Home » Features » WAN architecture

ManageEngine Patch Manager Plus is a web-based Windows software application for patch management. This application enables administrators to patch computers effectively, from a central point. It comprises features like automated patch management, patch compliance and patch reporting. Patch Manager Plus supports the patching of computers in a distributed setup like branch or remote offices (WAN) and for mobile users, for example sales persons who are constantly on the move.

Advantages

The advantages of using the WAN architecture of Patch Manager Plus include the following:

  • Affordable, simple and quick solution for patch management requirements
  • Utilizes low bandwidth
  • Enables network-neutral patch management
  • Utilizes the same infrastructure for VPN connections. No separate VPN infrastructure is required
  • Ensures that communication between the server and agents is secured
  • Patches computers centrally using a single Web console

WAN Architecture

Refer this for Patch Manager Plus Cloud architecture 
 

Direct download, as the name suggests, allows agents to direct download patches directly from the Internet and not from the server. This is to prevent bandwidth choking/VPN clogging. To enable direct download in your server, click here.

The WAN architecture of Patch Manager Plus comprises the following components:

  • Server
  • Distribution Server
  • Agent
  • Web Console

Components

This section includes detailed information about the components of the Patch Manager Plus architecture. Refer to Figure 1: WAN Architecture of Patch Manager Plus.

Server

  • Port
  • Purpose
  • Type
  • Connection
  • 8020
  • Agent Server communication.
  • HTTP
  • In bound to server
  • 8027
  • The notification server port is responsible for communicating on-demand operations from the server to the agent.
  • TCP
  • In bound to server
  • 8383
  • For communication between the agent or distribution server and the Patch Manager Plus server.
  • HTTPS
  • In bound to server
  • 135
  • To enable remote administration and sharing of files and printers.
  • TCP
  • Outbound from managed computers
  • 445
  • To enable sharing of files and printers.
  • TCP
  • Outbound from managed computers

Patch Manager Plus Server has to be installed in your LAN (say, the head office) and has to be configured as an EDGE device. This means that the designated port (default being 8020 and is configurable) should be accessible through Internet. You need to adopt necessary security standards to harden the OS where the Patch Manager Plus Server is installed. Agents from all the remote locations report to this Patch Manager Plus Server.

The Server acts as a container to store the patch details and, upon request, provide the instructions to the agents. It is advised to keep the Patch Manager Plus server always running to carry out the day-to-day Patch Management activities.

Distribution Server

Patch Manager Plus Distribution Server is light-weight software that is installed in one of the computers in the Branch Offices. This agent will communicate with the Patch Manager Plus Server to pull the information for all the computers in that branch. The agents that reside in the branch office computers will contact the Distribution Server to get the information available to them and process the requests.

  • Low bandwidth utilization as only one agent will contact the Server periodically
  • Pulls the patches to be installed and other related details, from the Patch Manager Plus Server and makes it available for the rest of the computers in the branch.
  • Supports secured mode of communication (SSL/HTTPS) with the Server.
  • Distribution Server installation is one-time and subsequent upgrades will be automatically performed.

Agent

The Patch Manager Plus agent is a lightweight software application that is installed in computers which are managed using Patch Manager Plus. This agent helps to complete various patch management tasks that are initiated in the Patch Manager Plus server.

Agents can be installed either manually or using a logon script in all the branch-office computers that are being managed using Patch Manager Plus. This task is a one-time task. Up-gradation of agents is done automatically. Patch Manager Plus offers two options to help administrators manage computers across a WAN. The option that you choose depends on the number of computers you are going to manage at your remote office. The options available, enable you to use either of the following:

  1. Distribution servers and WAN agents: It is recommended that you use this option if you are patching more than 10 computers in a remote office.
  2. WAN agents only: It is recommended that you use this option if you are patching less than 10 computers in a remote office.

Web Console

The Web console of Patch Manager Plus provides a central point from where an administrator can patch all the tasks that are related to patch management. This console can be accessed from anywhere. For example, it can be accessed through a LAN, WAN and from home using the Internet or a VPN. Separate client installations are not required to access the Web console.