Documentation forPatch Manager

Patch Manager agents

Patch Manager is an agentless patch deployment solution that uses Windows Management Instrumentation (WMI) to manage computers in an organization. You may encounter situations where an agent is the best solution in your environment. These situations include:

  • Computers that cannot be managed with WMI
  • Computers that are protected by stringent firewall rules or virtual private networks (VPNs)

In these situations, Patch Manager agents provide the best option for patching computers that are offline most of the time.

Ensure that each managed computer meets the agent requirements. After you deploy, approve , and configure the Patch Manager agent on the managed computer, the agent contacts the Patch Manager server (or Primary Application Server) using a secure connection and requests a certificate exchange.

The certificate provides mutual authentication and must be installed on the managed computer before the agent can perform any tasks. Agents with exchanged certificates display in the Approved category in the Patch Manager Administrator Console.

You can deploy pre-provisioned agents that have exchanged certificate information. These agents poll the server at preconfigured intervals using asynchronous remote procedure calls (RPC).

Installing a Patch Manager agent on a VM

If you plan to clone a virtual machine (VM), do not install the Patch Manager agent on the VM. After you clone the VM, install a separate agent on each VM. Otherwise, you may experience a server looping issue that increases the CPU and Network traffic metrics displayed in the Patch Manager MMC.

If you cloned a VM and experience this issue, see Troubleshoot your Patch Manager deployment for instructions on how to resolve this issue.