• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 792
  • Last Modified:

WSUS replica / not replica? Best practise


I have the following scenario :

1 Main WSUS server at HQ.

9 WSUS servers on 9 different vessels on 9 different networks over 256 KB satelite link covering about 50 clients / servers each.

What I thought of doing was to make the 9 WSUS server's, downstream servers connecting only to the Main WSUS server at HQ.
BUT. Then the replication option. Does this replicate EVERYTHING from EVERY WSUS downstream server?

Say that 1 of the WSUS servers onboard a vessel has 50 clients. Does this information get replicated to the OTHER WSUS servers onboard the other vessels?
As there is LIMITED bandwith on these vessels, I really do not see the point of each WSUS downstream server seeing all 450 clients and servers on all vessels when in fact they only have 50 pr WSUS server/vessel.

And, does the replicate option replicate ALL updates from the Main WSUS server or only the updates that are required by the different WSUS downstream servers?

Does this make sense? :)

  • 3
2 Solutions
Makes perfect sense.
The replica Servers (ahem) replicate the settings of the Up Stream Server, so yes all the updates will be made available locally (and downloaded) - but don't let that worry you.
Assuming you are using Active Directory: What you need to do is use client side targetting, and create the WSUS update groups. Create Group Policies to point the appropriate OU at the LOCAL WSUS repository for that site. Add the computers to the correct group and they will get their updates locally.
That sorts out local traffic only getting WSUS updates locally, but to get the updates TO the sites.
I would set up a staging site, and create the WSUS Servers on the same physical LAN initially, but using the correct IP addresses. Then install the Servers at the remote sites.
Finally - configure BITS, and restrict the bandwidth to something like 100K/sec and ensure the updates only go out at a quiet time.
Does THAT make sense?
Laksen83Author Commented:

That makes sense.
All the vessels have their own domain so I was going to make a GPO for every domain targeting the client's only to connect to their local WSUS server.

I could not use the replica server option, but it is a hassel trying to approve updates and on each server for each domain due to the latency and difficulties using RDP on the servers.

So - my final setup for this will be :

1 Upstream server getting updates from MS directly.
9 Downstream servers getting replicated from the Upstream server and using local GPO for the clients connecting only to the local WSUS.

Thanks Kieran! :)
That'll do - but remember to use BITS to limit the bandwidth - the domains aren't important to WSUS, just as long as you ensure client side targetting points to the LOCAL WSUS Server
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now