WSUS Primary
It is possible to configure the WSUS such that while the controls process is done as usual using JetPatch and WSUS, the patches themselves are downloaded to the Endpoint from Microsoft Update Center (Microsoft.com) instead of being download from the WSUS cache. This setting is done by configuring the WSUS Options -> Update Files and Languages -> Update Files and selecting the option of 'Do not store files locally; Computers store from Microsoft Update'. This can also be used with Delivery Optimization
Note: In order for this setting to work, Windows endpoints need to have access to the Internet, specifically these Microsoft URLs.
WSUS Replica
Three scenarios can be configured from WSUS Options -> Update Files and Languages -> Update Files. Regardless of the scenario, the updates are approved from the WSUS primary, so this is controlling how the approved updates are downloaded and distributed. This can also be used with Delivery Optimization.
- First Option: WSUS Replica stores updates from WSUS Primary and endpoints pull updates from WSUS Replica
- Second Option: WSUS Replica stores updates from Microsoft Updates and endpoints pull updates from WSUS Replica, then add the "Download files from Microsoft Update; do not download from upstream server" option
- Third Option: WSUS Replica does not store updates locally and endpoints pull updates from Microsoft Update, then make sure you select the "Do not store updates files locally; computers install from Microsoft Update"
Note1: In order for this setting to work, WSUS replica needs to have access to the Internet, specifically these Microsoft URLs.
Note2: If a replica is pointing to the internet and the primary is storing updates, you can setup GPO to have endpoints point to primary WSUS and fall back to replica for high-availability
Note3: This is for controlling Microsoft Updates. 3rd party updates, must be stored on the replica from the primary. See this article for more information.
Comments
0 comments
Please sign in to leave a comment.