The first step in the deployment of Windows Server Update Services WSUS is to make important decisions, such as deciding the WSUS deployment scenario, choosing a wsus windows server 2008 r2 enterprise free download topology, and understanding the system requirements. The following checklist summarizes the steps that are involved in preparing for your deployment.
Hardware and database software requirements are driven by the number of client computers being updated in your organization. Before you enable the WSUS server role, confirm that the server meets the system requirements and confirm that you have the necessary permissions to complete the installation by adhering with the following guidelines:.
Server hardware requirements to enable WSUS role are bound to hardware requirements. The minimum hardware requirements for WSUS are:. These guidelines assume that WSUS clients are synchronizing with the server every eight hours for a rullup of 30, clients. If they sychronize more often, there will be a corresponding increment in the server load. If you install roles or software updates that require you to restart the server when installation is complete, restart the server before you enable the WSUS server role.
NET Framework 4. Be aware that configuring client computers including servers to update by using WSUS will result in the following limitations:. Server roles that have had their payloads removed using Features on Demand cannot be installed on demand from Microsoft Update.
You must either provide an installation source at the time you try to install such server roles, or configure a source for Features on Demand in Group Policy. Windows client editions will not be able to install. NET 3. The same considerations as server roles apply to. To install Features on Demand, create a feature file side-by-side store or obtain the Feature on Demand package from one of the following sources:.
For more information, see Microsoft Lifecycle Policy. This database size is likely to be sufficient for WSUS, although there is no appreciable benefit to using this database instead of WID. You can install the WSUS role on a computer that is separate from the database server computer. In this case, the following additional criteria apply:.
The database server must be in the same active directory domain as the WSUS server, or it must have a trust relationship with the active directory domain of the WSUS server. The WSUS server and the database server must be in the same time zone or be synchronized to the same Coordinated Universal time Greenwich Mean time source.
This section describes the basic features of all WSUS deployments. The most basic WSUS deployment consists of a server inside the corporate firewall that serves client computers on a private intranet. This is known as synchronization. During synchronization, WSUS determines if any new updates have been made available since the last time you synchronized. If it is your first time synchronizing WSUS, all updates are made available for download. Initial synchronization can take over an hour.
All synchronizations after that should be significantly quicker. If there is a corporate firewall between your network and the Internet, you will have to open these ports on the server that communicates directly to Microsoft Update. If you are planning to use custom ports for this communication, you must open those ports wsus windows server 2008 r2 enterprise free download.
Administrators can deploy multiple servers running WSUS that synchronize all content within their organization's intranet. You might expose only one server to the Internet, which would be the only server that downloads updates from Microsoft Update. This server is set up as the upstream server the source to which the downstream servers synchronize.
When applicable, servers can be located throughout a geographically dispersed network to provide the best connectivity to all client computers. If corporate policy or other conditions limit computer access wsus windows server 2008 r2 enterprise free download the Internet, administrators can set up an internal server to run WSUS.
An example of this is a server that is connected to the intranet but is isolated from the Internet. After downloading, testing, and approving the updates on this server, an administrator would export the update metadata and content to a DVD. You can create complex hierarchies of WSUS servers. A WSUS server hierarchy deployment offers the following benefits:. You can download updates one time from the Internet and then distribute the updates to client computers by using downstream servers.
This method saves bandwidth on the corporate Internet connection. You can download updates to a WSUS server that is physically closer to the client computers, for example, in branch offices. You can set up separate WSUS servers to serve client computers that use different languages of Microsoft products. We recommend that you do not create wsus windows server 2008 r2 enterprise free download WSUS server hierarchy that is more than three levels deep.
Each level adds time to propagate updates throughout the connected servers. Although there is no theoretical limit to a hierarchy, only deployments that have a hierarchy of five levels deep have been tested by Microsoft. Also, downstream servers must be at the same version or an earlier version of WSUS as the upstream server synchronization source. You can connect WSUS servers in Autonomous mode to achieve distributed administration or in Replica mode to achieve centralized administration.
You do not have to deploy a server hierarchy that uses only one mode: you can deploy a WSUS solution that uses both autonomous and replica WSUS servers.
The Autonomous mode, also called distributed administration, is the default installation option for WSUS. In Autonomous mode, an upstream WSUS server shares updates with downstream servers during synchronization. Downstream WSUS servers are administered separately, and they do not receive update approval status or computer group information from the upstream server.
By using the distributed management model, each WSUS server administrator selects update languages, creates computer groups, assigns computers to groups, tests and approves updates, and makes sure that the correct updates are installed to the appropriate computer groups.
The Replica mode, also called centralized administration, works by having an upstream WSUS server that shares updates, approval status, and computer groups with downstream servers. Replica servers inherit update approvals and are not administered separately from the upstream WSUS server. If you set up several replica servers to connect to a single upstream WSUS server, do not schedule synchronization to run at the same time on each replica server.
This practice will avoid sudden surges in bandwidth usage. This type of deployment offers the following advantages:. To enable BranchCache acceleration of content that is served by the WSUS server, install the BranchCache feature on the server and the clients, and ensure that the BranchCache service has started.
No other steps are necessary. In branch offices that have low-bandwidth connections to the central office but high-bandwidth connections to the Internet, the Branch Office feature can also be used. In this case you may want to configure downstream WSUS servers to get information about which updates to install from the central WSUS server, but download the updates from Microsoft Update.
You need only setup each WSUS server, keeping the following considerations in mind. WSUS setup must be done in serial. Postinstall wsus windows server 2008 r2 enterprise free download cannot be run on more than one server at the same time when sharing the same SQL database. If the network includes mobile users who log on to the network from different locations, you can configure WSUS to let roaming users update their client computers from the WSUS server that is closest to them geographically.
Before you install WSUS, you should decide how you want to implement storage. Updates are composed of two parts: metadata that describes the update, and the files that are required to install the update. Update metadata is typically much smaller than the actual update, and it is stored in the WSUS database. For a list of supported databases and remote database limitations, see section 1. A single-server configuration can support several thousand WSUS wsus windows server 2008 r2 enterprise free download computers.
Do not attempt to manage WSUS by accessing the database directly. The corruption might not be immediately obvious, but it can prevent upgrades to the next version of the product. WSUS supports Windows authentication only for the database. The name of this database wsus windows server 2008 r2 enterprise free download not configurable. The organization has not already purchased and does not require a SQL Server product for any other application. You intend to deploy multiple WSUS servers for example, in branch offices.
Windows Internal Database does not provide a user interface or any database management tools. If you select this database for WSUS, you must use external tools to manage the database. For more information, see:. Reindex the WSUS database. WSUS supports Windows authentication only. When updates are synchronized to your WSUS server, the metadata and update files are stored in two separate locations.
Metadata is stored in the WSUS database. Update files can be stored on your WSUS server or on Wsus windows server 2008 r2 enterprise free download Update servers, depending on how you have configured your synchronization options. If not, client computers will download approved updates directly from Microsoft Update. The option that makes the most sense for your organization will wsus windows server 2008 r2 enterprise free download on network bandwidth to the Internet, network bandwidth on the intranet, and local storage availability.
Local storage of update files is the default option when you install and configure WSUS. This option can save bandwidth on the corporate connection to the Internet because client computers download updates directly from the local WSUS server. This option wsus windows server 2008 r2 enterprise free download that the server have sufficient disk space to store all needed updates.
You can store updates remotely on Microsoft Update servers. This option is useful if most client computers connect to the WSUS server over a slow WAN connection, but they connect to the Internet over a high-bandwidth connection. After you approve the updates, the client computers download the approved updates from Microsoft Update servers. When you deploy a WSUS server hierarchy, you should determine which language updates are required throughout the organization.
You should configure the root WSUS server to download updates in all languages that are used throughout the entire organization. For example, the main office might require English and French language updates, but one branch office requires English, French, and German wsus windows server 2008 r2 enterprise free download updates, and another branch office requires English and Spanish language updates.
You would then configure the first branch office WSUS server to download updates in English, French, and German only, and configure the second branch office to download updates in English and Spanish only.
