While Patch Manager is an agent-less patch deployment system, there may be times when an agent is the best solution in your environment. If you have computers that spend a lot of time off the corporate networks, computers that cannot be managed with WMI, or computers protected by stringent firewall rules or VPNs, deploying Patch Manager agents would be a good option. Patch Manager will not spend time trying to update a computer that is not on the network.
You can perform most of the same actions on remote computers with an agent installed as you can using WMI providers.
After an agent is installed, the agent communicates back to the Patch Manager server and requests a certificate exchange. The certificate is based on mutual authentication and must be present on the managed computer before the agent can perform any tasks. Agents that have exchanged certificates fall in the approved category. You may deploy pre-provisioned agents that have already exchanged certificate information. Agents attempt to poll the server at set intervals using asynchronous RPC.
Use the following topics to learn more: