I'm trying to come up with the best design to keep computers updated on a WAN. I am looking for suggestions on how to handle this in the best way using GPO's, WSUS, and Windows Update. Here is what I'm working with:
Office1 - 30 users normally, T1
Office2 - 50 users normally, T1
Office3 - 20 users normally, T1
Office4 - 15 users normally, T1
Collocation - Houses most servers including AD, 5MB
All locations are connected through a VPN on the Firewalls.
300 employees across the US and when not in the office they use a VPN software client to connect their laptop to the VPN core at the collocation.
Office 2 has a server that has an extra 40GB of space I could use, and the Collocation has a server with 300GB free space. Those are my only 2 options for installing WSUS. My main concern is with the laptops because they are mostly remote from an office. My other concern is bandwidth. For instance, lets say 50 users come into an office and they all try to update at the same time; this would completely fill the internet connection.
My initial thoughts are to install WSUS at the collocation and in Office2. I would use a GPO to have the collocation update the collocation, office1, office3 then use a GPO to have Office2 update office2 and office4. I was thinking about putting all laptops in their own OU and have a GPO to had them use Microsoft as their update server (Since they can be remote or in the office)
Has anyone ever dealt with a similar situation or have suggestions?