Patch Manager consists of three server roles: Primary Application Server (PAS), Management Server, and Automation Server. By default, all Patch Manager servers include the Automation Server role. When you deploy additional Patch Manager servers, you can deploy just an Automation Server role, or add one or both of the remaining roles. All Patch Manager servers require separate SQL Server instances.
The server that hosts the Patch Manager installation is called the Primary Application Server. This server contains all three server roles.
SolarWinds licenses Patch Manager by the number of managed computers. As a result, there are no additional license costs associated with deploying additional Patch Manager servers.
Primary Application Server
The Primary Application Server provides a separate console connection point for load balancing, separate business units, and users located at separate locations. The server interfaces with the MMC-based Patch Manager Administrator Console, SolarWinds Orion® Web Console, and the SCCM integrated console.
Servers in this role manage all communication between the console and the Patch Manager environment. Configure Application role servers to work with one or more servers in the Management role to specify which systems can be managed by what Patch Manager consoles.
The Management Server manages Microsoft Server Manager servers in secondary management groups. The server maintains all inventory and discovery data for specific systems in the Patch Manager environment. Each Management role server hosts a management group defined by a collection of managed domains, workgroups, or WSUS servers. Deploy additional Management Server roles to partition managed systems into defined security or network management boundaries.
The Automation Server provides a workers service so the Primary Application Server can delegate the Automation Server to create connections to specific hosts. The server also bridges the gap between disparate WSUS API versions included with different Windows Server versions
The server manages the local Patch Manager worker processes on each Patch Manager server. The worker processes perform the inventory and configuration management tasks and interface with the Windows Management Instrumentation (WMI) providers to collect data and supervise remote management capabilities. Deploy additional Automation role servers to support load balancing scenarios, fault tolerance scenarios, or isolated or access-controlled networks, such as a perimeter (DMZ) network.