In a Product Blog article last August I talked about why you might want to deploy additional Automation Role servers when using SolarWinds Patch Manager. In this article I’m going to describe exactly how to do that.
The first step is to install the server. Installation of an additional Automation Role server is very similar to how you installed the original Patch Manager Primary Application Server (PAS), with only a couple of minor variations.
Launch the Patch Manager installer, and on the Express/Custom screen, select Custom.
Proceed through the installer screens as you did for the original server. When you arrive at the database selection screen, select Use a LOCAL instance of SQL Server Express Edition. Each Patch Manager server requires its own instance of SQL Server, and there’s no need to use anything except SQL Server Express Edition for an Automation Role server.
When the installation reaches the point where it needs to register the new Automation Role server with the PAS, it will prompt you to provide the name of the PAS (again) as well as the credentials to authenticate with the PAS. The logon account must have membership in the Enterprise Administrators security role. Typically the local administrator account of the PAS, or a domain administrator account will serve this purpose.
When the installation is completed, the final screen will offer you the opportunity to launch a local console and connect to the PAS.
You can continue configuring the Automation Role server from this console connection on the Automation Role server, or you can use another console session that connects to the PAS.
To begin configuration of the Automation Role server, connect a console session to the PAS.
Navigate to the Patch Manager System Configuration -> Patch Manager Servers node. You should see your new Automation Role server listed in the details pane of this node.
Note that the Automation Role server is not yet assigned to a Management Group, and it displays an icon with a red exclamation mark indicating that the configuration is not yet complete.
Launch the Patch Manager Server Wizard utility from the Action Pane.
Select the option “Edit an existing Patch Manager Server’s configuration settings”. Click on Next.
Select the new Automation Role server from the “Server Name:” dropdown menu, and click on Resolve if the remainder of the dialog does not automatically populate with the server’s attributes. Click on Next.
Assign this Automation Role server to a Management Group. In most instances, there will only be one management group, the default group “Managed Enterprise”; however, if you have multiple management groups defined, the Automation Role server must be assigned to one of them. It will manage tasks only for members of that management group. Select the correct management group from the “Management Group:” dropdown menu.
The “Server Role:” value should be automatically set to Automation. The option is used to add or remove roles from a Patch Manager server after deployment and registration. “TCP/IP Port:” default to 4092 and should not be changed.
Set the option “Include this Patch Manager server in the default round-robin pool” depending whether the Automation Role server is being deployed for a specific purpose, or just as an additional server for load-sharing. If the option is disabled, only tasks matched by an Automation Server Routing Rule (ASRR) will be assigned to this Automation Role server. If the option is enabled, any task that does not match an existing ASRR may be assigned to this Automation Role server.
The last set of options is useful when the Automation Role server is being deployed across a bandwidth constrained connection such as a slow WAN link or a site-to-site VPN connection. It allows you to restrict the maximum amount of bandwidth used by the Automation Role server, and you can set the values differently for incoming/outgoing (i.e. download/upload) traffic. Click on Next. You'll then be presented with the configuration summary screen. Review the configuration options and click on Finish.
After clicking the Finish button from the wizard’s summary screen, you will be presented an information dialog reminding you about the service restart requirement for the Patch Manager server.
After the changes are synchronized to the Automation Role server (e.g. management group assignment, round-robin option, and bandwidth restrictions), it is necessary to restart the Data Grid Service (or reboot the Automation Role server).
You should wait approximately five minutes after completing the wizard before initiating the restart. There are three ways you can restart the service:
- Using the Services MMC.
- From the command line using “net stop ewdgssvc” and “net start ewdgssvc”.
- From the Services tab of the Computer Explorer in the Patch Manager console.
The last step is to create any needed Automation Server Routing Rules. ASRRs are not required, unless you want to dedicate an Automation Role server to a specific machine or group of machines (by domain, workgroup, organizational unit, or IP subnet). You can also assign a WSUS server to an Automation Role server, but please note this rule only assigns WSUS Administration tasks to the Automation Role server, it does not assign computer management tasks, nor does it assign clients of the WSUS server.
Navigate to the Management Groups -> Managed Enterprise node (or the node representing the management group that this Automation Role server was assigned to), and select the Automation Server Routing Rules tab.
From here you can create, edit, and delete ASRRs.
In a future article I'll talk in more detail about using ASRRs. In the meantime, for more information, and examples, of the use of ASRRs, please see the Product Blog article Patch Manager Architecture – Deploying Automation Role Servers.