Managing Servers in the DMZ

Absolutely. With the Update Management tool or Update Management Wizard you can schedule a list of updates, or an entire collection of updates (by class, product, etc.) and target that to an individual machine, or all of the machines simultaneously.

In the In-Product Help, there's a section that describes how to use these tools.

Hello Mr. Garvin,

Thank you for the quick reply! I am new to managing the Patch Manager and I really don’t know a whole lot about it. From what I understand the patch manager can only manage servers/workstations that are part of the domain. The servers in question are in the DMZ therefore they are not part of the domain. If this is true than the servers in the DMZ must be getting the patches/updates via the WSUS server. Is my thinking on this matter correct? Also I understand there is virtual training available thru Thwack. How do I take advantage of this training?

Thank you in advance,

Randy Howie

From what I understand the patch manager can only manage servers/workstations that are part of the domain.

Not true.

Neither WSUS, nor Patch Manager, much cares whether a machine is a member of a domain or not.

When initiating communication TO a managed system, the only requirements are that RPC and WMI are accessible, and the Patch Manager server has a stored credential for the target system that has LOCAL Administrator rights.

the servers in the DMZ must be getting the patches/updates via the WSUS server.

Presumably they are; but it's also possible, being in the DMZ, that they've been configured to use Automatic Updates.

In order to use Patch Manager to deploy updates to the machines in the DMZ, you'd have to do one of three things:

1. Open a bunch of ports (that may not already be open) to allow RPC/WMI connections into the DMZ from the Patch Manager server. (The actual ports are documented in the Administrator's Guide.)
2. Deploy a Patch Manager Automation Role server in the DMZ and open port 4092 into the DMZ.
3. Install Patch Manager Agents on the machines in the DMZ and open port 4092 back to the Patch Manager server.

And configure a credential and credential rule in Patch Manager for an account that has LOCAL admin access to each machine.

Which option you choose will depend a lot on your firewall management policies.

Also I understand there is virtual training available thru Thwack. How do I take advantage of this training?

Currently there is video-based and in-person instructor led training for the Orion Core and Network Performance Manager. You can access this training via the CustomerPortal.

For training materials on Patch Manager, I would invite you to the Patch Manager Library and Support page in Thwack, which has a large collection of blog articles, white papers, and videos.