Introduction

SolarWinds Patch Manager is a Microsoft Management Console (MMC) that adds additional functionality to Windows Server Update Services (WSUS) and Microsoft System Center Configuration Manager (SCCM). When installed on a WSUS or SCCM server, you can update Windows servers and workstations in your corporate network with Microsoft and third-party software updates.

You can install Patch Manager in a stand-alone deployment or an integrated deployment with an existing Orion Platform.

Architecture

The following diagram illustrates a typical Patch Manager installation.

In this installation:

  • Patch Manager is installed on a dedicated server (known as the Primary Application Server).
  • Windows Server Update Services (WSUS) is enabled in the Microsoft® Windows Server® operating system .
  • No additional SolarWinds Orion Platform products or third-party applications are installed on the server.

In SCCM environments, the WSUS server corresponds with the SCCM software update point (SUP).

Patch Manager runs the EminentWare Data Grid Server Service. This service starts automatically at system startup and manages all aspects of the Patch Manager server except the Microsoft SQL Server® database resources.

See Advanced Deployment Scenarios for details about alternative deployment scenarios.

Components

Patch Manager uses the following components and devices in a deployment:

WSUS

WSUS is included in supported Windows Server® operating systems. This software component distributes and manages updates and hotfixes released by Microsoft in a corporate enterprise. WSUS replaces Windows Update and allows system administrators to distribute Windows updates and hotfixes released by Microsoft to systems in a corporate environment. Patch Manager integrates with WSUS to distribute Windows updates, third-party updates, and custom packages to managed systems in your deployment.

SCCM

Microsoft System Center Configuration Manager (SCCM) is a Microsoft systems management software product that manages large groups of computers in a corporate enterprise. Patch Manager integrates with SCCM to distribute Windows updates, non-Microsoft (third-party) updates, and custom packages to managed systems in your deployment.

SQL Server database

Patch Manager supports the following Microsoft SQL Server database software:

  • Microsoft SQL Server Express
  • Microsoft SQL Server Standard or Enterprise Edition

If you select SQL Server Express during the installation, Patch Manager installs SQL Server Express on the PAS with no user intervention.

SQL Server Express has a 10 GB storage limit. SolarWinds recommends this option for Evaluation deployments only.

If you select SQL Server Standard or Enterprise Edition, be sure the SQL Server software is installed on a separate server and enter the database instance path in the Patch Manager Administrator Console. SolarWinds recommends this option to prevent a single point of failure and maximize database performance.

Administrator Console

The Patch Manager Administrator Console is a Microsoft® Management Console (MMC) 3.0-based snap-in that connects to the Patch Manager Primary Application Server. In SCCM environments, an additional Patch Manager console is integrated with the SCCM console. You can install the administrator console on the Patch Manager server or a remote workstation.

Using the administrator console, you can:

  • View and manage Microsoft updates on your WSUS server or SCCM software update point (SUP).
  • Publish and manage third-party updates using WSUS functionality in both WSUS and SCCM environments.
  • Deploy updates on demand by leveraging the Windows Update Agent on target systems.
  • Execute configuration management tasks on one or more managed computers.
  • Run detailed reports that describe the updates and assets in your publishing environment.

In SCCM environments, an additional Administrator Console integrates with the SCCM console.

Web Console

The Patch Manager Web Console is a read-only console that displays detailed information about your deployment collected from a Patch Manager Application server. You can install the web console on any Windows server that can access the Patch Manager Application Server. When the installation is completed, you can access the console from any computer with access to the host web server's website.

When you integrate Patch Manager with the Orion Platform, the Orion Installer adds Patch Manager to your existing Orion Web Console.

Managed computers node

The Managed Computers node is located in the navigation pane of the Patch Manager Administrator Console. This node includes a list of machines that are targeted with a task (such as Inventory or Update Management) Managed computers can include WSUS servers, SCCM servers, and managed clients in your corporate enterprise.

You can use this node to locate a machine name, right-click the name, and execute a task. Patch Manager also uses this node and the Task History node to calculate the number of computers for your product license.

For optimal inventory and reporting functionality, deploy the Patch Manager Windows Management Interface (WMI) providers to all managed clients. See Manage Client WMI connectivity for details.

Patch Manager agents

Patch Manager agents provide a communications link between the managed computer and the PAS. The agents poll the server at set intervals using asynchronous remote procedure calls.

Use Patch Manager agents when your managed computers are:

  • Disconnected from the corporate network
  • Cannot be managed with WMI
  • Protected by stringent firewall rules or virtual private networks