There are 3 optional deployment sizings (with an additional sizing for PoC environments) that are recommended which are based on the Environment size and the number of running agents.
All-In-One
The following information is valid for environments that the JetPatch Application Server (JetPatch Manager) and the DB are located on the same machine
JetPatch Machine
| Environment Type | # of Managed Endpoints | CPU Cores | RAM | Disk (OS Included*) |
| Micro | Up to 200 |
4 |
16GB | 250GB |
| Small | Up to 4K | 8 | 32GB | 400GB |
| Medium | Up to 8K | 16 | 64GB | 650GB |
*OS requires about 30GB
Separate Machines
The following information is valid for environments that the JetPatch Application Server (JetPatch Manager) and the DB are located on different machines
JetPatch Machine
| Environment Type | # of Managed Endpoints | CPU Cores | RAM | Disk (OS Included*) |
| Small | Up to 4K | 4 | 16GB | 250GB |
| Medium | Up to 8K | 8 | 32GB | 250GB |
| Large | 8K and above | 16 | 64GB | 250GB |
*OS requires about 30GB
Database Machine
| Environment Type | # of Managed Endpoints | CPU Cores | RAM | Disk (OS Included*) |
| Small | Up to 4K | 4 | 16GB | 250GB |
| Medium | Up to 8K | 8 | 32GB | 350GB |
| Large | 8K and above | 16 | 64GB | 350GB |
*OS requires about 30GB
JetProxy
| Environment Type | Number of Managed Servers | CPU Cores | RAM | Disk (OS Included*) |
| Small | Up to 4000 | 2 | 8GB | 150GB |
Repositories
WSUS Machine
| Environment Type | # of Managed Endpoints | CPU Cores | RAM | Disk (OS Included**) |
| Small | Up to 4K | 4 | 16GB | 400GB |
| Medium | Up to 8K | 8 | 32GB | 800GB |
| Large | 8K and above | 16 | 64GB | 1.5TB |
*Windows OS should be Windows 2016 for POCs.
**Windows OS requires about 35GB
Unified Local Repositories Solution
| CPU Cores | RAM | Disk (OS Included*) |
| 8 | 16GB | 40GB (additional storage required for Repo data, see below) |
- Note - Mount point for local repo should be /var/www
- For Ubuntu (regardless to the environment type) the Disk should be 300GB
- To calculate the minimum required storage space for Repository Data use the table below
| OS | CentOS | OracleLinux | Red Hat | Ubuntu | ||||||||||||||||||
| Repo Data |
|
|
|
|
Local Repository Machine
For each managed Linux flavor in the environment
| CPU Cores | RAM | Disk (OS Included*) |
| 4 | 8GB | 150GB |
- *OS requires about 30GB
- Note - mount point for local repo should be /var/www
- For Ubuntu (regardless to the environment type) the Disk should be 300GB
Client Servers Requirements
- JetPatch Connector
- For Linux and Windows OS: ~570 MB free space (70MB for software installation and 500MB logs)
- For Solaris: ~700 MB free space (200MB for software installation and 500MB logs
- Note: The Connector has minimal impact on resource consumption (on average less than 1% CPU and less than 30 MB RAM)
- Patches installation: More than 10% free space
- Agents installation: 1-2 GB free space (also depends on the amount of agents and their size)
Software
JetPatch Manager Operating System
The JetPatch Manager can run on the following platforms:
|
Platform |
Architecture |
Version |
|
CentOS |
64-bit |
7.X / 8.X* |
|
Red Hat Enterprise Linux |
64-bit |
7.X / 8.X* |
|
Oracle Linux |
64-bit |
7.X / 8.X* |
el8.X recommended
JetPatch Database
Supported PostgreSQL versions: 11.X / 12.X / 13.XPublic Cloud PaaS: AWS RDS/Aurora and Azure Database with version 11.X / 12.X / 13.X / 14.X
Operating System: el7.X / el8.X
Ports
| Communication ( -> uni-directional, <-> bi-directional ) |
Ports | Protocol | Authentication | Goal | Reference URL |
| Application and Database | |||||
| JetPatch -> Postgres DB | 5432 | TCP | Password based authentication. Typically secured with SSL | Retrieve DB data | |
| Users -> JetPatch | 443 | HTTPS | Password-based (either local or domain), sent over TLS. | User access to the JetPatch console | |
| JetPatch Agent | |||||
| Endpoints -> JetPatch | 443 | HTTPS | Connectors identify themselves with self-generated identity token; A server certificate is authenticated if root CA certificates have been provided | Inbound communication from connectors on endpoint servers to JetPatch server. | Protocols, Permissions and Users |
| Note: The primary protocol is WEB for endpoints once the connector is installed, including connector upgrades. | n/a | n/a | n/a | It is not required to deploy connectors form JetPatch. There are multiple of alternative methods available. | Connector Deployment for Windows Environment Connector Deployment for Linux Environment |
| JetPatch -> Linux/Unix Endpoints |
22 | SSH | SSH authentication, typically PAM - depending on server settings | Outbound communication to endpoints in order to deploy the JetPatch connector. Only required to deploy connector from JetPatch. | Protocols, Permissions and Users |
| JetPatch -> Windows Endpoints |
445 | SMB2 | Local or domain Windows authentication | Outbound communication to endpoints in order to deploy the JetPatch connector. Only required to deploy connector from JetPatch. Make sure Windows Firewall is either turned off or SMB: File and printer sharing ports are open on the firewall |
Protocols, Permissions and Users |
| WSUS | |||||
| JetPatch -> WSUS | 443 | HTTPS | N/A | Required to discover Windows patches and Windows computer groups | JetPatch Configuration for WSUS |
| WSUS -> MSFT | 80 and 443 | HTTP/HTTPS | N/A | Download patches from MSFT to WSUS. See this MSFT article for full list of URLs. | Windows Solutions Overview |
| Windows Endpoints -> WSUS | 8530 and 8531 | HTTP/HTTPS | N/A | Download approvals from WSUS server. Note: WSUS uses SSL for metadata only, not for update files. Thus, both ports needs to be opened if you use SSL (8530 and 8531) | Enabling SSL on WSUS |
| WSUS Primary <-> WSUS Replica | 8530 and 8531 | HTTP/HTTPS | N/A | Syncs data between WSUS Primary and WSUS Replica | How often should I sync the WSUS replica to it's primary server? |
| Linux/Unix Repos | |||||
| Linux/Unix Endpoints -> Public or Local Repositories | 80 and 443 | HTTP/HTTPS | N/A | Download patches from repositories to endpoints and servers | Linux Solution Overview |
| Local Repositories -> Providers cloud |
443 | HTTPS | N/A | Download patch from provider cloud to local repositories | Linux Solution Overview |
| JetPatch -> CentOS Mailing List | 443 | HTTPS | N/A | In order to patch CentOS operating systems, ensure JetPatch server has the following URLs whitelisted (If through proxy, small additonal config required): CentOS7: https://lists.centos.org/pipermail/centos-announce/ |
What is the CentOS Mailing List? |
| Optional Ports | |||||
| JetPatch -> Discovery Source (vCenter, Azure, AWS, Active Directory) | 443 | HTTPS | Varies by source, view article for details | JetPatch connects to any of these sources to get the list of servers where tools need to be deployed/managed | Adding Endpoints to JetPatch |
| JetPatch -> JetPatch Live Repo | 443 | HTTPS | N/A | Get the latest JetPatch RPMs from JetPatch Repository In order to update this way, JetPatch needs the following URL whitelisted: https://live-repo.jetpatch.com/ |
Updating JetPatch using Repository |
| WSUS -> 3rd Party Repo | 443 | HTTPS | N/A |
WSUS must have a static public IP address
|
3rd Party Software Solution Overview |
| JetPatch -> AzureAD | 443 | HTTPS | N/A |
JetPatch Application server must be able to communicate with the Azure AD authentication endpoint. For most customers, that will be https://login.microsoftonline.com
|
Authentication with Azure Active Directory |
Comments
0 comments
Please sign in to leave a comment.