Updated: May 4, 2021

Patch Management Engine

With N-able N-central 12.2 a new patch engine was deployed that can be independently updated from the N-able N-central release cycle. The patch management engine communicates the N-able N-central server through the agent.

As N-able continues to develop and refine the patch management engine, it will be deployed to ensure the most up-to-date patch technology is available.

The Patch Management Engine is installed regardless of whether Patch Management is enabled or not, as it is used during the asset scan.

When you enable Patch Management, a full patch detection is run during Detection Maintenance Windows. The asset scan then uses cached meta data from last patch scan. If you disable Patch Management, a full patch detection is running only in the Asset scan. It has no cached meta data to use, and performs a scan whenever the asset scan is scheduled to do so.

A full patch scan includes a WUA scan, WMI and registry scan, etc, which means a more resource extensive operation. In Windows 7 there were performance issues with WUA scan, so there was good reason to avoid unnecessary WUA operations on clients in their asset scans. Windows 10 situation is better; WUA scan is faster.

You can manually download the latest Patch Management Engine installer at https://sis.n-able.com/Components/MSP-PME/latest/PMESetup.exe.

The engine consists of three main components:

  • N-able RPC Server - a windows service N-able.RpcServerService) that Patch Management Engine communicates with RMM / N-central Agent. This service accepts RPC calls, sends them to Patch Management Engine and then converts the result to RPC response which is sent back to the caller.
  • Patch Management Engine - contains all the patch management logic. It uses the RPC Server to communicate with the Cache Service to download patch files from the internet.
  • Cache Service - a windows service (N-able.MSP.CacheService) that serves as a proxy between the Patch Management Engine and the internet. Whenever Patch Management Engine needs to download a file from the Internet, it asks Cache Service for the file. For information on patch cache see the Patch Cache help topic.

Installing the Patch engine

The Patch Management Engine is not installed with the agent. It's installed by the agent when it needs it. The Patch Management Engine is installed shortly after the N-able N-central agent starts and remains installed even when the Patch Management feature is disabled.

The engine is also used for asset scanning which is always active.

All three components are installed by a single installation package starts the services at the very end of the installation.

Patch engine upgrades

Patch engine upgrades occur at the start of every communication between N-able N-central and the patch engine. This communication can occur for various reasons, including:

  • asset scan begins,
  • patch detection begins,
  • patch remediation begins,
  • probe settings are changed,
  • a change in a patch profile,
  • changes to the agent proxy settings, and
  • a change to the SIS server URL.