Toll Free US: +1 888 720 9500
Intl: +1 925 924 9500

PatchQuest

Patch Management Software
PatchQuest is an automated patch management software for Windows systems.
  • Keep up-to-date with the latest patch information
  • Identify missing patches using registry/ file checks
  • Deploy patches and service packs automatically
  • Alert on new patches and report patch remediation
Success Stories
"It has saved me literally hours of time distributing and applying patches to our PCs." - Janet Allen, Med-Pay, Inc. » Download free edition | 30-day trial

Patch Management over Internet

Consider scenarios where you have to manage

PatchQuest Online Vulnerability Database

  • systems that are spread across different geographical locations or offices over the internet (applicable primarily to Service Providers)
  • laptops that are often disconnected from the network (mobile users on the move)
  • systems situated behind a NAT/PAT firewall or router (systems in different branches of an enterprise)

PatchQuest Release 4.3 is powered with an agent that can be used to manage such systems, where maintaining a dedicated network tunnel is not feasible; therefore allowing the communication over the internet. The only prerequisite is that the PatchQuest Agents should be able to contact the PatchQuest Server over the web (using HTTP).

Enterprise Setup

Here is an example to illustrate how a Service Provider can setup PatchQuest Agents in the HTTPS mode to manage systems in different geographical locations.

A Service Provider, say SerPro Inc., in Washington, has a requirement to manage systems for 2 of his enterprise clients - BNF Bank in Texas and Colt Freightliners in New York, who are situated in different locations in the USA. These 2 networks are in are interconnected in any way, and neither are they accessible from the SerPro network.

Patch Management over the Internet

The PatchQuest Server will reside in the SerPro network in Washington. The PatchQuest Agents (in HTTPS mode) will be deployed in the systems in these 2 client networks spread across the US. The agents will contact the PatchQuest Server over the internet and fetch patch management tasks that need to be performed. On task completion they will report back to the PatchQuest Server with the status update. Thus the systems in these independent enterprise networks will be managed by a single console with just internet accessibility.

Setting Up PatchQuest Server in the Service Provider Network

1. On a system which is in the Internet Data Center (IDC), with a public IP address

PatchQuest Server can be installed on a server in the IDC of the service provider. This server must have a unique public IP address and must be accessible over the web. Port 8443 (default web server port of PatchQuest server) must be open allow PatchQuest agents to communicate to this server.

Administrators can login to the web interface of PatchQuest from any location to view and perform patch management tasks.

2. On a system in the internal network of the service provider, with internet access via a NAT/PAT router

PatchQuest can be installed on a system with an internal IP address, within the SerPro network. The NAT router in the service provider IDC will have the public IP address for external internet traffic, and this will redirect all traffic to and from the internal IP addresses. The NAT router must be configured (mapping in the routing table) in such a way that it routes all HTTP (web) traffic coming through port 8443 (default web server port of PatchQuest server) to the internal IP address of the system which has PatchQuest Server installed.

The PQ agents will have the external IP of the SerPro NAT router configured as the PQ Server name and will establish contact over the web on port 8443 (default). The NAT router at SerPro will take care of redirecting the requests/responses to the internal IP address of the PQ Server machine.

Setting Up PatchQuest Agents at the customer sites

This process is very much simple and does not involve any major configurations at the customer sites.

  • Access the web interface of the PQ Server in SerPro using the public IP address : https://<publicIP>:8443/
  • Login and download the PQ Agents (Windows) from the Home tab
  • Copy and install the PQ Agents on systems that need to be managed
  • Provide the public IP address of the PQ server machine as Server Name to the agent during installation
  • If web access from the PQ Agent machine happens via a proxy server, this can be configured during installation or later from the System Tray Icon of PQ Agent
  • Start the agent at the end of the installation screen
  • Login to the web interface of PQ, visit the Systems tab and see your agents listed there

Differences between PatchQuest Agent in HTTPS mode and TCP mode

S.No
   HTTPS Mode TCP Mode
1
 Usage scenario WAN,LAN LAN,VPN
2
 Communication protocol HTTP (Over the web) Port to port (TCP)
3
 Security Data encrypted. Communication secured using SSL over HTTP (HTTPS) Data encrypted. Communication secured using SSL over TCP.
4
 Ports to be open for the Agent in the firewall (if any) None. Web access (HTTP) must be allowed. 9001 (default, but configurable)
5
 Ports to be open for the Server in the firewall (if any) 8443 (PQ server web port - default, but configurable) 9000 (default, but configurable), 8443 (for patch download)
6
 PQ Server location Can be located in an internal network with IP & port mapping done to the NAT's external IP address Located in the internal network
7
 Agent Configurations required External IP address of the PQ Server, PQ server web port & proxy server info (if required), polling interval for agent Name/IP address of the PQ Server, PQ Server TCP port
8
 Communication Flow between Server and Agents One-way (Agent polls Server) Two-way
9
 Response time of Agent Agent's poll interval Instant (no polling!)
10
 Operating System supported Windows only Windows & Linux

Refer to the documentation for more information on PatchQuest Agent Installation, Setup and Configuration.