What is Patch Management
how patching works how it works patch workflow
View the Patch Management Quick Start guide.
The Patch Management module manages locating Microsoft and third party software patches, downloads and installs them across your customers' networks.
The N-able N-central Patch Management Engine uses rules, caching, multiple maintenance windows and automated approval methods to enable you to automate the patching devices. With Patch Management you can manage downloading and installing Microsoft and third party software patches across your customers' networks by targeted rules. By using multiple approval methods you can download, distribute and install patches that are approved either automatically or on individual basis.
When N-able N-central installs a probe, it also installs the N-able Patch Repository Service that communicates on port 15000. The probe receives download requests from the agent for patch installers, and downloads them from the web to distribute to any requesting agent.
The Patch cache is located in the C:\Program Files (x86)\N-able Technologies\NablePatchCache
folder. Patch information is stored in the file CacheMetaData.xml
, located in the Patch Cache folder with the installer files. You can set the patch cache folder location and size.
For the best results of patch management with N-able N-central, all devices must have Internet access and the latest version of the Windows Update Agent (WUA) Windows probe and agent. For more information on upgrading a Windows agent, see For more information, see Upgrade a Windows agent and Upgrade a Windows probe.
To begin using Patch Management:
- Perform a pre-deployment self-audit to evaluate your patching requirements.
- Review and work through the Patch Management Set up Checklist.
Windows updates
Patch Manager and WSUS cannot run concurrently in a N-able N-central patch managed environment. You will need to disable WSUS in order for patch to function properly. It can cause unpredictable patching updates otherwise.
Registry locations are typically:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
or
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UseWUServer
The Windows update workflow for downloading and installing the updates is:
- The agent communicates with the Windows Update server and requests a list of available updates.
- The agent sends the list of updates to the N-able N-central server.
- The administrator reviews the list of updates and sets the approvals for the list of possible updates. N-able N-central notifies the agent which updates it can apply.
- The agent communicates with the probe to request the approved updates, or downloads them directly depending on the profile settings.
- The probe downloads the updates.
- The agent downloads the updates from the probe and applies the patches determined by the schedules defined by the administrator.
Third party updates
The workflow to patch a device with third party updates is:
-
The agent retrieves a list of updates from sis.n-able.com and compares available third party updates to the list of applications installed on the device.
- The agent sends a list of third party applications that need updating to N-able N-central, where the administrator has configured the approvals for the list of possible updates and notifies the agent which updates it can apply.
- The agent communicates with the probe and requests the approved software patches or downloads them directly from the source based on the profile settings.
- The agent downloads the updates from the probe and applies the patches determined by the rules defined by the administrator.