I manage several networks with WSUS 3.0 installed for all Domain Computers. Currently all computers point at http://SERVERNAME.InternalDomain:8530
for updates, so that when they are connected to network they update.
I have been looking for a best practice approach to handle those mobile computers that rarely come into the office, and only connect to VPN on rare occasion so that even if the computer is only connected to Internet, they still point to internal WSUS server.
External DNS Name is remote.domain and I have a 3rd party SSL certificate installed and being used for OWA and RWW.
Should I simply enable SSL on WU virtual directory and then change GPO so clients point at another external DNS name which is port forwarded through firewalls?