Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Deploy Microsoft Windows server upgrade services
Chris Sanders
Microsoft Windows Server (WSUS) upgrade services are a patch management solution for the enterprise sector. Using WSUS, network administrators can manage and deploy software updates for all products on a Microsoft network. Included are client operating systems such as Windows XP and Windows Vista, server operating systems such as Windows Server 2003 and Windows Server 2008, along with other products such as Microsoft Exchange, ISA Server and Forefront Security.
The main components within WSUS
There are three main components to deploying WSUS. The first is Microsoft's management component, Microsoft Update, which is the component that manages and distributes updates to Microsoft clients on demand. Next is the WSUS server itself, the server allows administrators to specify which updates will be downloaded from Microsoft Update and then deployed to the network of clients. The last component is Automatic Update, which is built into Windows 2000 SP4, Windows XP, Windows Server 2003 and Windows Server 2008, allowing these operating systems to download updates from the specified source. .
Whether deploying WSUS for a small LAN or a distributed WAN in terms of geography, all that's involved here is how to use these three components. Let's look at some of the scenarios needed to deploy WSUS and how it can be implemented effectively. Next, consider the installation process.
WSUS is a small LAN
The vast majority of WSUS installations take place in a smaller environment located in one location and less than 100 computers. In the general configuration, a network administrator will manage a WSUS server to download updates directly from Microsoft Update. Since budget reasons often prevent the purchase of servers for WSUS, this service will share the hardware with the file server or application server.
Once you've set up everything, the only burden on the network administrator is to ensure the synchronization between the server and Microsoft Update appears correctly, allowing for updates to be downloaded. Clients will download and install updates automatically using the Automatic Update component.
Deploy Microsoft Windows server upgrade services Picture 1
Figure 1: A simple WSUS deployment
WSUS in large LAN
A larger network will have some other issues that arise. These networks are still located in one location but have a much larger number of computers, servers and network segments
The first thing to consider here is that not all computers receive the same set of updates. For example, users in the finance department may not be familiar with running .NET framework 3.0 applications, whereas users in the science department require it. This is a fairly simple problem in using computer groups. Each computer that reports to the WSUS administration interface can be placed into a computer group depending on its own needs. By default, all of these computers are placed in the 'Unassigned Computers' computer group when they first report to the WSUS server. However, once you have reported it, you can also create a custom group and place them in that group. Allowed updates on each basic group will allow you to customize the updates that are installed for each computer group based on user needs.
The next issue to consider here is the management burden imposed by many WSUS servers. Synchronous testing, enabling upgrades, ensuring successful installation of updates is a fairly simple task. However, if you have up to 5 separate WSUS servers, managing them can be time-consuming for one. However, WSUS has been designed to be able to use multiple servers and overcome this problem by using WSUS Server Hierarchies. This hierarchical architecture model allows a WSUS server to act as an upstream server and impose its configuration on downstream configured servers located below it.
The WSUS architecture supports two modes, autonomous mode (we will discuss later) and copy mode. In copy mode, the upstream server is just the WSUS server that downloads its updates from Microsoft Update. It is also a server that an administrator must manually configure computer groups and upgrade permissions. All information that has been downloaded and configured for the upstream server is replicated directly to all devices that have been configured as downstream servers. Using this method you will save bandwidth when there is only one computer upgraded from the Internet. But more important here is that you will save time because you only manage an existing server from a software.
Deploy Microsoft Windows server upgrade services Picture 2
Figure 2: Deploying WSUS in a wide LAN
WSUS in WAN
The last and most complex scenario is that WSUS is installed in a WAN. These WANs are characterized by a large number of devices spread over a number of different points of geographical conditions.
Unlike our above scenarios, WANs often have an IT management model. Instead of an administrator having to manage all WSUS actions, each location has an administrator to manage computer groups and permissions to upgrade separately from the main office. This is a completely different scenario, where we can use upstream and downstream servers or more specifically autonomous mode.
By using autonomous mode, the upstream server can play upgrade files to the downstream server. This means that individual computer groups and upgrade permissions must be configured for each downstream server. In this deployment, you will benefit from bandwidth performance with the flexibility of allowing individual site administrators to manage computer groups and upgrade permissions.
Another WAN scenario is created by bandwidth limitations. In general, remote network locations have a high speed connection to the Internet but have relatively low speed links to the main office, such as through VPN. In this situation, an upstream server can manage upgrade permissions, but remote managed downstream servers can be configured to download allowed updates directly from the Internet as opposed to an upstream server.
Deploy Microsoft Windows server upgrade services Picture 3
Figure 3: WSUS deployment has been designed for WAN
Install WSUS
After you decide which scenario to use for your network, you need to install it. We will cover each step in the entire WSUS installation process on the server.
Before you start, you need to download the latest release of WSUS directly from Microsoft. After you have downloaded WSUS 3.0 to the server, run the executable file to begin the installation process. You should consult the requirements for installing WSUS at WSUS Installation Requirements. If you are completely clear about the installation requirements, the question now is which components you will install. Here you can install the entire package containing the WSUS program components and the management interface or just yourself for each management interface. In this case you will install all components. The process begins with the agreement agreement.
The next window will prompt you to select an upgrade resource. This is where your clients will download updates. For the main purpose of the lesson, we will choose Store Updates Locally and select a location with at least 20GB of free hard disk space. If you do not select this option, clients will only use WSUS to manage allowed updates and will download these updates directly from Microsoft Update on the Internet.
Deploy Microsoft Windows server upgrade services Picture 4
Figure 4: Select Update Source during the installation of WSUS
The next window is the database options. This is where you can choose the database technology that WSUS will use to maintain upgrade information about the client. By default the installation will use the database inside Windows. This database is also very good, but if you have SQL Server software already installed on your computer, you can use it by entering the information in this window.
The next window will allow you to choose how WSUS will use IIS. You can use the default site on port 80 or create a separate site using port 8530. Using port 8530 is recommended here because it allows you to have some flexibility if you finish adding applications. Another web application to the same physical server later.
Deploy Microsoft Windows server upgrade services Picture 5
Figure 5: Choose which IIS Website to use for WSUS
These are all necessary configurations at this point. Click Next to bypass the remaining windows and select Finish to complete the installation process.
Conclude
We have done a lot of possible deployment options for WSUS and how to install it. There are quite a lot of issues about WSUS, but the information provided here will allow you to get a good start in determining how to deploy this Microsoft technology to increase efficiency and reduce efficiency. the burdens of network governance.
David PacYou should read it
- How to install WSUS in Windows Server 2012
- How to configure and adjust WSUS in Windows Server 2012
- Microsoft begins offering Exchange Server updates in .exe packages
- New update of Windows Server causes many serious errors
- Please download the first Windows Server Insider Build from Microsoft
- Microsoft reminds users that Windows Server 20H2 is about to be discontinued
- Microsoft rushed to release security updates for Windows XP, Server 2003
- If you want to get more updates in the future, Windows Server 2008 must be installed on version KB4493730
- Recent Windows Server Updates Cause DNS Errors
- How to manually update the new Microsoft Edge
- Steps to install Microsoft SQL Server on Windows 10
- SQL Server 2019 - Microsoft Relational Database Management System
Network basics: Part 20 - File level permissions
Adjust bandwidth saving via QoS (Part 1)
Network basics: Part 14 - Security groups
Build VPN server
10 issues to know about controlling remote workstations
Preparing for the company network