The BigFix Enteprise Suite (BES) 7 supports operating systems such as Windows, Unix, Linux and Mac. The suite consists of a server manager, console, deployment and web-reporting tools and is used throughout the enterprise to enforce policy and manage configurations for workstation and server hosts.
BES installs on Windows 2000/2003 and uses the MS SQL backend. It automatically installs MSDE if it doesn't detect MS SQL, which is a nice touch. The console runs on any Windows desktop and the agents used to manage assets can be deployed across a wide variety of platforms. We had a tiny gripe with the constant loading and exporting of licence files and keys to ensure we had permissions to deploy the product securely. Security is emphasised to the degree of "lockdown" in this offering.
There is a slight learning curve needed to adjust to some of the true meanings behind the terminology used, but once you're familiar with the product, you'll see it is highly scalable with several components for managing patches, network access control, vulnerabilies, asset discovery and more. The solution is truly task-driven and contains so many features that it's easy to get a bit lost in the administration at first.
As we moved through adding policies and disseminating them to our assets, the system felt a bit intrusive. It asks for your private key password every time you want to authorise a change. We were able to overlook this once we imported pre-canned subscription templates designed to manage everything from AV signatures to NAC. The array of platforms and items you can manage is very impressive, and deploying them to groups of machines is fairly easy. Reporting and remediation mechanisms are thorough, and we found this to be a very robust policy management system with nice integration features.
Pricing is based on a subscription model that includes standard support. Even for a high number of devices we feel this is good value for many customers looking for a more advanced policy management solution with lots of features and control.