ManageEngine Patch Manager Plus is a Web-based Windows software application for patch management. This application enables administrators to patch computers effectively, from a central point. It comprises features like automated patch management, third party applications patching, patch compliance audits and patch management reporting.

LAN Architecture

Refer this for Patch Manager Plus Cloud architecture 

 

Fig: LAN Architecture of Patch Manager Plus

The LAN architecture of Patch Manager Plus comprises the following components:

  • Server
  • Agent
  • Patch Database
  • Web Console
  • Active Directory

Components

This section includes detailed information about the components of the Patch Manager Plus architecture.

Server

The Patch Manager Plus server is located in the customer's site. For example, the customer's head office. This server enables the completion of various patch-management tasks to help administrators patch computers in the company's network effectively. Some of the tasks include the following:

    • Installing the agent in computers in the customer's network
    • Deploying patch tasks
    • Scanning for patches
    • Generating reports. For example, reports related to patch status or patch compliance

It is recommended that the Patch Manager Plus server is not switched off. It should be switched on constantly to complete various patch-management tasks on a daily basis. All the patch-management tasks can be completed using Patch Manager Plus's Web-based administration console.

Server
  • Port
  • Purpose
  • Type
  • Connection
  • 8020
  • For communication between the agent or distribution server and the Patch Manager Plus server.
  • HTTP
  • In bound to server
  • 8383
  • For communication between the agent or distribution server and the Patch Manager Plus server.
  • HTTPS
  • In bound to server
  • 8027
  • The notification server port is responsible for communicating on-demand operations from the server to the agent.
  • TCP
  • In bound to server
Distribution Server
  • 8384
  • For communication between [remote] agent and distribution server.
  • HTTPS
  • In bound to Distribution Server

Agent

The Patch Manager Plus agent is a lightweight software application that is installed in computers which are managed using Patch Manager Plus. It is installed automatically in the computers in a LAN. It helps to complete various tasks that are initiated in the Patch Manager Plus server. For example, if you want to uninstall a software application from a computer in your network, you can make the required settings for this task in the Patch Manager Plus server. The agent replicates these settings and ensures that the task is completed effectively.

The agent also updates the Patch Manager Plus server with the status of patches that are deployed. It checks the Patch Manager Plus server periodically for instructions related to tasks and completes the same. The agent contacts the server during every 90 minute refresh interval.

Patch Database

The patch database is a portal on the ManageEngine Web site. It hosts the latest vulnerability database that is published after patches have been tested. The Patch Manager Plus server synchronizes this information periodically and scans the computers in the network to determine which patches are missing. The patches that are missing are installed in the computers that are missing them.

The communication between the Patch Manager Plus server and the patch database takes place either through a proxy server or through a direct connection to the Internet. All patch related data are updated to the patch database. Patches that need to be installed are directly downloaded from the respective vendors' web sites and stored in the Patch Manager Plus server before deploying them to computers in the network. The agents copy the required patch binaries from the Patch Manager Plus server.

Web Console

The Web console of Patch Manager Plus provides a central point from where an administrator can patch all the tasks that are related to patch management. This console can be accessed from anywhere. For example, it can be accessed through a LAN, WAN and from home using the Internet or a VPN. Separate client installations are not required to access the Web console.

Active Directory

In an Active Directory-based domain setup, the Patch Manager Plus server gathers data from the Active Directory to generate the reports for the following:

      • Sites
      • Domains
      • Organizational Units (OUs)
      • Groups
      • Computers

This enables administrators to access all the information that is stored by the Active Directory.