ManageEngine Patch Manager Plus is a Web-based Windows software application for patch management. This application enables administrators to patch computers effectively, from a central point. It comprises features like automated patch management, third party applications patching, patch compliance audits and patch management reporting.
LAN Architecture
Refer this for Patch Manager Plus Cloud architecture
Fig: LAN Architecture of Patch Manager Plus
The LAN architecture of Patch Manager Plus comprises the following components:
Server
Agent
Patch Database
Web Console
Active Directory
Components
This section includes detailed information about the components of the Patch Manager Plus architecture.
Server
The Patch Manager Plus server is located in the customer's site. For example, the customer's head office. This server enables the completion of various patch-management tasks to help administrators patch computers in the company's network effectively. Some of the tasks include the following:
Installing the agent in computers in the customer's network
Deploying patch tasks
Scanning for patches
Generating reports. For example, reports related to patch status or patch compliance
It is recommended that the Patch Manager Plus server is not switched off. It should be switched on constantly to complete various patch-management tasks on a daily basis. All the patch-management tasks can be completed using Patch Manager Plus's Web-based administration console.
Server
Port
Purpose
Type
Connection
8020
For communication between the agent or distribution server and the Patch Manager Plus server.
HTTP
In bound to server
8383
For communication between the agent or distribution server and the Patch Manager Plus server.
HTTPS
In bound to server
8027
The notification server port is responsible for communicating on-demand operations from the server to the agent.
TCP
In bound to server
Distribution Server
8384
For communication between [remote] agent and distribution server.
HTTPS
In bound to Distribution Server
Agent
The Patch Manager Plus agent is a lightweight software application that is installed in computers which are managed using Patch Manager Plus. It is installed automatically in the computers in a LAN. It helps to complete various tasks that are initiated in the Patch Manager Plus server. For example, if you want to uninstall a software application from a computer in your network, you can make the required settings for this task in the Patch Manager Plus server. The agent replicates these settings and ensures that the task is completed effectively.
The agent also updates the Patch Manager Plus server with the status of patches that are deployed. It checks the Patch Manager Plus server periodically for instructions related to tasks and completes the same. The agent contacts the server during every 90 minute refresh interval.
Patch Database
The patch database is a portal on the ManageEngine Web site. It hosts the latest vulnerability database that is published after patches have been tested. The Patch Manager Plus server synchronizes this information periodically and scans the computers in the network to determine which patches are missing. The patches that are missing are installed in the computers that are missing them.
The communication between the Patch Manager Plus server and the patch database takes place either through a proxy server or through a direct connection to the Internet. All patch related data are updated to the patch database. Patches that need to be installed are directly downloaded from the respective vendors' web sites and stored in the Patch Manager Plus server before deploying them to computers in the network. The agents copy the required patch binaries from the Patch Manager Plus server.
Web Console
The Web console of Patch Manager Plus provides a central point from where an administrator can patch all the tasks that are related to patch management. This console can be accessed from anywhere. For example, it can be accessed through a LAN, WAN and from home using the Internet or a VPN. Separate client installations are not required to access the Web console.
Active Directory
In an Active Directory-based domain setup, the Patch Manager Plus server gathers data from the Active Directory to generate the reports for the following:
Sites
Domains
Organizational Units (OUs)
Groups
Computers
This enables administrators to access all the information that is stored by the Active Directory.