Getting Started with ManageEngine Patch Connect Plus

For SCCM administrators looking for an effective tool to manage third-party applications, ManageEngine Patch Connect Plus is the answer. The Enterprise edition of Patch Connect Plus acts as a versatile plug-in which can be seamlessly integrated with SCCM in order to deploy and patch third-party applications. The application and patch binaries will be collected and stored in a repository in the Patch Connect Plus server and then automatically published to the SCCM server. The administrators can then proceed with the deployment of these applications and patches using the SCCM console itself.

 

This document provides you with following information about Patch Connect Plus.

  1. Pre-requisites
  2. Working of Patch Connect Plus
  3. Download and installation
  4. Setting up and Configuring Admin Tools

Pre-requisites:

Before installing the product, ensure that you meet the following requirements:

  • The server can be installed only on a 64-bit machine.
  • The installation machine should contain WSUS server or WSUS admin console which should be compatible with the primary WSUS server. 

    Note: Ensure that the WSUS server is of version 3.0 SP2 with WSUS-KB2720211 installed. 

  • The installation machine's system account should be a member of WSUS administrator group.

Note: It is preferred if the Patch Connect Plus server is installed in the same machine as the primary WSUS server. However, this configuration is optional. 

Working of Patch Connect Plus:

ManageEngine Patch Connect Plus works as an add-on to SCCM server to enable deployment and patching of third party applications. It publishes the required third party applications and patches to the SCCM server and deployment of these applications and patches will be initiated from the SCCM console. Refer to the Product Architecure to learn more.

Download and Installation:

  1. Download ManageEngine Patch Connect Plus. An installation wizard will open. 
  2. Specify the port to open this application in the web browser. The default access port is 5020. However you may change it if required.
  3. Click install to install the product. Once done, it will open in the web browser. 

To set the product up, you have to configure the following settings,

Configure Proxy settings

Configure proxy settings to allow connections reaching internet to download binaries from the third party websites and to synchronize patch vulnerability database.

Note: You can skip this step if you have direct connection to internet.

To configure proxy settings follow the steps given below,

  1. Enable proxy.
  2. Enter the HTTP Proxy host name.
  3. Enter HTTP Proxy Port.
  4. If required select the credentials to configure proxy.

Configure WSUS server settings

Configure WSUS server settings to publish third party software and patch updates to the SCCM server. To configure WSUS server settings follow the steps given below,

Note: Ensure that you specify the details of the primary WSUS server while configuring this settings.

  1. Enter WSUS server name.
  2. Enter WSUS port.
  3. Enable SSL settings if you are connecting to a WSUS site where SSL is enabled.

Configure Certificate settings

It is mandatory to import third-party certificates or self-signed certificates to 'Trusted publishers' and 'Root certificate authority' stores to all managed computers. This is needed to ensure that the updates are from an authentic source. If you have a third party certificate you can directly import it else you may have to create a self signed certificate.

Configure SCCM settings

Configure SCCM settings to automatically synchronize software updates in SCCM. To configure SCCM settings follow the steps given below,

  1. Enable Synchronize software updates.
  2. Enter SCCM server name.
  3. Select the credentials which has administrator privilege for the specified SCCM server.

Select Updates

Select the third party applications for which you require patch updates and associate the patches with the customized deployment template. Based on the installation options given in the template, deployment of patches will happen in SCCM. Click here to know how to customize deployment by creating deployment templates. To know the list of third party applications for which patching is supported, click here.

Configure Application Management

In the Application Management tab, select the third-party applications that you wish to publish to the SCCM server and click 'Create Application.' The resulting software packages, which contain the binaries of the applications, will then be made available in the SCCM console. Moreover, for each application that is published to SCCM, a corresponding pre deployment template can be configured and custom scripts for pre and post deployment actions can also be added. For further information on how to deploy third-party applications using SCCM, click here.

Configure Scheduler settings

This settings will allow you to schedule the frequency to publish applications and patches to SCCM.

  1. Select the frequency at which you want to publish patches.
  2. Specify the date when you want to start publishing the patches.

Note: Patches will be published based on the machine time where the server is installed.

Configure Mail Server settings

Configure mail server settings to receive reports and email updates

  1. Specify the name and port of the mail server.
  2. Select the email type. Email type Indicates the type of email dispatching.
  3. Enable Transport Layer Security.
  4. If it requires authentication, select the required authentication check box and specify the required user credentials.
  5. Click OK.

Configure site database server settings

This settings is required to fetch the deployment reports of the published third party applications and patches.

  1. In the server console, go to Admin tab --> Publish settings --> Site Database server settings
  2. Specify the machine name where SQL server is installed.
  3. Specify the port number, the default port is 1433.
  4. Specify the database name, i.e the name of the database where SCCM patch deployment details are stored.
  5. Select the authentication type
  6. Select or add the credentials which is required to reach SQL server.
  7. Specify the time period to update the patch deployment details and click Save.

Configure Admin Tools

To enhance the user experience of SCCM administrators, the 'Admin Tools' feature should be configured. To make the managing of endpoints efficient and transparent, Patch Connect Plus presents 'Admin Tools' which is a singular tab that contains a compilation of all the necessary administrative actions. For maximum convenience, the 'Admin tools' tab can be accessed right from the SCCM console. This feature enables administrators to initiate on-demand client actions, conduct troubleshooting sessions as well as perform system management operations. For information on how to set up and install 'Admin Tools' click here.

You have successfully configured the above settings. You are ready to start using ManageEngine Patch Connect Plus for the publishing and deployment of third party updates and applications using SCCM.