2 Replies Latest reply on Jun 19, 2017 2:58 PM by kellytice

    First time Patch manager set up


      Hi folks,


      Looking for some advice on setting up patch manager across various locations/domains.  Best practice so to speak.


      I have Datacenter1 with Two domains (Prod/Testing).    Roughly 1000 VM's, mix of 2008/2012

      Datacenter2 with one Domain (Prod)  Different location, roughly 200 VM's

      Datacenter3 Different location(Prod2 Domain) Roughly 300 VM's.


      I was thinking of setting up my PAS with its own SQL server in DataCenter1 because it contains the bulk of our servers, then set up Automation servers in DataCenter3 and the Testingdomain.  We have a high speed link between DC1 and DC2, and currently don't have any issues patching from DC1 to DC2.


      To start out we will be using patch manager for 3rd party updates, and go from there.


      I hope this makes sense.  Feedback would be much appreciated.  I have read the documentation and there seems to be a few different scenarios that I can utilize. Looking for some input from folks that have set this up.

        • Re: First time Patch manager set up

          If you have a slow WAN then yes youll probably want downstream WSUS servers in those locations.  The Automation servers just manage the patch manager tasks (like inventory, discovery, etc) IIRC.  I have 6 locations across north america and only 1 PAS with no downstream servers and it works well, so I wouldnt say you HAVE to have anything set up in those locations.

          • Re: First time Patch manager set up

            Your scenario ('main' patch server at site with the bulk of the machines, Auto servers at remote sites) is a fine plan.


            Just like WSUS, Patch Manager doesn't really care about domains.

            It is easiest if you:

            • Add your domains into your Management Group (the default for most environments is to just have one Management Group and the default name of that is Managed Enterprise unless you changed it during setup).
            • Add a rule to your Credential Ring for each of your domains, e.g.      "when i do a task to this domain use this credential" but when i do a task to that domain use that credential, etc....
            1 of 1 people found this helpful