Wednesday, 14 November 2007

Deploying Windows Server Update Services 3.0


We are now running WSUS 3.0 within CIS but thought this talk would give me a better overall knowledge of the way Microsoft deploy and use WSUS 3.0 to get the best potential from it. One of the main differences from WSUS 2.0 is the loss of its web based interface for a MMC Snap In which seems to be the way Microsoft wants to go for future server management applications.

WSUS
Provide a simple, low cost, solution for distributing Microsoft Updates within a corporation. Does not natively allow updates from 3rd party software to be pushed out through WSUS but there are ways round it to allow this to happen.

WSUS 3.0 Features

  • Initial configuration wizard
  • MMC-Based UI, with advanced filtering and sorting
  • Email notification of new updated (and/or compliance summary)
  • Multiple, more granular, auto-approval rules
  • Integrated reporting rollup
  • Cleanup Wizard
  • Native x64 support
  • Vista BITS peer-caching
  • Scalability Improvements
  • Access to more content - import from the MU catalogue site
  • MOM Pack
  • Improved logging and audit logging
  • NLB and SQL clustering
  • Read-only administrative role (WSUS reporters)
  • Enhanced targeting
  • Upgrade to SCE or Configuration Manager 2007
  • A single machine can be added to more than one group.
  • Ability to have more than one WSUS Server and manage them all from the same MMC
  • Snap-In.
  • Lost support for SQL 2000!!!!
  • Can manage Windows Server 2008.

Guidance For Running WSUS 3.0

  • Always ensure WSUS sits behind a firewall.
  • Always use SSL
  • Windows Internal Database recommended as it does not require a SQL CAL and gives you good performance without an install of SQL 2005.
  • Only use Network Load Balancing for WSUS 3.0 if it is required as it is easy to just rebuild a failed WSUS server.
  • Cleanup wizard should be used fairly frequently to remove superseded updates and archived updates from more than 12 months ago.
  • Any SQL Server 2000 Databases need to be Upgraded to 2005 as these servers will not currently be receiving any updates for SQL 2000.
  • Use the WSUSUtil checkhealth option to ensure finished deployment is working correctly.
  • The Windows Update log file gives a very verbose audit trail of what has occurred on the WSUS server and from the WSUS server and connected clients.

Service Pack 1 Release

  • Added support for Windows Server 2008 release.
  • Better support for Partner Products.
  • Integration with Server Manager.
  • Computer Detailed Status reports to Excel now works!
  • Bulk approval of updates now does not overwrite existing approvals.
  • Additional APIs added to support Mobile Devices and Richer publishing of drivers within the enterprise using vendor provided catalogues (e.g. Dell, HP, IBM etc...)
  • Available at launch of Windows 2008 release.
  • Seamless upgrade from RTM.
  • Can later upgrade to System centre Essentials or configuration Manager 2007

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)