Patch manager
Patch manager is a component that is located at the media master installation point, and it is needed for Miradore patch management. For more information, see Getting started with patch management.
What Patch manager does?
Patch manager retrieves metadata about available patches periodically from a patch library over the Internet and delivers the metadata to the Miradore server, which again, relays the metadata to Miradore clients in managed Windows computers.
What is MDPatcher?
MDPatcher is the Miradore Client component that is responsible for the patching actions at the managed devices. It scans the managed devices and collects the patch inventory. MDPatcher uses the provided patch metadata to analyze the device's patching status and communicates the results back to the Miradore server. The source and integrity of the patch are verified with the digital signature, which is done with a certificate. If the certificate is missing from the managed device, MDPatcher will install it while scanning the device.
How patch installation media flows through Miradore
First of all, Patch manager downloads patch installation packages from the software vendors to the media master installation point according to the settings configured in "Administration > System settings > Main > Patch management > Patch download settings". It is common to configure the Patch manager to download the installation media of patches which are approved but not installed.
Next, the patch media is replicated from the media master installation point onwards to the child installation points (if there are any). For more information, see File management on installation points.
Miradore Clients download the needed patch media from their nearest installation point and MDPatcher performs the patch installations.
Installation of the Patch manager
Patch manager component can be installed with the Miradore installer. For more information, see Getting started with patch management.
How to upgrade the Patch manager
Patch manager component gets automatically upgraded during the upgrade installation of Miradore Management Suite if the media master installation point is located on the Miradore server.
If your media master installation point is located on another server, you need to upgrade the Patch manager component separately using the installer of Miradore Management Suite.
Firewall settings
Miradore's Patch manager retrieves metadata about patches from Ivanti's patch library. Therefore, it needs to have access to https://content.ivanti.com/.
Patch manager will then download patch installation packages from software vendors based on your patching selections.
We don't recommend trying to whitelist the specific download URLs. Instead, consider allowing http and https access to the Internet.
HTTPS certificate
Patch manager obtains certificates for HTTPS connections from the certificate store of the host computer's operating system.
Cleaning and removal of unused or obsolete patch data
Miradore patch manager imports metadata about patches to Miradore Management Suite server on a daily basis, and patch cache is downloaded to installation points on per need basis. However, there comes a day sooner or later when the data is no more needed and it should be removed to conserve disk space on the Miradore server and installation points.
For this purpose, there is data cleaning and removal settings in "Administration > System settings > Main > Patch management > Patch management settings". With these settings, the administrators can configure how long metadata about obsolete patches, or patch cache for unused patches should be preserved in the system, before the data is automatically removed from the system. As per definition, a patch becomes obsolete on the day when it's omitted from the patch feed that is imported by Miradore patch manager to the Miradore server.
Related processes: