We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

WSUS assistance

mehherc
mehherc asked
on
Medium Priority
386 Views
Last Modified: 2012-05-06
Ladies and Gentlemen, I have a moderate dilema with WSUS. I have multiple clients that I support. I would like to set up a WSUS at my office. This part is not a big deal. What I would like is to have all my clients poll my WSUS server so as to download only updates that I approve. In concept I could do a part of this through GPOs. However, my understanding is that it would only work properly if the WSUS was on their networks. I want to avoid that, because some of their servers are not the best. The other way I saw was to make registry entries to change the Windows Update server to point to mine. Again, that is not advisable. Mainly because doing that would involve accessing well over 200 machines. Can anyone tell me of a proper configuration for WSUS at my main office to have all of my clients access?
Comment
Watch Question

Almost half of getting  WSUS becomes worthless unless your pipe to the clients is 100Mbit or better.

Author

Commented:
My clients all have T-1 or better internet connections. Their internal network is all 100 meg. So bandwidth for them and my main office is not a problem.
 OK, here are the issues I see with that you want to do:

WSUS is used to control patch approvals. It is also used as a way to save bandwidth, so the patches are only downloaded once over a slow link (T-1) then pushed to lots of machines over fast link (Gbit, etc...) Setting up WSUS requires the machines to point to the WSUS server, so Automatic Updates and BITS service can pull the patches. Modification choices are either via GPO or scripts. Now to your scenario:

WSUS over slow link:

#1 T1 will choke. Imagine patch Tuesday, MS issues 3 XP patches for a total of 30Mb. You approve the patches at your WSUS. Now you have 200+ machines downloading those files within 24 hours. Do the math how much bandwidth YOU need.  
#2 Open ports or establish VPN for communication between servers and WSUS, lots of work.
#3 Modify all servers via GPO or script, something you don't want to do
   
I hope I made it clear that no matter what you will need to modify the servers whether WSUS is here or there. You can setup a cascading WSUS server structure, but that requires a WSUS server at each location, something you don't want.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
I was afraid of that. I was just hoping my logic was flawed. I guess I wasn't. I was just hoping you guys here would have a convenient catch-all shortcut. I guess I will have to put in 8 low-ish end servers at each location for WSUS. Oh well. I guess no way around spending a couple of bucks. LOL. Thanks for confirming my fears. (:-D)
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.