Link to home
Start Free TrialLog in
Avatar of kamsuj
kamsujFlag for Poland

asked on

WSUS project

Hi,

I'm trying to gather as much data to prepair WSUS project for a network with about 50000 computers. Which are on relatively wide geographical region. Every office has connection to every other. In the network there is Frame-relay, MPLS etc. bandwith between sites is about 2 - 3 Mbps. From the network there is about 10 connections to the Internet.

I'm wondering how to plan this. How many WSUS servers, from where to download patches - from Internet or from one central place? How big can the traffic from Microsoft Website be? How many hard disk space do I need? Downloading every update or maybe the installers only? Anything else I should think of?

I think that my only requirement should be to use one main wsus server to generate raports, accept updates etc.

http://technet.microsoft.com/en-us/library/cc708483(WS.10).aspx - says that my configuration can be done on one server but I think that this would be not enought.

How would you plan this?
ASKER CERTIFIED SOLUTION
Avatar of ChiefIT
ChiefIT
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of kamsuj

ASKER

I've also find out that there are also ISDN links to some offices. What to do with them? ISDN so about 144kbps its not enought to put the WSUS server in a location. I've managed to see how many servers do we now have and there are 48 servers for the whole network.
I use WSUS on a satellite connection

128Kb/S for 80 computers. It's slow but works. The benifit of a WSUS at every site is computers don't go out on the internet to download updates individually. In other words, You download it once, not 80 times. So, it not only works, it makes life better.

Avatar of kamsuj

ASKER

Now i'm starting to wonder maybe a good solution would be to install WSUS service on domain controllers in the network. If site contains more then one DC I would install only one WSUS.
That's all I ever had>

I put WSUS on DC2, the one without FSMO roles.

Works great.
Avatar of kamsuj

ASKER

And what about offices that only have ISDN links?

What do you think about central administration of this service? Till now I thought that one central place for administration will be the best but now I'm starting to wonder.
I am sorry, I thought I replied to this post.

We have a 128Kb/s Satellite connection for 70 computers. ISDNS is what, about 144Kb/s.

Centrally managed WSUS can be done as a replica of another server:

http://books.google.com/books?id=qjMIHPPDQGsC&pg=PA32&lpg=PA32&dq=centrally+manage+remote+wsus+servers&source=bl&ots=SpFNwTnN4R&sig=L8eYT2FO86P2IsgpxyFimT51Dwo&hl=en&ei=smK-SqfqF8rL8Qby14G8AQ&sa=X&oi=book_result&ct=result&resnum=6#v=onepage&q=centrally%20manage%20remote%20wsus%20servers&f=false
Yet, another options is to get a different third party patch management system.

One I know of, off the top of my head, is Patch authority Ultimate Plus:
http://www.scriptlogic.com/products/patchauthorityultimate/

The benifits of this is this patching system will get Windows as well as Java, Adobe and other updates. Some are not covered in WSUS.

Avatar of kamsuj

ASKER

Third party patch management sollution is not an option. Whats more buying a software for this is also not possible. I have to make this on software that is free.
I see:

With that said, WSUS is pretty much your only option. But,it will not update things like Java, Adobe, ...

Third party software, other than M$ software, will not be patched by WSUS.

The open source programs available will only do a small number of computers. Or they are in the beta testing and I wouldn't install these products or with them on my worst enemy. I wait until administrators test these products on a test domain and research them before implimentation.

WSUS server per site sounds like your best option. Then, the site admins have to make sure third party software is patched separately.
SOLUTION
Avatar of Don
Don
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial