1 of 1 people found this helpful
I expect someone else will weigh in to answer your specific questions, but as a point of clarification, I thought I'd point you (and future users) to the current link for the deployment guide: http://www.solarwinds.com/documentation/patchman/docs/PatchManagerDeploymentGuide.pdf.
At the moment, the content in both guides is the same, except for the details about licensing. In the long run, however, this guide is the one that will be updated; the other one will eventually be retired.
Much appreciated Phil. I imagine things are (understandably) in a bit of flux at the moment as the product moves from one stable to another and it’s great to have the persistent link to the deployment guide.
As an update for anyone that finds this in the future. I've had an email discussion with support and it looks like our particular requirements would be met by a primary application server in the hub and an automation role server in each remote site, given the small number of nodes in each. I'll be testing it soon.
Some thoughts on your reporting question...
With Reporting Rollup enabled on the WSUS upstream server, all collected WSUS client event data will be rolled up and available on the upstream server. This is useful for being able to manage the entire enterprise collection of clients from a single WSUS server node of the Patch Manager console, rather than having to navigate each downstream server (and remembering which client is managed by which server).
For WSUS Inventory, typically each WSUS server is inventoried separately. The primary advantage here is that the data collection on the Patch Manager server is from a consistent point in time across the entire WSUS heirarchy. However, for organizations with limited bandwidth connections to the downstream servers -- such as might exist with site-to-site VPN connectivity -- this might not be optimal (or even affordable) use of that bandwidth. Alternatively, the WSUS Inventory can be targeted to only the upstream server, with Reporting Rollup enabled, and configured to collect data on the entire enterprise. The primary impact here is the delay introduced between the time the client detects/reports to the downstream server, and the time it is collected into the Patch Manager database, and ultimately displayed in the report.
From the report execution perspective, the assigned WSUS server is an available report field in all reports, so the reports can be filtered dynamically to one or more specific WSUS servers, or can be defined as a fixed filter in a custom report definition, and that custom report can be scheduled, exported, and emailed to one or more recipients. You have flexibility in how you provide access to report data (interactive console or scheduled export file).
It's also possible to specify a distributed inventory data storage implementation, and the WSUS Inventory for a given region can be stored in its own database, and the reporting visiblity can be restricted to that datastore for certain users, while other users can have universal access to additional datastores, or all datastores. The datastore is implemented in the Management Role and defined by the Management Group.