asked on

WSUS (Windows Server Update Services) SSL discussion

I have an internal implementation of WSUS 3.0 SP2 and it is working great for my internal users. I would like to allow my full time remote users to benefit from this so that I can manage MS patches going to them. I know what I need to change in GPO's and firewall configuration to allow this. My question is, why would I want to configure SSL for the user laptops (clients) to connect to my WSUS server? What data am I worried about securing and why not just use non-SSL for that connection? Secondary question, if I do setup SSL are there any know issues or specific configuration changes to allow the use of a wildcard certificate from a trusted SSL cert authority?

arnold

You should setup a separate instance for the remote users that will be a replica of the existing WSUS server but will direct the remote clients to retrieve the approved updates from microsoft rather than from your WSUS server. No reason to have remote system consume your bandwidth unnecessarily.

The difficulty lies in configuring remote clients.

clm000

ASKER

Thank you , that is helpful and confirms what I just figured out. I would still like to understand why I need SSL on the connections between the clients and my (dedicated for remote users) WSUS server to approve updates. What data is passed through that connection that I need to be concerned about securing?

ASKER CERTIFIED SOLUTION

arnold

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

clm000

ASKER

Thanks for both your responses, they were very helpful