There are 3 optional deployment sizings (with an additional sizing for PoC environments) that are recommended which are based on the Environment size and the number of running agents.
All-In-One
The following information is valid for environments that the JetPatch Application Server (JetPatch Manager) and the DB are located on the same machine
JetPatch Machine
Environment Type | # of Managed Endpoints | CPU Cores | RAM | Disk (OS Included*) |
Micro | Up to 200 |
4 |
16GB | 250GB |
Small | Up to 4K | 8 | 32GB | 400GB |
Medium | Up to 8K | 16 | 64GB | 650GB |
*OS requires about 30GB
Separate Machines
The following information is valid for environments that the JetPatch Application Server (JetPatch Manager) and the DB are located on different machines
JetPatch Machine
Environment Type | # of Managed Endpoints | CPU Cores | RAM | Disk (OS Included*) |
Small | Up to 4K | 4 | 16GB | 250GB |
Medium | Up to 8K | 8 | 32GB | 250GB |
Large | 8K and above | 16 | 64GB | 250GB |
*OS requires about 30GB
Database Machine
Environment Type | # of Managed Endpoints | CPU Cores | RAM | Disk (OS Included*) |
Small | Up to 4K | 4 | 16GB | 250GB |
Medium | Up to 8K | 8 | 32GB | 350GB |
Large | 8K and above | 16 | 64GB | 350GB |
*OS requires about 30GB
JetProxy
Environment Type | Number of Managed Servers | CPU Cores | RAM | Disk (OS Included*) |
Small | Up to 4000 | 2 | 8GB | 150GB |
Repositories
WSUS Machine
Environment Type | # of Managed Endpoints | CPU Cores | RAM | Disk (OS Included**) |
Small | Up to 4K | 4 | 16GB | 400GB |
Medium | Up to 8K | 8 | 32GB | 800GB |
Large | 8K and above | 16 | 64GB | 1.5TB |
*Windows OS should be Windows 2016 for POCs.
**Windows OS requires about 35GB
Unified Local Repositories Solution
CPU Cores | RAM | Disk (OS Included*) |
8 | 16GB | 40GB (additional storage required for Repo data, see below) |
- Note - Mount point for local repo should be /var/www
- For Ubuntu (regardless to the environment type) the Disk should be 300GB
- To calculate the minimum required storage space for Repository Data use the table below
OS | CentOS | OracleLinux | Red Hat | Ubuntu | ||||||||||||||||||
Repo Data |
|
|
|
|
Local Repository Machine
For each managed Linux flavor in the environment
CPU Cores | RAM | Disk (OS Included*) |
4 | 8GB | 150GB |
- *OS requires about 30GB
- Note - mount point for local repo should be /var/www
- For Ubuntu (regardless to the environment type) the Disk should be 300GB
Client Servers Requirements
- JetPatch Connector
- For Linux and Windows OS: ~570 MB free space (70MB for software installation and 500MB logs)
- For Solaris: ~700 MB free space (200MB for software installation and 500MB logs
- Note: The Connector has minimal impact on resource consumption (on average less than 1% CPU and less than 30 MB RAM)
- Patches installation: More than 10% free space
- Agents installation: 1-2 GB free space (also depends on the amount of agents and their size)
Software
JetPatch Manager Operating System
Platform |
Architecture |
Version |
CentOS |
64-bit |
7.X / 8.X* |
Red Hat Enterprise Linux |
64-bit |
7.X / 8.X* |
Oracle Linux |
64-bit |
7.X / 8.X* |
el8.X recommended
JetPatch Database
Supported PostgreSQL versions: 11.X / 12.X / 13.XPublic Cloud PaaS: AWS RDS/Aurora and Azure Database with version 11.X / 12.X / 13.X / 14.X
Ports
Communication ( -> uni-directional, <-> bi-directional ) |
Ports | Protocol | Authentication | Goal | Reference URL |
Application and Database | |||||
JetPatch -> Postgres DB | 5432 | TCP | Password based authentication. Typically secured with SSL | Retrieve DB data | |
Users -> JetPatch | 443 | HTTPS | Password-based (either local or domain), sent over TLS. | User access to the JetPatch console | |
JetPatch Agent | |||||
Endpoints -> JetPatch | 443 | HTTPS | Connectors identify themselves with self-generated identity token; A server certificate is authenticated if root CA certificates have been provided | Inbound communication from connectors on endpoint servers to JetPatch server. | Protocols, Permissions and Users |
Note: The primary protocol is WEB for endpoints once the connector is installed, including connector upgrades. | n/a | n/a | n/a | It is not required to deploy connectors form JetPatch. There are multiple of alternative methods available. | Connector Deployment for Windows Environment Connector Deployment for Linux Environment |
JetPatch -> Linux/Unix Endpoints |
22 | SSH | SSH authentication, typically PAM - depending on server settings | Outbound communication to endpoints in order to deploy the JetPatch connector. Only required to deploy connector from JetPatch. | Protocols, Permissions and Users |
JetPatch -> Windows Endpoints |
445 | SMB2 | Local or domain Windows authentication | Outbound communication to endpoints in order to deploy the JetPatch connector. Only required to deploy connector from JetPatch. Make sure Windows Firewall is either turned off or SMB: File and printer sharing ports are open on the firewall |
Protocols, Permissions and Users |
WSUS | |||||
JetPatch -> WSUS | 443 | HTTPS | N/A | Required to discover Windows patches and Windows computer groups | JetPatch Configuration for WSUS |
WSUS -> MSFT | 80 and 443 | HTTP/HTTPS | N/A | Download patches from MSFT to WSUS. See this MSFT article for full list of URLs. | Windows Solutions Overview |
Windows Endpoints -> WSUS | 8530 and 8531 | HTTP/HTTPS | N/A | Download approvals from WSUS server. Note: WSUS uses SSL for metadata only, not for update files. Thus, both ports needs to be opened if you use SSL (8530 and 8531) | Enabling SSL on WSUS |
WSUS Primary <-> WSUS Replica | 8530 and 8531 | HTTP/HTTPS | N/A | Syncs data between WSUS Primary and WSUS Replica | How often should I sync the WSUS replica to it's primary server? |
Linux/Unix Repos | |||||
Linux/Unix Endpoints -> Public or Local Repositories | 80 and 443 | HTTP/HTTPS | N/A | Download patches from repositories to endpoints and servers | Linux Solution Overview |
Local Repositories -> Providers cloud |
443 | HTTPS | N/A | Download patch from provider cloud to local repositories | Linux Solution Overview |
JetPatch -> CentOS Mailing List | 443 | HTTPS | N/A | In order to patch CentOS operating systems, ensure JetPatch server has the following URLs whitelisted (If through proxy, small additonal config required): CentOS7: https://lists.centos.org/pipermail/centos-announce/ |
What is the CentOS Mailing List? |
Optional Ports | |||||
JetPatch -> Discovery Source (vCenter, Azure, AWS, Active Directory) | 443 | HTTPS | Varies by source, view article for details | JetPatch connects to any of these sources to get the list of servers where tools need to be deployed/managed | Adding Endpoints to JetPatch |
JetPatch -> JetPatch Live Repo | 443 | HTTPS | N/A | Get the latest JetPatch RPMs from JetPatch Repository In order to update this way, JetPatch needs the following URL whitelisted: https://live-repo.jetpatch.com/ |
Updating JetPatch using Repository |
WSUS -> 3rd Party Repo | 443 | HTTPS | N/A |
WSUS must have a static public IP address
|
3rd Party Software Solution Overview |
JetPatch -> AzureAD | 443 | HTTPS | N/A |
JetPatch Application server must be able to communicate with the Azure AD authentication endpoint. For most customers, that will be https://login.microsoftonline.com
|
Authentication with Azure Active Directory |
Comments
0 comments
Please sign in to leave a comment.