ManageEngine Patch Manager Plus is a Web-based Windows software application for patch management. This application enables administrators to patch computers effectively, from a central point. It comprises features like automated patch management, third party applications patching, patch compliance audits and patch management reporting.
The LAN architecture of Patch Manager Plus comprises the following components:
This section includes detailed information about the components of the Patch Manager Plus architecture.
The Patch Manager Plus server is located in the customer's site. For example, the customer's head office. This server enables the completion of various patch-management tasks to help administrators patch computers in the company's network effectively. Some of the tasks include the following:
It is recommended that the Patch Manager Plus server is not switched off. It should be switched on constantly to complete various patch-management tasks on a daily basis. All the patch-management tasks can be completed using Patch Manager Plus's Web-based administration console.
Note: Ports 135,139 and 445 should also be kept open and inbound on both agent and server (and distribution server, if applicable) for pushing agent installation.
The Patch Manager Plus agent is a lightweight software application that is installed in computers which are managed using Patch Manager Plus. It is installed automatically in the computers in a LAN. It helps to complete various tasks that are initiated in the Patch Manager Plus server. For example, if you want to uninstall a software application from a computer in your network, you can make the required settings for this task in the Patch Manager Plus server. The agent replicates these settings and ensures that the task is completed effectively.
The agent also updates the Patch Manager Plus server with the status of patches that are deployed. It checks the Patch Manager Plus server periodically for instructions related to tasks and completes the same. The agent contacts the server during every 90 minute refresh interval.
The patch database is a portal on the ManageEngine Web site. It hosts the latest vulnerability database that is published after patches have been tested. The Patch Manager Plus server synchronizes this information periodically and scans the computers in the network to determine which patches are missing. The patches that are missing are installed in the computers that are missing them.
The communication between the Patch Manager Plus server and the patch database takes place either through a proxy server or through a direct connection to the Internet. All patch related data are updated to the patch database. Patches that need to be installed are directly downloaded from the respective vendors' web sites and stored in the Patch Manager Plus server before deploying them to computers in the network. The agents copy the required patch binaries from the Patch Manager Plus server.
The Web console of Patch Manager Plus provides a central point from where an administrator can patch all the tasks that are related to patch management. This console can be accessed from anywhere. For example, it can be accessed through a LAN, WAN and from home using the Internet or a VPN. Separate client installations are not required to access the Web console.
In an Active Directory-based domain setup, the Patch Manager Plus server gathers data from the Active Directory to generate the reports for the following:
This enables administrators to access all the information that is stored by the Active Directory.