Related Articles

Patch Cloud Architecture

How does it Work?

 Patch Management is a two-stage process:

  • Patch Assessment or Scanning
  • Patch Download and Deployment

Patch Management Architecture | Distribution Server - Agent


Patch Management Architecture | Roaming Users

Patch Assessment or Scanning

The Patch Manager Plus server resides at the Zoho Corp. site and repeatedly probes the internet to draw vulnerability information from  Microsoft and other websites. You need to install agents on the computers, that need to be managed (refer to Scope of Management). Once installed, the management activities are performed using the agents.

The systems in the network are periodically scanned to assess the patch needs. Using a comprehensive database consolidated from Microsoft's and other bulletins, the scanning mechanism checks for the existence and state of the patches by performing file version checks, registry checks and checksums. The vulnerability database is periodically updated with the latest information on patches, from the Central Patch Repository. The scanning logic automatically determines which updates are needed on each client system, taking into account the operating system, applications, and update dependencies.

On successful completion of an assessment, the results of each assessment are returned and stored in the server database. The scan results can be viewed from the web console.

Patch Download and Deployment

The Distribution Server is a component, which is installed in the remote office. It synchronizes the missing patch details from the Patch Manager Plus server and downloads the missing patches from the respective vendor's website. The downloaded patches are further distributed internally for patch deployment. Once the deployment is completed, the status is updated back to the Patch Manager Plus server. 

In the case of Roaming Users, the agent synchronizes the missing patch details from the Patch Manager Plus server and downloads the missing patches from the vendor's website, which is then deployed in the machine. Once the deployment is completed, the status is updated back to the Patch Manager Plus server.