Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Patch Manager > Patch Manager 2.1.5 Administrator Guide > Introduction


Created by Caroline Juszczak, last modified by Steve.Hawkins on Jul 27, 2017

Views: 219 Votes: 0 Revisions: 14

SolarWinds Patch Manager extends native Microsoft® Windows Server® Update Services (WSUS) and Microsoft System Center Configuration Manager (SCCM) functionality using an enhanced Microsoft Management Console (MMC) interface. For SCCM, Patch Manager integrates with the new ribbon-style console to extend SCCMs functionality.

Using the Patch Manager Console, you can:

  • View and manage Microsoft updates on your SCCM software update point (SUP).
  • Publish and manage third-party updates using built-in WSUS functionality in SCCM environments.
  • Deploy updates on demand by leveraging the Windows Update Agent on target systems.
  • Execute configuration management tasks on one or more managed computers.

Patch Manager includes several components that integrate with the WSUS or SCCM servers in a publishing environment. Each of the following modular components allow a high level of flexibility in large or complex deployment scenarios:

The following diagram illustrates a typical Patch Manager installation. In this installation:

  • Install Patch Manager on a target server (known as the Primary Application Server). 
  • Enable Windows Server Update Services on the target server.
  • Verify that no additional Orion Platform products or third-party applications are installed on the server.

See Advanced Deployment Scenarios for additional information about alternative deployment scenarios.

In SCCM environments, the WSUS Server in this diagram corresponds to the SCCM software update point (SUP).

Patch Manager Server

Patch Manager consists of several components that you can install on a single server or distribute across several servers to manage your deployment.

When you install Patch Manager for the first time, the host server is called the Primary Application Server (PAS). This server contains the primary configuration management database and serves as the Certificate Authority for all certificates used to register and encrypt Patch Manager communications. All Patch Manager operations are controlled from this server.

The installer includes an Express option that allows you to install additional server roles on the PAS or separate servers to enhance your deployment. These server roles include:

  • Application Server
  • Management Server
  • Automation Server

The Application Server role interfaces with the MMC-based or integrated SCCM administration consoles, and manages all communication between the console and the rest of the Patch Manager environment.

The Management Server maintains all inventory and discovery data for specific systems in the Patch Manager environment. Each Management role server has a defined collection of managed entities, specified by their corresponding domain, workgroup, or WSUS server.

The Automation Server manages the local Patch Manager processes on each Patch Manager server. These processes perform the inventory and configuration management tasks and interface with the Windows Management Instrumentation (WMI) providers to collect data and supervise remote management capabilities.

All Patch Manager servers run the EminentWare Data Grid Server service. This service starts automatically at system startup and manages all aspects of the Patch Manager server except the database resources provided by Microsoft® SQL Server.


Patch Manager supports the following SQL databases:

  • Microsoft SQL Server Express
  • Microsoft SQL Server Standard or Enterprise Edition

The SQL Server Express database installs on the SolarWinds Patch Manager server during the installation. No additional configuration is required.

SQL Server Express has a 10 GB storage limit. If you exceed this limit, you must migrate your database to a remote server running SQL Server Standard or Enterprise Edition.

The SQL Server Standard or Enterprise Edition database installs on a separate server prior to installing SolarWinds Patch Manager. This option prevents a single point of failure.

Administration Console

The Patch Manager Administrator Console is an MMC 3.0-based snap-in that connects to the Patch Manager Primary Application Server. In SCCM environments, an additional Patch Manager console is integrated with the SCCM console. You can install the administrator console on the Patch Manager server or a remote workstation.

Using the administration console, you can:

  • View and manage Microsoft updates on your WSUS server or SCCM software update point (SUP).    
  • Publish and manage third-party updates using WSUS functionality in both WSUS and SCCM environments.
  • Deploy updates on demand by leveraging the Windows Update Agent on target systems.                
  • Execute configuration management tasks on one or more managed computers.            
  • Run detailed reports that describe the updates and assets in your publishing environment.

Web Console

The Patch Manager Web Console is a read-only interface that displays detailed information from a Patch Manager Application Server. You can install the Web Console on any Windows server that can access the Patch Manager Application Server. Access the web console from any computer with access to the host web server's website.

Managed Computers

Managed computers include WSUS servers, SCCM servers, and managed clients in the enterprise. For optimal inventory and reporting functionality, deploy the Patch Manager Windows Management Interface (WMI) providers to all managed clients. 

Agents (Optional)

Agents are software components that provide a connection to the Patch Manager server for managed computers that are:

  • Disconnected from the corporate network
  • Cannot be managed with WMI
  • Protected by stringent firewall rules or virtual private networks (VPNs)

Agents provide a communications link between the managed computer and the Patch Manager server by polling the server at set intervals using asynchronous remote procedure calls. 

Last modified
10:25, 27 Jul 2017