If you have a slow WAN then yes youll probably want downstream WSUS servers in those locations. The Automation servers just manage the patch manager tasks (like inventory, discovery, etc) IIRC. I have 6 locations across north america and only 1 PAS with no downstream servers and it works well, so I wouldnt say you HAVE to have anything set up in those locations.
1 of 1 people found this helpful
Your scenario ('main' patch server at site with the bulk of the machines, Auto servers at remote sites) is a fine plan.
Just like WSUS, Patch Manager doesn't really care about domains.
It is easiest if you:
- Add your domains into your Management Group (the default for most environments is to just have one Management Group and the default name of that is Managed Enterprise unless you changed it during setup).
- Add a rule to your Credential Ring for each of your domains, e.g. "when i do a task to this domain use this credential" but when i do a task to that domain use that credential, etc....