3 Replies Latest reply on Oct 15, 2014 2:34 PM by Lawrence Garvin

    Managing Servers in the DMZ

    mainer

      Good morning,

      We currently have a number of servers located in the DMZ. These servers are getting the Patch updates every month downloaded to the servers but they are not installed, that is the responsibility of the Sysadmins. Due to the amount of servers and updates the Sysadmins are responsible for, installing the updates on each server is not very time efficient. What we would like to do is to automate a task in the Patch Manager to install the patch updates onto each server the Sysadmin is responsible for. Is this possible and if so what is the appropriate procedure?

       

      Thank you,

        • Re: Managing Servers in the DMZ
          Lawrence Garvin

          Absolutely. With the Update Management tool or Update Management Wizard you can schedule a list of updates, or an entire collection of updates (by class, product, etc.) and target that to an individual machine, or all of the machines simultaneously.

           

          In the In-Product Help, there's a section that describes how to use these tools.

           

          10-14-2014 8-42-25 AM.png

            • Re: Managing Servers in the DMZ
              mainer

              Hello Mr. Garvin,

              Thank you for the quick reply! I am new to managing the Patch Manager and I really don’t know a whole lot about it. From what I understand the patch manager can only manage servers/workstations that are part of the domain. The servers in question are in the DMZ therefore they are not part of the domain. If this is true than the servers in the DMZ must be getting the patches/updates via the WSUS server. Is my thinking on this matter correct? Also I understand there is virtual training available thru Thwack. How do I take advantage of this training?

               

              Thank you in advance,

              Randy Howie

                • Re: Managing Servers in the DMZ
                  Lawrence Garvin
                  From what I understand the patch manager can only manage servers/workstations that are part of the domain.

                  Not true.

                  Neither WSUS, nor Patch Manager, much cares whether a machine is a member of a domain or not.

                  When initiating communication TO a managed system, the only requirements are that RPC and WMI are accessible, and the Patch Manager server has a stored credential for the target system that has LOCAL Administrator rights.

                   

                  the servers in the DMZ must be getting the patches/updates via the WSUS server.

                  Presumably they are; but it's also possible, being in the DMZ, that they've been configured to use Automatic Updates.


                  In order to use Patch Manager to deploy updates to the machines in the DMZ, you'd have to do one of three things:

                  1. Open a bunch of ports (that may not already be open) to allow RPC/WMI connections into the DMZ from the Patch Manager server. (The actual ports are documented in the Administrator's Guide.)
                  2. Deploy a Patch Manager Automation Role server in the DMZ and open port 4092 into the DMZ.
                  3. Install Patch Manager Agents on the machines in the DMZ and open port 4092 back to the Patch Manager server.

                   

                  And configure a credential and credential rule in Patch Manager for an account that has LOCAL admin access to each machine.

                   

                  Which option you choose will depend a lot on your firewall management policies.

                   

                  Also I understand there is virtual training available thru Thwack. How do I take advantage of this training?


                  Currently there is video-based and in-person instructor led training for the Orion Core and Network Performance Manager. You can access this training via the CustomerPortal.


                  For training materials on Patch Manager, I would invite you to the Patch Manager Library and Support page in Thwack, which has a large collection of blog articles, white papers, and videos.