The Patch Manager from ManageEngine is a comprehensive patching solution. It offers automated patch download and deployment for Windows, Linux, and macOS computers. The software also supports patching for over 530 updates across more than 300 applications, such as Adobe, Chrome, Java, VLC, and more.
The Patch Manager is capable of generating reports to show progress or status on all patching on the entire network. The software is available on the cloud or on-premises.
In this ManageEngine Patch Manager Review, we will analyze the software in depth.
- Patch Management with ManageEngine Patch Manager
- How does ManageEngine Patch Manager work?
- System Requirements
- Hardware Requirements
- Software Requirements
- Installation Process
- Managing Patches
- Installing the Agent
- Testing Patches
- System Health Status
- Automate and Manual Deployment
- Automatic Patch Deployment
- Manual Patch Deployment
- Navigation and Features
- Important Features
1. ManageEngine Patch Manager Plus Review
Before digging deep into reviewing the ManageEngine Patch Manager, let’s understand how Patch Management works on the software.
The patch management consists of the following three crucial elements:
- The External Patch Crawler:
This program residing at Zoho Corp, sends frequent probes out to the Internet to gather information on vulnerabilities from Microsoft and Apple websites. Then it performs patch analysis and publishes the vulnerabilities to the Central Patch Repository for future use.
- Central Patch Repository:
This portal, hosts the vulnerabilities database that has been found through analysis by the Patch Crawler and publishes the data for download by the Patch Manager Plus server. The server requests information on the latest vulnerabilities to this central repository.
- Patch Manager Plus Server:
The server which is located on-site, subscribes to the Central Patch Repository and periodically downloads the vulnerabilities database. This server is the one in charge of scanning the entire network, correlate against the vulnerability database, find missing and available patches, download and install patches, and generate reports.
How does ManageEngine Patch Manager work?
The software performs the following four core actions:
- Scans clients and finds missing patches.
- Tests updates before rollout to reduce risks.
- Automate patch deployment to OSs and third-party apps.
- Generate comprehensive reports and audits.
The ManageEngine Patch Manager sends periodic scans to each system in the entire network to evaluate their patching needs.
With the help of the complete vulnerabilities database collected from trusted websites such as Microsoft, Apple, and security bulletins, the software can scan for patching information.
To stay up to date, the Central Patch Repository keeps updating the vulnerability database with the latest information on patches.
The Patch Manager uses different methods such as file version checks, registry audits, and checksums, to know about the state of patches on the systems.
The scanning process can find which updates are required on each system depending on the OS, applications, and dependencies. Before deploying critical updates, you can test and approve patches.
To install a patch, the ManageEngine Patch Manager will start a download from the Internet, store the patch files in a particular folder on the server, then push the patch to the target clients.
Once a patching evaluation on the whole network is complete, the software generates a report with all results and stores it in the database for later viewing.
2. System Requirements
To install the Patch Manager Plus, you’ll need to fulfill specific hardware requirements on your server. The key determinant for the hardware is the number of computers being patched by the server.
|No. of Computers Patched||Processor||RAM||Hard Disk|
|1 – 250||Intel Core i3 2.0 GHz||2 GB||5 GB|
|251 – 500||Intel Core i3 2.4 GHz||4 GB||10 GB|
For more information on system requirements, please refer to ManageEngine’s official page.
Although the Patch Manager Plus supports patch management on different OSs (Windows, macOS, and Linux), it only supports Windows OS on its server. The Patch Manager Plus Server can only be installed in the following OSs.
|Windows 7||Windows 10||Windows Server 2008||Windows Server 2012 R2|
|Windows 8||Windows Server 2003||Windows Server 2008 R2||Windows Server 2016|
|Windows 8.1||Windows Server 2003 R2||Windows Server 2012||Windows Server 2019|
3. Installation Process
You can download the executable file and install it on-premises, or run the software on the Cloud. To get access to the Cloud platform, sign up to ManageEngine, and you’ll get a 30-day trial.
For on-premises, the installation process is pretty straightforward. Choose a language and destination folder. The Installation wizard will help you do the rest.
If you got the following message, it is just ManageEngine Patch Manager Plus warning you that your AntiVirus on the server could interfere with the patching process. The software recommends adding an exception for the software in the AntiVirus so that it doesn’t interfere with the database files.
In the next screen, the ManageEngine Patch Manager will ask you to select the port numbers as default web-server ports. Unless the default 6020 and 6383 are being used on your network for something else, leave them with their default values.
After this step, the software will successfully install on your server.
4. Managing Patches
Once you have successfully installed the Patch Manager on your server, the next thing is to choose the target clients that will be managed. The section called “Scope of Management” allows you to add or remove computers to the software. You can discover systems locally or remotely and add them to your scope of management.
To help with the process, you can define the Active Directory (AD) settings on the Patch Manager, so that the software automatically gathers the information on each computer that belongs to the AD.
Installing the Agent
When you finish adding the computers to the scope of management, you’ll have to install the agents on each client. The client is the computer that will be managed, and that is already in the scope of management.
The agent is a lightweight piece of software that should be installed on the computers that you want to manage. It works on Windows, Linux, and macOS. The agent will interact with the server every 90 minutes by default.
The hardware requirements for the agents are shown in the following chart:
Before automatically installing patches in the live network, you can test critical updates in a few clients. The Patch Manager allows you to create groups and test those critical patches before rolling them out on the entire live network.
If the patching installation was successful, you could manually approve (or set an automatic process) the update. If the patching failed, you can reject the update and keep testing.
System Health Status
Once a vulnerability is found on any piece of software, the patch is immediately released with a different range of severity, which can vary from low to critical.
The Patch Manager scans the network periodically to find missing patches on the systems. When a system with a missing patch is found, the Patch Manager classifies it into a specific “Severity” category and determines a health status in the particular system.
It is recommended to deploy all updates, especially the ones with the “Critical” severity, to maintain a good health status on the network.
5. Automate and Manual Deployment.
The Patch Manager Plus allows you to automate the patch deployment process. You can configure the automatic method to find the missing patches and deploy them to the targets. If you prefer to do it manually, you can use the scope of management to install/uninstall patches or service packs from a single location.
Automatic Patch Deployment
If you are managing an extensive network, the best and most effective way to deploy updates is to have a systematic and automated way to manage patches. The Patch Manager comes with a feature called, the Automate Patch Deployment (APD) which allows the user to install missing updates without any manual intervention.
How do the APD works?
The APD starts an automated scan right after the server synchronizes its patch database. The software identifies the missing patches on each client, downloads them to the server, and deploys them automatically.
The whole idea of the APD is to avoid scheduling automatic scans and manual downloading of missing patches.
Manual Patch Deployment
There are cases where you would want to install or uninstall a patch manually, especially in testing/developing scenarios. You can install/uninstall patches from the “Patch Management” section. Just click on “Install Patch” and choose the OS that you want to deploy.
6. Navigation and Features
The web console is straightforward and easy to use. It comes with the following main windows:
The main dashboard “Home” can show you a good summary on the health status of your systems, the missing patches and severity, total patch status on the network, and the missing patches sorted by the vulnerability. This dashboard is highly customizable.
From the same dashboard, you can quickly jump to deployment failures, systems pending reboots, missing patches, and APD tasks.
The “Deployment” window located next to “Home” is where you’ll push updates, see missing patches, and configure your patch management settings. From this same window, you can run your tests, manually install/uninstall patches, and a lot more.
The Patch Manager console also comes with a “Reports” window. This section shows you insightful patch management reports that help you monitor the entire patching process and pass audits and compliance. The reporting feature includes the “one-click” patch report generation, report templates, custom views with filters, scheduling functionality, and automatic email notifications.
The basic functionality of the ManageEngine Patch Manager is patch tracking, testing, and deployment. But the software can do a lot more. Below are some of the essential features.
- Cloud-based patch management
- Patch compliance and reporting
- Deploy over 300 third-party apps patching
- Service Pack deployment
- Role-based server access
- Antivirus automatic updates
- Two-factor authentication
- Flexible deployment options across multiple platforms
- Can be installed on both Windows and Linux platforms, making it more flexible than other on-premise options
- Offers in-depth reporting, ideal for enterprise management or MSPs
- Integrated into more applications than most patch management solutions
- ManageEngine is a feature-rich platform that takes time to fully explore and learn
The software is available through subscription or a one-time license option. It comes in three different editions the Free Edition, Professional, and Enterprise, which vary in price, number of features, and capability.
The Free Edition allows patch management for up to 25 computers and comes fully featured.
The price for the Patch Manager Professional Edition starts at $735 for a perpetual license that allows monitoring up to 50 computers. For the Professional Cloud Edition, the price starts at $345 for the Annual license.
The price for the Patch Manager Enterprise Edition starts at $1,185 for a perpetual license that allows monitoring for up to 50 computers. For the Enterprise Cloud Edition, the price starts at $445 for the Annual license.
Both editions include support, which is offered via email or over the phone. The software also comes with a full knowledge base, FAQs, user guides, demos, and videos.
You can get a quote through ManageEngine support to get a closer price based on your resources.
It is challenging to stay on top of security when there are thousands of software vulnerabilities and exploits being discovered every day. What is more difficult is managing those vulnerabilities in hundreds of unpatched computers.
Patching is a laborious task; it involves researching, downloading specific OS or app updates, testing, and deploying.
The ManageEngine Patch Manager is a state-of-the-art patch management tool. Just define the scope of management, install the agents, configure the Automatic Patch Deployment, and the software will start correlating with the vulnerabilities database, find missing updates, and updating accordingly.
The software will also help you create reports and audits for compliance so you can stay on top of all exploits and vulnerabilities.