Since its introduction with Windows Server 2003, Software Update Services (SUS) has proved its worth to administrators who face the almost constant barrage of updates from Microsoft. But while it has helped to manage the burden of operating system updates, it has offered little or no help for administrators of other applications like Microsoft Exchange or SQL Server. This is soon to change, however, with the release of Windows Update Services (WUS) – the successor to SUS.
Update Services 101
WUS represents a significant step forward in terms of the management and control of software update distribution.
For those of you who may not be familiar with SUS or WUS, it is worth briefly discussing how these update services work. Although there are many improvements in WUS, the basic underlying principles established in SUS remain the same. So, for now, we’ll refer to the two-update services as SUS/WUS. After we have covered the basics and move to a discussion of only WUS, we’ll drop the SUS association.
As discussed, SUS/WUS simplifies the downloading and deployment of software updates for Microsoft software. They do this by providing a repository for Microsoft provided software updates on a Windows 2000 Server or Windows Server 2003 system within your network. The Windows Update client software, supported by Windows 2000, Windows XP, and Windows Server 2003, can then be redirected to the SUS/WUS server on the LAN rather than to the Windows Update servers on the Internet.
Storing and downloading updates from a local server brings two main benefits. First it means that updates are downloaded only once per network, to the SUS/WUS server, rather than to each client system separately. Second, it provides a degree of control over which software updates are available to systems on the network. The administrator can determine whether each update is approved or disallowed for subsequent client download via SUS/WUS.
To take the level of control one step further, in multi-site networks, it is possible to create a hierarchy of SUS/WUS servers so that updates are downloaded once to a central site, and then once again to update servers on each of the other sites on the network. This prevents workstations and servers on remote sites from downloading updates from the update server at the central site, and consuming valuable WAN bandwidth in the process. It is also possible to dictate whether administrators on remote sites get to approve or deny updates for their own site, rather than having the administrator at the central site make that call. The same approach, of establishing a hierarchy of servers, can be used on large single site networks to load balance update requests across multiple servers.
More About WUS
Although both WUS and SUS operate in the way described above, WUS represents a significant step forward in terms of the management and control of software update distribution. As discussed earlier, WUS provides support for a much wider range of products. In addition to operating systems updates, WUS will provide update services for Microsoft Exchange, SQL Server, Microsoft Office, and some hardware drivers. Over time, Microsoft says it will add support for all Microsoft products.
On top of the wider product coverage, WUS will also support more categories, or types, of update. Whereas SUS supported Critical Updates, Security Updates, and Drivers, WUS takes this further by including Tools, Connectors and Guidance categories. Tools include utilities for the applications supported by WUS, and Connectors includes software components that provide connectivity between products. The Guidance category covers help files and scripts released by Microsoft to provide technical information on products.
Additional configuration features in WUS provide a more customizable approach to update deployments than those available with SUS. Options like ‘targeting’ allow administrators to define groups of computers that will receive updates via WUS, when other systems on the network do not. This flexibility allows administrators to perform pilot deployments, or isolate updates based on system configurations. Reporting has also received an overhaul with improved capabilities for monitoring, verifying update downloads, and ensuring client compliance.
Like SUS, WUS relies on bandwidth management through Microsoft’s Background Intelligent Transfer Service (BITS). BITS eases the process of downloading updates by utilizing spare network bandwidth, and backing off when other traffic requires the link. So, for example, downloading updates should not significantly interfere with file transfer traffic or Internet browsing.
A new performance related feature in WUS is the ‘detect-only’ deployment – a process determines how many systems on the network are likely to download and install a given update. Such information could, for example, cause a network administrator to defer the rollout of a certain update until a weekend, rather than hoping that the network can cope with the additional load in the middle of a workday.
Ready To Take A Look?
Like SUS, WUS runs on top of Microsoft Internet Information Services, so you’ll need at least one server running IIS before you start. Aside from that you’ll need the WUS software, which is available for download in Beta 2 format from the Microsoft Website. The file is around 75MB in size, so it’s not something you want to download over a slow Internet connection. Before installing WUS, you’ll also need to have version 2.0 of the Background Intelligent Transfer Services (BITS) installed. Finally, you’ll need to make sure that you have Microsoft .NET Framework 1.1 Service Pack 1 for Windows Server 2003 installed, though if your Windows Server 2003 system is up to date, you should have this already.
Of course, under no circumstances should you install a beta version of any application, including WUS, on a production server, so you’ll need a test network if you want to take a look. If you would rather, you can load SUS on a Windows 2000 Server or Windows Server 2003 system and try out the existing features in preparation of a future WUS rollout. WUS includes a command line tool that you can use to migrate from SUS to WUS, so you will be able to migrate your configurations over once the final version of WUS is released.
Irrespective of whether or not you are already using SUS, WUS represents a powerful tool for ensuring that the Microsoft operating systems and applications on your network are kept up to date. Once the final version of WUS is released, watch this space for more information including configuration and deployment tutorials