[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

WSUS assistance

Posted on 2009-02-19
4
Medium Priority
?
379 Views
Last Modified: 2012-05-06
Ladies and Gentlemen, I have a moderate dilema with WSUS. I have multiple clients that I support. I would like to set up a WSUS at my office. This part is not a big deal. What I would like is to have all my clients poll my WSUS server so as to download only updates that I approve. In concept I could do a part of this through GPOs. However, my understanding is that it would only work properly if the WSUS was on their networks. I want to avoid that, because some of their servers are not the best. The other way I saw was to make registry entries to change the Windows Update server to point to mine. Again, that is not advisable. Mainly because doing that would involve accessing well over 200 machines. Can anyone tell me of a proper configuration for WSUS at my main office to have all of my clients access?
0
Comment
Question by:mehherc
  • 2
  • 2
4 Comments
 
LVL 6

Expert Comment

by:Brainstormer
ID: 23683728
Almost half of getting  WSUS becomes worthless unless your pipe to the clients is 100Mbit or better.
0
 
LVL 1

Author Comment

by:mehherc
ID: 23684666
My clients all have T-1 or better internet connections. Their internal network is all 100 meg. So bandwidth for them and my main office is not a problem.
0
 
LVL 6

Accepted Solution

by:
Brainstormer earned 2000 total points
ID: 23685424
 OK, here are the issues I see with that you want to do:

WSUS is used to control patch approvals. It is also used as a way to save bandwidth, so the patches are only downloaded once over a slow link (T-1) then pushed to lots of machines over fast link (Gbit, etc...) Setting up WSUS requires the machines to point to the WSUS server, so Automatic Updates and BITS service can pull the patches. Modification choices are either via GPO or scripts. Now to your scenario:

WSUS over slow link:

#1 T1 will choke. Imagine patch Tuesday, MS issues 3 XP patches for a total of 30Mb. You approve the patches at your WSUS. Now you have 200+ machines downloading those files within 24 hours. Do the math how much bandwidth YOU need.  
#2 Open ports or establish VPN for communication between servers and WSUS, lots of work.
#3 Modify all servers via GPO or script, something you don't want to do
   
I hope I made it clear that no matter what you will need to modify the servers whether WSUS is here or there. You can setup a cascading WSUS server structure, but that requires a WSUS server at each location, something you don't want.
0
 
LVL 1

Author Closing Comment

by:mehherc
ID: 31548816
I was afraid of that. I was just hoping my logic was flawed. I guess I wasn't. I was just hoping you guys here would have a convenient catch-all shortcut. I guess I will have to put in 8 low-ish end servers at each location for WSUS. Oh well. I guess no way around spending a couple of bucks. LOL. Thanks for confirming my fears. (:-D)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Screencast - Getting to Know the Pipeline

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question