL Server. Signatures are
different between these two types, and one software catalog might cause problems with discovery.
53
VM managers
You can use the user interface to add VM managers only for one of the servers, namely the one that has
the BigFix server assigned to it. This is because VM managers added in the user interface must be
managed by the VM Manager Tool that is installed on the BigFix server. For the other server, you can use
advanced VM management, in which you install additional tools on any computer.
Changing assignments
If you want to change a computer assignment, for example from BFI1 to BFI2, ensure that you edit the
existing setting instead of creating a new one. To edit the setting, complete the following steps:
1. In the BigFix console, click Computers.
2. Right-click a single computer, and then click Edit Computer Settings.
3. Select the Instance setting, click Edit, and specify a new value.
Missing scan results
Missing scan results might occur after changing the assignments of your computers. Such a change is not
always detected by the server, which as a result does not upload the scan results. To correct this issue,
you must reinstall the scanner and rerun the scans. After you do this, the old scan results are deleted,
and the new ones are collected and uploaded. To reinstall the scanner, complete the following steps:
1. Stop all actions that are running on the problematic endpoints.
2. Open the Fixlet site.
3. From Fixlets and Tasks, select Uninstall Scanner, and click Take Action.
4. Select all problematic computers, and click OK. Wait until the action is complete.
5. Reinstall the scanner and rerun the scans. For more information, see Setting up scans.
Installing the infrastructure components

To set up the complete BigFix Inventory environment, three components are required: IBM BigFix, BigFix
Inventory, and the database. The IBM BigFix clients must also be installed on all endpoints that you want
to monitor with BigFix Inventory.
Linux
BigFix Inventory installed on Linux uses DB2 as database software.
Windows
BigFix Inventory installed on Windows uses SQL Server as database software.
About this task

You are here:
Stage 1
Plan and prepare
for installation
Stage 2
components
Stage 3
Stage 4
Apply important IBM
updates
Stage 5
Set up scans
Installation checklist
Use the following checklist to ensure that you complete all the necessary steps. The Windows and Linux
icons that are used indicate the operating system on which the BigFix Inventory server is installed.
54
Table 37. The checklist for installing and configuring BigFix Inventory
Stage
Installation step
1.
Plan the installation - ensure that the computer on which you plan to install BigFix Inventory:
__ v Fulfills the minimum hardware requirements
__ v Has sufficient disk space
__ v Has the required software installed on a supported operating system:
Windows
SQL Server 2008, 2008 R2, or 2012
Linux
DB2 10.1 Fix Pack 2 or higher, or DB2 10.5 FP5 or higher, Workgroup Server Edition, Enterprise Server
Edition, or Advanced Enterprise Server Edition
Linux
X server
Linux
Korn shell (ksh)
web browser: Firefox 17 Extended Support Release or higher, Internet Explorer 8.0 or higher, Chrome 35 or higher
2
Install the IBM BigFix server

__ v Download IBM BigFix.
__ v Create the license authorization file.
__ v Install a database for IBM BigFix.
__ v
Windows
Request a certificate and create the masthead.
__ v Install the IBM BigFix server, either on Windows or Linux.

__ v Install the IBM BigFix console on a Windows computer. If you installed the server on Linux, see how to deploy the
console.
__ v Subscribe to the fixlet site.
__ v Install a client on each endpoint that you want to administer under IBM BigFix.
3
Install the BigFix Inventory server

__ v Deploy the BigFix Inventory installer.
__ v Install database software.
__ v Install the BigFix Inventory server, either in interactive or silent mode.
__ v Create the database and configure a connection between BigFix Inventory and BigFix
__ v Optional: Install Software Knowledge Base Toolkit
Configure the application - to ensure the efficiency of BigFix Inventory:

v Perform basic configuration
__ Important: Set up a proxy exception list for environments with proxy servers
__ Set up roles
__ Set up users
__ Optional: Configure mail notifications
v Configure the application to display inventory
__ Set up computer properties
__ Set up computer groups
__ Schedule the imports of scan data
__ Configure data retention period
__ Add VM managers
Apply important IBM updates - to support the processor-based pricing model, to keep your software inventory up-to-date,
and to increase the accuracy of automated bundling, perform the following tasks:
__ v Upload a PVU table
__ v Upload the latest software catalog
__ v Import part numbers
Set up scans - to ensure that data is gathered and uploaded to IBM BigFix Inventory, perform the following tasks:
__ v Enable software discovery
__ v Enable the software usage monitoring
__ v Rerun a data import
55
Installing IBM BigFix

BigFix Inventory runs on top of IBM BigFix, therefore the installation of this platform is a prerequisite.
You can either refer to the diagram that shows the installation flow with links to external resources, or
you can check the installation scenarios that describe the most common paths for installing IBM BigFix.
Installation diagram
Complete the installation steps to install the IBM BigFix server, console, and clients.
Start the installation
IBM BigFix is a prerequisite for BigFix Inventory. Access

the Passport Advantage Portal, download the packages
for IBM BigFix, and install the platform either on
Windows or on Linux.
Download IBM BigFix
2. Create the license authorization file.
Create the license authorization file
Linux
What operating
system do you want to install
the IBM BigFix
server on?
Install DB2
for IBM BigFix
Request a certificate,
create the masthead,
and install the server
on Linux
Install the IBM BigFix

console
The license file contains deployment and licensing

information and is required to authorize and start the
installation of IBM BigFix.
3. Install a database for IBM BigFix.
Windows
Install MS SQL
for IBM BigFix
Request a certificate
and create
the masthead
Install the server

on Windows
Install the IBM BigFix

console
Install IBM BigFix clients
1. Download IBM BigFix.
If you are installing IBM BigFix on Linux, you can use

DB2 10.5 that is bundled with the product. Otherwise,
you must have your own Microsoft SQL server installed.
4. Request a certificate and install the server:
v Linux
For Linux installations, you request a certificate and
create the masthead during the installation of IBM
BigFix primary server.
v Windows
For Windows installations, you must first request a
certificate and create the masthead. Then, you can
install the IBM BigFix primary server.
5. Install the IBM BigFix console.
The console can be installed only on a Windows
computer. However, there are separate procedures for
deploying the installer on Windows and Linux.
The console is an important component of IBM BigFix
that allows you to run fixlets on specific computers,
including a fixlet with the BigFix Inventory installer.
6. Install IBM BigFix clients.
Install BigFix Inventory
Install an IBM BigFix client on each computer that you

want to administer. To install BigFix Inventory, you need
at least two clients, one on the IBM BigFix server and one
on the computer prepared for the BigFix Inventory
installation.
7. Install BigFix Inventory.
Download the BigFix Inventory installer with a fixlet and
proceed with the installation.
Prerequisite tasks
Download the installation packages for IBM BigFix that are available on the Passport Advantage portal.
Then, create the license authorization file that is required for the installation.
56
Downloading IBM BigFix:

Before you can download the BigFix Inventory installer, you must download and install IBM BigFix from
the Passport Advantage portal.
About this task
After you download IBM BigFix, you create a license authorization file that allows you to use this
software free of charge for .
Procedure
1. Log in to the Passport Advantage portal.
2. In the area under the Navigation help tab, click Software download & media access.
3. In the lower part of the Software download & media access page, click IBM Endpoint Manager for
Software Use Analysis.
4. In the pop-up window that opens, select your preferred operating system and language for the
installation packages.
5. In the lower part of the Software download & media access page, select Required, and click the
Download button.
6. In the Download options and terms pop-up window, select the download location, the preferred
download method, select I agree to the terms and conditions and click Download Now.
7. On the new page, click the displayed links to download the IBM BigFix packages.
v To install IBM BigFix on Windows with an existing instance of MS SQL Server or on Red Hat Linux
with an existing instance of DB2, download the following package:
Description
File name
IBM BigFix Platform Installer V9.2.0 for Multiplatforms

Multilingual
IEM_Pltfrm_Install_V92.zip
Note: You must have your own SQL server installed.

v To install IBM BigFix and DB2 on a single computer running on Linux, download the following
package:
Description
File name
IBM BigFix Platform Installer V9.2.0 for Linux and DB2

Multilingual
IEM_Pltfrm_Install_V92_Lnx_DB2.tgz
v To install IBM BigFix and DB2 on separate computers running on Linux, download the following
package:
Description
File name
IBM BigFix Platform Installer V9.2.0 for Multiplatforms

Multilingual
IEM_Pltfrm_Install_V92.zip
To obtain part numbers of the installation packages, read the download document for BigFix 9.2.
What to do next
Create the license file that is required to authorize your installation.
57
Creating the license authorization file:

After you order BigFix Inventory on the Passport Advantage portal, you will receive a welcome email
with the instructions about how to access the IBM BigFix License Key Center. This site is an online
license key delivery and management service that allows you to obtain the license keys that you need to
use your product. Access the site and create the license authorization file that contains deployment and
licensing information and is used during the installation of IBM BigFix to create your license files and
certificates.
Procedure
1. Access the License Key Center.
2. Enter your email address and the password that you received in the welcome email.
3. For each product, specify the allocated client quantity. If you leave 0, you cannot install the related
product.
58
What to do next
You are ready to install IBM BigFix. Follow the installation map or use one of the dedicated scenarios.
Installation scenarios
The scenarios show the most common paths for installing IBM BigFix on Windows or on Linux.
Installing on Windows:
This scenario shows how to install the IBM BigFix server, console, and client on a single computer that
runs Windows.
Before you begin
1. Install Microsoft SQL Server.
2. Download IBM BigFix for Windows. See Downloading IBM BigFix.
About this task
This is an exemplary scenario that aims at showing the most common installation path for Windows. If
this scenario does not fit your specific environment or if you need more information about each step or
other installation tasks, see the Installation diagram that contains links to original documents in the IBM
BigFix documentation.
Procedure
1. Extract the package with installation files and then run setup.exe. When prompted, choose the
Production installation.
59
2. After reading and accepting the license agreement, select I want to install with an IBM Endpoint
Manager license authorization file.
3. Specify the location of your license authorization file and then click Next.
4. Enter the DNS name or IP address of the computer on which you want to install IBM BigFix. Click
Next.
5. Create a key pair that will be used to authorize all users of IBM BigFix. Enter your password and
choose the key size. Click Create.
6. Save your private key (license.pvk) file in a secure folder. Click OK.
Note: If you lose the private key file, a new license certificate needs to be created, which requires a
completely new installation.
7. Submit the request to IBM to obtain the license certificate:
v If your server can access the Internet, select the first option. The request will be submitted
automatically.
v If your server cannot access the Internet, select the second option and submit the request
manually:
a. The request.BESLicenseRequest is generated and saved to a chosen folder. Copy this request
to a computer with Internet access.
b. On the computer with Internet access, go to http://support.bigfix.com/bes/forms/
BESLicenseRequestHandler.html and submit the request file.
c. The license.crt file was saved to your computer. Copy it back to your IBM BigFix server.
d. Return to the installation and click Import to import the certificate. Then click Create.
8. Enter the parameters of the masthead file that contains configuration and license information. Then
click OK.
60
9. Choose the destination folder for IBM BigFix component installers. Click Next.
10. After the component installers are deployed, click Finish. The Installation Guide is launched to lead
you through the installation of IBM BigFix components - Server, Console, and Client.
11. Install the IBM BigFix server:

a. In the Installation Guide, click Install Server and then click Install the Server on this computer.
b. Choose the language and click OK. On the welcome screen, click Next.
c. A dialog displays a list of server components to be installed. In general, accept the default
components and click Next.
d. Choose Single or Master database and then click Next.
e. Choose Use Local Database and click Next.
61
f. Specify the installation location and click Next to continue.

g. The Server Properties dialog prompts you to enter a location for the server web root folder. You
can leave the default value. Click Next.
h. The Web Reports Properties dialog prompts you to enter a location for the Web Reports web root
folder and the port number to use. You can leave the default values. Click Next.
i. Review the installation parameters and click Next.
j. Specify the location of your license.pvk file and then enter the password that you specified in
step 5. Click OK to continue.
k. Create an account that will be used to log in to the IBM BigFix console, by default IEMAdmin.
Click OK.
l. Click Finish to complete the installation.
12. Install the IBM BigFix console:
a. In the Installation Guide, click Install Console and then click Install the Console on this
computer.
c. Specify the installation location for the console and click Next to continue. Then click Install to
start the installation.
d. When the installation completes, click Finish. You can now choose to launch the console or
continue to installing the client.
Tip: You can log in to the console with the user created in step 11k. The default user is IEMAdmin.
13. Install the IBM BigFix client:
a. In the Installation Guide, click Install Clients and then click Install the Client on this computer.
c. Specify the installation location for the client and click Next to continue. Then click Install to
start the installation.
d. When the installation completes, click Finish.
14. Install a BigFix client on the server where you want to install BigFix Inventory.
What to do next
Installing on Linux:
This scenario shows how to install the IBM BigFix server, client, and a DB2 database on a single
computer that runs Linux. A Windows computer is also required to install the BigFix console.
Before you begin
1. Download the combined package with IBM BigFix and DB2 for Linux. See Downloading IBM BigFix.
About this task
This is an exemplary scenario that aims at showing the most common installation path for Linux. If this
scenario does not fit your specific environment or if you need more information about each step or other
installation tasks, see the Installation diagram that contains links to original documents in the IBM BigFix
documentation.
62
Procedure
1. Extract the package with installation files:
tar xvf installation_package
2. From the extracted directory, go to ServerInstaller_n.n.nnn.n-rhe6.x86_64 and run the installation

script:
./install.sh
3. Enter 1 to accept the license agreement.

4. Enter 2 to choose the Production installation.
Select Install Type
[1] Evaluation: Request a free evaluation license from IBM Corp.
This license allows you to install a fully functional copy of the
IBM BigFix on up to 30 clients, for a period of 30 days.
[2] Production: Install using a production license or an authorization
for a production license
Choose one of the options above or press Enter to accept the default
5. Enter 1 to install all BigFix components:

Select the IBM BigFix Features you want to install:
[1] All Components (Server, Client, and WebReports)
[2] Server and Client Only
[3] WebReports Only
Choose one of the options above or press <Enter> to accept the default: [1]
6. Enter 1 to create a single or Master database.

Select Database Replication:
[1] Single or Master Database
[2] Replicated Database
7. Enter 1 to use a local instance of DB2.

Select Database:
[1] Use Local Database
[2] Use Remote Database
8. Enter the installation location for IBM BigFix.

Choose the Web Servers Root Folder:
Specify the location for the Web Servers Root Folder or
press <Enter> to accept the default: /var/opt/BESServer
9. Enter the location where the Web Reports server stores its files.
Choose the WebReports Servers Root Folder:
Specify the location for the WebReports Servers Root Folder or
press <Enter> to accept the default: /var/opt/BESWebReportsServer
10. Enter the port number for Web Reports.

Choose the WebReports Servers Port:
Specify the Port Number or press <Enter> to accept the default: 80
11. The installer checks if DB2 is installed on your server. Enter 1 to automatically install it from the files
that are bundled with IBM BigFix.
DB2 Installation Check
The installer does not detect DB2 as installed on the system. Determine which
of the options corresponds to your installation:
[1] DB2 is not installed, install it
[2] DB2 is installed, use the installed instance
[3] Exit from the installation
12. Default settings containing DB2 users and installation path are listed. Enter 1 to accept them and
proceed with the installation.
DB2 Installation
DB2 will be installed using the following settings:
DB2 Instance owner: db2inst1
63
DB2 Fenced user: db2fenc1

DB2 Administration Server user: dasusr1
DB2 communication port: 50000
DB2 Installation directory: /opt/ibm/db2/V10.5
If you need to use settings different from those proposed above, you can
specify them in the installation response file. Refer to the product
documentation for further details.
[1] Proceed installing also DB2
[2] Exit from the installation
13. Specify the password for the DB2 Administrative users.

DB2 Administrative User Password:
Specify the password for the DB2 Administrative users:
14. Enter the user name and password for the initial administrative user of IBM BigFix or press Enter to
use the default IEMAdmin. This user is required to log in to the BigFix console.
15. Enter 1 to run the installation using a license authorization file that you created before the
installation.
Choose
[1] I
[2] I
[3] I
the setup type that best suits your needs:

want to install with a BES license authorization file
want to install with a Production license that I already have
want to install with an existing masthead
16. Specify the location of your license authorization file.

License Authorization Location
Enter the location of the license authorization file that you received
from IBM or press <Enter> to accept the default:
./license/LicenseAuthorization.BESLicenseAuthorization
17. Specify the DNS name or IP address of the server on which you are performing the installation.
18. Specify the Site Admin Private Key Password.
19. Specify the key size to encrypt the credentials:
Key Size Level
Provide the key size that you want to use:
[1] Min Level (2048 bits)
[2] Max Level (4096 bits)
20. Specify the License folder where the installation generates and saves the license files.
21. Submit the request to IBM to obtain the license certificate:
v If your server can access the Internet, enter 1. The request will be submitted automatically.
v If your server cannot access the Internet, enter 2 and submit the request manually:
a. The request.BESLicenseRequest is generated and saved to a folder with your license files.
Copy this request to a computer with Internet access.
b. On the computer with Internet access, go to http://support.bigfix.com/bes/forms/
BESLicenseRequestHandler.html and submit the request file.
c. The license.crt file is saved to your computer. Copy it back to your IBM BigFix server.
d. Return to the installation and enter 1 to import the certificate and continue with the
installation.
22. Accept the default masthead values:
Server Port Number: 52311
Use of FIPS 140-2 compliant cryptography: Disabled
Gather Interval: 1 Day
Initial Action Lock: Unlocked
Action Lock Controller: Console
Action Lock exemptions: Disabled
23. When the installation is complete, install the BigFix console:

a. Go to /var/opt/BESInstallers.
b. Copy the Console folder to a Windows computer.
64
c. On a Windows computer, run setup.exe and follow instructions in the wizard.

24. Install a BigFix client on the server where you want to install BigFix Inventory.
What to do next
Installing the IBM BigFix clients

Install the IBM BigFix client on every computer in your network that you want to administer.
Installation methods
The methods for installing the clients vary depending on the operating system. Even if you install
IBM BigFix on Linux, you might need to install some of the clients on Windows if your network
consists of such computers. For more information, see Installing clients on Windows computers
and Installing clients on Linux and UNIX computers. If you are not sure which installation
method to choose, install the client manually. For more information, see the installation
instructions for manually installing the clients on Windows and UNIX.
Installation packages
The IBM BigFix installation image available on the Passport Advantage contains client installers
that are listed in Table 38. Alternatively, you can download the client installation packages from
the BigFix support web page.
Table 38. IBM BigFix agent installers for BigFix Inventory
Installation package
Operating
system
Platform
Installer files available in the agents directory
IBM BigFix Platform Installer

V9.2.0 for Multiplatform
Multilingual
AIX
Power PC
BESAgent-9.2.0.363.ppc64_aix61.pkg
HP-UX
PA-RISC
BESAgent-9.2.0.363.pa_risc_hpux1111.depot
v Part number: CN1QXML
Mac OS X
x86-64
v BESAgent-9.2.1.48-BigFix_MacOSX10.6.dmg
v File name:
IEM_Pltfrm_Install_V92.zip Red Hat
Linux
SUSE Linux
v BESAgent-9.2.1.48-BigFix_MacOSX10.6.pkg
x86, x86-64
v BESAgent-9.2.0.363-rhe5.i686.rpm
v BESAgent-9.2.0.363-rhe5.x86_64.rpm
POWER
BESAgent-9.2.0.363-rhe5.ppc64.rpm
Linux on
System z
BESAgent-9.2.0.363-rhe5.s390x.rpm
x86, x86-64
v BESAgent-9.2.0.363-sle11.i686.rpm
v BESAgent-9.2.0.363-sle11.x86_64.rpm
v BESAgent-9.2.0.363-sle10.i686.rpm
v BESAgent-9.2.0.363-sle9.x86_64.rpm
Oracle Solaris
POWER
BESAgent-9.2.0.363-sle10.ppc64.rpm
Linux on
System z
BESAgent-9.2.0.363-sle10.s390x.rpm
SPARC
v BESAgent-9.2.0.363.sparc_sol11.pkg
v BESAgent-9.2.0.363.sparc_sol10.pkg
x86, x86-64
v BESAgent-9.2.0.363.x86_sol11.pkg
v BESAgent-9.2.0.363.x86_sol10.pkg
Microsoft
Windows
x86, x86-64
BigFix-BES-Client-9.2.0.363.exe
65
Agent installation on Oracle Solaris Logical Domains:

When you install agents on Local Domains, you must install the agents on all the required operating
systems and domains.
The following diagram shows which operating systems an agent must be installed on for each target
operating system. For example, if you need an agent to be installed on operating system 4, it must also
be installed on operating systems 1 and 3. If you need an agent to be installed on operating system 2, it
must also be installed on operating system 1.
Oracle server
Logical Domain A
(Control Domain)
Logical Domain
B
Logical Domain B
Operating system 1
Global Zone
Operating system 3
Global Zone
Operating system 2
Local Zone
Operating system 4
Local Zone
In the following example, if you have an application that you want to detect on operating system 4 (local
zone on a Logical Domain that is not the Control Domain) then the agent must be installed on operating
system 4. The agent must also be installed on operating system 1 (Control Domain, global zone) and
operating system 3 (Logical Domain, global zone of operating system 4). If you have an application that
you want to detect only on operating system 2, then you must install the agent on operating systems 2
and 1.
Oracle server
Logical Domain A
(Control Domain)
Endpoint
Manager
client
Operating
system 1
Global Zone
Operating
system 3
Global Zone
Endpoint
Manager
client
Operating
system 2
Local Zone
Operating
system 4
Local Zone
Application
66
Logical Domain B
Logical Domain B
Oracle server
Logical Domain A
(Control Domain)
Endpoint
Manager
client
Operating
system 1
Global Zone
Operating
system 2
Local Zone
Logical Domain B
Logical Domain B
Endpoint
Manager
client
Operating
system 3
Global Zone
Endpoint
Manager
client
Operating
system 4
Local Zone
Application
Installing BigFix Inventory

BigFix Inventory can be installed either on Red Hat Enterprise Linux with a DB2 database or on
Windows with SQL Server. The application installer can be downloaded from the fixlet site after you
enable it on your IBM BigFix server.
67
Installation diagram
Complete the installation steps to install BigFix Inventory.
Start the installation
1. Subscribe to the fixlet site.

Log in to the IBM BigFix console and enable the fixlet site
for BigFix Inventory. The fixlet site contains fixlets, tasks,
and analyses that are required to download the
application and then configure it. You can also use it to
download the latest software catalog.
Subscribe to the fixlet site
Download BigFix Inventory
2. Download BigFix Inventory.

Log in to the IBM BigFix console, open the dashboard,
and download the BigFix Inventory installer to the chosen
endpoint.
Install database software
3. Install database software.

What is your
preferred installation
method?
Interactive
installation
Install the server
in interactive
mode
Depending on the operating system that you chose for

BigFix Inventory, either install DB2 or SQL Server.
Silent
installation
Install the server

in silent
mode
4. Install the BigFix Inventory server in interactive or in

silent mode.
After you download the installer to the chosen endpoint
and fulfill all the prerequisites, you can install the server.
BigFix Inventory can be installed either on Red Hat
Enterprise Linux with a DB2 database or on Windows
with SQL Server.
5. Configure the database connections.
Configure the database

connections
Install Software Knowledge Base

Toolkit
(optional)
Stage 3
Configure the application
When the installation is complete, configure the

connections between BigFix Inventory and IBM BigFix
and its database. During this task, you also create a
database for BigFix Inventory and specify the
administrative user.
6. (Optional) Install Software Knowledge Base Toolkit.
If you use the software catalog that is embedded in
BigFix Inventory and the simple catalog management
functionality is sufficient for your infrastructure, you do
not need to install Software Knowledge Base Toolkit. You
can install it later if needed.
7. Configure the application.
When BigFix Inventory is installed and the connections
specified, you can move to configuring the application.
Prerequisite tasks
Subscribe to the BigFix Inventory fixlet site so that you can download the application installer to a chosen
endpoint, and then install database software.
Subscribing to fixlet sites:
Subscribe your computers to the BigFix Inventory fixlet site to get access to fixlets, tasks, and analyses
that are required to work with the application.
Before you begin
Your IBM BigFix server must have Internet access if you want to enable the fixlet site and download the
content. If your server is in a separated network, see Downloading files in air-gapped environments.
68
About this task

The fixlet site contains fixlets, tasks, and analyses that are used to perform various actions related to
BigFix Inventory. You can use them to download the BigFix Inventory installer, configure and initiate
software scans, or update the software catalog.
Procedure
2. In the bottom-left corner of the console, click BigFix Management.
3. In the left navigation bar, click License Overview.
4. In the pane on the right, locate the entry called BigFix Inventory and accept the license agreement.
5. From the list of available sites, enable the IBM BigFix Inventory site.
6. Subscribe all your computers to the fixlet site:
a. In the bottom-left corner of the console, click All Content.
b. In the left navigation bar, expand Sites > External Sites and select the IBM BigFix Inventory site.
c. In the pane on the right, click the Computer Subscriptions tab and select All Computers.
d. Click Save Changes.
Downloading files in air-gapped environments:
If your IBM BigFix server cannot access the Internet, use the Airgap tool to enable the fixlet site that
contains fixlets required to work with BigFix Inventory. When the site is enabled and the content loaded,
you must also use the BES Download Cacher to download and cache on your server all the files that are
typically downloaded by fixlets from the Internet.
69
Downloading the content on Windows:

Download the content of the fixlet site if your IBM BigFix server is installed on Windows.
Procedure
1. From the IBM BigFix server installation directory, run the BESAirgapTool.exe file. When prompted,
save the files to an Airgap folder.
2. Copy the created files to a Windows computer with Internet access.
3. On the computer with Internet access, run BESAirgapTool.exe. This action exchanges the request file
for a response file.
4. Copy the AirgapResponse file back to your IBM BigFix server and place it in the Airgap folder. Run
BESAirgapTool.exe. The response is loaded into the server.
6. Again, from the Airgap folder on the IBM BigFix server, run BESAirgapTool.exe to create a new
request. The request is needed to load the fixlets into the site. Copy the files to the computer with
Internet access.
7. Repeat steps 3-4.
What to do next
Cache the files and move them to the server.
Downloading the content on Linux:
Download the content of the fixlet site if your IBM BigFix server is installed on Linux.
Before you begin
v You need a Windows computer with Internet access.
v Download the Airgap tool to your Windows computer. Go to Utilities and download TEM Airgap Tool.
Procedure
1. Open the Linux Terminal and enter the following commands to run the Airgap tool:
cd /opt/BESServer/bin
./Airgap.sh -run
2. The Airgap tool creates the airgap.tar file. Extract it with the following command:
tar xvf airgap.tar
3. Copy the extracted AirgapRequest.xml file to your Windows computer and place it in the folder that
contains the downloaded BESAirgapTool.exe file.
4. On the Windows computer, run BESAirgapTool.exe. This action exchanges the request file for a
response file.
5. Copy the AirgapResponse file, generated by BESAirgapTool.exe, to your IBM BigFix server and place it
in the /opt/BESServer/bin directory.
6. Again, run the Airgap Tool on the Linux computer:
./Airgap.sh -run

8. Repeat steps 1-6 to load fixlets into the site.
What to do next
Cache the files and move them to the server.
70
Caching the files:

Typically, all fixlets, tasks, and analyses download the required files from the Internet. However, in a
separated network, all those files must first be cached and moved to the server so that they are always
available to fixlets.
Before you begin
v You need a Windows computer with Internet access.
v Download the BES Download Cacher to your Windows computer. Go to Utilities and download TEM
Download Cacher.
Procedure
1. Log in to your IBM BigFix console.
2. In the navigation bar, expand Sites > External Sites and select the IBM BigFix Inventory site.
3. In the pane on the right, click the Computer Subscriptions tab and select All Computers. Click Save
Changes.
This step is required to subscribe your endpoints to the IBM BigFix Inventory fixlet site. After you do
that, the IBM BigFix Inventory.efxm file is created on the server.
4. Go to the following location on your IBM BigFix server.
Installation_dir\BES Server\wwwrootbes\bfsites
5. From the most recent fixlet site, copy the IBM BigFix Inventory.efxm to a Windows computer and
place it in C:\BigFix.
6. On Windows, go to C:\BigFix and create a folder called downloads.
7. Run the downloaded BES Download Cacher with the following command:
BESDownloadCacher.exe -m "C:\BigFix\IBM BigFix Inventory.efxm"
-x C:\BigFix\downloads
The BES Download Cacher downloads 1 GB of required files.

8. Optional: The default cache size is enough if you use only the IBM BigFix Inventory fixlet site.
However, if you plan to run fixlets from other sites, such as BES Support, increase the cache size so
that the IBM BigFix server does not try to delete any files:
a. In the left navigation bar of the IBM BigFix console, click Computers and select your IBM BigFix
server from the list.
b. Right-click on the server and then click Edit Computer Settings.
c. Increase the value of the _BESGather_Download_CacheLimitMB setting. If the setting is not on the
list, add it and specify the value in MB.
Tip: The size depends on each fixlet site, however you might need to increase it to at least a
couple of gigabytes.
9. Copy the contents of the downloads folder into the following directory on your IBM BigFix server:
Installation dir\BES Server\wwwrootbes\bfmirror\downloads\sha1
Results
After the files are cached in the BigFix server sha1 folder, they are automatically delivered to the BigFix
relays and clients every time you use a related fixlet. Use both the Airgap tool and the BES Download
Cacher periodically to make sure that the content of your fixlet site is always up-to-date.
Downloading BigFix Inventory:
The BigFix Inventory installer can be deployed to a specified computer by using the BigFix dashboard.
Type of the installer, either for Windows or for Linux, is chosen automatically based on the operating
system of the computer where you deploy it.
71
Before you begin

v Install a BigFix client on the target computer. The required version of the client is 8.2 or higher.
Procedure
2. In the navigation bar, click Sites > External Sites > IBM BigFix Inventory > Dashboards > BigFix
Inventory.
Tip: If you encounter any problems with the dashboard, you can also deploy the installer by using
the Download BigFix Inventory task in the Fixlets and Tasks section.
3. Select a computer to which you want to download the installer, and click Deploy Installer.
4. When the download completes, click Continue.
5. Go to the computer where you downloaded the installer.
Results
The BigFix Inventory installer was downloaded to one of the following locations on the specified
computer:
BES Installers\BFI_installer. The default location of BES Installers is C:\Program Files
(x86)\BigFix Enterprise.
Windows
Linux
user_directory/BFI_installer, where user_directory is the directory of the user who installed
the BigFix client.
What to do next
Before you start the installation, install database software.
Installing database software:
Depending on the operating system that you chose for the installation of BigFix Inventory, install either
SQL Server or DB2.
Windows icon Installing SQL Server:
BigFix Inventory installed on Windows requires SQL Server as database software.
Procedure
v To read about installing, see Installing SQL Server.
v To watch a video, see Video tutorials.
Linux icon Installing DB2:
BigFix Inventory installed on Red Hat Enterprise Linux requires DB2 as database software.
About this task
The DB2 database can be installed on Linux or AIX. For more information, see: Supported operating
systems on page 25. For information about DB2 packages and the part numbers, see Downloading IBM
BigFix on page 57.
72
This is an exemplary scenario that shows how to install DB2 10.5 that is bundled with the product on
Linux. For more information about each step or other installation options, see the documentation for DB2
10.1 or DB2 10.5.
Procedure
1. Extract the installation files:
tar xvf installation_package
2. Go to the directory with extracted installation files and run the following command:
./db2setup
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
In the navigation bar of the DB2 Setup Launchpad, click Install a Product.
Scroll down and click Install New under DB2 Workgroup Server Edition.
Read and accept the license agreement. Click Next.
Select the installation type and click Next.
Select Install DB2 Server Edition on this computer and save my settings in a response file. Click
Next.
Specify the installation directory. Click Next.
Create a user for the DB2 Administration Server. Click Next.
Select Create a DB2 instance and then click Next.
Select Single partition instance and then click Next.
Create the DB2 instance owner. This user will be needed when specifying connections between IBM
BigFix and BigFix Inventory. Then, click Next.
Create the fenced user and then click Next.
Set up your DB2 server to send notifications or select the second check box to omit this step. Click
Next.
Review the settings and click Finish. The installation is started.
When the installation is complete, add a license file to extend your license:
a. From the directory with extracted installation files, go to /db2/license.
b. Copy the db2wse_o.lic file to the home directory of DB2 instance owner (/home/db2inst1).
c. Open the Terminal and switch the user to DB2 instance owner:
su - db2inst1
d. Add the license file to your installation:

db2licm -a db2wse_o.lic
Results
The installation of DB2 is complete. The default location is /opt/ibm/db2.
Installing in interactive mode

Use the installation wizard to specify all parameters as the installation proceeds.
Before you begin

Windows
v Log in as user with administrative privileges and run the installer with the option run as
administrator.
Linux
v Ensure that a graphical user interface is available, and the X server is properly configured on
the computer where you want to install BigFix Inventory. The DISPLAY variable must be set
properly, too. Otherwise, use silent mode.
73
v Start the installation as root, otherwise the server is not registered as a system service.
v The use of sudo is not supported.
Procedure
1. In the directory where you extracted the installation files, run one of the following files to start the
installation:
v
Windows
Linux
setup-server-windows-x86_64.bat
setup-server-linux-x86_64.sh
Tip: If you encounter a slow installation, check the following items:

v Check the performance and speed of the hard disk.
v Check whether the antivirus is scanning each file separately as it might slow down packaging. If
that is the case, turn off the antivirus. If the antivirus cannot be turned off, expect the installation to
be slower.
2. Select the language of the installation and click OK. The installation wizard starts, and the welcome
panel opens. Click Next.
If you cannot choose your language in the installation wizard, set the system locale to a chosen
language. For more information, see Troubleshooting.
3. Read the terms of the license agreement, and if you accept them all, click Next.
4. Follow the instructions on the panels and provide all the necessary installation parameters.
5.
Windows
On the last panel, specify the user account for running the application service.
Local System account

The service runs under the NT AUTHORITY\SYSTEM user, which has all required rights.
Other account
The user must have the log on as a service right and administrative privileges. The User
Account Control in Windows must be reduced or disabled, because it might block the service
from starting. The user must be entered as domain\username, machine\username, or .\username
if it is a local account.
74
Important: To use Windows authentication to access the database, the service owner chosen on this
panel must be available both to BigFix Inventory and the relevant database server for which you use
this authentication. For local databases, you can use Local System account, but for remote ones it
must be a domain user that is shared between the two servers.
6. When the installation is complete, click Done to exit the wizard.
Tip: If you encountered problems during the installation, analyze the log file that is in one of the
following directories:
v
Windows
Linux
%USERPROFILE%/SUA9.2
$HOME/SUA9.2
Results
The BigFix Inventory server is installed and the initial configuration opens in the browser. If you do not
have a browser installed or want to complete the configuration from a different computer, go to
https://hostname:port.
What to do next
Step 3: Configure connections.
Installing in silent mode

As an alternative to using the installation wizard, you can specify parameters in a response file and start
the installation from the command line.
Before you begin

Windows
v Log in as user with administrative privileges and start the command prompt or PowerShell
with the run as administrator option.
Linux
v Start the installation as root, otherwise the server is not registered as a system service.
v The use of sudo is not supported.
Procedure
1. Go to the directory where you extracted the installation files.
2. Read the license agreement in the /license/your_language/license.txt file.
3. Edit the install_response.txt response file and adjust it to your installation. For more information
about parameters in this file, see Server installation response file.
Important: Ensure that the RSP_LICENSE_ACCEPTED parameter is uncommented and set to true. If you
do not accept the license, the installation fails.
4. Start the command line and change to the directory with installation files. To start the installation, run
one of the following commands:
v
v
Windows
setup-server-windows-x86_64.bat f response_file_path i silent
setup-server-linux-x86_64.sh f response_file_path i silent

Where response_file_path is the absolute path to the response file you are using.
Example:
Linux
setup-server-linux-x86_64.sh -f /tmp/images/install_response.txt -i silent
75
Tip: Use the -h option to view help information about usage of the script, for example:
setup-server-linux-x86_64.sh -h.
Tip: If you encounter a slow installation, check the following items:
Check the performance and speed of the hard disk.
Check whether the antivirus is scanning each file separately as it might slow down packaging. If
that is the case, turn off the antivirus. If the antivirus cannot be turned off, expect the installation
to be slower.
What to do next
To access the BigFix Inventory user interface and complete the initial configuration, go to
https://hostname:port. For more information, see Step 3: Configuring connections.
Server installation response file:
The response file provides input parameters that are used when you install the server in silent mode.
Table 39. Common response file parameters.
Parameter
Parameter key name
Default
Description
License agreement
acceptance
RSP_LICENSE_ACCEPTED
Disabling
prerequisite
checking warnings
RSP_DISABLE_PREREQ_WARNINGS
false
Delete the first hash (#) that flags this statement as a comment. The installation fails if you do
not explicitly agree with the license agreement by changing this statement from comment
status.
false (the warnings are enabled)
If the server does not have enough memory or processor cores, the silent installation fails. You
can change this behavior by setting the value to true. The installation can complete even if the
requirements are not fulfilled, however lacking resources might impact performance.
Installation location RSP_TLM_ROOT
Linux
Windows
/opt/ibm/BFI
C:\Program Files\ibm\BFI
Specify an empty directory where the server is to be installed. If the directory does not exist, it
is created.
Port that is used by RSP_TLM_HTTPS_PORT
9081
the server
If you do not specify the port number, a default value will be used.
Note: If the selected port is already used by a different application, the installation fails.
Disabling
communication
warnings
76
RSP_DISABLE_COMMUNICATION_WARNINGS
false
If any of the ports that you specified in the RSP_TLM_HTTPS_PORT is locked by another
application, silent installation fails. To specify a port that is temporarily used but will be
available later, set the RSP_DISABLE_COMMUNICATION_WARNINGS parameter to true.
Table 39. Common response file parameters (continued).

Parameter
Parameter key name
Default
Description
Windows
User
name and
password
RSP_USER_ACCOUNT
current
RSP_USER_ACCOUNT_PWD
Specify the user account for running the application service. The user must have the log on as
a service right and administrative privileges. The User Account Control in Windows must be
reduced or disabled, because it might block the service from starting. The user must be entered
as domain\username, machine\username, or .\username if it is a local account. If you leave
current, the service runs under the NT AUTHORITY\SYSTEM user, which has all required rights.
Important: To use Windows authentication to access the database, the service owner chosen
here must be available both to BigFix Inventory and the relevant database server for which you
use this authentication. For local databases, you can use current, but for remote ones it must be
a domain user that is shared between the two servers.
Configuring BigFix Inventory connections

BigFix Inventory connects with two databases: its own database that, among others, stores information
about the software catalog, and the IBM BigFix database that stores data from the endpoints. Optionally,
you can configure a connection to the Web Reports database to give the Web Reports users access to
BigFix Inventory.
Before you begin

Windows
v Ensure that the SQL Server is installed and running.

Linux
v Ensure that the DB2 server is installed and running.

v During the installation of IBM BigFix, the number of active databases on the DB2 server is
limited to 2. To use the same DB2 for BigFix Inventory, increase the number of active databases
to at least 3. Log in as the DB2 instance owner, run the following command, and then restart
the server:
db2 update dbm cfg using NUMDB number_of_active_databases
Procedure
1. Create a BigFix Inventory database.
BigFix Inventory installed on Windows requires SQL Server as a database.
a. Enter the host name of the database server.
Windows
Note: If you want to configure a named instance or specify a non-default port, provide the host
name in the following format:
v hostname\instance_name, for example localhost\MyInstance
v hostname:port_number, for example localhost:1444
b. Enter the name of the application database.
c. Select the authentication mode.
Windows Authentication
In this mode, you authenticate with a Windows user. It is the same user that you specified
as the service owner during the installation. This mode has two restrictions:
Important:
77
v SQL Server 2012: If during the installation you chose Local System account as the
service owner, you must give either the dbcreator or sysadmin role to the NT
AUTHORITY\SYSTEM user in SQL Server.
v If SQL Server is installed on the same computer as BigFix Inventory, enter the database
host name without its domain name (FQDN) or use localhost instead. The host name
can be specified as NC1985110 or localhost, but not NC1985110.domain.com or
198.50.100.
SQL Server Authentication
In this mode, you authenticate with an SQL Server user. The user must have either the
dbcreator or sysadmin role in SQL Server.
This mode must be enabled in SQL Server. For more information, see Enabling the SQL
Server Authentication mode.
d. Click Create. The database instance is being created.
BigFix Inventory installed on Linux requires DB2 as a database.

a. If the DB2 server is installed on the same computer, select The application and the database are
on the same computer check box.
b. Provide the host name and port number of the computer where the DB2 server is installed and
specify the name for the application database. You can choose any name that meets the DB2
naming requirements.
c. Provide the operating systems user credentials that will be used for connecting to the database.
The user can be an instance owner.
Linux
78
Tip: Create a dedicated user for connecting to DB2.
If the DB2 server is installed on a separate computer, clear the The application and the database
are on the same computer check box, and complete the following extra steps:
d. Click Download Script. The script is used to create the database.
e. Move the script to the computer where the DB2 server is installed.
f. Run the script on the DB2 computer. The script creates a database that can be accessed by the user
that is specified in step 1d.
Important: The user who runs the script must have the SYSADM authority. You can use the DB2
Instance Owner.
g. When the database is created, return to the computer on which you are configuring BigFix
Inventory.
h. To create database objects, such as views and tables, click Create.
2. Create the administrator of BigFix Inventory.
79
3. Configure the connection to the IBM BigFix database. The database stores information about the
endpoints and data that they discover. Specify the host, port, database name, and credentials of the
user that can access the IBM BigFix server database.
Note: To use Windows authentication, IBM BigFix and BigFix Inventory must be installed on
Windows. The owner of the BigFix Inventory service must also be able to access this database.
4. Configure the connection to the IBM BigFix server. The host name or IP address, and the API port
number are automatically retrieved from the database. Specify only the administrative user that you
created while installing IBM BigFix (by default, IEMAdmin).
80
5. Optional: Configure the connection to the Web Reports database. Specify the database type, host
name, database name, and credentials of the Web Reports database user.
Note: To use Windows authentication, IBM BigFix and BigFix Inventory must be installed on
Windows. The owner of the BigFix Inventory service must also be able to access this database.
81
6. Click Create to create the connections. Connections to the databases are created and configured. A
new page opens and a message about the data import is displayed.
Important: If your environment consists of more than 50 000 endpoints, complete steps to enhance
the application performance before you run the import.
7. Click Import Now to run the initial import.
Note: The initial import might take a few hours, depending on your hardware capacity.
What to do next
Configure BigFix Inventory.
Related tasks
If you encounter any problems during the installation, you can check details related to the problem, fix it,
and then resume the installation. You can also check the list of installation return codes, or perform
additional tasks, such as changing the service owner, which might be useful if you installed BigFix
Inventory on Windows.
Resuming a stopped or failed BigFix Inventory installation:
You can rerun the installation during the preinstallation and installation stages. You can also use a
built-in function to diagnose the problem during the installation of the server.
About this task
There are different ways to rerun the installation and the solution depends on the phase during which
the problem occurred. If an error occurs during the preinstallation phase, you can restart the installation
and no additional actions are required. If you encounter an error during the installation phase, you have
two options. You can either remove the installation directory before you restart the installation, or use a
built-in function to diagnose and fix the problem.
82
Some configuration steps in the installation depend on other steps. If one of them fails, the execution of
the dependent step is also held. If an error occurs, the installation wizard continues running steps that do
not depend on the failed one. You can see the list of prerequisites for any step in the step properties
dialog. To open the dialog, double-click the step, or right-click it and select Details.
You can continue the installation and fix the problem at the end of the installation. You can also end it
and resolve the problem later, at a convenient time. It is not necessary to specify any special options - it is
enough to run the installation wizard again. It detects that the previous configuration attempt failed or
was interrupted and starts automatically in resume mode.
If you exited the installation wizard, run it again. It automatically starts the configuration.
Procedure
1. If you encounter a problem, double-click the line that contains the step name, or right-click it and
select Details. The line is indicated by a red icon.
2. Review the most important information that is displayed in the top area of the dialog window. The
dialog shows the name and location of a dedicated log file if it is applicable.
83
3. Review the information that is shown in either the Standard Output tab or, if applicable, Dedicated
log tab to determine the root cause of the problem.
Important: To reduce the performance load on the computer, the function that captures the dedicated
log file runs with the lowest possible priority. Thus, the Dedicated log tab does not always present
the most recent and detailed information. What is more, the end of the log file might not be shown. If
a failure occurs, check either the dedicated log whose location can be found in the step description, or
the msg_server.log file.
4. Fix the problem.
5. On the installation panel, right-click the line that shows the problem, then click Set > Ready (rerun
the step). The installer completes the step and the remaining dependent steps.
If you run the failed step outside the installation wizard, mark the step as completed successfully.
Note: If you cannot diagnose the problem and rerun the step manually, uninstall the product and try
to install it again.
6. Click Next. The Postinstallation Summary opens with information about installed components.
Server installation and uninstallation return codes:
If the server installation or uninstallation fails, check the return code to find the reason of the problem
and possible solutions.
The table lists return codes that are logged during the installation or uninstallation of the BigFix
Inventory server.
Table 40. Server installation and uninstallation return codes
Return code
84
Possible cause and solutions
The server was successfully installed.
An unexpected error occurred.
An unexpected exception occurred.
An internal error occurred. The installer failed to save the file with information that was collected
or generated during the preinstallation stage.
The installation was canceled.
A post-installation step was terminated before it was finished. Problems with resuming the
installation might occur.
11
Validation of the communication ports failed. Either the same port is specified for more than one
parameter or the specified port is in use. If you want to specify a port that is temporarily used
but will be available later, set the RSP_DISABLE_COMMUNICATION_WARNINGS parameter to true.
13
Validation of the license agreement, or the file path failed. Either the license agreement was not
accepted, the path to the installation response file is not absolute, or the command is too long. To
accept the license agreement, set the RSP_LICENSE_ACCEPTED parameter in the response file to true.
If the problem persists, ensure that you are specifying an absolute path, or move the files to a
different, simple directory to shorten the command, for example /root/BFI.
14
There is not enough space for the installation. To check how much free disk space is required to
proceed with the installation, see the following installation log: installation_directory/
BFI_9.2_timestamp_logs.tar.gz.
18
Validation of the installation path failed. Either the specified path is incorrect or the installation
directory is in read-only mode.
20
An unknown response file parameter was specified. Remove the parameter from the installation
response file.
21
The response file was not found. It is either empty or contains Windows line endings instead of
UNIX ones.
Table 40. Server installation and uninstallation return codes (continued)

Return code
23
The command-line interface or another application from the BigFix Inventory installation path is
still running. Either end the process manually or set the RSP_AUTO_CLOSE_PROCESSES parameter to
true.
26
An internal error occurred. Creation of the log directory failed.
27
It was impossible to recognize the environment, for example, installed products.
28
The upgrading scenario is not supported.
29
A part of BigFix Inventory that is already installed, is corrupted.
30
The uninstallation wizard could not find product information in registries. BigFix Inventory was
already uninstalled.
31
The host name was not obtained. To verify the host name, in the command-line interface, enter
the following command:
nslookup host_name
32
An exception was detected while reading the setup.ini file.
33
An attempt of creating a log directory in the installation path failed because a file called BFI9.2
already exists. To proceed with the installation, delete the file.
34
The log directory is in read-only mode.
35
The system TEMP environment variable does not point to a valid directory.
36
Installation in console mode is not supported. Use interactive or silent mode.
37
The required resources could not be extracted from the installation image.
38
The required resources could not be found inside the installation image.
41
The post-installation failed.
42
Another instance of the installer is already running.
46
The post-installation was interrupted.
50
Resuming a failed installation in silent mode is not supported.
55
All elements of the infrastructure are already installed.
59
An internal error occurred. Contact IBM support.
214
The uninstallation process could not connect to the X server. Verify that the DISPLAY variable is
properly set and points to a working X server.
Adding the log on as a service right:

When installing BigFix Inventory on Windows, you choose the owner of the BigFix Inventory service.
This user must have the log on as a service right.
Procedure
1. Click the Start button.
2. Expand Administrative Tools > Local Security Policy.
3. Expand Local Policies > User Rights Assignment.
4. Double-click on Log on as a service. The list of users who already have this right is displayed.
5. Click Add User or Group.
6. Enter the user name and click Check Names.
7. Click OK.
85
Results
You granted the user the log on as a service right. You can now use it as the owner of the application
service.
Changing the service owner:
You can change the owner of the BigFix Inventory service that you specified during the installation on
Windows. It might be required if you chose Local System account, yet connect to a remote database that
cannot use this account.
Before you begin
v Owner of the BigFix Inventory service must have the log on as a service right and administrative
privileges.
Procedure
1. Click the Start button.
2. Expand Administrative Tools > Services.
3. Double-click IBM BigFix Inventory version service.
4. Click the Log On tab.
5. Specify the account and click OK.
6. Restart the service.
Results
You changed the owner of the BigFix Inventory service.
Installing and configuring Software Knowledge Base Toolkit

Software Knowledge Base Toolkit is a repository of knowledge that supports the automated discovery of
software items that are installed within your IT infrastructure. It stores information about the software
titles that are used in your organization, their manufacturers, and license relationships between the
products.
Each software item that is stored in the repository conforms to one of the standardized signature formats
that is supported by the discovery infrastructure. The software knowledge base provides a link between
the identity of a software item including its name and version, and the signatures with which an installed
instance of that software item can be detected. The knowledge base data, gathered through research and
automated data analysis, is shared with BigFix Inventory in the form of software catalogs. The import of
these catalogs facilitates the asset management processes in your organization and reduces the risk of
license noncompliance.
Software Knowledge Base Toolkit is an optional component. If you use the software catalog that is
embedded in BigFix Inventory and the simple catalog management functionality is sufficient for your
infrastructure, you do not need to install Software Knowledge Base Toolkit. You can install it later if
needed.
Component architecture of Software Knowledge Base Toolkit

You can use the summary of Software Knowledge Base Toolkit architecture to become familiar with the
infrastructure of the application and the relationships between its components.
86
User interaction
IBM Tivoli Software Knowledge Base

Toolkit on embedded WebSphere
Application Server
GUI layer
Catalogs
Data exporter
External
database
Data editor
Data importer
Exchange format
Knowledge Base Content Management Server

Knowledge Base Content Management Server is a web-based interface that works with a
centralized repository and manages the content of the knowledge base. Access to the server is
role-based. The KB Content Management Server is deployed and runs in an embedded
WebSphere Application Server, which is accessible through the HTTP server. The KB Content
Management Server can be reached through a web browser such as:
v Internet Explorer 6.0 or higher
v Mozilla Firefox 2.0 or higher
The server runs on Windows, Linux, AIX, and Solaris.
Knowledge Base Content Management Server consists of the following components, all of which
run in embedded WebSphere Application Server V 6.1:
GUI layer
The GUI layer presents information to the user, and manages target computers and scans.
The user interface is described in the Abstract User Interface Markup Language (AUIML).
However, because the KB Content Management Server is a web-based application,
AUIML components are rendered to HTML and JavaScript so that they can be displayed
in a web browser.
Raw data analyzer
The analyzer navigates, manipulates, merges, and preprocesses raw data that is obtained
through scans performed on computer systems in a distributed software environment.
The analyst uses the component to derive an accurate definition of the software product
from the available data and construct a signature for that product. The analyzer also
supports conflict and uncertainty resolution for newly generated signatures and products.
The source data for the raw data analyzer are raw data, Tivoli License Compliance
Manager unknown data, and expectation lists.
Data exporter
The exporter supports the web user interface interactions through which catalogs are
generated from the current KB content.
Data importer
The importer supports the web user interface interactions through which the content of
the knowledge base is imported. The importer processes input documents to update the
knowledge base content, resolves conflicts between new data and the current KB content,
and generates import summaries.
87
Data editor
The editor is responsible for manual data management and content changes. It applies
business rules to perform the tasks and validates the information that is committed to the
knowledge base.
External database
The database stores the content of the application. Logically, raw data and the content of the
knowledge base are stored separately, but physically it is the same database. The database
contains information about the current KB content: manufacturers, software products and their
signatures, license relations between software products, and the history of changes in the KB
content. The database also stores imported raw data files. The content of the database can be
imported from external sources and exported as catalogs or canonical XML files. The source of
KB content can also comprise signatures and products that are generated by the raw data
analyzer.
Installing Software Knowledge Base Toolkit

You can use Software Knowledge Base Toolkit to maintain data about software items and the means to
discover them. You can also use it to export the data to different types of catalogs that can be then
imported into BigFix Inventory.
About this task

If the software catalog that is provided with BigFix Inventory is sufficient for your infrastructure, you do
not need to install Software Knowledge Base Toolkit. However, if you want to use the application, install
it before the first import of the catalog to BigFix Inventory.
When you upload the catalog to Software Knowledge Base Toolkit, it is assigned a unique version
number. The number is lower than the original version of the catalog that you uploaded. When you
publish the catalog in Software Knowledge Base Toolkit, the catalog version is lower than the version that
is uploaded to BigFix Inventory. Upload of a lower version of the catalog is not supported. Thus, if you
start using Software Knowledge Base Toolkit after the first import of the catalog to BigFix Inventory,
assistance of the IBM support will be needed to reconcile catalog versions.
Starting from application update 9.0.1.2, upload of a lower version of the catalog to BigFix Inventory is
supported. You can install and start using Software Knowledge Base Toolkit at any point in time without
the necessity of reconciling catalog versions.
Software Knowledge Base Toolkit can be installed on the following platforms:
v Windows Server 2003, 2008, or 2008 R2
v Red Hat Enterprise Linux 6
For more information, see Installation requirements.
Procedure
2. In the navigation bar, click Sites > External Sites > IBM BigFix Inventory > Dashboards > Software
Knowledge Base Toolkit.
3. Select the computer to which you want to download the installer, and click Deploy Installer.
4. When the download finishes, click Continue.
5. Log in to the computer on which the installer was downloaded, and go to the location where the
installer was deployed.
v
88
On 32-bit systems: \Program Files\BigFix Enterprise\BES Installers\BFI_installer.

On 64-bit systems: \Program Files (64)\BigFix Enterprise\BES Installers\BFI_installer.
Windows
Linux
install_user_directory/BFI_installer. The install_user_directory is the directory of
the user who installed the BigFix client.
6. Extract the installer package.
Windows
SwKBT_1_2_2.zip
Linux
v
SwKBT_1_2_2.tar.gz
7. Start the installation from the extracted directory.
Windows
You can run the installation in interactive mode with a wizard, or in silent mode with a
response file.
To install in interactive mode, double-click the setupwin32.exe file and follow the instructions in
the installation wizard.
To install in silent mode:
a. Edit the SwKBT_Unix_install.rsp response file and enter the parameters for your installation.
See Response file options.
b. Open the Windows command prompt, and enter the following command:
setupwin32.exe -silent -options SwKBT_Win_install.rsp
Linux
You can run the installation in interactive mode with a wizard, or in silent mode with a
response file.
To install in interactive mode, run the following command:
./setupLinux.bin
To install in silent mode:

a. Edit the SwKBT_Unix_install.rsp response file and enter the parameters for your installation.
See Response file options.
b. Run the following command:
./setupLinux.bin -silent -options SwKBT_Unix_install.rsp
What to do next
When the installation is complete:
1. Install Software Knowledge Base Toolkit 1.2.2 Interim Fix. 1.
2. Upgrade Java for WebSphere Application Server, used with Software Knowledge Base Toolkit .
After these steps are completed, you can access the Software Knowledge Base Toolkit dashboard at the
following URL: https://localhost:12344/ibm/console.
Configuring catalog servers

Software Knowledge Base Toolkit can serve as a catalog server. Before the first import, you can optionally
define the location of your software catalog server, so that BigFix Inventory can automatically gather
catalog updates from that server.
Before you begin

v
You must have the Manage Catalogs permission to perform this task.
v You must have Software Knowledge Base Toolkit installed in your infrastructure.
About this task

Configure the catalog server before the first import of the software catalog. Otherwise, assistance of the
IBM support will be needed to reconcile catalog versions.
Starting from application update 9.0.1.2, you can configure the catalog server at any point of time.
89
Procedure
1. In the top navigation bar, click Management > Catalog Servers. The default Software Knowledge
Base Toolkit host and port number are specified in the table.
2. To change the default settings, click the row in the table with the localhost:12344 server data, modify
the data, and click Save.
3. To verify that the connection is configured correctly, click Check Connection.
Results
You have configured your catalog server. The most recent publication is now automatically pulled in
from that catalog server during the import. Note that the software catalog must be published in Software
Knowledge Base Toolkit for the automated catalog update to be possible.
Uninstalling
You can uninstall the BigFix Inventory server, and scanners.
Uninstalling a scanner
If you no longer want to monitor software that is installed on a particular computer, uninstall the scanner
from the designated endpoint.
About this task

Important: If you see any discrepancies between the fixlets in your site and the fixlets described in the
documentation, check the version of your fixlet site and update it if necessary.
When you uninstall the scanner, expanded usage license metrics will no longer be collected from the
particular endpoints.
Procedure
1. Log in to BigFix console.
2. In the navigation bar, click Sites > External Sites > IBM BigFix Inventory > Fixlets and Tasks.
3. In the upper right pane, select Uninstall Scanner, and then in the lower pane, click Take Action.
4. Click the name of the computer from which you want to uninstall the scanner, and click OK.
90
Deactivating the analyses

You must deactivate all analyses when you uninstall IBM BigFix Inventory.
Procedure
1. On the left navigation bar of the BigFix console, click Sites > External Sites > IBM BigFix Inventory
> Analyses.
2. In the upper right pane, select all of the activated analyses, and click Deactivate.
Results
When deactivated, the status of each analysis is changed in the List Panel.
Uninstalling the server in interactive mode

You can use the uninstallation wizard to uninstall the BigFix Inventory server. The wizard does not
uninstall the database. It must be removed separately.
Before you begin

Windows
v Log in as the same user who installed the server and start the uninstallation with the option
run as administrator.
Linux
v A graphical user interface must be available, and the X server must be properly configured on
the computer from which you want to uninstall BigFix Inventory. The DISPLAY variable must be
set properly, too. Otherwise, use silent mode.
v Start the uninstallation as root.
Procedure
1. Log in to the computer where the BigFix Inventory server.
2. Go to one of the following installation directories:
v
Windows
C:\Program Files\IBM\BFI\Uninstall
Linux
v
/opt/ibm/BFI/Uninstall
3. Run one of the following files to uninstall the server:
Windows
uninstall.bat
91
Linux
v
uninstall.sh
4. Follow the instructions on the uninstallation wizard. When the uninstallation finishes, click Done. The
BigFix Inventory server is uninstalled but the database, user logins, and passwords are preserved.
5. Optional: To remove the database, complete the following steps:
DB2
Log in as the DB2 instance owner on the computer where the database is installed. From
the command-line interface, run the following commands.
db2 deactivate db database_name

db2 drop db database_name
Where database_name is the name of the database that you want to remove.
v SQL Server For more information, see Deleting a database.
6. Optional: If you want to remove the IBM BigFix server, see Removing the primary server.
Uninstalling the server in silent mode

You can uninstall BigFix Inventory silently by using a response file.
Before you begin

Windows
v Log in as the same user who installed the server and start the command-line window or
PowerShell with the run as administrator option.
Linux
v Start the uninstallation as root.
Procedure
1. Log in to the computer where the BigFix Inventory server is installed.
2. To modify the uninstallation parameters, go to the installation_path/Uninstall directory, open the
uninstall_response.txt file, and edit the parameters.
3. From the command-line interface, run one the following commands.
v
Windows
Linux
uninstall.bat -f installation_path\Uninstall\uninstall_response.txt -i silent

uninstall.sh -f installation_path/Uninstall/uninstall_response.txt -i silent
Where installation_path is the absolute path to the directory where the response file is located. For
example:
uninstall.sh -f /opt/ibm/BFI/Uninstall/uninstall_response.txt -i silent
The BigFix Inventory server is uninstalled but the database, user logins, and passwords are preserved.
4. Optional: To remove the database, complete the following steps:
v
DB2
Log in as the DB2 instance owner on the computer where the database is installed. From
the command-line interface, run the following commands.
db2 deactivate db database_name

db2 drop db database_name
Where database_name is the name of the database that you want to remove.
v SQL Server For more information, see Deleting a database.
5. Optional: If you want to remove the IBM BigFix server, see Removing the primary server.
92
Chapter 3. Configuring
Read this guide to learn how to configure IBM BigFix Inventory.
Configuring the product after installation

To ensure that you take full advantage of the functions that are provided by IBM BigFix Inventory, you
must perform a set of tasks after the installation of the application.
About this task

You are here:
Stage 1
Plan and prepare
for installation
Stage 2
components
Stage 3
Stage 4
Apply important IBM
updates
Stage 5
Set up scans
Performing basic configuration

As an application administrator, you need to perform a few basic configurations.
Required: Setting up a proxy exception list for environments with proxy servers
If IBM BigFix server is configured to use proxy for internet connection to access fixlet sites or prefetch
downloads, the BigFix Inventory catalog propagation fixlet might not work. The reason for this is that the
BigFix server tries to connect to the proxy to download the catalog file for Common Inventory
Technology, instead of connecting to the BigFix Inventory server directly.
For the information about how to configure the proxy exceptions on the IBM BigFix server, see the
subsection Setting a proxy connection on the server in the topic Setting a proxy connection, which is
available in the IBM BigFix documentation.
Important: You must put on the exception list either the BigFix Inventory IP address or host name.
Setting the code page for double-byte languages

Double-byte character corruption can occur in some environments because BigFix Inventory uses the code
page to transcode data. For double-byte languages such as Korean, Japanese, and Chinese, set the code
page to avoid character corruption.
About this task

The _BESClient_DeploymentEncoding_IANAName setting of the BESClient running on the BigFix server must
use the correct character set for double-byte languages. For example, for simplified Chinese the setting is
CP936. One double-byte code page translation is allowed per BigFix server that is configured as a data
source for BigFix Inventory.
93
Procedure
2. Go to your Subscribed Computers, and select the computer on which you have both the BigFix
server and the BESClient installed.
3. Go to Edit Settings, and change the _BESClient_DeploymentEncoding_IANAName setting to the correct
encoding.
4. Stop the BigFix Inventory server.
5. Log in to the database server as a user with DB2 authority, open a DB2 command line and run the
following commands:
db2
db2
as
db2
"connect to database database_name"

"update dbo.datasource_sequences set last_sequence=cast( x0000000000000000
char(8) for bit data)"
commit
6. Start the BigFix Inventory server and run a data import.
Setting up roles
You can set up roles that you assign to the users of BigFix Inventory. Each role is a collection of
permissions that correlates to a list of privileges. The administrator assigns roles to each user according to
the privileges the user needs to efficiently operate the application.
Before you begin

You must be an Administrator to perform this task.
Important: The Administrator role is set by default and cannot be modified.
Procedure
1.
2.
3.
4.
In the top navigation bar, click Management > Roles.

To add a role, click New.
Specify the name and permissions that you want the new role to have, and click Create.
Optional: To modify the role, click its name in the top pane of the Roles window.
Results
You have set up a user role. You can now create users and assign them suitable roles.
Roles:
You can create a set of roles in BigFix Inventory and assign each of them with different permissions.
Then, you can assign those roles to particular users, thus making them responsible for different actions.
By setting up correct roles, you can easily establish which user has access to particular functions in BigFix
Inventory. The roles can be assigned by the Administrator.
Six pre-configured roles are available in BigFix Inventory: Administrators, Auditors, Catalog Managers,
Contract Managers, Software Asset Managers, and Infrastructure Administrators. Each of these roles has a
different set of permissions that allow the users to perform various actions. You can edit or delete those
roles, or create new ones and assign them permissions of your choice. The following table lists the
pre-configured roles and their permissions.
Important: Some of the permissions are specific only for the Administrator and cannot be assigned to
other users. These permissions include:
v Edit Server Configuration
v Manage Computer Properties
94
v
v
v
v
v
Manage
Manage
Manage
Manage
Manage
Data Sources
Directory Servers
Roles
User Provisioning
Users
Table 41. Pre-configured roles and permissions in BigFix Inventory
Permission
Administrator
Auditor
Catalog
Manager
Contract
Manager
Software
Asset
Manager
Edit Server Configuration
Manage Catalogs
Manage Computer
Groups
Manage Computer
Properties
Manage Contracts
Manage Data Sources
Manage Directory Servers
Manage IBM Software

Classification
Manage Imports
Manage Package
Properties
Manage Roles
Manage Scan
Configurations
Manage Uploads
Manage Usage Properties
Manage User
Provisioning
Manage Users
Manage VM Managers
and Servers
View Audit Trail
View Catalog Audit
View Endpoints
View Hardware Inventory
View License Metrics
Infrastructure
Administrator
U
U
U
U
U
U
U
U
U
U
U
U
View Raw Data
View Software Catalog

and Signatures
The following list describes the permissions that are available in BigFix Inventory. Find out about each of
them so that you can tailor the roles to your needs.
95
Manage Catalogs
The user can edit catalog servers, update the catalog as well as add, modify, and delete the
content of the custom software catalog.
Manage Computer Groups
The user can create, modify, and delete computer groups.
Manage Contracts
The user can create, modify, and delete contracts.
Manage IBM Software Classification
The user can reassign software instances between different products, include or exclude them in
pricing calculations, and share them between more than one product.
Manage Imports
The user can schedule software scan data imports, and manually import new scan data.
Manage Scan Configurations
The user can schedule software scans.
Manage Package Properties
The user can create, edit, and delete the application properties that are used to recognize software
in your infrastructure.
Manage Uploads
The user can manage the uploads of the software catalog, metric tables, and part numbers.
Manage Usage Properties
The user can create, edit, and delete the application properties that gather information about the
use of software in your infrastructure.
Manage VM Managers and Servers
The user can create, edit, and delete VM managers.
View Audit Trail
The user can view the Audit Trail report that contains the history of all actions performed by
users.
View Catalog Audit
The user can view information about changes to the custom software catalog.
View Endpoints
The user can view information about the installed software as well as scan, registry, and raw data
from endpoints.
View Hardware Inventory
The user can view the details of the processors that are used by the software.
View License Metrics
The user can view the list of all software products that are contained in the PVU License Usage
reports, the license type and usage for each product, the history of license consumption over the
specified time period, and the top license consuming products.
View Raw Data
The user can view:
v Metering Data report that contains information about the use of the software items
v Unrecognized Files report that shows a ranking of the most frequently encountered files
v Scanned File Data report that provides information about all files that are detected by the
software inventory tool scanner
v Package Data report that contains information about all installed packages
View Software Catalog and Signatures
The user can view the software catalog and signatures.
96
Setting up users
You must set up users before you can grant access to BigFix Inventory. Each user can be assigned a role
that determines the permissions that the user has.
Before you begin

v
v You must set up the roles that you want to assign to the specific users.
Procedure
1. In the top navigation bar, click Management > Users.
2. To add a user, click New.
3. Specify the name of the user and the role that you want to assign to that user. Select the computer
group to which the user is to have access and the authentication method. Click Create.
4. Optional: To modify the user, click its name in the top pane of the Users window.
Configuring mail notifications

You can configure mail settings so that reports are automatically sent to the specified recipients. The
option is especially useful if a person does not work with BigFix Inventory or is not familiar with the
application, but needs to have access to the reports.
Before you begin

Procedure
1. In the top navigation bar, click Management > Mail Settings.
2. Specify the SMTP server to which you want to have the email notifications sent.
Important: The SMTP port must be open for communication with BigFix Inventory.
3. Choose the port through which you want to have the email notifications sent:
v To send email notifications through the default port, select default.
v To send email notifications through the customized port, select custom, and specify the port that
you want to use.
4. Optional: To have the email encrypted, select Use STARTTLS.
5. In the Server Domain, specify the domain through which you access the BigFix server.
6. Choose the authentication method:
v To use no authentication, click None.
v To use simple authentication, click Plain.
v To use login authentication, click Login.
v To use a challenge-response authentication mechanism, click CRAM-MD5.
7. In the From address field, specify the address that is displayed as the sender of the email. To save the
mail configuration, click Save.
8. Optional: To check whether you correctly configured mail settings, send a test email by clicking Send
Test Email.
What to do next
You can now schedule reports that you want to have sent to the specified email accounts.
97
Configuring the application to display inventory

As an inventory administrator, you need to perform a few tasks to make the application display
inventory properly.
Setting up computer properties

You can specify computer properties that are to be gathered from the computers in your infrastructure.
You can then use those properties to filter data on the Computers report and to assign computers to
computer groups.
Before you begin

Procedure
1. To view the properties that are specified for the computers in your infrastructure, click Management
> Computer Properties.
2. To add a property, click New.
3. In the Create Computer Property pane, specify the name of the property to be displayed in BigFix
Inventory. Select the property from the Data Source Property list and click Create.
Tip: When you start typing in the property name, a list of possible values is displayed. It contains all
properties whose names contain the letters that you entered in the specified order, regardless of
whether the letters occur immediately one after another. For example, if you type path, the list might
contain properties such as Patches Applied - Solaris, because letters p, a, t, h occur in this order in
the property name.
What to do next
To have the computer property displayed, wait for the next scheduled import or run it manually. Each
computer property requires that a relevant analysis is activated. After the import finishes, check the
import log for warning messages that indicate that an analysis related to a particular property is not
activated. For example:
WARN: Analysis Software Scan Status, bound to Computer Property
Status of catalog-based scan, is not activated and will not be imported.
If you find such a warning, activate the required analysis to have the computer property displayed.
Package and usage properties:
In addition to computer properties, BigFix Inventory also uses package properties, UNIX package
properties, and usage properties to retrieve data about your software and its usage. The data is originally
gathered by analyses, and the properties are links between these analyses and BigFix Inventory. All
properties are configured by default and do not require any action from you.
Package properties
Package properties retrieve data about software that is installed on the Windows operating systems. The
data is gathered by the Installed Windows Applications analysis that retrieves the list of your software
from the Windows Registry. The raw data collected by the analysis can also be viewed in the BigFix
console by checking the analysis results.
To view the property in BigFix Inventory, click Management > Package Properties, and select the
property. The property must be linked to the relevant Fixlet site that contains the analysis, otherwise the
results will not be collected.
98
Data retrieved from the analysis is displayed on the Package Data report. To access it, click Reports >
Package Data.
UNIX package properties
UNIX package properties retrieve data about software that is installed on the UNIX operating systems.
The data is gathered by the UNIX Installed Packages analysis that retrieves the list of your software from
the package management system. The raw data collected by the analysis can also be viewed in the BigFix
console by checking the analysis results.
To view the property in BigFix Inventory, click Management > UNIX Package Properties, and select the
property. The property must be linked to the relevant Fixlet site that contains the analysis, otherwise the
results will not be collected.
Data retrieved from the analysis is displayed on the Package Data report. To access it, click Reports >
Package Data.
99
Usage properties
Usage properties retrieve data about the use of your software. The data is gathered by the Application
Usage Statistics analysis.
To view the property in BigFix Inventory, click Management > Usage Properties, and select the property.
The property must be linked to the relevant Fixlet site that contains the analysis, otherwise the results
will not be collected.
Data retrieved from the analysis is displayed on the Metering Data report. To access it, click Reports >
Metering Data.
Setting up computer groups

You can set up computer groups to sort and filter inventory reports. You can also assign contracts to
specific computer groups to indicate which computers are entitled to use the particular software.
Before you begin

About this task

There are two types of computer groups: groups created in BigFix Inventory and groups created in the
BigFix console. The former are used to ensure that each user views reports only for relevant computers.
They are also used to assign contracts to appropriate sets of computers. The latter are used to manage the
infrastructure, assign computers to different fixlet sites, and run fixlets against selected endpoints.
The two types of computer groups are independent. Groups that are created in BigFix Inventory are not
automatically copied to BigFix and the other way round. The following procedure describes how to create
a computer group in BigFix Inventory. For information about creating computer groups in BigFix, see:
Computer groups.
Procedure
1. To set up a new computer group, click Management > Computer Groups and then, click New.
2. Enter the name and description of the group.
100
3. Specify filters according to which computers are assigned to the group and click Create.
4. Optional: You can view the computer group in the left pane of the Computer Groups window. You
can also drag one group into another to make it a child or a subgroup.
Results
You created a computer group. It becomes available after you run an import.
Scheduling the imports of scan data

You can schedule the imports of software and hardware scan data so that they occur regularly.
Before you begin

You must have the Manage Imports permission to perform this task.
Procedure
1. In the navigation bar, click Management > Data Imports.
2. To import software scan data, the software catalog and other settings that changed since the last
update, click Import Now.
3. To schedule regular imports, select the Enabled check box, specify the number of daily imports and
their hours, and click Save.
Managing VM managers
VM managers are pieces of software that create, manage, and monitor virtual machines. The
configuration of VM managers is needed to gather information that is required to properly calculate the
license consumption on your virtual machines.
About this task

In virtualized environments, resources that are available to virtual machines are dynamically allocated
based on current needs. When a virtual machine is not performing any processor-intensive tasks,
processor cores that are allocated to it might be assigned to other virtual machines that need them to
handle their workload. Because of these dynamics, BigFix Inventory cannot scan virtual machines to
recognize how many cores they use, because this number constantly changes. Without precise
information about processor types and the number of cores available to software, BigFix Inventory cannot
report the PVU and RVU MAPC consumption that is required to maintain license compliance.
To collect this information, BigFix Inventory needs access to VM managers that control resources that are
available to your virtual machines. With such access, BigFix Inventory can check the number of cores on
the physical computer system that hosts your virtual machines, and see the allocation and usage of these
resources.
101
To scan VM managers, BigFix Inventory uses VM Manager Tool. This application connects to VM
managers and gathers data about their capacity, focusing on processors, their type, and usage. All this
data is then imported to BigFix Inventory, which can use it to properly calculate your license
consumption.
You can choose between two types of VM management, or a combination of them. The choice depends
on the specifics of your environment.
Applying important IBM updates

After the installation, you must download the latest catalog and upload the latest PVU table. Optionally,
you can import part numbers from the Passport Advantage web site.
About this task

You are here:
Stage 1
Plan and prepare
for installation
Stage 2
components
Stage 3
Stage 4
Apply important IBM
updates
Stage 5
Set up scans
Uploading a PVU table

The PVU table is required to support processor-based pricing models in which charges differ according to
the type of processor on which the licensed product is installed and running. In the table, a number of
units are assigned to each processor type on which this type of pricing model is available.
Before you begin

You must have the Manage Uploads permission to perform this task.
About this task

The PVU table file is authenticated with SHA-256 to comply with the FIPS (Federal Information
Processing Standards) security standards.
Previous versions of PVU tables that are signed with SHA1 are not supported.
Procedure
1.
2.
3.
4.
In the top navigation bar, click Management > Metric Table Upload.
Open the IBM support website link and download a new PVU table.
Click Browse, select a file to upload, and then click Upload.
In the top navigation bar, click Management > Data Imports and then click Import Now.
Uploading the software catalog

Regularly update the software catalog and check for updates every month to keep your software
inventory up-to-date. If you do not edit the content of the software catalog that is provided by IBM,
update the catalog directly in BigFix Inventory.
Before you begin

102
About this task

This procedure describes how to update the software catalog directly to BigFix Inventory. Follow these
steps if you do not edit the content of the software catalog or if you use the built-in catalog management
functionality to create your customized catalog content. If you customize the catalog content in Software
Knowledge Base Toolkit, see: Updating the software catalog in Software Knowledge Base Toolkit on
page 272.
Procedure
1. Download the catalog.
2. In the navigation bar, click Management > Catalog Upload.
3. Click Browse and select the appropriate compressed file.
v If you downloaded a compressed file that contains the software catalog, charge unit data, and the
part numbers file, search for the BFI_month_year.zip file.
v If you downloaded a compressed file that contains only the software catalog in the XML format,
search for the BFI_month_year.zip file.
Important: Names of these two files are the same. However, their content differs.
v If you downloaded a compressed file that contains two CSV files with charge unit data and part
numbers, search for the ChargeUnits_date_dataversion_version.zip file.
By default, the file is in the following location:
Windows
C:\Program Files\IBM\BFI\bfi_catalog
/opt/IBM/BFI/bfi_catalog
4. To upload the file, click Upload.
Linux
Results
The software catalog file and the charge unit data are listed in the Upload and Import History table.
Their status is Pending until you run the import. During the import, scanner catalogs that are used to
discover software are created and automatically distributed to the endpoints. If the automatic distribution
fails, endpoints on which the catalogs were not updated have the Outdated Catalog status on the Scan
Health widget. You must manually update scanner catalogs on these endpoints.
Uploading part numbers

Upload and import part numbers to increase the accuracy of automated bundling of software
components.
Before you begin

Procedure
1.
2.
3.
4.
Prepare the part numbers file.

In the top navigation bar, click Management > Part Numbers Upload.
Click Browse and choose the part numbers file to upload. You can upload either a csv or zip file.
Optional: If you want to overwrite the existing part numbers, select the Overwrite existing part
numbers check box.
Note: The check box is enabled only if you have previously imported a part numbers file.
5. Click Upload.
103
When you upload the file, a new entry is created in the Upload History table. The status is Pending
until you run the import.
Important: If more than one entry is Pending in the table, only the latest one will be executed during
the import.
6. In the top navigation bar, click Management > Data Imports, and then click Import Now.
Results
The part numbers were imported to BigFix Inventory and saved in the adm.current_part_numbers table in
the database. If you want to remove the part numbers from the server, click Remove All Part Numbers
and then run the import. You can remove the part numbers only if you have previously imported the
part numbers file to the server.
Setting up scans
You must set up scans so that data can be gathered and uploaded to IBM BigFix Inventory.
About this task

You are here:
Stage 1
Plan and prepare
for installation
Stage 2
components
Stage 3
Stage 4
Apply important IBM
updates
Stage 5
Set up scans
Note: If your environment is large or medium-size, read important information about Distribution of
scans for improved performance.
Required tasks
1. Enable the software and hardware discovery. Run a fixlet to:
a. Activate the analyses
b. Install the scanner
c. Initiate software scans
d. Upload scan results
e. Initiate the capacity scan
2. Enable the monitoring of software usage.
a. Activate the Application Usage Statistics analysis
3. Rerun the data import
Additional tasks
v Excluding directories from being scanned on page 123
v Defining the scan frequency and schedule on page 127
Distribution of scans for improved performance

Performance of importing data from the BigFix server to BigFix Inventory depends on the number of
scan files, usage analyses, and package analyses that are processed during a single import. By properly
scheduling scans and distributing them over the computers in your infrastructure, you can reduce the
length of the data import.
Use the following guidelines to improve the performance of the data import:
104
v After the installation of BigFix Inventory, do not install and run scanners on all computers in your
infrastructure. Divide the computers into groups and start by gathering the default properties from a
single computer group.
v Consider creating computer groups that are based on stability. In stable environment, scans can be run
less frequently than once a week.
v Try to limit the number of computer properties that are gathered during scans.
v Schedule scans to run on different days for different computer groups. Avoid a situation in which
multiple groups are scanned at the same day or the following day. It might cause that the scan and
data import interfere.
v Reduce the frequency of scans. In most cases, it is sufficient to scan the infrastructure once a week,
which is the default frequency. In large environments, you can disable the option to automatically run
scans and initiate them only when necessary. The minimum scan frequency is once per month.
v In the initial deployment phase, or if you do not need information about software usage, disable the
analysis that gathers usage data. To disable the analysis:
2. In the navigation tree, open the IBM BigFix Inventory > Analyses.
3. In the upper-right pane, right-click Application Usage Statistics, and click Deactivate.
Enabling software and hardware discovery

To discover software and hardware in your environment, activate the necessary analyses and install the
scanner on the computers in your environment. Then, initiate software and hardware scans, and
configure regular uploads of scan results.
Activating the analyses

An analysis is a collection of property expressions that a console operator uses to view and summarize
properties of client computers across a network. Some of the analyses influence the information that is
displayed on the BigFix Inventory dashboard.
Before you begin

v
You must be a Master Operator to perform this task.
Procedure
1. In the navigation tree of the BigFix console, click Sites > External Sites > IBM BigFix Inventory >
Analyses.
2. In the upper-right pane, select the analyses that collect information needed in your environment.
Right-click to display a list of options, and select Activate.
Tip: To learn how each analysis affects your deployment, click the analysis and view a description in
the work area that opens.
The following analyses can be activated:
v Capacity Configuration for Linux on z/VM
v VM Manager Information
v Environment Information
v Shared Disk Information
Important: Activate this analysis if you enabled the option to scan shared file systems. Data
collected by this analysis is required to properly display information about shared disks on the Scan
Health widget.
v Installed UNIX Packages
v Installed Windows Applications
105
v Scanner Information
v Scanner Trace Settings
v Software Scan Status
Important: Data collected by this analysis is required to properly display data on the Scan Health
widget.
Results
When an analysis is activated, its status changes in the List Panel. Now you can view and analyze the
computers that you targeted.
Setting up analysis properties

Analysis properties are used to recognize software and gather information about its usage. Analysis
properties are set by default in BigFix Inventory. You can also set up your own properties that you want
to use to gather information from the endpoints.
Before you begin

You must have the Manage Usage and Package Properties permission to perform this task.
Procedure
1. In the top navigation, click Managment > Usage Properties.
2. To add an application usage property, click New.
3. In the Create Application Usage Property pane, specify the name of the property. From the list of
available properties, choose the data source property that you want to use to discover software that is
installed in your infrastructure, its use or other properties, and click Create.
Installing the scanner

The scanner is installed from the BigFix console. You must install it so that you can run the software
scans that collect information about file signatures on the endpoints and detect complex software
signatures. The scanner is also used for a capacity scan that gathers hardware information about the
endpoints to calculate the license usage.
Before you begin

v
v Ensure that the BigFix client is installed and running on the target endpoint.
v Subscribe the target endpoints to the IBM BigFix Inventory site.
v
UNIX
Ensure that the following libraries are installed on the target endpoint: libstdc++.so.5 or
libstdc++.so.6. For Linux on IBM Power Systems, 32-bit version of the libraries is required even
though the system itself is 64-bit.
Procedure
1. Log in to BigFix console.
3. In the upper right pane, select Install or Upgrade Scanner, and then in the lower pane, click Take
Action.
106
4. Select the name of the computer on which you want to install the scanner, and click OK.
Tip: You can click the Action Script tab to view or modify the script.
The scanner has several configurations that define its operation. The default configuration specifies,
for example, which files and directories are examined during software scans.
5. Optional: You can view information about the installed scanner in the Scanner Information analysis.
107
What to do next
You can specify directories to exclude from scanning. After you install the scanner, run an import. Then,
run the software scans.
Initiating software scans

Software scans collect information about files with particular extensions, package data, and software
identification tags to evaluate whether particular software exists on the target endpoints. They also gather
information about the running processes to measure software usage. By default, software scans are
scheduled to run regularly but you can specify the exact days and times of the scans, or modify their
start and end dates.
Before you begin

v
v Backups of software directories that are stored on the endpoints might be reported as separate software
instances. It might result in false discoveries and incorrect license consumption. To avoid this problem,
either exclude the backups from scanning or compress them with a data compressor.
v If the Initiate Software Scan task is not applicable on an endpoint, see: Server operation problems.
About this task

The scanner can search for different types of information to determine whether the software is installed
or to measure its usage. Generally, all types of scans should be run regularly. However, you can choose to
run different types of scans at different times or distribute the scan schedule over the computers in your
environment to improve the performance of the import process. For more information about different
types of scans, see: Types of software scans on page 111.
Procedure
1.
2.
3.
4.
Log in to the BigFix console.

In the navigation tree, click Sites > External Sites > IBM BigFix Inventory > Fixlets and Tasks.
Select Initiate Software Scan.
In the lower pane, select the types of scans that you want to initiate.
108
5. Optional: If you want to scan shared file systems, select Scan remote shared disks. For more
information see: Scanning remote shared file systems on page 241.
Important: This option enables scanning UNIX shared disks. By default, only local drives are
scanned.
6. Optional: If you want to limit the amount of the processor resources that the scanner consumes, select
Initiate the software scan with CPU threshold. Specify the consumption limit that is in the range 5 100. The higher value you specify, the higher is the consumption limit. For example, if you specify 75,
scanner processes use up to 75% of the processing power of the target computer.
Important: If you provide a non-integer value or a value that is out of the range, the action fails. The
setting does not apply to Mac computers because the scanner is not installed on these computers.
7. To start the scan, click Take Action.
109
8. To select a subset of computers on which you want to initiate the scans, open the Target tab, and then
click the computer that you want to scan.
9. Optional: By default, the scans are scheduled to run regularly. If you want to specify the dates and
frequency of the scans, open the Execution tab. Specify the details, and click OK.
Tip: It is best to run the scans every week. In large deployments, it is better to target individual
computer groups at different times.
110
What to do next
Upload scan results to the BigFix console. Then, run the capacity scan to gather hardware information.
Types of software scans:
The scanner can search for different types of information to determine whether the software is installed
or to measure its usage. Generally, all types of scans should be run regularly. However, you can choose to
run different types of scans at different times or distribute the scan schedule over the computers in your
environment to improve the performance of the import process.
Catalog-based scan
In this type of scan, the BigFix server creates scanner catalogs that are sent to the endpoints.
Based on those catalogs, the scanner discovers exact matches and sends its findings to the server.
Scanner catalogs do not include signatures that can be found based on the list of file extensions
nor entries that are irrelevant for a particular operating system.
File system scan
In this type of scan, the scanner uses a list of file extensions to check whether any files with those
extensions exist on the endpoints. Then, it returns the findings to the BigFix server where the
discovered files are compared with the software catalog. If a particular file matches an entry in
the catalog, the software is discovered.
The scan generates two outputs: full file system scan and delta file system scan. The former
contains information about all files that were discovered on the endpoint. The latter contains
information only about files that changed between the last two full file system scans. Both
outputs are generated during every scan and uploaded to the BigFix server. However, only one of
them is imported to BigFix Inventory.
Delta file system scan is imported to BigFix Inventory in the first place to improve the import
performance. Full file system scan is imported instead of the delta scan in the following cases:
v The file system scan is run on the endpoint for the first time
111
v The BigFix client was reinstalled on the endpoint

v The delta file system scan is larger than one third of the full file system scan
v The endpoint does not meet the prerequisites for generating the delta scan. If any of the
prerequisites are not met on an endpoint, check the BES_Client\LMT\CIT\delta.log file for
more details.
Windows
UNIX
VBScript interpreter
sed, diff, wc, tar, gzip, expr
Package data scan

In this type of scan, the scanner searches the system registry to gather information about
Windows and UNIX packages that are installed on the endpoints. Then, it returns the findings to
the BigFix server where the discovered packages are compared with the software catalog. If a
particular package matches an entry in the catalog, the software is discovered.
Application usage statistics
In this type of scan, the scanner gathers information about processes that are running on the
endpoints. Then, it returns the findings to the BigFix server where the data is translated into
usage statistics.
Remember: By default, the usage scan is scheduled to run weekly to avoid performance issues. If
you want to collect software usage on a daily basis, run the usage scan daily.
Software identification tags scan
In this type of scan, the scanner searches for software identification tags that are delivered with
software products. Then, it returns the findings to the BigFix server where the tags are processed.
Based on the information that they contain, the software is discovered.
Software license metric tags scan
In this type of scan, the scanner searches for software license metric tags that contain information
about types of licenses that can be used by a product and their usage. The scanner returns its
findings to the BigFix server where the tags are processed. Based on the information that they
contain, the maximum usage of license metrics over the last 30 days and its trend value are
calculated. For more information, see: Utilization of other license metrics on page 306
Tip: The scan collects information about license metrics other than PVU and RVU MAPC.
Because the volume of the collected data might be large, do not run this scan if you do not want
to monitor metrics other than PVU and RVU MAPC.
Uploading scan results

Scan results are uploaded to the BigFix server by the Upload Software Scan Results task. By default, the
task is scheduled to run on a regular basis. To ensure that inventory data is kept current, upload and
scan tasks must be on a similar schedule.
Before you begin

v
Procedure
3. In the upper right pane, select Upload Software Scan Results, and then in the lower pane, click Take
Action.
112
Note: The size of a single compressed scan result cannot exceed 1 MB.
4. To select a subset of computers from which you want to upload the results, open the Target tab, and
then click the computers.
5. Optional: To specify the frequency of uploading scan results, open the Execution tab. By default, the
task runs when the new results are available.
113
6. Click OK.
Initiating the capacity scan

The capacity scan gathers hardware information about your endpoints, which is required to properly
calculate the license consumption.
Before you begin

v
v

If you have KVM hosts that are not controlled by RHEV-M, do not use the Run Capacity Scan and
Upload Results task to collect capacity data from these hosts. Instead, use the Run Capacity Scan on
Virtualization Hosts task. For more information, see: Collecting capacity data directly from KVM
hosts on page 235.
About this task

The capacity scan reports the system type (physical or virtual) and details of the physical processor. If
applicable, it also collects information about the guest operating system and logical partitions.
By default, the scan runs every 30 minutes. Such a high frequency is required to always gather current
results for virtual machines whose capacity can change depending on the assigned resources. This data
must be accurate to ensure that PVU and RVU MAPC consumption is properly calculated. Despite the
high frequency, the scan does not take long to complete and has minimal impact on your processor
usage. Moreover, results that did not change since the last scan are not uploaded to the server.
You can change the frequency of the scan after you obtain acceptance form the IBM Compliance Team.
114
Procedure
1. Log on to the BigFix console.
2. In the navigation tree, click Sites > External Sites > IBM BigFix Inventory > Fixlets and Tasks.
3. Select Run Capacity Scan and Upload Results, and then in the lower pane, click Take Action.
4. To select a subset of computers on which you want to initiate the scan, open the Target tab, and then
click the computers that you want to scan.
5. Optional: To change the frequency of the scan, open the Execution tab, and specify the new frequency.
Important: Ensure that you obtain the acceptance of the IBM Compliance Team before you change the
frequency of the scan.
Results
When the scan completes successfully, it automatically uploads the scan results to the server.
Creating the capacity configuration for Linux on z/VM:
To properly calculate subcapacity values for Linux on z/VM, run a fixlet that creates a file with manually
entered capacity values and places it on the target computer.
Before you begin
115
About this task

The Create Capacity Configuration for Linux on z/VM fixlet is relevant on computers where manual
configuration is required. If you have a computer where Linux is installed on z/VM and the fixlet is not
relevant on that computer, your virtualization supports automatic capacity configuration. In such a case,
you do not have to perform any manual actions to calculate the capacity values. The automatic capacity
configuration is supported on System z10 E64 (type 2097) mainframes with z/VM 6.3 that supports the
Store Hypervisor Information (STHYI) instruction.
Procedure
3. Select Create Capacity Configuration for Linux on z/VM and specify the following values:
v Machine Type
v Processor Type
v Shared Pool Capacity
v System Active Processors
4. After you specify the required values, click Take Action to run the task.
5. To select the computers for which you want to create the capacity configuration, open the Target tab,
and then click the computer.
6. Optional: If you want to edit or delete the capacity configuration, use the Edit Capacity
Configuration for Linux on z/VM or Delete Capacity Configuration for Linux on z/VM task.
Setting the DSD mode:
If your computer runs the Solaris operating system and is in the DSD domain, you must set the DSD
mode so that the PVU data can be correctly calculated.
Before you begin
Procedure
3. Select Set DSD Mode and then in the lower pane, click Take Action.
4. To select the computers for which you want to set the DSD mode, open the Target tab, and then click
the computer.
5. Optional: If you want to remove the DSD mode, use the Unset DSD Mode task.
Enabling software discovery on Mac OS X

Unlike on other UNIX systems, software discovery on Mac OS X systems does not require that you install
the scanner or schedule regular uploads of scan results. To enable the discovery, activate the Installed
UNIX Packages analysis and then run the package data scan. Based on the results of the scan, signatures
that discover software installed on Mac computers are automatically created in BigFix Inventory. In some
cases, when the signature for particular software is not created automatically, you must create it
manually.
116
About this task

Custom signatures that detect software installed on Mac computers are created automatically based on
the results of the package data scan. If you want to change this behavior, go to http://host_name:port/
management/feature and clear the Automatically generate signatures for software installed on Mac
computers check. You must be an Administrator to complete this task.
If the signature for a particular software product is not created automatically or you turn off the
automatic signature generation, you can create custom signatures manually.
Procedure
1. If the Installed UNIX packages analysis is not activated, activate it.
a. In the navigation tree of the BigFix console, click Sites > External Sites > IBM BigFix Inventory >
Analyses.
b. In the upper-right pane, right-click Installed UNIX packages, and then click Activate.
2. Initiate the software scan on the Mac computers.
a. In the navigation tree of the BigFix console, click Fixlets and Tasks.
b. Select Initiate Software Scan.
c. In the lower pane, select Package Data scan, and then in the lower pane, click Take Action.
d. To select a subset of computers on which you want to initiate the scans, open the Target tab, and
then click the computers that you want to scan.
e. Optional: By default, scans are scheduled to run regularly. If you want to specify the dates and
frequency of the scans, open the Execution tab. Specify the details, and click OK.
3. To make the data available in BigFix Inventory, wait for the scheduled import or run it manually.
Results
Based on the scan results, signatures that are used to discover software installed on Mac computers are
created in BigFix Inventory.
What to do next
The discovered software is displayed in the Software Installations report. In many cases, the publisher
name cannot be automatically identified and is specified as Unclassified Mac Software. To properly
display the publisher name, change it manually. If a software item that is installed on a Mac computer is
not displayed in the Software Installations report, the signature was probably not created automatically.
117
To properly detect the software, create the signature manually.
Changing the publisher name for software detected on Mac OS X computers

In many cases, the publisher name cannot be automatically identified on Mac computers and is specified
as Unclassified Mac Software. To properly display the publisher name, change it manually.
Procedure
1. To change the publisher name, log in to BigFix Inventory, and click Management > Catalog
Customizations.
2. Expand the Unclassified Mac Software branch, and click the software title whose publisher you want
to change.
3. Provide the name of the publisher, and click Save.
What to do next
The software is visible under the new publisher. However, the publisher name is still displayed as
Unclassified Mac Software in the Software Installations report. To make the changes visible in the
Software Installations report, wait for the scheduled import or run it manually.
118
Changing the publisher name in several entries:

Changing the publisher name in multiple custom catalog entries by using the product UI can be a
lengthy process. As an alternative, you can complete this task more quickly by exporting the custom
catalog, manually editing the XML files, and importing the catalog again. In this way, you can change the
publisher for multiple software titles at the same time.
Procedure
1. Export your custom Mac signatures.
a. In the top navigation bar, click Management > Catalog Customizations.
b. Click Export Mode.
c. Select Unclassified Mac Software and click Export.
Tip: You might want to expand Unclassified Mac Software to see all of the unclassified entries.
d. Save the file in a directory on your computer.
e. Extract the contents of the compressed file with a compression utility.
2. Open each XML file in an XML editor and replace the phrase Unclassified Mac Software in the
vendor attribute with the publisher name for a software title. Example:
<?xml version="1.0" encoding="utf-8"?>
<SoftwareIdentityCatalog exportTimeStamp="2015-09-09T20:56:18Z">
<Software name="Lotus Notes" vendor="IBM" uniqueId="64abd390-572f-11e5-a875-0050569f11f3"
version="8.5.3FP3">
<Signature uniqueId="64bc7560-572f-11e5-a875-0050569f11f3" modified="2015-09-09T16:13:10Z"
created="2015-09-09T16:13:10Z">
<AND>
<OR>
<PackageFilter name="Lotus Notes.app" vendor="" version="8.5.3FP3"/>
</OR>
</AND>
</Signature>
</Software>
</SoftwareIdentityCatalog>
Important: If you have two versions of a software product, you have two XML files with the same
software product and vendor information. If you update both files, the first one is processed correctly,
but a database error occurs when the second XML file is processed because the software product was
already processed for this import. To properly import the XML files, include only one of the two XML
files in the compressed file, and both versions are changed to include the new publisher.
3. Import the edited custom signatures into BigFix Inventory.
a. Compress all the XML files into one compressed file with a compression utility.
b. On the Catalog Customizations pane, click Import. A new pop-up window opens.
c. Click Browse, select the compressed file, click Open and then Import. The catalog customizations
are imported.
d. Click Done to close the pop-up window.
4. Run a data import so that reports reflect the correct values.
Results
You changed all the Unclassified Mac Software entries in the custom catalog to use proper publisher names
for your Mac software titles.
What to do next
1. Open the BigFix Inventory web user interface. Click Reports > Software catalog and locate the row
for custom catalog provider.
119
2. Click the number of total signatures, and on the new page, verify that the publishers that you added
display in the Publisher Name column.
Manually creating signatures for detecting software on Mac OS X

Signatures for detecting software installed on Mac computers are automatically created based on the
results of the package data scan. However, a signature for some particular software might not be created
or might be deleted. In such cases, create the signature manually to ensure that the software is properly
detected.
Procedure
1. In the top navigation bar, click Reports > Package Data. Identify the package that can be used to
discover the particular software.
2. Click the arrow on the right of the name of the package.
3. Click Create Signature.
4. In the Create Catalog Entry window, provide the publisher name.
120
5. To save the signature, click Submit.
6. To make the signature available for software detection, wait for the scheduled import or run it
manually.
7. Review the Software Installations report to verify that the software was properly discovered.
Enabling the monitoring of software usage

To monitor software usage, activate the analysis, run the application usage statistics scan and upload its
results to the BigFix server. Then, run the import to make the data available in BigFix Inventory.
Procedure
1. Activate the Application Usage Statistics analysis.
Analyses.
121
b. In the upper-right pane, right-click Application Usage Statistics, and click Activate.
2. Install the scanner on the computers from which you want to collect the usage data. The step is not
required on Mac computers.
3. To collect usage data, run the software scan. From the list of available scans, choose the application
usage statistics scan.
4. Optional: To check whether the scan finished successfully, go to Analyses, right-click Software Scan
Status, and click Activate. Then, open the Results tab and check the status of the application usage
statistics scan.
5. To make the usage data available in BigFix Inventory, wait for the scheduled import or run it
manually.
Disabling the monitoring of software usage

If you are no longer interested in monitoring software usage, disable the collection of usage statistics on
the selected endpoints.
Procedure
Fixlets and Tasks.
2. In the upper right pane, select Disable Application Usage Statistics, and then in the lower pane, click
Take Action.
3. On the Target tab, select computers from which you no longer want to collect information about
software usage, and then click OK.
Rerunning a data import

To ensure accurate data is displayed in BigFix Inventory web user interface, you must reimport software
scan data, the software catalog, and other settings that changed since the initial import was run.
Before you begin

Procedure
122
Excluding directories from being scanned

Excluding some directories from scanning is useful if the directories are large and contain no information
that is important to the software inventory. By excluding them, you can speed up the scanning process.
You can add directories or remove them from the list by using tasks in the IBM BigFix console. You can
also manually add them to the scanner files on particular endpoints.
Retrieving excluded directories

The list of all directories that are excluded from scanning can be retrieved by activating an analysis in the
IBM BigFix console.
Procedure
2. In the navigation tree, click Sites > External Sites > IBM BigFix Inventory, and then click Analyses.
3. Select the Excluded Directories analysis, right-click on it, and then click Activate. The analysis is
activated and starts retrieving the list of directories.
4. To view the excluded directories, click the Results tab. Directories are divided according to endpoints.
You can view the directories in three ways:
123
v All directories printed on separate lines are listed in the Excluded Directories column. If an entry
says <multiple results>, hover over it to view the complete list.
v All directories printed on one line and separated with a semicolon (;) are listed in the Excluded
Directories (semicolon separated) column.
v You can also double-click on <multiple results> to view the summary. All directories are listed in
the Excluded Directories entry.
Results
You retrieved the list of all directories that are excluded from scanning. Whenever you add or remove a
directory from the list, you can use this analysis to verify if the operation succeeded.
Adding excluded directories

To exclude a directory from being scanned, add it to the list, and then run the task against the chosen
endpoints.
About this task

By default, the following directories are excluded from software scans. Ensure that you do not remove
them from the list. It might lead to untested and unsupported results in BigFix Inventory.
?:/$Recycle.Bin
?:/RECYCLER
%CSIDL_WINDOWS%/System32
%CSIDL_WINDOWS%/SysWOW64
%CSIDL_WINDOWS%/winsxs
%CSIDL_WINDOWS%/ServicePackFiles
%CSIDL_WINDOWS%/installer
%CSIDL_WINDOWS%/$NtUninstall
%CSIDL_WINDOWS%/$NtServicePackUninstall*$
%CSIDL_WINDOWS%/$hf_mig$
*/tmp
*/temp
*/cache/out-of-date
*/Temporary Internet Files
/usr/lpp
/proc
*/eznim
Procedure
2. In the navigation tree, click Sites > External Sites > IBM BigFix Inventory, and then click Fixlets and
Tasks.
124
3. Select the Add Excluded Directories task.

4. Specify which directories are to be excluded from scanning.
5. Click Take Action and select endpoints for which you want to apply the changes.
Results
You added new entries to the list of directories that are excluded from scanning.
Removing excluded directories

To include a directory back in the software scan, add it to the list, and then run the task against the
chosen endpoints.
About this task

By default, the following directories are excluded from software scans. Ensure that you do not remove
them from the list. It might lead to untested and unsupported results in BigFix Inventory.
?:/$Recycle.Bin
?:/RECYCLER
%CSIDL_WINDOWS%/SysWOW64
%CSIDL_WINDOWS%/winsxs
125
%CSIDL_WINDOWS%/ServicePackFiles
%CSIDL_WINDOWS%/installer
%CSIDL_WINDOWS%/$NtUninstall
%CSIDL_WINDOWS%/$NtServicePackUninstall*$
%CSIDL_WINDOWS%/$hf_mig$
*/tmp
*/temp
*/cache/out-of-date
*/Temporary Internet Files
/usr/lpp
/proc
*/eznim
Procedure
2. In the navigation tree, click Sites > External Sites > IBM BigFix Inventory, and then click Fixlets and
Tasks.
3. Select the Remove Excluded Directories task.

4. Specify which directories are to be removed from the list of excluded directories.
5. Click Take Action and select endpoints for which you want to apply the changes.
126
Results
You removed the entries from the list of directories that are excluded from scanning. Those directories are
now scanned during the software scan.
Manually excluding directories

After you install the scanner, you can specify which directories are to be excluded from scanning during
the raw scan of the file system.
You specify those directories by adding paths to the exclude_path.txt file that is in the <BES
Client>LMT/CIT directory. Each path must be added on a separate line. The file already contains some
entries depending on the operating system. You can remove the content of the file which means that no
paths are excluded from the scan. However, if you delete the whole file, it will be recreated with the
default content before the next software scan.
Unless you exclude specific paths, all the following drives are included in the scan:
v
UNIX
All local drives and other drives, such as floppy disk, CD-ROM, and DVD.
Note: Remote drives are not scanned.

v
Windows
All local drives.
Specify paths according to the following syntax:

drive:path
Important: When you specify a path delimiter, you must use a forward slash (/) instead of a backslash
(\). For example, C:/Program Files.
drive
Specifies the drive. Asterisks (*) and question marks (?) are supported. This variable is optional
on UNIX.
path
Specifies the path. Asterisks (*) and question marks (?) are supported. This variable also supports
the following CSIDL values on Windows:
%CSIDL_WINDOWS%
%CSIDL_PROGRAM_FILES%
%CSIDL_COMMON_DESKTOPDIRECTORY%
%CSIDL_COMMON_STARTMENU%
%CSIDL_COMMON_STARTMENU%
%CSIDL_COMMON_STARTUP%
%CSIDL_COMMON_PROGRAMS%
Important: The above CSIDL values already have a drive specified. If you use them, omit the
drive variable.
You can refer to the following examples when specifying your paths.
v Excludes the System Volume Information folder on any local drive:
?:/System Volume Information
v Excludes the System32 folder on the local drive that is specified in the CSIDL value:
Defining the scan frequency and schedule

You can set the scan frequency and schedule for each data source in your environment in the Scan
Configurations window. Use the Scan Configurations window as an alternative to using the IBM BigFix
console to manage scan scheduling.
127
Before you begin

You must be an Administrator or an Infrastructure Administrator to perform this task.
About this task

Each row in the Scan Configurations window shows the schedule and status of the Initiate Software Scan
action. This action is applied to the All Computers group. Updates to the scan configuration are recorded
in the Audit trail report.
Procedure
1. Click Management > Scan Configurations and select the data source that you want to change scan
settings for.
A scan configuration for a data source can have one of three statuses:
Active The scan schedule is active. When a scan schedule is active the Initiate Software Scan action is
run according to the schedule defined in the Scan Configurations window.
Stopped
The scan schedule is inactive. You can define a new schedule in the Scan Configurations
window.
Server unavailable
The scan schedule cannot be displayed and set because either the IBM BigFix server or the
Web Reports server is not responding.
2. To specify the scan frequency, select a new frequency from the Frequency list.
3. To specify the scan scheduled start time, enter a new start date and time in the Requested Start Date
field.
Note: Due to any network latency, the time on the server can be several minutes different from the
requested start time that is specified in the Scan Configurations window.
4. Click Save.
Updating the fixlet site

The content of the BigFix Inventory fixlet site can be periodically modified. New fixlets, tasks, and
analyses can be added. The existing ones can be changed or might become obsolete due to functionality
changes. If the BigFix server is installed on a computer with the Internet access, the BigFix Inventory
fixlet site is updated automatically whenever the updates are available. However, if the server is installed
on a computer without the Internet access, you must update the fixlet site manually. Start by checking
whether the fixlet site that you are currently using is up-to-date. If a newer version of the fixlet site
exists, download the site content by using the Airgap tool. Then, cache the files on the BigFix server by
using the BES Download Cacher.
Checking the version of the fixlet site

Compare the current version of the fixlet site with the latest version that was published. If a newer
version is available, updated the content of your fixlet site.
Procedure
1. To check what is the latest version of the fixlet site, open the http://sync.bigfix.com/cgi-bin/
bfgather/ibmforsua site, and look for the Version line.
2. To check what is the current version of the fixlet site that you are using, open the BigFix console and
click the name of the fixlet site. The version of the site is displayed on the Details tab.
128
What to do next
If a newer version of the fixlet site is available, update the content of your fixlet site.
Updating the content of the fixlet site on Windows

If the BigFix server is installed on a Windows computer without the Internet access, use the Airgap tool
to download the content of the fixlet site to a Windows computer with the Internet access.
Before you begin

You need a Windows computer with the Internet access.
Procedure
1. Open the directory where the BigFix server is installed and run the BESAirgapTool.exe file. When
prompted, save the file to a new folder, for example Airgap. An airgap request file is created.
2. Copy all the created files to a Windows computer with the Internet access.
3. On the computer with the Internet access, run the BESAirgapTool.exe. The airgap request file is
changed into a response file.
4. Copy the AirgapResponse file to the BigFix server and place it in the directory that you created in step
1.
5. Run BESAirgapTool.exe. The airgap response is loaded to the BigFix server.
What to do next
Cache the files and move them to the BigFix server.
Updating the content of the fixlet site on Linux

If the BigFix server is installed on a Linux computer without the Internet access, use the Airgap tool to
download the content of the fixlet site to a Windows computer with the Internet access.
Before you begin

v You need a Windows computer with the Internet access.
v Download the Airgap tool to the Windows computer with the Internet access. The tool is available on
the Utilities page on the BigFix wiki.
Procedure
1. Open the command line and enter the following commands to run the Airgap tool:
./Airgap.sh -run
The airgap.tar file is created. It contains the airgap request file.

2. Extract the file by using the following command:
tar xvf airgap.tar
3. Copy the extracted AirgapRequest.xml file to the Windows computer and place it in the folder that
contains the downloaded BESAirgapTool.exe file.
4. On the Windows computer, run the BESAirgapTool.exe. The airgap request file is changed into the
airgap response file.
5. Copy the AirgapResponse file to the BigFix server and place it in the /opt/BESServer/bin directory.
6. Run the Airgap tool again to upload the AirgapResponse file to BigFix.
./Airgap.sh -run
129
Wait a few minutes for the BigFix console to refresh.
What to do next
Cache the files and move them to the BigFix server.
Caching the files

Typically, all fixlets, tasks, and analyses download the required files from the Internet. However, in a
separated network, the files must first be cached and then moved to the BigFix server so that they are
always available to fixlets.
Before you begin

v You need a Windows computer with the Internet access.
v Download the BES Download Cacher to the Windows computer with the Internet access. The tool is
available on the Utilities page on the BigFix wiki.
Procedure
1. Go to the following location on the computer where the BigFix server is installed:
Installation_dir\BES Server\wwwrootbes\bfsites.
2. Copy the IBM BigFix Inventory.efxm file to the Windows computer with the Internet access and
place it in the C:\BigFix directory.
3. On the Windows computer, go to the C:\BigFix directory and create a folder that is called downloads.
Tip: Do not clean the contents of this folder. Next time, when you run the Download Cacher only the
files that were changed since the last download will be updated. The process will last shorter than if
you downloaded the entire content every time.
4. Run the BES Download Cacher by running the following command:
BESDownloadCacher.exe -m "C:\BigFix\IBM BigFix Inventory.efxm"
-x C:\BigFix\downloads
The BES Download Cacher downloads 1 GB of required files.
5. Optional: The default cache size is enough if you use only the IBM BigFix Inventory fixlet site.
However, if you plan to run fixlets from other sites, such as BES Support, increase the cache size so
that the IBM BigFix server does not try to delete any files:
a. In the left navigation bar of the BigFix console, click Computers and select your BigFix server
from the list.
b. Right-click the server and then click Edit Computer Settings.
c. Increase the value of the _BESGather_Download_CacheLimitMB setting. If the setting is not on the
list, add it and specify the value in MB.
Tip: The size depends on each fixlet site, however you might need to increase it to at least a
couple of gigabytes.
6. Copy the contents of the downloads folder into the following directory on the BigFix server:
Installation dir\BES Server\wwwrootbes\bfmirror\downloads\sha1
Results
The cached files are automatically delivered to the BigFix relays and clients every time you run a fixlet
that requires those files. Use both the Airgap tool and the BES Download Cacher periodically to ensure
that the content of your fixlet site is always up-to-date.
130
What to do next
Fixlets that were initiated from your old fixlet site are still saved as actions and continue to run using the
old content. After you update the site, delete the old actions and then rerun the corresponding fixlets
from the updated site. In the navigation tree of the BigFix console, click Actions, and delete all actions
that originated from your fixlet site.
Configuring server settings

You can change the settings of the BigFix Inventory server by using the REST API queries.
About this task

For the list of administration server settings that you can change, see: Advanced administration server
settings. For more information about using REST API for configuring server settings, see: REST API for
administration server settings on page 460
Procedure
v To check the current value of all server parameters, use the following REST API query.
GET http://server_host_name:port_number/api/sam/configs?token=token
For example:
GET http://localhost:9988/api/sam/configs?
token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623
v To check the current value of a single parameter, use the following REST API query.
GET http://server_host_name:port_number/api/sam/configs?token=token&
name=parameter_name
Where token is a unique user authentication identifier, and parameter_name is the name of the parameter
whose value you want to check. For example:
GET http://localhost:9988/api/sam/configs?
token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623&
name=maxVMManagerInactivity
v To change the value of a parameter, use the following REST API query.
PUT http://server_host_name:port_number/rest/configs?token=token&
name=parameter_name&value=parameter_value
Where token is a unique user authentication identifier, and parameter_name is the name of the parameter
whose value you want to change and value is the new value. For example:
PUT http://localhost:9988/api/sam/configs?
token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623&
name=maxVMManagerInactivity&value=10
Advanced administration server settings

Refer to the list of administration server parameters that can be configured to tune the product to your
needs.
Restriction: The parameters whose names begin with vmman can be configured from the server only if
you are using the centralized virtual machine management. Otherwise, you must edit VM manager
configuration files to change the parameters.
131
Table 42. Configuration parameters of the administration server

Units
Parameter
Description
blockUiBundlingComputations
Boolean
(true/false)
Default
Minimum
Maximum
False
Specifies whether the bundling options that are displayed when you
reassign a software component is sorted by confidence or alphabetically.
By default, the options are sorted by confidence. If you set the value of the
parameter to true, the options are sorted alphabetically and thus are
displayed more quickly on the user interface.
calculateLicenseUsageForIncompleteComputers
Boolean
(true/false)
True
Specifies how PVU consumption on x86 virtual machines that have

incomplete data is counted. If set to true, PVU consumption is counted
based on the number of PVUs on the host. In this case, the reported PVU
consumption might be higher than the real value, but configuration of VM
managers is not required. If set to false, the reported PVU consumption is
0, and VM managers must be configured.
computerVmManagerDetachmentPeriod
Days
90
Specifies the maximum idle time after which a computer that is managed
by a VM manager is considered detached. After that time, the data that is
sent by an agent is not augmented by the data that is retrieved from the
VM manager. The computer status changes into No VM Manager Data.
csvReportSeparator
Character
Comma (,)
Specifies the character that is used as a line separator during the creation
of CSV files.
maxWaitingForVMData
Days
30
Specifies the maximum age of capacity data of a virtualization

infrastructure that is gathered by the VM Manager Tool scan. Data that is
older than the specified age is discarded during the retrieval and storage
process and is not included in the aggregation process.
maxVMManagerInactivity
Days
90
Specifies the maximum time after which a VM manager is considered

inactive if no new data is received by the server.
maximumNumberOfLicenseUseMetricFiles
ToProcessPerImport
Number
numberOfImportThreads
Number
-1
-1
2147483647
Specifies the maximum number of license metric tag files to be processed

during an import. The oldest unprocessed files are processed in the first
place. Then, the specified number of newer files is consecutively processed
with every import. The value -1 indicates that all files are processed.
0
32
Specifies the number of threads that are used to process capacity scan data
and VM manager scan data during the import of data from the BigFix
server.
Tip: In environments with over 10000 endpoints that are running on
high-performance machines, it can be beneficial to increase the number of
threads to speed up the import.
removeCustomBundlings
Boolean
(true/false)
False
Specifies whether custom bundling options are removed after the import
of the software catalog. If set to true, relations between components and
products that are defined in the IBM catalog are restored. Components that
were assigned to products based on custom bundling options are
reassigned to products for which bundling options are defined in the IBM
software catalog. After the custom bundling options are successfully
removed, the parameter is automatically set to false.
132
Table 42. Configuration parameters of the administration server (continued)

Units
Default
Parameter
Description
storeHwDataForAllVMManagerNodes
Boolean
(true/false)
Minimum
Maximum
False
Specifies whether information about nodes and clusters that is retrieved

from VM managers is stored in the database, regardless of whether an
agent is running on any virtual machine on such nodes or clusters.
tempPathForGeneratedFiles
Path
Period (.)
Specifies the path to the folder where temporary application files, such as
the CSV file during generation, are stored. The default value indicates that
the files are created in the following location:
vmManagerPostprocessGuestEnabled
Linux
install_dir/wlp/usr/server/server1
Windows
install_dir\wlp\usr\servers\server1
Boolean
(true/false)
True
Specifies whether data about incomplete virtualization hierarchy is

removed when new data is uploaded from VM managers. If set to true,
incomplete topology data is removed on condition that the VM manager is
configured within 24 hours since the first incomplete scan. If set to false,
incomplete topology data remains on the server and might be shown on
reports.
vmman_check_uniqueness_enabled
Boolean
(true/false)
True
Distinguishes unique VM managers from duplicates.

vmman_connection_time_out
Seconds
90
10
3600 (1 hour)
Specifies the time after which the connection with a VM manager is ended.
vmman_max_subsequent_login_failures
Number
100
Specifies the maximum number of failed attempts of logging in to the VM

manager.
vmman_thread_pool_size
Number
10
50
Specifies the number of threads in thread pool that is used for connections
to VM managers.
vmman_pooling_time_interval
Minutes
30
30
10080 (1 week)
Specifies the interval between the consecutive retrievals of data from VM

managers.
vmman_transfer_period
Minutes
720
30
10080 (1 week)
Determines how often scan data is transferred to the agent to be uploaded

to the server if subsequent scans have the same results.
vmman_uuid_filtering_enabled
Boolean
(true/false)
False
Enables UUID filtering of VM managers.
Performing optional configuration

You can perform optional configuration tasks to further customize the application.

The Scanned File Data report provides information about files with particular extensions that were
discovered on the computers in your infrastructure. The information is typically used for creating custom
software signatures. To optimize the volume of the monitored data, narrow down the list of file
extensions that are collected to only those extensions that are typically used for creating signatures. It
reduces the workload on the BigFix Inventory server and improves the application performance.
133
About this task

If you are upgrading to version 9.0.1.2, a configuration panel on which you can automatically optimize
the volume of scanned file data is displayed. The following procedure describes manual steps that you
can perform if you skipped the automatic configuration.
Procedure
v
Linux
Run the following command:
/etc/init.d/SUAserver stop
Windows
Run the following file:
installation_directory\cli\srvstop.bat
2. To optimize the volume of the scanned file data, remove extensions that are not typically used for
creating signatures from the following files. The files are in one of the following directories: directory.
v
Linux
installation_directory/wlp/usr/servers/server1/apps/tema.war/WEB-INF/domains/sam/
config
v
Windows
installation_directory\wlp\usr\servers\server1\apps\tema.war\WEB-INF\domains\sam\
config
Note: Do not remove extensions that you used for creating custom signatures. If you remove a
particular extension and want to create a signature that is based on a file with that extensions later
on, add the extension back to the appropriate file.
v In the file_names_all.txt file, leave the following extension:
\.ear$
v In the file_names_unix.txt file, leave the following extensions:

\.sh$
\.bin$
\.pl$
\.ear$
\.SH$
\.BIN$
\.PL$
\.EAR$
v In the file_names_windows.txt file, leave the following extensions:

\.exe$
\.sys$
\.com$
\.ear$
\.ocx$
3. Start the BigFix Inventory server.

v
Linux
/etc/init.d/SUAserver start
Windows
Run the following file:
installation_directory\cli\srvstart.bat
4. Check whether the software catalog that is uploaded to BigFix Inventory is in the canonical format.
Click Management > Catalog Upload and check the Catalog Format column.
134
If the catalog is in the native format, upload a new catalog. If the catalog is in the canonical format
but a new version is available, upload the new catalog. Otherwise, proceed to the next step.
5. Wait for the scheduled import or run it manually. During this import, performance might be lower
because the software catalog is reimported.
6. Wait for the scheduled software scan. Alternatively, if you have infrequent software scans, stop the
current scan and start a new one. It will allow you for using the optimized list of file extensions in a
shorter time.
a. Log in to the BigFix console and in the left navigation tree, click Actions.
b. In the upper-right pane, click Initiate Software Scan and then click Stop.
c. Initiate a new software scan.
7. Wait for the scheduled import or run it manually. From now on, the optimized list of file extensions is
used.
Disabling subcapacity calculations

Subcapacity licenses are based on the number of processor value units (PVU) or resource value units
(RVU) that can be used by the product not the number of all processor cores that are available on the
physical server. Such a licensing scheme allows for reducing the cost of licenses for products that are
eligible for PVU or RVU subcapacity. If no subcapacity products are installed in your environment, you
can disable subcapacity calculations to improve the performance of the import.
About this task

Important: If your instance of BigFix Inventory is licensed under the PVU subcapacity license, it will not
be reported after you disable subcapacity calculations.
Procedure
To disable subcapacity calculations, go to https://hostname:port/management/feature and clear the
Subcapacity checkbox. Then, click Save.
Tip: You might restart the BigFix Inventory server to ensure that subcapacity calculations are disabled.
Results
After you disable subcapacity calculations, subcapacity data is not uploaded to BigFix Inventory server
during the import. Performance of the import is improved. Fixlets and tasks that are related to
subcapacity configuration and VM managers remain available and relevant in the BigFix console.
However, you do not have to run them. Additionally, the following elements of the BigFix Inventory user
interface are hidden:
v Widgets:
IBM Capacity Data Completeness
IBM PVU Subcapacity
IBM Software Classification
v Management panels:
IBM Software Classifications
VM Managers
Metric Table Upload
Part Numbers Upload
v Reports:
IBM PVU Subcapacity
All IBM Metrics
135
Audit Trail
Hardware Inventory
The following permissions are removed from the user roles:
v Manage IBM Software Classification
v Manage VM Managers and Servers
v View Audit Trail
v View Hardware Inventory
v View License Metrics
Configuring the application usage statistics

The default behavior of the software scan can be changed to collect the software usage information from
all endpoints in your environment on a daily basis.
Before you begin

Note: Changing the default behavior increases the amount of data that is collected from your endpoints
and results in longer data imports. This procedure is not recommended, especially for large
environments. Before you proceed, ensure that you need this type of information to be collected from
your environment.
About this task

Due to changes that were introduced in BigFix Inventory 9.2.1 application update 9.0.1, the software
usage information is no longer collected from all your endpoints on daily basis but is now aligned with
the software scans schedule. This means that your endpoints must complete software scans before usage
data is collected from them. This behavior shortens each data import and limits the amount of data that
is collected from your environment, however it can be changed to resemble the configuration of the base
BigFix Inventory 9.1 version.
Procedure
Log in to the IBM BigFix console.
In the left navigation bar, click Sites > External Sites > IBM BigFix Inventory > Fixlets and Tasks.
Select the Initiate Software Scan task.
In the Scanner configuration section, select only the Application Usage Statistics check box so that
the changes are made specifically for this type of scan.
5. Click Take Action and then specify the applicable computers and the schedule for collecting the
results:
a. In the Target tab, select the Dynamically target by property check box, and then select All
Computers.
b. In the Execution tab, select Reapply this action, and set the while relevant, waiting option to 1
day.
c. Click OK.
1.
2.
3.
4.
Results
You changed the default settings for the Application Usage Statistics type of software scan. The software
usage information is now collected daily from all endpoints in your environment.
136
Updating scanner catalogs

Scanner catalogs are used to discover software on the endpoints. They are automatically created and
distributed to the endpoints after every import that contains the IBM software catalog. If the automatic
distribution fails, endpoints on which the catalogs were not updated have the Outdated Catalog status
on the Scan Health widget. You must manually update scanner catalogs on these endpoints.
Before you begin

v Before you update the scanner catalogs manually, try to determine why the automatic update failed.
For more information, see Server operation problems.
v Ensure that the BigFix Inventory server is visible to your BigFix server.
v If Secure Socket Layer (SSL) is enabled in BigFix Inventory, all updates are also downloaded through
SSL. The BigFix server must recognize SSL certificates of BigFix Inventory as valid.
Procedure
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Log in to BigFix Inventory.

Import the software catalog.
In the top navigation bar, click Management > Catalog Upload.
To download the fixlet file to your computer, click the question mark sign. Then, click Catalog
click Save.
Copy the file to the computer where the BigFix console is installed.
To import the fixlet, click File > Import.
Open the directory where you store the catalog_download.bes file, select the file, and click Open.
The file is imported.
In the left pane, click Sites > Master Action Site > Fixlets and Tasks. A list of available fixlets opens
To run the fixlet on the endpoints, select Catalog Download (Version: version), and click Take
Action.
Select the computers on which you want to run the fixlet, and click OK.
What to do next
You imported the scanner catalogs to the endpoints in your infrastructure. To gather inventory data from
the endpoint, you must now initiate software scans.
137
Configuring data retention period

Data retention period is the period after which historical data or resource utilization data is removed
from the BigFix Inventory database. By default, the retention period is set to seven days for historical
data and to 90 days for resource utilization data.
About this task

Retention period is set by default in fresh installations of BigFix Inventory. If you upgraded from
Software Use Analysis, your original settings were preserved.
Historical data
Historical data is related to removed computers, uninstalled software, and deleted software
catalog entries. By default, retention period for historical data is set to seven days. After that
period, the data is removed from the BigFix Inventory database. Removal of the historical data
does not affect PVU and RVU MAPC reports. IBM software that was uninstalled is still correctly
calculated and reported for the period when it was installed.
Resource utilization data
Resource utilization data is related to license metrics other than PVU and RVU MAPC. By
default, retention period for resource utilization data is set to 90 days. After that period, the data
is removed from the BigFix Inventory database. Software items for which license utilization is not
reported for a period longer than the specified one are no longer displayed on the Resource
Utilization report.
Procedure
1. In the top navigation bar, click Management > Server Settings.
2. Specify the period after which you want the data to be removed from the database, and click Save.
3. To disable the data retention period for historical data or resource utilization data, clear the
appropriate check box, and click Save.
Results
The data that is older than the retention period is removed from the database during every import.
If you did not have the retention period configured or you shortened it considerably, removal of the large
amounts of data might lengthen the first import after the change. During the consecutive imports, smaller
amounts of data are removed and should not have considerable impact on the import time on condition
that the import runs regularly.
Shortening the retention period gradually to avoid problems with growing

database size
Since License Metric Tool 9.2.1, retention period is set to 7 days in a fresh installation, so this procedure
does not apply in case of fresh version 9.2.1 installations. If you did not configure the retention period
138
after installation in earlier versions of License Metric Tool and the data accumulation continued for
several months, you must enable and repeatedly change the data retention configuration to make the
retention period as short as possible. With each successive import, the historical data is deleted gradually
and thus problems with growing database size can be avoided.
About this task

Note:
v After this configuration is applied, the transaction log is used heavily because all the data is deleted in
one transaction.
v The database size is not decreased automatically. If you want to reclaim disk space that is occupied by
database tables, run the command that is appropriate for your database management system.
v If the data imports during which historical data was deleted failed, increase the retention period and
run the import again.
Procedure
1. Determine the date of the first successful import.
2. Set the retention period for 30 days after the first successful data import. Example: If the import
occurred 6 months ago, calculate the retention period in the following way: 5 months * 30 days = 150
days.
3. Run the data import.
4. Set the retention period for 60 days after the first successful data import, that is, set the retention
period to 120 days. Example: 4 months * 30 days = 120 days.
5. Repeat the step as many times as necessary, each time decreasing the retention period by 30 days.
6. When the retention period is short enough, enter the target configuration of 7 days.
Setting the home page

If you use a particular report or panel frequently, you can set it as BigFix Inventory home page.
Procedure
v To
1.
2.
v To
1.
2.
set a new home page:

Open the report or panel that you want to set as the home page.
In the upper-right corner, expand the user name menu, and click Set as home page.
return to the default home page:
Expand the user name menu and click Profile.
Click Clear under the Home page field.
139
140
Chapter 4. Upgrading
Refer to this section for information about the available options for upgrading to
BigFix Inventory 9.2.1
Note: Upgrading in full from Software Use Analysis 1.3 is not supported because
of differences in supported platforms and databases. As the first stage in upgrading
from Software Use Analysis 2.2 to BigFix Inventory 9.2.1, the migration of
endpoints from 2.2 is supported. In this scenario, data and scan results are
migrated with the endpoints.
Tip: Visit the BigFix Inventory wiki page to learn more about the new product
versioning scheme, supported upgrade and migration paths and coexistence
scenarios.
Upgrading to BigFix Inventory 9.2.1

You can upgrade to BigFix Inventory 9.2.1 from all 9.x versions. To upgrade the server, run the Fixlet that
completes the process automatically, or start the installation of a later version.
Restriction: You cannot upgrade between different operating systems. To switch from Linux to Windows,
install a new server.
Backing up the server

Before you start the upgrade, back up the database, installation registry, and the server files to be able to
restore the server if the upgrade fails.
Procedure
1. Stop the Software Use Analysis server.
2. Back up the database.
Windows
See Backing up the SQL Server database in Troubleshooting.
See Backing up the DB2 database in Troubleshooting.

3. Back up the installation registry.
Linux
C:\Program Files\Zero G Registry\.com.zerog.registry.xml

This file is hidden. To view it, change the Folder Options in Control Panel to display hidden files, or
type the complete path in the address bar of any open window.
Windows
/var/.com.zerog.registry.xml
This file is hidden. To view it, run the ls -la command.
If you installed the server as a non-root user, the registry is in $HOME/.com.zerog.registry.xml.
4. Back up the installation directory. The default paths are:
Linux
Windows
C:\Program Files\IBM\SUA
/opt/ibm/SUA
5. Start the Software Use Analysis server.
Linux
Results
You completed all steps that are required to restore the server after a failed upgrade. You can proceed to
upgrading the server.
141
Upgrading the server with a Fixlet

You can run a Fixlet from the IBM BigFix console to automatically upgrade the BigFix Inventory server.
Before you begin

v Back up the server so you can restore it in the case of a failed upgrade.
v
Linux
You can upgrade the BigFix Inventory server with a Fixlet only when you installed the
application server as a root user. Otherwise, you must upgrade the server in interactive or silent mode.
Ensure that no PDF reports are being generated in BigFix Inventory during the upgrade. To
create PDF reports, the server uses a separate process that locks the server files.
Windows
Procedure
1.
2.
3.
4.
5.

Select Upgrade to the latest version of BigFix Inventory.
Click Take Action.
Select the computer on which you want to upgrade the server and click OK.
Results
The Fixlets downloads the installer to the chosen endpoint and upgrades the server. The server is stopped
before the upgrade and started again when the process is complete. To check the status, in the navigation
tree of the console, click Actions.
What to do next
Linux
If you upgraded from versions older than application update 9.0.1.2, configure the server after
the upgrade. The configuration includes the optimization of scanned file data that was introduced in
application update 9.0.1.2.
Upgrading the server in interactive mode

To upgrade the server, start the installation of a newer version of BigFix Inventory on the same computer.
In interactive mode, you upgrade the server through a wizard.
Before you begin

v
Windows
Procedure
1. Download the latest installer and extract it.
2. Run one of the installation files:
Windows
3. Follow the steps in the wizard.
4. When the upgrade is complete, click Done.
Linux
Results
You upgraded BigFix Inventory to the latest version.
142
What to do next
Linux
Upgrading the server in silent mode

To upgrade the server, start the installation of a newer version of BigFix Inventory on the same computer.
Silent installation runs in the background.
Before you begin

v
Windows
Procedure
1. Download the latest installer and extract it.
2. Read the license agreement in the license.txt file. The file is in the /license/your_language
directory.
3. Edit the upgrade_response.txt file.
4. In the response file, set the RSP_LICENSE_ACCEPTED parameter to true.
5. Start the upgrade by running one of the following commands:
Windows
setup-server-windows-x86_64.bat -i silent -f response_file_path\
upgrade_response.txt
./setup-server-linux-x86_64.sh -i silent -f /response_file_path/

For response_file_path, enter the absolute path to the response file.
Example:
Linux
setup-server-windows-x86_64.bat -i silent -f C:\images\SUA\upgrade_response.txt
Results
You upgraded the server to the latest version.
What to do next
Linux
Configuring the server after the upgrade

If you upgraded from versions earlier than application update 9.0.1.2, you might be required to perform
additional configuration. The configuration panel opens automatically. You can also complete the
configuration later at https://hostname:9081.

You can optimize the volume of data that you monitor and use for creating custom signatures by
narrowing down the list of collected file extensions to those that are typically used. This reduces the
workload on the application server and improves the performance.
143
Procedure
1. On the configuration panel, select the Optimize the volume of scanned file data check box.
2. Check whether the software catalog that is uploaded to BigFix Inventory is in the canonical format.
Click Management > Catalog Upload and check the Catalog Format column.
If the catalog is in the native format, upload a new catalog. If the catalog is in the canonical format,
but a new version is available, upload the new catalog. Otherwise, proceed to the next step.
3. Run an import. During this import, performance might be lower because the software catalog is
imported.
Important: After the import, some software items might not be visible in the reports. This is an
expected behavior. Complete the remaining steps for the software inventory to be properly reported.
4. Wait for the scheduled software scan. Alternatively, if you have infrequent software scans, stop the
current scan and start a new one. This allows you to use the optimized list of file extensions in a
shorter time.
a. Log in to the BigFix console and, in the left navigation tree, click Actions.
c. Initiate a new software scan.
5. Wait for the scheduled import or run it manually. From now on, the optimized list of file extensions is
used.
6. If you upgraded from BigFix Inventory 9.0, the default Java heap size is not sufficient for the current
version. Increase the Java heap size to 1536 megabytes (Xmx1536m).
Configuring without optimizing the volume of the scanned file data

If you do not want to optimize the volume of the scanned file data, clear this option. You can narrow
down the list of collected file extensions manually at any later time.
Procedure
1. Clear the Optimize the volume of scanned file data check box.
2. Run the import of data to be able to see complete infrastructure information.
3. If you upgraded from BigFix Inventory 9.0, the default Java heap size is not sufficient for the current
version. Increase the Java heap size to 1536 megabytes (Xmx1536m).
Restoring the server after a failed upgrade

After a failed upgrade, you can restore the server to its original state by restoring the database,
installation registry, and the server files from backups.
Before you begin

If you did not back up the installation directory and the registry, you can install the new server and
restore only the database. You can keep the data that is already in your database and avoid running the
initial import.
Procedure
2. Restore the database from a backup.
144
Windows
See Restoring the SQL Server database in Troubleshooting.
See Restoring the DB2 database in Troubleshooting.

3. Replace the installation registry with the backup registry. Copy the .com.zerog.registry.xml backup
file to one of the following directories:
Linux
Windows
C:\Program Files\Zero G Registry\
/var/
If you installed the server as a non-root user, copy the backup file to $HOME/.
4. Replace the installation directory with the backup directory.
5. Start the Software Use Analysis server.
Linux
Migrating from License Metric Tool 9.2.1

You can migrate from License Metric Tool 9.2.1 to BigFix Inventory 9.2.1 by starting the installation of
BigFix Inventory. You can migrate only between the same versions. After you complete the migration,
ensure that you complete the post-migration tasks to remap properties, subscribe the computers to
different fixlet site, and download the software catalog.
Restriction: You cannot migrate between different operating systems. To switch from Linux to Windows,
install a new server.
Backing up the server

Before you start the migration, back up the database, installation registry, and the server files to be able
to restore the server if the migration fails.
Procedure
1. Stop the License Metric Tool server.
2. Back up the database.
Windows
Back up the SQL Server database.
Back up the DB2 database.

3. Back up the installation registry.
Linux
C:\Program Files\Zero G Registry\.com.zerog.registry.xml

This file is hidden. To view it, change the Folder Options in Control Panel to display hidden files, or
type the complete path in the address bar of any open window.
Windows
/var/.com.zerog.registry.xml
This file is hidden. To view it, run the ls -la command.
If you installed the server as a non-root user, the registry is in $HOME/.com.zerog.registry.xml.
4. Back up the installation directory. The default paths are:
Linux
Windows
C:\Program Files\IBM\LMT
/opt/ibm/LMT
5. Start the License Metric Tool server.
Linux
Extending the license entitlements

To use BigFix Inventory, you must first purchase extra entitlements. The entitlements can be added to
your current license. After your license is updated, you can enable the BigFix Inventory Fixlet site in IBM
BigFix.
145
Procedure
1. Go to Passport Advantage and purchase entitlements for IBM BigFix Inventory.
2. Check the serial number of your current License Metric Tool license:
a. Log in to the BigFix console.
b. In the bottom-left corner, click BigFix Management.
c. In the navigation tree, click License Overview.
d. Your serial number is displayed in the BES Platform window.
3. Email [email protected], and include the following information:

v Your current serial number
v Your personal data that helps to recognize you as an IBM customer
v Details of the BigFix Inventory license that you purchased
v A request for expanding your current serial number with the entitlement for BigFix Inventory
4. In the BES Platform window that you copied the serial number from, click Check for license update.
If there is a change to your license, the following message is displayed: Site certificate update
detected, BESAdmin must be run to propagate the change.
5. Go to the BigFix server and run the Administration Tool to update the license.
Linux
a. Go to /opt/BESServer/bin.
b. Run the following command:
./BESAdmin.sh -syncmastheadandlicense -sitePvkLocation=path_to_license.pvk
Windows
a.
b.
c.
d.
Go to C:\Program Files (x86)\BigFix Enterprise\BES Server.

Run BESAdmin.exe.
When prompted, provide the path to the site signing key (license.pvk), and enter the password.
In the Masthead Management tab, click OK.
Results
You updated your license and propagated the change to your endpoints. It might take several minutes
until the BigFix console displays the updated status. If the status does not change, restart the console.
Migrating the server in interactive mode

To migrate the server, start the installation of BigFix Inventory on the same computer. In interactive
mode, you migrate the server through a wizard.
146
Before you begin

Back up the server so you can restore it in the case of a failed upgrade.
Procedure
1. Download the latest BigFix Inventory installer and extract it.
2. Run one of the installation files:
Windows
3. Follow the steps in the wizard.
4. When the migration is complete, click Done.
Linux
Results
You migrated from License Metric Tool to BigFix Inventory.
What to do next
Perform post-migration tasks.
Migrating the server in silent mode

To migrate the server, start the installation of BigFix Inventory on the same computer. Silent installation
runs in the background.
Before you begin

Back up the server so you can restore it in the case of a failed upgrade.
Procedure
1. Download the latest BigFix Inventory installer and extract it.
2. Read the license agreement in the license.txt file. The file is in the /license/your_language
directory.
3. Edit the upgrade_response.txt file, and specify the following parameters:
Table 43. Response file parameters.
Parameter
Parameter key name
Default
Description
License agreement
acceptance
RSP_LICENSE_ACCEPTED
false
Delete the first hash (#) that flags this statement as a comment, and set the parameter to true, if
you accept the license.
147
Table 43. Response file parameters (continued).

Parameter
Parameter key name
Default
Description
Windows
User
name and
password
RSP_USER_ACCOUNT
current
RSP_USER_ACCOUNT_PWD
Specify the user account for running the application service. The user must have the log on as
a service right and administrative privileges. The User Account Control in Windows must be
reduced or disabled, because it might block the service from starting. The user must be entered
as domain\username, machine\username, or .\username if it is a local account. If you leave
current, the service runs under the NT AUTHORITY\SYSTEM user, which has all required rights.
Important: To use Windows authentication to access the database, the service owner chosen
here must be available both to BigFix Inventory and the relevant database server for which you
use this authentication. For local databases, you can use current, but for remote ones it must be
a domain user that is shared between the two servers.
4. Start the migration by running one of the following commands:

Windows
setup-server-windows-x86_64.bat -i silent -f response_file_path\
Linux
./setup-server-linux-x86_64.sh -i silent -f /response_file_path/
For response_file_path, enter the absolute path to the response file.
Example:
setup-server-windows-x86_64.bat -i silent -f C:\images\SUA\upgrade_response.txt
Results
You migrated from License Metric Tool to BigFix Inventory.
What to do next
Perform post-migration tasks.
Performing post-migration tasks

After you migrate License Metric Tool to BigFix Inventory, you must perform additional tasks that are
required to adjust your environment to the new application. Those tasks include subscribing the
endpoints to the new site, uploading new software catalog, and scheduling the software scan.
Procedure
1. Stop all actions that are running from the License Metric Tool Fixlet site.
a. In the BigFix console, click Actions.
b. Select all actions that originate from the IBM License Reporting (ILMT) v9 site.
c. Right-click on the selected actions, and then click Stop Action.
d. Again, right-click on the selected actions, and then click Delete Action.
2. Remap UNIX properties to the BigFix Inventory site.
a. In BigFix Inventory, click Management > Unix Package Properties.
b. Select Unix Installed Packages.
c. In the Data Source Property list, find and select the Installed Unix Packages List property from
the IBM BigFix Inventory site.
d. Click Save.
148
3. Remap package properties to the BigFix Inventory site.

a. In BigFix Inventory, click Management > Package Properties.
b. Select Windows Installed Packages.
c. In the Data Source Property list, find and select the Installed Windows Application List property
from the IBM BigFix Inventory site.
d. Click Save.
4. Remap usage properties to the BigFix Inventory site.
a. In BigFix Inventory, click Management > Usage Properties.
b. Select Windows Application Usage.
c. In the Data Source Property list, find and select the Application Usage property from the IBM
BigFix Inventory site.
d. Click Save.
5. Create roles and permissions that are specific to BigFix Inventory.
a. In BigFix Inventory, click Management > Roles.
b. Create the Catalog Managers role with the following permissions:
v Manage Catalogs, Manage Uploads, View Catalog Audit, View Endpoints, View Raw Data,
View Software Catalog and Signatures
c. Create the Contract Managers role with the following permissions:
v Manage Contracts, View Endpoints, View Raw Data, View Software Catalog and Signatures
d. Edit the Auditors and Software Asset Managers roles, and add these permissions:
149
v View Catalog Audit, View Raw Data

e. Edit the Infrastructure Administrators and Software Asset Managers roles, and add these
permissions:
v Manage Usage Properties, Manage Package Properties
6. Unsubscribe all endpoints from the IBM License Reporting (ILMT) v9 site.
b. In the navigation bar, click Sites > External Sites > IBM License Reporting (ILMT) v9, and then
click the Computer Subscriptions tab.
c. To unsubscribe all computers from the site, select No computers.
7. Create a new computer setting that points to the server installation path.
a. In the BigFix console, click Computers.
b. Select your BigFix Inventory server, right-click on it, and then click Edit Computer Settings.
c. Click Add to add a new setting, and specify the following information:
Setting Name: SUA_Server_Path_0
Setting Value: installation directory
Note: Despite the upgrade, the installation directory is still called LMT. If you used the default
path, it is /opt/ibm/LMT, or C:\Program Files\ibm\LMT.
d. Select the LMT_Server_Path_0 setting, and click Delete.
8. Subscribe all endpoints to the IBM BigFix Inventory site.
a. In the BigFix console, click the IBM BigFix Inventory site, and then click the Computer
Subscriptions tab.
b. Specify the same subscription criteria that you specified in the IBM License Reporting (ILMT)
v9 site, or select All computers.
9. Download new software catalog for BigFix Inventory. This catalog contains more products than its
equivalent in License Metric Tool.
a. In the BigFix consoler, click Sites > External Sites > IBM BigFix Inventory > Fixlets and Tasks.
b. Select Software Catalog Update and click Take Action. Download either software catalog with
charge unit data, or software catalog alone.
150
c. Select a target computer and click OK. The catalog is downloaded to /opt/IBM/BFI/bfi_catalog.
d. Copy the catalog to the computer that you use to access the BigFix Inventory interface.
10. Upload new software catalog to BigFix Inventory.
a. Log in to BigFix Inventory.
b. Click Management > Catalog Upload.
c. Click Browse, select the file in a ZIP format, and click Upload. The catalog is being uploaded.
11. Run the import to process the new catalog and deliver it to the endpoints.
a. In BigFix Inventory, click Management > Data Imports, and then Import Now to start the
import.
b. When the import finishes, go back to Management > Catalog Upload, and verify that the catalog
was successfully uploaded.
12. Verify that the new software catalog was distributed to the endpoints.
b. In the navigation bar, click Sites > External Sites > IBM BigFix Inventory > Analyses.
c. Right-click on the Software Scan Status analysis and click Activate. It might take some time until
the analysis collects the data.
d. In the lower pane, click the Results tab, and verify that the version of the catalog is the same as
the version that is displayed in BigFix Inventory (step 6b).
Tip: If the version differs, the results might need to be refreshed. Select all endpoints, right-click
on them, and click Send Refresh. If the problem persists, the catalog was not delivered to the
endpoints. In such case, you can deliver it manually. For more information, see Updating scanner
catalogs in the Configuring section.
151
13. After uploading new software catalog, a number of software items might be discarded and removed
from reports in BigFix Inventory. It is to be expected, because the items were discovered by scans in
License Metric Tool, yet they are now compared to a different software catalog. If the items do not
match the entries in the software catalog, they are discarded. All such software items will be
reported again after they are discovered by new scans in BigFix Inventory.
14. Set up new scans and activate analyses in BigFix Inventory.
15. Verify that the software scan was successfully run.
a. In the BigFix console, click Sites > External Sites > IBM BigFix Inventory > Analyses.
b. Click the Software Scan Status analysis.
c. In the lower pane, click the Results tab, and verify that the status of the software scan is OK. It
might take time until the software scan finishes and all endpoints report this status.
16. Run an import to process and import the scan results.

b. In the top navigation bar, click Management > Data Imports, and then Import Now.
Results
You changed the subscription of endpoints to the new site, uploaded new software catalog, and initiated
the software scan that collected data about software that is installed on your endpoints. After the import
finishes, all data collected by the software scan is matched to the software catalog, resulting in software
discoveries that are displayed on various reports in BigFix Inventory.
What to do next
License Metric Tool was migrated to BigFix Inventory. You can start using the new application.
Restoring the server after a failed migration

After a failed migration, you can restore the server to its original state by restoring the database,
installation registry, and the server files from backups.
Before you begin

If you did not back up the installation directory and the registry, you can install the new server and
restore only the database. You can keep the data that is already in your database and avoid running the
initial import.
Procedure
1. Stop the License Metric Tool server.
2. Restore the database from a backup.
152
Windows
See Restoring the SQL Server database in Troubleshooting.
See Restoring the DB2 database in Troubleshooting.

3. Replace the installation registry with the backup registry. Copy the .com.zerog.registry.xml backup
file to one of the following directories:
Linux
Windows
C:\Program Files\Zero G Registry\
/var/
If you installed the server as a non-root user, copy the backup file to $HOME/.
4. Replace the installation directory with the backup directory.
5. Start the License Metric Tool server.
Linux
Migrating from License Metric Tool and Tivoli Asset Discovery for
Distributed 7.2.2 and 7.5
You can migrate from License Metric Tool or Tivoli Asset Discovery for Distributed 7.2.2 or 7.5, and all
subsequent fix packs and interim fixes, to BigFix Inventory 9.2.1. Items that can be migrated are software
bundlings, software exclusions, directories excluded from scanning, scan groups, and VM Managers.
Overview and requirements

The migration moves your software inventory from License Metric Tool or Tivoli Asset Discovery for
Distributed 7.2.2 or 7.5 to a completely new infrastructure that is based on IBM BigFix and BigFix
Inventory. As opposed to a simple upgrade, which changes the version of an application automatically,
the migration requires that you install the new environment separately, mostly because of differences
between the source and the target infrastructure.
New infrastructure
Although the environment to which you are going to migrate has the same concepts and follows similar
patterns, it has some differences when compared to 7.x. It can be seen as a combination of BigFix
Inventory and the IBM BigFix platform that provides the infrastructure elements, such as clients. The
platform is responsible for the flow of data between endpoints and BigFix Inventory. It is also a tool used
for configuration. A number of tasks included in the following scenarios depend on IBM BigFix and are
completed through the platform console.
Scope of migration
The migration does not transfer raw data or scan results but information that is specific to your
environment. The data about software and hardware that is collected from your endpoints does not need
to be migrated. While preparing the new environment, you install new clients that must be located side
by side with the existing 7.x agents, at least until you complete the migration. This allows the new
software and capacity (hardware) scans to scan the endpoints and discover the inventory in the same
way as it would be discovered in a new installation of 7.x. What is still missing is all decisions regarding
software classification that were made after installing the 7.x environment and that made your software
inventory the way it is now.
Those decisions include software bundlings that you created and confirmed by assigning software
instances to certain products, software exclusions, which represent software instances that are excluded
from pricing calculations, and directories that are excluded from scanning. During the migration, those
decisions are recognized and extracted from version 7.x along with the definitions of VM Managers,
which are necessary to discover complete capacity of your computers. If your computers are divided
among various scan groups, you can also migrate those scan groups and their scan schedule. After all
this information is migrated, it is applied to the raw inventory that is discovered by the new scans. It
allows for re-creating your specific software inventory in the new environment. As a result, the same
153
software inventory is managed with a new infrastructure.
Requirements
Version of the source application
v License Metric Tool 7.2.2 and 7.5, and all subsequent fix packs and interim fixes.
v Tivoli Asset Discovery for Distributed 7.2.2 and 7.5, and all subsequent fix packs and interim
fixes.
The applications might from now on be referred to as 7.x.
Operating systems and databases
BigFix Inventory 9.2.1 supports only a subset of operating systems that are supported by 7.x. You
can migrate either to BigFix Inventory 9.2.1 on Linux and use DB2, or on Windows and use SQL
Server. You can also migrate between different operating systems and databases, for example
from AIX to Windows, or from DB2 to SQL Server.
User permissions
The user whose authentication token is used to access the BigFix Inventory server must have the
Manage IBM Software Classification and Manage VM Managers and Servers permissions.
Data import
Import of data must be disabled during the migration. To disable the import, log in to in BigFix
Inventory and open the Data Imports panel. Then, clear the Enabled check box, and click Save.
Security
TLS 1.2. must be disabled during the migration from Tivoli Asset Discovery for Distributed or
License Metric Tool. To disable TLS 1.2, go to Management > Server Settings, and clear the Use
TLS 1.2 check box. You can enable TLS 1.2. after the migration.
Clients
As one of the first steps of migration, you will install the BigFix clients, which are equivalents of
the 7.x agents. The client installers are native packages that can be installed using any method,
however IBM BigFix also provides several tools to automate this process, for example the Client
Deploy Tool. Using the BigFix tools for the installation is recommended, but for large
environments you can also use an alternate way and install the clients through the self-update
functionality that is available in V7.x. Self-update installs the clients automatically on each
computer that already has a 7.x agent. This installation, however, requires the assistance of IBM
Support, and is not the most effective for smaller environments. To request help with installing
the clients by using self-update, email [email protected].
Software catalog
Software catalogs in the source and the target application must have the same version. Ensure
that you update the catalog before you start the migration.
The catalogs for License Metric Tool and Tivoli Asset Discovery for Distributed 7.x are released
earlier than the catalog for BigFix Inventory 9.2.1. It might happen that the 7.x catalog is already
released but the 9.2.1 one is not, in which case you must use the lower version of the 7.x catalog.
Only then the catalogs can be compatible.
Restriction: If you already uploaded the newest catalog to version 7.x, you will not be able to
upload the lower version. In such case, migrate on different catalogs and repeat the migration
after the new BigFix Inventory catalog is available.
To download software catalogs with the same version, complete the following steps:
1. Open release notes.
The document lists all software catalogs that are released for BigFix Inventory.
2. Check the newest entry and notice the date that describes the identical catalog in version 7.x.
3. Download the software catalog for version 7.x from one of the following web addresses:
154
To download the correct version, substitute date with the date that is provided in release
notes.
v License Metric Tool 7.x:
ftp://public.dhe.ibm.com/software/tivoli_support/misc/CandO/TivoliCatalog/ibm/ILMT/
IBMUseOnlySoftwareCatalog_canonical_form_date.zip
For example, if the date says 2014-06-20, the link is as follows:

ftp://public.dhe.ibm.com/software/tivoli_support/misc/CandO/TivoliCatalog/ibm/ILMT/
IBMUseOnlySoftwareCatalog_canonical_form_20140620.zip
v Tivoli Asset Discovery for Distributed 7.x:

ftp://public.dhe.ibm.com/software/tivoli_support/misc/CandO/TivoliCatalog/ibm/SwKBT/
IBMSoftwareCatalog_canonical_form_date.zip
For example, if the date says 2014-06-20, the link is as follows:

ftp://public.dhe.ibm.com/software/tivoli_support/misc/CandO/TivoliCatalog/ibm/SwKBT/
IBMSoftwareCatalog_canonical_form_20140620.zip
4. Import the catalog to License Metric Tool 7.x or import the catalog to Tivoli Asset Discovery
for Distributed 7.x.
5. Download the new software catalog for BigFix Inventory and then update it in the
application.
Migrated items
The migration does not transfer raw data or scan results but information that is specific to your
environment. This information includes software bundlings and exclusions, VM Managers, and excluded
directories. Optionally, you can also migrate scan groups and scan schedules.
Software bundlings
Each time that a new component is discovered, BigFix Inventory associates it with a product based on
their relationship in the software catalog. This association is a software bundling.
A software bundling must meet the following requirements to be migrated:
v Is a confirmed software bundling in the source environment:
You confirmed the assignment manually.
Default unconfirmed bundlings are not migrated because they are automatically created in the target
environment regardless of the migration.
You reassigned a component to a different product, which created a confirmed software bundling.
v Bundles only IBM products.
v Bundles products that are also discovered in the target environment.
Software that is installed on shared disks cannot be migrated because the discovery on such disks is
not supported by BigFix Inventory application update 9.2.1.
v Does not bundle components that are shared between multiple products.
v Does not bundle components that are confirmed in the target environment. The migration cannot
overwrite confirmed bundlings.
v Does not bundle components that are assigned to different products in the target environment and
whose assignment you confirmed. The migration cannot overwrite confirmed bundlings. If a
component is assigned to a different product but is not confirmed, then the migration overwrites this
assignment to resemble the source environment.
v Bundles products that belong to the default report group.
In version 7.5, you can assign software to several report groups, thus having a possibility to create
reports that contain software only from a certain group. This function is used to distinguish your
software and that of service providers, which might be installed on the same servers. In this case, you
155
can create a separate report group for software that is an obligatory part of a provided service, such as
software that is used to manage the provided infrastructure, and a separate one for your software.
Software bundlings that do not meet the preceding requirements are skipped.
Custom bundling options

Custom bundling options define custom relations between components and products that are not defined
in the IBM software catalog.
Custom bundling options are not migrated. To ensure that software that is bundled based on a custom
bundling option in version 7.5, remains bundled in the same way in version 9.2.1, you must create the
same custom bundling option in version 9.2.1. If the option is not defined in version 9.2.1, the software is
bundled according to the rule that is defined in the IBM software catalog and the bundling needs to be
confirmed.
If the bundling is already confirmed in version 9.2.1, it does not change regardless of whether the custom
bundling option is defined in version 9.2.1.
Software exclusions
Software exclusions are software instances that are excluded from pricing calculations.
All software exclusions that do not already exist in the target environment are migrated. However, the
following exception must be considered:
v Migration of a software exclusion confirms the bundling of this software in BigFix Inventory
application update 9.2.1, which means that it cannot be changed in the subsequent migration runs. If
you later include such an instance in pricing calculations in version 7.x, you must also manually
include it in version 9.2.1, because the migration cannot overwrite confirmed bundlings.
VM managers
VM Managers, also known as hypervisors, are used to create and run virtual machines. The access details
to VM Managers are necessary to discover the capacity that the virtual machines can use. It is required to
accurately calculate the PVU consumption.
All VM Managers that are not already defined in the target environment are migrated.
Excluded directories
All directories that are excluded from scanning are migrated. If any of them are already excluded in the
target environment, they are skipped.
There are two types of excluded directories:
v Directories excluded for a platform, for example for all Windows computers.
The migration tool extracts them from the 7.x database and passes on to BigFix, which uses the Add
Excluded Directories task to deliver them to relevant computers. BigFix recognizes the platforms and
distributes the directories appropriately.
After migration, all excluded directories from the 7.x agents are added to the BigFix clients. Directories
excluded for the i5 platform are not migrated, because this platform is not supported in 9.x.
v Directories excluded for an agent, for example for an agent with host name NC5110108.
Before you run the migration, you activate the Excluded Directories analysis that retrieves directories
that are currently excluded for BigFix clients (9.x agents). When the migration tool extracts excluded
156
directories from the 7.x database, it compares them to analysis results to recognize which directories
are missing in 9.x. The missing directories are delivered to BigFix clients by using the Add Excluded
Directories task.
After migration, all excluded directories from the 7.x agents are added to the BigFix clients. Directories
excluded for the i5 platform are not migrated, because this platform is not supported in 9.x.
Note: Directories can be delivered only to computers that have the BigFix client installed and software
scan initiated. Those steps, however, are completed when you prepare the environment for migration.
Tip:
v The Excluded Directories analysis and the Add Excluded Directories task can be viewed in the BigFix
console.
v After migration, you can go to the console and click Actions. A set of Add Excluded Directories
actions run against your computers to deliver the directories.
v The excluded directories can be viewed in excludedirectories.csv (after export) and
excluded_directories_report.csv (after simulation and migration).
Scan groups and scan schedules

Scan groups in version 7.2.2 and 7.5 are used to create separate scan schedules for different groups of
computers. This allows the reduction of network traffic that is generated by scans and differentiating scan
frequency according to the dynamics with which the software changes on particular computers. The
migration of scan groups and scan schedules is optional. If you want to separate the computers in your
new infrastructure in a different way, you can skip this part of the migration.
Scan groups from 7.x are migrated into computer groups in BigFix. The migration is enabled by default.
If you do not want to migrate scan groups, set the MIGRATE_SCAN_GROUPS parameter to false in the
migration.properties file. Unlike in 7.x, one computer can belong to multiple groups in BigFix.
Stand-alone scan groups are not migrated. Groups that are scheduled to run once are migrated but their
schedules are not.
After migration, scan groups from 7.x are listed in the BigFix console under Computer Groups. Each
migrated computer group is named in the following way:
v The prefix Migrated
v The name of the scan group from version 7.x
v Identifier of the instance of License Metric Tool or Tivoli Asset Discovery for Distributed from which
the scan group was migrated. The identifier is the value that you specify as the LMT_TAD4D_DB_HOST
parameter in the migration.properties file. This ensures that if you migrate content from multiple
instances of License Metric Tool or Tivoli Asset Discovery for Distributed to one BigFix, scan groups
with the same name are not skipped.
An example of a migrated scan group name is: Migrated_Finance_Department_198.21.100.0. You can
change it later.
Apart from scan groups, you can also migrate scan schedules. In BigFix, you can schedule scans to run
every 1, 2, 3, 5, 7, 15, or 30 days. Because the options differ from the options that are available in version
7.x, only scan schedules that can be re-created in BigFix are migrated. Migration of scan schedules is
disabled by default. To migrate scan schedules, set the MIGRATE_SCAN_SCHEDULE parameter to true in the
migration.properties file.
Important: If you migrate scan schedules, both 7.x and 9.2.1 scans will run at the same time on your
endpoints.
157
Migrating in parts
You can break the migration down into smaller parts either by installing the IBM BigFix clients only on a
group of endpoints or by limiting the number of endpoints that are subscribed to the Fixlet site.
Migration of each endpoint produces a significant amount of information that must be verified to be sure
that the migration succeeded. If you want to migrate a large number of endpoints, divide them into
groups, especially if you want to migrate a production environment. Such an approach makes the
verification easier and less time-consuming, and does not block your entire environment until the whole
migration is completed. The size of a group depends on the number of software instances that are
installed on endpoints.
To break the migration down into parts, choose one of the following approaches:
v Installing the IBM BigFix clients on a group of endpoints
While preparing the new environment, as described in Step 1: Preparing for migration, install the IBM
BigFix clients only on a group of endpoints. Items can be migrated only from endpoints that have both
the 7.x agent and the IBM BigFix client installed. The remaining items are listed as skipped and not
migrated to BigFix Inventory. After you migrate the first group of endpoints, install the clients on the
next group and repeat the migration.
v Subscribing a group of endpoints to the Fixlet site
While mapping the agents, as described in Step 2: Mapping the agents, activate the required analysis
only for a group of endpoints. Because the analysis is activated globally, which means that it gathers
information from all endpoints in the Fixlet site, subscribe the endpoints to the Fixlet site in groups. By
doing this, the analysis gathers information only from the endpoints that are currently subscribed to
the Fixlet site. Items can be migrated only from endpoints whose IDs and versions were retrieved by
the analysis. The remaining items are listed as skipped and not migrated to BigFix Inventory. After you
migrate the first group of endpoints, subscribe the next group to the Fixlet site and repeat the
migration. For more information about limiting the number of subscribed endpoints, see Restricting
computers.
Important: In either approach, all items from the source application are included in the csv files that are
created during migration. This is to be expected, because the files list all items that are eligible for
migration, not only those that were actually migrated. Items that were not migrated are listed as skipped
with an explanation saying that the IBM BigFix client is not installed. Filter the files by host names to
limit the view only to items from a particular group of endpoints. Despite being listed in the csv files, the
items are not saved in the target environment.
Step 1: Preparing for migration

Before you start the migration, prepare your target environment by installing IBM BigFix and BigFix
Inventory.
Procedure
1. Install IBM BigFix.
2. Install an IBM BigFix client on each endpoint that you want to include in your migrated environment.
The clients can be installed side by side with your Tivoli Asset Discovery for Distributed agents.
Tip: For large environments you can also use an alternate way and install the clients through the
self-update functionality that is available in V7.x. Self-update installs the clients automatically on each
computer that already has a 7.x agent. This installation, however, requires the assistance of IBM
Support, and is not the most effective for smaller environments. For more information, see Client
requirements.
3. Install the IBM BigFix console.
4. Enable the IBM BigFix Inventory fixlet site.
5. Install BigFix Inventory.
158
6. When the installation is complete, click Import Now to start the initial import.
What to do next
Step 2: Map the agents.
Step 2: Mapping the agents

Map the License Metric Tool or Tivoli Asset Discovery for Distributed 7.x agents to recognize their IDs
and versions, which is necessary to migrate your specific software inventory.
About this task

Decisions regarding software classification link software instances to the agents that they are installed on.
License Metric Tool and Tivoli Asset Discovery for Distributed 7.x save the ID and version of an agent to
be able to recognize software instances that are the targets of classification. Before you migrate, you must
activate an analysis that recognizes those IDs and versions, which is key for re-creating your software
inventory in the migrated environment. Activating the analysis is enough to complete the migration,
however if you plan to remove the 7.x agents, you must also run a task that maps the agents and copies
their IDs and versions to the new IBM BigFix clients. You can map the agents immediately after
activating the analysis, or at any time before you remove them.
Procedure
2. In the navigation tree, click Sites > External Sites > IBM BigFix Inventory.
3. Click Analyses and then complete the following steps:

a. Select the LMT/TAD4D 7.x Agent Mapping analysis, right-click on it, and then click Activate.
b. To check the progress of retrieving the IDs and versions, click the Results tab.
159
4. Map the License Metric Tool or Tivoli Asset Discovery for Distributed 7.x agents to copy their IDs and
versions to the IBM BigFix clients.
Note: This step is optional for the migration, however it must be completed before you remove the
7.x agents. After removing the agents, their IDs and versions cannot be retrieved by the analysis,
which is why they must be copied to the new clients.
a. Click Fixlets and Tasks.
b. Select the Map LMT/TAD4D 7.x Agents task, and then click Take Action. From the list of
applicable endpoints, select all those that have both agents installed, and then click OK. The
mapping is started.
c. You can check the progress of mapping in the LMT/TAD4D 7.x Agent Mapping analysis that you
activated earlier. The progress can be viewed under the Results tab.
The mapping is complete when the Mapped LMT/TAD4D 7.x Agent ID and Mapped
LMT/TAD4D 7.x Agent Version columns are filled in with IDs and versions.
What to do next
Step 3: Migrate your custom catalog content from Software Knowledge Base Toolkit
(Optional) Step 3: Migrating Software Knowledge Base Toolkit

This step is required only if you maintain custom catalog content in Software Knowledge Base Toolkit. If
that is the case in your environment, export the custom content to a canonical file and then import it
manually to the target instance of Software Knowledge Base Toolkit.
Before you begin

v The target instance of Software Knowledge Base Toolkit must be in version 1.2.2 or higher.
v The migration tool must be run from the same computer as the source instance of Software Knowledge
Base Toolkit. The application must also be running.
160
About this task

If you maintain custom content in Software Knowledge Base Toolkit, it must be migrated and uploaded
to BigFix Inventory before scanning the environment. It ensures that your custom catalog is delivered to
all your computers and that the software that is installed on them is properly discovered.
Procedure
1. Go to the BigFix Inventory installation directory.
2. Open migration and copy the swkbt directory to the computer that has the source Software
Knowledge Base Toolkit installed. Open the directory.
3. Edit the swkbt_migration.sh or swkbt_migration.bat file, and enter the installation directory of the
source Software Knowledge Base Toolkit. The file already has the default path specified.
4. Export your custom content to a canonical file by running one of the following commands:
UNIX
Windows
./swkbt_migration.sh [-f filename.xml]

swkbt_migration.bat [-f filename.xml]
[-f filename.xml]
The name of the file that your custom content is exported to. The file is saved in the
canonical 2.0 format.
If you omit this parameter, the file is saved as canonical.xml.
5. Import the canonical file to Software Knowledge Base Toolkit:
a. Log in to the target instance of Software Knowledge Base Toolkit.
b. In the navigation bar, expand IBM Tivoli Software Knowledge Base Toolkit.
c. Expand Manage Imports, and then click Canonical XML Document.
d. In the import window, click New Import.

e. Select the Advanced mode check box, and browse for your canonical file. Then, click OK to
import the file.
f. When the canonical XML document is imported, its content is analyzed for conflicts with the data
that is currently stored in your knowledge base. If any conflicts are displayed, resolve them. For
more information, see Resolving import conflicts.
g. Optional: If you blocked any of your signatures from receiving canonical XML updates, you must
do it again in the target Software Knowledge Base Toolkit because this flag was removed from all
your signatures during the migration.
6. Publish the catalog in Software Knowledge Base Toolkit and then import it to BigFix Inventory.
a. Publish the catalog in Software Knowledge Base Toolkit.
b. Log in to BigFix Inventory.
161
c. Click Management > Catalog Servers.

d. Click Update Catalog. The catalog is automatically updated.
e. Run a data import in BigFix Inventory. Click Management > Data Imports, and then click Import
Now.
Results
You custom catalog content was migrated and uploaded to BigFix Inventory. In case of any problems, see
the migration.log file that is in the main directory of the migration tool.
What to do next
Step 4: Scan your environment.
Step 4: Scanning your environment

Scan your environment to discover your hardware and software inventory through the new
infrastructure.
Before you begin

v After you complete this step, software scans from both applications might run simultaneously, which
can impact your processor usage. To avoid this problem, see Optimizing the software scan.
Procedure
2. In the navigation tree, click Sites > External Sites > IBM BigFix Inventory.
3. Go to Analyses, and select all analyses. Right-click them to view the list of options, and then click
Activate.
Important: If you excluded any directories from scanning in version 7.x, ensure that the Excluded
Directories analysis is activated. This analysis allows you to migrate those directories.
4. Go to Fixlets and Tasks, and run the BigFix Inventory software and capacity scans on all your
endpoints to discover your hardware and software inventory through the new infrastructure.
162
Tip: To run a particular Fixlet, select it, and then click Take Action. From the list of applicable
endpoints, you can select all endpoints at the same time instead of targeting each of them separately.
a. Run Install or Upgrade Scanner.
b. Run Initiate Software Scan. This Fixlet becomes accessible only when the scanner is installed.
c. Run Upload Software Scan Results. This Fixlet becomes accessible only when the software scan
finishes collecting the results.
d. Run Run Capacity Scan and Upload Results.
5. Go to Fixlets and Tasks, and run the following Fixlets against your IBM BigFix server to install the
VM Manager Tool:
Note: If the following Fixlets cannot be run against your IBM BigFix server, it means that they were
initiated automatically during the installation and you can omit this step.
a. Run Install VM Manager Tool and wait until the action completes.
b. Run Schedule VM Manager Tool Scan Results Upload.
6. To initiate the VM Manager Tool, log in to BigFix Inventory, and click Management > VM Managers.
Just access the panel to initiate the tool.
7. To run a data import, which is required to process the scan results, click Management > Data
Imports, and then click Import Now.
Results
Data about your software and hardware inventory was collected and uploaded to BigFix Inventory. The
capacity data from your virtual machines is not complete, which is to be expected. The missing results
will be uploaded in the next step after you migrate the VM Managers.
What to do next
Step 5: Migrate your environment.
Optional: Optimizing the software scan

You can change the schedule of software scan either from the IBM BigFix console, or from the BigFix
Inventory user interface.
About this task

Until you complete the migration, your License Metric Tool or Tivoli Asset Discovery for Distributed 7.x
agents and IBM BigFix clients must be installed side by side on your endpoints. The scans from both
applications might run at the same time, which might impact your processor usage. You can change the
scan schedule so that the scans do not run simultaneously.
Note: The schedule of the capacity scan cannot be changed, however it has minimal impact on your
processor usage.
Procedure
v To
1.
2.
3.
4.
5.
change the software scan schedule from the IBM BigFix console, complete the following steps:
Log in to the IBM BigFix console.
Select Initiate Software Scan and click Take Action.
Click the Execution tab.
Select the Run only on check box, and choose a day that does not conflict with the 7.x scans. Click
OK.
v To change the schedule from the BigFix Inventory user interface, complete the following steps:
163
1.
2.
3.
4.

Click Management > Scan Configurations.
Select the data source that you want to change the scan settings for.
Select a new schedule from the Frequency list and specify the start date. Click Save.
Step 5: Migrating your environment

Migration is performed by using the migration tool that can either export your information to csv files,
migrate it directly to version 9.2.1, or run a simulation that allows you to see the expected result without
saving the information on the target.
Before you begin

v Some of the items, such as software instances installed on shared disks, cannot be migrated. To
understand which items are omitted during migration, see Migrated items.
v The migration tool must be run on the same endpoint as the BigFix Inventory server.
v During migration, the following servers must be running: License Metric Tool or Tivoli Asset Discovery
for Distributed 7.x database, IBM BigFix server, and BigFix Inventory server.
v You can run the migration tool repeatedly if you want to break the migration down into parts. The
items that were already migrated are then skipped.
v If you want to migrate to multiple IBM BigFix servers, treat each of them as a separate migration. First
specify the access details to one of the servers and start the migration. When it is completed, change
the access details to another server and repeat the migration.
v If you use TLS 1.2, disable it before the migration.
v If you encounter any problems during migration, see Migration problems to learn how to solve them.
About this task

Migration includes your custom software bundlings, software instances excluded from pricing
calculations, directories excluded from scanning, and definitions of VM Managers. You can also expand it
with the migration of scan groups and the scan schedule. Data about your software and hardware
inventory is not migrated because it was already gathered by the BigFix Inventory scans. The migration
completes this data with information about your choices regarding software classification to re-create
your specific software inventory.
Procedure
1. From the BigFix Inventory installation directory, go to migration/product.
2. Edit the migration.properties file and specify all parameters that are listed in it.
The migration.properties file is a configuration file in which you specify details of the License
Metric Tool or Tivoli Asset Discovery for Distributed 7.x, IBM BigFix, and BigFix Inventory servers. It
also provides customizable settings that can be used to migrate scan groups and the scan schedule.
164
3. Before you start the migration, export the information to csv files to know which items are eligible for
migration. Items that are not included in the export are not migrated.
a. To export the information to csv files, run the following command:
Linux
Windows
./migration.sh -export [-dir directory]

./migration.bat -export [-dir directory]
[-dir directory]
Specifies a directory to save your csv files to. If you omit this parameter, the csv files are
created in the main directory of the migration tool.
b. Check the summary of export that is displayed after the export is completed.
c. Verify the exported information in the csv files that were created. The files list all items that are
eligible for migration. You can later compare those files with reports that are created after the
migration to verify if all of the eligible items were migrated. To properly recognize the created files
and information included in them, see Verifying the export to csv files.
4. Simulate the migration to check which items are migrated without saving them in the target
environment. Items that are not included in the simulation are not migrated.
a. To simulate the migration, run the following command:
Linux
Windows
./migration.sh -migrate [-dir directory] -simulate

./migration.bat -migrate [-dir directory] -simulate
[-dir directory]
Specifies a directory to save your csv files to.
If you omit this parameter, the csv files are created in the main directory of the migration
tool.
b. Check the summary of simulation that is displayed after the simulation is completed.
165
Tip: Items are first exported from the source and then imported to the target application. If the
number of exported and imported items is the same, the items were successfully migrated. Some
items might be skipped if, for example, a BigFix client is not installed on an endpoint. The reason
for skipping such items is provided in the csv reports.
c. Verify the outcome of simulation in the csv reports that were created. The verification is the same
as in the case of complete migration, however only the csv reports can be checked, because the
information is not saved on the target environment. To properly recognize the created reports and
information included in them, see Verifying the simulation and migration reports.
5. Migrate the information directly from the source to the target application.
a. To start the migration, run the following command:
Linux
Windows
./migration.sh -migrate [-dir directory]

./migration.bat -migrate [-dir directory]
[-dir directory]
Specifies a directory to save your csv files to.
If you omit this parameter, the csv files are created in the main directory of the migration
tool.
b. Check the summary of migration that is displayed after the migration is completed. The summary
is the same as the summary of simulation.
c. Verify the outcome of migration in the csv reports that were created. Next, compare the source
and the target environment to ensure that all items were successfully migrated. For more
information, see Verifying the simulation and migration reports.
166
Results
Your custom software bundlings, software instances excluded from pricing calculations, and directories
excluded from scanning were migrated. Scan groups and scan schedules were also migrated. Definitions
of VM Managers were sent to the VM Manager Tool that will use them to connect to those computers
and gather data about their capacity, which is required to properly calculate the PVU consumption.
Depending on the number of your VM Managers, it might take time to connect to all of them and gather
the capacity data.
What to do next
After the capacity data is gathered by the VM Manager Tool, it is uploaded to your IBM BigFix server
every 12 hours, but you can trigger the upload by running the Schedule VM Manager Tool Scan Results
Upload Fixlet from the IBM BigFix Inventory Fixlet site. The data is then transferred from IBM BigFix to
BigFix Inventory with each data import.
To verify if all capacity data was collected and uploaded to the server, run a data import in BigFix
Inventory, and then check the IBM Capacity Data Completeness widget on the dashboard. If all your
computers are in the OK status, your data is accurate and complete. Otherwise, repeat the upload and
data import until all your computers achieve the OK status.
Next step: Verify the migration
Verifying the migration

Start the verification by checking the items that were exported to csv files to recognize those that are
eligible for migration. When the migration is complete, check the reports that were created, and then
compare your source and target environments to verify if the migration succeeded.
Verifying the export to csv files

When you export your information from License Metric Tool or Tivoli Asset Discovery for Distributed
7.x, it is saved in the csv files, each devoted to a particular type of migrated items. Open the csv files and
verify if the migrated items correspond with those that are present in your existing 7.x environment.
Before you begin

Some of the items, such as software instances installed on shared disks, cannot be migrated. To
Procedure
1. Open the agentsmap.csv file.
This file lists the agent mappings that were created after activating the LMT/TAD4D 7.x Agent
Mapping analysis before the migration. The most important information included in this file are the
IDs of your 7.x agents and IBM BigFix clients. If any of the agents are not included in the list or is
missing one of the IDs, the software bundlings and exclusions from this agent are not exported.
2. Open the vmmanagers.csv file.
This file contains the list of exported VM Managers. Verify if the number of VM Managers and their
access details correspond with VM Managers that are defined in the source environment.
3. Open the bundles.csv file.
This file contains the list of exported software bundlings. Verify if the number of products and their
names correspond with software bundlings that are defined in the source environment.
4. Open the excludedsoftware.csv file.
This file contains the list of exported software exclusions. Verify if the number of products and their
names correspond with software exclusions that are defined in the source environment.
167
5. Optional: Open the excludedirectories.csv file.

The file contains the list of all directories excluded from scanning that were exported from the source
environment. To verify if all directories were exported, use the listexclusions command in version 7.x.
6. Optional: Open the agents.csv file.
The file contains the list of all your 7.x agents. You can compare them with agents in the
agentsmap.csv file to recognize how many of them were already mapped and included in the
migration.
7. Optional: Open the scangroups.csv file.
The file contains the list of scan groups and scan schedules that are defined in 7.x. Verify if the
number of scan groups and their schedules correspond with those that are defined in the source
environment.
Export reports:
When you export information from License Metric Tool or Tivoli Asset Discovery for Distributed 7.x, it is
saved in the csv files, each devoted to a particular type of migrated items.
Agent mappings
Agent mappings are exported to the agentsmap.csv file.
Table 44. Description of columns that are in the agentsmap.csv file.
Column
Description
BigFix Client ID
ID of an IBM BigFix client.
LMT/TAD4D 7.x
Agent ID
ID of a 7.x agent.
LMT/TAD4D 7.x
Agent Version
Version of a 7.x agent.
Host Name
Host name of the endpoint where the agent is installed.
Operating System
Operating system of the endpoint where the agent is installed.
VM Managers
Definitions of VM Managers are exported to the vmmanagers.csv file.
Table 45. Description of columns that are in the vmmanagers.csv file.
Column
Description
IP Address
IP address of a VM Manager.
User Name
Credentials used to log in to a VM Manager. The password is encrypted.
Password
URL
Web address of a VM Manager.
Type
Type of VM Manager. It can assume the following values:

1 - Microsoft Hyper-V
2 - VMWare ESX, ESXi, or vCenter
3 - KVM RHEV-M
Shared Credentials
Specifies whether a VM Manager shares credentials with hosts in the same cluster. This
function is available only for Microsoft Hyper-V.
Software bundlings
Software bundlings are exported to the bundles.csv file.
168
Table 46. Description of columns that are in the bundles.csv file.

Column
Description
LMT/TAD4D 7.x
Agent ID
ID of a License Metric Tool or Tivoli Asset Discovery for Distributed 7.x agent.
Component GUID
GUID of the exported component.
Product GUID
GUID of a product that the exported component is assigned to.
Component Path
Installation path of the exported component. In License Metric Tool 7.x, the path is empty.
Component Name
Name of the exported component.
Component Version Version of the exported component.

Product Name
Name of a product that the exported component is assigned to.
Release Version
Version of a product release that the exported component is assigned to.
LMT/TAD4D 7.x
Agent IP Address
IP address of a 7.x agent.
Host Name
Host name of a 7.x agent.
Operating System
Report Group ID
ID of a report group. Items that are not in the default report group are not migrated.
Software exclusions
Software exclusions are exported to the excludedsoftware.csv file.
Table 47. Description of columns that are in the excludedsoftware.csv file.
Column
Description
LMT/TAD4D 7.x
Agent ID
ID of a 7.x agent.
Product GUID
GUID of a product that the excluded release is assigned to.
Reason for
Exclusion
Reason that you specified for excluding a release.
Comment
Comment that you attached to the excluded release.
Product Name
Name of a product that the excluded release is assigned to.
Release Version
Version of the excluded release.
Report Group ID
ID of a report group. Items that are not in the default report group are not migrated.
Host Name
Host name of a 7.x agent.
IP Address
IP address of a 7.x agent.
Agents
The list of all 7.x agents is exported to the agents.csv file. You can compare agents listed in this
file with those that are in the agentsmap.csv file to recognize how many of them were already
mapped and used in the migration.
Table 48. Description of columns that are in the agents.csv file.
Column
Description
ID
Agent ID.
Version
Agent version.
Host Name
IP Address
IP address of the endpoint where the agent is installed.
Operating System
169
Table 48. Description of columns that are in the agents.csv file. (continued)
Column
Scan Group ID
Description
ID of the scan group to which the agent is assigned.
Directories excluded from scanning

The list of all directories that are excluded from scanning in 7.x is exported to the
excludedirectories.csv file.
Table 49. Description of columns that are in the excludedirectories.csv file.
Column
Description
Excluded Directory Directories that are excluded from scanning in 7.x.

Platform
Operating system with the excluded directory.

A directory can be excluded either for a certain type of operating system, for example, for all
Windows systems in your environment, or for a particular agent. If this column contains a
value, then the following columns are empty.
LMT/TAD4D 7.x
Agent ID
ID of an agent with the excluded directory.
IP Address
IP address of an agent with the excluded directory.
Host Name
Host name of an agent with the excluded directory.
Operating System
Operating system of an agent with the excluded directory.
A directory can be excluded either for a certain type of operating system, for example, for all
Windows systems in your environment, or for a particular agent. If this column contains a
value, then the preceding column is empty.

The list of scan groups and scan schedules that are defined in 7.x are exported to the
scangroups.csv file.
Table 50. Description of columns that are in the scangroups.csv file.
Column
Description
Scan Group ID
ID of the scan group from 7.x.
Scan Group Name
Name of the scan group from 7.x.
Scan Start Date
The date and time when the specified scan schedule starts.
Frequency
Frequency with which the scan runs.
Calendar Unit
The type of calendar unit to which the frequency applies. Possible values are days, weeks, and
months.
Number of Agents
Number of 7.x agents that belong to the scan group.
Verifying the simulation and migration reports

When you migrate your information directly from License Metric Tool or Tivoli Asset Discovery for
Distributed 7.x to BigFix Inventory, you can view the summary of migration in the csv reports. The
reports describe the details of migrating your software bundlings, software exclusions, directories
excluded from scanning, VM Managers as well as scan groups and scan schedules. If the information in
those reports is accurate and complete, you can log in to the target application to verify if your software
inventory corresponds with the one in your existing 7.x environment.
Before you begin

Some of the items, such as software instances installed on shared disks, cannot be migrated. To
170
Procedure
1. Open the vmmanagers_report.csv file.
This file shows the summary of migrating your VM Managers. Verify if the number of VM Managers
and their access details correspond with VM Managers that are defined in version 7.x.
For more information about statuses displayed in this report, see Statuses.
2. Open the software_report.csv file.
This file shows the summary of migrating your software bundlings and exclusions. Verify if the
number and details of the migrated items correspond with the software that is available in version
7.x. For more information about statuses displayed in this report, see Statuses.
3. Open the excluded_directories_report.csv file.
This file shows the summary of migrating directories that are excluded from scanning. Verify if the
migrated directories correspond with those that are available in version 7.x. For more information
about statuses displayed in this report, see Statuses.
4. Optional: Open the scan_groups_report.csv file.
This file shows the summary of migrating scan groups and scan schedules. Verify if the number of
scan groups and their schedules correspond with those that are defined in 7.x. For more information
about statuses displayed in this report, see Statuses.
5. Optional: Open the matched_agents_report.csv
This file shows information about whether migrated 7.x agents were assigned to BigFix scan groups.
Results
If some items were not migrated, check the explanation in the csv reports and correct the problems. The
migration can be repeated as many times as you want. In this case, the items that were already migrated
are skipped.
What to do next
Checking the migration reports is sufficient to verify that the migration succeeded. However, to ensure
that the new environment resembles the one from which you are migrating, you can log in to both
applications and verify the migrated items in the user interface. For more information, see Verifying the
items in V7.5 or Verifying the items in V7.2.2.
Migration reports:
When you migrate information directly from License Metric Tool or Tivoli Asset Discovery for
Distributed 7.x to BigFix Inventory 9.2.1, the summary of migration is saved in the csv reports. The
reports are created in the main directory of the migration tool.
Reports
Migrated VM Managers
The summary of migrating the VM Managers is saved to the vmmanagers_report.csv file.
Table 51. Description of columns that are in the vmmanagers_report.csv file.
Column
Description
Item
An item that was migrated. In this report, it always assumes the VMMANAGER value.
Status
Status of a migrated item. It can assume the following values: succeeded, skipped,
or failed.
Description
Explanation of the status. For more information, see Statuses.
URL
Web address of a VM Manager.
User Name
User name that is used to log in to a VM Manager.

171
Table 51. Description of columns that are in the vmmanagers_report.csv file. (continued)
Column
Type
Description
Type of a VM Manager. It can assume the following values:
1 - Microsoft Hyper-V
2 - VMWare ESX, ESXi, or vCenter
3 - KVM RHEV-M
Migrated software bundlings and exclusions

The summary of migrating the software bundlings and exclusions is saved to the
software_report.csv file.
Table 52. Description of columns that are in the software_report.csv file.
Column
Item
Description
An item that was migrated. In this report, it can assume the following values:
BUNDLING - software bundling
EXCLUSION - software exclusion
Status
Status of a migrated item. It can assume the following values: succeeded, skipped,
or failed.
Description
BigFix Client ID
ID of an IBM BigFix client.
LMT/TAD4D 7.x Agent ID
ID of a 7.x agent.
Product Name
Name of the product that the component is assigned to.
Release Version
Version of the product release that the component is assigned to.
LMT/BFI Release GUID
GUID of the product release that the component is assigned to.
LMT/BFI Component Name
Name of the component in the target environment.
LMT/BFI Component Version
Version of the component in the target environment.
LMT/BFI Component GUID
GUID of the component in the target environment.
LMT/TAD4D 7.x Component

Path
Installation path of the migrated component that was discovered by the software
scan in 7.x.
LMT/BFI Component Path
Installation path of the migrated component that was discovered by the software
scan in BigFix Inventory 9.2.1.
Host Name
IP Address
IP address of the endpoint where the agent is installed.
Operating System
Directories excluded from scanning

The summary of migrating directories that are excluded from scanning is saved to the
excluded_directories_report.csv file.
Table 53. Description of columns that are in the excluded_directories_report.csv file.
Column
Description
Status
Status of a migrated item. It can assume the following values: updated, skipped, or
failed.
Description
172
Table 53. Description of columns that are in the excluded_directories_report.csv file. (continued)
Column
Platform
Description
Operating system with the excluded directory.
A directory can be excluded either for a certain type of operating system, for
example, for all Windows systems in your environment, or on a particular agent. If
this column contains a value, then the columns with agent information are empty.
BigFix Client ID
IDs of a IBM BigFix client and a 7.x agent.
A directory can be excluded either for a certain type of operating system, for
example, for all Windows systems in your environment, or on a particular agent. If
these columns contain a value, then the Platform column is empty.
LMT/BFI Directories
Directories that are excluded from scanning in BigFix Inventory 9.2.1.
LMT/TAD4D Directories
Directories that are excluded from scanning in 7.x.
Migrated Directories
Directories that were migrated.

If the same directories are specified both in version 7.x and 9.2.1, they are not
migrated.
Operating System
Operating system of an agent with the excluded directory.
Host Name
Host name of an agent with the excluded directory.
IP Address
IP address of an agent with the excluded directory.

The summary of migrating scan groups and scan schedules is saved to the
scan_groups_report.csv file.
Table 54. Description of columns that are in the scan_groups_report.csv file.
Column
Description
Status
Status of a migrated scan group and scan schedule. It can assume the following
values: succeeded, updated, skipped, or failed.
Description
LMT/TAD4D 7.x Scan Group

Name
Name of the scan group in 7.x.
BigFix Computer Group Name Name of the migrated computer group in BigFix.
LMT/TAD4D 7.x Scan
Schedule
Scan schedule that is specified in 7.x.
BigFix Scan Schedule
Scan schedule that is specified in BigFix after migration.

Because scheduling options that are available in 7.x and BigFix differ, only scan
schedules that can be re-created are migrated. If the schedule cannot be re-created,
this field is empty.
Scan Start Date
The date and time when the specified scan schedule starts.
Schedule Created in BigFix
Information whether the scan schedule was re-created in BigFix.
Information about whether migrated 7.x agents were assigned to BigFix scan groups is saved to
the matched_agents_report.csv file.
Table 55. Description of columns that are in the matched_agents_report.csv file.
Column
Description
BigFix Client ID
ID of the BigFix client.
ID of the 7.x agent.

173
Table 55. Description of columns that are in the matched_agents_report.csv file. (continued)
Column
Description
LMT/TAD4D 7.x Agent

Version
Version of the 7.x agent.
Host Name
Operating System
Scan Group Name
Name of the 7.x scan group to which the agent is assigned.
Assigned to BigFix Computer

Group
Information whether the endpoint is assigned to a BigFix computer group.
Statuses in migration reports:

Each migrated item is described with a status and an explanation that summarizes the result of the
migration.
VM Managers
Succeeded
Items were successfully migrated and no additional action is required.
Skipped
Items were not migrated. The only reason why they can be skipped is because they are already
defined in BigFix Inventory. Such a status might occur if you repeat the migration, in which case
the VM Managers were migrated during the first run.
Failed
This status is not related to problems with items that you want to migrate, but rather to errors
that are returned from the BigFix Inventory or IBM BigFix server. Such a status might be the
result of connection problems. Each of the server errors is saved in the tema.log file, which is
located in the following directory on your BigFix Inventory server:
Linux
/opt/ibm/BFI/wlp/usr/servers/server1/logs/
Excluded directories
Updated
Directories were successfully updated on the IBM BigFix server, which then delivers them to your
endpoints.
Skipped
Items were not migrated. They were skipped for one of the following reasons:
The BigFix client is not installed.
You can migrate the items only from computers that have both the 7.x agent and the IBM
BigFix client installed.
Action: Install an IBM BigFix client and subscribe it to the IBM BigFix Inventory Fixlet
site so that its ID and version can be retrieved.
Directories are already excluded
Directories are already excluded in BigFix Inventory and do not need to be migrated.
Action: No action required. The item exists in the target environment.
Unsupported platform
Directories cannot be migrated because they are excluded on i5 systems, which are not
supported in BigFix Inventory.
174
Failed
The items were not migrated. They failed for one of the following reasons:
The Add Excluded Directories task cannot be found in the LMT/BFI Fixlet site.
The Add Excluded Directories task must be present in the IBM BigFix Inventory Fixlet
site. Your Fixlet site might not be updated to the latest version.
Action: Update the Fixlet site to download the latest content.
The Add Excluded Directories task in the LMT/BFI Fixlet site cannot be initiated.
The task cannot be initiated because the connection to the IBM BigFix server failed.
Action: Check the migration.log file that gives details about this problem.
Software bundlings and exclusions
Succeeded
Items were successfully migrated and no additional action is required.
Skipped
Items were not migrated. They were skipped for one of the following reasons:
The BigFix client is not installed.
You can migrate the items only from computers that have both the 7.x agent and the IBM
BigFix client installed.
Action: Install an IBM BigFix client and subscribe it to the IBM BigFix Inventory Fixlet
site so that its ID and version can be retrieved.
The software exclusion already exists in the target instance.
The software exclusion was already migrated or the same one was created in the target
instance.
The software bundling already exists in the target instance.
The software bundling was already migrated or the same one was created and confirmed
in the target instance.
The report group ID is incorrect.
Only software that belongs to the default report group can be migrated.
Action: Reassign the software instance to the default report group.
The software was not discovered in the target instance.
The component that is included in the bundling was not discovered by the BigFix
Inventory software scan.
The software exclusion could not be migrated because the related software does not exist in
the target instance.
The excluded release was not discovered by the BigFix Inventory software scan.
The component is assigned to a different product in the target instance.
The component in the target instance was assigned to a different product and you
confirmed this assignment. This confirmation created a custom bundling that cannot be
overwritten by the migration.
Action: Log in to BigFix Inventory, and click Management > IBM Software
Classification. Locate the software, and manually reassign it to the correct product.
Shared components cannot be migrated.
Components that are shared between multiple products cannot be migrated.
175
Failed
This status is not related to problems with items that you want to migrate, but rather to errors
that are returned from the BigFix Inventory or IBM BigFix server. Such a status might be the
result of connection problems. Each of the server errors is saved in the tema.log file, which is
located in the following directory on your BigFix Inventory server:
Linux

Succeeded
The scan group and schedule were successfully migrated.
The scan group and scan schedule were successfully migrated and no additional action is
required.
The scan group was successfully migrated. The scan schedule was not migrated because this
option was not specified in the migration.properties file.
The scan group was migrated. The scan schedule was not re-created in BigFix because the
MIGRATE_SCAN_SCHEDULE parameter is set to false in the migration.properties file.
The scan group was successfully migrated. The scan schedule was not migrated because BigFix
does not provide a direct equivalent of the scan frequency.
The scan group was migrated. The scan schedule was not re-created in BigFix because
there is no direct equivalent of the scan frequency. You can define a new scan frequency
in BigFix.
The scan group was successfully migrated. The scan schedule was not migrated because no
agents are assigned to the scan group.
The scan group was migrated. The scan schedule was not re-created in BigFix because no
agents are assigned to the scan group in 7.x.
Updated
The scan group already exists in BigFix but its scan schedule was updated.
The scan group was not migrated because it already exists in BigFix. However, its scan
schedule was updated. If you run the migration multiple times, the existence of a
particular computer group is verified during every run. However, the existence of a
migrated scan schedule is not verified. This means that the scan schedule is re-created
every time you run the migration even if the schedule did not change.
Skipped
The scan group already exists in BigFix. The scan schedule was not migrated because this
option was not specified in the migration.properties file.
The scan group was not migrated because it already exists in BigFix. The scan schedule
was not re-created in BigFix because the MIGRATE_SCAN_SCHEDULE parameter is set to false
in the migration.properties file.
The scan group already exists in BigFix. The scan schedule was not migrated because BigFix
does not provide a direct equivalent of the scan frequency.
was not re-created in BigFix because there is no direct equivalent of the scan frequency.
You can define a new scan frequency in BigFix.
The scan group already exists in BigFix. The scan schedule was not migrated because no
agents are assigned to the scan group.
was not re-created in BigFix because no agents are assigned to the scan group in 7.x.
Failed
176
The scan group was not migrated because an error occurred.

The scan group was not migrated. Try running the migration again.
The scan schedule was not migrated because an error occurred.
The scan schedule was not migrated. Try running the migration again.
The scan group was successfully migrated but one or more computers were not assigned.
The scan group was migrated. However, one or more computers that were assigned to
the scan group in 7.x were not assigned to the computer group in BigFix. Try running the
migration again or assign the computer manually in BigFix.
Verifying the environment

After verifying the migration reports, ensure that the scan groups were created in IBM BigFix, and then
log in to the source and target applications to verify that all items were successfully migrated.
Verifying the items in V7.2.2:
Open the user interface of the source and target applications, and verify that all items were successfully
migrated. Items that can be verified on the user interface are VM Managers, software bundlings, software
instances excluded from pricing calculations as well as scan groups and scan schedules.
About this task
The software inventory is displayed differently between the source and the target applications. In V7.2.2,
the software inventory panel shows a list of products that must be clicked to view the associated
components. In V9.2.1, a software product can be expanded to show the associated components on the
same panel, which facilitates the verification.
Procedure
1. Compare VM Managers.
a. In License Metric Tool or Tivoli Asset Discovery for Distributed 7.2.2, click Infrastructure > VM
Managers.
b. In BigFix Inventory 9.2.1, click Management > VM Managers.
2. Compare custom software bundlings.

a. In License Metric Tool or Tivoli Asset Discovery for Distributed 7.2.2, click Software > Software
Products. The panel lists all software products in your environment.
177
b. Click on a software product to drill down to components that are associated with it.
c. In BigFix Inventory 9.2.1, click Management > IBM Software Classifications. Verify that the
product and its components were migrated.
3. Compare software exclusions.

a. In License Metric Tool or Tivoli Asset Discovery for Distributed 7.2.2, click IBM Audit Reports >
PVU Current Capacity. Each product that is excluded from pricing calculations has no PVU
consumption and a comment saying that its instances are excluded.
b. In BigFix Inventory 9.2.1, click Management > IBM Software Classifications. You can recognize
the excluded product by the exclusion icon next to the product name.
4. Optional: Compare scan groups.

a. In License Metric Tool or Tivoli Asset Discovery for Distributed 7.2.2, click Infrastructure > Scan
Groups.
b. In BigFix, click Computer Groups.
Important: Stand-alone scan groups are not migrated.

5. Optional: Compare scan schedules.
178
a. In License Metric Tool or Tivoli Asset Discovery for Distributed 7.2.2, click Infrastructure > Scan
Groups, and then the name of the scan group.
b. In BigFix, click Actions, and then select the Initiate Software Scan for group group name.
Important:
In BigFix, you can schedule scans to run every 1, 2, 3, 5, 7, 15, or 30 days. Because the options
differ from the options that are available in version 7.x, only scan schedules that can be re-created
in BigFix are migrated. Scan schedules that are defined to run once are not migrated.
If you want to change the schedule for a particular group, stop the Initiate Software Scan for
group group name action, run the Initiate Software Scan fixlet, specify the new schedule, and
choose the relevant computer group.
What to do next
If you are satisfied with the result of migration, you can start removing the 7.2.2 agents from your
environment. Before you do so, remember to run the Map LMT/TAD4D 7.x Agents task from the IBM
BigFix console to save their IDs and versions.
179
Verifying the items in V7.5:

Open the user interface of the source and target applications, and verify that all items were successfully
migrated. Items that can be verified on the user interface are VM Managers, software bundlings, and
software instances excluded from pricing calculations.
Procedure
1. Compare VM Managers.
a. In License Metric Tool or Tivoli Asset Discovery for Distributed 7.5, click Infrastructure > VM
Managers.
b. In BigFix Inventory 9.2.1, click Management > VM Managers.
2. Compare custom software bundlings.

a. In License Metric Tool or Tivoli Asset Discovery for Distributed 7.5, click Software > Manage
Software Inventory.
b. In BigFix Inventory 9.2.1, click Management > IBM Software Classification.
3. Compare software exclusions.

a. In License Metric Tool or Tivoli Asset Discovery for Distributed 7.5, click Software > Manage
Software Inventory.
180
b. In BigFix Inventory 9.2.1, click Management > IBM Software Classification.
4. Optional: Compare scan groups.

a. In License Metric Tool or Tivoli Asset Discovery for Distributed 7.5, click Infrastructure > Scan
Groups.
b. In BigFix, click Computer Groups.
Important: Stand-alone scan groups are not migrated.

5. Optional: Compare scan schedules.
a. In License Metric Tool or Tivoli Asset Discovery for Distributed 7.5, click Infrastructure > Scan
Groups, and then the name of the scan group.
b. In BigFix, click Actions, and then select the Initiate Software Scan for group group name.
181
Important:
In BigFix, you can schedule scans to run every 1, 2, 3, 5, 7, 15, or 30 days. Because the options
differ from the options that are available in version 7.x, only scan schedules that can be re-created
in BigFix are migrated. Scan schedules that are defined to run once as well as hardware scans are
not migrated.
If you want to change the schedule for a particular group, stop the Initiate Software Scan for
group group name action, run the Initiate Software Scan Fixlet, specify the new schedule, and
choose the relevant computer group.
What to do next
If you are satisfied with the result of migration, you can start removing the 7.5 agents from your
environment. Before you do this, remember to run the Map LMT/TAD4D 7.x Agents task from the IBM
BigFix console to save their IDs and versions.
Migrating from Software Use Analysis 2.2

Migration from Software Use Analysis 2.2 to BigFix Inventory 9.2.1 requires that you install the new 9.2.1
server and connect it to the same data source as your Software Use Analysis 2.2. You can then migrate
the endpoints and custom data objects between these two coexisting applications. A direct upgrade from
Software Use Analysis 2.2 to BigFix Inventory 9.2.1 is not supported because of differences between the
two applications.
Overview and requirements

Migration from Software Use Analysis 2.2 to BigFix Inventory 9.2.1 is performed in two stages. First you
migrate your endpoints, either a chosen group or all of them at once, and then you migrate your data
objects.
Overview
To migrate from Software Use Analysis 2.2 to BigFix Inventory 9.2.1, you must first install the 9.2.1 server.
While migrating, the servers are connected to a common IBM BigFix platform, which gives Software Use
Analysis 2.2 access to Fixlets that are necessary to migrate your endpoints.
182
The migration does not limit the number of endpoints that you can migrate at once, but the easiest way
is to divide your environment into computer groups and migrate your endpoints group by group. Data
that was collected from your endpoints before the migration is frozen in Software Use Analysis 2.2, and
you can access it at any time. This data is not migrated, because it can be collected by the new scans
from BigFix Inventory 9.2.1. In other words, historical data is stored in Software Use Analysis 2.2,
whereas all current data is from now on saved in BigFix Inventory 9.2.1. After you migrate the first group
of endpoints, you can proceed to migrating another one, until your whole environment is reporting to the
new version.
Raw data and scan results are not migrated, but you can migrate all customizations that are specific to
your environment. These customizations are computer groups, users, custom signatures, contracts, and
contract custom fields.
Requirements
IBM BigFix platform
IBM BigFix 9.0, 9.1, and 9.2 and all supported databases.
Earlier IBM BigFix server versions must be upgraded to version 9.2.1. For more information, see
Upgrading on Windows systems and Upgrading on Linux systems.
Supported BigFix Inventory (Software Use Analysis) versions
Source: Software Use Analysis 2.2 patch 6 (2.2.150) or later. Earlier versions of Software Use
Analysis 2.2 must be upgraded to at least patch 6.
Target: BigFix Inventory 9.2.1 or later.
User permissions
The migration tool requires the following access:
v To the database for the Software Use Analysis 2.2 server.
v To a BigFix Inventory 9.2.1 user token to access the BigFix Inventory 9.2.1 system via the REST
APIs.
Site subscription
During the migration, you subscribe 2.2 endpoints to the IBM BigFix Inventory site. The
endpoints must also remain subscribed to the IBM Software Inventory site until the end of
migration.
Migrated items
Data objects that you can migrate are users, custom software signatures, computer groups, contracts, and
Computer groups
Computer groups from Software Use Analysis 2.2 are migrated to BigFix Inventory 9.2. If you already
created a group in BigFix Inventory 9.2.1, migration will not create a duplicate computer group.
Prerequisite task
You must manually re-create in your BigFix Inventory 9.2.1 all the custom computer properties
that are used as conditions for computer groups in Software Use Analysis 2.2.
Limitations
v Software Use Analysis 2.2 computer groups that use an ID filter (the ID of the computer) will
not be migrated to BigFix Inventory 9.2.1.
v Software Use Analysis 2.2 computer groups that use data source filters will be migrated only if
the same data sources are defined in your Software Use Analysis 2.2 and BigFix Inventory 9.2.1
deployments.
183
v Descendant computer groups will only be migrated if their parent computer group was
successfully migrated or manually created in BigFix Inventory 9.2.1.
v If a computer group contains, in its definition, data source groups that are related to the BigFix
server that is not defined in BigFix Inventory 9.2.1, that particular computer group will not be
migrated.
v If you have a Software Use Analysis 2.2 computer group that uses a custom computer property
filter that you did not define in BigFix Inventory 9.2.1, the computer group cannot be migrated.
Users
Software Use Analysis 2.2 users with password authentication can be migrated to BigFix Inventory 9.2.1.
Limitations
v Software Use Analysis 2.2 users with authentication methods other than password are not
migrated.
v Users that were manually added to BigFix Inventory 9.2.1 before running the migration tool
will not be processed during migration.
v Migration of LDAP users is not supported, so you must manually create the LDAP users in
BigFix Inventory 9.2.1.
Important: When you are creating Active Directory users in BigFix Inventory 9.2.1 you must
include the domain name in the user name, for example [email protected]. This limitation
causes a mismatch that prevents contracts from being migrated. You can resolve the mismatch
by creating a matching password-authenticated user that matches the Active Directory user
name that is used in Software Use Analysis 2.2.
Custom signatures
Custom signatures from Software Use Analysis 2.2 can be migrated to BigFix Inventory 9.2.
Limitations
v The signature GUID (globally unique identifier) from Software Use Analysis 2.2 is used as the
GUID in BigFix Inventory 9.2.1. If the GUID already exists in BigFix Inventory 9.2.1, the
custom signature will not be migrated.
Contract custom fields

Contract custom fields from Software Use Analysis 2.2 will be migrated to BigFix Inventory 9.2.1.
Limitations
v All contract custom fields that are used in contract definitions must exist in BigFix Inventory
9.2.1.
v All contract custom fields that are required in BigFix Inventory 9.2.1, must be defined also in
Software Use Analysis 2.2.
v If you manually created a contract custom field in BigFix Inventory 9.2.1, the migration tool
will not change the manually created custom field.
Contracts
Contracts that are defined in Software Use Analysis 2.2 can be migrated to BigFix Inventory 9.2.1.
Limitations
v If you defined a contract in BigFix Inventory 9.2.1 with the same name as a Software Use
Analysis 2.2 contract, it will not be migrated.
184
v All users who created contracts in Software Use Analysis 2.2 (including LDAP users) must exist
in BigFix Inventory 9.2.1 before migrating contracts. If the user does not exist, the contract will
not be migrated.
v All computer groups for the contracts must exist in BigFix Inventory 9.2.1 before migrating
contracts. If the computer group does not exist in BigFix Inventory 9.2.1, the contract will not
be migrated.
v The software catalog that is used by BigFix Inventory 9.2.1 must have the software
title/version/release associated with the Software Use Analysis 2.2 contract. If the contract's
software is not in the BigFix Inventory 9.2.1 catalog, the contract will not be migrated.
Adding endpoints by BigFix computer group

You can use BigFix computer groups to incrementally migrate endpoints from Software Use Analysis 2.2
to BigFix Inventory 9.2.1. If you use computer groups, the migration of endpoints can be done one group
at a time.
If you want to migrate many endpoints, you can divide them into computer groups. Each group can then
be migrated one group at a time. This approach makes verification easier and less time-consuming. The
size of a group depends on the number of software instances that are installed on endpoints. When you
migrate endpoints to your BigFix Inventory 9.2.1 environment, as described in Migrating endpoints, select
the endpoints by group.
The BigFix groups must be created before migration. You create computer groups in the BigFix console;
for more information, see Computer groups.
Step 1: Grouping migrated and unmigrated endpoints

You create two computer groups to group endpoints that are migrated and endpoints that are not yet
migrated. After you migrate the first group of endpoints, they are moved from one group to another.
These two groups make it easier to select endpoints when you need to run certain actions.
About this task

These two computer groups do not affect any computer groups that you already have in IBM BigFix. An
endpoint can be in two computer groups at once. These two computers groups help you recognize the
migrated and unmigrated endpoints, and also to target them by certain actions, such as software scans.
Procedure
1. Log in to the IBM BigFix console, and from the menu bar select Tools > Create New Automatic
Computer Group.
2. Enter the name Migrated Computers for the group name, and select Relevance Expression and is true
from the Include computers with the following property list.
This group uses the Migrated_to_SUA9 property to group endpoints that are migrated.
185
3. Click Edit Relevance, enter the following text, and click OK.
exists settings whose (name of it equals "Migrated_to_SUA9" AND value of it = "1") of client
4. From the IBM BigFix console menu bar, select Tools > Create New Automatic Computer Group.
5. Enter the name Unmigrated 2.2 Computers for the group name, and select Relevance Expression and
is true from the Include computers with the following property list.
This group uses the Migrated_to_SUA9 property to group endpoints that are not migrated and that still
report to Software Use Analysis 2.2.
6. Click Edit Relevance, enter the following text, and click OK.
not (exists settings whose (name of it equals "Migrated_to_SUA9" AND value of it = "1") of
client)
Results
You created two computer groups. At this point, all your computers are in the Unmigrated 2.2 Computers
group.
What to do next
Step 2: Applying the migration patch
Step 2: Applying the migration patch

You apply the migration patch to your Software Use Analysis 2.2 to make the changes that are necessary
to complete the migration. You also subscribe your server to a new Fixlet site.
186
Procedure
2. Enable the IBM BigFix Inventory fixlet site.
3. Subscribe your Software Use Analysis 2.2 server to the new Fixlet site. Until you complete the
migration, the server remains subscribed to two Fixlet sites.
a. In the navigation tree, click Sites > External Sites > IBM BigFix Inventory.
b. In the Computer Subscriptions tab, select Computers which match the condition below, and
specify conditions to include your Software Use Analysis 2.2 server.
c. Click Save.
4. Download and apply the migration patch to Software Use Analysis 2.2. This step is required only for
Software Use Analysis 2.2 patch 6, 7, or 8. Starting from patch 10, the migration patch is installed with
the server and this step can be omitted.
The patch replaces the scan_file.rb and raw_datasource_file.rb files with new versions of the files.
a. In the IBM BigFix console navigation bar, click Sites > External Sites > IBM BigFix Inventory >
Fixlets and Tasks.
b. In the upper right pane, select Download the endpoints migration patch for SUA 2.2, and in the
lower pane click Take Action.
c. Select the Software Use Analysis 2.2 server as the target computer.
Note: The Software Use Analysis 2.2 server is stopped temporarily, and will be restarted after the
patch is applied.
Important: If the Software Use Analysis 2.2 service (TEMA) is running under the LocalSystem
account, the patch is installed automatically. The original scan_file.rb and
raw_datasource_file.rb files are backed up to the SUA2.2_install_dir\sua9_migration\
sua2_scan_file_backup_copy directory, and the new files are applied. If the TEMA service is
running under any other account, this task downloads the scan_file.rb and
raw_datasource_file.rb files to the SUA2.2_install_dir\sua_migration\
sua9_downloaded_scan_file directory. You must complete the installation of the patch manually:
1) Stop the Software Use Analysis 2.2 server.
2) Back up the original Software Use Analysis 2.2 scan_file.rb and raw_datasource_file.rb files.
The files must be backed up to a directory outside the SUA_install_dir\work directory.
v Create a backup directory to copy the files to: SUA2.2_install_dir\sua9_migration\
sua2_scan_file_backup_copy.
v Copy the scan_file.rb file from the SUA2.2_install_dir\work\tema\webapp\WEB-INF\
domains\sam\app\models\sam directory into the new directory.
v Copy the raw_datasource_file.rb file from the SUA2.2_install_dir\work\tema\webapp\WEBINF\app\models directory into the new directory.
3) Replace the old files.
187
v Copy the new scan_file.rb file from the SUA2.2_install_dir\sua9_migration\

sua9_downloaded_scan_file directory to the SUA2.2_install_dir\work\tema\webapp\WEB-INF\
domains\sam\app\models\sam directory.
v Copy the new raw_datasource_file.rb file from the SUA2.2_install_dir\sua9_migration\
sua9_downloaded_scan_file directory to the SUA2.2_install_dir\work\tema\webapp\WEB-INF\
app\models directory.
4) Start the Software Use Analysis 2.2 server.
5. Create a computer property in Software Use Analysis 2.2 that can be used to identify migrated
endpoints.
a. Log in to Software Use Analysis 2.2.
b. In the navigation bar click Management > Computer Properties, and click New.
c. In the Create Computer Property pane, specify the name of the property by selecting the
Migrated to SUA9 property from the Data Source Property list. Click Create.
d. Import scan data to enable the new property, in the navigation bar click Management > Imports,
and click Import Now.
What to do next
Step 3: Installing BigFix Inventory 9.2.1
Step 3: Installing BigFix Inventory 9.2.1

You install BigFix Inventory 9.2.1 and configure database connections to use the same data source as the
data source used for your Software Use Analysis 2.2 installation.
Procedure
2. Subscribe an endpoint on which you want to install BigFix Inventory 9.2.1 to the new Fixlet site.
Tip: It can be the same endpoint as your Software Use Analysis 2.2 server if it fulfills all hardware
requirements.
b. In the Computer Subscriptions tab, select Computers which match the condition below, and
specify conditions to include the endpoint.
188
c. Click Save.
3. Download BigFix Inventory 9.2.1.
4. Install BigFix Inventory 9.2.1.
v Install in interactive mode.
v Install in silent mode.
5. Configure connections for BigFix Inventory 9.2.1.
6. Run the initial import by clicking Import Now.
What to do next
Step 4: Migrating endpoints
Step 4: Migrating endpoints

To migrate your endpoints to BigFix Inventory 9.2.1, you suspend the collection of data into Software Use
Analysis 2.2, mark the endpoints to migrate, and then enable the collection of data into 9.2.1 by starting
the new scans.
About this task

You can migrate single endpoints or all of them at once, but if your environment is divided into
computer groups, use them to migrate your endpoints group by group. Such an approach gives you more
control over the migration and if you decide to postpone it for some computer groups, you can restart
the collection of data into Software Use Analysis 2.2 for chosen endpoints by resuming the scans. For
more information about creating computer groups, see Adding endpoints by BigFix computer group on
page 185.
Procedure
2. Stop all Software Use Analysis 2.2 actions.
a. In the navigation tree, click Actions.
b. Select all open actions for the IBM Software Inventory site, right-click, and select Stop.
3. Subscribe the first computer group to the new Fixlet site.

b. In the Computer Subscriptions tab, select Computers which match the condition below.
c. Specify conditions to subscribe single endpoints, or select a computer group to subscribe the whole
group.
189
d. Click Save. Your endpoints are subscribed.

4. Activate the migration analysis to be able to recognize which endpoints are migrated.
a. In the Fixlet site, click Analyses.
b. Select the SUA 2.2 Endpoint Migration analysis, right-click, and select Activate.
c. After you mark the endpoints to be migrated, they will be listed in the Results tab.
5. Select the endpoints to be migrated from 2.2 to 9.2.1.
a. In the Fixlet site, click Fixlets and Tasks.
b. Select Migrate SUA 2.2 Endpoints and click Take Action.
c. Select the endpoints that you want to migrate. You can select computers individually or by group,
however the groups must be previously defined.
6. Initiate the BigFix Inventory 9.2.1 software and capacity scans for the migrated endpoints, and
activate all analyses.
a. In the Fixlet site, click Analyses. Select all analyses, right-click, and then click Activate.
b. Click Fixlets and Tasks, and run the following tasks to start scanning:
Tip: To run the tasks only against the migrated endpoints, after you click Take Action, open the
Target tab. Select the Dynamically target by property check box, and then choose the Migrated
Computers group.
1) Run Install or Upgrade Scanner.
2) Run Initiate Software Scan. This tasks becomes relevant only when the scanner is installed.
3) Run Upload Software Scan Results. This task becomes relevant only when the software scan
finishes collecting the results.
4) Run Run Capacity Scan and Upload Results.
7. After scans complete collecting the data for migrated endpoints, import it into BigFix Inventory 9.2.1.
190
a. Log in to BigFix Inventory 9.2.1

b. In the navigation bar, click Management > Imports.
c. Click Import Now.
The scan results for the migrated endpoints are now available in BigFix Inventory 9.2.1. Software
inventory reports for migrated endpoints are now reported only in BigFix Inventory 9.2.1. Migrated
endpoints will no longer report in Software Use Analysis 2.2, but the data collected so far is frozen
and you can access it.
8. Repeat the preceding steps to migrate another computer group.
9. Optional: If you want to postpone the migration of remaining endpoints, you can restart the following
Software Use Analysis 2.2 actions for unmigrated endpoints to resume the collection of data about
your software.
v Initiate Software Scan
v Upload Software Scan Results
a. In the navigation tree, click Sites > External Sites > IBM Software Inventory > Fixlets and Tasks.
b. Select Initiate Software Scan, and click Take Action.
c. In the Target tab, click Dynamically target by property, and select the Unmigrated 2.2 Computers
group. Click OK.
d. Select Upload Software Scan Results, and click Take Action.
e. In the Target tab, click Dynamically target by property, and select the Unmigrated 2.2 Computers
group. Click OK.
What to do next

You verify that endpoints are successfully migrated by checking that Software Use Analysis 2.2 is no
longer collecting data for migrated endpoints.
Procedure
1.
2.
3.
4.
5.
Log in to Software Use Analysis 2.2, in the navigation bar, click Reports > Computers.
In the upper-right corner, click Configure View to access the filtering options.
Select the Migrated to SUA9 check box, and click Submit.
Order the report columns by the Migrated to SUA9 column.
Check the value in the Migrated to SUA9 column is set to True for a selection of computers that you
migrated.
Identifying migrated endpoints in BigFix Inventory 9.2.1

You can use the same steps to identify migrated endpoints in BigFix Inventory 9.2.1. To do this, you must
first create a new property in BigFix Inventory 9.2.1.
Procedure
1. Log in to BigFix Inventory 9.2.1, in the navigation bar click Management > Computer Properties, and
click New.
2. In the Create Computer Property pane, specify the name of the property by selecting the Migrated to
SUA9 property from the Data Source Property list. Click Create.
191
3. Import scan data to enable the property, in the navigation bar click Management > Imports, and click
Import Now.
4. Configure the view in your Computers report to display the Migrated to SUA9 column.
Note: If you compare some reports between Software Use Analysis 2.2 and BigFix Inventory 9.2.1, a
number of differences might be present. These dissimilarities are due to catalog differences between
the versions.
What to do next
Step 6: Migrating data objects
Step 6: Migrating data objects

You can migrate your data objects directly into BigFix Inventory 9.2.1. You can also run a simulation to
see the expected result of the migration without saving the information in the target installation.
Before you begin

v During migration, the BigFix Inventory 9.2.1 server must be running.
v You can run the migration tool repeatedly if you want to break down the migration into parts. The
items that are already migrated are skipped.
v If you want to migrate to multiple BigFix Inventory servers, treat each of them as a separate migration.
First, specify the access details to one of the servers and start the migration. When it is completed,
change the access details to another server and repeat the migration.
v If you encounter any problems during migration, see the migration.log file for more details.
v Before you start the migration of your data objects, you must re-create the computer properties and
user roles in the BigFix Inventory 9.2.1 UI. For more information, see: Setting up roles on page 94
and Setting up computer properties on page 98.
About this task

Migration includes your custom data for users, computer groups, catalog signatures, contracts, and
Note: Before starting the migration, make sure that your BigFix Inventory 9.2.1 server is not running an
import. Migration cannot be done while an import is running.
Procedure
1. From the BigFix Inventory 9.2.1 installation directory, go to migration/SUA_2.x.
2. Edit the migration22.properties file and specify all parameters that are listed in it.
The migration22.properties file is a configuration file in which you specify details of the Software
Use Analysis 2.2 server.
192
3. Simulate the migration to check which items are migrated without saving them in the target
environment. Items that are not included in the simulation are not migrated.
a. To simulate the migration, run the following command:
Linux
./migration.sh -migrate [-dir directory] -simulate
migration.bat -migrate [-dir directory] -simulate

Where -dir directory specifies a directory to save your csv files to. If you omit this parameter,
the csv files are created in the root directory of the migration tool.
b. Check the summary of simulation that is displayed after the simulation is completed.
Windows
Total computer groups from SUA 2.2: 8

Computer groups added: 0
Computer groups skipped: 5
Computer groups failed: 3
Total
Users
Users
Users
users from SUA 2.2: 2

added: 0
skipped: 2
failed: 0
Total custom signatures from SUA 2.2: 3

Custom signatures added: 0
Custom signatures skipped: 3
Custom signatures failed: 0
Total contract custom fields from SUA 2.2: 5
Contract custom fields added: 0
Contract custom fields skipped: 5
Contract custom fields failed: 0
Total contracts from SUA 2.2: 3
Contracts added: 1
Contracts skipped: 2
Contracts failed: 0
c. Verify the outcome of the simulation in the five csv reports that are created. Only the csv reports
can be checked because the information is not saved to the target environment. To properly
recognize the created reports and information included in them, see Verifying the completed
migration.
Note: The import of some data elements depends on the import of other data elements and the
simulation does not verify whether dependent elements were migrated. You must check all the
existing dependencies yourself.
Example:
After you migrated all BigFix Inventory users, in the csv report there is information that a
user was imported successfully but the user is not linked to a computer group. Review the
computer_groups_report.csv report to verify that the computer group for this particular user
was migrated. The same dependency exists in case of contracts: they will be imported only
after all other data items were imported successfully.
4. Migrate the information directly from Software Use Analysis 2.2 to BigFix Inventory 9.2.1.
a. To start the migration, run the following command:
Linux
./migration.sh -migrate [-dir directory]
migration.bat -migrate [-dir directory]

Where -dir directory specifies a directory to save your csv files to. If you omit this parameter,
the csv files are created in the root directory of the migration tool.
b. Check the migration summary that is displayed after the migration is completed. The summary is
the same as the simulation summary.
c. Verify the outcome of migration in the csv reports that are created.
Windows
193
d. Compare the source and the target environment to ensure that all items were successfully
migrated. For more information, see Verifying the completed migration.
Results
Your Software Use Analysis 2.2 customizations were migrated to your BigFix Inventory 9.2.1 server.
What to do next
Step 7: Verifying the completed migration
Step 7: Verifying the completed migration

When you migrate your information directly from Software Use Analysis 2.2 to BigFix Inventory 9.2.1,
you can view the summary of simulation or migration in the five csv reports. The reports describe the
details of migrating computer groups, users, custom software signatures, contract custom fields, and
contracts. If the information in those reports is accurate and complete, you can log in to BigFix Inventory
9.2.1 to verify that your custom data was migrated.
About this task

For more information about statuses that are displayed in the reports, see Statuses.
Procedure
1. Open the computer_groups_report.csv file.
Verify that the computer groups in the report correspond with the computer groups in Software Use
Analysis 2.2.
2. Open the users_report.csv file.
Verify that the users in the report correspond with users in Software Use Analysis 2.2.
3. Open the custom_signatures_report.csv file.
Verify that the signatures in the report correspond with the custom signatures in Software Use
Analysis 2.2.
4. Open the contract_custom_fields_report.csv file.
Verify that the contract custom fields in the report correspond with the contract custom fields in
Software Use Analysis 2.2.
5. Open the contracts_report.csv file.
Verify that the contracts in the report correspond with the contracts in Software Use Analysis 2.2.
Results
If some items were not migrated, check the explanation in the csv reports and correct the problems. The
migration can be repeated as many times as you want. Items that are already migrated are skipped.
What to do next
Run a data import for the migrated data items to be visible in your reports.
Migration reports
When you export information from Software Use Analysis 2.2, it is saved in the csv files, each dedicated
to a particular type of migrated item.
Computer groups
194
Table 56. Description of columns that are in the computer_groups_report.csv file

Column
Description
Item
User.
Status
Succeeded, Skipped, Failed.
Description
Reason for the status.
Computer Group
Name
Name of the computer group.
Computer Group
Parent Name
Name of the parent computer group.
Computer Group
Description
Description of the computer group.
Computer Group
Definition
Definition of the computer group.
Users
Table 57. Description of columns that are in the users_report.csv file
Column
Description
Item
User.
Status
Description
User name
User name in the Software Use Analysis 2.2 environment.
Contact Info
Other contact information.
Email Address
The user's email address.
Locale
The locale that is set in the user's computer.
Roles
The roles that are assigned to the user.
Computer Group
The name of the computer group that the user can access.
Custom signatures
Table 58. Description of columns that are in the custom_signatures_report.csv file
Column
Description
Item
User.
Status
Description
Publisher
Publisher of the signature.
Publisher GUID
Globally Unique Identifier of the publisher.
Software component
Name of the software component.
Software component
GUID
Globally unique identifier of the software component.
Signature GUID
Globally unique identifier of the software signature.
File Rules
Filter parameters used for file-based signatures.
Filter Rules
Filter parameters used for package-based signatures.
Contract custom fields
195
Table 59. Description of columns that are in the contract_custom_fields_report.csv file.

Column
Description
Item
User.
Status
Description
Name
Name of the custom field.
Type
Type of data (string, integer, float, Boolean or date).
Required
Indicates whether the field is required.
Contracts
Table 60. Description of columns that are in the contracts_report.csv file.
Column
Description
Item
User.
Status
Description
Contract Name
Name of the contract.
Software Names
Names of the software products, versions, and releases that were purchased under the
contract.
User Name
Name of the user.
Access Computer
Group Name
The computer group that a user had access to while creating the contract.
Computer Group
Name
Name of the computer group.
Seats
Number of users who have access to the software product under a particular contract.
Acquisition Cost
The cost of purchasing a software product.
Maintenance Cost
The cost of purchasing maintenance plan for a software product.
Entitlement Start
The start date for a particular contract.
Entitlement End
The end date for a particular contract.
Maintenance Start
The maintenance plan start date for the software products.
Maintenance End
The maintenance plan end date for the software products.
Contract custom field

(can occur multiple
times)
The values of the custom fields.
Statuses in migration reports

Each migrated item is described with a status and an explanation that summarizes the result of the
migration.
Succeeded
Item was successfully migrated.
Additionally, some warnings can be displayed during simulation. For example:
The contract was added to BFI 9.x, but some warnings were reported: User name user_name
does not exist.
You must check the users_report.csv file to verify that the user named user_name was
successfully migrated. For more information, see the warning information in Step 6:
Migrating data objects.
196
Skipped
Items were not migrated because they are already defined in BigFix Inventory 9.2.1. Such a status
might occur if you repeated the migration, in which case the items were migrated during the
previous migration.
Failed
This status can be related to the problems with items that you want to migrate as well as to the
errors that are returned from the BigFix Inventory 9.2.1 server. Such a status might be the result
of connection problems. Each of the server errors is saved in the tema.log file, in the following
directory on your BigFix Inventory server.
v
Linux
Windows
\Program Files\IBM\BFI\wlp\usr\servers\server1\logs
Examples of messages for failed actions:

Table 61. Messages for failed actions
Failed computer
group migration
Cannot add the computer group to BFI 9.x: Definition is invalid. Computer Property ID
is not supported.
The computer group cannot be migrated because the field ID was used in the
computer group definition.
Cannot add the computer group to BFI 9.x: Definition is invalid. Computer Property
CUSTOM_PROPERTY is not supported.
The computer group cannot be migrated because the custom property was not
created in BigFix Inventory 9.2.1.
Cannot add the computer group to BFI 9.x: Parent does not exist.
The child computer group cannot be imported into BigFix Inventory 9.2.1 because its
parent computer group was not migrated.
Cannot add the computer group to BFI 9.x: Data source for host host_name does not
exist. The computer group cannot be migrated because a data source that does not exist
was added to its definition.
Cannot add the computer group to BFI 9.x: Data source group data_source_group_ID for
data source host host_name does not exist.
The computer group cannot be migrated because a data source group was defined
for a data source that does not exist in BigFix Inventory 9.2.1.
Failed user
migration
Cannot add the user to BFI 9.x: Role role_name does not exist.
The user cannot be migrated to BigFix Inventory 9.2.1 because the role role_name was
not created.
197
Table 61. Messages for failed actions (continued)

Failed contract
migration
Contracts import failed. Software software_name does not have a signature that is
assigned to it.
The import of contracts failed because the product that was specified in the contract
did not have a signature in the catalog that was imported into BigFix Inventory
9.2.1.
Cannot add the contract to BFI 9.x: Computer Group group_name does not exist.
The contract cannot be imported into BigFix Inventory 9.2.1 because the computer
group for which the contract was created was not migrated.
Cannot add the contract to BFI 9.x: User name user_name does not exist.
The contract cannot be imported into BigFix Inventory 9.2.1 because the user who
created it was not migrated.
Cannot add the contract to BFI 9.x: Contract custom field custom_field_name does not
exist. The contract cannot be migrated because the contract custom field for this particular
contract was not created in BigFix Inventory 9.2.1.
Cannot add the contract to BFI 9.x: Software software_name 1.2 does not exist.
The contract cannot be migrated because it was created for the software title (or
version or release) that does not exist in the catalog that was imported into BigFix
Inventory 9.2.1.
Increasing the number of file and filter rules for custom signatures
If your Software Use Analysis 2.2 was earlier upgraded from version 1.3, you might encounter a problem
while migrating custom signatures to version 9.2. The problem occurs when the signatures consist of
more than five file rules and five package rules. Such signatures were supported in version 1.3 and it was
possible to migrate them to version 2.2. However, they are no longer supported in version 9.2. To migrate
such signatures, increase the maximum number of custom rules.
Procedure
1. Stop the BigFix Inventory 9.2.1 server.
2. To be able to migrate the signatures, open the signatures_controller.rb file that is in the
BFI_install_dir/wlp/usr/servers/server1/apps/tema.war/WEB-INF/domains/sam/app/controllers/
catalog_manage/sam directory and modify the following parameter:
MAX_CUSTOM_RULES=number_of_rules
For example:
MAX_CUSTOM_RULES=15
3. To be able to edit the migrated signatures after the migration is complete, open the
catalog_entry-identifier.js file that is in the BFI_install_dir/wlp/usr/servers/server1/apps/
tema.war/assets/sam/catalog directory and modify the following parameter:
MAX_CUSTOM_RULES=number_of_rules;
For example:
MAX_CUSTOM_RULES=15;
4. To validate custom signature imports, update the signatures.xsd file that is in the
BFI_install_dir/wlp/usr/servers/server1/apps/tema.war/WEB-INF/domains/sam/schemas directory
and modify the maxOccurs parameter in the FileRuleType and PackageFilterRuleType elements to
reflect the new File and PackageFilter limits. The value must be the same as the value that you
specified in the MAX_CUSTOM_RULES in step 2.
maxOccurs="15"
Example:
198
<xs:element name="File" maxOccurs="15" minOccurs="1" type="FileRuleType"/>

<xs:element name="PackageFilter" maxOccurs="15" minOccurs="1" type="PackageFilterRuleType"/>
5. Start the BigFix Inventory 9.2.1 server.

6. Rerun the migration.
What to do next
If you are not able to edit the signatures after the migration completes, clear the browser cache.
199
200
Chapter 5. Managing the infrastructure

The topics in this section provide instructions for running the scans to discover
information about software and hardware in your IT infrastructure. You can manage
how IBM BigFix Inventory handles the discovery of computers and devices on your
network, view a summary of the processors in your IT infrastructure, and manage
virtual machine managers.
Scalability guide
Scalability guide is intended to help system administrators plan the BigFix Inventory infrastructure and
to provide recommendations for configuring the BigFix Inventory server to achieve optimal performance.
The guide explains how to:
v Divide computers into scan groups.
v Schedule software scans.
v Run data imports.
It also provides information about other actions that can be undertaken to avoid low performance. The
guide is available on the BigFix Inventory wiki.
Infrastructure administrator dashboard

The dashboard provides you with a quick overview of the most important information about scans and
the endpoints in your infrastructure.
Deployment Health
The widget shows whether agents are connecting to the BigFix server, their outdated versions, and the
most important issues that might occur while agents are operating such as problems with disk space or
missing software prerequisites.
Elements of the widget
1
The total number of computers to which the user has

access. The number is determined by the computer group
access that is granted to that user.
2
Links to the detailed reports.
The number of computers with a particular status.
4 Link to information about actions that you can take to

solve agent problems.
Important: The total number of computers that is shown on

the widget includes Mac computers. However, information
about deployment health is not collected from these systems.
Thus, they are not included in the counts for particular
statuses.
201
Scan Health
The widget shows the health of scans that are running in your infrastructure. You can drill down to
reports for specific computers with scan problems. By sorting the columns of a report, you can quickly
understand which computers are failing which specific software scan types.
Important: The Software Scan Status analysis must be enabled for the widget to show valid data. If the
analysis is not activated, all computers are reported with a Failed Scan, Missing Software Scan, and
Outdated Catalog.
1
1 The total number of computers that a user has access

to view. The number of computers that a user can view
is determined by the computer group access that is
granted to that user.
2
Links to detailed reports.
The number of computers with a particular status.
Link to information about scan problems.
Important: The total number of computers that is shown on

the widget includes Mac computers. However, only
information about the status of the package data scan is
collected from these systems. Therefore, Mac computers are
included in the count for the Failed Scan status. They are
not included in the counts for the remaining statuses.
Viewing hardware inventory

You can use the hardware inventory report to verify the completeness of hardware information and to
analyze the processor value unit (PVU) capacity.
Before you begin

You must have the Manage VM Managers and Servers permission to perform this task.
Procedure
1. In the top navigation bar, click Reports > Hardware Inventory.
2. If the status of the computer is No VM Manager Data, click the name of the status. You will be
redirected to the VM Managers panel on which you can correct the configuration of the VM manager.
Computer statuses
Agent statuses provide information about the condition of the agents in your infrastructure. To properly
discover software, ensure that agents in your environment work correctly.
OK
There are no problems with the agent. No actions are required.
No Scan Data
202
Hardware inventory data from the capacity scan is missing. To solve the problem, schedule a capacity
scan or run it manually on this computer, and upload its results.
No Host Scan Data
The agent is not installed on the host operating system. Depending on the virtualization technology,
perform one of the following actions:
HP Integrity VM
Install an agent and wait until it uploads the capacity scan results or upload them manually.
Solaris Container/Zones or Logical Domains (LDOM)
Install the agent in the global zone on the control domain and in other global zones. Wait until it
uploads the capacity scan results or upload them manually.
No VM Manager Data
Hardware inventory data from the server is incomplete because the VM Manager is not defined for the
host operating system.
Restriction: To use VM managers, ensure that the following conditions are fulfilled:
v You have sufficient rights to collect information about the complete virtualization topology including
virtual machines, hosts, clusters, and relations among them.
v The UUIDs of virtual machines and hosts are valid and in scope of the particular virtualization
technology.
v Information about the number of processors, total number of cores, and processor description is
available.
To solve the problem, perform one of the following actions.
v Check whether the VM Manager is connected.
v Check whether any clusters in your infrastructure are defined under the same name. In the VMware
environment, it is not possible to create two clusters with the same name in the same data center.
However, vCenter can manage several data centers at the same time. It means that it might control
clusters with the same name defined in different data centers. Thus, if some clusters share a name,
rename them to keep each name unique.
v Check whether the value of the computerVmManagerDetachmentPeriod parameter is higher than the
frequency with which data is retrieved from VM Managers. The interval between consecutive retrievals
of data is set in the vmm_polling_time_interval parameter and is 30 minutes by default. If the idle
time after which a computer that is managed by a VM Manager is considered detached is lower,
change the value of the computerVmManagerDetachmentPeriod parameter.
v Depending on the virtualization technology, perform one of the following actions:
VMware ESX(i)
Configure the VM manager in the user interface.
Hyper-V or KVM
Configure the VM manager in the user interface.
KVM - RHEV-M
If one or more computers have the No VM Manager Data status, even though you correctly
configured the VM manager connection, perform the following actions. If the Server ID on the
Hardware Inventory panel is in the TLM_VM_UUID_of_the_VM format, check whether the UUID is
correctly set on the machine. If two or more virtual machines have the same UUID, manually
set unique UUIDs for these machines. Note, that virtual machines can operate on different
hosts.
203
Managing VM managers
VM managers are pieces of software that create, manage, and monitor virtual machines. The
configuration of VM managers is needed to gather information that is required to properly calculate the
license consumption on your virtual machines.
About this task

In virtualized environments, resources that are available to virtual machines are dynamically allocated
based on current needs. When a virtual machine is not performing any processor-intensive tasks,
processor cores that are allocated to it might be assigned to other virtual machines that need them to
handle their workload. Because of these dynamics, BigFix Inventory cannot scan virtual machines to
recognize how many cores they use, because this number constantly changes. Without precise
information about processor types and the number of cores available to software, BigFix Inventory cannot
report the PVU and RVU MAPC consumption that is required to maintain license compliance.
To collect this information, BigFix Inventory needs access to VM managers that control resources that are
available to your virtual machines. With such access, BigFix Inventory can check the number of cores on
the physical computer system that hosts your virtual machines, and see the allocation and usage of these
resources.
To scan VM managers, BigFix Inventory uses VM Manager Tool. This application connects to VM
managers and gathers data about their capacity, focusing on processors, their type, and usage. All this
data is then imported to BigFix Inventory, which can use it to properly calculate your license
consumption.
You can choose between two types of VM management, or a combination of them. The choice depends
on the specifics of your environment.
Supported virtualization types

BigFix Inventory supports three types of virtualization: VMware vSphere, Microsoft Hyper-V, and
Kernel-based Virtual Machine.
Table 62. Supported virtualization types and versions
Virtualization Type
VMware
Version
Requirements
ESX
3.0, 3.5, 4.0, 4.1
ESXi
3.5, 4.0, 4.1, 5.0, 5.1,

5.5, 6.0
At least read-only rights to all VMs. See Verifying

permissions.
vCenter
2.0, 2.5, 4.0, 4.1, 5.0,

5.1, 5.5, 6.0
Microsoft Hyper-V
KVM
Windows Server 2008, WinRM configured on all hosts. See Configuring

2008 R2, 2012, and
WinRM.
2012 R2
RHEV-M
3.0, 3.1
VMware vSphere
VMware vSphere is one of the virtualization technologies supported by BigFix Inventory.
Purpose
This solution consists of two products: a VMware ESX (or ESXi) hypervisor and a VMware vCenter
server. Both of these components provide the API that can be used to extract information concerning
204
virtual machines in your infrastructure. The section below shows the differences between these two
varieties.
ESX or ESXi
It is an operating system that hosts virtual machines. It is enough to connect to a specific ESX if you do
not use any software deployed in a clustered environment. However, if an ESX is controlled by a vCenter,
it is recommended to connect a given VM manager to it via the vCenter. This is because BigFix Inventory
needs data from every ESX box (every box that hosts a virtual machine where the CIT scanner is
installed). If you choose a connection via ESX, you have to define all the ESX boxes separately in the VM
Managers panel. If you have a vCenter deployed, you can manage all the ESX boxes via this server (it
saves time and decreases the network load).
Note: Changing the Universally Unique Identifier (UUID) on ESX virtual machines may lead to
overcharging because when the identifier is changed, BigFix Inventory recognizes it as a brand new
virtual machine.
The default URL that is to be used (it may vary in your environment if the administrator of the ESX box
has changed the configuration of the API, for example, if the HTTP protocol is used instead of the HTTPS
one):
https://ESX_IP_address/sdk
For version 5.5 and higher:

https://ESX_IP_address/sdk/wimService.wsdl
Supported versions:
ESX
3.0, 3.5, 4.0, 4.1
ESXi
3.5, 4.0, 4.1, 5.0, 5.1, 5.5 and 6.0
IBM BigFix server
Client-server
communication
Server-ESX API
communication
ESX box
vCenter
It is used for managing computer systems on which virtual machines are installed. You have to use it if
your software is installed in a clustered environment. Instead of connecting to each ESX box separately,
you connect to all ESX boxes via a vCenter, whose main role is to retrieve data from them. Therefore, it is
beneficial to you to connect to ESX boxes through a vCenter even if you do not have a clustered
environment because in this way you can reduce the network traffic.
The default URL that is to be used (it may vary in your environment if the administrator of the vCenter
changed the configuration of the API, for example, if the HTTP protocol is used instead of the HTTPS
one):
https://<vCenter_IP_address>/sdk
205
For version 5.5 and higher:

https://<vCenter_IP_address>/sdk/wimService.wsdl
Supported versions:
vCenter 2.0, 2.5, 4.0, 4.1, 5.0, 5.1, 5.5 and 6.0
VMWare ESX cluster
IBM BigFix server
Client-server
communication
Augment agents
information
VMWare Virtual
Center server
ESX box
ESX box
Manages and
collects data
ESX box
Verifying permissions for VMware communication:

Users must have sufficient privileges to collect all the data from the VM managers for VMWare. The user
must have at least read-only rights to all VMs on which the agents are running.
Before you begin
You verify whether users have sufficient privileges in the VMware Infrastructure Client. The user must
have the correct access privileges for VMs on which the endpoints are running, and for the hosts of the
VMs. If a user has insufficient privileges, agents return a No VM Manager Data status.
This procedure describes how to enable read-only rights for all elements in a virtual topology.
Read-access is required only to the VMs on which the endpoints are running and to hosts of these VMs.
However, the easiest way to set access permissions is to configure read-only access for all elements in a
virtual topology.
Procedure
1. To extend the privileges for the user, log in to VMware Infrastructure Client with a user that has
administrator rights.
2. Right-click on the left bar and choose Hosts and Clusters.
3. Go to Permissions tab, right-click anywhere in the section, and then click Add Permission.
4. In the Assign Permissions panel, click Add, choose the user, and then click OK.
5. Choose Read-Only as an Assigned Role.
6. Select the Propagate to Child Objects check box, and click OK.
Microsoft Hyper-V
Microsoft Hyper-V is one of the virtualization technologies that are supported by BigFix Inventory. It is
the successor of Microsoft Virtual Server.
206
Purpose
To retrieve information about the measures and virtualization structure of virtual machines, define the
Hyper-V hypervisors as VM managers on the BigFix Inventory server. They are able to expose required
data via the WS-MAN protocol.
Note: By default, Windows Remote Management Service (WinRM), which provides data by using the
WS-MAN protocol, is disabled for remote connections. To learn how to enable it, see Configuring
WinRM on Hyper-V hosts on page 209. WinRM must be configured for all members of the Hyper-V
cluster.
Microsoft Hyper-V (standalone)
IBM BigFix server
Server-hypervisor
communication
Client-server
communication
Hyper-V hypervisors
Server
Server
Server
In the case of clusters, two approaches exist:

1. Define all Hyper-V servers that are a part of the cluster in the VM Managers panel. If any servers are
missing, they are in the Incomplete definition status.
2. If all members of the cluster have at least one common set of credentials that has privileges to access
the WS-MAN interface (for example, the domain user), define one computer system from the cluster
as a VM manager. Then, select the option to share credentials. The BigFix Inventory server uses the
credentials to connect to the Hyper-V that you defined in the user interface. Then, it extracts
addresses of the remaining cluster members and connects to them by using the same credentials.
207
Microsoft Hyper-V (cluster) - two approaches
Server-hypervisor
communication
Server-hypervisor
communication
IBM BigFix server
Client-server
communication
Hyper-V cluster A
Client-server
communication
Hyper-V cluster B
(common credentials)
Server
Server
Server
Server
Server
Server
Communication interface
You can choose to use PowerShell or NTLM as the communication interface for Hyper-V. For both
communication interfaces, the user name must contain the domain name and be defined as
domain\user_name or user_name@domain. For example: cluster.com\test or [email protected]. If the target
server is not in a domain, specify its host name as the domain. For example: hostname\test or
test@hostname.
PowerShell
PowerShell is a framework for managing the automation and configuration of tasks and can use
the RPC protocol. In order for BigFix Inventory to use PowerShell for retrieving the information
from VM managers, the VM Manager Tool must be installed on a Windows computer. The
computer must also meet the following requirements:
v Microsoft RPC communication with Microsoft Hyper-V cannot be blocked by a firewall
v Microsoft PowerShell 2.0 or higher must be installed
v Microsoft.NET Framework 3.5 or higher must be installed
The use of PowerShell depends on the operating system of your IBM BigFix server, because the
main VM Manager Tool is installed along with the server:
Windows
You configure a Hyper-V VM manager in the BigFix Inventory UI and choose
PowerShell as the communication interface.
208
You use advanced VM management to install additional VM Manager Tool on any

Windows computer, and then specify a Hyper-V VM manager in a configuration file. Such a
VM manager is not visible in the UI, but is managed through the VM Manager Tool command
line. For more information, see Advanced VM management.
Linux
NTLM
NTLM is a suite of protocols that are used for user authentication, integrity, and confidentiality,
and uses the WS-MAN protocol. In order for BigFix Inventory to use NTLM for retrieving the
information from VM managers:
v NTLM must be in version 1 or 2
v You must configure Windows Remote Management Service (WinRM) for all members of the
Microsoft Hyper-V cluster. For more information, see: Configuring WinRM on Hyper-V
hosts.
v The default URL that is to be used is https://<HYPER-V_IP_address>:<port>/wsman, where
<port> is the port of the listener that was created for the WinRM service. The default value for
the HTTP listeners is 80 and for HTTPS listeners is 443. The default URL might vary in your
environment if the administrator of the Microsoft Hyper-V hypervisor changed the
configuration of the API, for example, if the HTTP protocol is used instead of the HTTPS
protocol.
Supported versions
v
v
v
v
Microsoft Hyper-V
Microsoft Hyper-V
Microsoft Hyper-V
Microsoft Hyper-V
1.0.1.3 or later.
server
server
server
server
2008
2008
2012
2012
(stand-alone or direct mode)

R2 (stand-alone or direct mode)
(stand-alone or direct mode)
R2 (stand-alone or direct mode), if the VM Manager Tool version is
Configuring WinRM on Hyper-V hosts:

Configure Windows Remote Management to allow the BigFix Inventory server to gather data about
virtualization topology of virtual machines installed in your infrastructure.
Before you begin
v To retrieve the data that is required to properly calculate PVU, you must be logged in as a local
administrator on the Hyper-V host. It is necessary because the Windows Management Instrumentation
call that accesses MsCluster namespace requires an administrative account.
v Hardcoded and select-only statements are run over WinRM. The obtained data is stored in a database
schema. BigFix Inventory does not modify the Hyper-V settings and does not affect it any other way.
About this task
The WinRM service is an implementation of WS-Management specification that enables cooperation
between hardware and operating systems that come from different vendors. The BigFix Inventory server
209
connects to this service defined as a VM manager and collects data regarding virtualization hierarchy.
Therefore, you must perform the following procedure on each Hyper-V host in your infrastructure,
including those that are part of a cluster, to ensure the WinRM service is running and configured to
enable communication with the server.
Procedure
1. Defining HTTP and HTTPS listeners. By default, communication with the WinRM service is disabled
because there are no listeners defined. To check whether there are any listeners that are currently
defined, type the following command: winrm enumerate winrm/config/listener. If there is no output
returned, there are no listeners defined.
a. To define a default HTTP listener, type:
winrm quickconfig
The command starts the WinRM service and sets it to start automatically with the system start. It
also creates an HTTP listener on the default port (accepting requests from any IP), it defines
Internet Connection Firewall exceptions for the service, and it opens the HTTP port. Depending on
the version of the WinRM service, the default HTTP port might be 80 or 5985. For more
information, see Installation and Configuration for Windows Remote Management.
b. To define a listener for secure connection (HTTPS), you must have a valid certificate on the
Hyper-V host with a CN that matches the host name that you are using to connect to Hyper-V.
You must also create a listener with the CertificateThumbprint of that certificate. For more
information, see the Microsoft documentation: http://support.microsoft.com/kb/2019527.. You
might be able to create a self-signed certificate for testing purposes, however, you should consult
your certificate administrator.
Note: If an appropriate certificate was not found on the machine, the above command will not
work and the following output will be returned The certificate must have a CN matching the
host name, be appropriate for Server Authentication, and not be expired, revoked, or self-signed.
If there is a need to use a self-signed certificate, you can manually generate it and create the
listener by starting the following command:
winrm create winrm/config/listener?Address=*+Transport=HTTPS
@{Hostname=<the name of your server>;CertificateThumbprint=<certificate thumbprint>}
In this case you have to configure the firewall settings manually.

2. Enabling WinRM Negotiate authentication scheme. The WinRM service offers several authentication
schemes to be used to authenticate the client side. The BigFix Inventory server uses Negotiate
authentication scheme, which is enabled by default.
a. To check the current setting of this property, type:
winrm get winrm/config/service/auth
b. To set the required value of this property, enter:

winrm set winrm/config/service/auth @{Negotiate="true"}
3. Setting WinRM AllowUnencrypted property. The server requires the property to be set to "true".
a. To check the current settings, type:
winrm get winrm/config/service
b. To set the required value of this property, type:

winrm set winrm/config/service @{AllowUnencrypted="true"}
Note: Setting this value to "true" does not mean that the sensitive data, such as user names or
passwords, will be passed in an unencrypted form over the network. Only the content of the
SOAP messages will be sent as a plain text. If this cannot be accepted because of security reasons,
define the HTTPS listener and use the secured transport (HTTPS) while defining a VM manager in
the BigFix Inventory server so that the TLS protocol will be used to encrypt all the network traffic.
210
4. Verifying the listener. After you define the HTTP or HTTPS listener, verify that you can remotely
connect to the Hyper-V server.
a. On the Hyper-V server, determine the port on which the Windows Remote Management client for
the HTTP or HTTPS transport listens. Type the following command in the Windows command
line:
winrm enumerate winrm/config/listener
v If the port number is listed in the Port line, the listener was properly created.
v If you receive an error or there is no information for the transport, the listener was not created
properly. Go back to step one, and define the listener again.
b. To verify the listener, type:
winrm enumerate winrm/config/listener /r:<transport>://
<Hyper-V_server_name>:<port>/wsman /u:<user_id> /p:<password> /a:Negotiate
Where
<transport>
Is either HTTP or HTTPS.
<Hyper-V_server_name>
Is the host name of the Hyper-V server. If you are using HTTPS, the host name must
match the CN in the certificate.
<port>
Is the port number that you obtained in the previous step.
<user_id>
Is the user ID that is used to connect to the Hyper-V server.
<password>
Is the password that is used to connect to the Hyper-V server.
For example:
winrm enumerate winrm/config/listener /r:https://
myhyperv.ibm.com:5986/wsman /u:administrator /p:abc /a:Negotiate
5. Verifying whether the Virtual System Management service is running. To verify that the service that
provides Hyper-V management is running, go to Administrator Tools > Services on the Hyper-V
server. Look for the service called Hyper-V Virtual Machine Management
v If the service exists, but is not running, start the service.
v If the service does not exist, the Hyper-V host was not configured properly.
6. Verifying the MsCluster resource. If the server is clustered, verify that you can access the MsCluster
namespace. On the Hyper-V server, type the following command into the Windows command line:
winrm enumerate wmi/root/MsCluster/*
-dialect:"http://schemas.microsoft.com/wbem/wsman/1/WQL"
-filter:"SELECT PrivateProperties, Type FROM MsCluster_Resource WHERE Type=Network Name AND Flags=1"
If this command fails, refer to Microsoft documentation about WMI for MsCluster.
7. Verifying remote connectivity and the server certificate. To verify remote connectivity and the server
certificate, type the following command into the Windows command line:
Restriction: Enter the following command on the Windows command line of the BigFix Inventory
server. If the server is not installed on a computer that runs on a Windows operating system, use a
computer that is not the Hyper-V host and runs on Windows 2008 or higher.
winrm set winrm/config/client @TrustedHosts={"<Hyper-V_server_name>"}
winrm get winrm/config/client /r:<transport>://
<Hyper-V_server_name>:<port>/wsman /u:<user_id> /p:<password> /a:Negotiate
Where
<transport>
Is either HTTP or HTTPS.
211
<Hyper-V_server_name>
Is the host name of the Hyper-V server. If you are using HTTPS, the host name must match
the CN in the certificate.
<port>
Is the port number on which the Windows Remote Management client for the HTTP or
HTTPS transport listens.
<user_id>
Is the user ID that is used to connect to the Hyper-V server.
<password>
Is the password that is used to connect to the Hyper-V server.
For example:
winrm set winrm/config/client @TrustedHosts={"myhyperv.ibm.com"}
winrm get winrm/config/client /r:https://
myhyperv.ibm.com:5986/wsman /u:administrator /p:abc /a:Negotiate
The following error is often returned when a self-signed certificate is used is:
WSManFault
Message = The server certificate on the destination computer (myhyperv.ibm.com:5986)
has the following errors: The SSL certificate is signed by an unknown certificate authority.
If you receive this error, export the self-signed certificate from the Hyper-V host, and import it on the
BigFix Inventory host. For other errors, refer to Microsoft documentation for the returned error code.
Tip: For more information about Hyper-V configuration, see the following documents: Hyper-V
connection fails CODVM0005E and Hyper-V configuration matrix.
Kernel-based Virtual Machine

Kernel-based Virtual Machine is one of the virtualization technologies supported by BigFix Inventory.
Purpose
Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on x86 hardware
containing virtualization extensions (Intel VT or AMD-V). In the KVM architecture, each guest (virtual
machine) is implemented as a regular Linux process. After you install KVM, you can run multiple guests,
with each of them running a different operating system image. Each of these virtual machines has
private, virtualized hardware, which includes memory, storage, graphics adapter, and a network card.
This allows KVM to benefit from all the features of the Linux kernel.
Collecting capacity data

The way of collecting capacity data from virtual machines that are managed by KVM hosts depends on
whether the hosts are controlled by RHEV-M. If you use RHEV-M, use VM Manager Tool to collect
capacity data from virtual machines. If you do not use RHEV-M, collect capacity data directly from the
KVM hosts by running the Run Capacity Scan on Virtualization Hosts task. For more information, see:
Collecting capacity data directly from KVM hosts.
Red Hat Enterprise Virtualization Manager (RHEV-M)

Red Hat Enterprise Virtualization (RHEV) is an enterprise virtualization product based on the KVM
hypervisor. RHEV-M is a service running on a Red Hat Enterprise Linux server that provides interfaces
for controlling the virtualization platform. It manages provisioning, connection protocols, user sessions
logins and logoffs, virtual desktop pools, virtual machine images, and the high availability and clustering
systems. RHEV-M provides the REST API that is used by BigFix Inventory to collect information about
the whole infrastructure that is managed by RHEV-M.
The default URL that is to be used:
212
v For RHEV-M 3.0

https://<RHEV-M_IP_address>:8443/api
v For RHEV-M 3.1

https://<RHEV-M_IP_address>:443/api
Supported versions:
Red Hat Enterprise Virtualization Manager 3.0 and 3.1
Servers managed by
RHEV-M
Server
IBM BigFix server
VM 1
Client-server
communication
VM 2
Server
VM 3
Server-RHEV-M
communication
Server
VM 4
VM 5
Red Hat Enterprise

Virtualization Manager
RHEV-M manages
servers
VM 6
Capacity data flow

Before you start configuring VM managers, see the data flow graphic to understand the complete flow of
data between your virtual machines, VM Manager Tool, and the BigFix Inventory server.
The overall virtualization data traffic comprises:
v Configuration data that is pushed down to the endpoints
v Infrastructure data that is uploaded from VM Manager Tool
v Capacity data that is uploaded from the BigFix clients to the BigFix and then to the BigFix Inventory
server
Important: It might happen that the VM managers panel does not display up-to-date information about
your virtual systems. This delay might be caused by the fact that the data about your virtual
environments and the configuration data goes through many infrastructure elements and depends on
various scheduled tasks. As a result, the time that is needed for complete virtualization data to reach the
product and get displayed in the interface might be long, up two days, depending on your specific
configurations.
Example:
Table 63. Phases of data traffic in case of centralized virtual machine management
Number
Step
Time required
1.
Configuration data is sent to the endpoints.
10 minutes
213
Table 63. Phases of data traffic in case of centralized virtual machine management (continued)
Number
Step
Time required
2.
VM manager data is collected from your VM managers to VM

Manager Tool.
30 minutes
3.
VM manager data is uploaded from VM Manager Tool to the

BigFix server.
12 hours
4.
The current infrastructure data, both from the clients and VM

Manager Tool, is imported from the BigFix server to the BigFix
Inventory server.
24 hours
The total time that it takes to

display virtualization data might be
longer than 24 hours.
Visualization of data traffic in case of default virtual machine management where VM Manager Tool is installed on
the BigFix server
Client computer
- browser
Computer 1
Client computer
- console
Computer 2
1
1
Effective after:
1 - 10 minutes
IBM BigFix
server
BigFix Inventory
server
Action:
Configure
VM Manager Tool
4
3
BigFix Inventory
database
1
IBM BigFix
Client
Capacity scan
execution
and upload
VM Manager
Tool
Virtualization
data upload
Frequency:
Every 12 hours
Action:
Run Capacity Scan
and Upload Results
IBM BigFix
Client
Collection of
VM manager
data
Frequency:
Every 30 minutes
Frequency:
Every 30 minutes
Virtual
machine 1
Configuration
change
Action:
Upload VM Manager Tool
Scan Results
Virtual
machine 2
IBM BigFix
Client
VM Manager
Extract,
Transform
and Load
Frequency:
Every 24 hours
Action:
Run an import
214
Basic VM management (central)

Use basic VM management if the IBM BigFix server can connect to your VM managers. This is the
default configuration, in which VM managers are configured through user interface.
In basic VM management, data about the capacity of your VM managers is collected by the main instance
of VM Manager Tool. The main instance was already installed on the BigFix server by default, and does
not require any action from you. You must only ensure that it can connect to your VM managers. If some
of your VM managers are in separated networks (no connection from the BigFix server), you can manage
these VM managers through advanced VM management.
Understanding the VM Managers panel

Before you start adding VM managers, see the details of the VM Managers panel to understand all
available options and columns.
To open the VM Managers panel, click Management > VM Managers. This panel lists only those VM
managers that are managed by the main instance of VM Manager Tool, which means that they can be
connected to from the BigFix server. The following image labels all columns available on the panel.
New
Click this button to create a new VM manager.
Delete
Click this button to delete a selected VM manager.
Test Connection
Click this button to test the connection to a selected VM manager. The status of a connection test
is shown in the Connection Test Status column.
Operation Status
The current status of a VM manager that reflects its condition. The status changes when
connection or configuration problems occur. For more information, see VM manager statuses.
Connection Test Status
The current status of a connection test. The initial value is Not Tested and it changes to Testing,
Successful, or Failed after clicking Test Connection. The latter two statuses are always followed
by a timestamp. For more information, see Connection test statuses.
215
VM Manager Type
Type of a VM manager. The supported types are VMware, Microsoft Hyper-V, and Kernel-based
Virtual Machine. For more information, see Summary of supported virtualization types.
VM Manager URL
Web address of a VM manager. Each virtualization type uses a different address format. The
template is always provided when you create new VM managers. For more information, see
Supported virtualization types.
User Name
User that can access a VM manager. Each virtualization type uses a different user name format:
v For Microsoft Hyper-V, you must use the Administrator account. The user is defined as
domain\user_name, for example: cluster.com\test or user_name@domain, for example:
[email protected].
v For VMware, the user is defined as domain\user_name, for example: cluster.com\test
v For RHEV-M, the user is defined as user_name@domain, for example: [email protected]
Data Import Time
Date and time that indicates when the capacity data was imported from the BigFix server to
BigFix Inventory.
Data Collection Time
Date and time that indicates when the capacity data was collected from a VM manager by VM
Manager Tool. The time shown in this column is always different from the time in the Data
Import Time column, because the collected data still needs to be uploaded to the BigFix server
and is only then imported to BigFix Inventory.
Adding VM managers
To add a VM manager in the user interface, open the VM Managers panel, and specify some details, such
as web address, type, and credentials. These details are required so that VM Manager Tool can connect to
your VM managers.
Before you begin

v
You must have the Manage VM Managers and Servers permission to perform this task.
v If the panel is blocked and displays a warning, see Troubleshooting: Enabling the VM Managers panel.
Procedure
1. In BigFix Inventory, click Management > VM Managers.
2. Click New.
a. Select the virtualization type.
b. If you choose Microsoft Hyper-V, select one of the available communication interfaces: PowerShell
or NTLM.
Note: For more information about PowerShell and NTLM, see: Microsoft Hyper-V on page 206.
c. Enter the web address of a VM manager. You can provide either a full URL, its part, a host name,
or an IP address.
Important: The default URL differs depending on the virtualization type.
vCenter
v For versions up to 5.1: https://<vCenter_IP_address>/sdk
v For version 5.5 and higher: https://<vCenter_IP_address>/sdk/wimService.wsdl
216
RHEV-M
v For version 3.0: https://<RHEV-M_IP_address>:8443/api
Hyper-V
v https://<Hyper-V_IP_address>/wsmann
d. If you choose Microsoft Hyper-V, you can share credentials with other hosts in the same cluster. To
do so, select Share credentials with other hosts in the same cluster.
e. Enter the user name and password.
Important: Different definitions of users are used for Microsoft Hyper-V, VMware, and RHEV-M:
[email protected].
f. Click Create. The VM Manager is created and its status is Pending.
The following example shows a configured VMware.
3. Select the VM manager and click Test Connection. The status in the Connection Test Status column
changes to Testing. It might take a few minutes to test the connection. Refresh the panel.
4. If the connection status changes to Successful, the VM Manager is configured correctly.
Results
You created a new VM manager connection. The status remains Pending until the data is collected,
uploaded to the BigFix server, and then transferred to BigFix Inventory with a data import. The upload of
data collected from VM managers is triggered shortly after making any modifications to VM managers,
such as creating a new connection or changing the existing one. If no modifications are made, the data is
uploaded according to the schedule, which by default is 12 hours. For more information, see Capacity
data flow.
Modifying a VM manager:
Perform the following steps to modify the details of an existing VM manager.
Procedure
1. On the VM Managers page, select the VM manager whose configuration you want to modify.
2. In the lower area of the window, enter the new parameters.
3. Click Save.
217
Removing a VM manager:
Perform the following steps to remove a VM manager.
Procedure
1. On the VM Managers page, select the VM manager whose configuration you want to delete.
2. Click Delete.
VM manager statuses
After you added a new VM manager, see the explanation of statuses that might be displayed in the user
interface to ensure that your VM managers are working properly.
Information about the status of a VM manager is displayed in the Operation status column on the VM
Managers panel.
VM manager statuses
OK
Data collected from VM Managers is collected and processed according to schedule. No issues
were detected.
OK - duplicated UUIDs discarded
Each virtual machine must have a unique UUID. When a UUID identifies more than one VM,
both are discarded from results and not reported to BigFix Inventory.
Action: Open the VM Manager Tool log files that are in the BES Client\LMT\VMMAN\logs directory.
The log files contain the list of discarded virtual machines. After you identify them, refer to the
documentation for your virtualization type to learn how to assign unique UUIDs to each virtual
machine. After the duplicates are corrected, the status changes to OK.
Pending
The status is displayed after a VM manager is created or after its definition is modified, which
means that changes are still propagated to VM Manager Tool. The status changes to OK when
the following steps are completed:
1. VM Manager Tool gathers data from VM managers.
2. The data is uploaded to the BigFix server.
3. The data is transferred to BigFix Inventory with a data import.
If a problem occurs during any of the preceding steps, the status changes appropriately to reflect
this problem.
Action: Wait until VM Manager Tool completes the steps required to upload the data. For more
information about each step, see Capacity data flow.
Inactive
Data from a VM manager was not retrieved for a longer time. The status is displayed when the
maximum allowed inactivity of a VM manager is exceeded.
Connection failed
Connection to a VM manager failed and the data was not retrieved.
Action: Check the VM Manager Tool log files to determine the cause. The log files are in the BES
Client\LMT\VMMAN\logs directory.
218
Hard timeout - suspended

Connection to a VM manager failed and no further attempts are made. The status indicates that
either provided URL or configuration is incorrect, or that there are problems with the network.
Action: Check the connection between VM Managers and VM Manager Tool. Also, correct the
URL and the credentials, and save the changes. The status changes to Pending.
Invalid credentials - attempting
Connection to a VM manager failed because the credentials are incorrect or the password expired.
More attempts are made until the limit is exceeded. Then, the status changes to Invalid
credentials - suspended to prevent the account lock.
Action: Edit a VM manager and correct the credentials.
Invalid credentials - suspended
Connection to a VM manager is suspended because the number of failed attempts was exceeded.
The status is used to prevent the account lock in case of invalid credentials.
Action: Edit a VM manager and correct the credentials.
Duplicated address
The address of a VM manager is duplicated. The first address remains active and the status is
displayed for the remaining ones.
Action: Delete duplicated VM managers to ensure that data is gathered only once. The duplicated
addresses might occur only within a particular VM manager type.
Connection test statuses

The following statuses are displayed in the Connection Test Status column after you select a VM
manager and click Test Connection.
Not Tested
The connection test was not started. Select a VM manager and click Test Connection.
Testing
The connection is being tested. It might take a few minutes until the status changes. Refresh the
panel.
Successful
The connection to a VM manager was established. The VM manager is configured correctly.
Failed The connection to a VM manager could not be established. Check the VM Manager Tool log files
to determine the cause. The log files are in the BES Client\LMT\VMMAN\logs directory.
Troubleshooting: Enabling the VM Managers panel

If the VM Managers panel is disabled and you cannot add VM managers, complete additional steps to
enable it. This issue often occurs if your BigFix server does not have Web Reports configured, or if the
automatic installation of VM Manager Tool failed.
The issue can be recognized by a disabled panel and a message similar to the following example:
Before you can configure VM managers, you must install and run the BigFix services,
including Web Reports, on the localhost. For more information, see the product
documentation.
219
Installing Web Reports:

The Web Reports component is typically installed together with the BigFix server. You might have
chosen, however, to omit this component during the installation. To install it, complete one of the
following steps depending on the operating system of the computer, where IBM BigFix is installed.
Procedure
v For Windows systems, see Installing Web Reports.
v For Linux systems, start the installation of IBM BigFix. Choose the Production installation and when
prompted for the installation of components, choose Web Reports only.
Select the IBM BigFix Features you want to install:
[1] All Components (Server, Client, and WebReports)
[2] Server and Client Only
[3] WebReports Only
Results
You installed Web Reports on the BigFix server.
What to do next
Install VM Manager Tool.
(Optional) Installing VM Manager Tool:
If the automatic installation of VM Manager Tool failed, you can install it manually on the BigFix server.
Before you begin
v Review software requirements and other considerations
v Install an IBM BigFix client on the target computer.
v Install and start Web Reports on the IBM BigFix server.
Procedure
3. Select Install VM Manager Tool, and then click Take Action.
220
4. Select the BigFix server as target computer and click OK.
What to do next
Schedule the upload of collected data.
(Optional) Uploading collected data:
The uploading of collected data is scheduled automatically. You can use this procedure if the automatic
installation of VM Manager Tool failed.
Procedure
1. Log in to IBM BigFix console.
3. Select Schedule VM Manager Tool Scan Results Upload.
4. In Description, enter the upload frequency in hours.
5. Select the BigFix server as the target computer and click OK.
221
Note: All options in the Execution tab are disabled. The frequency can be specified only in the
Description field.
Results
You scheduled to upload capacity data from VM Manager Tool to IBM BigFix. The data is transferred to
BigFix Inventory with each data import. If no modifications are made to VM managers, the data is
uploaded according to the schedule. If you modify a VM manager, the upload is triggered shortly
afterwards.
What to do next
Add VM managers in the user interface.
Advanced VM management (distributed)

Use advanced VM management if the IBM BigFix server cannot connect to some of your VM managers,
because they are in separated networks. This approach requires that you install additional VM Manager
Tool, and configure your VM managers through command line.
You can use advanced VM management as an extension of the basic configuration. VM managers to
which the BigFix server can connect can still be managed in the BigFix Inventory user interface.
Additional VM Manager Tool would manage only those VM managers for which such a connection
cannot be established. You can connect to such VM managers by creating configuration files and
managing the connections in the VM Manager Tool command line.
Although VM managers are managed through the command line, their capacity data is uploaded to
BigFix Inventory and updated on reports in the same way as for the basic configuration. In contradiction
to the main VM Manager Tool, additional instances can be installed on any computer that can connect to
separated VM managers, and you can deploy as many of them as you need. However, VM managers
configured in the command line are not visible in the user interface of BigFix Inventory.
The advanced VM management also gives you the following benefits:
v Balancing the network traffic by distributing it between multiple VM Manager Tools
v Collecting capacity data only for selected virtual machines (UUID-based filtering)
Deployment scenarios
Before you proceed to advanced VM management, review the available scenarios for which you can use
the additional instance of VM Manager Tool. The main purpose is to transfer the capacity data from VM
managers that are in separated networks, but you can also balance the network traffic, or filter your
virtual machines based on their UUIDs.
222
Scenario 1: A VM manager is in a separated network and cannot connect to IBM BigFix

Without a direct connection to IBM BigFix, data about capacity of VM Managers cannot be
collected, which conflicts with license compliance. If you have a separated network in your
environment, you can use VM Manager Tool that serves as a connector between VM Managers
and the server. The tool can be installed on any computer that can connect to VM Managers. It
gathers data about their capacity and then uploads it to the server.
The following image shows two separated networks, each represented by a different VM
Manager Tool.
Figure 2. Typical implementation
IBM BigFix server
Network B
Network A
Server 1
Server 1
VM 1
VM 1
VM 2
VM 2
Server 2
Server 2
VM 3
VM 3
C: \ >
VM Manager
Tool
C: \ >
VM Manager
Tool
VM 4
VM 5
Server 3
VM 4
VM 5
VM 6
Manage
Virtualization manager
Connection
is allowed
There is
no connection
between
the networks.
Server 3
Connection
is allowed
VM 6
Manage
Virtualization manager
Legend
Agent
Scenario 2: You want to balance the network traffic coming from multiple VM Managers
You can balance the network traffic by distributing it between multiple VM Manager Tools.
Successful load balancing optimizes resource use, maximizes throughput, minimizes response
time, and avoids overload.
The following image shows two VM Manager Tools connected to the IBM BigFix server. Each of
them is responsible for gathering capacity data from different VM Managers.
223
Figure 3. Load-balancing example

IBM BigFix server
Network
C: \ >
VM Manager
Tool
Virtualization
manager
Virtualization
manager
Virtualization
manager
Server 1
VM Manager
Tool
Virtualization
manager
Virtualization
manager
Virtualization
manager
Server 1
Server 2
C: \ >
Virtualization
manager
Virtualization
manager
Virtualization
manager
Server 1
Server 2
Server 2
Server 3
Server 3
Server 3
Server 4
Server 4
Legend
Agent
Scenario 3: UUID-based virtual machine filtering

The purpose of filtering based on universally unique identifier (UUID) is to select only those
224
virtual machines whose capacity and topology data is to be included in a final report. The VM
manager has the function of matching UUIDs of selected guests. To stay compliant, all the
necessary virtual machines units must be included in the report. When you enable UUID-based
filtering all of the non-selected guests, empty hosts and clusters are removed.
Installing additional VM Manager Tool

To connect to VM managers that are in separated networks, you must first install additional VM Manager
Tool. You can install it on any computer that can connect to the separated networks.
Before you begin

v Review software requirements and other considerations
v Install an IBM BigFix client on the target computer.
Procedure
3. Select Install Additional VM Manager Tool (OPTIONAL) and click Take Action.
4. Select the target computer and click OK. The target computer must be able to connect to separated
VM managers.
225
Results
You installed additional instance of VM Manager Tool. You can use its command-line interface to manage
VM managers that are in separated networks.
What to do next
Schedule the upload of collected data.
Uploading collected data

After you install additional VM Manager Tool, schedule the regular uploads of collected data. This action
is required so that the capacity data that is collected by VM Manager Tool is uploaded to the IBM BigFix
server.
Procedure
3. Select Schedule VM Manager Tool Scan Results Upload.
4. In Description, enter the upload frequency in hours.
5. Click Take Action.

6. Select the target computer and click OK. The computer must have VM Manager Tool installed.
226
Description field.
Results
You scheduled the upload of capacity data from VM Manager Tool to IBM BigFix. The data is transferred
to BigFix Inventory with each data import. If no modifications are made to VM managers, the data is
uploaded according to the schedule. If you modify a VM manager, the upload is triggered shortly
afterwards.
What to do next
Configure VM managers.
Adding VM managers
In advanced VM management, you add VM managers by creating configuration files, where you specify
web address, type, and credentials that are required to access a VM manager. Each VM manager uses a
separate configuration file.
Before you begin

VM managers for which configuration files are created cannot be viewed in BigFix Inventory. They can be
managed only in the VM Manager Tool command-line interface. The reports, however, are updated with
the collected data.
Procedure
1. Go to the BES Client\LMT\VMMAN\config directory.
2. Copy the vmmconf_template.properties file and rename it to vmmconf_name.properties. This file now
represents a new VM manager.
Attention: Each time you create a VM manager configuration file, use the
vmmconf_template.properties file as a template. Do not copy and edit configuration files that you
previously created for a different VM manager. After you load the configuration file for the first time,
an ID is generated for a VM manager. Each ID must be unique. When you copy and edit an existing
configuration file, the ID is duplicated.
3. Edit the file and specify the following parameters:
vmm_url
Specify the web address of the VM manager. You can specify either a full URL or only the
host name or IP address.
For example, vmm_url=http://192.0.2.0/wsman.
227
Important: The default URL differs depending on the virtualization type.

vCenter
v For versions up to 5.1: https://<vCenter_IP_address>/sdk
v For version 5.5 and higher: https://<vCenter_IP_address>/sdk/wimService.wsdl
RHEV-M
Hyper-V
v https://<Hyper-V_IP_address>/wsmann
vmm_type
Specify the type of the VM manager. The possible values are VMWARE_V_SPHERE,
MICROSOFT_HYPER_V, or KVM_RHEV_M.
For example, vmm_type=MICROSOFT_HYPER_V.
vmm_login
Specify the user name that is used to access the VM manager.
For example, vmm_login=cluster.com\administrator.
Important: Different definitions of users are used for Microsoft Hyper-V, VMware, and
RHEV-M:
[email protected].
vmm_password
Specify the password that is used to access the VM manager. The password is encrypted and
saved when you load the configuration files.
For more information about optional parameters, see Configuration parameters.
4. Save the configuration file. To establish the connection, you must run the VM Manager Tool and load
the configuration file.
What to do next
Run VM Manager Tool.
Running VM Manager Tool

After creating configuration files for your VM managers, you must run the VM Manager Tool to load the
configuration, test connections, and check the status of VM managers.
About this task

For a complete list of commands that can be used in VM Manager Tool, see VM Manager Tool
command-line options.
Procedure
1. Open the command-line interface and go to BES Client\LMT\VMMAN.
2. Optional: VM Manager Tool is started automatically after installation, however you can use the
following commands to start it, if needed.
Windows
228
vmman.bat -run
./vmman.sh -run
3. Load the new or updated configuration files to update the connection parameters in VM Manager
Tool. During this step, the passwords provided in the files are encrypted. You must repeat this step
after modifying or creating a configuration file.
Linux
Windows
vmman.bat -reloadconfig
./vmman.sh -reloadconfig
4. Test connections to VM managers.
Linux
Windows
Linux
vmman.bat -testconnection
./vmman.sh -testconnection
5. Check the status of VM managers.

Windows
Linux
vmman.bat -status
./vmman.sh -status
Results
If the VM managers report the OK status, they are working properly, and the capacity data is being
collected. The upload of collected data is triggered shortly after making any modifications to VM
managers, such as adding a new connection or changing the existing one. If no modifications are made,
the data is uploaded according to the schedule. For more information, see Capacity data flow.
Additional configuration
Additional configuration tasks are intended to give you more control over VM Manager Tool. You can
use them to customize the VM Manager Tool, or to enable filtering of virtual machines based on their
UUIDs. All of these tasks are optional.
VM manager configuration parameters:
In advanced VM management, connection to each VM manager is created based on the information
provided in the configuration files. Apart from specifying mandatory parameters, such as web address,
virtualization type, user name, and password, you can also use additional ones to disable VM managers,
set the number of login attempts, or allow Hyper-V to share credentials with hosts in the same cluster.
229
Important: The following settings cannot be changed for the main instance of VM Manager Tool that is
installed on the BigFix server. Any changes are overwritten during the next action performed on VM
managers.
Table 64. VM manager configuration parameters
Unit
Parameter
Description
vmm_url
Web address
(URL)
Default
Minimum
Maximum
Specifies the web address of the VM manager. You can provide either a full
URL, a partial URL, or only a host name or IP address. In the second case, the
full address of the VM manager is built based on the selected type of the VM
manager and protocol (if specified). HTTPS protocol is used by default.
If you specify only the addresses, the defaults are used:
v https://virtualcenter/sdk for VMWARE_V_SPHERE
v https://hyper-v/wsman for MICROSOFT_HYPER_V
v https://rhev-m:8443/api for KVM_RHEV_M
If you do not specify the complete URL but only a protocol, or a port, or a
context path, the URL is built based on the following defaults:
v VMWARE_V_SPHERE - default protocol https, port 443 (for https) or 80 (for
http), context path - sdk
v KVM_RHEV_M - default protocol https, port 8443 (for https) or 8080 (for http),
context path - api
v MICROSOFT_HYPER_V - default protocol https, port 443 (for https) or 80 (for
http), context path - wsman
If the URL contains the name of a VM manager, the name is resolved to an IP
address. However, the full URL, including a port number, is used by the
server to identify the VM manager.
Each VM manager must have a different web address, that is, only one entry
is allowed for a particular URL. If two or more configuration files duplicate
the URL address, only the first file is treated as valid. The remaining files are
ignored.
vmm_type
Characters
Specifies the type of VM manager. The possible values are:
v VMWARE_V_SPHERE
v MICROSOFT_HYPER_V
v KVM_RHEV_M
vmm_communication_interface
Characters
POWERSHELL
Specifies the communication interface that is used for communication with

Microsoft Hyper-V. This option is supported only when the VM Manager Tool
is installed on Windows. On Linux, the value of this parameter is ignored and
the NTLM communication is always used. The possible values are:
v NTLM
v POWERSHELL
vmm_login
Characters
Specifies the user name that is used to access the VM manager.
Important: For Microsoft Hyper-V, you must use the Administrator account.
vmm_password
Characters
Specifies the password that is used to access the VM manager. A password
that is entered in plain text is immediately encrypted and saved while the
configuration files are loaded.
Important: For Microsoft Hyper-V, you must use the Administrator account.
230
Table 64. VM manager configuration parameters (continued)

Unit
Parameter
Description
vmm_max_subsequent_login_failures
Integer
Default
Minimum
Maximum
100
Specifies the maximum number of failed attempts of logging in to the VM

manager. If you set the value of this parameter to 0, an unlimited number of
attempts is allowed. If the specified number of failed attempts is exceeded,
the VM Manager Tool does not connect to this VM manager and the
parameter vmm_communication_locked is set to true.
True/false
vmm_communication_locked
False
Indicates whether the connection to the VM manager is locked. The possible

values are:
vmm_get_cluster_info_with_shared_credentials
true
Disables the connection to the VM manager but keeps the

configuration file. If the number of failed logging attempts that is
specified in the vmm_max_subsequent_login_failures parameter is
exceeded, the value of the vmm_communication_locked parameter is
automatically set to true.
false
Unlocks communication with the VM manager and resets the count

of the subsequent failed logging attempts.
True/false
False
Indicates whether the same credentials can be used to connect to every host in
the same cluster. You can use this parameter only for Microsoft Hyper-V. The
possible values are:
true
Uses the same credentials to get information about all other hosts in
the same cluster.
false
Set when credentials for every host in the cluster are different. Each
host in the same Hyper-V cluster requires a separate configuration
file.
VM Manager Tool command-line options:

Apart from basic commands that allow you to create connections to VM managers and check their status,
you can use additional commands to run or remove VM Manager Tool, encrypt passwords, or collect
debug information for troubleshooting purposes.
The following table provides a list of command-line options that you can use when you run the VM
Manager Tool. If you run the application without specifying any options, the help screen is displayed by
default.
Option
Description
-help
Displays the help screen. It is the default option

when no other option is specified.
-install
Installs VM Manager Tool as a system service.

Important: You must have the administrative or
root privileges to use this option.
Example
Linux
./vmman.sh -install
Windows
vmman.bat -install
Windows
The installation logs are in the
directory: BES Client\LMT\VMMAN\logs\install.
-passwd passwordString
-config file_path
Encrypts a password for the VM manager from a

configuration file that is specified in the config
parameter.
Linux
./vmman.sh -passwd newPassword
-config ./config/vmmconf_1.properties
Windows
vmman.bat -passwd newPassword
-config config\vmmconf_1.properties
231
Option
Description
-reloadconfig
Reloads all configuration files and updates the

parameters in the memory of VM Manager Tool.
You can use this option only if VM Manager Tool
runs as a system service.
Tip: Use this option each time a new VM manager
connection is defined to load the newly created
configuration.
-remove
Removes VM Manager Tool from the service

registry.
Important: You must have the administrative or
root privileges to use this option.
Example
Linux
Windows
Linux
./vmman.sh -remove
Windows
vmman.bat -remove
Windows
The removal logs are in the directory:
BES Client\LMT\VMMAN\logs\install.
-retrievedebugdata
Collects debug information from all defined VM

managers and stores it in the debugData.zip file
that is in the main the VM Manager Tool directory.
The collected information includes:
Linux
./vmman.sh -retrievedebugdata
Windows
vmman.bat -retrievedebugdata
v Configuration files
v Log files
v Network communication log files
v Data collected from VM managers
v Status of all VM managers
-run
Starts the VM Manager Tool in service mode. In

this mode, data is collected for all defined VM
managers repeatedly at the interval that is set in
the vmm_polling_time_interval parameter. To use
this option, you must install VM Manager Tool as a
system service.
Linux
./vmman.sh -run
Windows
vmman.bat -run
Windows
Important:
You must have the
administrative privileges to use this option.
-runonce [ -config
file_path ]
-status [ -config
file_path ]
Collects data from all defined VM managers once

and exits the VM Manager Tool. To collect data
from a particular VM manager, use the -config
file_path option, where file_path is a full or
relative path to the configuration file of the VM
manager that you want to collect data from.
Displays the operation status for all VM managers.
If the file path is specified, the operation status for
the particular VM manager is displayed.
To see the information about all the operation
statuses, refer to the topic VM Manager Tool
statuses.
-stop
-testconnection [
-config file_path ]
232
Stops VM Manager Tool that was started as a

system service.
Tests connections to all defined VM managers. To

collect data from a particular VM manager, use the
-config file_path option, where file_path is a full
or relative path to the configuration file of the VM
manager that you want to collect data from.
Linux
./vmman.sh -runonce -config
./config/vmmconf_1.properties
Windows
vmman.bat -runonce -config
config\vmmconf_1.properties
Linux
./vmman.sh -status -config
Windows
vmman.bat -status -config
Linux
./vmman.sh -stop
Windows
vmman.bat -stop
Linux
./vmman.sh -testconnection -config
Windows
vmman.bat -testconnection -config
VM Manager Tool settings:

You can configure settings of VM Manager Tool by editing the vmmainconf.properties file that is stored
in the BES Client\LMT\VMMAN\config directory.
Important: The following settings cannot be changed for the main instance of VM Manager Tool that is
installed on the BigFix server. Any changes are overwritten during the next action performed on VM
managers.
Table 65. Global configuration parameters
Parameter
Unit
Default
Minimum
Maximum
vmm_polling_time_interval
Minutes
30
30
10080 (1 week)
Seconds
90
10
3600 (1 hour)
Number
10
50
Minutes
720
10080
Boolean
(true/false)
True
Boolean
(true/false)
False
Number
25001
Number
100
Specifies the interval between the consecutive

retrievals of data from VM managers.
vmm_connection_timeout
Specifies the time after which the connection with
a VM manager is ended.
vmm_thread_pool_size
Specifies the number of threads in thread pool
that is used for connections to VM managers.
vmm_data_transfer_period
Determines how often the scan data is transferred
to the agent to be uploaded to the server if
subsequent scans have the same results.
check_vm_managers_uniqueness
Distinguishes unique VM managers from
duplicates.
uuid_filtering_enabled
Enables UUID filtering.
vmm_rmi_ssl_port
Specifies the number of the port that connects to
the server when you enter the reload configuration
and stop commands.
vmm_max_subsequent_login_failures
Specifies the maximum number of failed attempts
of logging in to the VM manager.
UUID-based virtual machine filtering:

The purpose of filtering based on universally unique identifier (UUID) is to collect the capacity data only
for chosen virtual machines. The remaining ones are omitted and not updated in BigFix Inventory.
Important: The UUID-based filtering can be enabled only for additional instances of VM Manager Tool.
Enabling UUID-based virtual machine filtering:
The uuid_filtering_enabled parameter is set by default to false. You must set it to true before you can
select virtual machines to be included in a final report.
233
Procedure
1. Go to the computer where you installed an additional instance of VM Manager Tool.
2. Go to BES Client\LMT\VMMAN\config.
3. Open the vmmainconf.properties file.
4. Set the uuid_filtering_enabled property to true.
Results
You enabled filtering of virtual machines based on their UUIDs. If you want to later reverse the changes,
set the property to false.
Selecting virtual machines for UUID-based filtering:
You can select virtual machines for whom the capacity data is to be collected by putting their UUIDs in
the vmmfilterconf.properties file.
Procedure
1. Optional: Obtain the list of virtual machines UUIDs by running the select distinct uuid from
ADM.VIRTUAL_VM_UUID SQL query. For more information, see Obtaining the list of virtual machine
UUIDs.
2. In the BES Client\LMT\VMMAN\config directory, open the vmmfilterconf.properties file.
3. Add the UUIDs of chosen virtual machines During filter matching, the VM manager removes any
white space characters and hyphens (-). All letters are also converted to uppercase.
Example
All of these entries are valid:
v 5030a6eb-485a-35b5-0fa0-a8bc4a459c9d
v 564da050-7b20-8754-b578-e8437da8653e
v 564D1E0d4C0CE65B8A54203D7E032D2B
What to do next
Run the following command to load the list of UUIDs that you configured:
v
Linux
Windows
Obtaining the list of virtual machine UUIDs:

You can use the list of virtual machine UUIDs that are currently connected to the BigFix Inventory server
to select those for whom the capacity data is to be collected.
About this task
You can find all of the virtual machine UUIDs that are currently connected to the BigFix Inventory server
in the ADM.VIRTUAL_VM_UUID table in the TEMADB database. You can extract the complete list of UUIDs
and then remove the chosen UUIDs to omit certain virtual machines.
The following procedure explains how to retrieve the list of UUIDs from the DB2 database. If you are
using MS SQL, use a method of retrieving information from database tables that is suitable for this
database.
234
Procedure
1. Log in to the database server as db2inst1 or other user with DBADM rights.
2. To obtain the list of virtual machines UUIDs, enter the following commands in the system
command-line interface:
db2 connect to TEMADB
db2 "select distinct uuid from ADM.VIRTUAL_VM_UUID" >uuids.txt
Note: The default name for the database is TEMADB. Change it if you named your database differently.
Results
The list is now stored in the uuids.txt file.
What to do next
Remove the unnecessary UUIDs from the uuids.txt file and copy the remaining UUIDs to the
vmmfilterconf.properties file.
Collecting capacity data directly from KVM hosts

You can omit the basic or advanced VM management for KVM hosts that are not controlled by RHEV-M.
The capacity data is collected directly from these hosts.
Before you begin

Ensure that the libvirt-client and libxml2 libraries are installed on the target endpoint and that the
Bash shell is available.
About this task

The following procedure describes how to collect capacity data from KVM hosts that are not controlled
by RHEV-M. If you use RHEV-M, collect capacity data by using the VM Manager Tool. For more
information, see Managing VM managers on page 101.
Procedure
Fixlets and Tasks.
2. In the upper right pane, select Run Capacity Scan on Virtualization Hosts and click Take Action.
Important: If you run this task on a KVM host, you no longer need to run the Run Capacity Scan
and Upload Results task on that host.
3. From the list of applicable computers, select KVM hosts.
Important: The list is filtered out to the computers that meet the prerequisites. However, not all of
them are KVM hosts.
4. Optional: By default, the capacity scan is scheduled to run every 30 minutes. However, in an
environment with many KVM hosts, consider lowering the frequency of the scan. To specify the
frequency of the scan, open the Execution tab, specify the details, and click OK. For environments
with multiple KVM hosts, run the scan once per one to six hours.
5. When the scan finishes, upload scan results to the BigFix server.
Tip: To check the status of the capacity scan on the endpoints, activate the Status of Capacity Scan on
Virtualization Hosts analysis.
235
a. In the upper right pane, select Schedule VM Manager Tool Scan Results Upload and click Take
Action.
b. Select the KVM hosts from which you collected the capacity data and click OK.
Removing capacity scan data from the host

During the capacity scan, some files and folders are generated on the virtualization host. If you no longer
collect capacity data from a particular host, remove the files and folders that were created by the capacity
scan.
Procedure
1. Stop the actions that were created by the Run Capacity Scan on Virtualization Hosts task on the
specified endpoints. Otherwise, the scan will continue running and the files will be recreated.
Actions.
b. Select the actions, and in the lower pane, click Stop.
2. In the navigation tree, go to Fixlets and Tasks.
3. In the upper right pane, select Remove Capacity Scan Data from Virtualization Hosts and click Take
Action.
4. Select the computers from which you want to remove the data that was generated during the capacity
scan and click OK.
Maintenance tasks
You can perform additional maintenance and troubleshooting tasks on VM Manager Tool. These tasks are
not limited to a specific approach to VM management, but can be applied to any instance of VM
Manager Tool.
VM Manager Tool installation requirements

Ensure that you fulfill all software requirements to install the VM Manager Tool.
Supported operating systems

Table 66. Requirements for installing VM Manager Tool.
Operating
system
Version
Linux
Red Hat Enterprise Linux for Intel/AMD x86 (64-bit) versions 7
unzip
Red Hat Enterprise Linux for Intel/AMD x86 (32 and 64-bit)
versions 5 and 6
glibc library 2.4 or higher
Red Hat Linux Desktop for Intel/AMD x86 (32 and 64-bit)
versions 5 and 6
SUSE Linux Enterprise Server for Intel/AMD x86 (32 and 64-bit)
versions 10 and 11
SUSE Linux Enterprise Desktop for Intel/AMD x86 (32 and 64-bit)
versions 10 and 11
Windows
Server 2012 Standard and Datacenter (64-bit)

Server 2008 R2 Standard, Enterprise and Datacenter (64-bit)
Server 2008 Standard and Enterprise (32 and 64-bit)
Server 2003 R2 (32 and 64-bit)
Server 2003 Datacenter, Enterprise and Standard Edition (32 and
64-bit)
8 Ultimate, Professional (32 and 64-bit)
7 Ultimate, Enterprise and Professional (32 and 64-bit)
Vista Ultimate, Enterprise and Business (32 and 64-bit)
236
Software requirements
Required free disk space

The VM Manager Tool requires 250 MB of disk space.
Log files
You can gather the log files to determine the problems that are related to the VM Manager Tool. You can
also change the log settings.
The log files for the VM Manager Tool are in the following directories:
v Trace log files: BES Client\LMT\VMMAN\logs
v Installation log files: BES Client\LMT\VMMAN\logs\install
You can also gather the complete set of logs by running the -retrievedebugdata command in VM
Manager Tool.
Log settings
You can change the log settings by editing the log4j.properties file. The following parameters are the
most useful:
v log4j.appender.mylogger.maxFileSize specifies the maximum size of a log file
Default value = 1000 KB
v log4j.appender.mylogger.MaxBackupIndex specifies the maximum number of log files
Default value = 10
Changing the upload schedule

Capacity data collected by VM Manager Tool is uploaded to the BigFix server every 12 hours. You can
change this schedule by removing the default schedule and creating a new one.
Procedure
1. Stop and remove the default schedule.
a. In the navigation tree of the BigFix console, click Actions.
b. Locate the action Schedule VM Manager Tool Scan Results Upload.
c. Right-click the action and select Stop Action. The schedule is stopped.
d. Again, right-click the action and select Delete Action. The schedule is removed.
2. Create a new schedule.
a. In the navigation tree, click Sites > External Sites > IBM BigFix Inventory > Fixlets and Tasks.
b. Select Schedule VM Manager Tool Scan Results Upload.
c. In Description, enter the new frequency in hours.
d. Click Take Action.

e. Select the target computer that has VM Manager Tool installed and click OK. The action is started
under new schedule.
237
Description field.
Results
You set up the new schedule. The data collected by VM Manager Tool is now uploaded to BigFix with
the frequency that you specified.
Forcing the upload of collected data

You can force the collected data to be immediately uploaded to the IBM BigFix server. The data is
uploaded once and no schedule is set.
Procedure
3. Select Force VM Manager Tool Scan Results Upload, and then click Take Action.
4. Select the target computer and click OK.
Results
You uploaded the collected data to the IBM BigFix server.
What to do next
Run a data import in BigFix Inventory to update the data in the user interface.
238
Checking the VM Manager Tool version

Activate the VM Manager Information analysis to retrieve data about the installed version of VM
Manager Tool. You can use the analysis to quickly confirm the successful installation of the tool.
About this task

The VM Manager Information analysis returns information for two properties, VMMAN_Tool_Version,
which specifies the installed version of the VM Manager Tool, and Build_Version, which shows the
details of the build.
Procedure
2. In the navigation bar, click Sites > External Sites > IBM BigFix Inventory > Analyses.
3. Select VM Manager Information and click Activate.
4. After you activate the analysis, open the Results tab. The information about the version and the build
is available next to the name of the applicable computer.
Updating VM Manager Tool

You can update VM Manager Tool to the newest version.
Before you begin

The Update VM Manager Tool task can be activated only if there are any older versions of VM Manager
Tool.
Procedure
239
3. Select Update VM Manager Tool and click Take Action.
Results
You updated VM Manager Tool to the newest version.
Uninstalling VM Manager Tool

Follow the procedure to uninstall the VM Manager Tool from the endpoints and to delete all the related
settings and folders. Uninstallation of the VM Manager Tool is also required if you want to reinstall the
tool.
Procedure
2. In the navigation tree, click Sites > External > IBM BigFix Inventory > Fixlets and Tasks.
3. Select Uninstall VM Manager Tool and click Take Action.
240
Results
You uninstalled VM Manager Tool.
Scanning remote shared file systems

By default, shared file systems are not scanned by the BigFix agent. To scan a shared file system, you
must select the Scan remote shared disks option while configuring a software scan.
About this task

Important: The following two types of shared file systems can be scanned: UNIX Network File System
(NFS) and Windows Common Internet File System (CIFS).
To obtain complete information about the shared disks and the software that is installed on them,
perform the following tasks:
Procedure
1. Run the task Discover Remote Shared Disks to identify the remote shared disks in your
environment.
b. In the navigation tree, click Sites > External Sites > IBM BigFix Inventory > Fixlets and Tasks.
c. In the right section of the window, select the relevant computers and click OK.
241
2. Activate the Shared Disk Information analysis, which gathers remote shared disk information that
was retrieved by the Discover Remote Shared Disks task.
Analyses.
b. In the upper right pane, click Shared Disk Information, and in the lower pane click Activate.
The information about shared disks and the software that is installed on them is available on the
following reports in the BigFix Inventory web user interface:
Information about
Report
Detailed information
Shared disks
Computers (when accessed from the

widget on the home page)
Type of file system, shared disk IP

address, mount point
Scanned File Data
File path
Installation path
Details of a selected software

installation
Installation path
Software that is discovered on shared

disks
All IBM Metrics (after you drill down Path

to a particular computer)
3. Exclude unsupported file systems from scanning:

a. In Analyses, open the Shared Disk Information analysis and click the Results tab to recognize file
systems that must be excluded from scanning.
b. In Fixlets and Tasks, open the Add Excluded Directories task and specify directories or mount
points of unsupported file systems. For more information about excluding the directories, see
Adding excluded directories.
Tip: A mount point is a directory that is at the top of the file system hierarchy. You can verify
whether a directory is a mount point by checking the output of the mount or mountpoint
commands.
c. Run the Add Excluded Directories task against all endpoints that use the unsupported file
systems.
4. Stop the current software scans.
a. In the navigation tree of the console, click Actions.
b. In the upper right pane, find the Initiate Software Scan action.
c. In the lower pane, click Stop.
5. Initiate software scans with the option to scan remote shared disks.
Note:
v Software scans can decrease the performance of a shared disk. If more clients are configured to scan
a shared disk, performance of the disk might decrease drastically and the scanning might take a
long time. It is then recommended to schedule the clients to scan the shared disk at different times,
for example you might want to spread the scanning across many days of the week.
v If the remote disks to be scanned are large, scan timeout problems might occur.
242
Restriction: Automounted remote disks will be scanned only if they are mounted during a scan.
Identifying computers on public clouds

To discover IBM and non-IBM software that is installed on computers that run on public clouds, run a
Fixlet to identify such computers and specify the type of the public cloud on which they run.
About this task

If a computer runs on a public cloud but is not identified as such, it has the No VM Manager Data or No
Scan Data status on the Hardware Inventory report and its PVU value might be incorrectly calculated. To
ensure that PVU is properly calculated, identify computers that run on public clouds and specify the
types of clouds on which they run.
Public clouds that are currently supported by BigFix Inventory include:
v IBM SoftLayer (single- and multi-tenant)
v Microsoft Azure
v Amazon EC2 (single- and multi-tenant)
Procedure
Fixlets and Tasks.
2. In the upper right pane, select Identify Computers on Public Clouds.
3. Choose the type of the public cloud and click Take Action.
Note: If you incorrectly identified a computer as running on a public cloud, choose Remove existing
identification.
4. Select all computers that run on this type of cloud and click OK.
Tip: To check which computers are identified as running on public clouds, activate the Identified
Public Cloud Computers analysis and open the Results tab.
Results
A computer that runs on a public cloud is assigned the number of PVUs that is specified in the IBM
Eligible Public Cloud BYOSL policy. PVU consumption for the software that is installed on such a
computer is properly calculated.
Importing software scan data

The inventory results are stored on your BigFix server. To import software scan data, the software catalog
and other settings that changed since the last update, you must extract the data from BigFix server and
load it into BigFix Inventory.
Before you begin

Procedure
243
Configuring catalog servers

Software Knowledge Base Toolkit can serve as a catalog server. Before the first import, you can optionally
define the location of your software catalog server, so that BigFix Inventory can automatically gather
catalog updates from that server.
Before you begin

v
v You must have Tivoli Software Knowledge Base Toolkit installed in your infrastructure.
About this task

Configure the catalog server before the first import of the software catalog. Otherwise, assistance of the
IBM support will be needed to reconcile catalog versions.
Starting from application update 9.0.1.2, you can configure the catalog server at any point of time.
Procedure
1. In the top navigation bar, click Management > Catalog Servers. The default Software Knowledge
Base Toolkit host and port number are specified in the table.
2. To change the default settings, click the row in the table with the localhost:12344 server data, modify
the data, and click Save.
3. To verify that the connection is configured correctly, click Check Connection.
Results
You have configured your catalog server. The most recent publication is now automatically pulled in
from that catalog server during the import. Note that the software catalog must be published in Software
Knowledge Base Toolkit for the automated catalog update to be possible.
Starting the server

Depending on the operating system that you chose for the installation of BigFix Inventory, either start the
server by running the BFIserver or the srvstart.bat file.
244
Linux icon Starting the server on Linux

To start the server, run the BFIserver script. If the server does not start after running the script, start the
DB2 instance and then rerun the script.
Before you begin

You must be the user who installed BigFix Inventory or have root privileges to perform this task.
Procedure
1. Run the following command to start the server:
/etc/init.d/BFIserver start
2. Optional: If the server does not start after running the script, start your DB2 instance and then restart
the server:
a. Log on to the computer where DB2 is installed. You must be a DB2 instance owner.
b. Type db2start at the command line. The DB2 instance starts.
Windows icon Starting the server on Windows

To start the server, run the srvstart.bat file.
Procedure
2. Open cli.
3. Run srvstart.bat.
Stopping the server

Depending on the operating system that you chose for the installation of BigFix Inventory, either stop the
server by running the BFIserver script or the srvstart.bat file.
Linux icon Stopping the server on Linux

To stop the server, run the BFIserver script. If the server does not start after running the script, start the
DB2 instance and then rerun the script.
Before you begin

You must be the user who installed BigFix Inventory or have root privileges to perform this task.
Procedure
1. Run the following command to stop the server:
/etc/init.d/BFIserver stop
2. Optional: After stopping the server, you can also stop the DB2 instance:
a. Log on to the computer where DB2 is installed. You must be a DB2 instance owner.
b. Type db2stop at the command line. The DB2 instance starts.
Windows icon Stopping the server on Windows

To stop the server, run the srvstop.bat file.
Procedure
2. Open cli.
245
3. Run srvstop.bat.
Managing multiple data sources

Computers in an organization can be divided into organizational units and monitored by multiple BigFix
infrastructures. Each such an infrastructure is referred to as a data source. Data from multiple data
sources can be imported to one instance of BigFix Inventory.
About this task

Definition of a data source
A data source should be viewed as a BigFix server and the clients that report to that server. Thus,
a data source is the infrastructure from which BigFix Inventory imports the scan data.
Organizations can define multiple data sources that mirror various types of organizational units
such as departments or countries in which the organizations have their branches.
Hardware requirements
When you review the hardware requirements for your total BigFix Inventory infrastructure and
you want BigFix Inventory to import data from multiple data sources, you must add the numbers
of your BigFix clients to obtain the total size of your environment. You can then designate a
physical server or virtual machine that is capable of handling large data imports (ETL) and has
the capability to process a large amount of data.
Import of data from multiple data sources
During the import of data to BigFix Inventory, connectivity to all data sources is checked. If any
of the data sources is not reachable, the entire import fails. Ensure that all data sources are
reachable during the import.
BigFix Inventory
server
IBM BigFix
server
IBM BigFix
client
Database
IBM BigFix
server
Database
IBM BigFix
client
IBM BigFix
client
IBM BigFix
client
Data source 1
Database
IBM BigFix
client
IBM BigFix
client
Data source 2
Important: You can configure multiple data sources of the same type, for example two BigFix Inventory
data sources. This means that you cannot have a BigFix Inventory and a License Metric Tool
infrastructure that provide data for BigFix Inventory.
For more information, see:
v BigFix Inventory hardware requirements.
v Scalability Guidelines
246
Adding a data source

Procedure
1. In the upper right corner click Management > Data sources.
2. In the upper left corner of the horizontal navigation bar, click New. A new form opens in the lower
pane.
3. Provide the unique name for the new data source.
4. Select the database type from the Database Type drop-down list.
v If you choose DB2, perform the following steps:
a. Specify the host, port, and database name.
b. For server authentication, specify a user name and password.
v If you choose SQL Server, perform the following steps:
a. Specify the host and database name.
b. Select the authentication type.
c. For SQL server authentication, specify a user name and password.
5. Click Create.
Note: You can also create a web reports data source by providing the same information on the right
side of the pane.
Deleting a data source

Procedure
1. In the upper right corner click Management > Data sources.
2. In the upper pane, click the data source that you want to delete.
3. In the upper left corner of the horizontal navigation bar, click Delete.
Results
You deleted all data for computers that belong to this data source.
Updating the database password

You can update the database user password when needed, for example if the password is changed and
users cannot log in to IBM BigFix Inventory.
Before you begin

Before you can run the security utility you must set the JAVA_HOME environment variable, for example
export JAVA_HOME=install_dir/jre/jre.
Procedure
1. Log in to the server where IBM BigFix Inventory is installed.
2. Run the following command and enter the new password for the database user.
install_dir/wlp/bin/securityUtility encode
The password is returned as an encrypted string.
3. Edit the following configuration files, and enter the new encrypted password.
v install_dir/wlp/usr/servers/server1/server.xml
Copy the new encrypted password to password, for example:
properties.db2.jcc databaseName="TEMADB" driverType="4" enableExtendedIndicators="2"
password="{xor}Bq141231" portNumber="50000" serverName="localhost" user="db2inst1"
247
Be sure to keep the double quotation marks around the encrypted value for the password.
v install_dir/wlp/usr/servers/server1/config/database.yml
Copy the new encrypted password to encrypted_password.
4. If you use the same user for the IBM BigFix database, you must also update the password in the
following locations:
a. Go to the installation directory of the BigFix server, and edit the besserver.config file. Copy the
encrypted password as the value of the _BESServer_Database_Password property. Be sure to keep
the double quotation marks around the encrypted value.
b. In IBM BigFix Inventory, click Management > Data Sources. Enter the new password for the
database user and click Save.
5. Restart the IBM BigFix Inventory server.
248
Chapter 6. Managing software inventory

The topics in this section provide information about how to discover software in
your IT infrastructure. You can check how to generate and view reports, analyze
the findings, and adjust all processes and functions for creating these reports.
Software asset management dashboard

The software asset management dashboard provides you with a quick overview of the most important
information about the software assets in your infrastructure. It includes information about the software
catalog, part numbers, the status of software assignment confirmation, and completeness of the data that
is used for capacity calculation.
IBM Capacity Data Completeness

The widget shows whether agents are correctly configured to collect data related to hardware and
software that is present in your infrastructure. A computer can have an incomplete and inactive scan at
the same time. Information about capacity data is not collected from Mac computers. Therefore, the
widget does not include data from Mac computers.
1 Links to the Inventory Data report with
results narrowed down to computers with the
particular status.
2 The number of computers with a
particular status.
3
A link to the VM Managers panel.
IBM PVU Subcapacity

The widget presents products with the highest PVU consumption rate. It shows how many PVUs a
product consumes but does not relate this information to your license entitlements. A maximum of five
products are displayed by default. The accuracy of data that is displayed on the chart depends on when
the scan data was imported, whether the PVU table is up-to-date, and whether software assignment was
modified. If any of these factors was altered, an appropriate message is displayed on the widget.
No Data
Indicates that no data is available. It might occur when the data from the scans was not
uploaded, the upload of the data has not finished yet, or inventory scans do not work properly.
The message is no longer displayed if data from at least one agent is successfully updated.
249

1
The PVU consumption rate of a product.
2 A link to the whole IBM PVU

Subcapacity report.
1
The current version of the PVU table.
4 A link to the website on which you can

check whether a new version of the PVU
table is already available.
A link to the Metric Table Upload panel

on which you can upload a new version of
the PVU table.
3
4
5

The widget presents the number of confirmed and unconfirmed software installations in your
infrastructure. The accuracy of data that is displayed on the chart depends on when the scan data was
imported and whether the part numbers file is up-to-date. If any of these factors were changed, an
appropriate message is displayed on the widget.
No Data
Indicates that no data is available. It might occur when the data from the scans was not
uploaded, the upload of the data has not finished yet, or inventory scans do not work properly.
The message is no longer displayed if scan data from at least one agent is successfully updated.
1
2
3
4
5
1 A link to the IBM Software Classification

panel with results narrowed down to
software installations whose assignment was
confirmed.
panel with results narrowed down to
software installations whose assignment is not
confirmed yet. Go through these items and
either confirm their default assignment or
reassign them to different products so that all
installations in your infrastructure are
confirmed.
panel.
4
The date when the last part numbers file

was imported.
A link to the Part Numbers Upload panel
on which you can upload a new part
numbers file.
Inventory Data
The widget presents a summary of the IBM software that is installed in your infrastructure, computers,
and computer groups in your infrastructure.
250

1
A link to the Software Installations report.
A link to the Computer Groups report.
A link to the Computers report.
Inventory Exploration
The widget presents top five publishers with the largest number of defined contracts defined. The
publishers are ordered according to the number of computers on which their software is installed,
regardless of the number of contracts.
1 The number of products from a particular
publisher.
A link to the Software Installations report.
A link to the Contracts panel.
Software Catalog
The widget presents links to the publishers, software products, versions, releases, components, and
signatures in the current catalog.
251
1 Catalog overview links for all publishers,

software products, versions, releases,
components, and signatures in the current
catalog.
2
2
3
4
5
Name of the catalog provider.
3 Information about the current version of

the catalog.
4
Information about the current version of

the custom catalog content.
The date when the software catalog was
last edited.
Catalog search field.
Maintaining accurate software inventory

When you know that a particular software item is installed in your infrastructure but is not displayed in
BigFix Inventory, you must customize your software catalog so that your software inventory is accurate.
About this task

The following workflow presents one way of maintaining accurate software inventory and is intended as
a starting point for new users. You can use your own method of ensuring that your software inventory is
up-to-date and accurate.
252
Start the process of verifying

software detection and updating
the catalog
1. View software inventory. If there are software

detection problems, troubleshoot them. For more
information, see the topic Troubleshooting software
inventory problems in the Troubleshooting guide.
View software inventory
2. Optional: If there is a newer version of the

software catalog, update the catalog.
Is software inventory
missing from any computers?
YES
NO
Troubleshoot software
detection problems
Are any software

items missing?
YES
NO
Update the catalog

(optional)
You have accurate

software inventory
What type of
a signature is
required?
SIMPLE
Import the latest catalog to

(optional)
Create a signature in
BigFix Inventory
Add a signature to
an existing hierarchy
COMPLEX
YES
Is the software
item in the catalog?
NO
Publish the
customized catalog
Create the software hierarchy

and add a signature
Import software scan data

from IBM BigFix
Your software inventory should be accurate after the scan data import.
3. If a software item that is installed in your

infrastructure is not displayed in BigFix
Inventory, customize the software catalog.
Analyze the Raw Usage Data or Scan Data
report and identify a file, registry entry, or other
type of information that can be used to identify
the software item or its usage. If the software
item can be detected with a simple signature,
that is a file or an installation package, create a
signature by using the simple catalog
management functionality that is available
directly in BigFix Inventory.
If the software item cannot be detected with a
simple signature, use Software Knowledge Base
Toolkit to create a complex signature.
Important: A signature can be edited only in the
application in which it was created.
4. Optional: Check the version of the software
catalog in Software Knowledge Base Toolkit. If a
newer version is available, import the catalog.
5. If the software item exists in the software
catalog, add the signature to the existing
hierarchy.
6. If the software item does not exist in the catalog,
create the software hierarchy and then add the
signature.
Important: After you start customizing your
software catalog in Software Knowledge Base
Toolkit, you can no longer import the latest IBM
catalog directly to BigFix Inventory. You must
use Software Knowledge Base Toolkit to keep
your catalog customization.
7. Publish the catalog that you customized in
Software Knowledge Base Toolkit to make it
available for BigFix Inventory.
8. Importing software scan data. The inventory
results are stored on your BigFix server. To
import software scan data, the software catalog,
and other settings that changed since the last
update, you must extract the data from the
BigFix server and load it into BigFix Inventory.
Software catalogs
To correctly identify components of software products in your infrastructure, ensure that your software
catalog is always up-to-date. Periodically import a new catalog that contains the most recent software
products. Also, manually add products that are installed in your infrastructure but do not have
corresponding entries in the catalog.
253
Catalog customization process

The process of adding custom signatures to the software catalog requires careful planning and
consideration. It starts with identifying products that you expect to discover but are not reported or are
missing from the software catalog. Next, you should organize your work to ensure that the most
important products are given the highest priority. Then, you determine what files or packages can be
used to detect the software and report its usage. Finally, you can create the signatures.
Note: BigFix Inventory is intended for software inventory and license management. It is suggested that
you extend the software catalog for those purposes only.
Process input
The input to the catalog customization process is a list of software products that you want to be
discovered. The list can be based on the general knowledge of your environment and the procurement
data. As the discovery, monitoring, and license management of every software product require extra
effort, target products on the basis of license expenses. Focus on a few selected products and adopt an
iterative approach instead of trying to work on all products simultaneously.
Required skills
A set of skills that are helpful during the creation of the custom catalog content includes:
v General knowledge of the software products that are used in your company, their architecture, and
licensing models
v General knowledge of the operating systems on which the software is installed
Step 1: Prioritize the work

Before you start adding custom signatures to the software catalog, prioritize your work. Start with
products that are critical from the business perspective. Then, iteratively continue with the remaining
products until all software that is used in your company is discovered.
To optimize your work on the custom catalog content, adopt an iterative approach. Start by grouping all
software products that are used in your company into software families and focus on one software family
per iteration. Analyze and create software signatures for all products that belong to the family on which
you are working. If a software family is too extensive, split it into smaller groups, for example based on
editions or distributions. The iterative approach allows for continuously extending the catalog content
and verifying its correctness at the same time. Thus, you can gain more benefits in less time.
Step 2: Analyze your software

Extend the software catalog only with information that is related to products that are used in your
company but are not reported or do not exist in the catalog. Consult the product administrators and
available documentation to gather information that is related to the product architecture and licensing
model.
To gather basic information about a software product, work with the administrator who is responsible for
its installation and has the knowledge of its architecture and licensing model. Try to establish a reference
installation. Investigate the architecture of the product to obtain the following details:
v Separately installable pieces (components) that constitute the product and are important for discovery
or licensing purposes
v Version number of each component
v Ways to check whether the component is installed
v Platforms on which the component can be installed
v Licensing model
254
If the product administrator is unable to provide the information necessary for creating the licensing
model, consult the available documentation. It can be found on the installation media, in the product
installation path, license agreements, installation instructions, or online resources.
Step 3: Review information about files and packages

To identify candidates for software signatures, review information about files and packages that exist on
the computer where a particular software product is installed.
Candidates for file and package signatures

Most efficient signatures are file-based signatures with constant size that is different for each release or
signatures that are based on package data where a wildcard (*) can be used. In both cases, the file and
package data should be removed during the product uninstallation or changed during the product
upgrade or downgrade.
When you are looking for candidates for such signatures, always check:
v Whether any product documentation describes methods for determining the product edition and
release based on files or package data
v Whether the product name and version can be unambiguously determined, for example, by the file
name
v Whether there are any component-specific files:
Executable files whose version, part of version, or size is specific to the particular release
Files whose name or its part is specific to the particular release
Files whose content defines the product name and version
Other files with constant size, for example, a graphic that contains the product release number
Libraries with version or constant size
v Whether there are application-specific packages
Do not create signatures that are based on:
v Shared or external libraries
v Files that can be used by another product
v File names that are commonly used, for example, readme.txt
Available reports
Use one of the following reports to identify candidates for signatures.
Package Data
The report provides information about the packages that are installed on the computers in your
infrastructure. To find a package that can be used as a signature, filter the report to the data from
the computer on which the particular software product is installed.
Scanned File Data
The report provides information about files that were detected on the computers in your
infrastructure. To find a file that can be used as a signature, filter the report to the data from the
computer on which the particular software product is installed. To further narrow down the
results, specify the whole or part of the path to the directory where the software is installed.
Then, look at the following columns. If the value in both columns is false, the file is not used for
software detection and can be used to create a new signature.
v Recognized - the column shows whether the file was recognized as part of an existing
signature
v Caused Detection - the column shows whether the file contained enough information to cause
detection of the related software
255
Important: The columns are not available by default. To display them, enable the aggregation of
unrecognized scan data. It generates a ranking of 1000 files that are most commonly encountered
in your infrastructure but do not produce matches for any signature. Go to Management >
Unrecognized Scan Data and choose whether you want to aggregate the data after every import
or after the next import only. The aggregation consumes lots of resources and slows down the
import. If you choose to aggregate the data after the next import only, you can periodically repeat
it to ensure that the data is up-to-date.
To display the columns on the Scanned File Data report, click Configure View and select the
appropriate check boxes.
The files with any file extensions can be used to create software signatures.
Unrecognized Files
The report creates a ranking of files that are most commonly encountered in your computer
infrastructure but do not produce matches for any signature. The ranking of 1000 file names is
separate for each computer group. It is based on the number of computers on which the files
were detected, the number of copies of a particular file, and the alphabetical order. The files are
listed by name with no regard to their size or version metadata. To access such detailed
information, click the file name.
Step 4: Create component signatures

Use the following guidelines to avoid common mistakes and to create the most accurate signatures that
better recognize software.
To obtain the best results, try to create signatures that meet the following requirements:
v The signature is based on the main executable file of the software.
v The signature combines the main executable file of the software with package data if it is available.
v The signature discovers only one release. If it discovers release 7.2, it cannot be valid for releases 7.1 or
7.3.
v The signature is generic and discovers a particular release and all its mod-releases and fix packs. To
ensure that the signature is generic:
Use a wildcard (*) in the package version, for example: 7.2.*
If you use a dot (.) in the package version, the dot is also matched with a dash (-). For example, if
you specify the package version as 4.9.3.1*, version 4.9.3-1.el1 is also matched.
If you specify a version without the wildcard, the signature also matches a package that contains a
comma in the version number. For example, if the package version is 11.10.1,REV=2005.01.21.15.53,
signatures that have the following package version specified match it:
- 11.10.1
- 11.10.1,REV=2005.01.21.15.53
Signatures that have the following package version specified do not match it:
- 11.10
- 11.10.1,REV=2005.02.14.12.32
Specify the version of the file rather than its size
If a signature combines a file and package data and neither of them has a version, accept a file with
any size
Tip: If you are unable to cover all fix packs and mod-releases, combine separate conditions for each of
them.
Version of the software that is provided in the package and in the file might sometimes be inaccurate and
might not match the version that is displayed in BigFix Inventory. If such a discrepancy occurs, ensure
256
that the proper version is defined in the software catalog. Consider creating more specific rules for
handling issues that are related to software versioning.
Downloading the software catalog

The catalog is downloaded from the BigFix server by using the Software Catalog Update fixlet.
Before you begin

If the computer where the BigFix server is installed does not have the Internet access, ensure that the
content of the BigFix Inventory fixlet site is up-to-date. For more information, see: Updating the fixlet
site.
About this task

The Software Catalog Update task allows you for downloading the software catalog, charge unit data,
and the part numbers file. Charge unit data consists of information about charge unit definitions, their
relations with products, and additional parameters. The part numbers file contains information about part
numbers that are used for software licensing purposes. If you want to update all of the files, you can
download a single compressed file with the software catalog, charge unit data, and the part numbers file.
If you want to update only one of the files, you can download either the software catalog or a
compressed file with charge unit data and part numbers.
If the task is not applicable, see Catalog problems.
Procedure
In the navigation bar, click Sites > External Sites > IBM BigFix Inventory > Fixlets and Tasks.
In the upper-right pane, click Software Catalog Update, and then click Take Action.
Choose which files you want to download:
v The software catalog, charge unit data, and the part numbers file compressed into a single file
v Only the software catalog
v Charge unit data and part numbers compressed into a single file
5. Click the name of the computer to which you want to download the files, and click OK.
1.
2.
3.
4.
Results
Depending on the option that you chose, the following file is downloaded:
v BFI_month_year.zip that contains the software catalog in the XML format and two CSV files with
charge unit data and part numbers
v BFI_month_year.zip that contains the software catalog in the XML format
v ChargeUnits_date_dataversion_version.zip that contains two CSV files with charge unit data and part
numbers
The file is downloaded to the following location:
Windows
Linux
257
What to do next
Copy the file to the computer from which you access the BigFix Inventory web user interface and update
the catalog.
Updating the software catalog

Regularly update the software catalog and check for updates every month to keep your software
inventory up-to-date. If you do not edit the content of the software catalog that is provided by IBM or
use the built-in catalog management functionality, update the catalog directly in BigFix Inventory.
Before you begin

About this task

This procedure describes how to update the software catalog directly in BigFix Inventory. Follow these
steps if you do not edit the content of the software catalog or if you use the built-in catalog management
functionality to create your customized catalog content. If you customize the catalog content in Software
Knowledge Base Toolkit, see: Updating the software catalog in Software Knowledge Base Toolkit on
page 272.
Procedure
1. Download the catalog.
2. In the navigation bar, click Management > Catalog Upload.
3. Click Browse and select the appropriate compressed file.
Windows
4. To upload the file, click Upload.
Linux
Results
The software catalog file and the charge unit data are listed in the Upload and Import History table.
Their status is Pending until you run the import. During the import, scanner catalogs that are used to
discover software are created and automatically distributed to the endpoints. If the automatic distribution
fails, endpoints on which the catalogs were not updated have the Outdated Catalog status on the Scan
Health widget. You must manually update scanner catalogs on these endpoints.
Creating and deleting custom catalog entries

To ensure that all software items that are installed in your infrastructure are discovered, create custom
signatures. You can create them from scratch or directly from the Package Data and Scanned File Data
reports.
258
Before you create custom signatures, check the signature community. It is a place where you can find
custom signatures that are created by members of the community. You can download such signatures and
import them to BigFix Inventory. After you create your custom signatures, consider contributing the
community.
Searching the catalog

You use the search feature to quickly locate software items in which you are interested. Software items
are structured into hierarchies that consist of the software publisher, title, version, release, component,
and signature. You can search for the software by any of these categories.
Before you begin

Procedure
1. In the top navigation bar, click Home.
2. In the Catalog Search area, enter a part or all of the publisher, title, version, release, component, or
the signature name for which you want to search. For example, to search for software products that
are published by IBM, you can enter IB, BM, or IBM.
3. Click Search.
Results
The search results are displayed in Catalog Search. You can drill down through the results to view more
detailed information.
Creating custom catalog entries

You can use the built-in functionality to add software products that are installed in your infrastructure
but are not present in the IBM catalog to your custom catalog.
Before you begin

Procedure
1. In the top navigation bar, click Management > Catalog Customization, and then click New.
2. In the Create Catalog Entry window, provide the publisher name, product name, and release number.
259
3. Select any conditions that must be met for the software item to be discovered.
v To create an installation package signature, select the first condition, and specify the name of the
package, its version, and vendor.
v To create a file signature, select the second condition, and specify the name of the file and its size
or version. If neither the file size nor the version is relevant, select Any size or version.
Tip: If you select one condition and specify multiple files or installation packages, if the condition is
met for any of them then the software item is discovered. If you select both conditions, at least one
file and one installation package must be detected for the software item to be discovered.
Important:
v If you add a rule with common executable files or other popular file types, you need only to run
the data import once and software inventory is available in the web user interface after the import.
The popular file extension list includes the following file types:
*.bin, *.com, *.ear, *.exe, *.ocx, *.pl, *.sh, *.sys, *.BIN, *.EAR, *.PL, and *.SH.
v If you added a rule with non-standard file extensions, you must either wait until all the steps in the
catalog data flow finish or complete those steps yourself. To have accurate inventory data:
a. Run a data import to propagate the catalog to the endpoints.
b. Verify that the catalog was propagated successfully.
c. Run a software scan.
d. Upload the scan data to the BigFix Inventory server.
e. Run the second data import.
For more information, see Software discovery process after customizing the catalog on page 265.
Note: File rules for both common executable files and non-standard extensions are only supported on
Windows endpoints if version is specified.
4. To save the catalog entry, click Submit.
260
Results
You added a software signature to your custom catalog, and it can now be used to detect software or its
usage. Although you added a new signature, the custom content version of the software catalog does not
have to change. The version is updated only for signatures that are based on non-standard file extensions.
For more information, see Software discovery process.
Editing custom catalog entries

You can use the built-in catalog management functionality to edit publishers, software products, and
releases that exist in your custom catalog.
Before you begin

About this task

Restriction: When you edit the name of a publisher, product, version or release you cannot change it to a
name that already exists in the custom catalog.
Procedure
1. To
a.
b.
c.
edit a publisher that exists in your custom catalog:

In the top navigation bar, click Management > Catalog Customization.
In the left pane navigation tree, search for the name of the publisher and click it.
Edit the name and add the website address of the publisher, and click Save.
2. To edit a software product or release that exists in your custom catalog:

a. In the top navigation bar, click Management > Catalog Customization.
b. In the left pane navigation tree, search for the name of the software product, its version, or release,
and click it.
c. Edit the details of the entry, and click Save.
Deleting custom catalog entries

You can use the built-in catalog management functionality to delete entries from your custom catalog.
261
Before you begin

Procedure
1. In the top navigation bar, click Management > Catalog Customization.
2. In the left pane navigation tree, search for the entry that you want to delete.
3. Click the entry that you want to remove from your custom catalog, and click Delete.
Important: You can delete an entire hierarchy, that is a publisher, software product, version, release,
component, and signature simultaneously. However, you cannot delete multiple entries, for example
multiple publishers, at the same time.
Creating signatures from package data

You can use package data to amend your custom catalog. You can add signatures for software products
that are installed in your infrastructure but are not present in the IBM catalog. You identify the product
name, or another piece of information that can be used to identify the software and add the signature.
Before you begin

You must have the View Endpoints and Manage Catalogs permissions to perform this task.
Procedure
1.
2.
3.
4.

In the top navigation bar, click Reports > Package Data.
To filter the report data, click Configure View and specify the appropriate filtering options.
In the Name column, look for the location where the missing software title is installed. Click the
arrow on the right from the Name of the file that you want to use as a signature, and click Create
Signature.
262
Tip: The most efficient signatures are file-based signatures with a constant size that is different for
each release, or signatures that are based on registry entries where a wildcard (*) can be used. You can
use a wildcard in the Name, Version, and Vendor fields for a package. A wildcard represents any
string and can be combined with other characters. For example, you might use IBM * SDK for Java,
5.*, * for the name, version, and vendor.
Important: If you create an entry that exists in the software catalog an informational message is
displayed, and both signatures are saved in the catalog.
Results
usage. When you create signatures from package data, the custom content version of the software catalog
remains the same, because the signatures are matched on the server side, and no new catalog needs to be
created.
Creating signatures from scanned file data

You can use scanned file data to amend your custom catalog. You can add signatures for software
products that are installed in your infrastructure but are not present in the IBM catalog. You identify the
file name, or another item of information that can be used to identify the software and add the signature.
Before you begin

You must have the View Endpoints and Manage Catalogs permissions to perform this task.
Procedure
1. Log in to BigFix Inventory.
2. In the top navigation bar, click Reports > Scanned File Data.
3. To filter the report data, click Configure View and specify the appropriate filtering options.
a. Optional: Select the Recognized and the Caused Detection check boxes to add two columns to the
view of scan data.
263
v The Recognized column shows whether the file was recognized as part of an existing signature.
If the value is true, the file meets one or all conditions of the signature.
v The Caused Detection column shows whether the file contained enough information to cause
detection of the related software.
4. Optional: In the File Path column, look for the location where the missing software title is installed.
5. Click the arrow on the right from the File Name that you want to use as a signature, and click Create
Signature.

Important: If you create an entry that exists in the software catalog, an information message is
displayed, and both signatures are saved in the catalog.
8. To make the signatures available for software detection, click Reports > Import Now, or wait for a
scheduled import.
Results
usage. When you create signatures from scanned file data, the custom content version of the software
catalog remains the same, because the signatures are matched on the server side, and no new catalog
needs to be created.
264
Software discovery process after customizing the catalog

You can identify software that matches your catalog customizations in two different ways depending on
the custom signature.
Case 1: Common executable files and other popular file types
If you created a custom signature, that is based on package data or file data such as common
executable files, then you must run a data import to pull the latest scan data from the BigFix
server. The new data is compared with the latest catalog and the updated software inventory is
displayed in the web user interface.
The addition of a custom

signature to the software
catalog
Web browser
Computer 1
Computer 2
2
BigFix
Inventory
server
Data import
The latest raw file data is imported
and compared with the software
catalog.
BigFix
server
5
2
BigFix server
database
BigFix
Inventory
database
4
The popular file extension list includes the following file types: *.bin, *.com, *.ear, *.exe, *.ocx,
*.pl, *.sh, *.sys, *.SH, *.BIN, *.PL, and *.EAR.
When you create signatures based on these file types, the custom content version of the software
catalog remains the same, because no new catalog is created. The data is pulled from your
endpoints and matched against the signatures on the server side.
Case 2: Non-standard file types
If you added new software signatures to the software catalog and those signatures are based on
files other than common executable files, you must either wait until all the following steps in the
catalog data flow complete or complete those steps yourself.
265
The addition of a custom

signature to the software
catalog
Web browser
BigFix console
Computer 2
Computer 1
2
BigFix
Inventory
server
Data import
Catalog with new signatures
is distributed to the endpoints.
BigFix
server
5
2
BigFix server
database
Next data import

The data is available in the web UI.
BigFix
Inventory
database
Upload of
software scan
results
BigFix Client
Raw files are uploaded

to the BigFix server.
BigFix Client
BigFix client
Software scan (file and catalog-based)

The new catalog is used for software detection.
When you create signatures based on non-standard file types, the custom content version of the
software catalog changes, because the new catalog is created and distributed to your endpoints.
The catalog containing the new signatures is matched against the data on your endpoints.
Exporting and importing custom signatures

You can export custom signatures to an XML file and import them to a different instance of BigFix
Inventory to augment you custom catalog. You can also import signatures that are published on the
signature community or export your custom signatures and contribute them to the community.
Before you begin

About this task

The signature community is a place where you can find custom signatures that are created by members
of the community. You can download such signatures and import them to BigFix Inventory. You can also
export your custom signatures and contribute them to the community for other members to download.
Exporting signatures
Use the following procedure to export your custom signatures.
Procedure
1. In the top navigation bar, click Management > Catalog Customizations.
2. Click Export Mode.
266
3. Select the signatures that you want to export by checking the appropriate check boxes. You can select
individual signatures, all signatures for a publisher, or all signatures for all publishers.
Note: To exit export mode and return to edit mode, click Edit Mode.
4. Click Export. Each signature is exported to a separate XML file. Multiple files are compressed into one
file.
5. Save the file.
Importing signatures
Use the following procedure to import custom signatures.
Before you begin

The XML files or compressed file must be available in a location that is accessible to BigFix Inventory.
Procedure
1. In the top navigation bar, click Management > Catalog Customizations.
2. Click Import to open the Import Signatures window.
3. Import the file. Signatures are imported from individual XML files or a compressed file with valid
signature XML files.
a. Browse to the location of the file that you want to import.
b. Select the file and click Import.
c. Click Done.
Results
The imported signatures are available in the Catalog Customizations window. They are now used by
software scans to discover software in your environment.
Synchronizing software catalog content with other BigFix Inventory

instances
You can export your custom catalog content from one instance of BigFix Inventory and import it into
another to merge the custom data. It is useful if you maintain separate instances of BigFix Inventory for
test and production sites. In such case, you can reuse the custom catalog content instead of creating the
new one.
Before you begin

Restriction:
v The catalog is exported in to the native format. This format overwrites the existing catalog, so it can be
imported only into a fresh installation of BigFix Inventory before the initial import.
v You can transfer custom catalog content only between two instances of BigFix Inventory if they have
the same version, for example 9.2.1.
About this task

When you export the custom catalog content from BigFix Inventory, an XML file that contains all catalog
entries is saved to your computer. Then, you must log in to the instance of BigFix Inventory to which you
want to import the custom catalog content and upload the XML file.
267
Procedure
1. Log in to the instance of BigFix Inventory from which you want to export the custom catalog content.
3. In the Catalog Export section, click Export. An XML file with your custom catalog content is saved to
your computer.
4. Log in to the instance of BigFix Inventory to which you want to import the custom catalog content.
6. Click Browse, select the XML file with your custom catalog content, and click Upload.
Results
The software catalog file is listed in the table. The status is Pending until you go to Management >
Imports, and click Import Now to process new changes.
Managing the catalog content in Software Knowledge Base Toolkit

You can use the catalog management functionality that is available in BigFix Inventory to create your
custom software catalog. However, this functionality cannot be used to create complex signatures. If you
want to create such signatures, use Software Knowledge Base Toolkit.
Software model
Software items can be classified into two software types: software products and components. In Software
Knowledge Base Toolkit, for all those types, you can define software hierarchies, which consist of the
parent product level, versions, and releases.
Software types
The software types into which you can classify software items that are stored in the knowledge base
differ in terms of licensing attributes and the types of dependencies that can be defined for them. The
software type determines the role that the software item can play in relation to other items.
Software product
A logical unit of software packaging and sharing that has a managed development and
maintenance lifecycle and customer visible attributes. It can be a collection of components and
other products whose licensing may be dependent on the licensing of the product as a whole.
Component
A unit of software, which cannot be offered and licensed independently of other software items.
It cannot be installed separately but it can be detected as installed or running on computer
systems by means of its own signatures. It can be assigned to products and shared between many
different product definitions.
The structure of those items in the knowledge base is hierarchical - components can be assigned to
software products and products can be bundled into more complex products. A graphic representation of
the structure is shown in the figure below. Many components can be assigned to one product, and that
the same component can be assigned to many products. Similarly, many products can be assigned to one
product, and one product can be shared between many products. The software item to which one or
more other items are assigned is referred to as the enclosing software item.
268
An example of a structure in which two products are bundled
Product
Office (product)
Word (product)
Version
Office 2010
Office 2007
Word 2010
Word 2007
Word 2010
Professional
Word 2007
Professional
Release
Office 2010
Standard
Office 2007
Professional
Office 2010
Professional
Components
Word 2010
Word 2007
Signatures
File signature:
word.exe version 2010
File signature:
word.exe version 2007
Software levels
The following tables present terminology differences between Software Knowledge Base Toolkit and
BigFix Inventory.
Table 67. Differences in software hierarchy
Software Knowledge
Base Toolkit
BigFix Inventory
Description
Product
Software product
It is the root of the hierarchy. It groups all the versions of a

software item. Some of the attributes that are specified for the
product are inherited by subordinate levels of the hierarchy.
Every software hierarchy can contain only one parent product.
Version
Software version
It is a separately licensable software item immediately

subordinate to the parent product. It can group one or more
releases.
269
Table 67. Differences in software hierarchy (continued)

Software Knowledge
Base Toolkit
BigFix Inventory
Description
Release
Software release
It is a separately licensable software item immediately

subordinate to an item at the version level. It can only be
subordinate to one version.
Variation
Software release
It is a modification of a release (for example, a patch or a fix

pack) which can be separately identified during software scans
and influences the discovery of the release to which it is
subordinate. It cannot be licensed individually. Variations are
converted into software releases during data import from
Software Knowledge Base Toolkit to BigFix Inventory and
some precision is lost at that stage.
Table 68. Differences in component-related information

BigFix Inventory
Product component
Component version
Component release
Software component
Component variation
270
Graphical representation of changes in the software model
IBM software model

Software Use Analysis
Product
Component product
Software title
Product version
Component version
Software title
version
Product release
Component release
Software title
release
Software relationship
Software component
Signature
Signature
Independent Software Vendor model

Software Use Analysis
Product
Software title
Product version
Software title
version
Product release
Software title
release
Software component
Signature
Signature
Software Knowledge Base Toolkit signatures supported in BigFix Inventory

In Software Knowledge Base Toolkit, there are eight types of signatures that can be defined for software
items and used to detect those items on computer systems. Five of them are supported in BigFix
Inventory. Every signature depending, on its type and function, can be classified as a recognition
signature, a monitoring signature, or a signature used both for recognition and monitoring.
For more information about Software Knowledge Base Toolkit signatures, see the section Managing
software signatures in Software Knowledge Base Toolkit 1.2.2 documentation.
Table 69. Types of signatures supported in BigFix Inventory
Signature
type
File
Description
A generic file that is
always installed with a
specific release of the
item.
Recognition
function
Monitoring
function
Example
v File name: BBPICVU.EXE
Yes
Yes
v Size: 474112
271
Table 69. Types of signatures supported in BigFix Inventory (continued)

Signature
type
Installation
registry
Filter
Description
A key that is recorded in
the operating system
installation registry or the
InstallShield
MultiPlatform (ISMP)
registry when a software
item is installed.
A signature that is used
to identify software items
that were installed on a
computer system via an
installation package.
Windows
registry
A key that is recorded in

the Windows registry
when a software item is
installed.
Common
Inventory
Technology
(CIT) XML
A native representation of
a signature in Common
Inventory Technology.
Recognition
function
Monitoring
function
Example
v Key: csm.client
Yes
No
v Value: Cluster Systems Management Client

1.4.0.0
v Source: operating_system
v Package name: new_package

Yes
No
v Package version: 20.4.76*

v Package vendor: new_vendor
Key:
Yes
No
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\{79DA
B940-B5EA-DBED-A348-B1B687CE38A6}\
Signature content:
<Variable name="IS_INSTALLED" export="
true"><PackageInfoEqual provider="os"
code="SNbnr" value="Core OS 1.7.0 SNbn
r" /></Variable>
Yes
No
<Variable name="IS_INSTALLED" export=

"true"><And><Compare type="string"
relation="ne"><VectorToScalar>
<FindFilePathEx name="WBSFFP0601.SYS2"/>
</VectorToScalar><ValueOf value="" />
</Compare><Compare type="string" relation
="ne"><VectorToScalar><FindFilePathEx
name="fabric-federation-vmm-8.0.jar"/>
</VectorToScalar><ValueOf value="" />
</Compare></And></Variable>
Updating the software catalog in Software Knowledge Base Toolkit

To update the software catalog that is managed in Software Knowledge Base Toolkit, download the
catalog and charge unit data from the BigFix server. Then, import the catalog file to Software Knowledge
Base Toolkit. After you finish customizing the catalog, publish it in Software Knowledge Base Toolkit so
that it becomes available for BigFix Inventory. Finally, upload the software catalog and the charge unit
data to BigFix Inventory.
Checking the version of the software catalog:
Compare your software catalog version with the one that is stored in Software Knowledge Base Toolkit to
ensure that you can detect the latest software releases.
Before you begin
Procedure
2. In the navigation bar, click Management > Catalog Upload. The current catalog version is displayed
on the panel.
272
3. To compare the current catalog version with the latest version that is stored in the knowledge base,
open Software Knowledge Base Toolkit, and click Manage Exports > Publish Catalog. The catalog
version is displayed on the panel
4. If you see any changes in the catalog, export the new catalog. To export the catalog, in the navigation
bar click Manage Exports > Publish Catalog
Important: You must publish the catalog in the canonical 2.0 format.
Downloading the software catalog for Software Knowledge Base Toolkit:
Download the latest software catalog from the BigFix server. Then, import it to Software Knowledge Base
Toolkit.
Before you begin
If the computer where the BigFix server is installed does not have the Internet access, ensure that the
content of the BigFix Inventory fixlet site is up-to-date. For more information, see: Updating the fixlet
site on page 128.
About this task
The Software Catalog Update task allows you for downloading the software catalog, charge unit data,
and the part numbers file. Charge unit data consists of information about charge unit definitions, their
relations with products, and additional parameters. The part numbers file contains information about part
numbers that are used for software licensing purposes. You can download the three files compressed into
a single file. You can also download the software catalog as one compressed file, and charge unit data
and part numbers as a second compressed file.
If you are using Software Knowledge Base Toolkit for catalog management, download the two
compressed files separately. Import the software catalog to Software Knowledge Base Toolkit and the file
with charge unit data and part numbers to BigFix Inventory.
If the task is not applicable on your endpoint, see Catalog problems.
Procedure
3. In the upper-right pane, click Software Catalog Update, and then click Take Action.
4. Choose the option to download only the software catalog file.
5. Click the name of the computer on which you want to download the file, and click OK.
6. Choose the option to download the charge unit data file.
7. Click the name of the computer on which you want to download the file, and click OK.
Results
The following files are downloaded:
v BFI_month_year.zip with the software catalog in the XML format
v ChargeUnits_date_dataversion_version.zip with two CSV files with charge unit data and part
numbers
By default, the files are downloaded to the following location:
273
Windows
Linux
What to do next
Import the software catalog file to Software Knowledge Base Toolkit.
Importing a software catalog to Software Knowledge Base Toolkit:
To ensure accuracy of software inventory data, regularly check for new versions of the software catalog
that is published by IBM. If a new software catalog is available, import it to Software Knowledge Base
Toolkit and publish its content so that it is available for BigFix Inventory.
Before you begin
The following procedure is relevant if you maintain your custom catalog in Software Knowledge Base
Toolkit. If you use the simple catalog management functionality that is available in BigFix Inventory,
import the software catalog directly into BigFix Inventory. For more information, see: Updating the
software catalog on page 258.
About this task
Import of the software catalog into Software Knowledge Base Toolkit is time-consuming. If it is possible,
import the catalog during a less busy period.
Procedure
1. Download the software catalog and save it on your computer.
2. From the SUA2_month_year.zip file that you downloaded, extract the XML file with the canonical 2.0
catalog.
3. Log in to Software Knowledge Base Toolkit.
4. From the navigation bar, select Manage Imports > Canonical XML Document.
5. Click New Import.
6. Choose the mode of importing the catalog:
v If you do not maintain your own content that you want to merge with the imported information,
select Quick mode.
v If you maintain your own content that you want to merge with the imported information, select
Advanced mode.
7. Provide the reason for importing the catalog.
8. Browse for the XML catalog file and click OK. You must wait for the import to complete.
274
What to do next
After you import the software catalog and customize its content, publish it in Software Knowledge Base
Toolkit so that it can be imported to BigFix Inventory.
Publishing the software catalog in Software Knowledge Base Toolkit:
When you import a new software catalog into Software Knowledge Base Toolkit and customize it, you
must publish the catalog so that it becomes available for BigFix Inventory.
Procedure
2. From the navigation bar select Manage Exports > Publish Catalogs.
3. Select Canonical 2.0 (for Software Use Analysis 2.0) and click Publish.
What to do next
You published the software catalog. Now, upload the catalog, charge unit data, and the part numbers file
to BigFix Inventory.
Uploading the catalog, charge unit data, and part numbers:
After you publish the software catalog in Software Knowledge Base Toolkit, upload it to BigFix Inventory.
Then, modify the version of the charge unit data and the part numbers file so that it is consistent with
the version of the published catalog. Next, upload the charge unit data and the part numbers file to
BigFix Inventory.
Before you begin
275
About this task

You downloaded two files from the BigFix server:
v SUA2_month_year.zip file that contained an XML file with the software catalog
v ChargeUnits_date_dataversion_version.zip file that contained two CSV files:
A file with charge unit data: charge_unit_parameters_dataversion_version.csv
A file with part numbers: part_numbers_dataversion_version.csv
After you publish the catalog file in Software Knowledge Base Toolkit, its version number is changed.
You must manually modify the version number of the charge unit data and the part numbers file. Their
version numbers must be consistent with the version number of the software catalog.
Starting from application update 9.0.1.2, you can upload the catalog that is published in Software
Knowledge Base Toolkit even if its version is lower than the version that is currently uploaded to BigFix
Inventory. However, the version of the charge unit data and the part numbers file that you upload to
BigFix Inventory must be higher than the version that is currently uploaded. You can upload the charge
unit data and the part numbers file without modifying their versions on condition that it is higher from
the currently uploaded version.
Procedure
2. In the top navigation bar, click Management > Catalog Servers.
3. To automatically import the software catalog from Software Knowledge Base Toolkit, in the upper left
corner of the top navigation bar, click Update Catalog.
4. Modify the version number of the charge unit data and part numbers files so that it is consistent with
the version of the catalog file that you published in Software Knowledge Base Toolkit.
a. Check the version of the published software catalog. You can check it in the following places:
v The Upload and Import History table in BigFix Inventory
v The dataVersion attribute in the header of the XML catalog that you published in Software
Knowledge Base Toolkit
v In Software Knowledge Base Toolkit, under Manage Exports > Publish Catalog.
b. Update the version number in the names of files with charge unit data and part numbers. For
example, if the version of the published software catalog is 1090236, change the name of the
charge unit data and part number files in the following way:
v charge_unit_parameters_dataversion_1090236.csv
v part_numbers_dataversion_1090236.csv
c. Compress those two files and name the compressed file
ChargeUnits_date_dataversion_version.zip. The version must be the same as the version number
of the catalog file. The name of the compressed file that contains files from step 4b would be
ChargeUnits_date_dataversion_1090236.zip
5. To upload charge unit data and part numbers file, click Management > Catalog Upload.
6. Browse for the ChargeUnits_date_dataversion_version.zip file, and click Upload.
What to do next
You uploaded the software catalog, charge unit data, and part numbers file into BigFix Inventory. The
files are updated after the next data import.
276
Customizing the catalog content

You can use Software Knowledge Base Toolkit to create complex software signatures as well as to manage
publishers and products. You can use the Scanned File Data and Metering Data reports that are available
in BigFix Inventory to gather information necessary for creating complex software signatures in Software
Knowledge Base Toolkit.
Managing publishers in Software Knowledge Base Toolkit:
Every software item in the software catalog must be associated with a software publisher. Managing
publisher entries in Software Knowledge Base Toolkit involves creating new publishers, modifying their
profiles, and associating software items with them.
About this task
The following procedure is relevant if you want to create complex signatures and manage the content of
the catalog in Software Knowledge Base Toolkit. However, you can create simple signatures and maintain
your custom catalog in BigFix Inventory by using the built-in simple catalog management functionality.
Procedure
If the information related to a particular software publisher that is contained in the software catalog does
not reflect your infrastructure:
1. Find information about the publisher.
2. If the publisher exists in the software catalog, edit information that is associated with the particular
publisher:
v Modify publisher details.
v Manage publisher-related software.
v Reassign software to another publisher.
v Manage publisher aliases.
3. If the publisher does not exist in the software catalog, add the publisher.
Managing software in Software Knowledge Base Toolkit:
Software items include software products and components. Their versions, releases, and variations are
organized into hierarchies. Managing those items in Software Knowledge Base Toolkit involves creating
new items, modifying their profiles, and specifying signatures for them. All software items must be
assigned to software publishers. In most cases, before you can manage software entries you must run a
search of Software Knowledge Base Toolkit for those entries.
Before you begin
Before you start managing software, become familiar with the software model and software relationship
types.
About this task
Procedure
If the information related to a particular software item that is contained in the software catalog does not
reflect your infrastructure or you would like to customize that information:
277
1. Find the existing software entry.

2. If the software entry exists in the software catalog, edit the information that is associated with the
particular software item:
v Edit details in the software entry profile.
v Customize software aliases.
v Manage product identifiers.
v Manage licensing attributes.
v View products to which the software item belongs.
v Add a level to the software hierarchy.
v Manage components that are assigned to the software item.
v Manage bundled products.
v View replacement relationships between software items.
v Reassign a software hierarchy to another publisher.
v Rename a software hierarchy.
3. If the software entry does not exist in the software catalog, add the software entry.
4. If some data related to a particular level of a software hierarchy is no longer valid or relevant, delete
the software entry.
Restriction: Entries that are marked as deleted are exported to the catalog as deleted and are not
displayed in the default search results. If the data that applies to those entries is still relevant, you can
undelete the entries. For data consistency reasons, you cannot undelete individual software entries
unless no parent entries are defined for them in the hierarchy tree. Every time you undelete an item
in the hierarchy, all the items located above it in the same branch are also undeleted.
Managing signatures in Software Knowledge Base Toolkit:
Signatures are file names, registry entries, and other types of information that are unique to a particular
software item and can be used to identify it. Signatures can be manually added to Software Knowledge
Base Toolkit or generated in the process of mining data that is obtained through scans of computer
systems on which the software items are installed or running.
Before you begin
Before you start managing software signatures, become familiar with signature types.
About this task
Procedure
If a software item that you have installed in your infrastructure is not detected:
1. Find a signature that is defined for an existing software item.
2. If the signature exists in the software catalog:
v View the details of the signature.
v Edit the signature.
3. If the signature does not exist in the software catalog, add the signature.
Important: If a signature is no longer used to effectively detect a software item, you can delete it.
278
Adding signatures to an existing software title based on raw data:

If the software that was not detected in BigFix Inventory exists in the software catalog, you must identify
the file, registry entry, or other information that can be used to identify the software and add the
signature.
Before you begin
You must have the View Endpoints permission to perform this task.
About this task
Procedure
2. If you want to add a detection signature:
a. In the top navigation bar, click Reports > Scanned File Data.
b. To filter report data to the computer on which the missing software is installed, click Configure
View and specify appropriate filtering options.
c. In the File Path column, look for the location where the missing software title is installed, and
choose the file that you want to use as a signature.
279
3. If you want to add a usage signature:

a. In the top navigation bar, click Reports > Metering Data.
c. In the Process Name column, look for the process that runs the missing software product.

5. To search for the software title to which you want to add a signature, click IBM Tivoli Software
Knowledge Base Toolkit > Manage Software > Find Software
6. Click the name of the software and then select the exact version and release of the software title.
280
7. From the Signature type list, select the type of signature that you want to create, and click Add.
8. Provide the name of the file that is to be used as a signature and its size.
9. Select the signature scope, platform, and confidence level.
10. Provide the reason for adding the signature and click Create.
Results
You added a software signature that will be now used to detect software or its usage.
Adding signatures to new software titles based on raw data:
If the software that was not detected in BigFix Inventory does not exist in the software catalog, you must
identify the file, registry entry, or other information that can be used to identify the software. Then you
must create the software hierarchy and add the signature.
Before you begin
You must have the View Endpoints permission to perform this task.
About this task
Procedure
2. If you want to add a detection signature:
a. In the top navigation bar, click Reports > Scanned File Data.
281
c. In the File Path column, look for the location where the missing software title is installed, and
choose the file that you want to use as a signature.
3. If you want to add a usage signature:

a. In the top navigation bar, click Reports > Metering Data.
282
c. In the Process Name column, look for the process that runs the missing software product.

5. Check whether the software title that was not detected is in the catalog:
a. In the left pane, click IBM Tivoli Software Knowledge Base Toolkit > Manage Software > Find
Software.
b. Search for the software title to which you want to add a signature.
6. If the software title does not exist in the software catalog, add it.
a. Click Manage Software > New Software.
b. Specify the name of the product.
c. Select the software publisher from the list if the publisher exists in the software catalog or create
the publisher if it is not in the catalog.
d. Provide the reason for adding the software title to the catalog, and click Create.
283
7. From the Signature type list, select the type of signature that you want to create, and click Add.
8. Provide the name of the file that is to be used as a signature and its size.
9. Select the signature scope, platform, and confidence level.
10. Provide the reason for adding the signature and click Create.
Results
You added a new software title to the catalog and a signature that will be now used to detect the
software or its usage.
Reviewing software inventory

After new components are discovered by software scans, the server associates those components with
products based on their relationships in the software catalog. If the initial association does not reflect
your actual environment, that is, the discovered components do not in fact belong to the automatically
assigned products, you must change the assignment. You can reassign, confirm, and share software
product instances. You can also include them in and exclude them from the pricing calculations. Work
with software instances to ensure that the software associations match your entitlements.

Correct assignment of software components reduces the cost of software ownership and ensures audit
readiness. Use the IBM Software Classification panel to ensure that software assignments reflect your
entitlements.
284
Selection of products
After new components are discovered, the server associates them with products based on their
relationships in the software catalog. If the relationships do not guarantee a 100% match, product
instances are unconfirmed. To start working with your inventory, specify whether you want to display
confirmed, unconfirmed or all classifications. Focus on the unconfirmed classifications first as they
require your action.
2
Actions
The actions menu is available from the list at the top of the table or when you right-click a release or a
component. Use the following actions to ensure that software classifications reflect your entitlements:
v Reassigning software instances on page 292
v Confirming the assignment of a software instance on page 291
v Including software instances in pricing calculations on page 295
v Excluding software instances from pricing calculations on page 294
v Sharing software instances on page 296
Tip: To select more than one product or release at a time, hold down the Ctrl key. To select a range of
products or releases, hold down the Shift key.
3 Options
Changes which columns are displayed or hidden.
Tip: The columns that are available for selection depend on whether the product tree is expanded or
collapsed. If a particular column is not available for selection, expand at least one product.
4 Hiding free instances
Hides software instances for which all bundling options are free of charge. To save the setting and refresh
the panel, click Update. The setting is applied globally for all users and all sessions. To show the
free-of-charge instances, clear the check box.
Refreshing
Updates the data that is displayed on the panel according to the selected time range.
285
Part numbers
Shows part numbers that you purchased and imported to the server. Make sure to systematically import
a list of your part numbers because they facilitate software assignment. You can import the list from
Passport Advantage or create it yourself.
License Type
Shows the type of license for each product. The possible values are PVU, RVU MAPC, and Other. You
can use this information when you reassign or share software components to better understand the
impact your actions might have on the PVU and RVU calculations.
Filter
Narrows down the number of products that are displayed on the panel according to the specified filter.
Discovery start and end dates
Specify when the product or component was detected for the first time and when the detection finished
(the product or component was uninstalled)
Automated bundling
Automated bundling is the process of automatically assigning component instances to products based on
four rules: part numbers, partition collocation, infrastructure collocation, and stand-alone product
discovery. The results of automated bundling are shown on the IBM Software Classification panel.
After a software scan, new component instances are automatically associated with products based on a
combination of four product-component linking rules.
1. First, the automated bundling process assigns points to product-component connections.
2. Next, the connections that have the highest number of points are marked as the ones with the greatest
internal score.
3. After that, assignments are selected when the final bundles are calculated.
Each of the rules in the following table contributes to the internal score that is calculated when
components are assigned to product bundles.
Table 70. Bundling rules
Rule
Description
Part numbers on page 287
This rule uses the part numbers list to identify possible target products. Part
numbers are the records of the software offerings that were purchased from
IBM. They can be downloaded from Passport Advantage or obtained from your
customer records.
Partition collocation on page 289
This rule discovers the component instances that are on the same partition, and
are related to a product in the software catalog.
For example: DB2 that is installed on the same computer as BigFix Inventory is
bundled with BigFix Inventory.
Infrastructure collocation on page This rule discovers the component instances that are installed in the same
290
infrastructure, and are related to a product in the software catalog. The search
does not include the agent on which the product is installed.
Stand-alone product discovery on This rule identifies the component instances of particular products, and
page 290
indicates the product that contains the lowest number of components.
Important:
v If the internal score is low, more actions might be necessary, for example manual bundling.
286
v Instances that are a part of an excluded product cannot be rebundled automatically. Instances can be
bundled with excluded products only if they are associated with the excluded products based on the
software catalog or the stand-alone product discovery. Any new instance that is assigned to the
excluded product is also excluded on the agent.
Part numbers
Part numbers represent software products that you purchased. They can be used to increase the accuracy
of automated bundling by narrowing down the number of possible products to which a discovered
component can be assigned.
Example
Automated bundling assigns a database component to one of the products that were discovered in your
infrastructure. However, the database component can also be potentially assigned to another software
product.
Database component
Product 1
Product 2
Before you confirm the assignment of the database component or change it manually, you can import the
part numbers list into BigFix Inventory. Based on the list and the component-product relations that are
defined in the software catalog, the initial assignment of the database component is more accurate.
Database component
Product 1
Based on imported
part number information
Product 2
Types of the part numbers file

There are two types of the part numbers file:
v A file with part numbers that is provided by IBM together with the software catalog
v A file with part numbers that represent the IBM software that you purchased
The first file is uploaded in the Catalog Upload panel. The second file is downloaded from the Passport
Advantage website or created manually and uploaded in the Part Numbers Upload panel. Part numbers
that represents your purchased products are matched against the part numbers that are provided with the
software catalog to improve the results of the automated bundling.
Limitations
The extent to which part numbers can improve automated bundling is limited by the following factors:
287
v Part numbers influence the assignment of only those components whose assignment is not confirmed
yet
v Part numbers that were purchased before 2010 are not contained in the software catalog
v Part numbers that represent products that have limited availability are not contained in the software
catalog
v Part numbers that represent products that are available only outside of the United States are not
included in the catalog
Preparing the part numbers file:
The part numbers file can be used to increase the accuracy of automated bundling by narrowing the
number of possible products to which a discovered component can be assigned. You can download the
file from Passport Advantage or create it manually.
Procedure
v To download the file from Passport Advantage:
1. Log in to Passport Advantage.
2. From the menu on the left, select Reporting > Order history.
3. If applicable, select the relevant site or sites.
4. In the Type of order section, select All.
5. Specify the Sales order date and click Submit detail report. Your report is ready.
6. To save the file, click Download report, and then select Comma delimited.
7. Open the file and remove the header and footer.
Header:
"Confidential"
"Title","Order history detail report"
"Type of order:","Licenses, Reinstatement or renewal of
Software Subscription and Support, Media and documentation"
"Sales order date:","01 Jan 2000 to 31 Dec 2015"
Footer:
"","","End of Report"
v To create a CSV file on your own, create a file in which the column with part numbers is called Part
number. Use a comma as a field separator and quotation marks (" ") as a text delimiter. For example:
"Part number", "Order type"
"D07UMLL", "Licenses"
Tip: Only the column named Part number is treated as the one that contains part numbers. If your part
numbers file also contains a column that is named Order type, only the rows that contain the Licenses
element are imported.
You can also create a CSV file with a single column in which you list each part number in a new line.
For example:
D07UMLL
D08UMLL
D09UMLL
Important: Ensure that you use only valid part numbers that consist of seven characters. Import of
part numbers that are shorter or longer fails.
288
Uploading part numbers:

Upload and import part numbers to increase the accuracy of automated bundling of software
components.
Before you begin
Procedure
1. Prepare the part numbers file.
2. In the top navigation bar, click Management > Part Numbers Upload.
3. Click Browse and choose the part numbers file to upload. You can upload either a csv or zip file.
4. Optional: If you want to overwrite the existing part numbers, select the Overwrite existing part
numbers check box.
Note: The check box is enabled only if you have previously imported a part numbers file.
5. Click Upload.
When you upload the file, a new entry is created in the Upload History table. The status is Pending
until you run the import.
Important: If more than one entry is Pending in the table, only the latest one will be executed during
the import.
6. In the top navigation bar, click Management > Data Imports, and then click Import Now.
Results
The part numbers were imported to BigFix Inventory and saved in the adm.current_part_numbers table in
the database. If you want to remove the part numbers from the server, click Remove All Part Numbers
and then run the import. You can remove the part numbers only if you have previously imported the
part numbers file to the server.
Partition collocation
Partition collocation is a rule that discovers component instances that are on the same partition and are
related to a product in the software catalog. If any of the discovered component instances has a
confirmed, one-to-one, or auto-bundled relation to the product, the other instances are automatically
bundled with the same product.
Example
The assignment of the Server 2 component to Product 4 is simple, auto-bundled, or manually confirmed.
The database component is assigned to Product 1. Both components are on the same partition.
Server 2 component
Database component
User defined,
auto-bundled,
Product 4
or simple
Product 1
Based on the software catalog data, the database component is automatically reassigned to Product 4.
289
Product 4
Server 2 component
Based on software
catalog data
Database component
Product 1
Infrastructure collocation
Infrastructure collocation is a rule that discovers component instances that are installed in the same
infrastructure and that are related to a specific product in the software catalog. The search does not
include the agent on which the product is installed. If any of the discovered component instances has a
confirmed, one-to-one, or auto-bundled relationship with the product, the other instances are
automatically bundled with the same product.
Example
The assignment of the Server 2 component to Product 4 is simple, auto-bundled, or manually confirmed.
The database component is assigned to Product 1. Both components are in the same infrastructure.
Server 2 component
User defined,
auto-bundled,
Product 4
or simple
Database component
Product 1
Based on the software catalog data, the database component is automatically reassigned to Product 4.
Server 2 component
Database component
Product 4
Based on software
catalog data
Product 1
Stand-alone product discovery

Stand-alone product discovery is a rule that identifies component instances of particular products, and
indicates the product that contains the lowest number of components. If the possibility that the instances
belong to a product is above a specific threshold, they are automatically bundled.
290
Example
The agent discovers the database component and the server checks which products contain this particular
database component in the software catalog. The database component is assigned to the product with the
lowest number of components, in this case, Product 2.
Confirming the assignment of a software instance

After new components are discovered, the server associates them with products based on their
relationships in the software catalog. If the relationships do not guarantee a 100% match, the product
instances are unconfirmed. If the default bundling matches your environment, manually confirm the
instances in default products. If the default bundling does not match your environment, reassign
instances to achieve a 100% match.
Before you begin

You must have the Manage IBM Software Classification permission to perform this task.
Procedure
1. In the top navigation bar, click Management > IBM Software Classification.
2. Optional: To narrow down the number of instances on which you work, limit the view to only
unconfirmed instances, hide free instances, or apply relevant filters. Actions that you perform on the
filtered instances, apply only on the instances that are currently visible on the panel.
291
3. If the default bundling reflects your environment, right-click the instance whose bundling you want to
confirm, and then click Confirm the assignment of instances.
4. If the default bundling does not reflect your environment, reassign instances to correct products.
Reassigning software instances

Reassignment of software components to proper products lowers the total cost of ownership, reduces the
risk of unplanned cost of license compliance payments, and the risk of not meeting the conditions of your
contractual licensing. Two approaches to managing software classification exist. In the first approach, you
start from a software instance and identify a release to which it can be reassigned. In the second
approach, you start from a software release. You can identify instances that can be reassigned to this
release. You can also find a product to which instances of this release can be reassigned.
Before you begin

About this task

The two main reasons for reassigning instances are:
v Fixing mistakes - If a component is assigned to a wrong product, you can identify the correct product,
select the instances, and bundle them to the right product.
v Repurposing - If a component is assigned to a software product that you want to uninstall, you can
simply reassign the component to another legitimate product.
Procedure
292
3. If you want to manage software classification from the level of software instances, right-click an
instance, and click Reassign instances to another product. Then, select the product to which you
want to reassign this instance, and click Reassign.
Tip: The License Type column contains information about the type of license of products to which
you can reassign this software instance.
4. If you want to manage software classification from the level of software releases, right-click a release
and choose one of the following options:
v To reassign a software instance to this release, click Reassign instances to this product. Then, select
the instances that you want to reassign, and click Reassign.
Tip: The License Type column contains information about the type of license of product instances
that you can reassign to this release.
v To reassign the instances of this software release to another product, click Reassign instances to
another product. Then, select the product to which you want to reassign, and click Reassign.
Tip: The License Type column contains information about the type of license of products to which
you can reassign instances of this release.
293
Example
According to the software catalog, Product 4 is associated with Database component. If you know that
Database component is a part of Product 1, you have to reassign this component from Product 4 to Product 1.
After you reassign it, Product 4 disappears from the inventory, and Product 1 replaces it. If either Product 1
or Product 4 is PVU-based, the consumption of processor value units is recalculated according to the new
association during the next recalculation.
Product 1
Database
component
Product 4
Example 2
Both Product 1 and Product 4 can contain Database component. In your current infrastructure, the
component is assigned to Product 4. If you decide to uninstall Product 4 and install Product 1, you only
need to rebundle Database component from Product 4 to Product 1.
Excluding software instances from pricing calculations

You can exclude one or more product instances from the PVU and systems software calculations if it is
allowed by your license agreement.
Before you begin

Procedure
294
3. Right-click an instance that you want to exclude from the pricing calculations, and click Exclude
instances from pricing calculation.
Tip: To select more than one product or release at a time, hold down the Ctrl key.
4. If the instances that are displayed in the table are correct, click Next.
5. Choose the reason for excluding the instances. The possible reasons are:
v Backup, disaster recovery
v Alpha, beta, early support program
v Component of a non-licensed product: if the product has a different licensing model than PVU or
systems model, its component might be excluded from the calculations, depending on your license
agreement.
v Evaluation, trial
v Not eligible for licensing: the PVU or systems license agreement was not signed for a product.
v Component is not compatible with the server or agent system: the component is installed on a
server and cannot be initiated because of differences, for example, in the architecture or operating
system. An example might be a file server.
v Other: you must enter a comment to justify the exclusion.
6. Click Exclude.
Important: Instances that are assigned to the excluded product cannot be reassigned.
Including software instances in pricing calculations

You can include one or more instances in the PVU and system software pricing calculations to reduce the
risk that you do not meet your contractual licensing conditions. You can include only those instances that
were previously excluded.
Before you begin

Procedure
295
3. Right-click an instance that you want to include in pricing calculations, and click Include instances in
pricing calculation.
Tip: To select more than one product or release at a time, hold down the Ctrl key.
Sharing software instances

You can share an instance of a component between more than one product. It contributes to the pricing of
all products that are assigned to the particular instance.
Before you begin

Procedure
Tip: You can hide instances for which all bundling options are free of charge by selecting Hide free
instances. Such instances are not displayed on the IBM PVU Subcapacity and All IBM Metrics reports
and do not require your further actions.
2. Right-click the instance that you want to share, and click Share instance.
Tip: You can check the license type of the product with which you want to share the instance in the
License Type column.
3. Choose products with which you want to associate the selected instance, and click Share.
Example
The same instance of Database component can be used by both Product 1 and Product 2. After the
association, both products appear in the inventory. If either Product 1 or Product 2 is PVU-based or
CPU-based, the consumption of processor value units or central processing units is recalculated according
to the new associations.
296
Product 1
Database
component
Product 2
Adding custom bundling options

The IBM software catalog defines which components can be assigned to which products to create
software bundles. The bundles reflect sets of products that are offered under a single entitlement or
license. If a bundle that you purchased does not have a relation defined in the IBM software catalog, add
a custom bundling option. It will allow you to assign components to the proper product to reflect your
entitlement.
Before you begin

v You must have the permission of IBM Support to add custom bundling options.
v
Procedure
2. Drill down to the component for which you want to add the custom bundling option. Right-click the
component, and click Add custom bundling. A list of products is displayed. It contains products for
which no relation to the selected component is defined in the IBM catalog, or for which the defined
relation is free of charge.
3. Optional: To narrow down the number of possible options, type the name of the product in the filter
field and click the filter button.
297
4. Select the product that you want to define as a custom bundling option for the selected component.
5. If you want the relation between the product and component to be charged, select Mark the relation
as charged. Otherwise, the relation is defined as free of charge.
Important: If you create a bundling option that is free of charge, components that are assigned to a
product based on that option are not displayed on the IBM PVU Subcapacity and All IBM Metrics
reports.
6. To add the relation, click Add Bundling.

Important: Components for which only one bundling option is defined in the software catalog are
automatically confirmed. If you add a custom bundling option for such a component, the component
remains assigned to the default product. However, because a new bundling option is available, the
assignment is no longer confirmed. You can either reassign the component to the new product or
confirm the default assignment.
Results
The custom bundling option is created. It has the highest confidence level and thus is at the top of the
list of bundling options for the particular component.
What to do next
Reassign components based on the new bundling option. If the license type of the component that you
reassigned is PVU or RVU MAPC, open the All IBM Metrics or IBM PVU Subcapacity report and click
Recalculate to have the reassignment reflected on the reports. If the license type is Other, no further
actions are necessary.
298
Removing custom bundling options

To remove all custom bundling options that you added, change the value of the removeCustomBundlings
parameter to true, and import the software catalog to BigFix Inventory. After the import, components
that were assigned to products based on custom bundling options are reassigned to products for which
bundling options are defined in the IBM software catalog. It is not possible to remove only a subset of
custom bundling options.
Procedure
1. To remove all custom bundling options, change the value of the removeCustomBundlings parameter to
true. Use the following REST API call.
PUT http://server_host_name:port_number/api/sam/configs?
token=token&name=removeCustomBundlings&value=true
For more information about changing server parameters, see: REST API for administration server
settings on page 460.
2. Import the software catalog to restore relations between components and products that are defined in
the IBM catalog.
a. Optional: If a new IBM software catalog is available, download it. Otherwise, use the catalog that
is already uploaded to BigFix Inventory.
b. To upload the catalog, click Management > Catalog Upload. Browse for the catalog file, and click
Upload. For more information, see: Updating the software catalog.
c. Wait for the scheduled import or run it manually.
Results
Components that were assigned to products based on custom bundling options are reassigned to
products for which bundling options are defined in the IBM software catalog. The new assignments are
not confirmed. If they are correct, confirm them. Otherwise, perform further actions, for example reassign
or share instances, to ensure that the bundles reflect your entitlements.
After the custom bundling options are successfully removed, the parameter is automatically set to false.
Software utilization
BigFix Inventory collects data about the utilization of various software license metrics, including PVU
and RVU MAPC.
PVU and RVU MAPC usage

BigFix Inventory collects data about PVU and RVU MAPC usage for IBM products. The data is presented
on two reports: All IBM Metrics and IBM PVU Subcapacity. You can create a snapshot of both reports,
and store it as a record of PVU and RVU MAPC usage in your enterprise for IBM audit purposes.
All IBM Metrics
The report shows IBM products that are eligible for PVU and RVU licensing, both subcapacity
and full capacity. For every product, you can see:
v The type of the license.
v The maximum license usage over the specified period of time
v Part numbers that were imported for the product
v The trend value of license usage over the specified period
299
IBM PVU Subcapacity

The report shows IBM products that are eligible for PVU subcapacity licensing. For every
product, you can see:
v The maximum license usage over the specified period of time
v Part numbers that were imported for the product
v The trend value of license usage over the specified period
Viewing PVU and RVU MAPC utilization

You can view the All IBM Metrics report to get information about PVU and RVU MAPC utilization, both
under full capacity and subcapacity licensing. You can also view the PVU Subcapacity report if you are
interested only in PVU utilization under subcapacity licensing.
Before you begin

You must have the View License Metrics permission to perform this task.
Procedure
1. To
a.
b.
c.
300
collect information about PVU and RVU MAPC utilization, perform the following steps.
Run the software scan.
When the scan finishes, upload its results to the BigFix server.
Wait for the scheduled import or run it manually.
2. Log in to BigFix Inventory. To view PVU and RVU MAPC utilization under both full capacity and
subcapacity licensing, click Reports > All IBM Metrics. To view only PVU utilization under
subcapacity licensing, click Reports > IBM PVU Subcapacity.
3. Optional: To add or remove columns, apply filters, or set the time range for the report, click
Configure View.
4. To recalculate the PVU or RVU MAPC values for your products, click Recalculate.
The option is enabled if you performed some actions that influence the PVU or RVU MAPC values,
for example reassigned a component. If the values need to be recalculated, a red square is displayed
in the License Peak Value column for a product. After you start the recalculation, the progress is
displayed below the top menu bar.
5. To create a snapshot of the report, click Audit Snapshot. Store it as the record of PVU and RVU
MAPC utilization for audit purposes. For more information, see: Creating audit snapshots of PVU
and RVU MAPC utilization on page 303.
PVU and RVU license utilization reports:
The All IBM Metrics report shows information about PVU and RVU MAPC utilization, both under full
capacity and subcapacity licensing. IBM PVU Subcapacity is an excerpt from this report and lists only
products that are eligible for PVU subcapacity licensing.
The All IBM Metrics and IBM PVU Subcapacity reports are multi-level reports, which means that you can
drill down through them to view more detailed results. When you access one of these reports, you are on
the first level that shows the list of your software products and their license consumption. When you
click one of the products, you can access a detailed full (All IBM Metric only) or subcapacity report. By
further clicking the server name, you can access details of the servers and computers on which the
product is installed.
The following table shows columns from the first level of the report.
Table 71. First-level view: The list of software products and their license consumption
Name of the
column
Description
Product
Name of the product. Click it to access the second level of the report that shows a detailed full or
subcapacity report.
License Type
Type of license. This column is available only in the All IBM Metrics report.
License Peak
Value
The maximum PVU or RVU MAPC values that are used by the product over the specified time
period.
Imported Part
Numbers
Part numbers that you imported to BigFix Inventory. They represent IBM products that you
purchased.
301
Table 71. First-level view: The list of software products and their license consumption (continued)
Name of the
column
License Peak
Value History
Description
Graphic representation of the history of license consumption over the specified time period.
The two following tables show columns from the second level of the report. This view can be accessed by
clicking one of the products in the first level. The full capacity table is available only in the All IBM
Metrics report.
Table 72. Second-level view: Detailed full capacity report for a particular product
Name of the
column
Contents
Server Name
Name of the server. Click it to access the third level of the report that shows details of the servers
and computers on which the product is installed.
Processor
Details of the processor.
CPU Core Full The total count of physical processor cores for the server on which the product is installed.
Capacity
PVU Full
Capacity
PVU only. The total count of PVUs for the server on which the product is installed.
Table 73. Second-level view: Detailed subcapacity report for a particular product
Name of the
column
Description
Server Name
Name of the server. Click it to access the third level of the report that shows details of the servers
and computers on which the product is installed.
Processor
Details of the processor.
CPU Core
Subcapacity
The number of processor cores that are used by a product.
CPU Core
Subcapacity
Limit
The total count of physical processor cores for the server on which the product is installed counted
at the time when subcapacity is maximal. Maximal subcapacity is when the number of cores that are
used by the product is the highest.
PVU
Subcapacity
PVU only. The number of PVUs that are used by a product.
PVU
Subcapacity
Limit
PVU only. The total count of PVUs for the server on which the product is installed counted at the
time when subcapacity is maximal. Maximal subcapacity is when the number of cores that are used
by the product is the highest.
The following table shows columns from the third level of the report. This view can be accessed by
clicking the server name in the second level.
Table 74. Third-level view: Details of the server on which the product is installed
Name of the
column
Description
Computer
Name of the computer on which the product is installed.
OS
Operating system of the computer.
IP Address
IP address of the computer.
Product
Version
Software product version.
302
Table 74. Third-level view: Details of the server on which the product is installed (continued)
Name of the
column
Description
Component
Product component that was found on the computer.
Path
Path to the software that was found on the computer.
Last Seen
Last date the software was found.
Apart from the license utilization, the following additional information is displayed on the detailed
subcapacity report for a particular product:
Time Range
Specifies the time frame for which subcapacity data was calculated. Data from the products that
were not installed within this time range is not included in the report.
License Peak Value Time
The day and time when the highest PVU value was recorded for a software product within the
specified time range.
Creating audit snapshots of PVU and RVU MAPC utilization

You can create a snapshot of the All IBM Metrics and IBM PVU Subcapacity reports, and store it as a
record of PVU and RVU MAPC utilization in your enterprise over a particular period. You can create the
snapshots with any frequency that is suitable for your purposes.
Before you begin

You must have the View License Metrics and View Audit Trail permissions to perform this task.
Procedure
1. Open the All IBM Metrics or IBM PVU Subcapacity report.
2. Optional: To configure the period for which you want to create the snapshot, click Configure View,
and then select the time range.
Tip:
v If you specify a period from a particular date until the last successful import, the reports contain
entries from that date starting at 00:00:00.
v If you specify a period from a date to a date, the reports contain entries from the first date starting
at 00:00:00 to the second date ending at 23:59:59.
3. Optional: To limit the number of products that are included in the snapshot, click Configure View,
and then specify the name of the product in the Filters section.
303
4. To create the snapshot, in the top navigation bar, click Audit Snapshot.
5. Optional: Provide a comment in the comment text field.
6. Optional: To add an attachment, click Browse and then select the file that you want to attach to the
snapshot.
7. Click Generate.
Results
The csvreport.zip file is downloaded to your computer. For information about its content, see: Content
of audit snapshots.
Example
You can modify the pvu_full_capacity.csv file and add comments that indicate why particular software
instances were excluded from pricing calculations. Then, you can generate a new audit snapshot and
attach the modified CSV file.
1. Generate the audit snapshot.
2. Edit the pvu_full_capacity.csv file and add your comments for particular software instances.
3. Generate a new audit snapshot and attach the edited file.
4. Add a comment in which you specify the contents of the modified file.
The modified pvu_full_capacity.csv file and the audit_comment.txt file are added to the audit snapshot
and listed in the checksums.txt file.
Content of audit snapshots:
Audit snapshot is a record of PVU and RVU MAPC utilization in your enterprise over a period of time. It
is downloaded to your computer as the csvreport.zip file that contains a number of other files.
304
Table 75. Content of the audit snapshot file

File
Content
audit_attachment.extension
Optional. A file that was attached during the creation of

the snapshot. The file is listed in the checksums.txt file.
audit_comment.txt
Optional. Comments that were added during the creation

of the snapshot. The file is listed in the checksums.txt
file.
audit_trails.csv
Information about:
v Software classification actions
v Uploads and imports of the PVU table, software
catalog, and charge units
v Changes to the VM managers
bundling_definitions.csv
Information about:
v IBM software regardless of its license type and
utilization
v Details of the computers on which the software is
installed
The file is generated only when you create a snapshot of
the All IBM Metrics report.
checksums.txt
Checksums that are used to verify whether any files from

the audit snapshot were tampered with. On Linux
computers, the following command can be used to verify
the report files.
sha256sum -c checksums.txt
data_condition.txt
Information about:
v Author of audit snapshot
v Date of audit snapshot
v Period that is covered by the snapshot
v Version of the PVU table
v Version of the software catalog
v Status of aggregation and recalculation
v Filters that are used on the reports
v (optional) Attached file
part_numbers.csv
Part numbers that are listed in the software catalog for

software products included in any of the CSV report files.
pub_key.pem
Public key file that can be used to verify the

signature.rsa file against the checksums.txt file.
pvu_full_capacity.csv
Information about:
v PVU software and its PVU utilization under full
capacity license
installed
pvu_sub_capacity.csv
Information about:
v PVU software and its PVU utilization under
subcapacity license
installed
305
Table 75. Content of the audit snapshot file (continued)

File
Content
rvu_full_capacity.csv
Information about:
v RVU software and its RVU MAPC utilization under full
capacity license
installed
rvu_sub_capacity.csv
Information about:
v RVU software and its RVU MAPC utilization under
subcapacity license
installed
signature.rsa
Digital signature that can be used to verify whether the

checksums.txt file was tampered with. Verification can be
achieved with OpenSSL. On Linux computers, the
following command can be used to verify the
checksums.txt file.
openssl dgst -sha256 -verify pub_key.pem
-signature signature.rsa checksums.txt
Utilization of other license metrics

BigFix Inventory collects data about the utilization of license metrics other than PVU and RVU MAPC for
products that deliver resource utilization data. The data is written in the .slmtag files.
The data is presented on the Resource Utilization report and includes:
v The type and subtype of license metrics that a product uses
v The first and last time when each metric was reported
v The maximum utilization of each license metric over the last 30 days. If a particular product is unused,
no resource utilization data is available, or the data is older than 30 days, the value in the Maximal
Trend Value column is 0.
v Trend value of the maximum utilization over the last 30 days
Note: When the graph in the Maximal Trend Value History column shows 0 for a specific period, it
means that a) there is no data, or b) there was no license utilization during this period. To recognize
which is the case, click Export History to save the report to a file. Then, open the file, and check if the
entries that show 0 in the user interface also show 0 in the file. If they do, it means that the license
utilization during this period equals 0. If there are no such entries, the data from this period was not
reported.
306
The data that is displayed on the report is not aggregated. It means that if a product can use five license
metrics, five rows are shown on the report. What is more, all metrics that are available for a product are
displayed, not only the metrics that are defined by your license agreement.
If you want to aggregate the data according to your license agreement, export the history of license
metric utilization and aggregate it outside of BigFix Inventory. Apply all necessary filters on the Resource
Utilization report, and click Export History. The csvhistory.zip file is downloaded to your computer. It
contains the export_history.csv file that provides initially processed data about the average and
maximum utilization of each license metric for each product.
Important: If you click CSV or PDF, only data that is visible on the user interface is exported.
Example
IBM Product is an application that is licensed based on the number of users who simultaneously log in to
that application per hour. Figure 4 is a visualization of the license metric utilization that is retrieved from
the .slmtag file specific for IBM Product.
Figure 4. License metric utilization data retrieved from the .slmtag file for IBM Product
307
The data undergoes initial processing during which the average daily utilization of the license metric is
calculated. Information about the maximum utilization, including its value and time, is preserved.
Figure 5 is a visualization of the license metric utilization data for IBM Product after initial processing. It
shows that on average, four users were simultaneously logged in to the application. The maximum
utilization occurred between 2:00 p.m. and 3:00 p.m. when 10 users were simultaneously logged in to
IBM Product.
Figure 5. License metric utilization data for IBM Product after initial processing
The export_history.csv file contains license metric utilization data after initial processing. It does not
contain all data that was collected from the endpoints in your infrastructure. Table 76 shows a fragment
of the export_history.csv file that corresponds to the data that is presented in Figure 5. The first row
corresponds to the average license metric utilization before the peak. The second row corresponds to the
peak value. The third row corresponds to the average utilization after the peak value.
Table 76. A fragment of the export_history.csv file
Computer
Name
Software
Name
Start Time
(UTC 0)
End Time
(UTC 0)
VMW00912
IBM Product
CONCURRENT
_USER
2015-06-20
00:00:00.0
2015-06-20
14:00:00.0
VMW00912
IBM Product
CONCURRENT
_USER
2015-06-20
14:00:00.0
2015-06-20
15:00:00.0
10
VMW00912
IBM Product
CONCURRENT
_USER
2015-06-20
15:00:00.0
2015-06-21
00:00:00.0
Metric Type
Metric
Subtype
Value
Viewing utilization of other license metrics

You can view the Resource Utilization report to get information about the maximal utilization of license
metrics other than PVU and RVU MAPC over the last 30 days and the utilization trend value over that
308
period. You can also export a more detailed history of license metric utilization for a specified period and
calculate it outside BigFix Inventory according to your license agreement.
Before you begin

You must have the View License Metrics permission to perform this task.
Procedure
1. To collect information about the utilization of license metrics other than PVU and RVU MAPC,
perform the following steps.
a. Run the resource utilization scan.
b. When the scan finishes, upload its results to the BigFix server.
c. Wait for the scheduled import or run it manually.
2. To view the utilization of license metrics, log in to BigFix Inventory and click Reports > Resource
Utilization.
3. Optional: To reduce the amount of data that is related to monitoring license metrics, set the retention
period after which the data is removed from the database.
a. Click Management > Server Settings.
b. Select Discard resource utilization data older than and specify the period. The minimum
retention period is 30 days.
4. To calculate the overall license utilization, perform the following steps.
a. Optional: Click Configure View, and apply any appropriate filters.
b. To export the history of license usage, click Export History.
c. Specify the period for which you want to export license metric utilization, and click Submit. The
csvhistory.zip file is downloaded to your computer. For more information about the file, see:
Utilization of other license metrics on page 306.
d. Use the file to calculate the license metric utilization according to the information that is provided
in your license agreement.
Disabling the collection of other license metrics

Information about the utilization of license metrics other than PVU and RVU MAPC is collected by
default. However, you can disable the option if you are not interested in this information.
Before you begin

Procedure
1. Stop all actions that were created by the Initiate Software Scan task.
b. In the left navigation tree, click Actions.
c. Select all open actions that were created by the Initiate Software Scan task, right-click them, and
click Stop Action. The status of the actions changes to Stopped.
2. . Clear the Resource utilization check box.
3. Log in to BigFix Inventory, go to https://hostname:port/management/feature, and clear the Resource
utilization check box. Then, click Save.
309
Results
Information about the utilization of license metrics other than PVU and RVU MAPC is no longer
collected from the computers in your infrastructure. The Resource Utilization report is removed from
BigFix Inventory.
Reports
Reports provide detailed information about the computers in your infrastructure and the software items
that are installed on these computers. You can decide what type of information you want to display by
choosing the appropriate type of report. You can also customize the type and amount of information that
is displayed in a report and save the report settings to reuse them.
Available reports
Reports are the primary source of information about computers in your infrastructure and software that
is installed on these computers.
Note: Text columns in BigFix Inventory are sorted differently on Linux and Windows. If you click a
column header, the values are sorted in a case-sensitive way on Linux (all the names with capital letters
are displayed first) and case-insensitive on Windows (capitalized and non-capitalized words are mixed).
Saved Reports
Saved Reports
Saved reports provide quick access to information that you frequently use. You can specify filters
and parameters of any report and save a customized copy of the report. You can also set a
customized report view as your default view or, if you are an Administrator, as a default view for
all users. For more information, see: Saving customized report views on page 315.
Software Inventory
Inventory Exploration
Required permission: View Endpoints
The report provides information about software items that are installed in your infrastructure.
The items are structured into hierarchies that consist of the publisher, software titles, their
versions, releases, and components. You can drill down through the hierarchy to gather detailed
information about software usage including its time and frequency.
On each level of the hierarchy, you can also view information about contracts to which the
products are assigned. The report shows the number of software instances that are covered by
contracts and the cost of acquisition and maintenance of the licenses for that product. You can use
the report to efficiently manage your software inventory by monitoring the cost of software
licenses and the use of the particular software products.
Software Installations
The report provides information about computers in your infrastructure and software items that
are installed on these computers. To filter the information to a detailed report for a single
software item, click the link in the Details column. In this view, you can check information about
software usage. If the information cannot be gathered for the particular software, one of the
following messages is displayed:
v Usage data is not supported - Usage data cannot be gathered because the usage signature for
this software item does not exist.
310
v Usage data was not found - Usage data was not gathered for this software. It might happen
because the software was never used and thus has no usage information. It might also happen
because the option to run the Application Usage Statistics scan was cleared in the Initiate
Software Scan fixlet.
The detailed view also shows information about software signatures that were tried to detect the
software as well as software identification tags that were discovered. The information is
accompanied by the following icons:
v
- The signature matched the software item or the software ID tag was discovered on the
computer and caused software detection.
- The signature did not match the software item.
If you believe that the software was erroneously detected, you can use this information to
examine how the signature or the software ID tag was evaluated. You can also view the
installation path of software that was discovered by a file-based signature. If the software was
discovered by a complex signature, you can view the hierarchical structure of the signature to
better understand the process of detection.
Package Data
Required permission: View Raw Data
The report provides information about packages that are installed on the computers in your
infrastructure. The information is retrieved from the Windows registry and UNIX RPM database.
You can find out what is the name of every package, its version, vendor, description, and type.
You can use this information to create custom software signatures. For more information, see:
Creating signatures from package data on page 262.
Scanned File Data
The report provides information about all files that were found on the computers in your
infrastructure. You can find out what is the location, size, and version of each file. You can use
this information to create custom software signatures. For more information, see: Creating
signatures from scanned file data on page 263.
Unrecognized Files
The report provides a ranking of 1000 files that are most commonly encountered in your
computer infrastructure but do not produce matches for any signature. The ranking is separate
for each computer group. It is based on the number of computers on which the files were
detected, the number of copies of a particular file, and the alphabetical order. The files are listed
by name with no regard to their size or version metadata. To access such detailed information,
click the file name.
You can use this report to investigate unrecognized files that can be used to create custom
signatures. Because aggregation of unrecognized scan data slows down imports, particularly in
large deployments, it is disabled by default. You can enable it by choosing the option in the
Management > Unrecognized Scan Data.
Metering Data
The report provides information about the use of software items that are installed on the
computers in your infrastructure. You can track every computer and find out what processes it
311
runs, when each process was used for the first and last time, and what was the total time and
frequency of its use. You can also see what is the average number of runs of each process per day
and what is the average run time of each process.
Business Applications
Oracle Databases
The report provides information about the about the edition (Standard or Enterprise), options,
and Management Packs (including Oracle Real Application Cluster, RAC) of Oracle Databases
that are deployed in your environment. When you combine this information with the collected
hardware inventory data, you can use it to calculate the demand for Oracle Database licenses.
License Metrics
IBM PVU Subcapacity
Required permission: View License Metrics
The report shows IBM products that are eligible for PVU subcapacity licensing. For every
product, you can see the maximum license consumption, part numbers that you imported for this
product, and the history of license consumption over the specified period. You can create a
snapshot of this report for auditing purposes. For more information, see: PVU and RVU MAPC
usage on page 299.
All IBM Metrics
The report shows IBM products that are eligible for PVU and RVU licensing, both subcapacity
and full capacity. For every product, you can see the maximum license consumption, part
numbers that you imported for this product, and the history of license consumption over the
specified period. You can create a snapshot of this report for auditing purposes. For more
information, see: PVU and RVU MAPC usage on page 299.
Audit Trail
Required permission: View Audit Trail
The report provides information about actions that have influence on the information that is
displayed on other reports. You can view details of each action, its type, date, and the user who
performed it. The actions include:
v Modifications to the software classification: confirming and changing the default classification,
sharing an instance between products, including an instance in and excluding it from pricing
calculations
v Uploads: successful or failed upload of the software catalog, charge unit data, and PVU table
v Imports: successful or failed import of the software catalog, charge unit data, and PVU table
v VM managers: adding, modifying, and deleting VM managers
v Updates to the scan configuration in the Scan Configurations page
Resource Utilization
The report shows the maximum utilization of license metrics other than PVU and RVU MAPC
over the last 30 days and the trend value of the maximum utilization over that period. For every
product, you can see the type and subtype of license metrics that a product uses as well as the
312
first and last time when each metric was reported. You can also see the path to the .slmtag file
from which the data was retrieved. The data is available only for products that deliver resource
utilization data. For more information, see: Utilization of other license metrics on page 306
Infrastructure
Computers
The report provides information about computers in your infrastructure, their operating systems,
IP addresses, and other information that can be used to identify them. You can also display
information about the computer health, for example:
v When the computer last connected to BigFix
v What version of client is installed on the computer
v What version of the catalog is available on the computer
v When was the last attempt to run the scan
v Whether the catalog-based, software ID tags, file system, or package data scan was successful
v Whether the computer misses scan results
v Whether it is running out of disk space
v Whether it misses some prerequisites
For every computer, you can see information about the installed software and its usage as well as
information about software packages and files that were discovered on the computer.
Computer Groups
Required permission: Manage Computer Groups
The report provides information about computer groups that are defined in your infrastructure.
The information includes the ID of the computer group, its name, and description. You can find
out how many computers and subgroups are in the computer group, and what is the number of
software items that are installed in that group. The report also provides information about the
contracts that are assigned to a computer group, with the acquisition and maintenance cost for
each contract.
Hardware Inventory
Required permission: View Hardware Inventory
The report provides information about the state of BigFix clients in your infrastructure. For every
computer on which a client is installed, you can view processor details, and the number of PVUs
assigned to each core. In the Default PVU Value column, you can see whether the number of
PVUs assigned to a particular processor was based on the PVU table or a default value was used.
A default value is used if a particular type of a processor is not listed in the PVU table.
Catalog
Software Catalog
Required permission: View Software Catalog and Signatures
The report provides information about the author and content of the software catalog: publishers,
software products, versions, releases, and signatures.
Signatures
Required permission: View Software Catalog and Signatures
313
The report provides information about signatures that are available in the software catalog. You
can find out what signature is used to detect each software item that exists in the catalog.
Catalog Audit
Required permission: View Catalog Audit
The report provides information about modifications that were made to the content of your
custom software catalog. For each modification, you can see detailed information about the
current status of the software entity, as well as its status before and after modification.
Contracts
Contract Usage Data
Required permission: Manage Contracts
The report provides information about contracts that you created for the software items. You can
see the relationship between the number of software products that you are entitled to use and the
actual number of software instances that are used. You can use the report to eliminate unused
licenses and track computers that use unlicensed instances of a software product.
Managing reports
You can manage the reports that are generated by BigFix Inventory so that they suit your needs. You can
customize the reports by applying filters and saving your personal settings for future use. You can also
export the reports to a CSV or PDF file, and schedule report emails so that specified recipients are
notified when important events occur.
Applying report filters

The type of information that is displayed on all reports is set by default. If you find the information
either insufficient or excessive, you can apply report filters to adjust the amount of information to your
needs. You can also specify whether to automatically size column widths.
Procedure
1. In the top navigation bar, click Reports and select the report that you want to view.
2. In the upper right corner, click Configure View to access the filtering options.
3. To add a filter, click the plus sign (+).

Tip: Click the trash can to delete a filter.
4. Select the filter operator. The filter operators that are available depend on the type of column header
you are filtering on.
314
5.
6.
7.
8.
Restriction: When you use the IP Address operator and specify the relation as ends with, no
computers are displayed even if some computers match the criteria. To work around this issue, you
can choose other relations, such as contains or begins with.
Enter the value that you want to use as a filter.
If you are adding multiple filters, select all or any from the drop-down list.
If you select all, then only items that meet every condition are shown. If you select any, items must
meet only one of the conditions to be shown.
Optional: Specify whether to automatically size column widths.
By default, columns are automatically resized to best fit the width of your browser. If your browser
window changes in width, the report columns automatically adjust in width. You can also adjust the
columns manually, if needed.
To disable automatically resizing column widths, clear the Autosize Columns check box. The width of
all the columns becomes minimal. You can adjust the width of columns manually. A horizontal scroll
appears if needed.
Click Submit.
Exporting reports to a file

If you need a hardcopy of a report that is generated in BigFix Inventory you can export the report to a
CSV or PDF file. You can also use the CSV file to create charts and statistics that are based on the
information from the report.
Procedure
1. In the top navigation bar, click Reports and select the report that you want to view.
2. To export the report into a file, click one of the following toolbar buttons:
v
- Generates a PDF file.
- Generates a CSV file.
Note: If your reports are not displayed correctly, see: User interface problems.
Saving customized report views

You can specify report filters and parameters that you want to reuse and save a customized report view.
You can also set a customized report view as your default view or, if you are an Administrator, as a
default view for all users. You can also send saved report views to other users of BigFix Inventory.
Procedure
1. Open the report for which you want to create a customized view.
2. To customize the report view, click Configure View. Add or remove columns and apply filters, then
click Submit. Resize and sort the report columns by clicking and dragging.
315
3. In the upper left corner, click Save As. Specify the name of the report. You can also choose one of the
following options:
v If you do not want other users of BigFix Inventory to view your customized report, select Private.
v If you want the customized view to be your default view for the particular report, select Set as
default.
Tip: If the Administrator set a customized view as global default for a particular report, you can
overwrite this setting by creating your default view. Your settings take precedence over the global
settings.
v If you want the customized view to be the default report view for all users of BigFix Inventory,
select Set as global default. You must be an Administrator to perform this task.
Changing the default report view:
To change the default view that you set for a particular report, you must first clear the settings and then
set the new customized view.
Procedure
1. Open the list of all saved reports by clicking Reports > Saved Reports.
2. Open the report for which you want to edit or change the default customized view.
3. Clear the Set as default or Set as global default check box, and click Save.
4. Open the report for which you want to change the default view and customize it according to your
needs.
5. In the upper-left corner, click Save As, specify the report name and select the Set as default or Set as
global default check box. Click Create.
Viewing and sending saved report views:
You can send the customized report views to other users of BigFix Inventory.
Procedure
v To see the list of all saved reports, click Reports > Saved Reports.
v To view a saved report, click the name of a saved report in the Name column.
v To modify a saved report, click the row in which the saved report is located. In the Edit Report
section, type the new name of the report. You can change the privacy status of the report by selecting
or clearing the Privacy check box. You can also select whether to save the report view as your default
view or as global default.
v To send the report to other users of BigFix Inventory by email, click the row in which the saved report
is located. Select the Report Subscription check box in the bottom of the window. Specify the report
format and recipient email address. You can also specify the starting date and frequency of sending the
report.
316
Scheduling report emails

You can schedule report emails so that reports are automatically sent to the specified recipients by email.
This option is especially useful if a person does not work with BigFix Inventory or is not familiar with
the application, but must have access to the reports.
Before you begin

v Configure mail notifications.
v Save the report that you want to send.
v Set a different start time for each report.
Procedure
Open the report that you want to send.
To schedule a report export, click Schedule. The Schedule Report Export window opens.
Select the file format of the report and adjust the page settings as necessary.
Specify the email address to which you want to send reports. If you want to specify multiple
recipients, separate their email addresses with commas.
5. Define the start time and frequency of sending the reports. The start time for each report must differ
by at least 5-10 minutes.
6. Select the language of the reports.
7. To save the export schedule, click Save.
1.
2.
3.
4.
Contracts
You use contracts to track license compliance for the software products that are installed in your
environment. When you purchase a software license, you create a contract that contains information
about the cost of acquiring and maintaining the license, and the period of entitlement. You use that
information to track spending that is associated with software licenses and manage costs of extending or
317
downsizing licenses for the software products. You can also avoid costs that are related to license
non-compliance by ensuring that enough software licenses are purchased.
Maintaining contracts
You can create contracts to store information about your software licenses, their cost, and periods of
entitlement. If there is a discrepancy between software entitlement that you defined in the contracts and
your infrastructure, you must balance your software or modify the contracts.
About this task

The following workflow shows one way of maintaining accurate contracts and is intended as a starting
point for new users. You can use your own method of ensuring that your contracts are up-to-date and
accurate.
1. Enter your contracts in BigFix Inventory to store the
information about your software licenses, their cost,
and the period for which they entitle you to use the
particular piece of software.
Start
Enter your contracts
2. Optional: Modify your computer groups. If the existing

computer groups are not adequate for your contracts,
create new computer groups or edit the existing ones
to improve the distribution of your contracts.
Modify computer groups
3. Make changes to your software catalog. To correctly

identify the components of various software products
in your infrastructure, ensure that your software
catalog is always up-to-date. Periodically import a
software catalog that contains the most recent software
products. Also, manually add those products that are
installed in your infrastructure but do not have
corresponding entries in the catalog.
Make changes to your

catalog
Import data from

IBM BigFix
4. Import scan data from IBM BigFix to make your

changes available to BigFix Inventory.
View contract usage report
There are
too many
licenses.
5. View the contract usage report to verify what your

current usage of the licenses is:
What is the current

status of your licenses?
There are
not enough
licenses.
The software items are

on the wrong computers.
Buy more
licenses
Install missing
software
Do you want
to keep the software
YES
Modify
your
contracts
NO
Uninstall
the
software
Scan the computers in your

infrastructure
Import the latest inventory data from

IBM BigFix
You have accurate record of your software contracts.
318
v If you have more licenses than software instances,

you can deploy more software instances within your
infrastructure.
v If you have more software instances than licenses,
you can buy more licenses or uninstall the software
from some of the computers.
v If the software is installed on the wrong computers,
you can modify the contracts so that they apply to
the computers on which the software is installed.
You can also uninstall the software from the
computers that are not entitled.
6. Scan the computers in your infrastructure to obtain the
latest software data that reflects the changes in your
contracts.
7. Import software scan data to BigFix Inventory to
generate accurate reports.
Creating contract custom fields

You can customize your contracts by creating custom fields that store information of your choice about
the software licenses in your environment. Choose a meaningful name for each custom field to reflect its
purpose. After you create a custom field, it is available in the Create Contract pane, among other fields
that are required to create a contract.
Before you begin

You must have the Manage Contracts permission to perform this task.
Procedure
1. In the top navigation bar, click Management > Contract Custom Fields.
2. To create a custom field for a contract, in the upper left corner of the Contract Custom Fields window,
click New.
3. In the Create Contract Custom Field pane, enter the name of the field, specify whether the field is
required for a contract, and choose the type of the requested input.
4. To save the custom field, click Create.

5. To make the custom field available for the reports, click Reports > Import Now.
Results
You created a custom field for a contract. You can now create a contract or edit the existing ones to add
the values for the new fields.
Creating contracts
You create contracts to store information about your software licenses, their cost, and the period for
which they entitle you to use the software. The contracts are then used to generate a contract usage
report. It shows the number of software instances to which you are entitled and the actual number of
software instances that are used.
Before you begin

You must have the Manage Contracts permission to perform this task.
About this task

You can create a contract for a software product, its version, or a release. If you have an entitlement that
applies to all versions of a product, create a contract on the level of the product. It will cover all versions
and releases. If you have an entitlement for a specific version or release, create a contract on the
appropriate level to ensure that it covers the right software version or release. You can also create a
contract that covers multiple products, versions, and releases according to your entitlements.
319
Procedure
1. In the top navigation bar, click Management > Contracts.
2. To create a contract, in the upper left corner click New.
3. Enter the name of the contract and specify the software product, version, or release that you want to
assign to that contract. When you start typing, a list of suggestions is displayed below the search
field. It is based on the content of your software catalog. Choose a product from the list.
Important: The software product for which you want to create a contract must be in the software
catalog. If it is not available in the IBM catalog, create a custom catalog entry.
4. Choose the type of licensing that is used for the product that you assigned to the contract:
v Choose Seats if a limited number of product instances can be deployed. Additionally, you must
specify the number of software instances that you are entitled to under the license.
v Choose ELA if an unlimited number of product instances can be deployed.
5. Choose the computer group to which you want to assign the contract. Provide the acquisition and
maintenance cost, and the entitlement start date. You can also specify the entitlement end date, and
the maintenance start and end dates.
Important: Acquisition cost is the total cost of the license for a particular product. If you create a
contract for a specific number of seats, provide the total cost of acquisition for all seats.
320
6. To save the contract, click Create.

7. To make the contract available for generating a contract usage report, run an import.
Results
You created a contract that reflects your entitlement to use a particular software product under the license
that you have for that product. You can now view the contract usage report to find out whether you
conform to the license regulations.
Contract usage report

Contract usage report shows the relation between the contracts for software licenses and the software
products that are installed in your infrastructure. Before you can analyze the report, you must be familiar
with the meaning of the report columns and the calculations on which the information is based.
Contract usage report shows the relation between the number of software product instances that you are
entitled to under a particular license and the actual number of software instances that are being used.
You can analyze the report and use the information that it provides to reduce license-related spending.
You can eliminate unused licenses and track computers that use unlicensed instances of a software
product. The information in the report columns and the calculations on which the information is based
are explained in the table.
Each software product should be assigned to only one contract. If you specify the same product in
multiple contracts, instances of the product might not be assigned to the most cost-effective contract. The
current implementation is simple and thus the assignment of the product instance to a contract depends
on the order in which contracts are evaluated. The product is assigned to the best contract from the
contracts that were already evaluated, not from all contracts that are available.
Table 77. Columns in the contract usage report
Name of the
column
Contents
Name
Name of the contract.
Entitled
Computers
Computers that are entitled to use the software.
Licensed
Computers
Computers that are entitled to use the software and have this software installed.
Total Licenses
Number of licenses for the particular software product that are available. If the product is licensed
per computer, the number of computers entitled to use the product is provided. If an unlimited
number of products can be deployed under the particular license, the column includes the
abbreviation ELA (Enterprise Licensing Agreement). Higher-level users can define a contract that
applies to a broad group. If lower-level users view a contract usage report that is defined in such a
way, they see the larger total number of licenses for the product. However, when the lower-level
users view the list of instances, they see only those instances of the product for which they have
permissions.
For example, a global administrator defines a contract for 5000 instances of Lotus Notes, out of
which 3500 instances are used. A lower-level user has an infrastructure that consists of 100
computers. The user is entitled to 100 instances of Lotus Notes, but only 70 instances of the product
are used. If the global administrator makes the contract viewable to the lower-level user, the user
sees that 3500 instances of Lotus Notes out of 5000 available instances are used. However, when
lower-level users view the list of instances that are pertinent to their computer group, they see only
the numbers that reflect the use of licenses in their computer group. The report shows 70 used
instances of Lotus Notes out of 100 instances available under the particular license.
321
Table 77. Columns in the contract usage report (continued)

Name of the
column
Contents
License Delta
Difference between the number of software product instances that you are entitled to under a
particular license and the actual number of software instances that are used. If the license delta is a
positive number that is displayed in green, the number of product instances that are used does not
exceed the license entitlement. If the license delta is a negative number that is displayed in red, the
number of product instances that are used exceeds the license entitlement.
Cost Delta
Difference between the cost of purchasing the license for the particular software product and the
cost of used or unused instances of that product. If the cost delta is a positive number that is
displayed in green, the number of product instances that are used does not exceed the license
entitlement. The number indicates that you have some spare licenses that you can distribute in
your enterprise or that you can reduce the license-related cost by not extending the excessive
licenses. If the cost delta is a negative number that is displayed in red, the number of software
product instances that are used exceeds the license entitlement. You must either reduce the number
of product instances used or purchase licenses for more instances of the software product.
Acquisition
Cost
Overall cost of purchasing the license for the particular software product.
Cost per Seat
Cost of the license for the software product for each product instance.
Extended discovery of Oracle Database

You can retrieve granular information about the edition (Standard or Enterprise), options, and
Management Packs (including Oracle Real Application Cluster, RAC) of Oracle Databases that are
deployed in your environment. When you combine this information with the collected hardware
inventory data, you can use it to calculate the demand for Oracle Database licenses. The functionality is
supported for Oracle Database 10.2, 11.2, and 12.1.
Table 78. Operating systems on which Oracle Database can be discovered
Oracle Database
version
Edition
12c Release 1:
12.1.0.2.0 1)
Enterprise
11g Release 2:
12.1.0.1.0
Enterprise
and Standard
11g Release 1:
11.2.0.1.0
Enterprise
and Standard
10g Release 2:
10.2.0.1.0
Enterprise
and Standard
3)
Windows
3)
AIX
Linux
6.1,
64-bit2)
Red Hat Enterprise Linux 7, x86-64
2012 R2, 64-bit
Red Hat Enterprise Linux 6.5, x86-64
2008 R2, 64-bit
Red Hat Enterprise Linux 5.6, x86-64
2008, 64-bit
SUSE LinuxEnterprise Server 11, x86-64
2003, 64-bit
SUSE LinuxEnterprise Server 11, x86
8, 64-bit
SUSE LinuxEnterprise Server 10, x86-64

1)
2)
3)
Official Oracle SQL auditing script supports Oracle DB 11.2 only.

The discovery of Oracle database installations on AIX WPAR is currently not supported.
The operating systems on which Oracle discovery was tested.
Note: Express edition of Oracle Database is not discovered.
Coverage of Oracle licensable options

Check which options can be discovered for a particular version of Oracle Database. The options are
discovered by the official Oracle SQL auditing script.
322
Table 79. Coverage of Oracle licensable options

Oracle
SQL
script
coverage
Licensable Options for the Enterprise Edition

of Oracle Database
12c R1
11g R2
11g R1
Oracle Active Data Guard
Oracle Advanced Compression
Oracle Advanced Security
Oracle Database In-Memory
Oracle Database Vault
Oracle Label Security
Oracle On-Line Analytical Processing (OLAP)
Oracle Partitioning
Oracle Real Application Clusters (Oracle RAC)
10g R2
10g R1
Oracle Advanced Analytics
Oracle Multitenant
Oracle Real Application Clusters One Node

Oracle Real Application Testing
Oracle Spatial Graph

Management Packs
Total Recall
Data Mining
Spatial
Warehouse Builder
Oracle Change Management Pack
Oracle Configuration Management Pack
Oracle Diagnostic Pack
Tuning Pack
Oracle Provisioning and Patch Automation Pack
Transparent Gateways
Oracle Cloud Management Pack for Oracle
Database
Oracle Data Masking Pack for Oracle and
Non-Oracle Databases
Oracle Database Lifecycle Management Pack for

Oracle Database
In-Memory Database Cache
Oracle TimesTen Application-Tier Database
Cache
Discovering Oracle Database software

To retrieve detailed information about Oracle Databases that are installed in your infrastructure, add the
Oracle auditing script to the Master Action site, and run the Get Oracle Features task. When the
information is imported to BigFix Inventory, it is displayed on the Oracle Databases report.
323
Procedure
1. Download the options_packs_usage_statistics.sql script from the Oracle support website. If the
script is not available under this link, refer to Oracle documentation specific to your version of the
database for more information:
v Oracle Database 12c
v Oracle Database 11g
Important: To download the script, you must have a valid Oracle account. It is recommended that
you contact Oracle License Management Services to ensure good cooperation.
2. Add the downloaded SQL script to the Master Action Site and send it to the endpoints.
a. In the top navigation bar of the BigFix console, click Tools > Add Files to Site.
b. From the drop-down list, choose Master Action Site.
c. Click Browse and go to the directory in which the script is located.
d. Select the script and click Open.
e. Select the Send to clients check box and click Add files. All endpoints that are subscribed to the
site download the script.
Tip: You might also create a Fixlet that deploys the script to the following directory on selected
endpoints:
v UNIX: /var/opt/BESClient/LMT/ORACLE
v Windows: C:\Program Files (x86)\BigFix Enterprise\BES Client\LMT\ORACLE
3. To retrieve information about the edition and features of the installed databases, run the Get Oracle
Features task.
a. In the navigation tree, click Sites > External Sites > IBM BigFix Inventory > Fixlets and Tasks.
b. In the upper right pane, select Get Oracle Features.
c. Optional: To enable debug logging, select the Debug mode check box. The information is logged
in the script_trace.txt file that is in the following location:
v UNIX: /var/opt/BESClient/LMT/ORACLE
v Windows: C:\Program Files (x86)\BigFix Enterprise\BES Client\LMT\ORACLE
d. To run the task, click Take Action. On the Target tab, select computers from which you want to
retrieve the information, and click OK.
Tip: To check whether the task completed successfully or to troubleshoot a problem, go to Analyses,
right-click Oracle Features Health Check , and then click Activate.
4. Run the software scan. Select the Software identification tags scan.
5. When the scan finishes, upload its results to the BigFix server.
324
6. To make the data available in BigFix Inventory, wait for the scheduled import of data or run it
manually.
7. To view the discovered software, log in to BigFix Inventory, and click Reports > Oracle Databases.
You can also view the Software Installations report.
325
326
Chapter 7. Tutorials
The tutorials are available to help you understand how to use the product.
Tutorials consist of modules that focus on helping you accomplish broad goals,
such as managing software catalog. Modules consist of tasks that tell you,
step-by-step, how to configure a specific setting.
Tutorial: Simplified catalog management

This tutorial teaches you how to manage your custom catalog in BigFix Inventory. You will learn how to
download and update the software catalog, create and edit custom publishers, products, and simple
software signatures that are used to detect the software in your infrastructure.
Learning objectives
In this tutorial, you learn to do the following tasks:
v Download the latest software catalog from IBM BigFix server
v Update the software catalog that you downloaded
v Import software scan data from IBM BigFix server
v Create a catalog entry
v Edit a catalog entry
v Delete a catalog entry
Time required
60 minutes
Lessons in this tutorial

The tutorial contains the following lessons:
1. Lesson 1: Downloading a new software catalog.
2. Lesson 2: Updating software catalog.
3. Lesson 3: Importing software scan data.
4. Lesson 4: Creating software signatures on page 330.
Lesson 1: Downloading a new IBM software catalog

In this lesson, you learn how to download the latest software catalog through the IBM BigFix server.
About this task

The Software Catalog Update task downloads a compressed file that contains a software catalog in an
XML format and two CSV files with charge unit data. Charge unit data consists of information about
charge unit definitions, their relations with the products, and additional parameters. The part numbers
file contains information about part numbers that are used for software licensing purposes.
327
Procedure
Start the IBM BigFix console.
On the navigation bar, click Sites > External Sites > IBM BigFix Inventory > Fixlets and Tasks.
In the upper-right pane, click Software Catalog Update, and then click Take Action.
Choose which files you want to download:
v The software catalog, charge unit data, and the part numbers file compressed into a single file
v Only the software catalog
v Charge unit data and part numbers compressed into a single file
5. Click the name of the computer to which you want to download the software catalog, and click OK.
1.
2.
3.
4.
Results
Results
The software catalog is downloaded to the following location:
Windows
Linux
Lesson checkpoint
You learned how to download the software catalog from the IBM BigFix server.
Now, you must update the catalog in BigFix Inventory. Proceed to the next lesson to learn how to do it.
Lesson 2: Updating the software catalog

In this lesson, you learn how to update the software catalog and charge unit data by uploading it to
BigFix Inventory. You should update the software catalog on a regular basis and check for updates every
month to keep your software inventory up-to-date.
Before you begin

Procedure
1.
2.
3.
4.
Download the catalog from the BigFix console.

In the navigation bar, click Management > Catalog Upload.
Click Browse and select the appropriate compressed file.
Windows
Linux
328
5. To upload the catalog, click Upload.
Results
Results
The software catalog file is listed in the table. The status is Pending until you import the scan data to
process it.
Lesson checkpoint
You learned how to update the software catalog in BigFix Inventory.
Before you can use it, you must import software scan data to process the changes and to make sure that
all data and settings are up to date. Proceed to the next lesson to learn how to import software scan data.
Lesson 3: Importing software scan data

In this lesson, you learn how to import software scan data. The inventory results are stored on the BigFix
server. To import software scan data, the software catalog and other settings that changed since the last
update, you must extract the data from BigFix server and load it into the BigFix Inventory.
Before you begin

Procedure
Lesson checkpoint
You learned how to import software scan data. Remember to schedule a regular import so that all your
data is always up to date.
You already know how to download the software catalog, update it in BigFix Inventory, and import
software scan data. Now, you can learn how to customize your catalog by creating new catalog entries,
editing the existing ones, or deleting those that you no longer need. Proceed to the next lesson to learn
how to create catalog entries.
329
Lesson 4: Creating software signatures

In this lesson, you learn how to create signatures for identifying products that you expect to discover but
are not reported or are missing from the software catalog.
About this task

To create a software signature, identify a file or package that is specific for the product and can be used
for discovery purposes. If you create a file-based signature, it is used for both discovery and usage
monitoring unlike a package-based signature that is used for discovery only. To avoid false-positive
discovery, it is best to create a signature that is based on both a file and package data.
Procedure
1. To avoid unnecessary work, verify that the product is not in the software catalog. In the catalog
search, type Live Project Premium Viewer, and click Search.
Tip: If searching for the full product name does not return any results, try using different key words.
For example, search for Live Project Viewer or Live Project.
2. Optional: If Live Project Premium Viewer was installed recently, initiate the software scan to ensure
that the data from the computers on which the product is installed is up-to-date and accurate.
a. Log in to the BigFix Inventory console.
b. In the navigation tree, click Sites > External Sites > IBM BigFix Inventory > Fixlets and Tasks.
c. In the top pane, click Initiate Software Scan, and then click Take Action.
d. Open the Applicable Computers pane and select a computer or computers on which Live Project
Premium Viewer is installed. Then, click Take Action.
e. When the software scan finishes, upload its results. Click Upload Software Scan Results, and then
click Take Action.
f. Open the Applicable Computers pane and select a computer or computers on which Live Project
Premium Viewer is installed. Then, click Take Action.
330
g. In BigFix Inventory, run an import to retrieve the latest scan data from BigFix. In the top
navigation bar, click Management > Data Imports, and then click Import Now. Wait for the
import to finish.
3. To find information about files that were discovered in your infrastructure, click Reports > Scanned
File Data.
4. To narrow down the result, click Configure View and specify filtering parameters. For example,
narrow down the results to entries in which the computer name is the name of the computer on
which Live Project Premium Viewer is installed and the installation path contains the words Live or
Project. Then, click Submit.
5. To create a signature, click the arrow sign next to the file name and then click Create Signature.
331
6. In the Create Catalog Entry pane, specify the publisher name, product name, and release number of
the product. Then, click Submit.
Note: The file size and version are pre-filled by default. However, if they do not fulfill certain
requirements, they might lead to false-positive discovery. Specify the file version if it is in sync with
the version of the product or is changed with every release. Otherwise, specify only the file size.
You created a file-based signature that allows for discovering Live Project Premium Viewer and
measuring its usage.
7. Optional: To increase the accuracy of the signature and avoid false-positive discovery, you can specify
a package that must also be present on the computer for the product to be discovered.
a. To view package data, click Reports > Package Data.
b. To narrow down the result, click Configure View and specify filtering parameters. For example,
narrow down the results to entries for which the vendor contains the word KaDonk and the
package name contains the word Live. Then, click Submit.
c. Write down the information about the package name, version, and vendor.
332
d. To add this information to the signature that you created in step 6, click Management > Catalog
Customizations, and search for the signature.
e. In the Edit Signature pane, select The following installation package is found and provide the
package name, version and vendor. Then, click Save.
Tip: In the release field, use a wildcard (*) to cover the whole release, including fix packs and
mod-releases.
8. Wait for the scheduled import to refresh the data. When the import finishes, verify whether Live
Project Premium Viewer is discovered.
a. To view information about the installed software, click Reports > Software Installatios.
b. To narrow down the results, click Configure View and specify filtering parameters. For example,
narrow down the results to entries in which the software name contains the words Live Project.
Then, click Submit.
Information about the discovered instances and usage data is displayed.
Lesson checkpoint
You learned how to create a signature that discovers software when a specific file and package are
present on the computer.
Tutorial: Bulk software classification using external tools

This tutorial teaches you how to rebundle products using the REST API and a cURL command line tool.
333
Learning objectives
In this tutorial you learn to do the following tasks:
v Reassign software instances.
v Exclude software instances.
Time required
120 minutes. If you explore other concepts that are related to this tutorial, it might take longer to
complete.
The order of lessons

This tutorial contains two lessons. Complete them in order.
Lessons in this tutorial

1. Lesson 1: Reassigning large quantities of software instances.
2. Lesson 2: Excluding software instances from usage calculations.
Lesson 1: Reassigning large quantities of software instances

This lesson shows you how to reassign large quantities of software instances with the REST API and a
cURL command line tool. You can use the information in this lesson to implement an automatic external
tool for large scale rebundling.
Before you begin

You must have root operating system privileges.
About this task

After software scan data is imported from the IBM BigFix server, software instances are automatically
associated with products based on automatic bundling rules. If some instances are assigned to the wrong
product, they must be reassigned correctly.
In this lesson, some instances of Tivoli Storage FlashCopy Manager are assigned to the wrong product.
The Tivoli Storage FlashCopy Manager product is only installed on computers with a host name that
begins with nc04, and only on Linux computers. You reassign all other instances of Tivoli Storage
FlashCopy Manager to a release of IBM Tivoli Storage Manager.
Important:
v Some of the commands in this lesson are long, and for the purposes of presentation, some line breaks
were introduced. Treat each line break as a space.
v You must add token ID at the end of each cURL command. To obtain the token,
1. In the BigFix Inventory user interface, click Management > Users.
2. Click the user name.
3. In the lower part of the page, click Show token.
Procedure
1. Log on to your computer and start the command line interface.
2. Retrieve a list of all products that are discovered in your environment. Run the following command:
curl -v -X GET http://server_url:server_port/api/sam/swinventory/products?
token=token_ID
334
3. Review the list to obtain the product ID for IBM Tivoli Storage FlashCopy Manager.
{
"id": "16790",
"level": "product",
"isConfirmed": "false",
"productReleaseComponent": "IBM Tivoli Storage FlashCopy Manager",
"children": "true",
"nmbOfAllRows": "44",
"confidence": "11",
"type": "root"
}
4. Retrieve all releases for the product. Use the product ID you obtained in the previous step. Run the
following command:
curl -v -X GET http://server_url:server_port/api/sam/swinventory/product/16790/
releases?token=token_ID
5. Review the list to obtain the release IDs for IBM Tivoli Storage FlashCopy Manager.
{
"label": "name",
"identifier": "id",
"numRows": "1",
"items": [{
"id": "985",
"level": "release",
"numberOfAllInstances": "5",
"productReleaseComponent": "IBM Tivoli Storage FlashCopy Manager 3.1",
"children": "true",
"confidence": "11"
}
6. Retrieve a list of all instances for the releases. Use the release IDs you obtained in the previous step.
curl -v -X GET http://server_url:server_port/api/sam/swinventory/release/985/
instances?token=token_ID
7. Review the list to obtain the product inventory IDs for instances of IBM Tivoli Storage FlashCopy
Manager that meet your criteria.
Instances that are not installed on a computer with a host name that begins with nc04, or that are
not installed on a Linux computer.
Note: You might need to filter the list by using an external tool.
{
"isCharged": "true",
"operatingSystem": "AIX 6.1",
"currentServerId": "IBM 8233 06A851P",
"updateTime": "1381322771321",
"children": "false",
"hostname": "NC107073",
"confidence": "11",
"productInventoryId": "134",
"id": "134",
"level": "instance",
"bundleRules": "the relation in the software catalog, the stand-alone pr
oduct discovery",
"isAgentDeleted": "false",
"processorType": "IBM(R) POWER7 (750, 755, 775 servers) Multi-core All E
xisting",
"productReleaseComponent": "IBM Tivoli Storage Manager Client 6.3",
"pvuPerCore": "100",
"installationPaths": "/IBM Software/TSM",
335
"isSimple": "false"
},
{
"operatingSystem": "Win2008R2 6.1.7601",
"currentServerId": "TLM_VM_42362841-6b4e-ea26-9755-07b28dc0fd41",
"updateTime": "1381322771321",
"hostname": "VMW009128109094",
"confidence": "11",
"id": "137",
"bundleRules": "the relation in the software catalog, the stand-alone pr
oduct discovery",
"processorType": "Other Other One core All Existing",
"productReleaseComponent": "IBM Tivoli Storage Manager Client 6.3",
"pvuPerCore": "100",
"installationPaths": "C:\\IBM Software\\TSM",
"isSimple": "false"
}
8. Retrieve a list of the releases where instances can be reassigned to. Use an instance ID you obtained
in the previous step. Run the following command:
curl -v -X GET http://server_url:server_port/api/sam/swinventory/
targetBundlesOfInstances?productInventoryId=134&token=token_ID
9. Review the list to obtain the IBM Tivoli Storage Manager release ID you want to reassign the
instances to.
{
"id": "33424",
"appliedRules":
"the infrastructure co-location, the relation in the software catalog",
"releaseId": "33424",
"isSelected": "false",
"branchType": "0",
"confidenceLevel":3,
"isShared": "false",
"productName": "IBM Tivoli Storage Manager 6.3",
"productInventoryId": "134},
}
10. Reassign the releases by running the following command:

curl -v -X POST http://server_url:server_port/api/sam/swinventory/reassign -d
"productInventoryId=inventory_IDs&productId=release_ID&updateTime=timestamp"?token=token_ID
Where:
v inventory_IDs Are the instances to reassign
v release_ID Is the product release to reassign to
v timestamp Is the update time that is expressed in milliseconds. The timestamp must be equal to or
greater than the timestamps retrieved as a property of the instances to reassign, in step.6 on page
335
For example:
curl -v -X POST http://server_url:server_port/api/sam/swinventory/reassign -d
"productInventoryId=134,137&productId=33424&updateTime=9949237658579"
An HTTP response 204 is received. The selected instances are reassigned to the new release.
336
Lesson 2: Excluding software instances from usage calculations

This lesson shows you how to exclude products from license usage calculations with the REST API and a
cURL command line tool. You can use the information in this lesson to implement an automatic external
tool for large scale rebundling.
Before you begin

You must have root operating system privileges.
About this task

In this lesson, a customer uses resource value unit (RVU) subcapacity licensing for some BigFix
endpoints. All computers are subscribed to the IBM BigFix Inventory site in the BigFix console, and
software scans of the infrastructure are completed. The subscribed computers are 80% desktop computers
and 20% servers. Before an RVU report is generated, all desktop computers must be excluded from
license usage calculations.
Important: Some of the commands in this lesson are long, and for the purposes of presentation, some
line breaks were introduced. Treat each line break as a space.
Procedure
1. Start the command line interface.
2. To retrieve a list of all products that are discovered in your environment, run the following command:
curl -v -X GET http://server_url:server_port/api/sam/swinventory/products
3. Review the list to obtain the product IDs for IBM BigFix applications.
There might be many IBM BigFix applications. Search for all products that begin with "IBM BigFix".
{
"id": "21555",
"level": "product",
"productReleaseComponent": "IBM BigFix Lifecycle",
"children": "true",
"confidence": "23",
"type": "root"}
4. Retrieve lists of all releases for each of the IBM BigFix products, and retrieve lists of all instances. The
following commands are used for retrieving lists of releases and lists of instances.
curl -v -X GET http://server_url:server_port/api/sam/swinventory/product/product_ID
/releases
curl -v -X GET http://server_url:server_port/api/sam/swinventory/release/release_ID
/instances
5. Filter the lists of instances in an external tool, to obtain a list of all IBM BigFix product instances that
are installed on desktop computers.
You can use an external tool such as a spreadsheet to filter the lists. You can filter on a number of
criteria. A desktop can be defined as a computer that does not contain the word server in the
operating system name. The license type is not Windows server, and the computer model is not
VMware.
6. Using the inventory IDs from your filtered list, exclude all instances of IBM BigFix products that are
installed on desktop computers. To exclude instances, run the following command:
curl -v -X POST http://server_url:server_port/api/sam/swinventory/exclude -d
"productInventoryId=inventory_IDs&reason=no_licensing&updateTime=timestamp"
Where:
337
v inventory_IDs are the instances to reassign

v timestamp is the update time that is expressed in milliseconds. The timestamp must be equal to or
greater than the timestamps retrieved as a property of the instances to reassign, in step.4 on page
337
All instances can be entered separated by commas, for example:
curl -v -X POST http://server_url:server_port/api/sam/swinventory/exclude -d
"productInventoryId=134,137&reason=no_licensing&updateTime=9949237658579"
An HTTP response 204 is received. The selected instances are excluded.

7. Open the All IBM Metrics report, and click Recalculate, to update the RVU values for IBM BigFix.
338
Chapter 8. Security
You can configure different security features to adequately protect business assets
and resources in the data model when using BigFix Inventory.
Flow of data
There are several different interactions that occur between the components of the BigFix Inventory
infrastructure and between the user and tool.
IBM BigFix
Client computer
- console
TCP (HTTP/HTTPS)
ODBC connection-specific
Client computer
- browser
Client computer
Web interface certificate

TCP (HTTP/HTTPS)
TCP (HTTP/HTTPS)
Web Reports
database
Federated
user repository
Web user
interface
IBM BigFix server

BigFix
Client
VM manager tool
ODBC
BigFix
database
G TCP (HTTP/HTTPS)
REST API
Software
scans,
scanner
catalog
TCP
(HTTPS)
Core
business
logic
JDBC
JDBC
D TCP (HTTP)
TCP (HTTP/HTTPS)
Firewall
BigFix
Inventory
database
Relay
Internet
TCP (HTTP) D
E UDP
F ICMP
Virtualization
Virtualization
manager
manager
Fixlet servers
BigFix
Client
339
BigFix Inventory domain

A
Type
Connection
Description
Web browser data

traffic
Port
By default, the web browser connects to the BigFix Inventory server

using port 9081 (HTTPS). You can disable the SSL/TLS connection
tunnelling.
Origination
The web browser connects to the BigFix Inventory server.
Port
By default, the web browser connects to the BigFix Inventory server

using port 9081 (HTTPS). You can disable secure connection.
Origination
A client that uses REST API connections.
REST API data traffic
IBM BigFix domain

C
Type
Connection
Description
IBM BigFix Console

data traffic
Port
Consoles connect to root server using HTTPS 52311 for all

interactions
Origination
The IBM BigFix console connects to the RootServer service.
Network
controls:
There is a "refresh rate" for each IBM BigFix console user (default 15
seconds)
Gather, post, download Port
Port 52311 is configurable by the BigFix administrator at installation

time.
Origination
The BigFix client initiates the request to the BigFix relay or server.
Network
controls:
v Configurable bandwidth throttling to BigFix relay or clients

v Configurable gather interval. The default is 1 per day per fixlet
site.
v Configurable minimum time to wait between posts. The default is
15 seconds.
v Configurable temporal distribution (spread out downloads over
time) per action
v The ability to set "policy" to prevent computers from downloading
files if they are not pointed at the proper BigFix relay
UDP new
information message
Port
Port 52311 is configurable by the BigFix administrator at installation

time.
Origination
The UDP messages are sent from the BigFix clients' immediate
parent, which can be either a BigFix relay or server.
Network
controls:
v Configurable limit of the number of UDP messages sent at one

time from a BigFix relay
v Configurable limit of the amount of time to wait after sending
UDP messages from a BigFix relay
340
Type
Connection
Description
Relay selection
Port
The ICMP protocol does not use a port.
Origination
Each BigFix client sends progressive rounds of ICMP packets to

each relay with increasing TTLs until a BigFix relay responds. For
example, in a network of 2 relays, one 1 hop away and one 2 hops
away, the BigFix client sends an ICMP message to both with TTL 1
and receives 2 time exceeded messages from the local router. The
BigFix client then sends an ICMP message to both relays with TTL 2
and receives one time exceeded message and one reply message.
The BigFix client then chooses the relay that is one hop away.
Network
controls
v Relay auto-selection can be disabled.

v Configurable interval for when the BigFix clients perform
auto-selection
v Configurable limit on the maximum number of ICMP packets to
send out in a time interval
v Configurable limit on the maximum number of rounds to send
out during relay auto-selection
New data download

from external IBM
fixlet servers
Port
80 (typically); possibly 21, 443
Origination
The BigFix server connects to the IBM fixlet servers
Network
controls
There is a configurable interval that the BigFix server checks for new
fixlet messages.
The following database protocols are used:

v ODBC
v JDBC
Security configuration scenarios

When you configure security settings, ensure that the combination of security modes that you set up on
the side of BigFix and BigFix Inventory is supported.
Legend:
v U - the mode is enabled
v ANY - the mode is either enabled or disabled
Table 80. Security configuration scenarios
BigFix
BigFix Inventory
Enhanced
security
TLS 1.2
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
U
U
U
U
U
U
Not supported
Supported
Not supported
Supported
Not supported
Not supported
U
U
BigFix on Linux
and DB2
SHA1
SP800-131a
BigFix on
Windows and
MSSQL
Chapter 8. Security
341
Table 80. Security configuration scenarios (continued)

BigFix
BigFix Inventory
Enhanced
security
SHA1
TLS 1.2
U
U
U
U
ANY
SP800-131a
BigFix on
Windows and
MSSQL
BigFix on Linux
and DB2
Not supported
Not supported
Not supported
Not supported
Not supported
Not supported
ANY
Not supported
Not supported
Configuring secure communication

To ensure secure communication, BigFix Inventory uses public key cryptography, which is based on
algorithms that use two separate keys, a private key and a public key. This key pair is used to encrypt
and decrypt communication.
About this task

The private key encrypts communication. The public key, which is contained in a certificate, decrypts
communication. The use of SSL requires that you create both a private key and a certificate that is
associated with it. You can share the public key (certificate) can be shared with anyone, because it is used
only to read the communication. The safety of your communication depends mainly on your private key
that proves your identity, and must therefore be securely stored. The keys are created in such a way that
a message encrypted with the private key can only be decrypted with the public key that is associated
with it. If someone receives your public key and can decrypt your communication with this key, they
know for certain that you are the originator of the message and that it was not tampered with on the
way. Otherwise, the public key would be unable to decrypt it.
BigFix Inventory provides self-signed certificates by default, but they are not intended for production
environments. To improve security, create your own private key and a certificate signing request (CSR)
that can be transformed into a certificate after it is signed by a certificate authority (CA). By signing your
request, a CA approves your public key and certifies that it can be trusted. You can create your own
private CA, use the CA of your organization, or an internationally trusted CA, such as Entrust, VeriSign,
and so on.
The private key and the associated certificate are uploaded to BigFix Inventory. After enabling SSL,
anyone who connects to your server receives a certificate that contains your public key. All successive
communication that originates from the server is encrypted with your private key. After a user receives
the communication, it is decrypted with the certificate that they obtained from the server. If the certificate
can decrypt the communication, it is known for certain that the server is the originator of the message
and that it is valid.
Key pair requirements
Your key pair must meet the following requirements to be accepted by BigFix Inventory.
v Type: RSA or DSA.
v Key strength: maximum 2048 bits. This limitation is caused by IBM Java policy. You can use stronger
keys if you substitute default policy files with the unlimited jurisdiction ones. For more information,
see IBM SDK Policy files.
v Format: PEM-encoded. Such an encoding is ensured if you create the key pair by using openSSL. You
can also create your keys by using other methods, for example by using Makecert on Windows
operating systems. Such keys, however, are DER-encoded and therefore not supported by BigFix
Inventory. You can, however, convert other formats to PEM, for example by using openSSL.
342
Complete the following steps to create your key pair and to enable SSL. If you already have a key pair or
want to use the self-signed certificates, you can skip to enabling secure communication.
Creating private keys and certificates

To improve security, create your own private key and a certificate instead of using the self-signed ones
that are available in BigFix Inventory by default. You can use openSSL to create a private key and a
certificate signing request (CSR) that can be transformed into a certificate after it is signed by a certificate
authority (CA).
Before you begin

This procedure is valid for all operating systems that support openSSL.
Procedure
1. Open the command line.
2. Create a new private key.
openssl genrsa -out key_name.key key_strength -sha256
For example, openssl genrsa -out private_key.key 2048 -sha256

Where:
key_name
File name for your new private key.
key_strength
Key strength, measured in bits. The maximum value that you can use for BigFix Inventory is
2048 bits.
3. Create a certificate signing request (CSR). The request is associated with your private key, and is later
transformed into a certificate.
openssl req -new -key path_to_private_key.key -out csr_name.csr
For example, openssl req -new -key private_key.key -out CSR.csr

Where:
path_to_private_key
Path to your private key.
csr_name
File name for your certificate signing request (CSR).
After you run the command, you are asked to provide information that helps your users to identify
your certificate and ensure that it can be trusted. The following excerpt from the command line is
filled in with sample information:
Country Name (2 letter code) [XX]: US
State or Province Name (full name) []: New York
Locality Name (eg, city) [Default City]: New York
Organization Name (eg, company) [Default Company Ltd]: IBM
Organizational Unit Name (eg, section) []: Software
Common Name (eg, your name or your servers hostname) []: inventory.ibm.com
Email Address []: [email protected]
Results
After completing these steps, two files are created, your private key (.key) and the certificate signing
request (.csr). You must now sign the request to transform it into the certificate. For information about
how to create a private certificate authority (CA) to sign the request, see Signing certificates.
Chapter 8. Security
343
Signing certificates
Your certificate signing request (CSR) must be signed by a certificate authority (CA) to be transformed
into a certificate that can be uploaded to BigFix Inventory. You can use the openSSL cryptographic library
to create a private CA and sign your request.
Before you begin

Using a private CA to sign your request is not the only way. You can also send the request to
internationally trusted CAs, such as Entrust, VeriSign, and so on, or use the CA of your organization. The
certificates of these CAs are often trusted by default and do not display any warnings in the browser.
Warnings might be displayed if you use a private CA.
Procedure
1. Create a private certificate authority (CA) and a certificate for it.
a. Create a private CA. This step creates a private key (.key) and a request (.csr) similar to those
that you created in Creating private keys and certificates.
openssl req -new -newkey rsa:key_strength -nodes
-out CA_csr_name.csr -keyout CA_key_name.key -sha256
For example, openssl req -new -newkey rsa:2048 -nodes -out CA_CSR.csr -keyout
CA_private_key.key -sha256
Where:
key_strength
Key strength, measured in bits. The maximum value that you can use for BigFix Inventory
is 2048 bits.
CA_csr_name
File name for the certificate signing request (CSR). The certificate authority (CA) requires a
separate request.
CA_key_name
File name for the private key. The certificate authority (CA) requires a separate private key.
b. Create a certificate for your private CA. This step creates a certificate (.arm) that you can use to
sign your CSR.
openssl x509 -signkey path_to_CA_key.key -days
number_of_days -req -in path_to_CA_csr.csr
-out CA_certificate_name.arm -sha256
For example, openssl x509 -signkey CA_private_key.key -days 90 -req -in CA_CSR.csr -out
CA_certificate.arm -sha256
Where:
key_strength
Key strength, measured in bits. The maximum value that you can use for BigFix Inventory
is 2048 bits.
path_to_CA_csr
File name for the certificate signing request (CSR) that you created for the certificate
authority (CA).
path_to_CA_key
File name for the private key that you created for the certificate authority (CA).
number_of_days
Number of days for the new certificate to be valid.
344
CA_certificate_name
File name for the certificate of your CA. This certificate is used to sign your CSR.
2. Use the CA certificate to sign the certificate signing request that you created in Creating private keys
and certificates.
openssl x509 -req -days number_of_days -in path_to_csr.csr -CA path_to_CA_certificate.arm
-CAkey path_to_CA_key.key -out new_certificate.arm -set_serial 01 -sha256
For example, openssl x509 -req -days 90 -in CSR.csr -CA CA_certificate.arm -CAkey CA_key.key
-out certificate.arm -set_serial 01 -sha256
Where:
number_of_days
Number of days for the new certificate to be valid.
path_to_csr
Path to certificate signing request (CSR) that you want to sign.
path_to_CA_certificate
Path to certificate that you created for the certificate authority (CA).
path_to_CA_key
Path to the private key that you created for the certificate authority (CA).
new_certificate
File name for the new certificate that is created from your certificate signing request (CSR).
You upload this certificate together with your private key to BigFix Inventory.
Results
You signed your certificate signing request and obtained a new certificate. You can now enable SSL in
BigFix Inventory and upload your private key and the certificate. These files replace the self-signed
certificate that is already available in BigFix Inventory, and thus ensure secure communication.
Enabling secure communication

You can enable SSL to ensure secure communication between your server and all users that access it. You
can base your communication on self-signed certificates that are provided by default in BigFix Inventory,
but these certificates are not intended for production environments. To improve security, create your own
private key and certificate, and upload them to BigFix Inventory.
Before you begin

v The use of SSL is enabled by default, but this configuration is based on temporary self-signed
certificates that are not intended for production environments.
v Enabling or disabling the use of SSL changes the web address of your BigFix Inventory server. Ensure
that you run a data import afterward to update the address in the Fixlets that use it to download files
from the server.
Procedure
1.
2.
3.
4.

In the top navigation bar, click Management > Server Settings.
Select Use SSL. The Certificate subsection opens.
Optional: Select Use TLS 1.2.
Important:
v To use TLS 1.2, ensure that your browser supports TLS 1.2, and that it is enabled.
v To fulfill all the requirements for SP800-131 compliance, see: Enabling SP800-131 compliance.
Chapter 8. Security
345
5. Provide information about the certificate.

v If you have a private key and a certificate:
a. Select Import a PEM encoded private key and certificate.
b. Click Browse to locate the files in the computer file system.
c. In the Private key password field, enter the password for the key.
d. Click Save.
Note: The certificate and the key must be PEM-encoded.
v If you want to generate a new self-signed certificate:
Restriction: A self-signed certificate contains a public key, information about the owner of the
certificate, and the owner's signature. Because such a certificate is signed by its own private key, it
does not provide means to verify the origin of the certificate through a trusted certificate authority.
a. Select Generate a self-signed certificate.
b. Specify the certificate subject common name. The common name must correspond to the DNS
name of the BigFix Inventory server.
c. In the Expiration Date field, enter the date when the certificate expires.
d. Click Save.
Note: Most browsers display a warning message when a self-signed certificate is used.
Results
You enabled secure communication on your server. All outgoing communication is now encrypted with
the private key that you provided.
Assuring compliance with federal encryption standards

You can configure BigFix Inventory to be compliant with the Federal Information Processing Standard
requirements that are related to encryption.
Federal Information Processing Standard 140-2

Federal Information Processing Standards (FIPS) are standards and guidelines that are issued by the
National Institute of Standards and Technology (NIST) for federal government computer systems.
Government agencies and financial institutions use Federal Information Processing Standard (FIPS) to
ensure that the products conform to specified security requirements. For more information about these
standards, see the NIST website.
FIPS 140-2 is the standard that defines the security requirements for cryptographic modules that are used
within a system that handles sensitive but unclassified information. Compliance with the FIPS 140-2
standard has two aspects that affect BigFix Inventory: the algorithms that are used to manage sensitive
data must be FIPS-approved and a FIPS-approved implementation must be used when data is
transmitted with the SSL/TLS.
BigFix Inventory uses the FIPS 140-2 approved cryptographic providers for cryptography:
v IBMJCEFIPS (certificate 376)
v IBMJSSEFIPS (certificate 409)
v IBM Crypto for C (ICC) (certificate 384)
The certificates are listed on the NIST web site.
346
Configuring the server to achieve FIPS compliance

You can assure compliance with the FIPS 140-2 standard by modifying the configuration properties for
the underlying application server.
Procedure
1. Edit your java.security file that is in the following directory: installation_dir/jre/lib/security/.
Put the com.ibm.crypto.fips.provider.IBMJCEFIPS before the IBMJCE one in the provider list. Ensure
that the list is correctly numbered.
2. Add the -Dcom.ibm.jsse2.usefipsprovider=true property to the jvm.options file. The property
allows the Java Secure Socket Extension (JSSE2) provider to run in FIPS 140-2 mode.
Note: Your certificates must be at least 1024 bytes in size and can be signed with a DSA or RSA
signature algorithm. You can use the IBM keytool utility to generate a compatible key pair.
3. To use the TLS protocol, configure secure communcation.
A number of ciphers are supported by FIPS 140-2. The default SSL configuration automatically
enables the FIPS 140-2 compliant ciphers when JSSE is running in FIPS mode. You can enable specific
ciphers by listing them in the enabledCiphers attribute of the SSL configuration.
SP800-131 compliance
SP800-131 requires longer key lengths and stronger cryptography. The specification also provides a
transition configuration to enable users to move to a strict enforcement of SP800-131.
The transition configuration also enables users to run with a mixture of settings from both FIPS140-2 and
SP800-131. SP800-131 can be run in two modes, transition and strict. The transition mode is offered to
give you a setting to move your environment to SP800-131 strict mode. In transition mode, it is optional
to use the SP800-131 required certificates and to set the protocol to SP800-131.
The following requirements must be fulfilled to allow for the strict enforcement of SP800-131:
v The use of the TLS version 1.2 protocol for the Secure Sockets Layer (SSL) context.
v Certificates must have a minimum length of 2048 bytes. An Elliptic Curve (EC) certificate requires a
minimum size of 244-bit curves.
v Certificates must be signed with a signature algorithm of SHA256, SHA384, or SHA512. Valid signature
algorithms include:
SHA256 with RSA
SHA384 with RSA
SHA512 with RSA
SHA256 with ECDSA
SHA384 with ECDSA
SHA512 with ECDSA
v SP800-131 approved cipher suites.
For more information about the SP800-131 standard, see the web site run by National Institute of
Standards and Technology.
Enabling SP800-131 compliance

You can set up a BigFix Inventory profile to meet the SP800-131 requirement that is originated by the
National Institute of Standards and Technology (NIST).
Chapter 8. Security
347
Procedure
You can configure BigFix Inventory to run in SP800-131 strict or transition mode.
v To configure the product to run in strict mode:
1. Ensure that your server certificates meet the criteria for SP800-131.
For more information about SP800-131, see the National Institute of Standards and Technology
Special Publication 800-131A.
2. Modify your SSL configuration to use the TLS version 1.2 protocol.
3. Enable the Java Secure Socket Extension (JSSE) to run in SP800-131 strict mode: set the system
property com.ibm.jsse2.sp800-131 to strict. The property must be set in the jvm.options file, which
is in the installation_dir/wlp/usr/servers/server1 directory.
Example:
-Dcom.ibm.jsse2.sp800-131=strict
Note: If your server certificates do not meet the criteria for SP800-131 or if the TLS version 1.2 protocol
is not used, then after you restart the server you are not able to connect to BigFix Inventory. In this
event, you can remove the com.ibm.jsse2.sp800-131 property from the jvm.options file, or set the
property to transition.
v To configure the product to run in transition mode, enable JSSE to run in SP800-131 transition mode by
setting the system property com.ibm.jsse2.sp800-131 to transition. The property must be set in the
jvm.options file, which is in the installation_dir/wlp/usr/servers/server1 directory.
Example:
-Dcom.ibm.jsse2.sp800-131=transition
Authenticating users with LDAP

BigFix Inventory supports authentication through a Lightweight Directory Access Protocol server. To use
this feature, you must configure the BigFix Inventory server.
Configuring the connection to a directory server

To use LDAP for authentication of BigFix Inventory users, you must first configure a connection to your
directory server.
Before you begin

You must have the Manage Directory Servers permission to perform this task.
Procedure
1.
2.
3.
4.
In the top navigation bar, click Management > Directory Servers.

To create an LDAP connection, click New.
Enter a name for the new directory service.
In the LDAP server list, select the type of your LDAP server. If your LDAP server values are
different from the defaults, select Other and enter the values of filters and attributes of your LDAP
server. If you select Microsoft Active Directory Global Catalog, the Search Base field is disabled.
Important: The default values might need to be modified in particular for openLDAP servers due to
various implementations of openLDAP.
5. Type the name of Search Base. This parameter defines the location in the directory from which the
LDAP search begins.
6. If your directory server uses Secure Socket Layer protocol, select the SSL check box.
348
7. If your server requires authentication, clear Anonymous bind and provide a name and a password
for the user whose credentials are to be used for connecting to the directory server.
8.
9.
10.
11.
12.
Tip: If you selected Microsoft Active Directory, provide the user name as Active Directory logon
name or User Principal Name, for example [email protected]. Do not specify the user name in
the following way: DOMAIN/username.
In the Host text field, provide the host name or IP address of your primary LDAP server.
Accept the default port value or provide a new one.
Optional: To add a backup server:
a. Click add backup server.
b. Provide its host name or IP address and the port number.
To verify whether all of the provided entries are valid, click Test Connection. A confirmation pop-up
window opens.
Click Create. A confirmation message is displayed in the middle of the page.
Results
You configured a connection to your LDAP server.
Editing a directory server configuration

Procedure
1. On the Directory Servers page, click the name of the directory server whose configuration you want
to modify.
2. In the lower area of the window, enter the new parameters.
3. Click Save.
Deleting a directory server configuration

Procedure
1. On the Directory Servers page, click the name of the directory server whose configuration you want
to delete.
2. In the upper left area of the window, click Delete.
Linking users to directories

To complete an authentication process through LDAP, you must create a user that would link to the
created directory.
Before you begin

You must have the Manage Users permission to perform this task.
Procedure
1. In the top navigation bar, click Management > Users.
2. To create a user, click New.
3. In the User Name field, type the name of an existing user of an LDAP server.
Tip: For Active Directory users, the user name must be followed by a domain name, for example
[email protected].
4. From the list, select a Computer Group to which the user would be assigned.
5. From the Authentication Method list, select the name of an LDAP directory.
6. Click Create.
Chapter 8. Security
349
7. Optional: To delete the created user, click its name. Then, in the upper left of the window click
Delete.
Note: The deleted user cannot be re-created.
What to do next
To confirm authentication, log in to the BigFix Inventory server with the credentials of the LDAP user
that you created in BigFix Inventory.
User provisioning
After configuring a Directory Server, you can integrate its users with BigFix Inventory using the LDAP
protocol. With user provisioning, you can integrate whole groups of users instead of linking each of them
separately.
Before you begin

Configure a Directory Server.
Procedure
In the top navigation bar, click Management > User Provisioning.
Click New to create a new user provisioning rule.
In Group Names, start typing the name of a group of users from your Directory Server and then
choose one of the autofilled results.
5. In Roles, select the roles that will be assigned to the new users.
6. In Computer Group, select the computer group to which the new users will be assigned.
7. Click Create.
1.
2.
3.
4.
Results
You integrated your Directory Server users with BigFix Inventory. Each user is created in BigFix
Inventory after you log in to the application with that user. The user is assigned a role that is defined in
user provisioning. However, the role can be changed later on.
Important: If you want to log in with Active Directory users, the user name must be followed by a
domain name, for example [email protected].
Integrating users with Web Reports

You can use the Web Reports component to allow your Lightweight Directory Access Protocol (LDAP)
and Web Reports users to access BigFix Inventory.
Before you begin

Install the Web Reports component. The component is typically installed together with your IBM BigFix
server but you can also add it to your environment at any time. To do so, start the installation of IBM
BigFix and choose to install only Web Reports.
About this task

One of the Web Reports capabilities is integrating with an LDAP directory. This integration allows you to
view information about your LDAP users through Web Reports and to grant them right privileges to
access your IBM BigFix environment. If you create an entry for each user in BigFix Inventory, they will be
350
linked between the application and Web Reports. The linked users can then access BigFix Inventory with
the same credentials that are specified in Web Reports. Whenever you change the credentials in Web
Reports, they will also be valid in BigFix Inventory with no additional configuration.
Procedure
1. Connect your BigFix Inventory server to the Web Reports database.
b. In the navigation bar, click Management > Data Sources.
c. Click on your data source and fill in the connection parameters for the Web Reports database. The
required information will differ depending on the type of the database that you use. For more
information, see the following examples.
2. Each of your Web Reports users must be manually added to BigFix Inventory. After your complete
this action, the users will be linked with their equivalents in Web Reports:
a. In BigFix Inventory, click Management > Users.
b. Click New to create a new user.
c. Enter the user name that corresponds with a Web Reports user name.
d. Select the appropriate roles. The roles are not integrated between the applications and must be
selected manually for each user.
e. In the Authentication Method, choose Web Reports.
f. Click Create.
g. Repeat this action for each of your Web Reports users.
Results
The created user is linked with its equivalent in Web Reports. You can now use it to log in to BigFix
Inventory by using the same password that is specified in Web Reports. Whenever you change this
password in Web Reports, it will also be valid for logging in to BigFix Inventory.
Chapter 8. Security
351
Configuring and enabling single sign-on

You can now use the two-factor authentication and use single sign-on to log on to BigFix Inventory and
maintain login consistency with other applications in the enterprise. You can configure BigFix Inventory
to use two-factor authentication with single sign-on based either on the exchange of Simple Access
Markup Language (SAML 2.0) token and Microsoft Active Directory Federation Services as Identity
Provider or you can use the IBM Lightweight Third-Party Authentication (LTPA) technology and IBM
Security Access Manager for Web as the authentication service.
About this task

To enable debug logging for single sign-on in BigFix Inventory, put the following elements inside the
<web-app> element of the web.xml file.
<context-param>
<param-name>config.sso.debug</param-name>
<param-value>true</param-value>
</context-param>
Option 1: Configuring single sign-on based on Security Assertion

Markup Language token
You can configure single sign-on based on Security Assertion Markup Language (SAML) token and
Active Directory Federation Services (ADFS).
Before you begin

Important: If you disabled SSL in BigFix Inventory, you must enable it again. Otherwise, single sign-on
will not work. To enable single sign-on:
1. Log on to the BigFix Inventory web user interface.
2. In the top navigation bar, click Management > Server Settings.
3. Select Use SSL and click Save.
Once you log in as a single sign-on user, you cannot log out of BigFix Inventory. To be able to log in as
another user, clear the browser cache and log in as another user.
About this task

The following scenario presents a typical workflow for configuring BigFix Inventory to work with Active
Directory Federation Services. However, you might want to use other software products for enabling
single sign-on in your infrastructure.
Single sign-on based on the exchange of Security Access Markup Language token
Single sign-on based on the exchange of Security Access Markup Language (SAML) request has several
steps and uses an external Identity Provider server to authenticate the application user. BigFix Inventory
supports SAML version 2.0.
A SAML assertion is an XML-formatted token that is used to transfer user identity and attribute
information from the Identity Provider of a user to a trusted Service Provider as part of the completion of a
single sign-on request. A web user authenticates to a SAML identity provider, which produces an SAML
assertion, and the service provider uses the SAML assertion to establish a security context for the web
user. This exchange of authentication data involves the following parties.
Service Provider
BigFix Inventory - the application that requests the authentication service.
352
Identity Provider
The service that authenticates the application users, for example, Active Directory Federation
Services.
Application User
The person who uses several applications in one domain and who wants to single sign-on to
those business applications.
Application user
(web browser)
Service Provider
BigFix Inventory
1
2
BigFix Inventory
server generates
a SAML request.
Identity Provider
Active Directory Federation
Services (example)
User accesses
the BigFix Inventory
web user interface.
XML
BigFix Inventory
server redirects
the browser to
the single sign-on
URL.
4
3
Browser sends the SAML
7 response to the BigFix Inventory

3
URL.
8
3
BigFix Inventory
server verifies
the SAML
response.
6
3
XML
9
3
5
3
Identity Provider
parses the SAML
request and
authenticates
the BigFix Inventory
user.
Identity Provider
generates a SAML
response.
Identity Provider
returns the encoded
SAML response
to the browser.
User is logged in
to BigFix Inventory.
The following are the detailed steps that are completed during a typical single sign-on based on the
exchange of the SAML token:
1. You log in to the BigFix Inventory web user interface.
2. The BigFix Inventory server generates a SAML request.
3. The server redirects the browser to the single sign-on URL.
4. The Identity Provider server parses the SAML request and authenticates the user.
5. The Identity Provider server generates a SAML response.
6. The Identity Provider server returns the response to the web browser.
7. The BigFix Inventory server verifies the SAML response.
8. You are logged in to the application.
Step 1: Configuring single sign-on settings

As the first step, use the Single Sign-On Settings pane to configure single sign-on settings in BigFix
Inventory.
Chapter 8. Security
353
Before you begin

v Gather the following information.
ADFS login URL. Example format: https://ADFS_host_name/adfs/ls/
IdPInitiatedSignOn.aspx?LoginToRP=https://BFI_host_name:9081/ibm/saml20/defaultSP
Trusted Issuer URL. Example format: http://ADFS_host_name/adfs/services/trust
v Prepare the Identity Provider token signing key in the key_name.cer format.
v Create the BigFix Inventory users who will use the single sign-on function.
Important: During the creation of the users, select Single Sign-on as the authentication method.
Additionally, ensure that the users fulfill the following requirements:
All user names are fully-qualified names that contain the full domain name. For example:
[email protected].
At least one of the users is an Administrator.
Note: No user token is available after a single sign-on user is created. If you need the token, for
example to run REST API calls, ask the BigFix Inventory administrator to provide it for you.
v Back up the following files before you start configuring single sign-on:
server.xml
- Linux, UNIX: bfi_installation_dir/wlp/usr/servers/server1
- Windows: bfi_installation_dir\wlp\usr\servers\server1
web.xml
- Linux, UNIX: bfi_installation_dir/wlp/usr/servers/server1/apps/tema.war/WEB-INF
- Windows: bfi_installation_dir\wlp\usr\servers\server1\apps\tema.war\WEB-INF
v Ensure that SSL is enabled in both BigFix Inventory and Active Directory Federation Services.
v If you have a Linux BigFix Inventory server, you must create users following the camel case naming
convention if this is the way the users are defined in AD FS. For example, AdminK user is defined in AD
FS and it must also be created in BigFix Inventory installed on Linux. Otherwise, this user will not be
able to generate any audit snapshots.
Procedure
1. In the BigFix Inventory web UI, click Management > Single Sign-On Settings.
2. Select SAML as the single sign-on method.
3. Specify the URL of the web page that you will use to single sign-on to BigFix Inventory. Example:
https://ADFS_host_name/adfs/ls/IdPInitiatedSignOn.aspx?LoginToRP=https://BFI_host_name:9081
/ibm/saml20/defaultSP
Important: Ensure that the URL that you specified in the browser address bar is correct. There is no
validation of the address and if you make a typo in the URL, you might need to manually revert the
sso configuration.
4. Provide the Identity Provider certificate. Click Browse to locate the certificate that you already
created.
5. Provide the URL of the trusted certificate issuer. Example:
http://ADFS_host_name/adfs/services/trust
6. Click Save.
Note: When the SAML single sign-on entry is created, only the Delete button and the Download SP
Metadata link are enabled. If the download link is not found, you must restart the server.
7. Click the Download Service Provider Metadata link and save the spMetadata.xml file in a directory
on your computer.
354
Step 2: Configuring claim rule of relaying party trust on the AD FS server

As the second step, configure the BigFix Inventory server as a relying party to consume claims from the
Active Directory Federation Services (AD FS) server.
Procedure
1. Log on to the computer where Active Directory Federation Services are installed.
2. Copy the spMetadata.xml file from your computer to a directory on the AD FS server.
3. Click the Start rectangle in the lower-left area of the screen in Windows 2012 system and then click
the AD FS Management tile.
4. In the left navigation tree of the AD FS application, expand ADFS > Trust Relationships > Relying
Party Trusts.
5. In the Relying Party Trusts pane on the right, click Add Relying Party Trust. A wizard opens. Click
Start.
6. Select Import data about the relying party from a file.
7. Click Browse, select the spMetadata.xml file and click Open. Click Next.
8. On the new pane, provide the Display name for your ADFS service. Click Next.
9. Leave the option Permit all users to access the relying party selected and click Next.
10. On the Ready to Add Trust pane, click Next.
11. On the Finish pane, click Close. The Edit Claim rules window opens.
12. Click the Add Rule button in the lower-left corner. The Add Transform Claim Rule wizard opens.
Click Next.
13. In the Claim Rule template, type Name ID rule.
14. From the Attribute store drop-down list, select Active Directory.
15. In the Mapping of LDAP Attributes to outgoing claim types section, click the first drop-down list
and select User Principal Name. From the second list, select Name ID.
16. Repeat the step to achieve the following configuration and click Finish.
Table 81. Mapping of LDAP Attributes to outgoing claim types
LDAP Attribute
Outgoing Claim Type
User-Principal-Name
Name ID
E-Mail-Addresses
Email Address
Token-Groups - Qualified by Long Domain Name
Group
SAM-Account-Name
Windows account name
17. In the Edit Claim rules window, click Apply and OK.
Step 3: Enabling single sign-on

As the final step, enable single sign-on in the BigFix Inventory web user interface.
Procedure
Open the BigFix Inventory web user interface.
Go to Management > Single Sign-on Settings and click Enable.
Stop the BigFix Inventory server.
Start the BigFix Inventory server. The BigFix Inventory web user interface opens and you are
redirected to the ADFS login page.
5. Provide the user name and password and click sign-in.
1.
2.
3.
4.
Note: All user names must be fully-qualified names that contain the full domain name. For example:
[email protected].
Chapter 8. Security
355
6. On the new page, select the Display name of the BigFix Inventory server and click Go. If you
properly defined the trust rule, you are redirected to the BigFix Inventory home page.
Note: If you are not authorized to log in, check if you correctly defined outgoing claim types in the
LDAP attributes mapping or verify that the Users computer group is defined.
Reverting disabled SSO configuration for SAML

You can revert to the default SAML SSO configuration with single sign-on disabled if there are problems
with logging in to the application.
Procedure
2. In the server.xml file, delete the application-bnd element inside the application element.
<application autoStart=true location="tema.war" context-root="/" name="tema" type="war">
<classloader commonLibraryRef=tema,DatabaseLib delegation=parentLast/>
<application-bnd>
<security-role id="TemaSSOAuthenticated" name="TemaSSOAuthenticated">
<special-subject type="ALL_AUTHENTICATED_USERS" />
</security-role>
</application-bnd>
</application>
The server.xml file is in the following directory.

v Linux, UNIX: bfi_installation_dir/wlp/usr/servers/server1
v Windows: bfi_installation_dir\wlp\usr\servers\server1
3. In the server.xml file, set the value of the enabled attribute to false.
<samlWebSso20 enabled="false" ... (The remaining part is omitted for brevity)
</samlWebSso20>
4. In the web.xml file, Set the param-value to false.

<context-param>
<param-name>config.sso.enabled</param-name>
<param-value>false</param-value>
</context-param>
The web.xml file is in the following directory.

v Linux, UNIX: bfi_installation_dir/wlp/usr/servers/server1/apps/tema.war/WEB-INF
v Windows: bfi_installation_dir\wlp\usr\servers\server1\apps\tema.war\WEB-INF
5. In the web.xml file, delete the security-constraint element.
<security-constraint>
<display-name>TemaSSOAuthenticated</display-name>
<web-resource-collection>
<web-resource-name>index</web-resource-name>
<url-pattern>/</url-pattern>
<url-pattern>/session/*</url-pattern>
<url-pattern>/management/*</url-pattern>
<url-pattern>/scm/*</url-pattern>
<url-pattern>/sam/*</url-pattern>
<url-pattern>/setup/*</url-pattern>
<url-pattern>/internal/*</url-pattern>
<url-pattern>/wait_for_import</url-pattern>
<url-pattern>/import_finalizing</url-pattern>
<url-pattern>/import_status</url-pattern>
<url-pattern>/missing_computer_group</url-pattern>
<url-pattern>/account/*</url-pattern>
<url-pattern>/autocomplete/*</url-pattern>
<url-pattern>/pagestates/*</url-pattern>
<url-pattern>/reports/*</url-pattern>
<url-pattern>/test/*</url-pattern>
356
<url-pattern>/help/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>TemaSSOAuthenticated</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Note: Steps 4 and 5 do not apply to some configurations in which the presented nodes might not
exist in the web.xml file.
Option 2: Configuring single sign-on based on IBM Lightweight

Third-Party Authentication
You can configure single sign-on based on IBM Lightweight Third-Party Authentication (LTPA) with IBM
Security Access Manager for Web.
Before you begin

Back up the following files before you start configuring single sign-on:
v server.xml
Linux, UNIX systems: installation_dir/wlp/usr/servers/server1
Windows systems: installation_dir\wlp\usr\servers\server1
v web.xml
Linux, UNIX systems: installation_dir/wlp/usr/servers/server1/apps/tema.war/WEB-INF
Windows systems: installation_dir\wlp\usr\servers\server1\apps\tema.war\WEB-INF
About this task

The following scenario describes a typical workflow for configuring BigFix Inventory to work with IBM
Security Access Manager. However, you might want to use other software products for enabling single
sign-on in your infrastructure.
Procedure
1. Configure the connection to your directory server.
2. Create the users that to be authenticated with the single sign-on server. You must create at least one
user that has the Administrator role.
3.
4.
5.
6.
7.
8.
Important: Ensure that you select Single Sign-on from the Authenticated method drop-down list.
Export the LDAP server SSL certificate that is embedded in IBM Security Access Manager for Web.
Configure LTPA single sign-on in the BigFix Inventory web user interface.
Import the LTPA keys into IBM Security Access Manager for Web.
Import the BigFix Inventory server certificate into IBM Security Access Manager for Web.
Configure a Virtual Junction in IBM Security Access Manager for Web.
Enable single sign-on in BigFix Inventory.
Exporting the LDAP server SSL certificate embedded in IBM Security Access
Manager
You must export the certificate from the LDAP server that is embedded in IBM Security Access Manager
(ISAM) to be able to configure single sign-on in the BigFix Inventory web user interface.
Chapter 8. Security
357
Procedure
1. Log on to the ISAM web user interface.
2. Manage System Settings > Secure Settings > SSL Certificates.
3. Select embedded_ldap_keys, click the Manage drop-down list, and then click Edit SSL Certificate
Database.
4. Open the Personal Certificates tab. Select server, click the Manage drop-down list, and then click
Export. A pop-up window opens with the server certificate details.
5. Click OK and save the file in a directory on your computer.
Results
You exported the LDAP server SSL certificate. You can use it in the next step while you are configuring
LTPA single sign-on.
Configuring LTPA single sign-on

You can use the Single Sign-On Settings pane to configure Lightweight Third-Party Authentication (LTPA)
settings in BigFix Inventory.
Procedure
1. In the BigFix Inventory web UI, click Management > Single Sign-On Settings.
2. Select LTPA as the single sign-on method.
3. From the Directory Server drop-down list, select the LDAP server that you want to use for
authenticating users.
4. Click Browse and select your certificate file.
5. Click Save.
Importing LTPA keys into IBM Security Access Manager

You must import the LTPA keys into IBM Security Access Manager to add BigFix Inventory to the trusted
list.
Procedure
1. In the BigFix Inventory web user interface, click Management > Single Sign-On Settings.
2. Click Download LTPA keys and save the files in a directory on your computer.
358
3. Log on to the Security Access Manager web user interface.

4. Click Secure Web Settings > Global Keys > LTPA Keys.
5. Click Manage > Import
6. Click Browse and select the file to be imported.

7. Click Import.
A message about one undeployed change is displayed. The LTPA keys are displayed together with
other keys.
Chapter 8. Security
359
8. Click the link Click here to review the changes or apply them to the system.
Results
You have imported the LTPA keys into IBM Security Access Manager for Web.
What to do next
It is also advisable to rename the imported key file. To rename the file that you imported:
1. Click the Manage drop-down list and then click Rename.
2. In the pop-up window that opens, provide the new name for your LTPA keys file and click Save.
3. On the LTPA Key Files pane, click the link Click here to review the changes or apply them to the
system.
4. In the Deploy Pending Changes pop-up window, click Deploy.
Importing the BigFix Inventory server certificate into IBM Security Access Manager
Import the BigFix Inventory server certificate into IBM Security Access Manager for Web to establish
trusted server-to-server communication.
Procedure
1.
2.
3.
4.
5.
6.
360
In the BigFix Inventory web UI, click Management > Server Settings.
Click Download Certificate and save the file in a directory on your computer.
Log on to the Security Access Manager web user interface.
Click Manage System Settings > Secure Settings > SSL Certificates.
Select pdsrv and then, from the Manage drop-down list, select Edit SSL Certificate Database.
From the Manage drop-down list, select Import. A new window opens.
7. Click Browse to select the certificate file and provide the certificate label.
8. Click Import.
9. Click Close to close the Edit certificate database - pdsrv pop-up window. A message about an
undeployed change is displayed.
10. Click the link Click here to review the changes or apply them to the system.
11. In the Deploy Pending Changes pop-up window, click Deploy. A message about the successful
deployment is displayed.
What to do next
Restart the default instance of the proxy server for the changes to take effect.
1. Click Secure Web Settings and then Reverse Proxy.
2. In the navigation bar, click Restart.
Chapter 8. Security
361
Configuring a virtual junction

A virtual host junction is a mount point for specific content that is on the WebSEAL server.
Before you begin

Ensure that the HTTPS port of the reverse proxy in IBM Security Access Manager for Web is set to 9081,
which is the port number that is used by BigFix Inventory server. If the port is not set to this value, REST
API might not work. To configure this port for the proxy server:
1. In the IBM Security Access Manager user interface, click Secure Web Settings and then, under
Manage, click Reverse Proxy.
2. Select the default proxy and click Edit.
3. In the Reverse Proxy Basic Configuration - default window, on the Server tab, type 9081 as the value
of the HTTPS Port and click Save.
Procedure
1. Log on to IBM Security Access Manager.
2. In the top navigation bar, click Secure Web Settings > Manage > Reverse Proxy.
3. Select the instance and then, from the drop-down list on the right of the Reverse Proxy bar, select
Manage > Junction Management. A new pane opens.
4. From the drop-down list in the upper-left corner of the pane, click New > Virtual Junction.
362
5. On the new pane, specify the junction label, Virtual Host, Virtual Host Port, and SSL as the Junction
Type, and click Save.
Chapter 8. Security
363
6. Configure a backend server for this junction: Click the Servers tab and then click New.
7. Specify the IP address or host name of the BigFix Inventory server and click Save.
8. Click the Identity tab and select all the items under HTTP Header Identity Information.
364
9. Click the SSO and LTPA tab and select the following entries.
v Enable LTPA cookie support
v Use Version 2 Cookies
From the LTPA Keyfile drop-down list, select the file that you want to use and in the next field
provide the LTPA keyfile password.
Chapter 8. Security
365
10. Click the General tab and leave all the default configuration unchanged.
11. Click Save to save the configuration and exit the wizard.
12. Click Cancel to exit the Junction Management - default pane.
366
Enabling the LTPA single sign-on

As the final step, enable single sign-on in the BigFix Inventory web user interface.
Procedure
1.
2.
3.
4.
5.
Open the BigFix Inventory web user interface.

Go to Management > Single Sign-on Settings and click Enable.
Stop the BigFix Inventory server.
Start the BigFix Inventory server.
Access your BigFix Inventory server by using the virtual host that you created in step Configuring a
virtual junction on page 362. For example: https://virtual_host/sam.
Note: After LTPA single sign-on is enabled, you will not be able to access the BigFix Inventory web
user interface by using the URL https://host_name:9081.
6. Log in with the directory user that you created in the step Setting up users on page 97.
Reverting disabled SSO configuration for LTPA

You can revert to the default LTPA SSO configuration with single sign-on disabled if you have problems
when logging in to the application.
Chapter 8. Security
367
Procedure
2. In the web.xml file, set the param-value to false for parameter config.sso.enabled.
<context-param>
<param-name>config.sso.enabled</param-name>
<param-value>false</param-value>
</context-param>
The web.xml file is in the following directory:

v Linux, UNIX systems: bfi_installation_dir/wlp/usr/servers/server1/apps/tema.war/WEB-INF
v Windows systems: bfi_installation_dir\wlp\usr\servers\server1\apps\tema.war\WEB-INF
.
Logging out of the BigFix Inventory server

To log out of the BigFix Inventory user interface, simply clear your browser history and restart the
browser.
Procedure
1. Clear the browser history. The steps might vary depending on the web browser that you are using.
2. Restart the web browser.
Disabling the single sign-on configuration

You can disable the SSO configuration on the Single Sign-on Settings pane.
Procedure
1.
2.
3.
4.
Log on to the BigFix Inventory web user interface.

In the top navigation bar, click Management > Single Sign-On Settings.
Click Disable.
Restart the BigFix Inventory server.
a. Stop the server.
b. Start the server.
Results
You can now log in to the BigFix Inventory web user interface with the credentials that you used before
you enabled single sign-on.
Deleting the single sign-on configuration

You can delete the SSO configuration on the Single Sign-on Settings pane.
Before you begin

Important: Do not delete the single sign-on configuration while it is enabled. You must first disable the
single sign-on configuration before you delete it.
Procedure
1. Log on to the BigFix Inventory web user interface.
2. In the top navigation bar, click Management > Single Sign-On Settings.
3. Click Delete. A pop-up window appears.
368
4. Click Delete to confirm. A message is displayed with information that the configuration was
successfully deleted.
Relays
Relays lighten both upstream and downstream burdens on the server. Rather than communicating
directly with a server, clients can instead be instructed to communicate with designated relays,
considerably reducing both server load and client and server network traffic.
Relays work by:
v Relieving downstream traffic.
v Reducing upstream traffic.
v Reducing congestion on low-bandwidth connections.
v Reducing the load on the server.
Relays are an absolute requirement for any network with slow links or more than a few thousand clients.
For more information about Relays, see IBM BigFix documentation.
Chapter 8. Security
369
370
Chapter 9. Troubleshooting and support

This section explains how to find logs, messages, and trace files that you might
need to troubleshoot issues that could arise while using the product.
Troubleshooting a problem
Troubleshooting is a systematic approach to solving a problem. The goal of troubleshooting is to
determine why something does not work as expected and explain how to resolve the problem.
The first step in the troubleshooting process is to describe the problem completely. Problem descriptions
help you and the IBM Support person know where to start to find the cause of the problem. This step
includes asking yourself basic questions:
v What are the symptoms of the problem?
v Where does the problem occur?
v When does the problem occur?
v Under which conditions does the problem occur?
v Can the problem be reproduced?
The answers to these questions typically lead to a good description of the problem, and that is the best
way to start down the path of problem resolution.
What are the symptoms of the problem?

When starting to describe a problem, the most obvious question is "What is the problem?" This might
seem like a straightforward question; however, you can break it down into several more-focused
questions that create a more descriptive picture of the problem. These questions can include:
v Who, or what, is reporting the problem?
v What are the error codes and messages?
v How does the system fail? For example, is it a loop, hang, crash, performance degradation, or incorrect
result?
v What is the business impact of the problem?
Where does the problem occur?

Determining where the problem originates is not always easy, but it is one of the most important steps in
resolving a problem. Many layers of technology can exist between the reporting and failing components.
Networks, disks, and drivers are only a few of the components to consider when you are investigating
problems.
The following questions help you to focus on where the problem occurs to isolate the problem layer:
v Is the problem specific to one platform or operating system, or is it common across multiple platforms
or operating systems?
Copyright IBM Corporation 2002, 2012 IBM 2002, 2015
371
v Is the current environment and configuration supported?

Remember that if one layer reports the problem, the problem does not necessarily originate in that layer.
Part of identifying where a problem originates is understanding the environment in which it exists. Take
some time to completely describe the problem environment, including the operating system and version,
all corresponding software and versions, and hardware information. Confirm that you are running within
an environment that is a supported configuration; many problems can be traced back to incompatible
levels of software that are not intended to run together or have not been fully tested together.
When does the problem occur?

Develop a detailed timeline of events leading up to a failure, especially for those cases that are one-time
occurrences. You can most easily do this by working backward: Start at the time an error was reported
(as precisely as possible, even down to the millisecond), and work backward through the available logs
and information. Typically, you need to look only as far as the first suspicious event that you find in a
diagnostic log; however, this is not always easy to do and takes practice. Knowing when to stop looking
is especially difficult when multiple layers of technology are involved, and when each has its own
diagnostic information.
To develop a detailed timeline of events, answer these questions:
v Does the problem happen only at a certain time of day or night?
v How often does the problem happen?
v What sequence of events leads up to the time that the problem is reported?
v Does the problem happen after an environment change, such as upgrading or installing software or
hardware?
Responding to questions like this helps to provide you with a frame of reference in which to investigate
the problem.
Under which conditions does the problem occur?

Knowing which systems and applications are running at the time that a problem occurs is an important
part of troubleshooting. These questions about your environment can help you to identify the root cause
of the problem:
v Does the problem always occur when the same task is being performed?
v Does a certain sequence of events need to occur for the problem to surface?
v Do any other applications fail at the same time?
Answering these types of questions can help you explain the environment in which the problem occurs
and correlate any dependencies. Remember that just because multiple problems might have occurred
around the same time, the problems are not necessarily related.
Can the problem be reproduced?

From a troubleshooting standpoint, the ideal problem is one that can be reproduced. Typically, problems
that can be reproduced have a larger set of tools or procedures at your disposal to help you investigate.
Consequently, problems that you can reproduce are often easier to debug and solve. However, problems
that you can reproduce can have a disadvantage: If the problem is of significant business impact, you do
not want it to recur. If possible, re-create the problem in a test or development environment, which
typically offers you more flexibility and control during your investigation.
v Can the problem be re-created on a test system?
v Are multiple users or applications encountering the same type of problem?
372
v Can the problem be re-created by running a single command, a set of commands, a particular
application, or a stand-alone application?
Troubleshooting software inventory problems

Problems with software inventory might be caused by, among others, incomplete imports, connectivity
problems, or insufficient disk space.
Before you begin

The BigFix Inventory log files are in one of the following directories:
v
Windows
installation_directory\wlp\usr\servers\server1\logs\
Linux
installation_directory/wlp/usr/servers/server1/logs/
About this task

The following steps are the most typical ones that you might want to perform to troubleshoot software inventory problems:
373
1. In the BigFix Inventory web user interface, view the details page for a
computer that is missing inventory: click Reports > Computers >
Computer_name.
Start
View a computer details
page
v If only specific titles are missing, see Managing the content of a

software catalog.
v If all data is missing, go to the next step.
View raw file scan data

for a computer
v If the computer has inventory, go to another computer that is missing

inventory.
2. Access the raw scan data page to verify whether inventory data is
missing: click Reports > Scanned File Data.
View the package data

report for a computer
If there is no data, go to the BigFix console and perform steps 10, 11, 12
and 13. Otherwise, go to the next step.
3. Verify whether package data is available: Click Reports > Package Data.
If the data is still not complete, you might want to perform step 10.
Otherwise, go to the next step.
View the Home page
4. View the Software Catalog widget on the Home page to verify whether
there are titles and signatures in the catalog. In the top navigation bar,
click Home.
View the imports page
v If there are no publishers in the catalog, load a catalog.

v If there is no inventory for any computers, go to the next step.
YES Inventory data

is working.
Have the imports

completed succesfully?
NO
View the BigFix Inventory
logs
You might
want to contact
IBM software
support
(optional)
For information about how to update and maintain your software

catalog, see Working with software catalogs.
5. Verify whether imports are completing successfully: click Management >
Data Imports.
v If they completed successfully, your inventory data is probably
working. You might want to contact IBM support, so be prepared to
provide the logs.
v If the imports cannot be completed, go to the next step.
6. Access the log file data that is displayed in the BigFix Inventory user
interface: click Management > Data Imports.
If IBM support has requested the log files, you can find them in one of
the following locations:
Was there
a connectivity problem?
YES
Ensure there is
uninterrupted
connectivity
to the database
NO
Was there
insufficient disk space on the
database server?
NO
Run the import again
Verify that all analyses

are active
Windows
installation_directory\wlp\usr\servers\server1\
logs\
v
Linux
installation_directory/wlp/usr/servers/server1/
logs/
YES
Free additional
hard disk
space
7. Ensure that you have uninterrupted connectivity to the database. Restore

the connection between the BigFix Inventory server and the BigFix
database, if it was not established during the data import.
8. Ensure that there is sufficient amount of disk space for the BigFix
Inventory database, if this problem was revealed in the logs.
9. Import the data from IBM BigFix to see whether the previous steps
remedied the situation.
10. In the BigFix console, verify that all analyses are active:
a. Click Sites > External > IBM BigFix Inventory > Analyses.
b. Verify whether the analyses display in the upper right pane.
Verify that the scanner tasks

are running regularly
11. In the console, verify that all the scanners are running regularly:
a. Click Sites > External Sites > IBM BigFix Inventory > Fixlets and
Tasks.
b. In the upper right pane, click Initiate Software Scan.
Verify that the upload tasks

are running regularly
c. In the lower pane, click the Action History tab to check when the
scans were run.
12. Verify that upload tasks are running regularly:
Contact IBM software

support
a. Click Sites > External Sites > IBM BigFix Inventory > Fixlets and
Tasks.
b. In the upper right pane, click Upload Software Scan Results.
c. In the lower pane, click the Action History tab to check when the
results were last uploaded.
13. If your imports are still failing, contact IBM software support. IBM
support might request that you collect and provide diagnostic data, and
change scanner settings on selected endpoints. See Changing and
analyzing scanner trace settings and Initiating and uploading diagnostic
data.
374
Changing and analyzing scanner trace settings

You can change the scanner trace settings to collect diagnostic data to help in investigating problems.
Changing scanner trace settings

If requested by IBM support or to limit the amount of traces generated by the scanner tool, you can
change the scanner trace settings.
Before you begin

Procedure
3. Select Edit Scanner Trace Settings, specify the following values:
v Trace level
v Number of trace files
v Trace file size
In the lower pane, click Take Action.
4. To select a subset of computers on which you want to create the capacity configuration, open the
Target tab, and then click the computers.
Analyzing scanner trace settings

You can check scanner trace settings for computers, and see the number of trace files and trace file size.
Procedure
2. In the navigation tree, click Sites > External Sites > IBM BigFix Inventory > Analyses.
3. In the upper-right pane, select an Scanner Trace Settings analysis, and in the lower-right pane, click
the Result tab.
For each endpoint, you can view the following information:
v Computer host name
v Computer ID
v Trace level
v Number of trace files
v Trace file size
Initiating and uploading diagnostic data

You can collect and upload diagnostic data that is needed for software inventory problem investigation.
Initiating diagnostic data collection

If requested by IBM support, you can collect the diagnostic data that is needed for software inventory
problem investigation. To collect diagnostic data collection, you must initiate diagnostic data collection.
Before you begin

375
Procedure
1.
2.
3.
4.
Log on to the BigFix console.

Select Initiate Scanner Diagnostic Tool and in the lower pane, click Take Action.
Select a subset of computers on which you want to initiate diagnostic data collection, and click OK.
Important: When you initiate collection, the collection process runs in the background. Depending on
the number of endpoints and the data to be collected, collection can take a number of hours to
complete. When the Upload Scanner Diagnostic Data task is relevant on your endpoints, data
collection is finished successfully and collection data is uploaded to the BigFix server.
What to do next
Upload Scanner Diagnostic Data. You must wait until data collection is finished successfully before you
upload the data.
Uploading scanner diagnostic data

If requested by IBM support, you can collect the diagnostic data that is needed for software inventory
problem investigation. When diagnostic data collection is completed successfully, you must upload the
data.
Before you begin

About this task

When the Upload Scanner Diagnostic Data task is relevant on your endpoints, data collection is finished
successfully and collection data can be uploaded. You can upload data manually from each endpoint or
you can use the Upload Scanner Diagnostic Data task to upload data for all endpoints.
Procedure
Use one of the following methods to upload diagnostic data.
v Upload diagnostic data with the Upload Scanner Diagnostic Data task.
2. In the navigation tree, click Sites > External Sites > IBM BigFix Inventory > Fixlets and Tasks
3. Select Upload Scanner Diagnostic Data and in the lower pane, click Take Action.
4. Select a subset of computers you want to upload collected diagnostic data from, and click OK
When the task is completed, a ScannerDebugData diagnostic data compressed file is uploaded to the
BES_Server\UploadManagerData\BufferDir\sha1\LAST_2_DIGITS_OF_THE_COMPUTER_ID_NUMBER\
COMPUTER_ID directory. You can find the ID of a computer in the results of the Scanner trace analysis.
v Upload diagnostic data manually.
1. Log in to an endpoint on which the diagnostic data collection ended successfully.
2. Copy the compressed ScannerDebugData file to the server. The ScannerDebugData file is in the
BESClient\LMT\CIT directory.
376
Results
Data is uploaded to the IBM BigFix server.
Common problems
Learn how to solve some common problems with the server installation, configuration and
administration.
The following list contains descriptions of common installation problems:
Installation and upgrade problems

Solve common problems that are related to installation, configuration, and upgrade of BigFix Inventory.
During the installation of BigFix Inventory for non-English-language locales, some Java exceptions are
displayed in English.
Even for non-English-language locales, some Java exceptions that might occur during the
installation are displayed in English. However, the Details view that contains the exceptions also
includes more information that can help you to understand and solve the issue. If you want to
see the translated description of a problem, you can switch to the Problems view where all the
available details are provided.
Installation of the server cannot continue and an error is displayed.
Installation of the BigFix Inventory server cannot continue and the following message is
displayed:
./tools/getArch: line 108: print:
setup-server-9.0-linux-x86_64.sh:
command not found

command not found
command not found
line 52: print: command not found
The error might be caused by the fact the operating system is not fully configured. You might
also need to reboot the operating system.
During the configuration of the connection to the BigFix server, the following message is displayed:
Could not determine character set of the BES database. Are you sure the BES server is running an
agent?.
The problem occurs when the BigFix client was removed from the computer where the BigFix
server is installed. To solve the problem, manually set the
_BESClient_DeploymentEncoding_IANAName property to that of your deployment codepage.
During the configuration of the connection to a remote DB2 database, the following error is displayed:
The user specified for the communication with the database could not be found in the system.
The problem occurs when the remote DB2 database is installed on an AIX computer. It means
that the user that you want to use for connecting to the database does not exist on the LDAP
server. To solve the problem, specify a different user or create a user with the specified
credentials on the LDAP server.
The list of non-English languages in the installation wizard is reduced.
To see your language as an option in the installation wizard, change your system locale to a
chosen language:
1. On Linux, open the Terminal and run the following command:
export LC_ALL=language_code.UTF8
For example, export LC_ALL=en_US.UTF8.

2. Run the locale command to verify changes.
3. Restart the installation and choose the language.
Update of the database schema fails.
377
If you have never run the initial import on BigFix Inventory 9.0.0.1 and upgraded it to the newest
version, such upgrade might fail while updating the database schema. In such case, the
application source files are upgraded, but the database is corrupted.
To solve the problem, create a new database instance.
1. Remove the corrupted database instance.
db2 deactivate db db_name
db2 drop db db_name
2.
3.
4.
5.
Tip: The default database name is TEMADB (previously SUADB).

Go to BFI_install_dir/wlp/usr/servers/server1/config.
Remove database.yml.
Open BigFix Inventory at https://hostname:9081.
Create a new database instance.
Installation fails and a warning about lack of free disk space in a given directory is displayed.
However, there is enough free space in that directory.
To solve the problem, open the command line interface and run the following command:
v
Windows
Linux
set CHECK_DISK_SPACE=OFF
export CHECK_DISK_SPACE=OFF
Then, rerun the installation.

Despite upgrading to the latest version, the service name still shows the old version.
The display name of the service on Windows does not change after the upgrade, which is a
limitation. It does not, however, impact BigFix Inventory in any way. To update the service name,
restart your computer.
Upgrade of the server with a fixlet fails on Linux.
The problem occurs when the server was installed by a non-root user. To solve the problem,
upgrade the server in interactive or silent mode.
Installation of the IBM BigFix server with a remote SQL Server database fails.
The problem might occur while installing the IBM BigFix server on the Windows 2008 Server
operating system. When the installer attempts to connect to the remote SQL Server database, the
following message is displayed:
Computer Browser Error with Windows Authentication
To
1.
2.
3.
4.
solve the problem, enable the file and printer sharing in Windows:
Go to Control Panel > Network and Sharing Center.
Click Advanced sharing settings.
Select the Turn on file and printer sharing check box.
Click Save changes.
Server operation problems

Server operation problems in BigFix Inventory might include general issues that you might encounter
when you use the application and its functions. However, you can easily recover from these problems.
The RPM scanner fixlet fails on AIX 6.1
The scanner fails and the RPM installation package returns undefined during the software scan.
To remedy this problem, upgrade your IBM BigFix server, console, and clients to version 8.2.1175.
Version 8.0 and 8.1 BigFix Enterprise Server Clients cannot subscribe to the BigFix Inventory server.
The solution is to unsubscribe all computers from the current site or remove the site, and then
subscribe the clients back.
The software scans cannot be initiated because the Initiate Software Scans task is not applicable.
378
The software scans depend on the scanner catalogs that are used by the scanner to discover
software. The scanner catalogs are created when you upload the software catalog to BigFix
Inventory. If you cannot run the software scans, it might mean that the catalogs were not created.
Before you update the scanner catalogs manually, complete the following steps to check the cause
of this problem:
1. Go to the <BES_Client>\LMT\CIT directory.
2. Check if the catalog.bz2 file exists. The file contains the scanner catalogs.
3. Log in to the IBM BigFix console that is linked to your IBM BigFix server.
4. In the navigation bar, click Actions.
5. In the upper-right pane, locate the Catalog Download action and select it.
6. Check the details of the action. You can check on which endpoints the actions failed and
investigate the failed steps. Try to determine the cause of the problem and fix it.
If you cannot determine the cause, you can update the catalogs manually. To do that, see
Updating scanner catalogs on page 410.
A report was created correctly but it could not be sent as a PDF attachment to an email.
The PDF report could not be sent because the mail server in your company does not accept large
email attachments. To fix the problem:
1. Determine the size of large reports that are generated by BigFix Inventory: generate a sample
PDF by clicking the PDF icon in the BigFix Inventory web user interface.
2. Contact your mail server administrator and request a higher size limit for email attachments
in both the outgoing and incoming mail server configuration.
Data that is gathered by an analysis property is incorrect.
The same analysis property can exist in multiple external sites. In such a situation, the data that
is gathered by the analysis might come from any of the sites, not necessarily the intended one. If
some unexpected data is gathered by an analysis property, ensure that the analysis that you
defined comes from the correct site. In the top navigation bar of BigFix Inventory, click
Management, and then one of the properties: Usage Properties, Package Properties, UNIX
Package Properites. Click the name of the property, and in the Data Source Property list, check
whether the site is correct. The name of the site is displayed below the name of the property. If
the site is incorrect, change it.
BigFix Inventory does not start after rebooting the server.
The problem often occurs in environments where BigFix Inventory and DB2 are installed on the
same server. After rebooting the server, the DB2 instance is not started which also blocks BigFix
Inventory from starting.
To fix the problem, ensure that your DB2 instance is running and then start BigFix Inventory:
1. Log in as the DB2 instance owner and start the instance:
su db2inst1
db2start
2. Start the BigFix Inventory server:

/etc/init.d/SUAserver start
Disambiguation of the term Tivoli Endpoint Manager Analytics and the acronym TEMA.
The term Tivoli Endpoint Manager Analytics or the acronym TEMA appears in some error
messages, for example:
We're sorry, but something went wrong. Please contact your Tivoli Endpoint Manager
Analytics administrator if the problem persists.
Tivoli Endpoint Manager Analytics (TEMA) is the platform on which the BigFix Inventory server
is built. It is an internal BigFix Inventory component.
379
The TEMA administrator is the BigFix Inventory administrator. If an error message references the
TEMA administrator, contact the BigFix Inventory administrator.
Software that is deployed under a tmp directory is not discovered.
Temporary directories (tmp) contain large amounts of irrelevant data. Thus, they are not scanned
by default. However, some applications are installed under tmp directories. As a result, they are
not discovered by software scans. To solve the problem, include all tmp directories except for the
main temporary directory of the operating system into software scans. It ensures that applications
that are installed under tmp directories are correctly discovered but the main temporary directory
of the operating system is not unnecessarily scanned.
On the computer where the software is installed, go to the BESClient/LMT/CIT/ directory and
open the exclude_path.txt file. It lists all directories that are excluded from software scans.
v For UNIX operating systems
1. Remove the */tmp/* directory from the list.
2. Add the following directories and save the file.
/tmp/*
/var/tmp/*
*/usr/tmp/*
For Windows
1. Remove the */tmp/* directory from the list and save the file.
Return code 9 or 29 is displayed in the results of the Software Scan Status analysis.
The return code indicates that the scanner timed out. To solve the problem, perform the following
tasks:
v Increase the scan timeout in the Configure Scan Timeout task.
v Increase the amount of CPU that can be consumed by the scanner by increasing CPU threshold
in the Initiate Software Scan task.
v Exclude directories with backups from software scans.
v Decrease the scanner trace level in the Edit Scanner Trace Settings task.
If all other options fail, reinstall the scanner.
An error occurs while importing contracts through REST API.
When using a curl command to import contracts through REST API, the following error is
displayed:
curl: (18) transfer closed with outstanding read data remaining
To solve the problem, upgrade curl to a later version:

Windows
Upgrade to curl 7.27.0, or later.
Linux
Curl must use the NSS library 3.14, or later. Run curl --version. The version of NSS is
displayed in the output. Upgrade curl if the NSS version is earlier than 3.14.
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0

zlib/1.2.3 libidn/1.18 libssh2/1.4.2
When you make an API call, the call fails and the following message is written in the log: The
connection is closed.
The problem occurs when you make an API during the import. To solve the problem, wait until
the import finishes and ensure that the BigFix Inventory server is running. Then, repeat the API
call.
The tema.log file contains the following error: E CWWKF0002E: A bundle could not be found for
com.ibm.ws.javaee.servlet.3.0/[1.0.0,1.0.100).
The error occurs after you enable single sign-on. There are no other problems except for the
errors in the log. To solve the problem, perform the following steps:
380
1. Go to the BigFix Inventory installation directory and open the wlpstart.bat file.
v Linux: /opt/ibm/BFI/wlp/bin/wlpstart.bat
v Windows: C:\Program Files\ibm\BFI\wlp\bin\wlpstart.bat
2. Add the --clean parameter to the last line in the file.
call "%WLP_PATH%\bin\server.bat" start server1 --clean

5. Verify that the errors no longer appear in the log and remove the --clean parameter from the
wlpstart.bat file.
Database problems
Database problems are related to issues with connecting to DB2 and MSSQL Server as well as retrieving
information from these databases.
Windows SQL Server

During the import, SQL Server uses 99% of the physical memory.
To solve the problem, set the maximum amount of memory that can be used by SQL Server. For
more information, see Server Memory Options and How to: Set a Fixed Amount of Memory (SQL
Server Management Studio) in the SQL Server documentation.
The login process to SQL Server fails.
During a login process to SQL server, the following error is displayed:
Login failed for user username. The user is not associated with a trusted SQL Server connection.
(Microsoft SQL Server, Error: 18452).
The cause of this error is that SQL server is configured to use Windows Authentication mode and
does not allow the use of SQL accounts. To solve this problem, enable the SQL Server
Authentication in SQL Server. For more information, see Enabling the SQL Server Authentication
Mode.
Windows DB2
BigFix Inventory cannot connect to its database and the following error is written in the logs:
Connection refused. ERRORCODE=-4499, SQLSTATE=08001.
The problem occurs because the DB2 database is not yet activated after a restart and is thus not
accessible to BigFix Inventory. To solve the problem, run the following command after you restart
the database:
db2 activate db database_name
BigFix Inventory cannot connect to the database. The default port range is modified.
The default local port range for Linux is 32768-61000. If the default range is modified, it is
possible that the DB2 port number is allocated to another local process. If the port number is
pre-allocated, BigFix Inventory cannot connect to DB2. Complete the following steps:
v Ensure that IPv4 is being used.
v Use the netstat command to check whether DB2 is listening on the expected port, and no
other socket is pre-allocated the DB2 port.
v If DB2 is not listening on the expected port, restart DB2 and check again.
Agent problems
The Deployment Health widget provides the status of computers that do not meet one or more of the
deployment health conditions. To resolve deployment health issues, perform the steps relevant for your
particular problem. The BigFix console provides fixlets that can be run to resolve some deployment
health issues. Issues that cannot be resolved by using fixlets must be resolved manually.
381
Disconnected: The computer has not connected to the server for the last 72 hours
These computers did not connect to the server for the last three days. You must check whether
each computer listed in the report is up and running or why it is not connected to your network.
Outdated version: The agent that is installed on the computer is not up-to-date
Update the computers with outdated agent versions to a more recent version. The BigFix console
provides fixlets that can be executed to update the affected computers. To update an agent:
2. Click Sites > External sites > BES Support > Fixlets and Tasks. The update fixlets displayed
in the upper right pane are specific to the operating system on the client computers.
Tip: The fixlet for upgrading the agent to the highest version available has the following
format: Updated operating_system Client - IBM BigFix version version_number Now
Available!. The remaining update fixlets have the postfix (Superseded).
3. In the upper right pane, select the agent version to which you want to update an agent and
click Take Action.
4. In the lower right pane of the window that opens, select the computers whose agent you
want to update and click OK.
Low disk space: The drive on which the agent is installed has less than 100 MB of free disk space
Computers with low disk space have less than 100 MB of free space available. To identify the
affected computers:
2. Click Sites > External sites > BES Support > Fixlets and Tasks.
3. In the upper right pane, click BES Client Computer is Low on Free Disk Space. The list of
computers is displayed.
4. Free up disk space on each affected computer.
Out of sync: The time that is set on the computer differs by at least an hour from the time that is set
on the server
Out of sync computers have incorrect system clock times. To update the clocks on affected
computers:
2. Click Sites > External sites > BES Support > Fixlets and Tasks.
3. In the upper right pane, select BES Clients Have Incorrect Clock Time and click Take Action.
4. In the lower right pane of the window that opens, select the computers whose clocks you
want to synchronize and click OK.
Missing prerequisites: Scanner prerequisites are not installed on the computer
Linux computers with missing prerequisites do not have the correct C++ runtime library versions
installed.
2. Click Sites > External sites > IBM BigFix Inventory > Analyses.
3. In the upper right pane, select the Scanner Information analysis and then click Results to see
which computers are missing the correct C++ runtime library.
4. Install the C++ runtime libraries manually on each computer that is returned by this analysis.
The required versions of the /usr/lib/libstdc++.* or /usr/lib64/libstdc++.* libraries are 5
or 6.
If the scanner is still experiencing problems, ensure the endpoints have the correct version of the
bzip2 archiver installed.
2. Click Sites > External sites > IBM BigFix Inventory > Analyses.
382
3. In the upper right pane, select the Software Scan Status analysis and then click Results to see
which computers return the Invalid archiver status.
4. Copy the correct version of the bzip2 archiver manually to each computer that is returned by
this analysis, to the /LMT/CIT/custom folder. Name the file:
v
Windows
UNIX
bzip2.exe
bzip2
The correct version of the bzip2 archiver for your operating system can be obtained from your
operating system vendor. It can also be compiled on the endpoint with resources from bzip.
Scan problems
The most common problems with software scans are reported on the Scan Health widget. Refer to this
topic to learn how to solve problems that are reported on the widget as well as for solutions to other
scan-related problems.
Scan Health widget

The Scan Health widget shows the health of scans that are running in your infrastructure. You can drill
down to reports for specific computers with scan problems. By sorting the columns of a report, you can
quickly understand which computers are failing which specific software scan types.
Failed Scan: At least one type of software scan (catalog-based, file system, package data, or software
tags) did not complete successfully.
This problem might occur because the computer is out of space, is misconfigured, or the scan was
stopped.
Missing Software Scan: The last attempt to initiate at least one type of software scan (catalog-based,
file system, package data, or software tags) was more than 30 days ago.
This problem might occur because the computer is out of space, is misconfigured, or the scan was
stopped.
Outdated Catalog: The version of the catalog on the agent is older than the version that is available on
the server.
An outdated catalog can cause inaccurate scan results or scan failures. Upload the latest catalog
to the agent. For more information, see the topic Updating scanner catalogs in the Configuration
Guide.
Missing Scan Results: Results of the catalog-based scan or file system scan were not uploaded to the
BigFix server.
This problem might occur because the computer or a relay is offline, there is a network outage, or
the last scan attempt was more than 30 days ago. Check whether each computer listed in the
report is running and that the scan results are uploaded to the server on a regular basis. You can
check the time of last scan attempt for all types of the software scan in the Software Scan Status
analysis.
Unscanned Shared Disks: A remote shared disk is not scanned by the agent.
License usage for IBM software that is installed on an unscanned shared disk might be
under-reported. To solve the problem, enable scans of remote shared disks. For more information,
see the topics Activating the analyses and Initiating software scans in the Configuration Guide.
Other scan problems

In the Software Scan Status analysis, the status of a software scan is Failed and the value in the Is
archive file size exceeded column is True.
The problem occurs when the scan file is larger than the maximum archive file size that can be
sent by the BigFix client. To solve the problem, perform the following steps:
383
1. Check the BigFix client log for information about the size of the file that exceeded the limit.
By default, the log is in the following location.
Windows
C:\Program Files (x86)\BigFix Enterprise\BESClient\__BESData\__Global
\Logs
/var/opt/BESClient/__BESData/__Global/Logs
3. In the left navigation, click Computers, right-click the computer on which the scan failed, and
then click Edit Computer Settings.
4. Increase the value of the _BESClient_ArchiveManager_MaxArchiveSize parameter.
Linux
New software titles were added to the catalog, a data import was run but the software is not visible in
the BigFix Inventory web user interface.
One of the reasons for the missing software titles in the BigFix Inventory UI is that non-standard
file types were used as software signatures. If you added a rule with non-standard file extensions,
you must either wait until all the steps in the catalog data flow complete or perform those steps
yourself. To have accurate inventory data:
1. Run a data import to propagate the catalog to the endpoints.
2. Verify that the catalog was propagated successfully.
3. Run a software scan.
4. Upload the scan data to the BigFix Inventory server.
5. Run another data import.
Data import problems

Data import problems are related to situations in which the data import fails or the data that is displayed
in reports is inconsistent as a result of a failed import.
During the initial import, the following error is written in the logs: Error was getaddrinfo: name or
service not known (SocketError).
During the initial import, the following error is written in the logs:
ERROR: Datasource file citsearch_0_4580013_cit.xml.bz2 raised an exception
while reading from {:port=>"52311", :path=>"/UploadReplication",
:query=>{:BaseDirectory=>1,
:Name=>"\\13\\4580013\\citsearch_0_4580013_cit.xml.bz2",
:sha1=>"5B0FE15F7E097171566F0AC3B9BE93826FDC0D41", :offset=>0}}.
Error was getaddrinfo: name or service not known (SocketError)
The problem might be caused by incorrect DNS name settings. To solve the problem, ensure that
BigFix Inventory can ping the IBM BigFix server by using the DNS name that is specified in the
fixlet site. To find the DNS name, on the computer where the IBM BigFix server is installed, go to
the C:\Program Files (x86)\BigFix Enterprise\BES Installers\Server, and find the
ActionSite.afxm file. If BigFix Inventory cannot ping the IBM BigFix server by using this DNS
name, add the name to the etc\hosts file on the BigFix Inventory server.
The import fails. After you rerun the import, the software inventory is empty.
One of the scenarios in which the problem occurs is when you run an import and the BigFix
server is not running. After you restart the server and rerun the import, the software inventory is
empty. To solve the problem, manually initiate the scanner. Gather fresh scan data, and run the
import.
The import fails because the transaction log is full.
After a failed import, the import log contains the following error:
Batch failure. The batch was submitted, but at least one exception
occurred on an individual member of the batch. Use getNextException()
to retrieve the exceptions for specific batched elements.
ERRORCODE=-4229,
384
Also, the following error can be found in the tema.log file:

Batch execution error: Error for batch element #903:
The transaction log for the database is full.
To solve the problem, complete the following steps:

1. Increase the size of the transaction log for the database. For more information, see the Tuning
section.
2. Restart the DB2 and BigFix Inventory servers.
The import fails because the Java heap size is too low.
After a failed import, the import log contains the following error:
E SRVE0777E: Exception thrown by application class
java.lang.StringBuilder.ensureCapacityImpl:342
java.lang.OutOfMemoryError: Java heap space
To solve the problem, increase the Java heap size. For more information, see the Tuning section.
The import fails and the following message is written in the logs: Overflow occurred during numeric
data type conversion.
The problem occurs when you create a contract custom field that requires an integer value, and
then enter a value that is greater than 32767. To solve the problem, enter a smaller value.
The import fails and the following message is written in the logs: The SQL statement or command
failed because of a database system error. (Reason "optBitFilterSize less than min".).
SQLCODE=-901, SQLSTATE=58004, DRIVER=4.14.111.
To solve the problem, create a script that reorganizes internal database tables and keeps statistics
up-to-date, and run it against the BigFix Inventory database.
1. Create the reorg.sh script.
$ cat reorg.sh
#!/bin/ksh
db2 -x "select reorg table,substr(rtrim(tabschema)||.||rtrim(tabname),1,50),
allow no access;from syscat.tables where type = T and tabschema not in
(NULLID,SYSCAT,SYSFUN,SYSIBM,SYSPROC,SYSSTAT) order by tabschema,tabname
" > reorgs.sql
db2 -tvf reorgs.sql
db2 terminate
db2 -x "select runstats on table,substr(rtrim(tabschema)||.||rtrim(tabname),1,50),
and indexes all;from syscat.tables where type = T and tabschema not in
(NULLID,SYSCAT,SYSFUN,SYSIBM,SYSPROC,SYSSTAT) order by tabschema,tabname
" > runstats.sql
db2 -tvf runstats.sql
db2 terminate
2. Log in as a database instance owner to the computer where the DB2 is installed and run the
script.
The import fails and the following message is written in the logs: INFO: ETL from Data Source
data_source_name - RawDatasourceFixletResult: Failed
The problem occurs because there is not enough disk space on the computer where the BigFix
Inventory database is installed. To solve the problem, free some disk space.
The import fails and the following message is written in the logs: Snapshot isolation transaction
failed accessing database 'TEMADB' because snapshot isolation is not allowed in this database.
Use ALTER DATABASE to allow snapshot isolation.
To solve the problem, enable snapshot isolation in the MS SQL Server. For more information, see
the Microsoft SQL Server documentation.
The import fails after you change the host name of the BigFix Inventory server.
Changing the host name of the BigFix Inventory server is not supported. When the application
385
cannot recognize the original host name, the ETL step of a data import is failing and you cannot
gather and process data from your endpoints. A new host name requires a new installation of
BigFix Inventory.
The host name also cannot be changed for the IBM BigFix server. In this case, the host name of
the server is recorded into your license certificate during the installation. To change it, you must
create a new license certificate that requires a new installation.
A successful software scan is run but there are no changes to the data after the data import to the
BigFix Inventory server.
Check the maximum archive file size to ensure that it is greater than the scan file size.
1. Log on to the IBM BigFix console.
2. In the left navigation, click Computers, right-click the name of the appropriate computer and
then click Edit Computer Settings.
3. Check the _BESClient_ArchiveManager_MaxArchiveSize setting is greater than the size of the
largest scan file. If needed, edit the value to increase the maximum archive size.
Verify that there are no software scan errors.
1. In the IBM BigFix console navigation, click Sites > External Sites > IBM BigFix Inventory >
Analyses.
2. Select the Software Scan Status analysis.
3. In the lower pane, click the Results tab, and verify that the status of the software scan is OK
for the computers.
Some of the products are not discovered.
If you optimized the volume of scanned file data, either during the post-upgrade configuration or
manually, you must run an import for the changes to take effect. After the import, some software
items might not be visible on the reports. It is an expected behavior. To ensure that the software
inventory is properly reported, perform the following steps.
1. Ensure that the catalog that is uploaded to BigFix Inventory is in the canonical format. If the
catalog is in the native format, upload a new catalog. If the catalog is in canonical format but
a new version is available, upload the new catalog. To check the format of the uploaded
catalog, click Management > Catalog Upload and check the Catalog Format column.
2. Stop the current scan.
a. Log in to the BigFix console and in the left navigation tree, click Actions.
3. Initiate a new software scan. Wait for the scan to finish.
4. Wait for the scheduled import or run it manually.
Files with a particular extension are not reported on the Scanned File Data report.
The problem might occur if you optimized the volume of scanned file data and removed the
extension from the list of monitored extensions. To solve the problem, follow the steps that are
described in the topic Optimizing the volume of scanned file data on page 133. Add the file
extension that you want to monitor to the following three files: file_names_all.txt,
file_names_unix.txt, and file_names_windows.txt. They are located in the BFI_install_dir\wlp\
usr\servers\server1\apps\tema.war\WEB-INF\domains\sam\config directory.
After a failed import of scan data, the data that is displayed in reports is inconsistent
If there are inconsistencies in the data, and the last data import failed, the data inconsistencies
might be the result of the import failure. To solve the problem, run the import again.
The data import log cannot be viewed in the user interface.
The problem might occur if you enabled debug logging for the import process. Debug
information significantly increases the size of the import log file and it might happen that the log
386
file cannot be displayed in the user interface. This problem impacts Internet Explorer and can be
solved by accessing the user interface from a different browser. If that does not solve the
problem, consider the following solutions:
v Instead of viewing the log file in the user interface, open it as a file. The log file is in one of the
following directories:
Linux
installation_directory/wlp/usr/servers/server1/logs/imports
installation_directory\wlp\usr\servers\server1\logs\imports
To avoid problems in the user interface, move the log file to a different location so that BigFix
Inventory does not load it into the user interface.
v Disable debug logging to limit the amount of information saved in the log file. Debug logging
can be disabled by setting the DTEMA_LOG_DEBUG property to 0.
Windows
Software is properly discovered by the scan but is not reported in BigFix Inventory after the import.
The problem occurs on BigFix 9.0 installed on Linux. If the value of the sequence changed in the
BigFix database and is higher than the sequence that was imported, scan results are not imported
during a particular import. To solve the problem, wait for the next scheduled import or run it
manually.
Catalog problems
Catalog problems are related to the inability to download a new catalog or upload it to BigFix Inventory
or Software Knowledge Base Toolkit.
When you migrate signatures with a specified platform from Software Knowledge Base Toolkit to
BigFix Inventory, the platform is changed to any.
After you create a signature from registry data with a specified platform in Software Knowledge
Base Toolkit and migrate it to BigFix Inventory, the platform is changed to any. There is no
solution for this problem.
The software catalog cannot be downloaded because the Software Catalog Update task is not
applicable.
When you install BigFix Inventory, the target computer sends information about the new software
to the BigFix server. Then, the BigFix server verifies that the computer is linked to this server. If it
is, the server marks it with the custom setting SUA_Server_Path_[user_ID]. If the setting is set to
the BigFix Inventory installation path, the task is applicable.
If the setting is not specified for a particular computer, the Software Catalog Update task might
not be applicable. If you are sure that BigFix Inventory is installed on this computer, specify the
setting manually.
1. Log in to the BigFix console that is linked to your BigFix server.
2. In the navigation bar, click Computers.
3. In the right-upper pane, right-click the computer on which you installed BigFix Inventory, and
click Edit Computer Settings.
4. To add a setting, click Add.
5. In the Setting Name, type SUA_Server_Path_[user_ID].
Note: [user_ID] is the ID of a Linux user who installed BigFix Inventory.
6. In the Setting Value, specify the BigFix Inventory installation path.
7. Click OK.
If the SUA_Server_Path_[user_ID] setting is set properly and the problem persists, ensure that the
following conditions are fulfilled:
v The BigFix Inventory server is installed on a computer with a single static IP.
387
v The computer on which the BigFix Inventory server is installed can decompress the
downloaded catalog file.
v A manually downloaded catalog is not in the /opt/ibm/BFI/bfi_catalog directory.
v The BigFix server can connect to the BigFix Inventory server by using port 9081.
v The BigFix Inventory server can connect to the BigFix server by using port 52311.
v The BigFix Inventory server has an entry for the BigFix server in the etc/hosts file.
v The BigFix server has an entry for the BigFix Inventory server in the etc/hosts file.
v The user that you provided when you configured the connection to the BigFix server has the
right permissions to run the fixlet. For more information, see the topic Operators permissions
in the BigFix documentation.
When you upload a software catalog file, the following error is displayed: Upload failed. The
uploaded file does not appear to be a valid catalog. On inspection, file appears truncated.
If there is a delay when initially downloading the catalog file from the server, then the
downloaded file might be truncated. For example, if more than 30 seconds is taken to rename
and save the file. This problem depends on how your browser handles the downloading of large
files. To solve this problem, accept and save the file within a short time period or use a different
browser.
When you upload a charge unit file, the following message is displayed: Upload failed. The uploaded
charge unit data must be a newer version than the current one.
Normally, if you use Software Knowledge Base Toolkit for software catalog management, you
must manually modify the version number of the file with charge unit data so that it matches the
version number of the software catalog. The problem occurs when you upload the software
catalog from Software Knowledge Base Toolkit and then upload the charge unit file without
modifying its version number. Then, when you try to upload the charge unit file with the
modified version number, the error message is displayed. The version of the uploaded file is
older than the version that is already imported to BigFix Inventory.
To solve the problem, keep uploading new charge unit files to BigFix Inventory without
modifying their version numbers. As a result, version numbers of the software catalog and the
charge unit file do not match but the problem with uploading the charge unit file does not occur.
Backups of software directories are reported as separate products.
If you store backups of software directories on your endpoints, they might be reported as
separate software instances resulting in false discoveries and incorrect license consumption. To
avoid this problem, either exclude the backups from scanning or compress them with a data
compressor, such as zip or rar.
Some products are not imported from Software Knowledge Base Toolkit to BigFix Inventory.
Software Knowledge Base Toolkit has two data sets. The data that is provided by IBM is stored in
the IBM KB Identity data set, and the data that you create is stored in your custom data set. The
problem occurs, if IBM products use some data from your custom data set, for example your
custom publishers. BigFix Inventory cannot recognize such products, because the IBM data set is
loaded first, which means that at the time of loading, data from your custom data set is not
available. The products are not imported, and the import log shows the following message:
Release not found, skip creation of component for STR with guid #guid.
To solve the problem, you can move your data to the IBM data set, and disable the custom one.
Important: Your custom content will no longer be in a separate data set, but you will be able to
distinguish it based on a separate definition source.
1. Connect to the Software Knowledge Base Toolkit database, and move all data to a single data
set.
update KB.KBDEFINITION set KBIDENTITY_OID=(select OID from KB.KBIDENTITY
where LABEL=IBM) where KBIDENTITY_OID!=(select OID from KB.KBIDENTITY
where LABEL=IBM)
388
2. Retrieve information about your data source.

select NAME, ORGANIZATION from KB.DEFINITIONSOURCE where OID > 1000;
3. Go to /opt/IBM/SoftwareKnowledgeBaseToolkit/KBCMS/systemApps/isclite.ear/SwKBT.war/
WEB-INF/.
4. Edit the first.run.properties file, and enter information that you retrieved about your
definition source.
KB_IDENTITY_NAME=IBM
custom.definition.source.name=NAME
custom.definition.source.organization=ORGANIZATION
5. Restart Software Knowledge Base Toolkit.

After completing those steps, Software Knowledge Base Toolkit uses one data set to store all the
data. You can rerun the import in BigFix Inventory to import the missing products.
A duplicated software component is created during a second import of catalog customizations
If you import a custom catalog definition that contains unique IDs to another BigFix Inventory
instance, then modify a publisher or vendor in the signature xml file and import it again, the
second import will create a new software component in the hierarchy. The signature definition
will be removed from the original hierarchy.
This behavior is caused by using the same signature uniqueId. When the custom catalog
definition XML file reuses a signature uniqueId that exists in the database, the signature is
updated to reflect the new software component. To correct the data in the catalog, delete the first
catalog entry and ensure that the new entry contains the needed data or reimport the new catalog
with a different unique signature ID.
User interface problems

User interface problems in BigFix Inventory are mostly related to information that is incorrectly displayed
in the application or to errors that arise in the non-English-language versions of the software. However,
you can easily recover from these problems.
After restarting the computer, the BigFix Inventory user interface cannot be launched.
When you restart the computer on which you have BigFix Inventory installed, you must start the
DB2 database before starting the application. Otherwise, you will not be able to log in to BigFix
Inventory.
If you restart your computer, complete the following steps before starting the application:
1. Switch to the DB2 instance owner:
su - db2inst1
2. Start the database:

db2start
3. Restart BigFix Inventory:

/etc/init.d/BFIserver restart
On a low-resolution monitor, the user interface is not displayed correctly.

The minimal supported screen resolution is 1024x768 pixels.
On the Catalog Audit report, the values are displayed in an incorrect time zone.
Values that are related to dates and time are based on the time zone that is set in your operating
system. However, the daylight saving time is not taken into consideration. Thus, values are set to
an incorrect time zone.
When you leave a page while modifying data, there is no warning that the data will be lost.
When you modify data, for example, in one of the panels from the Catalog Customization menu,
the data will be lost if you change the view or close the page. No warning is displayed. Ensure
that you save all data before navigating to another view.
389
Text in reports cannot be selected when using Internet Explorer.

When trying to copy the content of the tables in reports, the text cannot be selected and copied
when using the Internet Explorer browser. To solve this issue, use a different browser.
The user interface of BigFix Inventory is not displayed correctly in Internet Explorer
The problem occurs on Internet Explorer version 8. To solve the problem, use Internet Explorer
version 9 or higher.
The Import is now running message is not refreshed even after the import is complete.
The page with the Import is now running message is not refreshed and the message is still
displayed even when the import is complete. To solve this issue, you can hover over the Reports
menu and check the percentage status of the import on the bottom of the drop-down list. You can
also refresh the page manually.
The PDF reports open in the same browser tab as BigFix Inventory.
The generated PDF reports open in the same tab as BigFix Inventory. Because of this issue, you
might be forced to stop any activity in the application until the PDF opens. To solve the issue,
change the settings in your browser.
The PDF reports that are downloaded by using Firefox are corrupted.
Although the PDF reports are correctly displayed in the browser, the downloaded file is
corrupted. The problem occurs in Firefox. To solve the issue, use a different browser.
The Software Installations report cannot be exported to PDF when all columns are selected. The
problem occurs in Internet Explorer.
The problem occurs because the maximum length of the URL in Internet Explorer is limited to
2083 characters. The URL of the Software Installations report with all columns selected exceeds
the maximum length and the PDF cannot be generated. To solve the problem, use a supported
version of Firefox or Chrome.
Autocomplete suggests irrelevant results.
In some cases, autocomplete might suggest irrelevant results. For example, when you type IBM as
a publisher and then start typing the software product, autocomplete will list all possible
software products instead of only those that belong to IBM.
Paths for Korean and Japanese locales contain incorrect delimiter.
Paths for Korean and Japanese locales use a backslash (\) as a delimiter, instead of won () or
yen ().
There is a missing space before the colon (:) for French locale.
When a colon is used in text, there is a missing space before it although it is required in French
language.
The string on the Browse button on the Catalog Upload panel is not displayed in languages other than
English.
This error is caused by the web browser internal configuration and does not depend on BigFix
Inventory.
Some Chinese characters are not displayed correctly.
To solve the problem, install the TrueType font for Simplified Chinese:
1. Obtain the ttfonts-zh_CN package in version 2.12-6 or higher.
2. Install the package by running the following command:
rpm -ivh ttfonts-zh_CN-2.12-6.noarch.rpm --nodeps
The new font was installed in the /usr/share/fonts/zh_CN/TrueType directory. The characters
should now be displayed correctly.
Messages are displayed in multiple languages.
The language in which some of some messages are displayed depends on the settings of the
BigFix Inventory server. To change the language settings on the server:
390
1. Open the jvm.options file that is in the installation_directory/wlp/usr/servers/server1/

directory.
2. Add the following lines to the file and specify the language to be used.
-Duser.country=country
-Duser.language=language
For example:
-Duser.country=US
-Duser.language=en

After exporting the catalog in Internet Explorer, the Catalog Upload page remains busy.
When you go to Management > Catalog Upload and click the Export button, the catalog is
successfully exported but the cursor remains busy and the button itself inactive.
To solve this problem and make the button active again, refresh the page or go to a different
section of BigFix Inventory and then return to Catalog Upload.
Disambiguation of the term IBM BigFix Analytics (previously Tivoli Endpoint Manager Analytics) and
the acronym TEMA.
The term IBM BigFix Analytics (previously Tivoli Endpoint Manager Analytics) or the acronym
TEMA appears in some error messages, for example:
We're sorry, but something went wrong. Please contact your IBM BigFix Analytics
administrator if the problem persists.
IBM BigFix Analytics (TEMA) is the platform on which the BigFix Inventory server is built. It is
an internal BigFix Inventory component.
The TEMA administrator is the BigFix Inventory administrator. If an error message references the
TEMA administrator, contact the BigFix Inventory administrator.
Migrated to SUA9 report column is blank.
When you migrate Software Use Analysis 2.2 endpoints to 9.2.1, the Migrated to SUA9 column in
your software inventory and computer reports is blank. Check whether the SUA 2.2 Endpoint
Migration analysis is activated.
1. In the IBM BigFix console navigation tree, click Sites > External Sites > IBM BigFix
Inventory and click Analyses.
2. Select the SUA 2.2 Endpoint Migration analysis, right-click on it, and then select Activate.
Unable to log in with users from Microsoft Active Directory
If you are having problems with your Active Directory users, append the user name with a
domain, for example [email protected]. Adding a domain is required starting from BigFix
Inventory 9.2.0.2, but it also concerns Active Directory servers that were configured in previous
versions. See the following cases for more information about how this change might impact your
existing users.
Active Directory with Global Catalog
v If you added users through User Provisioning in BigFix Inventory, new users are
created whenever you log in with a user name and a domain. You can delete all Active
Directory users that have only the user name specified because you will not be able to
log in with those users.
v If you added users manually in BigFix Inventory, you must create them again, this time
also specifying the domain. You can delete all Active Directory users that have only the
user name specified because you will not be able to log in with those users.
391
Active Directory without Global Catalog
If you did not use the Global Catalog, you must have specified a domain in the Search
Base field. This domain is automatically added to all users in BigFix Inventory and no
action is required from you.
Security problems
Security problems in BigFix Inventory might include issues with logging in to the application or those
related to the security of your credentials. However, you can easily recover from these problems.
Login credentials and the authenticity token are stored as plain text in the HTTP packet.
After logging in, the login form that contains the credentials is sent as plain text in the HTTP
packet. You can solve this issue by configuring SSL.
When creating a new user, autocomplete is enabled for the password field.
When creating a new user, the password field might be filled by autocomplete based on the
password that is stored in the browser.
The server is not working properly after certificates are modified.
If the server is not working properly after certificates are modified and the server is restarted,
then delete the keystore file key_server.jceks and restart the server. The keystore file is
regenerated with a self-signed certificate. You can investigate the problem in the tema.log file.
Difficulty establishing a connection with HTTPS.
If you have difficulty when establishing a connection with HTTPS and you are using SSL, check
that your browser supports TLS 1.2 and that it is enabled.
Hardware inventory problems

Find the solution to the issues that you have encountered while working with virtual machine managers
and hardware inventory.
Error message CODVM0005E is displayed when attempting to connect to the VM manager over SSL.
When trying to connect to the VM manager over SSL, an error message is displayed: CODVM0005E
An error occurred when attempting to connect to the VM manager at the following address:
hostName. To solve the problem, complete the following steps:
1. Go to https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=jcesdk.
2. Provide your IBM ID and password and click Sign in. You might need to register with IBM to
download the files.
3. Select Unrestricted SDK JCE Policy files for Java 5.0 SR16, Java 6 SR13, Java 7 SR4 and
later versions and then click Continue.
4. View the license agreement, select I Agree, and then click I confirm.
5. Click Download Now.
6. Extract the files and copy them to the following directory:
<BES_Client>/LMT/VMMAN/java/jre/security

Server is running, but an exception in traces appears. The exception is related to the connection with
the specified ESX with the following message: javax.net.ssl.SSLException: Unrecognized SSL
message, plaintext connection?
1. Add the following lines to file /etc/vmware/hostd/config.xml:
392
..
<ssl>
<doVersionCheck> false </doVersionCheck>
<handshakeTimeoutMs>30000</handshakeTimeoutMs>
</ssl>
<http>
<readTimeoutMs>45000</readTimeoutMs>
<writeTimeoutMs>45000</writeTimeoutMs>
<blacklistPeriodMs>3000</blacklistPeriodMs>
</http>
<vmdb>
...
2. Restart the hostd service using service mgmt-vmare restart.

3. Verify that the exception does not occur.
Server is running, but an org.xml.sax.SAXParseException exception in traces appears. The exception is
related to the connection with the specified ESX.
Make sure that you have the latest patches to your problematic ESX server installed.
Upgrade of vCenter server from v5.0 to v5.1 causing server connection failure.
The following message is displayed CODVM0003E The VM manager denied access because of
invalid credentials. To solve this issue, perform the following steps:
1. In vCenter, stop all sessions under a user name that is defined as a user credential in VM
manager for specific vCenter.
2. Remove this user name.
3. From vCenter, add the user name back with read-only or propagation authorities.
4. Redefine the VM manager entry for this specific vCenter using the same user name credential.
Specification of the domain for the User Name for VM Managers is inconsistent.
Different definitions of users are used for Microsoft Hyper-V and VMware:
[email protected].
Changes to the VM managers are not updated on the IBM BigFix server.
Changes to the VM managers are not updated on the IBM BigFix server and the following error
message is displayed in the VM Managers panel: The last modification of VM managers was
not processed correctly on the IBM BigFix server. The data is not synchronized with the
VM Manager Tool.
To solve the problem, make sure that the VM Manager Tool is installed. You can also check the
history of the Configure VM Manager Tool action in the IBM BigFix console to investigate the
failed step. Additional information can also be found in the IBM BigFix console log files that are
in one of the following directories:
v
Windows
Linux
C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\__Global\Logs

/var/opt/BES Client/__BESData/__Global/Logs
The connection test does not finish.

See the solution for: Data from VM managers is not updated on the IBM BigFix server.
Data from VM managers is not updated on the IBM BigFix server.
If you run a connection test for a VM manager and it does not finish, it might indicate a problem
with the IBM BigFix client that is installed on the IBM BigFix server. If the client is stopped,
actions that you perform in BigFix Inventory are sent to the IBM BigFix server but the status is
marked as Not reported. To determine further actions, investigate the IBM BigFix client that is
installed on the IBM BigFix server.
393
For the same reason, data from VM managers might not be uploaded to the IBM BigFix server.
Check the value in the Last Successful Operation column to verify if the data was recently sent to
the server.
Actions that are performed in the VM Managers panel, such as testing the connection or adding a new
VM manager, fail.
If actions that you perform in the VM Managers panel fail, you can log in to the IBM BigFix
console that is linked to your primary data source and check the history of recent actions, such as
Configure VM Manager Tool or VM Manager Tool - connection test. By doing so, you can
investigate details of the failed step and determine the solution. If you are not sure which data
source to connect to, log in to BigFix Inventory and click Management > Data Sources.
To
1.
2.
3.
4.
5.
check the history of recent actions, complete the following steps:

Log in to the IBM BigFix console that is linked to your primary data source.
In the navigation tree, click Computers.
In the upper-right pane, select the computer that is defined as your primary data source.
In the lower-right pane, click the Action History tab.
Double-click on one of the recent actions that failed:
v If the connection test was unsuccessful, check the VM Manager Tool - connection test
action.
v If modification of VM managers failed, check the Configure VM Manager Tool action.
6. In the new window, click the Computers tab.
7. Double-click on the action.
8. Locate the failed step and check the details.
The VM Managers panel is blocked or contains error messages.
The VM Managers panel is either blocked completely, with no possibility of performing any
actions, or it contains one of the error messages that instruct you to install the VM Manager Tool
or the IBM BigFix services.
To solve the problem, complete the following steps:
v Ensure that the IBM BigFix server and client are installed on the target endpoint.
v Install and start Web Reports on the IBM BigFix server. For more information, see: Installing
the Web Reports.
v Subscribe the IBM BigFix server to the IBM BigFix Inventory site.
v Make sure that the content of the IBM BigFix Inventory site is up-to-date. If your computer
does not have access to the Internet, see: Downloading files in an air-gapped environment.
v Subscribe the target endpoint to the IBM BigFix Inventory site.
v Make sure that the VM Manager Tool is installed. For more information, see: Installing the VM
Manager Tool.
CPU frequency that is displayed on the Hardware Inventory report equals zero
CPU frequency is an additional parameter. It is retrieved only from computers that are not
managed by VM managers or from virtual machines that are not in the OK status. CPU frequency
values do not influence PVU calculations.
The Hardware Inventory report in BigFix Inventory displays no scan data after capacity scans were
run on VMware guest operating systems.
The import log contains multiple occurrences of the following errors.
Some error occured during importing the capacity scan from file :
capacity_scan_file_name.xml for endpoint : endpoint_number.
getNodeInfo Error: VMWare VirtualMachine UUID (06XZXA0) do not match with
the UUID pattern!
394
In the scan files uploaded by the clients, the UUID tag contains the hosts serial number instead of
the virtual machine UUID. Example:
<VirtualMachineGuest version="1">
<UUID>06CZFCV</UUID>
<HypervisorType>VMware</HypervisorType>
</VirtualMachineGuest>
BigFix Inventory requires unique virtual machine UUID numbers to properly calculate the
capacity for all virtual machines. This error might be caused by the host serial number appearing
in the place where virtual machine UUID is normally recorded. If you install an operating system
with so called Reseller Option Kit (ROK) media, some data might be obtained from the server
BIOS, instead of from the virtual machine.
To enable the correct retrieval of UUID data from operating systems installed with the ROK
media, edit the virtual machine's .vmx file and set the reflectHost parameter to true. Example:
SMBIOS.reflectHost = "true"
Migration problems
This topic applies to migration from Tivoli Asset Discovery for Distributed or License Metric Tool 7.2.2 or
7.5. It lists error messages that you can encounter while migrating, and provides explanations for each of
them. Search this topic to find the solution for each error or refer to the migration.log file for more
details.
Log files
Additional information about each problem is saved in the migration.log file that is in the main
directory of the migration tool.
Error messages
CODIF8161E The resource cannot be accessed because the import is in progress. This process might
last for some time, depending on the server hardware capacity.
Import of data must be disabled during the migration.
Solution:
1. Log in to BigFix Inventory and open the Data Imports panel.
2. To disable the import, clear the Enabled check box, and click Save.
3. Restart the migration.
CTJSM0004E Cannot read the keystore file. The migration tool files might be corrupted.
This error is also displayed in the following error messages: CTJSM0005E, CTJSM0006E,
CTJSM0007E, CTJSM0009E, CTJSM00010E, CTJSM00051E.
The keystore file that is required by the migration tool might be corrupted. You must reinstall the
migration tool to repair the files.
Solution: To reinstall the migration tool, you must reinstall the whole BigFix Inventory server.
CTJSM0011E The registry service was not initiated. The migration tool cannot work properly.
The registry service that is required to run the migration cannot be initiated because the files are
corrupted.
Solution:
2. If the problem persists, reinstall the BigFix Inventory server to repair the migration tool files.
395
CTJSM0012E An error occurred while copying the migration.properties file. Ensure the migration tool
has write permission and restart the migration.
The migration tool cannot perform one of the operations on the migration.properties file,
probably due to insufficient disk space or missing privileges.
Solution: Ensure that the migration tool has write permission for its main directory and that the
disk space available is sufficient. Then, restart the migration.
CTJSM0013E An error occurred while renaming the migration.properties file. Ensure the migration
tool has write permission and restart the migration.
The migration tool cannot perform one of the operations on the migration.properties file,
probably due to insufficient disk space or missing privileges.
Solution: Ensure that the migration tool has write permission for its main directory and that the
disk space available is sufficient. Then, restart the migration.
CTJSM0014E The LMT/BFI server response took too long. Ensure that the server is running or increase
the connection timeout in the migration.properties file.
The response from the BigFix Inventory server was not received within allowed time. The server
might not be running or it needs more time to respond.
Solution:
1. Edit the migration.properties and increase the connection timeout by modifying the
LMT_SUA_PROTOCOL_TIMEOUT property.
2. Ensure that the server is running. For more information about starting the server, see: Starting
the server.
CTJSM0015E The requested resource on the LMT/BFI server is not available.
The host name of the IBM BigFix or BigFix Inventory server is correct, however the address
might be appended with the name of a specific resource that does not exist or is unavailable, for
example 9.167.10.31/resource.
Solution:
1. Edit the migration.properties file.
2. Ensure that the value of the IEM_HOST or LMT_SUA_HOST property is correct. If the address is
appended with additional string, delete it and leave only the host name or IP address.
CTJSM0016E HTTP request to the LMT/BFI server failed because of invalid credentials.
Authentication token used to access the BigFix Inventory server is incorrect.
Solution: Edit the migration.properties file and enter the correct authentication token in the
LMT_SUA_TOKEN property. To obtain your unique token, complete the following steps:
2. Hover over your user name in the top-right corner of the application, and click Profile.
3. Click Show Token.
4. Copy the token to the migration.properties file.
CTJSM0018E Cannot access the requested URL: hostname. The IP address of a host could not be
determined: hostname
The host name of the BigFix Inventory is incorrect.
Solution:
2. Ensure that the value of the LMT_SUA_HOST property is correct.
396
CTJSM0019E Connection to the LMT/BFI server was closed. Ensure that the server is running or
increase the connection timeout in the migration.properties file.
The response from the BigFix Inventory server was not received within allowed time. The server
might not be running or it needs more time to respond.
Solution:
1. Edit the migration.properties and increase the connection timeout by modifying the
LMT_SUA_PROTOCOL_TIMEOUT property.
2. Ensure that the server is running. For more information about starting the server, see: Starting
the server.
CTJSM0021E The LMT/BFI fixlet site is not specified in the migration.properties file.
The name of the BigFix Inventory fixlet site is empty or incorrect.
Solution: Edit the migration.properties file and specify the following value for the LMT_SUA_SITE
property: IBM BigFix Inventory.
CTJSM0022E The BigFix server response took too long. Ensure that the server is running or increase
The response from the IBM BigFix server was not received within allowed time. The server might
not be running or it needs more time to respond.
Solution:
1. Edit the migration.properties file and increase the connection timeout by modifying the
IEM_PROTOCOL_TIMEOUT property.
2. Ensure that the server is running. For more information about starting the server, see:
Managing the IBM BigFix services.
CTJSM0023E The requested resource on the BigFix server is not available.
The host name of the IBM BigFix or BigFix Inventory server is correct, however the address
might be appended with the name of a specific resource that does not exist or is unavailable, for
example 9.167.10.31/resource.
Solution:
2. Ensure that the value of the IEM_HOST or LMT_SUA_HOST property is correct. If the address is
appended with additional string, delete it and leave only the host name or IP address.
CTJSM0025E HTTP request to the BigFix server failed because of invalid credentials.
The user name or password of the IBM BigFix server is incorrect.
Solution:
1. Edit the migration.properties properties file.
2. Correct the values of the IEM_USER and IEM_PASSWORD properties. The properties must point to
the same user that can log in to the IBM BigFix console and that is created during the
installation of the server. The default user is IEMAdmin.
CTJSM0027E Cannot access the BigFix server at the specified URL: URL.
The host name of the IBM BigFix server is incorrect. The host name might be too short or it
might contain invalid characters.
Solution: Edit the migration.properties file and correct the host name in the IEM_HOST property.
397
CTJSM0028E Connection to the BigFix server was closed. Ensure that the server is running or increase
The response from the IBM BigFix server was not received within allowed time. The server might
not be running or it needs more time to respond.
Solution:
1. Edit the migration.properties file and increase the connection timeout by modifying the
IEM_PROTOCOL_TIMEOUT property.
2. Ensure that the server is running. For more information about starting the server, see:
CTJSM0030E The directory_name directory specified for csv files does not exist.
You can use the -dir parameter to specify a directory for csv files that are created during
migration, but this directory must exist before you run the command.
Solution: Create a directory for the csv files and then restart the migration.
CTJSM0037E Cannot connect to the LMT/TAD4D database.
This error indicates one of the following problems:
v Tivoli Asset Discovery for Distributed 7.2.2 or 7.5 database is not running.
v Host name specified in the LMT_TAD4D_DB_HOST property is not responding.
v Port number specified in the LMT_TAD4D_DB_PORT property is valid but not correct for this
database.
Solution:
1. Check if the database is running.
2. Edit the migration.properties file, and correct the values in the LMT_TAD4D_DB_HOST and
LMT_TAD4D_DB_PORT properties.
CTJSM0038E Cannot connect to the LMT/TAD4D database because of invalid credentials.
The user name or password of the Tivoli Asset Discovery for Distributed 7.2.2 or 7.5 database is
incorrect.
Solution:
2. Ensure that the values of the LMT_TAD4D_DB_USER and LMT_TAD4D_DB_PASSWORD properties are
correct. The default database user is tlmsrv.
CTJSM0039E The LMT/TAD4D database host name is incorrect.
The host name of the Tivoli Asset Discovery for Distributed 7.2.2 or 7.5 database is incorrect.
Solution: Edit the migration.properties file and correct the host name in the LMT_TAD4D_DB_HOST
property.
CTJSM0040E Length of the specified user name, password, or host name is incorrect.
One of the user names, passwords, or host names is empty or has an invalid format. This error is
related to Tivoli Asset Discovery for Distributed 7.2.2 or 7.5.
Solution:
2. Ensure that the values specified in the file are correct. This error often indicates problems with
version 7.5.
398
CTJSM0043E Cannot access the BigFix server at the specified URL: URL.
The host name of the IBM BigFix server is incorrect. The host name might be too short or it
might contain invalid characters.
Solution: Edit the migration.properties file and correct the host name in the IEM_HOST property.
CTJSM0044E Cannot verify whether your version of LMT/TAD4D supports report groups.
The migration tool cannot verify whether the migrated version of Tivoli Asset Discovery for
Distributed 7.2.2 or 7.5 supports report groups. Such a verification is required because only items
that belong to the default report group can be migrated. The error occurs because the migration
tool cannot establish the connection to the database.
Solution:
2. Ensure that the values of the LMT_TAD4D_DB_HOST and LMT_TAD4D_DB_PORT are correct, and that
the database is running.
CTJSM0045E Credentials in the migration.properties file cannot be encrypted.
Passwords specified in the migration.properties file cannot be encrypted, because the file is
corrupted.
Solution:
1. Copy the template migration.properties file that is in the main directory of the migration
tool.
2. Edit the file and specify values for all properties.
3. Rename the file to migration.properties and use it to run the migration.
CTJSM0046E An invalid value was specified for property property_name. The provided value was:
property_value.
One of the properties in the migration.properties file has an incorrect value. The name of the
property is printed in the message.
Solution: Edit the migration.properties and correct the mentioned property.
CTJSM0047E The filename.csv file cannot be created.
The migration tool cannot create one of the csv files, probably due to insufficient disk space or
missing privileges.
Solution: Ensure that the migration tool has write permission for the directory where the csv files
are created. If you did not use the -dir parameter, the csv files are created in the main directory
of the migration tool. Also, ensure that the disk space available is sufficient. Then, restart the
migration.
CTJSM0048E Cannot retrieve VM Managers from LMT/TAD4D.
The list of VM Managers cannot be retrieved from Tivoli Asset Discovery for Distributed 7.2.2 or
7.5.
Solution:
1. Check the migration.log file for more details.
2. Ensure that Tivoli Asset Discovery for Distributed 7.2.2 or 7.5 database is running.
CTJSM0049E Cannot retrieve VM Managers from LMT/BFI.
The list of VM Managers cannot be retrieved from BigFix Inventory.
Solution:
1. Check the migration.log file for more details.
2. Ensure that BigFix Inventory server is running.
399
3. Ensure that the version of BigFix Inventory is 9.2.1 or higher.

CTJSM0053E The csv files created after previous migration could not be backed up. For more
information, see the migration.log file.
When you run a subsequent migration, the csv files created after the previous run are copied and
renamed to be available as a backup. The migration tool could not create a backup of the file
either due to insufficient disk space or missing privileges.
migration.
CTJSM0054E An error occurred while creating a backup of the filename.csv file. Ensure the migration
tool has write permission and restart the migration.
renamed to be available as a backup. The migration tool could not create a backup of the file
either due to insufficient disk space or missing privileges.
migration.
CTJSM0055E The csv files created after previous migration could not be backed up because one of
them is open in another application.
renamed to be available as a backup. The migration tool could not close one of the files to create
a backup because the file is open in another application.
Solution: Close all open csv files and restart the migration.
CTJSM0058E The migration.properties file does not exist.
The migration.properties file does not exist or cannot be loaded by the migration tool.
Solution:
tool.
CTJSM0059E The migration.properties file cannot be loaded.
The migration.properties file does not exist or cannot be loaded by the migration tool.
Solution:
tool.
CTJSM0068E Cannot retrieve the LMT/TAD4D access details from the migration.properties file.
This error indicates problems with the migration.properties properties file.
Solution:
tool.
400
CTJSM0069E Communications protocol of the BigFix server is incorrect.

The IBM BigFix server uses a different communications protocol than the one specified in the
migration.properties file.
Solution:
2. Change the value of the IEM_PROTOCOL property either to http or https.
CTJSM0070E Cannot access the LMT/BFI server at the specified URL.
The migration tool cannot access the BigFix Inventory server at the web address that is specified
in the migration.properties file. The address might be incorrect or the server is not running.
Solution:
2. Correct the host name in the LMT_SUA_HOST property.
CTJSM0071E Communications protocol of the LMT/BFI server is incorrect.
The BigFix Inventory server uses a different communications protocol than the one specified in
the migration.properties file.
Solution:
2. Change the value of the LMT_SUA_PROTOCOL property either to http or https.
CTJSM0073E The directory directory specified for the csv files does not exist.
You can use the -dir parameter to specify a directory for csv files that are created during
migration, but this directory must exist before you run the command.
Solution: Create a directory for the csv files and then restart the migration.
CTJSM0078E Unsupported file encoding. For more details, see the migration.log file.
This error occurs in case of problems with the migration.properties file.
Solution: Copy the template file that is in the main directory of the migration tool and use it to
run the migration.
CTJSM0080E Cannot retrieve the list of tasks from the BigFix server.
While migrating directories that are excluded from scanning, the migration tool initiates the Add
Excluded Directories task in the IBM BigFix console. This error indicates that the task could not
be initiated, either because of incorrect name or version of the fixlet site, or incorrect access
details of the IBM BigFix server.
Solution:
2. Ensure that the fixlet site specified in the LMT_SUA_SITE property is correct. The correct name
of the fixlet site is: IBM BigFix Inventory.
3. Ensure that the fixlet site is updated to contain the latest content. The site is updated if it
contains the Add Excluded Directories task. For more information, see: Updating the fixlet
site.
4. Ensure that the access details of the IBM BigFix server specified in the IEM_HOST and IEM_PORT
properties are correct.
401
CTJSM0082E Cannot send the VM Managers configuration to the BigFix server. Detailed error: The
action could not be completed because it could not be sent to the BigFix server host_name.
Definitions of VM Managers were successfully migrated to BigFix Inventory, but they could not
be configured on the IBM BigFix server. This error might occur if the IBM BigFix is not running
or the credentials are incorrect.
This error message is always appended with one of the following detailed messages:
v Ensure that the BigFix server is running. For more details, check the BigFix Inventory log.
1. Check the tema.log file that might contain more details about the problem. The log file is in
the install_dir/wlp/usr/servers/server1/logs/ directory.
2. Ensure that the IBM BigFix is running. For more information about starting the server, see:
v Credentials to the BigFix server are incorrect. To solve the problem, go to Management > Data Sources
and specify the correct credentials.
2. In the navigation bar, click Management > Data Sources.
3. Select the server and correct the user name and password. Click Save.
Solution: After you fix the problem, run the following command to update the definitions of VM
Managers on the IBM BigFix server:
./migration.sh -vmupdate
CTJSM0084E The site external/site_name cannot be found.

The fixlet site that is specified in the migration.properties file is incorrect or is not enabled on
the IBM BigFix server.
Solution:
1. Edit the migration.properties file and ensure that the name specified in the LMT_SUA_SITE
property is correct. The correct name of the fixlet site is: IBM BigFix Inventory.
2. Ensure that the fixlet site is enabled on the IBM BigFix server. For more information about
enabling the fixlet site, see: Subscribing to fixlet sites.
CTJSM0089E The Add Excluded Directories task cannot be found in the LMT/BFI fixlet site.
The Add Excluded Directories must be present in the fixlet site. Your fixlet site might not be
updated to the latest version or the name specified in the migration.properties file is incorrect.
Solution:
1. Edit the migration.properties file and ensure that the name specified in the LMT_SUA_SITE
property is correct. The correct name of the fixlet site is: IBM BigFix Inventory.
2. If the Add Excluded Directories is not in the fixlet site, update it to download the latest
content. For more information, see Updating the fixlet site in Configuring.
CTJSM0090E The Add Excluded Directories task in the LMT/BFI fixlet site cannot be initiated.
The migration tool cannot connect to the IBM BigFix server to initiate the Add Excluded
Directories task, which is required to migrate the excluded directories.
Solution: See the migration.log file that describes details about this problem.
Backing up and restoring the database

Perform regular backups of the data that is stored in the database. It is advisable to back up the database
before updating the software catalog or upgrading the server to facilitate recovery in case of failure.
402
Backing up the SQL Server database

You can make a copy of your database by saving it to a backup file. If you want, you can then move the
backup to another computer and restore it in a different BigFix Inventory instance.
Before you begin

v You can back up and restore the database only within one version of BigFix Inventory.
v BigFix Inventory and Microsoft SQL Server Management Studio must be installed.
v Stop the BFIserver service. Open the command prompt and run net stop BFIserver.
Procedure
1.
2.
3.
4.
Log in to the computer that hosts the database that you want to back up.
Open Microsoft SQL Server Management Studio.
In the left navigation bar, expand Databases.
Right-click on the database that you want to back up and then click Tasks > Back Up.
5. Review the details of the backup and then click Add to specify the target location of the copy.
403
6. Click OK.
Results
If the database was backed up successfully, you can find the bak file in the location that you specified in
step 5.
What to do next
If you want to move the database to a different BigFix Inventory instance, copy the backup file to the
target computer and then restore the database.
Restoring the SQL Server database

If you encounter any problems with your database or if you want to move it between different instances
of BigFix Inventory, you can use a backup file to restore the database.
Before you begin

v You can back up and restore the database only within one version of BigFix Inventory.
404
v Ensure that you are logged in to Microsoft SQL Server Management Studio as the user who created the
temadb database. If you log in as a different user, the restoring will fail.
v BigFix Inventory and Microsoft SQL Server Management Studio must be installed.
v Stop the BFIserver service. Open the command prompt and run net stop BFIserver.
Procedure
1. Log in to the computer on which you want to restore the database.
2. Open Microsoft SQL Server Management Studio.
3. In the left navigation bar, right-click on Databases and then click Restore Database.
4. In the Source section, select Device and click the button with three dots.
5. In the pop up window that opens, click Add and browse for your backup file. Click OK.
6. In the left navigation menu, click Options.
7. In the pane on the right select Overwrite the existing database (WITH REPLACE) and Close existing
connections to destination database.
405
8. Click OK.
Results
You restored the temadb database from a backup file.
What to do next
Ensure that you upload to BigFix Inventory the latest software catalog or the one that was used just
before restoring the database.
Backing up the DB2 database

You can save your database to a backup file.
Procedure
2. Check which applications connect to the database and then close all active connections:
a. List all applications that connect to the database:
db2 list applications for database TEMADB
b. Each connection has a handle number. Copy it and use in the following command to close the
connection:
db2 force application "( <handle_number> )"
3. Optional: If you activated the database before, deactivate it:

db2 deactivate db TEMADB
4. Back up the database to a specified directory:

db2 backup database TEMADB to <PATH>
Restoring the DB2 database

You can restore a damaged or corrupted database from a backup file.
406
Procedure
2. Check which applications connect to the database and then close all active connections:
a. List all applications that connect to the database:
db2 list applications for database TEMADB
b. Each connection has a handle number. Copy it and use in the following command to close the
connection:
db2 force application "( <handle_number> )"
3. Optional: If you activated the database before, deactivate it:

4. Restore the database from a backup file:

db2 restore db TEMADB from <PATH> taken at <TIMESTAMP> REPLACE EXISTING
Example:
db2 restore db TEMADB from /home/db2inst1/
taken at 20131105055846 REPLACE EXISTING
Checking why a Fixlet or task is not relevant

When a Fixlet or task is not relevant on a particular endpoint, you can create an analysis that checks
which part of the relevance expression is not matched. This way, you can identify the exact reason why
the Fixlet or task cannot be run on an endpoint and troubleshoot the problem.
Before you begin

If you are using IBM Endpoint Manager console version 9.0, a script error might occur during the
creation of the analysis. To avoid the problem, ensure that the version of the IBM Endpoint Manager that
you are using is higher than 9.0.
Procedure
1. In the navigation tree of IBM BigFix, click Sites > External Sites > IBM BigFix Inventory > Fixlets
and Tasks.
2. In the upper right pane, select Analyze the Relevance of a Fixlet or Task.
3. Choose the Fixlet or task that you want to analyze. Then, click Create Analysis.
4. Optional: In the window that opens, you can change the display name of the analysis or decide
whether the analysis is activated automatically.
407
5. To create the analysis, click OK. By default, the analysis is created in the Master Action site and is
activated globally.
6. Open the Master Action site and click Analyses.
7. In the upper right pane, select Relevance Check for the name Task/Fixlet from the IBM BigFix
Inventory Site and open the Results tab. The part of the relevance expression that causes that the
Fixlet or task is not relevant on a particular endpoint has the value False. In this example, the second
and third part of the relevance is not matched and thus causes that the entire task is not relevant.
8. When you know which part of the relevance expression is not matched, open the Details tab to see
the content of the relevance. In this example, the task is not relevant for two reasons. First, the
targeted endpoint does not meet the operating system requirements (relevance 2). Second, the
directory SUA_Server_Path/properties/version or SUA_Server_Path/iso-swid does not exist on the
endpoint or the latest software catalog is already available on that endpoint (relevance 3).
408
Results
When you know the exact reason why a Fixlet or task is not relevant on an endpoint, you can
troubleshoot the problem.
What to do next
The analysis is created in the Master Action site and thus is activated on all endpoints that report to IBM
BigFix, not only the endpoints that are subscribed to the BigFix Inventory site. To avoid performance
issues, deactivate the analysis when you identify and troubleshoot the problem with the relevance of a
Fixlet or task. To deactivate an analysis, right-click it and click Deactivate.
Checking the client installation date

You can create a property on your IBM BigFix server that enables the date when your endpoints first
connected to the server.
About this task

This procedure might be useful if you are using an automated tool to silently install many BigFix clients.
To verify that the clients were installed and check their installation dates, you can add a column that
shows the dates when your clients first connected to the server.
Procedure
1. Create a property on your IBM BigFix server that enables the new column:
a. Log in to the IBM BigFix console.
b. Click Tools > Manage Properties, and then click Add New.
409
c. In the Name field, enter First Report Time.

d. In the Relevance field, enter the following relevance expression:
(month of it as two digits & "/" & day_of_month of it as two digits & "/" & year of it as string)
of date (local time zone) of (minimum of subscribe times of sites)
Note: The preceding expression changes the date format to DD/MM/YYYY, which makes it suitable
for sorting in a CSV format. If you want to keep the default format (Mon, 1 Jan 2014), use the
following relevance expression: minimum of subscribe times of sites.
e. In the Evaluate field, choose 12 hours.
f. Click OK. The new column can be viewed in the Computers page.
2. Optional: Add the created column to Web Reports where your data can be viewed as reports, or
exported to a CSV or PDF format:
a. Log in to Web Reports.
b.
c.
d.
e.
Tip: You can access Web Reports under the following web address: http://
BigFix_server_hostname/webreports.
Click Explore Data.
In the Computer section, click Edit Columns, and then select the First Report Time column.
Click Save Report.
Optional: To export your report, click Export to CSV or Export to PDF.
Removing the server manually

If you encounter any problems with uninstalling the BigFix Inventory server, you can remove it manually.
Procedure
1. Run the following command to verify that the process associated with the server is running:
ps -ef | grep <installation dir>/cli | grep server1
Tip: The ID of the process is the number next to the user name.
2. End the process by running the following command:
kill -9 <process ID>
3. Remove the directory in which you installed BigFix Inventory:

rm -rf <installation dir>
For example:
rm -rf /opt/IBM/BFI
4. Edit the .com.zerog.registry.xml file that is in the /var directory. If you installed the server as a
non-root user, the registry file is in $HOME/.
5. In the registry file, locate the entries that are related to BigFix Inventory. Remove the entries that
represent the product and all the related components. You can recognize them by the product name
and a common file path. If the registry file contains entries only for BigFix Inventory, you can delete
the whole file.
Updating scanner catalogs

The scanner catalogs are used by the scanner to discover software on the endpoints. The catalogs are
automatically updated after each import of the IBM software catalog. Use this procedure only if the
automatic update of the scanner catalogs fails.
410
Before you begin

v Before you update the scanner catalogs manually, try to determine why the automatic update failed.
For more information, see: Server operation problems.
v Ensure that the BigFix Inventory server is visible to your BigFix server.
v If Secure Socket Layer (SSL) is enabled in BigFix Inventory, all updates are also downloaded through
SSL. The BigFix server must recognize SSL certificates of BigFix Inventory as valid.
Procedure
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.

Import the software catalog.
In the top navigation bar, click Management > Catalog Upload.
To download the fixlet file to your computer, click the question mark sign. Then, click Catalog
click Save.
Copy the file to the computer where the BigFix console is installed.
To import the fixlet, click File > Import.
Open the directory where you store the catalog_download.bes file, select the file, and click Open.
The file is imported.
In the left pane, click Sites > Master Action Site > Fixlets and Tasks. A list of available fixlets opens
To run the fixlet on the endpoints, select Catalog Download (Version: version), and click Take
Action.
Select the computers on which you want to run the fixlet, and click OK.
What to do next
You imported the scanner catalogs to the endpoints in your infrastructure. To gather inventory data from
the endpoint, you must now initiate software scans.
Logs and return codes

Find logs and interpret return codes to troubleshoot issues.
411
Server installation and upgrade logs

Installation and upgrade log files are in the same directories, because those processes are completed by
using the same installer. If you encounter any problems while installing or upgrading the server, refer to
those log files for more information about any occurring errors.
Log files
There are several log files that are created either during the installation or upgrade, or only when the
process failed or completed successfully. Each path starts with a variable that is specific to the operating
system. Those variables are explained below the table.
Table 82. Installation and upgrade log files
Installation
Status
Windows
Linux
In progress
%USERPROFILE%\BFI_9.2
$HOME/BFI_9.2
%USERPROFILE%\ia.log
$HOME/ia.log
BESclient_installation_directory\LMT\
BFI_upgrade.log
BESClient_installation_directory\LMT\
BFI_upgrade.log
Failed
%USERPROFILE%\BFI_9.2_timestamp_logs.zip
$HOME/BFI_9.2_timestamp_logs.tar.gz
Successful
installation_directory\
BFI_9.2_timestamp_logs.zip
installation_directory/
BFI_9.2_timestamp_logs.tar.gz
%USERPROFILE%
Home directory of the user who installed the server, for example C:\Users\Administrator\.
Important: When you upgrade by using a Fixlet, the upgrade runs under the NT
AUTHORITY\SYSTEM user whose default home directory is C:\Windows\System32\config\
systemprofile\.
$HOME
Home directory of the user who installed the BigFix client, for example /root/.
Log file contents

To understand the root cause of installation and upgrade problems, review logs for messages with a
severity level of WARN or ERROR. The following example shows a warning message.
<Message Id="CODIN0215W" Severity="WARN">
<Time Millis="1381929782997"> 2013-10-16 15:23:02.997+02:00</Time>
<Server Format="IP">NC040226.kraklab.pl.ibm.com</Server>
<ProductI>dCOD</ProductI>d
<Component>Install</Component>
<ProductInstance></ProductInstance>
<LogText><![CDATA[CODIN0215W The following ports are in use: 9081, .
The installation process can be continued but the server will not be started.
The server has to be started manually after resolving the ports conflict.]]></LogText>
<Source FileName="com.ibm.license.mgmt.install.ia.common.CommunicationCommon"
Method="okToContinue"/>
<TranslationInfo Type="JAVA" Catalog="userLocales.InstallMessageEWI" MsgKey="checkPorts">
<Param><![CDATA[9081, ]]></Param></TranslationInfo>
<Principal></Principal>
</Message>
To learn more about errors and return codes that can appear in the logs, go to Server installation and
uninstallation return codes on page 417.
412
Server log file

The server log file tema.log is in the installation_directory/wlp/usr/servers/server1/logs/ directory.
The log file saves all actions related to the server and is the primary source of information for
troubleshooting purposes. Each action in the log file is reported according to the UTC time zone, but the
file also shows information about the local time zone of your server.
Note: This directory also contains the production.log file. It is an additional log that contains messages
related to the database server and can be used to investigate database-related problems. Most of the
information that is written in this log is also available in the tema.log.
Settings that you can modify

Logging properties are set in the server.xml file that is in one of the following directories:
v
Windows
installation_directory\wlp\usr\servers\server1
Linux
installation_directory/wlp/usr/servers/server1
You can change the following settings:

messageFileName
The server log file name. The default name is tema.log.
logDirectory
The server log file location. The default location is:
v
Windows
installation_directory\wlp\usr\servers\server1
Linux
installation_directory/wlp/usr/servers/server1
maxFileSize
The maximum size (in MB) that a log file can reach before it is rolled over. To disable this
attribute, set the value to 0. The default value is 10.
maxFiles
If an enforced maximum file size exists, this setting is used to determine the maximum number
of iterations of the server log file. If the log file reaches the maximum size that is defined in the
maxFileSize parameter, the remaining messages roll over to another iteration of the file.
Log level
The log level controls which events are recorded in the server log file. The log level is set in the
log4j.properties file that is in one of the following directories:
v
Windows
installation_directory\wlp\usr\servers\server1\config
Linux
installation_directory/wlp/usr/servers/server1/config
You can use the log4j.rootCategory property to change the logging level. The default level is INFO. The
following is a list of the possible log levels:
FATAL
Task cannot continue and component, application, and server cannot function.
ERROR
Error events that might still allow the application to continue running.
WARN
Potential error or impending error. This level can also indicate a progressive failure.
INFO General information that outlines the overall task progress.
413
DEBUG
Fine-grained informational events that are most useful to debug an application.
Time zone
The time of all actions saved in the log file is specified according to the UTC time zone. You can compare
these actions to the local time zone of your server to learn when exactly a particular action occurred.
Information about your server time zone is written in the beginning of the log file and is repeated every
1000 entries. The following examples are the excerpts from the log file:
Windows
[INFO]: Local Server Time Zone is CurrentTimeZone=-300 (UTC-06:00) DaylightBias=-60

Linux
[INFO]: Local Server Time Zone is +0200 Europe/Warsaw
Enabling the logging of memory consumption

You can log information about the memory that is used by BigFix Inventory.
Procedure
Set the LOG_MEMORY environment variable to true in the /etc/init.d/BFIserver file.
SERVER_NAME=server1
WLP_PATH=/opt/IBM/BFI/wlp
export JAVA_HOME=/opt/IBM/BFI/jre/jre
export TEMA_HOME=/opt/IBM/BFI/wlp/usr/servers/server1
export PATH=${PATH}:/opt/IBM/BFI/wlp/usr/servers/server1/bin
export LOG_MEMORY=true
Results
Each log returns memory consumption information.
INFO: Memory Used,458MB,Memory Diff,0kB,Memory Committed,743MB,
DEBUG: SF = # <SAM::ScanFile @values={:scan_file_id=>1, :file_size=>18681, :computer_id=>4,
:file_name=>"itsitsearch_0_3205710.xml.bz2"}>
INFO: Memory Used,460MB,Memory Diff,1835kB,Memory Committed,743MB,
DEBUG: Checking cache for /itsitsearch_0_3205710.xml.bz2
Import logs
Import logs contain information about the import of data from the BigFix server to BigFix Inventory.
They list steps related to the import process and show their status. Each action in the log files is reported
according to the UTC time zone, but the file also shows information about the local time zone of your
server.
The logs are stored in one of the following directories:
v
Windows
installation_directory\wlp\usr\servers\server1\logs\imports
Linux
installation_directory/wlp/usr/servers/server1/logs/imports
The log from the latest import is also accessible from the BigFix Inventory user interface. To view the log,
click Management > Data Imports. The last megabyte of the log data is displayed in the web user
interface.
You can also download an earlier version of the import log by using the BigFix Inventory web UI.
1. To download a log, click Management > Data Imports.
414
2. In the Import History table, identify the table row with the import that you are interested in and click
Download. The log file is saved in the download directory of your web browser.
Import statuses
Successful
The import finished successfully.
Incomplete
The import could not finish. It might happen when the BigFix Inventory server is stopped during
the import. Ensure that the server is running, check the import logs, and rerun the import.
Failed The import failed. Ensure that the BigFix server is running, check the import logs, and rerun the
import.
Time zone
The time of all actions saved in the import log file is specified according to the UTC time zone. You can
compare these actions to the local time zone of your server to learn when exactly a particular action
occurred. Information about your server time zone is written in the beginning of the log file and is
repeated every 1000 entries. The following examples are the excerpts from the log file:
Windows
[INFO]: Local Server Time Zone is CurrentTimeZone=-300 (UTC-06:00) DaylightBias=-60

Linux
[INFO]: Local Server Time Zone is +0200 Europe/Warsaw
415
Enabling debug logging for the import process

Change the import log settings to collect debug information. Debug information includes information
about broken relationships, for example deleted component relationships.
Before you begin

Enabling the debug logging increases the size of the data import log, which might lead to errors while
displaying the log in the user interface. This problem often impacts Internet Explorer and can be solved
by accessing the user interface from a different browser. For more information, see Troubleshooting.
Procedure
1. Go to one of the following directories and edit the jvm.options file.
v
Windows
installation_directory\wlp\usr\servers\server1\
Linux
v
installation_directory/wlp/usr/servers/server1/
2. Append the following line to the file:
-DTEMA_LOG_DEBUG=1
3. Restart the BigFix Inventory server.

v
Windows
Go to installation_directory\cli and run the srvstop.bat file. Then, start the server
by running srvstart.bat.
Linux
/etc/init.d/BFIserver restart
Database creation logs and return codes

The create database script createdb.sh generates a log file with information that can help you check why
database creation or validation failed. The createdb.sh log is in the /tmp directory. The file has a time
stamp suffix, for example: /tmp/createdb_20131018-131841.
The log file is created only if you installed BigFix Inventory on Linux and use a DB2 server.
Linux
Return codes
Check the return code to find the reasons for database creation problems.
Table 83. Return codes for the create database script
Return code
416
Description and possible solutions
Database successfully created.
Help message is displayed, or incorrect syntax.
100
One or more errors occurred during the database creation. Database creation error. Check the
database creation log: creation log /tmp/createdb_latest_timestamp.
101
Database already created.
102
One or more errors occurred during the database validation. There is something wrong with the
DB2 commands run from the script. The script requires a correctly initialized DB2 environment.
103
The DB2 version could not be correctly read from the db2level command. The db2level
command returned the DB2 version string in an unexpected format. DB2 10.1 FP 2 or later WSE,
ESE or AESE editions are supported.
104
Unsupported database version. DB2 10.1 FP 2 or later WSE, ESE or AESE editions are supported.
You can check the version by running the db2level and db2licm -l commands as the SYSADM
user.
Table 83. Return codes for the create database script (continued)
Return code
Description and possible solutions
105
An unsupported edition of the database was found in the system. DB2 10.1 FP 2 or later WSE,
ESE or AESE editions are supported. You can check the version by running the db2level and
db2licm -l commands as the SYSADM user.
127
Cannot run the db2 command. Incorrectly configured DB2 instance. The user that runs the script
must have SYSADM authority. Try to run the script as the DB2 instance owner.
Server installation and uninstallation return codes

If the server installation or uninstallation fails, check the return code to find the reason of the problem
and possible solutions.
The table lists return codes that are logged during the installation or uninstallation of the BigFix
Inventory server.
Table 84. Server installation and uninstallation return codes
Return code
The server was successfully installed.
An unexpected error occurred.
An unexpected exception occurred.
An internal error occurred. The installer failed to save the file with information that was collected
or generated during the preinstallation stage.
The installation was canceled.
A post-installation step was terminated before it was finished. Problems with resuming the
installation might occur.
11
Validation of the communication ports failed. Either the same port is specified for more than one
parameter or the specified port is in use. If you want to specify a port that is temporarily used
but will be available later, set the RSP_DISABLE_COMMUNICATION_WARNINGS parameter to true.
13
Validation of the license agreement, or the file path failed. Either the license agreement was not
accepted, the path to the installation response file is not absolute, or the command is too long. To
accept the license agreement, set the RSP_LICENSE_ACCEPTED parameter in the response file to true.
If the problem persists, ensure that you are specifying an absolute path, or move the files to a
different, simple directory to shorten the command, for example /root/BFI.
14
There is not enough space for the installation. To check how much free disk space is required to
proceed with the installation, see the following installation log: installation_directory/
BFI_9.2_timestamp_logs.tar.gz.
18
Validation of the installation path failed. Either the specified path is incorrect or the installation
directory is in read-only mode.
20
An unknown response file parameter was specified. Remove the parameter from the installation
response file.
21
The response file was not found. It is either empty or contains Windows line endings instead of
UNIX ones.
23
The command-line interface or another application from the BigFix Inventory installation path is
still running. Either end the process manually or set the RSP_AUTO_CLOSE_PROCESSES parameter to
true.
26
An internal error occurred. Creation of the log directory failed.
27
It was impossible to recognize the environment, for example, installed products.
28
The upgrading scenario is not supported.
29
A part of BigFix Inventory that is already installed, is corrupted.

417
Table 84. Server installation and uninstallation return codes (continued)

Return code
30
The uninstallation wizard could not find product information in registries. BigFix Inventory was
already uninstalled.
31
The host name was not obtained. To verify the host name, in the command-line interface, enter
the following command:
nslookup host_name
32
An exception was detected while reading the setup.ini file.
33
An attempt of creating a log directory in the installation path failed because a file called BFI9.2
already exists. To proceed with the installation, delete the file.
34
The log directory is in read-only mode.
35
The system TEMP environment variable does not point to a valid directory.
36
Installation in console mode is not supported. Use interactive or silent mode.
37
The required resources could not be extracted from the installation image.
38
The required resources could not be found inside the installation image.
41
The post-installation failed.
42
Another instance of the installer is already running.
46
The post-installation was interrupted.
50
Resuming a failed installation in silent mode is not supported.
55
All elements of the infrastructure are already installed.
59
An internal error occurred. Contact IBM support.
214
The uninstallation process could not connect to the X server. Verify that the DISPLAY variable is
properly set and points to a working X server.
Manually adjusting the PVU per core value

The number of PVUs is assigned per processor core based on the information that is provided in the PVU
table. However, it might happen that the value that is assigned to a processor in your environment is
incorrect. In such case, contact IBM Support to get a permission to manually adjust the PVU value. When
the problem with incorrect detection of the PVU value is solved, remove the manual adjustment.
Before you begin

You must have the permission of IBM Support to manually adjust the PVU per core value.
Exception: To properly calculate PVU values for Linux on IBM Power Systems, set the PVU per core
rating to 70. IBM Support consent is not required in this case.
Procedure
1. In the navigation tree of IBM BigFix, click Sites > External Sites > IBM BigFix Inventory > Fixlets
and Tasks.
2. In the upper right pane, select Manually Adjust the PVU per Core Value.
3. From the drop-down list, choose the PVU value that you want to assign to the processor.
4. Add a justification for changing the PVU value of the processor that was discovered on the endpoint.
For example, provide the PMR number. Then, click Take Action.
418
Important: When the problem with incorrect detection of the PVU value is solved or if you adjust the
PVU value on a computer that does not require the adjustment, choose Remove manually configured
rating.
5. In the window that opens, confirm that you have the permission of IBM Support to manually adjust
the PVU value.
6. From the list of applicable computers, choose the ones on which you want to change the PVU value
and click OK. Choose all virtual machines that run on the same host. Otherwise, the collected data
might be inconsistent.
Tip: To check on which endpoints the number of PVUs per core was adjusted manually, activate the
Manually Adjusted PVU per Core Value analysis and open the Results tab.
Results
Wait for the next capacity scan. After its results are uploaded to IBM BigFix, wait for the scheduled
import or run it manually. After the import, you can open the Hardware Inventory report to check
whether the PVU values were correctly adjusted.
What to do next
When the problem with incorrect detection of the PVU value is solved, remove the manual adjustment
from the endpoints. Then, wait for the next capacity scan. After its results are uploaded to IBM BigFix,
wait for the scheduled import or run it manually. After the import, a correct PVU value should be
displayed on the Hardware Inventory report.
Contacting IBM Software Support

IBM Software Support provides assistance with product defects.
Before you begin

Before contacting IBM Software Support, your company must have an active IBM software maintenance
contract, and you must be authorized to submit problems to IBM. For information about the types of
maintenance contracts available, see Enhanced Technical Support in the Software Support Handbook at:
http://www14.software.ibm.com/webapp/set2/sas/f/handbook/home.html
About this task

Complete the following steps to contact IBM Software Support with a problem:
Procedure
1. Define the problem, gather background information, and determine the severity of the problem. For
help, see Contacting Software Support in the Software Support Handbook.
2. Gather diagnostic information.
3. Submit your problem to IBM Support in one of the following ways:
419
v Online: Visit the IBM Software Support site: www.ibm.com/software/support/probsub.html

v By phone: For the phone number to call in your country, go to the Contact Information section of
the Software Support Handbook.
What to do next
If the problem you submit is for a software defect or for missing or inaccurate documentation, IBM
Software Support creates an Authorized Program Analysis Report (APAR). The APAR describes the
problem in detail. Whenever possible, IBM Software Support provides a workaround that you can
implement until the APAR is resolved and a fix is delivered. IBM publishes resolved APARs on the IBM
Support website daily, so that other users who experience the same problem can benefit from the same
resolution.
420
Chapter 10. Tuning performance

You can use the information in this section to identify and resolve the primary
system bottlenecks in your environment. The tips and performance
recommendations can be used both in big data environments and in smaller
environments that are running on low-performance hardware.
Infrastructure
The main factor that affects the performance of the BigFix Inventory server is the performance of the
underlying infrastructure on which the application server and the DB2 database are running. You must
ensure that the recommended requirements are met.
Important: The official hardware recommendations were prepared with assumption that the BigFix
Inventory server is running on a dedicated physical server or servers. If virtual machines are used, the
specified hardware (processor, RAM, or disk space) must be exclusively dedicated to those virtual
machines not shared with any others.
Even if you meet the recommended requirements, the application might work slowly because of issues
with the underlying hardware. The issues might be caused by, for example, sharing resources with other
machines within the virtual environment. You can run some diagnostic methods to ensure that the
underlying infrastructure is in good shape.
Memory performance
RAM performance metrics such as seek time or memory bandwidth, are strictly dependent on the
memory type, which is linked with the processor type.
Restriction: Do not run your server on a virtual machine for which memory compression was enabled,
for example in x86 virtualization that is provided by VMware. It is especially true in case of the computer
on which the DB2 database is running.
Pay particular attention to the amount of memory that is available for BigFix Inventory and the DB2
application. It is important to monitor the RAM usage on a daily basis because memory usage differs
greatly depending on how the application is being used. The main factors besides the environment size
include:
v The number of concurrent web UI users
v The frequency of data imports
Memory monitoring is especially important on the database computer as insufficient amount of RAM can
significantly slow down background tasks, such as PVU data aggregation because of memory swapping.
Swapping, also known as paging, is the use of secondary disk storage to store and retrieve application
data for use in RAM. It is automatically performed by the operating system and typically occurs when
the available RAM is depleted. Swapping can have a significant impact on DB2 performance and should
be avoided. To avoid swapping, ensure that sufficient RAM is available on the computer so processes do
not consume all the available RAM. Use the following Linux tools to monitor RAM usage and memory
swapping:
v top
v free
Copyright IBM Corporation 2002, 2013 IBM 2002, 2015
421
v vmstat
v or sar
If you notice that there is almost no free memory available to BigFix Inventory and the DB2 processes are
being swapped to disk, the best solution is to increase the RAM memory size.
Storage performance
To ensure good performance of BigFix Inventory, it is essential to have good storage performance on the
database server computer. The storage performance of the BigFix Inventory server alone is not that
important.
The recommended average disk speed for the database server computer is specified in the following
table.
Table 85. Recommended average disk speed for the database server computer in specific environments
Deployment Size
Disk Speed
Small (up to 5000 endpoints)
100 MB/sec
Medium (5000 - 30000 endpoints)
250 MB/sec
Large (more than 30000 endpoints)
400 MB/sec
Running hard disk tests

On Linux, you can use the hdparm and dd commands or the Bonnie++ application to determine the hard
disk write rate. You can also use the iostat command to determine average disk usage.
Determining the write rate with the hdparm command:
In the Linux operating system, there is a built-in hdparm command that can be used to determine the hard
disk write rate.
Procedure
In the Linux console, enter hdparm -t path_to_the_test_file
hdparm -t /dev/sda1
Timing buffered disk reads: 200 MB in 1.19 seconds = 167.47 MB/sec
Running the disk test with the DD application:

About this task
The DD test measures the most basic single-threaded disk access: a large sequential write, followed by a
large sequential read. It is relevant for the database performance testing effort because it gives you the
maximum speed for sequential scans for large tables.
Note: Check the RAM size on the testing computer to correctly run a DD test and avoid file system
caching that can distort the test results.
Procedure
1. Create a file that is twice the size of the RAM capacity on the test computer and copy it to the target
computer hard disk.
In your tests use a 4 KB block size because the default page size of the DB2 table space that BigFix
Inventory is using is 4 KB. For example, if you have 16 GB of RAM, run the following command so
that a 32 GB file named ddfile is created in the current directory:
time sh -c "dd if=/dev/zero of=ddfile bs=4k count=8000000 && sync".
422
Note: Some implementations of DD report the write rate, but the time command always returns the
execution time that is larger than the DD time. The time and rate reported by DD represent the rate
without any lag or synchronization time. Divide the data size by the time reported by the time
command to get the real synchronous file writing rate.
Example:
8000000+0 records in
8000000+0 records out
32768000000 bytes (32 GB) copied, 38.924 s, 842 MB/s
real 3m49.192s
user 0m0.450s
sys 0m38.282s
In this example, the rate for writes including caching is 842 MB/s, but including the synchronization
time it is much poorer only about 136.46 MB/s (32 GB / 3 minutes 49 seconds).
2. To flush out the file system cache so that you read directly from the disk later, write to the disk
another large file: dd if=/dev/zero of=ddfile2 bs=4k count=4000000
3. Read the first large file. Since the file system cache is filled with the second file, this test returns a
valid read rate result:
time dd if=ddfile
8000000+0 records
8000000+0 records
32768000000 bytes
real 3m6.496s
user 0m1.652s
sys 0m10.753s
of=/dev/null bs=4k
in
out
(32 GB) copied, 186.456 seconds, 167.6 MB/s
4. Compare the results with those in the table Recommended average disk write and read rates for the
database server computer to determine whether your storage can handle the DB2 database for your
environment. The system should easily be able to deal with a database of up to 10000 clients.
Determining disk usage:
If response times are slow, check the average disk usage with the iostat command. Disk usage times of
greater than 80% can reduce I/O performance, it is desirable to have average disk usage below 40%.
Procedure
In the Linux console, enter iostat -x interval duration
Where:
v interval Is the time interval in seconds. If no interval is specified, the output reflects the values over
the entire period since the system was rebooted
v duration Is the number of times to run the command
Example:
iostat -x 30 5
Tuning VM manager performance

Retrieval of data from VM managers might affect the BigFix Inventory performance. Use the
vmm_polling_time_interval parameter to adjust the interval between consecutive retrievals of data to the
size of your environment.
If you are using the basic VM management (central), use REST API to change the value of the parameter
on the BigFix Inventory server. For more information, see: Configuring server settings on page 131. If
you are using advanced VM management (decentralized), go to the computer where the VM Manager
Tool is installed, and change the value of the parameter in the BES Client\LMT\VMMAN\config\
vmmainconf.properties file.
423
Table 86. Recommended interval between consecutive retrievals of data from VM managers.
Number of virtual machines
Recommended interval
Parameter value
Up to 500
30 min (default)
30 (default)
501 - 1000
1h
60
1001 - 3000
4h
240
3001 - 5000
6h
360
5001 - 10 000
24 h
1440
More than 10 000
48 h
2880
Tuning performance in big data environments

You can learn the possible causes of the most common performance issues in big data environments and
known solutions to these issues, together with several general tips that help you to keep the system in
good shape and avoid performance problems.
Database maintenance
See the topic Maintaining the database to learn more how to manually maintain the database tables. It is
also possible to maintain the tables automatically by using the built-in DB2 mechanisms.
Scalability of multiple concurrent UI users

The number of users that are simultaneously logged in to BigFix Inventory and perform actions on the
user interface influences the application performance. When BigFix Inventory is running on the hardware
that meets the minimal hardware requirements, the optimal number of concurrent users is five.
Configuring the transaction logs size

If your environment consists of many endpoints, increase the transaction logs size to improve
performance.
About this task

The transaction logs size can be configured through the LOGFILSIZ DB2 parameter that defines the size of
a single log file. To calculate the value that can be used for this parameter, you must first calculate the
total disk space that is required for transaction logs in your specific environment and then divide it, thus
obtaining the size of one transaction log. The required amount of disk space depends on the number of
endpoints in your environment and the number of endpoints for which new scan results are available
and processed during the data import.
Important: Use the provided formula to calculate the size of transaction logs that are generated during
the import of data. More space might be required for transaction logs that are generated when you
remove the data source.
Procedure
1. Use the following formula to calculate the disk space for your transaction logs:
<The number of endpoints> x 1.2 MB + <the number of endpoints
for which new scan results are imported> x 1 MB + 1 GB
2. Divide the result by 0.00054 to obtain the size of a single transaction log file.
3. Run the following command to update the transaction log size in your database. Substitute value with
the size of a single transaction log.
db2 update database configuration for TEMADB using logfilsiz value
424
4. For the changes to take effect, restart the database. Run the following commands:
db2stop
db2start
db2 activate db TEMADB

a. To stop the server, run the following command:
/etc/init.d/BFIserver stop
b. To start the server, run the following command:

/etc/init.d/BFIserver start
Example
v Calculating the single transaction log size for 100 000 endpoints and 15 000 scan results:
100 000 x 1.2 MB + 15 000 x 1 MB + 1 GB = 136 GB
136 / 0.00054 = 251851.85
Increasing Java heap size

The default settings for the Java heap size might not be sufficient for medium and large environments. If
your environment consists of more than 5000 endpoints, increase the memory available to Java client
processes by increasing the Java heap size.
Procedure
1. Go to the <INSTALL_DIR>/wlp/usr/servers/server1/ directory and edit the jvm.options file.
2. Set the maximum Java heap size (Xmx) to one of the following values, depending on the size of your
environment:
v For medium environments (5000 - 50 000 endpoints), set the heap size to 6144m.
v For large environments (over 50 000 endpoints), set the heap size to 8192m.
v For very large environments (over 150 000 endpoints), set the heap size to 12g.
Maintaining the DB2 database

To ensure that the DB2 database works properly, you need to regularly back up your data and perform
maintenance actions.
About this task

The configuration of DB2 has a significant impact on performance. You should perform some standard
actions to administer the database correctly. If you have DB2 administration professionals, they can
monitor the DB2 health and performance. In other cases, you should follow the procedures that are
described in this topic to keep your database healthy.
Procedure
1. Perform regular backups of the data that is stored in the database. It is advisable to back up the
database before updating the software catalog or upgrading the server to facilitate recovery in case of
failure.
a. Stop the server.
b. In the DB2 command-line interface, run the following command: db2 backup database TEMADB.
c. Start the server
The backup is created in the current working directory, and the file name contains the instance name
and time stamp of the backup procedure (for example:
TLMA.0.db2inst1.NODE0000.CATN0000.20101105000715.001).
425
For more information about database backup strategies, see DB2 topic: Developing a backup and recovery
strategy.
2. Reorganize the table to match the index and to reclaim space:
a. Stop the BigFix Inventory server.
b. In the DB2 command-line interface, run the following commands:
v db2 connect to TEMADB
v db2 -x "select reorg table,substr(rtrim(tabschema)||.||rtrim(tabname),1,50), allow
no access;from syscat.tables where type = T and tabschema in (ADM,SAM,DBO)
order by tabschema,tabname " > reorgs.sql
v db2 -tvf reorgs.sql
v db2 terminate
c. Start the BigFix Inventory server.
3. Keep the statistics up-to-date. By default, DB2 statistics are run automatically. If this option is
disabled, you must manually run the following commands:
a. Stop the BigFix Inventory server.
b. In the DB2 command-line interface, run the following commands:
v db2 connect to TEMADB
v db2 -x "select runstats on table,substr(rtrim(tabschema)||.||rtrim(tabname),1,50),
and indexes all;from syscat.tables where type = T and tabschema in
(DBO,SAM,ADM) order by tabschema,tabname " > runstats.sql
v db2 -tvf runstats.sql
v db2 terminate
c. Start the server.
What to do next
For a more advanced investigation of queries that are used by the BigFix Inventory server, you should
use the DB2 design advisor command (db2advis). It helps in finding new indexes that can improve the
database performance. The Design Advisor uses the output from the DB2 monitors to suggest the
creation of new indexes. The suggestions are based on the queries that are found in monitors. For more
information about Design Advisor, consult the DB2 documentation:
v DB2 10.1
db2advis - DB2 Design Advisor command
DB2 topic: Design Advisor
v DB2 10.5
db2advis - DB2 Design Advisor command
DB2 topic: Design Advisor
426
Chapter 11. Integrating

External systems integration is a key feature of BigFix Inventory. Business logic is
enabled for integration and interfaces are provided for common integration points.
REST API
Managing large amounts of information by using the application user interface can be time-consuming.
You can use the REST APIs as an alternative to the graphical user interface to reduce the time that is
needed to manage your software inventory and the content of your software catalog.
Important: If you want to use REST API when you are not logged in to BigFix Inventory, you must
provide the token parameter for each query. To check what your token is, in the top navigation bar, click
your user name, and then click Profile. To check your API token, click Show token.
The token parameter is not required when you are logged in to BigFix Inventory.
Restriction: Do not use REST API during the import as you might encounter a problem with the
database connection. If the problem occurs, wait until the import finishes and ensure that the BigFix
Inventory server is up and running. Then, repeat the API call.
Abbreviations
The following abbreviations are used in the documentation that is related to REST API:
HTTP Hyper Text Transfer Protocol. HTTP version 1.1 is defined in RFC 2616. Unless otherwise noted,
the use of the term HTTP indicates both HTTP and HTTPS.
HTTPS
Hyper Text Transfer Protocol Secure, as defined in RFC 2818
JSON JavaScript Object Notation, as defined in ECMA-262
REST Representational State Transfer, as originally and informally described in Architectural Styles and
the Design of Network-based Software Architectures
URI
Uniform Resource Identifier, as defined in RFC 3986, Draft 5
REST API resources and HTTP methods

The operations of the BigFix Inventory REST API protocol are defined as HTTP methods on certain REST
resources.
Table 87. Overview of REST operations
Target REST operation URI
HTTP
methods
api/get_token
POST
Returns a unique token that is required to

authenticate REST API requests.
api/sam/about
GET
Returns the version of BigFix Inventory.
Purpose of the operation
427
Table 87. Overview of REST operations (continued)

Target REST operation URI
HTTP
methods
Purpose of the operation
api/import_status.json
GET
Returns the current status of the data import.
api/sam/configs
GET
Returns information about the current settings of

the administration server.
api/sam/configs
PUT
Changes the current settings of the administration

server.
api/sam/swinventory/confirm
POST
Confirms instances to bundle or assign.
api/sam/swinventory/confirmRelease
POST
Confirms the assignment of instances for a release.
api/sam/swinventory/exclude
POST
Excludes instances from a pricing application.
api/sam/swinventory/include
POST
Includes instances in a pricing application.
api/sam/swinventory/instanceToShare
GET
Returns a list of software releases that can share a

particular instance.
api/sam/swinventory/products
GET
Returns a list of software products.
api/sam/swinventory/product/{product_id}/
releases
GET
Returns a list of releases of a particular software

product that is identified by its identifier.
api/sam/swinventory/reassign
POST
Reassigns instances to a product.
api/sam/swinventory/reassignRelease
POST
Reassigns instances to a product for a list of

releases.
api/sam/swinventory/release/{release_id}/
instances
GET
Returns a list of instances for the requested

software product release.
api/sam/swinventory/share
POST
Shares an instance with a list of software products.
api/sam/swinventory/
targetBundlesOfInstances
GET
Returns a list of possible releases to which the

requested software instance can be reassigned.
api/sam/swinventory/targetBundlesOfReleases
GET
Returns a list of possible releases to which the

instances of the requested software releases can be
reassigned.
api/sam/swinventory/targetInstances
GET
Returns a list of target instances that will be

reassigned to a particular release.
api/sam/computer_systems
GET
Returns a list of computer systems in your

infrastructure.
api/sam/software_instances
GET
Returns a list of installed software instances.
api/sam/license_usages
GET
Returns information about license usage.
api/sam/contracts/import
POST
Imports contracts from a csv file.
Common connectors and operators

You use connectors and operators to build query segments that filter on matching conditions and values.
Connectors
Table 88. Connectors
Connector
Description
and
Add all clauses with an and concatenator
or
Add all clauses with an or concatenator
428
Operators
Table 89. Operators
Operator
Description
Equals.
!=
Not equals.
<
Less than. Numeric fields only.
<=
Less than or equal to. Numeric fields only.
>
Greater than. Numeric fields only.
>=
Greater than or equal to. Numeric fields only.
begins_with
String begins with the specified value. String fields only.
contains
String contains the specified value. String fields only.
ends_with
String ends with the specified value. String fields only.
not_begins_with
String does not begin with the specified value. String fields only.
not_contains
String does not contain the specified value. String fields only.
not_ends_with
String does not end with the specified value. String fields only.
REST API for retrieving authentication token

You use the POST operation on the api/get_token element to request your unique token that is required to
authenticate the REST API requests.
To request your unique token, use the following URL:
https://hostname:port/api/get_token
Important: This REST API call does not work when single sign-on authentication is enabled. View the
token in the Profile preferences of BigFix Inventory.
Table 90. Operation descriptions
Operation details
Description
Operation
POST /api/get_token
Purpose
Returns the authentication token
HTTP method
POST
Resource URI
https://server_host_name:port_number/api/get_token
URL link relation
n/a
URI query parameters
n/a
Request headers
Header Accept-Language (optional)

Values en-US (only English is supported)
Used to negotiate the language of the response. If this header is not
specified, the content is returned in the server language.
Request payload
{
"user" : "username",
"password" : "password"
}
Request Content-Type
application/json
429
Table 90. Operation descriptions (continued)

Operation details
Response headers
Description
Header Content-Type
Values application/json
Specifies the content type of the response.
Header Content-Language
Values en-US, ...
Specifies the language of the response content. If this header is not
Response payload
Token element
Response Content-Type
application/json
Normal HTTP response codes
200 OK
Error HTTP response codes
500 Bad Request if a query parameter contains errors or is missing

Message body includes an error message with details.
Example HTTP conversation

Request
POST api/get_token
Host: localhost:9081
Accept: application/json
Accept-Language: en-US
Request header
Content-Type: application/json
Request payload
{
"user" : "admin",
"password" : "password"
}
Response header
HTTP/1.1 200 OK
Content-Language: en-US
Response body (JSON)

{
"token":"44072fb20fbe38322b5e67a7e780978e20abbc80"
}
REST API for retrieving the BigFix Inventory version

You use the GET operation on the api/sam/about element to request information about the version of
BigFix Inventory.
To retrieve information about the current version of BigFix Inventory, use the following URL:
https://hostname:port/api/sam/about?token=token
Important:
430
v Each of your API requests must be authenticated with the token parameter. You can either retrieve it
by using REST API for retrieving authentication token or you can view it in the Profile preferences of
BigFix Inventory.
v By default, the data retrieved is sorted by id.
Operation details
Description
Operation
GET /api/sam/about
Purpose
Returns the version of BigFix Inventory
HTTP method
GET
Resource URI
https://server_host_name:port_number/api/sam/about
URL link relation
n/a
n/a
Request headers

Request payload
n/a
Response headers
application/json
Header Content-Type
Values en-US, ...
Response payload
About element
application/json
200 OK


Request
GET api/sam/about
?token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623
Response header
HTTP/1.1 200 OK
431

{
"product": "IBM BigFix Inventory",
"version": "9.2.20140331-2015"
}
REST API for retrieving the data import status

You use the GET operation on the api/import_status.json element to check the status of data imports in
BigFix Inventory.
By using this API, you can check whether an import is currently in progress, what is its percentage
status, or when did the last successful import finish. Basing on this information, you can recognize
whether data that you can retrieve with other REST API types resembles the actual state of your
infrastructure. To do so, ensure that you always retrieve the API data if no imports are currently in
progress and the last successful one finished recently.
To retrieve information about the status of a data import, use the following URL:
https://hostname:port/api/import_status.json?token=token
Important: Each of your API requests must be authenticated with the token parameter. To view your
unique token, log in to BigFix Inventory, in the top-right corner expand the list under your user name,
and then click Profile.
Operation details
Description
Operation
GET /api/import_status.json
Purpose
Returns the status of the data import
HTTP method
GET
Resource URI
https://server_host_name:port_number/api/import_status.json
URL link relation
n/a
n/a
Request headers

Request payload
Response headers
n/a
application/json
Header Content-Type
Values en-US, ...
Response payload
432
Import status element

application/json

Operation details
Description
200 OK

Query parameters
You can use query parameters to narrow down the results of your search. The following table presents
query parameters that you can use for the api/import_status.json element.
Table 93. Query parameters for retrieving the import status
Parameter
Description
Required
Value
format
Specifies the format of the retrieved information.

The possible values are json or xml.
No
String
Yes
Alphanumeric
Retrieve information in the json format:

URL?format=json
A unique user authentication identifier. You can
view your token in the Profile preferences of
BigFix Inventory.
token

Request
GET api/import_status.json
Response header
HTTP/1.1 200 OK

If a data import has never been initiated:
{
"mode": "none",
"can_run_imports": true,
"import_status_url": "/import_status",
"import_create_url": "/management/imports",
"progress": 59
}
If a data import is in progress:

{
"mode": "running",
"progress": 59
}
If a data import is not running:

433
{
"mode": "idle"/"pending",
"last_status": successful,
"last_success_time": "2014-06-18T04:00:29Z"
}
Where:
v mode - status of the data import, it can assume the following values:
none - a data import has never been initiated
idle - no data imports are currently running
running - a data import is in progress
pending - an action performed in the user interface requires a data import to be started for
the change to take effect
v can_run_imports - specifies whether the user retrieving this API can run imports,
v import_status_url - web address of this API,
v import_create_url - web address of the data imports panel in BigFix Inventory,
v progress - percentage status of the running import,
v last_status - status of the last import,
v last_success_time - date of the last successful import.
REST API for software inventory management

You can reduce the time needed to manage your software inventory in a large environment by using
REST API instead of the application user interface. You can use REST API to get a list of software
products, releases, and release instances. You can also find out how your software can be bundled.
Retrieval of software products

You use the GET operation on the api/sam/swinventory/products element to request information about
the software products that are installed in your infrastructure.
Operation details
Description
Operation
GET /api/sam/swinventory/products
Purpose
Returns a list of software products.
HTTP method
GET
Resource URI
https://server_host_name:port_number/api/sam/swinventory/products
URL link relation
n/a
For a list of applicable query parameters, see: Query parameters.
Request headers

Request payload
434
n/a
Application/json

Operation details
Description
Response headers
Header Content-Type
Values Application/json
Values en-US, ...
Products element
Response payload
Application/json
200 OK

401 Unauthorized if the user is not authorized to perform the
operation
416 Requested Range Not Satisfiable if the user provided a start
or count range that cannot be satisfied
Query parameters
query parameters that you can use for the swinventory/products element.
Table 95. Query parameters for retrieving software products
Parameter
Description
Required
Value
confirmed_
filter
The state of bundling confirmation. If the

parameter is not specified, both confirmed and
unconfirmed software instances are displayed.
No
true
false
count
The number of rows to be returned.
No
Numeric
Default: 80
endDate
Discovery end date. If the parameter is not

specified, the current date is used.
No
Date in the
YYYY-MM-DD format
part_number_
filter
The part number to which the software item was

assigned according to the imported part number
list.
No
String
product_
release_
component_
filter
The name of the software product, release, or

component.
No
String
reportGroup
Identifier of the report group to which the

computer that has the software installed belongs.
No
Numeric
Default: 1
start
The number of the first row of data to be returned. No
Numeric
Default: 0
435
Table 95. Query parameters for retrieving software products (continued)

Parameter
Description
Required
startDate
Discovery start date. If the parameter is not

No
specified, the start date is set either to 90 days
back, or to the server installation date, depending
on which one of these dates is closer to the current
date.
Date in the
YYYY-MM-DD format
token
A unique user authentication identifier.
Alphanumeric
Yes
Value

Request
GET /api/sam/swinventory/products
?token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623&startDate=2012-10-19
&endDate=2012-10-19 HTTP/1.1
Response header
HTTP/1.1 200 OK

[{
"id": "16113",
"level": "product",
"productReleaseComponent": "IBM Cognos Business Intelligence
for Non-Production Environment",
"children": "true",
"confidence": "11",
"type": "root"
}]
Retrieval of releases of a product

You use the GET operation on the api/sam/swinventory/product/{product_id}/releases element to
request information about the releases of a particular software product that is installed in your
infrastructure.
Operation details
Description
Operation
GET /api/sam/swinventory/product/{product_id}/releases
Purpose
Returns a list of releases of a particular software product that is identified

by its identifier.
HTTP method
GET
Resource URI
https://server_host_name:port_number/api/sam/swinventory/product/
{product_id}/releases
URL link relation
n/a
436

Operation details
Description
Request headers

n/a
Request payload
Application/json
Response headers
Header Content-Type
Values en-US, ...
Releases element
Response payload
Application/json
200 OK

operation
404 Not Found if a release or instance of the product or version that
is requested does not exist
Query parameters
query parameters that you can use for the swinventory/product/{product_id}/releases element.
Table 97. Query parameters for retrieving releases of a software product
Parameter
Description
Required
Value
confirmed_
filter

No
true
false
count
No
Numeric
Default: 80
endDate

No
Date in the
YYYY-MM-DD format
part_number_
filter

list.
No
String
437
Table 97. Query parameters for retrieving releases of a software product (continued)
Parameter
Description
Required
Value
product_
release_
component_
filter

component.
No
String
reportGroup

No
Numeric
Default: 1
start
The number of the first row of data to be returned. No
Numeric
Default: 0
startDate

No
date.
Date in the
YYYY-MM-DD format
token
Alphanumeric
Yes

Request
GET /api/sam/swinventory/product/38818/releases
&endDate=2012-10-19 HTTP/1.1
Accept: application/json Accept-Language: en-US
Response header
HTTP/1.1 200 OK

[{
"level": "release",
"productReleaseComponent": "DB2 UDB Query Patroller 6.1",
"id": "61922",
"numberOfAllInstances": "1",
"children": "true"
}]
Retrieval of release instances

You use the GET operation on the api/samswinventory/release/{release_id}/instances element to
request information about the instances of a software product release for a particular release that is
installed in your infrastructure.
Operation details
Description
Operation
GET /api/sam/swinventory/release/{release_id}/instances
Purpose
Returns a list of instances for the requested software product release.
HTTP method
GET
Resource URI
https://server_host_name:port_number/api/sam/swinventory/release/
{release_id}/instances
438

Operation details
Description
URL link relation
n/a
Request headers

n/a
Request payload
Application/json
Response headers
Header Content-Type
Values en-US, ...
Instances element. Each instance is a single component on a single agent.
Response payload
Application/json
200 OK

operation
Query parameters
query parameters that you can use for the swinventory/release/{release_id}/instances element.
Table 99. Query parameters for retrieving release instances
Parameter
Description
Required
Value
confirmed_
filter

No
true
false
count
No
Numeric
Default: 80
endDate

No
Date in the
YYYY-MM-DD format
439
Table 99. Query parameters for retrieving release instances (continued)

Parameter
Description
Required
Value
name_host_
filter
The name of the computer on which the software

item is installed.
No
String
name_server_
filter
The name of the server on which the software

item is installed.
No
String
operating_
system_filter
Operating system of the computer on which the

software item is installed.
No
String
part_number_
filter

list.
No
String
product_
release_
component_
filter

component.
No
String
reportGroup

No
Numeric
Default: 1
start
The number of the first row of data to be

returned.
No
Numeric
Default: 0
startDate

on which one of these dates is closer to the
current date.
No
Date in the
YYYY-MM-DD format
token
Yes
Alphanumeric

Request
GET /api/sam/swinventory/release/61922/instances
&endDate=2012-10-19 HTTP/1.1
Response header
HTTP/1.1 200 OK

[{
"operatingSystem": "Linux Red Hat Enterprise Server 5.4 (2.6.18-164.el5)",
"currentServerId": "TLM_VM_VMware-42 3b 3b 73 2a 12 4a c5-e0 56 d1 30 74
6b 53 2a",
"updateTime": "1374082814268",
"hostname": "NC042189",
"id": "347",
"bundleRules": "the relation in the software catalog,
the stand-alone product discovery",
"processorType": "Intel(R) Xeon(R) Multi-core 3400-3699 or 5500-5699",
440
"productReleaseComponent": "IBM CICS Transaction Gateway 6.0",

"pvuPerCore": "70",
"installationPaths": "/nfs/bak/SLES10.2/usr/catalog_test/linux01/1",
"isSimple": "false"
}]
Retrieval of releases to which a software instance can be reassigned

You use the GET operation on the api/sam/swinventory/targetBundlesOfInstances element to request
information about the possible releases to which the requested software instance can be reassigned.
Operation details
Description
Operation
GET /api/sam/swinventory/targetBundlesOfInstances
Purpose
Returns a list of possible releases to which the requested software instance

can be reassigned.
HTTP method
GET
Resource URI
https://server_host_name:port_number/api/sam/swinventory/
targetBundlesOfInstances
URL link relation
n/a
For a list of applicable query parameters, see: Query parameters on page

442.
Request headers

Request payload
Response headers
n/a
Application/json
Header Content-Type
Values en-US, ...
Response payload
targetReleases element
Application/json
200 OK
441

Operation details
Description

operation
Query parameters
query parameters that you can use for the swinventory/targetBundlesOfInstances element.
Table 101. Query parameters for retrieving releases to which a software instance can be reassigned
Parameter
Description
Required
Value
product
InventoryId
A list of unique product identifiers separated

with a comma.
Yes
Numeric
reportGroup

computer that has the software installed
belongs.
No
Numeric
Default: 1
token
Yes
Alphanumeric

Request
GET /api/sam/swinventory/targetBundlesOfInstances
?token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623&productInventoryId=200032
HTTP/1.1
Response header
HTTP/1.1 200 OK

[{
"productId": "69558",
"appliedRules": "the relation in the software catalog,
"productName": "IBM Smart Analytics System 2050 Departmental
Base Remote Standby Server 1.0",
"id": "69558",
"branchType": "0",
"isShared": "false"
}]
Retrieval of releases to which a release instance can be reassigned

You use the GET operation on the api/sam/swinventory/targetBundlesOfReleases element to request
information about the possible releases to which the instances of the requested software releases can be
reassigned.
442
Operation details
Description
Operation
GET /api/sam/swinventory/targetBundlesOfReleases
Purpose
Returns a list of possible releases to which the instances of the requested

software releases can be reassigned.
HTTP method
GET
Resource URI
targetBundlesOfReleases
URL link relation
n/a
Request headers

Request payload
Response headers
n/a
Application/json
Header Content-Type
Values en-US, ...
Response payload
Application/json
200 OK

operation
Query parameters
query parameters that you can use for the swinventory/targetBundlesOfReleases element.
443
Table 103. Query parameters for retrieving releases to which a release instance can be reassigned
Parameter
Description
Required
Value
confirmed_
filter

No
true
false
endDate

No
Date in the
YYYY-MM-DD format
name_host_
filter

item is installed.
No
String
name_server_
filter
The name of the server on which the software item No

is installed.
String
operating_
system_filter

No
String
part_number_
filter

list.
No
String
product_
release_
component_
filter

component.
No
String
releases
A list of unique release identifiers separated with a Yes

comma.
Numeric
reportGroup

Numeric
Default: 1
startDate

No
date.
Date in the
YYYY-MM-DD format
token
Alphanumeric
No
Yes

Request
GET /api/sam/swinventory/targetBundlesOfReleases
&releases=64050&startDate=2012-09-29&endDate=2012-10-02 HTTP/1.1
Response header
HTTP/1.1 200 OK

[{
"appliedRules": "the relation in the software catalog",
"productName": "IBM Database Enterprise Developer Edition 10.1",
"id": "72563",
"branchType": "0",
"isShared": "false"
}]
444
Retrieval of instances to reassign to a release

You use the GET operation on the api/sam/swinventory/targetInstances element to request information
about the target instances that can be reassigned to a particular release.
Operation details
Description
Operation
GET /api/sam/swinventory/targetInstances
Purpose
Returns a list of target instances that can be reassigned to a particular

release.
HTTP method
GET
Resource URI
targetInstances
URL link relation
n/a
For a list of applicable query parameters, see: Query parameters on page

446.
Request headers

Request payload
Response headers
n/a
Application/json
Header Content-Type
Values en-US, ...
Response payload
targetInstances element
Application/json
200 OK

401 Unauthorized if a user is not authorized to perform the
operation
you requested for does not exist
445
Query parameters
query parameters that you can use for the GET/swinventory/targetInstances element.
Table 105. Query parameters for retrieving instances to reassign to a release
Parameter
Description
Required
Value
releaseId
A unique identifier of a release.
Yes
Numeric
reportGroup

No
Numeric
Default: 1
token
Yes
Alphanumeric

Request
GET /api/sam/swinventory/targetInstances
?token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623&releaseId=72717 HTTP/1.1
Response header
HTTP/1.1 200 OK

[{
"componentNameVersion": "IBM Tivoli Directory Server (SP) 6.0",
"hostname": "Agent20",
"path": "C:\Documents and Settings\Administrator\Signatures",
"updateTime": "1349270690593",
"appliedRules": "the relation in the software catalog, the infrastructure co-location",
"id": "200027",
"productNameVersion": "IBM WebSphere Process Server Hypervisor Edition for
Novell SLES for x86 6.2",
"isShared": "false"
}]
Retrieval of instances shared by releases

You use the GET operation on the api/sam/swinventory/instanceToShare element to request information
about the releases that can share a particular instance.
Operation details
Description
Operation
GET /api/sam/swinventory/instanceToShare
Purpose
Returns a list of software releases that can share a particular instance.
HTTP method
GET
Resource URI
instanceToShare
URL link relation
n/a
446

Operation details
Description
Request headers

n/a
Request payload
Application/json
Response headers
Header Content-Type
Values en-US, ...
Response payload
Application/json
200 OK
400 Bad Request if a parameter contains errors or is missing
401 Unauthorized if you are not authorized for the operation
Query parameters
query parameters that you can use for the swinventory/instanceToShare element.
Table 107. Query parameters for retrieving an instance shared by releases
Parameter
Description
Required
Value
product
InventoryId
A unique identifier of a product.
Yes
Numeric
reportGroup

No
Numeric
Default: 1
token
Yes
Alphanumeric
447

Request
GET /api/sam/swinventory/instanceToShare
?token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623&productInventoryId=200032
HTTP/1.1
Response header
HTTP/1.1 200 OK

[{
"isSelected": "true",
"appliedRules": "the relation in the software catalog,
"productName": "IBM Alphablox for Linux, UNIX and Windows 9.5",
"id": "64050",
"branchType": "0",
"isShared": "false"
}
]
REST API for software classification

You can reduce the time that is needed to manage your software instances in a large environment by
using REST API instead of the application user interface. You can use REST API to share instances,
include or exclude instances from a pricing calculation, confirm and assign instances, and reassign
instances.
Share an instance with more than one product

You use the POST operation on the api/sam/swinventory/share element to share an instance of a
component with more than one product.
Operation details
Description
Operation
/api/sam/swinventory/share
Purpose
Shares an instance with a list of software products.
HTTP method
POST
Resource URI
https://server_host_name:port_number/api/sam/swinventory/share
URL link relation
n/a
Request headers

Request payload
n/a
n/a
448

Operation details
Description
Response headers
Values en-US, ...
Response payload
n/a
n/a
204 No content

operation
the user requested does not exist
422 Unprocessable Entity if the request was well-formed but was
unable to be followed due to semantic errors
Query parameters
query parameters that you use for the POST/swinventory/share element.
Table 109. Query parameters for sharing an instance with more than one product
Parameter
Description
Required
Value
productIds
A list of unique product identifiers separated with

a comma. At least one identifier must be specified.
Yes
Numeric
product
InventoryId
A unique identifier of an instance that is shared by Yes

products.
Numeric
token
Yes
Alphanumeric
updateTime
Timestamp of the last modification time of the

instance expressed in milliseconds. This parameter
is used to handle concurrent actions.
Yes
Numeric
Use the GET operation on the swinventory/

instanceToShare element to get product identifiers.

release/{release_id}/instances element to get
the update time.

Request
POST /api/sam/swinventory/share?token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623
&productInventoryId=200032&updateTime=1349237658578&productIds=70665,70656 HTTP/1.1
449
Response header
HTTP/1.1 204 OK
Inclusion of instances in a pricing calculation

You use the POST operation on the api/sam/swinventory/include element to include instances in the
pricing calculation.
Operation details
Description
Operation
/api/sam/swinventory/include
Purpose
Includes instances in a pricing calculation.
HTTP method
POST
Resource URI
https://server_host_name:port_number/api/sam/swinventory/include
URL link relation
n/a
Request headers

Request payload
n/a
n/a
Response headers
Values en-US, ...
Response payload
n/a
n/a
204 No content

operation
Query parameters
query parameters that you can use for the POST/swinventory/include element.
450
Table 111. Query parameters for including instances in pricing calculations

Parameter
Description
Required
Value
product
InventoryId
A list of unique identifiers of instances that are to

be included in the calculation separated with a
comma. At least one identifier must be specified.
Yes
Numeric
token
Yes
Alphanumeric
updateTime
A list of timestamps of the last modification time

of instances expressed in milliseconds. The
timestamps are separated with a comma. The first
timestamp in the list corresponds to the first
instance, and so on. This parameter is used to
handle concurrent actions.
Yes
Numeric

the update times.

Request
POST /api/sam/swinventory/include?token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623
&productInventoryId=198,300201&updateTime=1349237658578,1349237658588 HTTP/1.1
Response header
HTTP/1.1 204 OK
Exclusion of instances from pricing calculations

You use the POST operation on the api/sam/swinventory/exclude element to exclude instances from
pricing calculations.
Operation details
Description
Operation
/api/sam/swinventory/exclude
Purpose
Excludes instances from a pricing calculation.
HTTP method
POST
Resource URI
https://server_host_name:port_number/api/sam/swinventory/exclude
URL link relation
n/a
Request headers

Request payload
n/a
n/a
451

Operation details
Description
Response headers
Values en-US, ...
Response payload
n/a
n/a
204 No content

operation
Message body excludes an error message with details.
Query parameters
query parameters that you can use for the POST/swinventory/exclude element.
Table 113. Query parameters for excluding instances from pricing calculations
Parameter
Description
Required
Value
product
InventoryId
A list of unique identifiers of instances to be

excluded from the calculation separated with
a comma. At least one identifier must be
specified.
Yes
Numeric
reason
The reason for excluding an instance from the Yes

pricing calculations.
backup
beta
component
evaluation
no_licensing
not_compatible
other
comment
Additional comments for the reason of

exclusion.
Only when
reason is
other
String
token
Yes
Alphanumeric
452
Table 113. Query parameters for excluding instances from pricing calculations (continued)
Parameter
Description
Required
Value
updateTime
A list of timestamps of the last modification

time of the instances expressed in
milliseconds. Each timestamp is separated
with a comma. The first timestamp in the list
corresponds to the first instance, and so on.
This parameter is used to handle concurrent
actions.
Yes
Numeric
Use the GET operation on the

swinventory/release/{release_id}/
instances element to get the update times.

Request
POST /api/sam/swinventory/exclude
&productInventoryId=300001,500001&updateTime=1349237658578,1349237658588
&reason=no_licensing HTTP/1.1
Response header
HTTP/1.1 204 OK
Reassignment of instances to a product

You use the POST operation on the api/sam/swinventory/reassign element to reassign instances to a
different product.
Operation details
Description
Operation
/api/sam/swinventory/reassign
Purpose
Reassigns instances to a different product.
HTTP method
POST
Resource URI
https://server_host_name:port_number/api/sam/swinventory/reassign
URL link relation
n/a
Request headers

Request payload
n/a
n/a
453

Operation details
Description
Response headers
Values en-US, ...
Response payload
n/a
n/a
204 No content

operation
Query parameters
query parameters that you can use for the POST/swinventory/reassign element.
Table 115. Query parameters for reassigning instances to a different product
Parameter
Description
Required
Value
productId
A unique identifier of a product to which the

instance is to be reassigned.
Yes
Numeric

targetBundlesOfInstances element to get product
identifiers.
product
InventoryId

reassigned to a product separated with a comma.
At least one identifier must be specified.
Yes
Numeric
updateTime

of the instances expressed in milliseconds. The
Yes
Numeric
Yes
Alphanumeric

the update times.
token
454

Request
POST /api/sam/swinventory/reassign?token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623
&productInventoryId=200027,300001&productId=72786&updateTime=
1349237658578,1349237658588 HTTP/1.1
Response header
HTTP/1.1 204 OK
Reassignment of instances to a product for a list of releases

You use the POST operation on the api/sam/swinventory/reassignRelease element to reassign instances
for a list of releases to a product.
Operation details
Description
Operation
/api/sam/swinventory/reassignRelease
Purpose
Reassigns instances to a product for a list of releases.
HTTP method
POST
Resource URI
reassignRelease
URL link relation
n/a
Request headers

Request payload
n/a
n/a
Response headers
Values en-US, ...
Response payload
n/a
n/a
204 No content
455

Operation details
Description

operation
Query parameters
query parameters that you can use for the POST/swinventory/reassignRelease element.
Table 117. Query parameters for retrieving instances to reassign to a release
Parameter
Description
Required
Value
endDate

No
Date in the
YYYY-MM-DD format
name_host_
filter

item is installed.
No
String
name_server_
filter

is installed.
String
operating_
system_filter

No
String
part_number_
filter

list.
No
String
product_
release_
component_
filter

component.
No
String
productId
A unique identifier of a product to which the

instance is to be assigned.
Yes
Numeric
releases
A list of unique release identifiers separated with a Yes

comma. At least one identifier must be specified.
Numeric
startDate

specified, the first date that is not covered by a
signed audit report is used. If there are no signed
reports, the server installation date is used.
No
Date in the
YYYY-MM-DD format
token
Yes
Alphanumeric

targetBundlesOfReleases element to get product
identifiers.
456

Request
POST /api/sam/swinventory/reassignRelease
&releases=67757,95947&productId=67756&startDate=2012-09-29&endDate=2012-10-02
Response header
HTTP/1.1 204 OK
Confirmation of instances to bundle or assign

You use the POST operation on the api/sam/swinventory/confirm element to confirm the bundling or
assignment of instances.
Operation details
Description
Operation
/api/sam/swinventory/confirm
Purpose
Confirms the bundling or assignment of instances.
HTTP method
POST
Resource URI
https://server_host_name:port_number/api/sam/swinventory/confirm
URL link relation
n/a
Request headers

Request payload
n/a
n/a
Response headers
Values en-US, ...
Response payload
n/a
n/a
204 No content
457

Operation details
Description

operation
Query parameters
query parameters that you can use for the POST/swinventory/confirm element.
Table 119. Query parameters for confirming instances
Parameter
Description
Required
Value
product
InventoryId

confirmed separated with a comma. At least one
identifier must be specified.
Yes
Numeric
updateTime

of instances expressed in milliseconds. The
Yes
Numeric
Yes
Alphanumeric

the update times.
token

Request
POST /api/sam/swinventory/confirm?token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623
&productInventoryId=200027,300001&updateTime=1349237658578,1349237658588 HTTP/1.1
Response header
HTTP/1.1 204 OK
Confirmation of the assignment of instances for a release

You use the POST operation on the api/sam/swinventory/confirmRelease element to confirm the
assignment of instances for a release.
458
Operation details
Description
Operation
api/sam/swinventory/confirmRelease
Purpose
Confirms assignment of instances for a release.
HTTP method
POST
Resource URI
confirmRelease
URL link relation
n/a
No
Request headers

Values en-US (English language only supported)
Request payload
n/a
n/a
Response headers
Values en-US, ...
Response payload
n/a
n/a
204 No content

operation
Query parameters
The following table presents query parameters that you can use for the POST/swinventory/confirmRelease
element.
Parameter
Description
Required
Value
endDate

No
Date in the YYYY-MM-DD

format
name_host_
filter

item is installed
No
String
name_server_
filter

is installed
String
operating_
system_filter

software item is installed
String
No
459
Parameter
Description
Required
Value
part_number_
filter

list.
No
String
product_
release_
component_
filter
The name of a software product, software release,

or a component
No
String
releases
A list of unique release identifiers. Each identifier

is separated by a comma. At least one ID must be
entered
Yes
Numeric
startDate

specified, the first date that is not covered by a
signed audit report is used. If there are no signed
reports, the server installation date is used.
No
Date in the YYYY-MM-DD

format
token
Yes
Alphanumeric

Request
POST /api/sam/swinventory/confirmRelease
?token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623&releases=95185
&startDate=2012-10-18&endDate=2013-01-26 HTTP/1.1
Response header
HTTP/1.1 204 OK
REST API for administration server settings

Settings of the BigFix Inventory server are modified by using REST API.
Retrieval of the administration server settings

You use the GET operation on the api/sam/configs element to request information about current settings
of the BigFix Inventory server. The output is returned in the JSON format.
Operation details
Description
Operation
GET /api/sam/configs
Purpose
Returns information about the current settings of the administration server.
HTTP method
GET
Resource URI
https://server_host_name:port_number/api/sam/configs
URL link relation
n/a
URL query parameters
For a list of query parameters, see: Query parameters.
Request headers

Request payload
460
n/a

Operation details
Description
Application/json
Response headers
Header Content-Type
Values en-US, ...
configs element
Response payload
Application/json
n/a
n/a
Query parameters
The following table presents query parameters that you can use for the configs element.
Table 121. Query parameters for retrieving server settings
Parameter
Description
Required
Value
name
Returns the configuration of a single parameter.
No
Name of the parameter
Yes
Alphanumeric
Possible values are:

v calculateLicenseUsageForIncompleteComputers
v computerVmManagerDetachmentPeriod
v csvReportSeparator
v maxWaitingForVMData
v maxWMManagerInactivity
v maximumNumberOfLicenseUseMetricFiles
ToProcessPerImport
v numberOfImportThreads
v removeCustomBundlings
v storeHwDataForAllVMManagerNodes
v tempPathForGeneratedFiles
v vmManagerPostprocessGuestEnabled
v vmman_check_uniqueness_enabled
v vmman_connection_time_out
v vmman_max_subsequent_login_failures
v vmman_thread_pool_size
v vmman_pooling_time_interval
v vmman_transfer_period
v vmman_uuid_filtering_enabled
token
461

Request
GET https://localhost:9081/api/sam/configs?token=
7adc3efb175e2bc0f4484bdd2efca54a8fa04623&name=maxVMManagerInactivity

[
{"name":"maxVMManagerInactivity",
"value":"3",
"valueType":"days",
"valueMax":90,
"valueMin":1}
]
Configuration of the administration server settings

You use the PUT operation on the api/sam/configs element to change settings of the BigFix Inventory
server. The output is returned in the JSON format.
Operation details
Description
Operation
PUT /api/sam/configs
Purpose
Changes the current settings of the administration server.
HTTP method
PUT
Resource URI
https://server_host_name:port_number/api/sam/configs
URL link relation
n/a
URL query parameters
For a list of query parameters, see: Query parameters.
Request headers

Request payload
Response headers
n/a
application/x-www-form-urlencoded
Values en-US, ...
Response payload
n/a
n/a
204
404 - Not Found
462
Query parameters
The following table presents query parameters that you can use for the configs element.
Table 123. Query parameters for changing server settings
Parameter
Description
Required
Value
name
Specifies the parameter whose value is to be

changed.
Yes
Name of the parameter
Possible values are:

v calculateLicenseUsageForIncompleteComputers
v computerVmManagerDetachmentPeriod
v csvReportSeparator
v maxWaitingForVMData
v maxWMManagerInactivity
v
maximumNumberOfLicenseUseMetricFiles
ToProcessPerImport
v numberOfImportThreads
v removeCustomBundlings
v storeHwDataForAllVMManagerNodes
v tempPathForGeneratedFiles
v vmManagerPostprocessGuestEnabled
v vmman_check_uniqueness_enabled
v vmman_connection_time_out
v vmman_max_subsequent_login_failures
v vmman_thread_pool_size
v vmman_pooling_time_interval
v vmman_transfer_period
v vmman_uuid_filtering_enabled
token
Yes
Alphanumeric
value
Specifies the value of the parameter that you want

to change.
Yes
Value that is within the

range specific for the
parameter.

Request
PUT http://localhost:9981/api/sam/configs
?token=7adc3efb175e2bc0f4484bdd2efca54a8fa04623&name=
maxVMManagerInactivity&value=30
REST API for retrieving computer systems, software instances, and

license usage
You can use this REST API to quickly retrieve large amounts of data related to your computer systems,
software instances, and license usage. Once the data is retrieved, it can be passed to other applications for
further processing and analysis.
The following image represents the relations between all resources included in this REST API:
463
Computer System
api/sam/computer_systems
Software Instance
api/sam/software_instances
License Usage
api/sam/license_usages
Scenarios
Choose one of the scenarios to learn how to determine the license usage for all of your computer systems
or only for the selected ones. The first approach is recommended if you want to retrieve your data in
bulk and calculate the license usage for the whole environment. The second one, however, allows you to
quickly target specific information by retrieving data for a chosen subset of computer systems.
Determining license usage for all computer systems:
You can extract your data in bulk to determine total license usage for software on all your computer
systems. Instead of using reports in the application user interface, you can make API requests to quickly
retrieve large amounts of data.
Before you begin
v Each API request (URL) must be authenticated with the token parameter. You can either retrieve it by
using REST API for retrieving authentication token or you can view it in the Profile preferences of
BigFix Inventory.
v To obtain the list of query parameters to narrow down your results and the list of available columns,
see the information related to a particular API type.
Performance considerations
v Retrieving large amounts of data might impact the performance of your environment, therefore API
should not be used together with other performance intensive tasks, like data imports. For more
information, see Scalability guidelines.
v Retrieve your data in pages rather then query for each computer ID separately. You can make several
API requests and use the limit and offset parameters to paginate your results.
Note:
For environments with approximately 200 000 endpoints, it is recommended to retrieve your data in
pages of 100 000 rows for computer systems, 200 000 rows for software instances, and 300 000 rows
for license usage. If you limit the first request to 100 000 results, append the next request with the
offset=100000 parameter to omit the already retrieved records. Adjust the values according to the
size of your deployment.
If you have a small number of endpoints, you can omit the limit and offset parameters, and
retrieve your data by using only one API request.
Procedure
1. Retrieve the list of your computer systems:
https://hostname:port/api/sam/computer_systems?
token=token&limit=100000&offset=100000
Result: Each computer system has a different id. You can later use this id to create a match between
your software instances and computer systems.
{
"id": 182,
"parent_id": 175,
464
"type": "virtual",
"os": "Win2008R2 6.1.7601",
"host_name": "NC9128109187",
"dns_name": "NC9128109187",
"ip_address": [
"9.128.109.187"],
"last_seen": "2014-06-06T03:56:39Z",
"hardware_manufacturer": "-",
"hardware_model": "-",
"hardware_serial_number": "TLM_VM_4236ac43",
"processor_type": "Multi-core",
"processor_brand": "Xeon(R), 3 or 4 Socket",
"processor_vendor": "Intel(R)",
"processor_model": "E3-12xx, E7-28xx, E7-48xx",
"partition_cores": "1.0",
"server_processors": 1,
"server_cores": 1
}
2. Retrieve the list of your software instances. The software_title_name column that allows you to
recognize the name of your software is hidden by default, which means that you have to append the
URL with the columns[] parameter followed by the name of a hidden column.
The following example retrieves the computer_system_id and software_title_name columns so that
you can recognize which software is installed on which computer system. If you want to retrieve
complete information, append the URL with the names of all columns. You can find the column
names in response body:
https://hostname:port/api/sam/software_instances?
token=token&limit=100000&offset=100000&
columns[]=computer_system_id&columns[]=catalog_dimension.software_title_name
Result: Each software instance contains a computer_system_id column that represents an ID of a

computer that a particular instance is installed on. Use this column to match your software instances
with computer systems. For example, if rows 152-155 contain a computer_system_id=182 column, it
means that all those software instances are installed on a computer system with ID 182.
{
"computer_system_id": 182,
"catalog_dimension": {
"software_title_name": "IBM BigFix Inventory"
}
3. Retrieve the license usage information. Append the URL with the software_title_dimension.name
column to be able to recognize the name of the software that the license usage is presented for.
The following example retrieves the computer_system_id, metric_name, peak_value, and
software_title_dimension.name columns. If you want to retrieve complete information, append the
URL with the names of all columns. You can find the column names in response body:
https://hostname:port/api/sam/license_usages?
token=token&limit=100000&offset=100000&
columns[]=computer_system_id&columns[]=metric_name&columns[]=peak_value&
columns[]=software_title_dimension.name
Result: Each record contains a computer_system_id column that represents an ID of a computer for
which the license usage is calculated. Use this column to match the license usage with computer
systems. For example, if rows 152-155 contain a computer_system_id=182 column, it means that all
those license usage records are presented for a computer system with ID 182. The peak_value column
represents the peak license usage (over last 90 days) for a particular software title (which is described
by software_title_dimension.name). The metric_name column allows you to recognize whether the
license type is PVU or RVU, full or subcapacity.
{
"metric_name": "RVU_FULL_CAP",
"peak_value": 2,
"software_title_dimension": {
465
"name": "IBM BigFix Inventory"

}},
{
"metric_name": "RVU_SUB_CAP",
"peak_value": 2,
}}
4. Determine the total license usage for a software title by summing up the values of all peak_value
columns retrieved for this software title from all your computer systems. For example, sum up all
peak_values for IBM BigFix Inventory on all computer systems that contain entries for this particular
software. Do not combine the metric types, but calculate the PVU_FULL_CAP, RVU_FULL_CAP,
PVU_SUB_CAP, and RVU_SUB_CAP separately.
Determining license usage for selected computer systems:
You can narrow down the results of your API requests to retrieve data only from selected computer
systems. This approach is recommended if you want to quickly target specific information.
Before you begin
v Each API request (URL) must be authenticated with the token parameter. You can either retrieve it by
using REST API for retrieving authentication token or you can view it in the Profile preferences of
BigFix Inventory.
v To obtain the list of query parameters to narrow down your results and the list of available columns,
see the information related to a particular API type.
Procedure
1. Retrieve selected computer systems by querying for their ID:
https://hostname:port/api/sam/computer_systems?
token=token&criteria={"or":[["id","=","1"],["id","=","2"]]}
Result: Each computer system has a different id. You can later use this id to create a match between
your software instances and computer systems. In API for software instances and license usage, this
id is represented by the computer_system_id column.
{
"id": 2,
"parent_id": 175,
"type": "virtual",
"os": "Win2008R2 6.1.7601",
"host_name": "NC9128109187",
"dns_name": "NC9128109187",
"ip_address": [
"9.128.109.187"],
"last_seen": "2014-06-06T03:56:39Z",
"hardware_manufacturer": "-",
"hardware_model": "-",
"hardware_serial_number": "TLM_VM_4236ac43",
"processor_brand": "Xeon(R), 3 or 4 Socket",
"processor_model": "E3-12xx, E7-28xx, E7-48xx",
"partition_cores": "1.0",
"server_cores": 1
}
2. Retrieve software instances for selected computer systems by querying for their ID:
466
The following example retrieves the computer_system_id and software_title_name columns so that
you can recognize which software is installed on which computer system. If you want to retrieve
complete information, append the URL with the names of all columns. You can find the column
names in response body:
https://hostname:port/api/sam/software_instances?
token=token&
criteria={"or":[["computer_system_id","=","1"],["computer_system_id","=","2"]]}
&columns[]=computer_system_id&columns[]=catalog_dimension.software_title_name
Result: Each software instance contains a computer_system_id column that represents an ID of a
computer that a particular instance is installed on. Use this column to match your software instances
with computer systems. For example, if rows 152-155 contain a computer_system_id=2 column, it
means that all those software instances are installed on a computer system with ID 2.
{
"catalog_dimension": {
"software_title_name": "IBM BigFix Inventory"
}
3. Retrieve the license usage for selected computer systems by querying for their ID. Append the URL
with the software_title_dimension.name column to be able to recognize the name of the software
that the license usage is presented for.
The following example retrieves the computer_system_id, metric_name, peak_value, and
software_title_dimension.name columns. If you want to retrieve complete information, append the
URL with the names of all columns. You can find the column names in response body:
https://hostname:port/api/sam/license_usages?
token=token&
criteria={"or":[["computer_system_id","=","1"],["computer_system_id","=","2"]]}
&columns[]=computer_system_id&columns[]=metric_name&columns[]=peak_value&
columns[]=software_title_dimension.name
Result: Each record contains a computer_system_id column that represents an ID of a computer for
which the license usage is calculated. Use this column to match the license usage with computer
systems. For example, if rows 152-155 contain a computer_system_id=2 column, it means that all those
license usage records are presented for a computer system with ID 2. The peak_value column
represents the peak license usage (over last 90 days) for a particular software title (which is described
by software_title_dimension.name). The metric_name column allows you to recognize whether the
license type is PVU or RVU, full or subcapacity.
{
"metric_name": "RVU_SUB_CAP",
"peak_value": 2,
}}
Results
You retrieved the list of software instances that are installed on a particular computer system, as well as
the license usage that they generate. This information is only a part of the total license usage generated
on all your computer systems. To determine the total license usage for your environment, see
Determining license usage for all computer systems.
Retrieval of computer systems

You use the GET operation on the api/sam/computer_systems element to request information about
computer systems in your infrastructure.
This API retrieves information about physical and virtual computer systems. Apart from computers that
have an IBM BigFix client installed, it also includes host systems on which the client is not deployed
467
because some virtualization types do not allow for software to be installed on the host level (VMware
ESXi, IBM PowerVM, and so on). Data related to such host computer systems must however be retrieved
to build a proper hierarchy between the server and its virtual machines and to correctly report the PVU
and RVU utilization. The type property determines whether a computer system is a host computer or a
virtual one. A host can be, for example, a virtualization server, ESX hypervisor, or a laptop with agent
installed. A virtual machine refers only to virtual machines that can be deployed on a host. Because of
this, you should not compare the outcome of the REST API with single reports, especially with the
Computers, and Hardware Inventory reports. To retrieve information about your computer systems, use
the following URL:
https://hostname:port/api/sam/computer_systems?token=token
Important:
BigFix Inventory.
Operation details
Description
Operation
GET /api/sam/computer_systems
Purpose
Returns a list of computer systems.
HTTP method
GET
Resource URI
https://server_host_name:port_number/api/sam/computer_systems
URL link relation
n/a
Request headers

Request payload
468
n/a
application/json

Operation details
Description
Response headers
Header Content-Type
Values en-US, ...
Header Import-Mode
Values none, idle, running, pending
Specifies the data import status.
Header Import-Progress
Values A percentage value, for example 59.
Specifies the percentage progress of a data import.
Header Import-Last-Status
Values successful, failed
Specifies the status of the last data import.
Header Import-Last-Success-Time
Values Date, for example 2014-06-18T04:00:29Z.
Specifies the time of the last successful data import.
Computer Systems element
Response payload
application/json
200 OK

Query parameters
query parameters that you can use for the api/sam/computer_systems element.
Parameter
Description
Required
Value
columns[]
Specify which columns to retrieve. If you do not

specify this parameter, a set of default columns is
retrieved. Example:
No
String
Retrieve the name and version columns:

URL?columns[]=name&columns[]=version
469
Table 125. Query parameters for retrieving software products (continued)

Parameter
Description
Required
Value
order
Specify how to sort the returned data. The default

direction for sorting columns is ascending. If you
want to specify a descending sort, append desc to
the column name. Example:
No
String
Order by type descending:

URL?order[]=type desc
limit
Specify the number of rows to retrieve. If you omit No

this parameter, all rows are retrieved.
Numeric
offset
Specify the number of rows to skip for retrieving

results. You can use it together with the limit
parameter to paginate results. Example:
No
Numeric
Yes
Alphanumeric
Retrieve 50 records starting after record 150:

URL?limit=50&offset=150
BigFix Inventory.
token
criteria
Retrieve records which match specific conditions. The parameter should have the following
structure, written on one line:
<criteria> ::= <left-brace> <boolean-operator><colon> <left-bracket>
<criterion> [{ <comma> <criterion> }...] <right-bracket> <right-brace>
<boolean-operator> ::= "and" | "or"
<criterion> ::= <criteria> | <left-bracket> <column> <comma> <operator> <comma> <value> <right-bracket>
<column> ::= <json-string>
<operator> ::= <json-string>
<value> ::= <json-array> | <json-string> | <json-numver> | <json-null>
Example: Retrieve computer systems whose operating system contains "AIX" OR the last seen
date within a specific date range:
URL?criteria={ "or": [ ["os", "contains", "aix"], { "and": [ ["last_seen", ">",
"1970-01-01T00:00:00+00:00Z"], ["last_seen", "<", "1970-01-02T00:00:00+00:00Z"] ] } ] }

Request
GET api/sam/computer_systems
Response header
HTTP/1.1 200 OK
The above response header may be followed by different entries, depending on the current status
of the data import which is represented by Import-Mode. To understand the returned values, see
the following definitions:
v none - a data import has never been initiated
v idle - no data imports are currently running
v running - a data import is in progress
470
v pending - an action performed in the user interface requires a data import to be started for the
change to take effect
Import-Mode: none

Import-Mode: running
Import-Progress: 41

Import-Mode: idle/pending
Import-Last-Status: successful
Import-Last-Success-Time: Mon, 23 Jun 2014 12:18:29 GMT

If a particular entry is hidden by default, it is not retrieved by using the general URL. To retrieve
such data, you must use query parameters to specify the name of the hidden column. For
example, you can retrieve the server_id and datasource_id columns by using the columns[]
parameter:
URL?columns[]=server_id&columns[]=datasource_id
{
"id": 25,
"computer_id": 2,
//hidden by default
"computer_remote_id": 123,
//hidden by default
"server_id: 24,
//hidden by default
"datasource_name"="Data source",
//hidden by default
"datasource_id"=1,
//hidden by default
"last_seen": "2014-04-08T14:33:41Z",
"dns_name": "NC040221.kraklab.pl.ibm.com",
"host_name": "NC040221",
"ip_address": [
"9.167.40.221",
"192.168.122.1" ],
"partition_cores" : 1,
//null for host serves
"hardware_manufacturer": "IBM",
"hardware_model": "System x3550 M2 -[794662G]-",
"hardware_serial_number": "99B7166",
"hardware_type": "7946",
//hidden by default
"hardware_name": "IBM Corp. 7946",
//hidden by default
"processor_brand": "Xeon(R)",
"processor_model": "3400-3699 or 5500-5699",
"server_cores": 8,
"pvu_per_core": 70,
//hidden by default
"os": "Linux Red Hat Enterprise Server 6.2)",
"type"="virtual",
//type: virtual or host
"parent_id"=9,
//ID of a host for a VM
"uuid":"50305bd3-1f09-7294-7033-b903767d4605" //hidden by default
}
Retrieval of software instances

You use the GET operation on the api/sam/software_instances element to request information about
software installed in your infrastructure.
To retrieve information about software instances installed on your computer systems, use the following
URL:
https://hostname:port/api/sam/software_instances?token=token
Important:
471
BigFix Inventory.
Operation details
Description
Operation
GET /api/sam/software_instances
Purpose
Returns a list of software.
HTTP method
GET
Resource URI
https://server_host_name:port_number/api/sam/software_instances
URL link relation
n/a
Request headers

Request payload
Response headers
n/a
application/json
Header Content-Type
Values en-US, ...
Header Import-Mode
Specifies the data import status.
Specifies the percentage progress of a data import.
Specifies the status of the last data import.
Specifies the time of the last successful data import.
Response payload
472
Software Instances element

Operation details
Description
application/json
200 OK

Query parameters
query parameters that you can use for the api/sam/software_instances element.
Parameter
Description
Required
Value
columns[]

retrieved. Example:
No
String
No
String

order

Order by computer system ID descending:
URL?order[]=computer_system_id desc
limit

Numeric
offset

No
Numeric
Yes
Alphanumeric

token

BigFix Inventory.
criteria
473
URL?criteria={ "or": [ ["os", "contains", "aix"],

{ "and": [ ["last_seen", ">", "1970-01-01T00:00:00+00:00Z"],
["last_seen", "<", "1970-01-02T00:00:00+00:00Z"] ] } ] }

Request
GET api/sam/software_instances
Response header
HTTP/1.1 200 OK
Import-Mode: none

Import-Progress: 41


example, you can retrieve the computer_id and software_title_name columns by using the
columns[] parameter:
URL?columns[]=computer_id&columns[]=catalog_dimension.software_title_name
{
id: 123,
software_fact_id: 123, //hidden by default
"computer_id": 3,
//hidden by default
"discoverable_guid": "0768fb15-383c-4124-a7e2-0d76dda06874",
"default_product_guid": "78d380e0-9fb9-11e3-a151-005056872dc7",
//hidden by default
"first_used": null,
"last_used": null,
"valid_from": "2014-04-02T14:24:04Z",
"valid_to": "9999-12-31T23:59:59Z",
"updated_at": "2014-04-02T14:24:04Z",
"signature_count": 1,
"total_time": 0,
"total_runs": 0,
"avg_run_time": null,
474
"avg_runs_per_day": null,
"process": null,
"deleted": false,
//hidden by default
"catalog_dimension":
//hidden by default
{
"software_title_name": "IBM BigFix Platform Agent",
"publisher_name": "IBM",
"software_title_version_name": "IBM BigFix Platform Agent",
"software_title_release_name": "IBM BigFix Platform Agent",
"version": "9.0"
}
}
Retrieval of license usage

You use the GET operation on the api/sam/license_usages element to request information about license
usage reported by your computer systems.
This API retrieves peak license usage over the last 90 days. PVU and RVU full capacity and subcapacity
license usage is retrieved only on the host computer system level. To retrieve information about license
usage reported by your computer systems, use the following URL:
https://hostname:port/api/sam/license_usages?token=token
Important:
BigFix Inventory.
v This API retrieves data for the last 90 days, until the last successful import.
v By default, the data retrieves is sorted by computer_system_id, software_title_id, and metric_name
columns.
Operation details
Description
Operation
GET /api/sam/license_usages
Purpose
Returns information about license usage
HTTP method
GET
Resource URI
https://server_host_name:port_number/api/sam/license_usages
URL link relation
n/a
Request headers

Request payload
n/a
application/json
475

Operation details
Description
Response headers
Header Content-Type
Values en-US, ...
Header Import-Mode
Specifies the import status.
Specifies the percentage progress of an import.
Specifies the status of the last import.
Specifies the time of the last successful import.
License Usages element
Response payload
application/json
200 OK

Query parameters
query parameters that you can use for the api/sam/license_usages element.
Table 129. Query parameters for retrieving license usage
Parameter
Description
Required
Value
columns[]

retrieved. Example:
No
String

476
Table 129. Query parameters for retrieving license usage (continued)

Parameter
Description
Required
Value
order

No
String
Order by peak license usage descending:

URL?order[]=peak_value desc
limit

Numeric
offset

No
Numeric
Yes
Alphanumeric

BigFix Inventory.
token
criteria
URL?criteria={ "or": [ ["os", "contains", "aix"],
{ "and": [ ["last_seen", ">", "1970-01-01T00:00:00+00:00Z"],
["last_seen", "<", "1970-01-02T00:00:00+00:00Z"] ] } ] }

Request
GET api/sam/license_usages
Response header
HTTP/1.1 200 OK
477

Import-Mode: none

Import-Progress: 41


example, you can retrieve the software_title_dimension.name column by using the columns[]
parameter:
URL?columns[]=software_title_dimension.name
{
"software_title_id": 36181,
"metric_name": "RVU_FULL_CAP",
"peak_value": 1,
"peak_date": "2014-04-14",
"peak_time": "2014-04-14T13:05:10Z",
"reporting_period_start_date": "2014-04-01",
"reporting_period_end_date": "2014-04-30",
"software_title_dimension":
//hidden by default
{
"name": "IBM BigFix Protection",
"guid": "d78048cf-842b-44e8-8036-e7e2bf8afb31",
"publisher_name": "IBM",
"publisher_guid": "8a759f0c-b91a-4d7d-8c4a-a9d85e06c13d"
}
}
REST API for export and import of saved report views

You can use REST API requests to export a saved report view from one instance of BigFix Inventory and
import it to another instance of the application.
Exporting and importing a saved report view

To export a saved report view to another instance of BigFix Inventory, check the ID of the report view in
the source instance of BigFix Inventory. Then, use the GET operation to retrieve the definition of the
saved report view. Next, use the POST operation to import it to another instance of BigFix Inventory.
About this task

The following procedure uses cURL command-line tool for negotiating API requests.
Procedure
1. Check the identifier of the saved report view.
a. Log in to the instance of BigFix Inventory from which you want to export the saved report view.
b. In the top navigation bar, click Reports > Saved Reports. Open the saved report view and check
the last number in the report URL. In the following example, the report ID is 2.
478
http://server_host_name:port_number/sam/pvuonlysubcapreports#
32fe0f54dc719893faacc1d0f38a0c9045863729/2
2. Obtain API tokens from both instances of BigFix Inventory.

a. In the top navigation bar, expand the user name menu and click Profile.
b. In the API token line, click Show token.
3. Open the command line interface and change to the location where cURL is installed.
4. To export the report view, use the following GET request:
curl -o C:\saved_reports\report_definitions\pvu_subcapacity.txt
-X GET server_host_name:port_number/api/reports/report_ID?
token=5edd5aey7cd91467h08450bc258c31f0ce706543
Where:
-o Specifies the path to the file where the definition of the saved report view is to be saved.
-X Specifies the type of HTTP request.
report_ID
Specifies the identifier of the saved report view that is to be exported.
If the request is successful, the following message is displayed:
HTTP/1.1 200 OK
5. To import the saved report view to another instance of BigFix Inventory, use the following POST
request:
curl -H "Content-Type: application/json"
-X POST -d "@C:\saved_reports\report_definitions\pvu_subcapacity.txt"
server_host_name:port_number/api/reports?
token=5cd3gh78499496e89a3246ab343474e85d8bc8fc
Where:
-H Specifies the header of the request.
-X Specifies the type of HTTP request.
-d Specifies the path to the file where the definition of the saved report view was saved.
Results
The saved report view was imported to the target instance of BigFix Inventory.
Export of saved report views

You use the GET operation on the api/reports/report_ID element to export a saved report view which
can be then imported to another instance of BigFix Inventory.
Operation details
Description
Operation
GET /api/reports/report_ID
Purpose
Returns the saved report view with the specified ID.
HTTP method
GET
Resource URI
https://server_host_name:port_number/api/reports/report_ID
URL link relation
n/a
479

Operation details
Description
Request headers

n/a
Request payload
Application/json
Response headers
Header Content-Type
Values en-US, ...
Saved reports element
Response payload
Application/json
200 OK
401- There is no match for the provided user name and password
401 - You are not assigned a Computer Group. You will not be able
to access the system until you are assigned a valid Computer
Group. Contact your administrator for assistance
404 - Sequel::RecordNotFound
For more details about each error code, check the team.log log file that is
in the install_dir/wlp/usr/servers/server1/logs/ directory.
Query parameters
query parameters that you can use for the api/reports element.
Table 131. Query parameters for retrieving saved report views
Parameter
Description
Required
Value
token
Yes
Alphanumeric
id
An identifier of the saved report. To find the report

No
identifier, open the saved report and check the last
number in the report URL. In the following example,
the report ID is 3.
server_host_name:port/sam/
app_usage_property_values#
cafcac39cd0b242b82729377b0b2b872d3af8d8a/3
480
Numeric

Request
GET/api/reports/1
&token=a070afeca411d2fs25f5s4c962de2d002b14352f
Response header
HTTP/1.1 200 OK
Content-Type: Application/json

{
"id":1,
"user_id":1,
"pagestate_id":"eb5743b7cd23316f0bc8a4dd3f63b90d73549042",
"name":"pvu_test",
"path":"/sam/pvuonlysubcapreports",
"private":true,
"state":{
"columns":["product","quantity","hwm_history"],
"criteria":{"and":[["quantity",">","200"]]},
"grid_options":["autosize_columns"],
"order":{"asc":true,"col":null},
"time_range":{
"max":"2014-07-21T10:18:04Z",
"min":"2014-04-21T22:00:00Z",
"type":"absolute_to_now",
"units":"days",
"value":"90"
},
"column_order":{
"hwm_history":1,
"product":0,
"quantity":2
},
"column_widths":{
"hwm_history":180,
"product":524,
"quantity":719
}}}
Import of saved report views

You use the POST operation on the api/reports element to import a saved report view from another
instance of BigFix Inventory.
Operation details
Description
Operation
POST /api/reports
Purpose
Imports a saved report view from another instance of BigFix Inventory.
HTTP method
POST
Resource URI
https://server_host_name:port_number/api/reports
URL link relation
n/a
Request headers

481

Operation details
Description
Request payload
Saved reports element
Application/json
Response headers
Header Content-Type
Values en-US, ...
n/a
Response payload
Application/json
200 OK
401- There is no match for the provided user name and password
401 - You are not assigned a Computer Group. You will not be able
to access the system until you are assigned a valid Computer
Group. Contact your administrator for assistance.
404 - Not Found
404 - Sequel::RecordNotFound
500 - Name is already taken
500 - There was a problem with your request
500 - Were sorry, but something went wrong. Please contact your
IBM BigFix Analytics administrator if the problem persists
500 if the JSON format is invalid, a detailed message with the problem
explanation is also returned. For example, if a name field is missing, the
following message is displayed: The property #/ did not contain a
required property of name in schema 69e40f9b-9a3e-53d1-a7d861d63eb191e8#
For more details about each error code, check the team.log log file that is
in the install_dir/wlp/usr/servers/server1/logs/ directory.
Query parameters
query parameters that you can use for the api/reports element.
Table 133. Query parameters for retrieving saved report views
Parameter
Description
Required
Value
token
Yes
Alphanumeric

Request header
482
Request
POST /api/reports?token=465c33848de3db7ch5699023ea22deb5b1a476d1
{
"id":4,
"user_id":2,
"pagestate_id":"7ebb0b0a018ab55fab8e6e40d5eb62529ea38fad",
"name":"pvu_report",
"path":"/sam/pvuonlysubcapreports",
"private":true,
"state":{
"columns":["product","quantity","hwm_history"],
"criteria":{"and":[["quantity",">","200"]]},
"grid_options":["autosize_columns"],
"order":{
"asc":true,
"col":"quantity"
},
"time_range":{
"max":"2014-07-21T10:18:04Z",
"min":"2014-04-21T22:00:00Z",
"type":"absolute_to_now",
"units":"days",
"value":"90"
},
"column_order":{
"hwm_history":1,
"product":0,
"quantity":2
},
"column_widths":{
"hwm_history":180,
"product":524,
"quantity":719
}}}
Response
HTTP/1.1 200 OK
REST API for import of contracts

You can use REST API requests to import contracts from a csv file.
Import of contracts
You use the POST operation on the api/sam/contracts/import element to import contracts from a csv file
Operation details
Description
Operation
/api/sam/contracts/import
Purpose
Uploads the contents of the csv file with contract definitions
HTTP method
POST
Resource URI
https://server_host_name:port_number/api/sam/contracts/import
URL link relation
n/a
483

Operation details
Description
Request headers

Values en-US, ...
Header Content-Type
Values multipart/form-data
Request payload
Contract definitions as form-encoded data specified as a file attachment.
multipart/form-data
Response headers
Header Content-Type
Values en-US, ...
Response payload
Status of imported elements
Application/json
200 No content

operation
Query parameters
Use the upload[contracts] query parameter to specify the path to the csv file with contracts.
Table 135. Query parameters for specifying the path to the csv file with contracts
Parameter
Description
Required
Value
upload
[contracts]
Path to the csv file with contracts
Yes
String

Request header
Content-Type: multipart/form-data;
Request
POST /api/sam/contracts/import?
token=a2279dc218ecd1f12a5e2fc1b5d77a4e6fec6598
Contract Name,Software Names,Computer Group Name,Seats,Acquisition Cost,
Maintenance Cost,Entitlement Start,Entitlement End,Maintenance Start,
Maintenance End,custStrcon1,"IBM Software Assembly Toolkit,
484
IBM License Metric Tool 7,IBM License Metric Tool 9.0",All Computers,
10,10.0,5.0,2015-04-23,2015-05-30,2015-04-23,2015-05-30,con2,
IBM BigFix Inventory, All Computers,0,1.0,2.0,2015-04-23,,,,
Response header
HTTP/1.1 200 OK
Response
{
"status":[{
"type":"CONTRACTS",
"description":{
"contract_name":"con1",
"software_names":"IBM Software Assembly Toolkit,
IBM License Metric Tool 7,
IBM License Metric Tool 9.0",
"user_name":"admin",
"access_computer_group_name":"All Computers",
"computer_group_name":"All Computers",
"seats":"10",
"acquisition_cost":"10.0",
"annual_maintenance_cost":"5.0",
"entitlement_start":"2015-04-23",
"entitlement_end":"2015-05-30",
"maintenance_start":"2015-04-23",
"maintenance_end":"2015-05-30",
"custom_fields":{
"custStr":null
}
},
"actions":[{
"error":"",
"status":"SUCCESS",
"type":"ADD"
}]
},{
"type":"CONTRACTS",
"description":{
"contract_name":"con2",
"software_names":"IBM BigFix Inventory",
"user_name":"admin",
"access_computer_group_name":"All Computers",
"computer_group_name":"All Computers",
"seats":null,
"acquisition_cost":"1.0",
"annual_maintenance_cost":"2.0",
"entitlement_start":"2015-04-23",
"entitlement_end":null,
"maintenance_start":null,
"maintenance_end":null,
"custom_fields":{
"custStr":null
}
},
"actions":[{
"error":"",
"status":"SKIPPED",
"type":"ADD"
}]
}]
}
Importing contracts from a file in CSV format

You can use the cURL command-line tool to issue a POST request to import a csv file with contracts.
485
About this task

The following procedure uses cURL a command-line tool for running REST API requests.
Procedure
1. Create a text file with the following CSV format.
Maintenance End,Contract Custom Fields...
where
Contract Name
The name of the contract. It must be unique. If the contract with a given name exists in BigFix
Inventory, the importing of that row with contract definition is skipped.
Software Names
Names of software products, versions or/and releases that are separated by a comma.
Computer Group Name
Name of the computer group. The computer group with given name must exist in BigFix
Inventory. Otherwise, the import of that row fails.
Seats
Number of users who have access to the software product under a particular contract. In case of
an ELA license, the column must be empty. (optional)
Acquisition Cost
The cost of purchasing a software product.
Maintenance Cost
The cost of purchasing maintenance plan for a software product.
Entitlement Start
The start date for a particular contract.
Entitlement End
The end date for a particular contract. (optional)
Maintenance Start
The maintenance plan start date for the software products. (optional)
Maintenance End
The maintenance plan end date for the software products. (optional)
Contract Custom Fields
The list of contract custom fields values separated by a comma. All custom fields must exist in
BigFix Inventory. Otherwise, the import of that row fails. Moreover, all custom fields that are
required in BigFix Inventory must be listed in the file.
Example
Maintenance End,custom integer,custom boolean
Name1,"IBM Software Assembly Toolkit,IBM License Metric Tool 7,
IBM License Metric Tool 9.0",All Computers,10,10.0,5.0,2015-04-24,
2015-05-31,2015-04-24,2015-05-31,1,true
Name2,IBM BigFix Inventory,All Computers,0,1.0,2.0,2015-04-24,,,,,false
2. Obtain API tokens from both instances of BigFix Inventory.

a. In the top navigation bar, expand the user name menu and click Profile.
b. In the API token line, click Show token.
3. Open the command-line interface and change to the location where cURL is installed.
486
4. To import a file with contracts into BigFix Inventory, use the following POST request.
curl -H "Content-Type: multipart/form-data" -X POST -F
"upload[contracts]=@path_to_file" http://server_host_name:port_number/
api/sam/contracts/import?token=token
Where:
@path_to_file
Specifies the path to the file where the definition of contracts was saved.
server_host_name
Address of the BigFix Inventory server.
port_number
The communications port number.
token
API token from profile view.
Example:
curl -H "Content-Type: multipart/form-data" -X POST -F
"upload[contracts]=@C:\temp\contracts.csv" http://localhost:9081/
api/sam/contracts/import?token=a2279dc218ecd1f12a5e2fc1b5d77a4e6fec6593
If the request is successful, a response in JSON format is displayed.
Results
You successfully imported contracts from a report in CSV format.
Integrating with SmartCloud Control Desk

SmartCloud Control Desk is an integrated service management solution that helps you manage a
comprehensive range of IT processes, services, and assets. You can use one of its components, Integration
Composer, to import and then process data from external applications, like BigFix Inventory.
Integration Composer
Integration Composer is an integration tool that imports hardware and software inventory data from
external databases into the Maximo database that is used by SmartCloud Control Desk. The tool can be
used to retrieve your hardware inventory from IBM BigFix and software inventory from BigFix Inventory.
The retrieved data can be then passed to SmartCloud Control Desk to create reports and license
calculations.
Integration Composer uses integration adapters to facilitate data imports. Those adapters specify how to
transform and import data for a specific discovery tool. Such integration adapters are therefore required
to describe the data that is being imported and to provide instructions on how to transform it.
Integration adapters
Integration adapters consist of a data schema and a mapping file. They provide instructions to Integration
Composer on how to transform and import your data. Your complete inventory, consisting of information
about your hardware and software, is imported in two batches which requires two adapters to be used.
The adapter for IBM BigFix must be used first and is responsible for retrieving your hardware inventory
directly from the IBM BigFix platform. After that data is imported, you use the dedicated BigFix
Inventory adapter to retrieve your software inventory from BigFix Inventory. The names of the data
schemas as well as the mapping files listed in the following table are needed to define the data source
connections and to create proper mappings that are prerequisites for starting the import.
487
Table 136. Integration adapters for BigFix Inventory

BigFix Inventory
version
BigFix Inventory
Supported
SmartCloud Control
Desk version
SmartCloud Control
Desk 7.5.1.2,
including Integration
Composer 7.5.1.2
Required adapters
Data schema
Mapping file
Retrieved data
IBM Endpoint
Manager 9.0
IEM90ToDPA75.fsn
Hardware inventory
IBM Endpoint
Manager SUA 9.1
IEMSUA91ToDPA75.fsn
Software inventory,
PVU and RVU data
Limitations
Importing your data to SmartCloud Control Desk might result in some discrepancies between what you
are importing and what is displayed in the application, mostly caused by different approaches to
classifying software products between BigFix Inventory and SmartCloud Control Desk. Also, because of
the fact that your hardware and software inventory are imported separately, the right order of running
the adapters is significant, not to mention cases in which you might want to import the data from both
BigFix Inventory and other discovery tools, like Tivoli Asset Discovery for Distributed. For a complete list
of limitations and best practices related to using Integration Composer with BigFix Inventory, see Best
practices for integrating with BigFix Inventory in the SmartCloud Control Desk wiki.
Importing your data

Data related to your hardware and software inventory must be imported separately. It means that first
you must use the adapter for IBM BigFix to import your hardware inventory directly from the platform,
and then the adapter for BigFix Inventory to import your software inventory.
Hardware inventory
To import complete hardware inventory from IBM BigFix, Integration Composer retrieves a set of
computer properties that describe details of assets that are deployed in your environment, such as the
number of processor cores, memory, host names, and so on. These properties are included in a number of
analyses that collect this data from your endpoints and upload it to IBM BigFix. All of these properties
along with analyses and action sites in which they are contained are described in the mapping table for
IBM BigFix. Before you use the IBM BigFix adapter to import you hardware inventory to SmartCloud
Control Desk, ensure that all of the action sites listed in the mapping table are enabled and that the
corresponding analyses are activated. For more information, see IBM Endpoint Manager mapping table.
When all of the analyses are activated, you can start importing your hardware inventory to SmartCloud
Control Desk by using Integration Composer. To complete this task, you must define the data source
connections so that both the source and the target database is recognized by Integration Composer, create
a mapping that describes the way in which your data should be transformed and imported, and then run
this mapping to start the import:
1. Define your data source connections.
This procedure must be completed twice to define the connection for a source and for a target. To
define the source, choose the IBM BigFix data schema that is called IBM Endpoint Manager 9.0. The
target is the Maximo database that is used by SmartCloud Control Desk. This data schema is called
Deployed Assets 7.5.
2. Create a mapping.
While creating a mapping, you import the mapping file that provides instructions to Integration
Composer on how to transform and import your data. The mapping file for IBM BigFix is
IEM90ToDPA75.fsn.
3. Run a mapping.
488
Run the mapping to start importing your data. You can do it from a command line which is the
quickest option, or by using a properties file or a prefilled script. In case of frequent imports, you
might want to choose the prefilled script because you can save the required parameters and then
reuse them with each import.
Software inventory
Your software inventory, together with PVU and RVU data, is imported directly from BigFix Inventory.
No additional configuration is required because all the necessary computer properties are already
available in BigFix Inventory. The procedure for importing your data is similar to the one for IBM BigFix.
In the same way, you define the data source connections and create a mapping, however you must use
the dedicated data schema and mapping file:
1. Define your data source connections.
This procedure must be completed twice to define the connection for a source and for a target. To
define the source, choose the BigFix Inventory data schema that is called IBM Endpoint Manager
SUA 9.1. The target is the Maximo database that is used by SmartCloud Control Desk. This data
schema is called Deployed Assets 7.5.
2. Create a mapping.
The mapping file for BigFix Inventory is IEMSUA91ToDPA75.fsn.
3. Run a mapping.
Run the mapping to start importing your data.
Results
After you run the mapping, your data is imported from BigFix Inventory. You can now log in to
SmartCloud Control Desk to view the imported data.
Viewing your data

You can view the imported data in the SmartCloud Control Desk interface. Check the data about
computers in your environment and software applications that are installed on them. You can also view
the imported PVU and RVU consumption.
Viewing computers and installed software

View the imported data about computers and software applications that are installed on them.
Procedure
1. Log in to SmartCloud Control Desk.
2. In the navigation bar, click Assets > Deployed Assets > Computers.
3. Click the Refresh icon to update the list from the database.
The list contains data for your computers that was imported from BigFix Inventory.
4. To view software installed on your computers, click on one of them.
5. Click the Software tab and then click Applications.
The list contains software applications that are installed on a particular computer.
Viewing PVU and RVU consumption

View the consumed PVU and RVU data for your software applications.
Procedure
1. Log in to SmartCloud Control Desk.
2. In the navigation bar, click Assets > Licenses.
3. In the More Actions section, click Add/View Software Consumption Data.
489
The list contains your software applications and the related PVU and RVU consumption.
Note: The VALUNIT capacity unit represents the PVU consumption.
490
Notices
This information was developed for products and services offered in the US. This material might be
available from IBM in other languages. However, you may be required to own a copy of the product or
product version in that language in order to access it.
IBM may not offer the products, services, or features discussed in this document in other countries.
Consult your local IBM representative for information on the products and services currently available in
your area. Any reference to an IBM product, program, or service is not intended to state or imply that
only that IBM product, program, or service may be used. Any functionally equivalent product, program,
or service that does not infringe any IBM intellectual property right may be used instead. However, it is
the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or
service.
IBM may have patents or pending patent applications covering subject matter described in this
document. The furnishing of this document does not grant you any license to these patents. You can send
license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
United States of America
For license inquiries regarding double-byte character set (DBCS) information, contact the IBM Intellectual
Property Department in your country or send inquiries, in writing, to:
Intellectual Property Licensing
Legal and Intellectual Property Law
IBM Japan Ltd.
19-21, Nihonbashi-Hakozakicho, Chuo-ku
Tokyo 103-8510, Japan
The following paragraph does not apply to the United Kingdom or any other country where such
provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION
PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR
IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some
states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this
statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically
made to the information herein; these changes will be incorporated in new editions of the publication.
IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in
any manner serve as an endorsement of those websites. The materials at those websites are not part of
the materials for this IBM product and use of those websites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without
incurring any obligation to you.
491
Licensees of this program who wish to have information about it for the purpose of enabling: (i) the
exchange of information between independently created programs and other programs (including this
one) and (ii) the mutual use of the information which has been exchanged, should contact:
IBM Director of Licensing
IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
US
Such information may be available, subject to appropriate terms and conditions, including in some cases,
payment of a fee.
The licensed program described in this document and all licensed material available for it are provided
by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or
any equivalent agreement between us.
The performance data discussed herein is presented as derived under specific operating conditions.
Actual results may vary.
Information concerning non-IBM products was obtained from the suppliers of those products, their
published announcements or other publicly available sources. IBM has not tested those products and
cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM
products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of
those products.
Statements regarding IBM's future direction or intent are subject to change or withdrawal without notice,
and represent goals and objectives only.
All IBM prices shown are IBM's suggested retail prices, are current and are subject to change without
notice. Dealer prices may vary.
This information is for planning purposes only. The information herein is subject to change before the
products described become available.
This information contains examples of data and reports used in daily business operations. To illustrate
them as completely as possible, the examples include the names of individuals, companies, brands, and
products. All of these names are fictitious and any similarity to actual people or business enterprises is
entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrate programming
techniques on various operating platforms. You may copy, modify, and distribute these sample programs
in any form without payment to IBM, for the purposes of developing, using, marketing or distributing
application programs conforming to the application programming interface for the operating platform for
which the sample programs are written. These examples have not been thoroughly tested under all
conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these
programs. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not be
liable for any damages arising out of your use of the sample programs.
(your company name) (year).
Portions of this code are derived from IBM Corp. Sample Programs.
Copyright IBM Corp. _enter the year or years_.
492
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be
trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at
www.ibm.com/legal/copytrade.shtml.
Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registered trademarks or
trademarks of Adobe Systems Incorporated in the United States, other countries, or both.
IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications
Agency which is now part of the Office of Government Commerce.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon,
Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its
subsidiaries in the United States and other countries.
Linux is a trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the
United States, other countries, or both.
ITIL is a registered trademark, and a registered community trademark of The Minister for the Cabinet
Office, and is registered in the U.S. Patent and Trademark Office.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or
its affiliates.
Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other
countries, or both and is used under license therefrom.
Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp.
and Quantum in the U.S. and other countries.
Terms and conditions for product documentation

Permissions for the use of these publications are granted subject to the following terms and conditions.
Applicability
These terms and conditions are in addition to any terms of use for the IBM website.
Personal use
You may reproduce these publications for your personal, noncommercial use provided that all
proprietary notices are preserved. You may not distribute, display or make derivative work of these
publications, or any portion thereof, without the express consent of IBM.
Commercial use
You may reproduce, distribute and display these publications solely within your enterprise provided that
all proprietary notices are preserved. You may not make derivative works of these publications, or
reproduce, distribute or display these publications or any portion thereof outside your enterprise, without
the express consent of IBM.
Notices
493
Rights
Except as expressly granted in this permission, no other permissions, licenses or rights are granted, either
express or implied, to the publications or any information, data, software or other intellectual property
contained therein.
IBM reserves the right to withdraw the permissions granted herein whenever, in its discretion, the use of
the publications is detrimental to its interest or, as determined by IBM, the above instructions are not
being properly followed.
You may not download, export or re-export this information except in full compliance with all applicable
laws and regulations, including all United States export laws and regulations.
IBM MAKES NO GUARANTEE ABOUT THE CONTENT OF THESE PUBLICATIONS. THE
PUBLICATIONS ARE PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF
MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE.
494
Notices
495
IBM
Printed in USA

IBM BigFix

Uploaded by

Document Informationclick to expand document informationIBM BigFix Inventory

Document Informationclick to expand document information

Copyright:

Available Formats

IBM BigFix

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IBM BigFix

Uploaded by

Copyright:

Available Formats

IBM BigFix Inventory

IBM BigFix Inventory

Chapter 2. Installing BigFix Inventory

Configuring BigFix Inventory connections ..

Configuring the product after installation . . ..

Defining the scan frequency and schedule . ..

Step 3: Installing BigFix Inventory 9.2.1. . ..

Chapter 5. Managing the

Updating the database password .

Chapter 6. Managing software

Disabling the collection of other license

Tutorial: Simplified catalog management . . ..

Single sign-on based on the exchange of

Chapter 9. Troubleshooting and

Enabling the logging of memory

Chapter 10. Tuning performance . ..

Chapter 11. Integrating . . . . . ..

Retrieval of software instances. . . . ..

Integrating with SmartCloud Control Desk . ..

What's new in this release

Features and functions

Software discovery and identification

Signature discovery and creation

Software usage counting

IBM license compliance

Enabling beta features

Providing your feedback

Processor value unit licenses

Processor value unit license types

PVU per core

Table 1. Cost of full capacity license for IBM MQ software (continued)

Software cost per PVU

Scenario 2: Subcapacity on two virtual machines

Server 1 | 2 processors | 16 cores in total

Full capacity for IBM MQ

Subcapacity for IBM MQ

PVU per core

Software cost per PVU

Scenario 3: Capacity in a virtual environment where the VM manager is not defined

Server 1 | 2 processors | 16 cores in total

Capacity for IBM MQ

PVU per core

Software cost per PVU

Processor value unit table

Resource value unit licenses (RVU MAPC)

Resource value unit license types

Resource value unit tier table

To license in the following core environment:

Table 5. Activated processor cores divided into quantity tiers

Number of managed cores

DB2 ESE on server A

DB2 ESE on server A

Example of high-water mark for the whole infrastructure

DB2 ESE in the whole infrastructure

Products, components, and bundles

IBM Product X 1.2

IBM Product X 2.1

IBM Product X 2.2