Distribute the Patch Manager servers

You can distribute multiple Patch Manager servers in your environment for load balancing and fault tolerance, and to resolve issues caused by geographic distribution or securities boundaries within your organization. When you deploy multiple Patch Manager servers, consider the following requirements:

Geographically-distributed environments

In geographically-distributed environments, deploy an additional Automation Server role to each remote site. This server role allows you to facilitate client management and configuration processes on the local LAN of the target systems rather than across the WAN.

You can also deploy additional Management Server roles to each site to segregate management and data collection tasks. Management Server roles work in conjunction with the additional Application Server role to support remote system administrators.

Large environments

In large environments with multiple subnets or large inventory requirements, deploy additional Application Server or Management Server roles to optimize your Patch Manager environment. You can use additional Application Server roles to support multiple administration consoles and additional Management Server roles to create smaller management groups for administration and reporting.


In environments that implement Wake-on-LAN (WoL), deploy additional Automation Server roles to facilitate WoL broadcasts for distributed systems. This deployment minimizes the administrative time in configuring routers to support this functionality. It also increases the overall reliability by restricting WoL broadcasts to smaller, LAN-specific network domains.

Port considerations and bandwidth restrictions

In environments with open port or bandwidth issues, you can deploy additional Automation Server or Management Server roles to minimize these issues. You can add additional Application role servers to limit WAN communication to port 4092—the port used for server-to-server communication. With an Automation Server role on each LAN, the remaining ports required in the Patch Manager environment must only be open on each LAN.

Additionally, use additional Management Server roles to limit the amount of traffic traveling across the WAN. With a Management Server role on each LAN, inventory data will cross the WAN only if a Patch Manager administrator runs a report for that LAN from a remote site.