The Patch Management service automatically updates Windows-based PlantCML servers and workstations with Microsoft software patches (these mostly consist of security patches). Consistently updating systems with software patches plays an important role in maintaining security. CIO magazine recently listed “Outdated Microsoft Service Packs” among its 10 Most Common Internal Security Threats. Consistently patching known vulnerabilities (on both servers and workstations) is essential for maintaining a secure computing system. The PlantCML Patch Management service assists in keeping your system up to date, helping to ensure that known vulnerabilities will not be exploited.

The PlantCML Patch Management service includes the following key benefits:
- PlantCML certifies and evaluates each OS patch, making sure that patch updates do not interrupt service, ensuring that no extraneous patches are deployed.
- The Managed Services team assists with setup for managing patch deployment.
- The Managed Services web site tracks and reports on successful deployments.
- PlantCML continuously certifies its products with the Patch Management solution.

Understanding the Patch Management system setup
The Patch Management application is loaded onto the Console server by PlantCML System Staging. Similar to Monitoring & Response, the SMC initiates deployment of the Patch Management software application from the server to other approved workstations and servers at the site. Once this deployment is completed, the Patch Management service will be activated.

Understanding the Patch Management Update Process.
Prior to the deployment of a Microsoft OS patch, PlantCML reviews the patch to determine its relevance to PlantCML applications, potential impact to customer networks, and testing requirements. Once a patch is certified by PlantCML’s System Verification & Test group, the Managed Services team will create a software package for deployment. The package will include the patches to be deployed and applicable deployment rules for each patch. The Console server will automatically check for new patch updates, typically on a daily basis. If new patches are found on the SMC Application Server, they are downloaded to the Console server at the site, based on an agreed-upon schedule. Because many update packages require a reboot, these patch updates will remain on the Console server until an SMC specialist initiates deployment to each of the clients. This deployment is only begun after obtaining approval from your site or the appropriate maintenance partner.