Configure additional Patch Manager servers

Patch Manager is installed on a dedicated server running the Primary Application Server role. This role hosts the primary configuration management database and serves as the Certificate Authority for all certificates used to register and encrypt Patch Manager communications.

All Patch Manager operations are controlled from this server. When you install Patch Manager for the first time, the host server is called the Primary Application Server (PAS).

You can add additional server roles on remote systems to add additional functionality. The following table lists the additional server roles included with Patch Manager.

The Patch Manager installer includes an Express option that allows you to install an evaluation version of Patch Manager and SQL Server Express. Select the Advanced Install option to install the additional server roles. SolarWinds recommends installing these server roles on separate, dedicated servers to maximize application performance.

Server Role Description
Application Server Interfaces with the Patch Manager Admin Console or integrated SCCM administration consoles, and manages all communications between the console and the Patch Manager deployment.
Automation Server

Manages the local Patch Manager processes on each Patch Manager server. Each Automation server performs the inventory and configuration management tasks and interfaces with the Windows Management Instrumentation (WMI) providers to collect data and supervise remote management functions.

An Automation server can also resolve API mismatch errors that can occur when you publish to the WSUS server. This issue occur swhen Patch Manager and WSUS are installed on servers running disparate Windows Server operating systems.

See Set up an Automation Server for installation and configuration instructions.

Management Server Maintains all inventory and discovery data for specific systems in the Patch Manager environment. Each Management server includes a defined collection of managed entities specified by their corresponding domain, workgroup, or WSUS server.