All-In-One
The following information is valid for environments that the JetPatch Application Server (JetPatch Manager) and the DB are located on the same machine
JetPatch Machine
Environment Type | # of Managed Endpoints * | CPU Cores | RAM (see **) | Disk (OS Included***) |
Micro | Up to 200 |
4 |
16GB | 250GB |
Small | Up to 4K | 8 | 32GB | 400GB |
Medium | Up to 8K | 16 | 64GB | 650GB |
*Assumes database is optimized
** The utilization of numerous smart groups, tags, policy rules, and services can potentially increase RAM usage.
**For test environments deployed with on-premise hypervisors (eg: vCenter and Hyper-V), you can use 8GB ram instead.
Note: To accurately assess the required RAM, it is essential to ensure that the swap file is not consistently in use. You can monitor the swap space usage by accessing the following URL: https://<Core-Server-URL>/vmanage-server/monitoring?part=graph&graph=usedSwapSpaceSize
***OS requires about 50GB
Separate Machines
The following information is valid for environments that the JetPatch Application Server (JetPatch Manager) and the DB are located on different machines
JetPatch Machine
Environment Type | # of Managed Endpoints | CPU Cores | RAM (see **) | Disk (OS Included*) |
Small | Up to 4K | 4 | 16GB | 250GB |
Medium | Up to 8K | 8 | 32GB | 250GB |
Large | 8K - 20K | 16 | 64GB | 250GB |
Custom specs for beyond 20K endpoints
*OS requires about 50GB
** The utilization of numerous smart groups, tags, policy rules, and services can potentially increase RAM usage.
Note: To accurately assess the required RAM, it is essential to ensure that the swap file is not consistently in use. You can monitor the swap space usage by accessing the following URL: https://<Core-Server-URL>/vmanage-server/monitoring?part=graph&graph=usedSwapSpaceSize
Database Machine
Environment Type | # of Managed Endpoints * | CPU Cores | RAM | Disk (OS Included**) |
Small | Up to 4K | 4 | 16GB | 250GB |
Medium | Up to 8K | 8 | 32GB | 350GB |
Large | 8K - 20K | 16 | 64GB | 450GB |
Custom specs for beyond 20K endpoints
*Assumes database is optimized
**OS requires about 50GB
JetProxy
Environment Type | Number of Managed Servers* | CPU Cores | RAM | Disk (OS Included*) |
Small | Up to 4000 | 2 | 8GB | 150GB |
Repositories
WSUS Machine
Environment Type | # of Managed Endpoints | CPU Cores | RAM | Disk (OS Included*) |
Small | Up to 4K | 4 | 16GB | 400GB |
Medium | Up to 8K | 8 | 32GB | 800GB |
Large | 8K - 20K | 16 | 64GB | 1.5TB |
Custom specs for beyond 20K endpoints
*Windows OS requires about 60 GB and should be Windows 2019 or Windows 2022
Unified Local Repositories Solution
CPU Cores | RAM | Disk (OS Included*) |
8 | 16GB | 40GB for host OS (additional storage required for Repo data, see below) |
- Note - Mount point for local repo should be /var/www
- To calculate the minimum required storage space for Repository Data use the table below (add at least 10% for future data)
- 500gb for each container
Local Repository Machine
For each managed Linux flavor in the environment
CPU Cores | RAM | Disk (OS Included*) |
4 | 8GB | 150GB |
- *OS requires about 30GB
- Note - mount point for local repo should be /var/www
- For Ubuntu (regardless to the environment type) the Disk should be 300GB
Client Servers Requirements
-
JetPatch Connector
- For Linux and Windows OS: ~570 MB free space (70MB for software installation and 500MB logs)
- For Solaris: ~700 MB free space (200MB for software installation and 500MB logs
- Note: The Connector has minimal impact on resource consumption (on average less than 1% CPU and less than 30 MB RAM)
- Patches installation: More than 10% free space
- Agents installation: 1-2 GB free space (also depends on the amount of agents and their size)
Software
JetPatch Manager Operating System
Platform |
Architecture |
Version |
Red Hat Enterprise Linux |
64-bit |
7.X / 8.X |
Oracle Linux |
64-bit |
7.X / 8.X |
Rocky Linux |
64-bit |
8.X |
AlmaLinux |
64-bit |
8.X |
EL8.X recommended
JetPatch Database
Supported PostgreSQL versions: 12.X / 13.X / 14.X / 15.X / 16.XPublic Cloud PaaS: AWS RDS/Aurora and Azure Database with version 12.X / 13.X / 14.X / 15.X / 16.X
Ports
Communication ( -> uni-directional, <-> bi-directional ) |
Ports | Protocol | Authentication | Goal | Reference URL |
Application and Database | |||||
JetPatch -> Postgres DB | 5432 | TCP | Password based authentication. Typically secured with SSL | Retrieve DB data | |
Users -> JetPatch | 443 | HTTPS | Password-based (either local or domain), sent over TLS. | User access to the JetPatch console | |
JetPatch Agent | |||||
Endpoints -> JetPatch | 443 | HTTPS | Connectors identify themselves with self-generated identity token; A server certificate is authenticated if root CA certificates have been provided | Inbound communication from connectors on endpoint servers to JetPatch server. | Protocols, Permissions and Users |
Note: The primary protocol is WEB for endpoints once the connector is installed, including connector upgrades. | n/a | n/a | n/a | It is not required to deploy connectors form JetPatch. There are multiple of alternative methods available. |
Connector Deployment for Windows Environment Connector Deployment for Linux Environment |
JetPatch -> Linux/Unix Endpoints |
22 | SSH | SSH authentication, typically PAM - depending on server settings | Outbound communication to endpoints in order to deploy the JetPatch connector. Only required to deploy connector from JetPatch. | Protocols, Permissions and Users |
JetPatch -> Windows Endpoints |
445 | SMB2 | Local or domain Windows authentication | Outbound communication to endpoints in order to deploy the JetPatch connector. Only required to deploy connector from JetPatch. Make sure Windows Firewall is either turned off or SMB: File and printer sharing ports are open on the firewall |
Protocols, Permissions and Users |
WSUS | |||||
JetPatch -> WSUS | 443 | HTTPS | N/A | Required to discover Windows patches and Windows computer groups | JetPatch Configuration for WSUS |
WSUS -> MSFT | 80 and 443 | HTTP/HTTPS | N/A | Download patches from MSFT to WSUS. See this MSFT article for full list of URLs. | Windows Solutions Overview |
Windows Endpoints -> WSUS | 8530 and 8531 | HTTP/HTTPS | N/A | Download approvals from WSUS server. Note: WSUS uses SSL for metadata only, not for update files. Thus, both ports needs to be opened if you use SSL (8530 and 8531) | Enabling SSL on WSUS |
WSUS Primary <-> WSUS Replica | 8530 and 8531 | HTTP/HTTPS | N/A | Syncs data between WSUS Primary and WSUS Replica | How often should I sync the WSUS replica to it's primary server? |
Linux/Unix Repos | |||||
Linux/Unix Endpoints -> Public or Local Repositories | 80 and 443 | HTTP/HTTPS | N/A | Download patches from repositories to endpoints and servers | Linux Solution Overview |
Local Repositories -> Providers cloud |
443 | HTTPS | N/A | Download patch from provider cloud to local repositories | Linux Solution Overview |
JetPatch -> CentOS Mailing List | 443 | HTTPS | N/A | In order to patch CentOS operating systems, ensure JetPatch server has the following URLs whitelisted (If through proxy, small additonal config required): CentOS7: https://lists.centos.org/pipermail/centos-announce/ |
What is the CentOS Mailing List? |
Optional Ports | |||||
JetPatch -> Discovery Source (vCenter, Azure, AWS, Active Directory) | 443 | HTTPS | Varies by source, view article for details | JetPatch connects to any of these sources to get the list of servers where tools need to be deployed/managed | Adding Endpoints to JetPatch |
JetPatch -> JetPatch Live Repo | 443 | HTTPS | N/A | Get the latest JetPatch RPMs from JetPatch Repository In order to update this way, JetPatch needs the following URL whitelisted: https://live-repo.jetpatch.com/ |
Updating JetPatch using Repository |
WSUS -> 3rd Party Repo | 443 | HTTPS | N/A |
WSUS must have a static public IP address
|
3rd Party Software Solution Overview |
JetPatch -> AzureAD | 443 | HTTPS | N/A |
JetPatch Application server must be able to communicate with the Azure AD authentication endpoint. For most customers, that will be https://login.microsoftonline.com
|
Authentication with Azure Active Directory |
Comments
0 comments
Please sign in to leave a comment.