We help IT Professionals succeed at work.

what is the best practice to configure WSUS windows server?

Medium Priority
110 Views
Last Modified: 2019-06-26
Hello IT fellows :)

what is the best practice to configure WSUS windows server?
my plan is to setup two clusters for WSUS

some people said WSUS doesn't works as cluster, but I really don't know. I've never configured one
Comment
Watch Question

yo_beeDirector of Information Technology
CERTIFIED EXPERT

Commented:
not some
moonlightSenior Technology Consultant
CERTIFIED EXPERT
Commented:
yo_beeDirector of Information Technology
CERTIFIED EXPERT

Commented:
Not sure what happened to my comment, but what I did think I posted was.

WSUS is not designed as a cluster, but geolocation with replication from a parent server. You use GPO to have clients contact the desired WSUS.

As the above comment links to a NLB scenario which seems more to your question.  

How many sites do you have ?
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
yo_bee
what do you mean by sites?
if you mean locations, I have 8 locations
more than 5000 users
Director of Information Technology
CERTIFIED EXPERT
Commented:
so what I would do is put WSUS at each location and replicate to each WSUS server and setup a gpo for each location to have the clients ask for updates from the local WSUS server.
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
yo_bee

do i have to do that?
because we are using vpn. so all the location are connected to the main data center
yo_beeDirector of Information Technology
CERTIFIED EXPERT

Commented:
the premiss of this design it to reduce network traffic as well as any latency  for the clients. if you are 8 locations with an average 625 clients that would be a lot of traffic on your data center. The idea is to distribute the workload and if you have all your clients accessing a central location you will most definitely tax your WSUS servers.  Your question is Best Practices and what I am suggesting is one of the options in this bucket. Your idea is not a ideal setup.
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
yo_bee
you are right…
the problem is I don't have much to put in this. my boss gave me two servers and told me to deal with it 😅
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
What do you have at each location, bandwidth.

With limited resources, servers, you can have the clients check in with a wsus replica where you control update approval while the clients obtain the updates directly from Microsoft.

I.e. Server A master wsus queried by local users at main site., server/instance B replica of Server A configured to direct clients to obtain data files from Microsoft. As well as configured to roll up client reporting to master server.

Gpos for location is to check in via VPN with server/instance B.

This way your VPN connections and the master site will not be consumed by update transfers.

Do you have an option, space to virtualized one VM at each location on which wsus replica ..
yo_beeDirector of Information Technology
CERTIFIED EXPERT

Commented:
love those options. build me a house with this one tree.

5000 machines, 8 locations and he only wants to give you two servers.

Sound like your boss needs to loosen up those pockets if he wants a reliable infrastructure.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.