Patch Manager agents

Patch Manager is an agentless patch deployment solution that uses Windows Management Instrumentation (WMI) to manage computers in an organization. You may encounter situations where an agent is the best solution in your environment. These situations include:

  • Computers that cannot be managed with WMI
  • Computers that are protected by stringent firewall rules or virtual private networks (VPNs)

In these situations, Patch Manager agents provide the best option for patching computers that are offline most of the time.

Ensure that each managed computer meets the agent requirements. After you deploy, approve , and configure the Patch Manager agent on the managed computer, the agent contacts the Patch Manager server (or Primary Application Server) using a secure connection and requests a certificate exchange. The certificate provides mutual authentication and must be installed on the managed computer before the agent can perform any tasks. Agents with exchanged certificates display in the Approved category in the Patch Manager Administrator Console.

You can deploy pre-provisioned agents that have exchanged certificate information. These agents poll the server at preconfigured intervals using asynchronous remote procedure calls (RPC).