James Bannan14 September 2006, 6:51 AM
WSUS -- the Windows Update Server that sits in your LAN -- is about to get a major overhaul in 3.0. It will not only support Vista but a raft of other Microsoft products like Activesync, Windows Defender, Ultimate Extras and more.
WSUS -- the Windows Update Server that sits in your LAN -- is about to get a major overhaul in 3.0. It will not only support Vista but a raft of other Microsoft products like Activesync, Windows Defender, Ultimate Extras and more.
This is good news because keeping desktop machines up-to-date with patches for Windows and Office alone is a problem faced by every Windows-based network administrator.
The bad-practice way of doing it is to set PCs to automatically update via Windows Update over the internet, but that means multiple machines are downloading exactly the same data over the company internet connection.
Microsoft WSUS (Windows Software Update Services) is an excellent, free tool for desktop administrators, where one server downloads the updates you require, and the client PCs talk only to that server to grab what they need.
Sure, there are more robust and comprehensive patching solutions available, but WSUS is simple to set up, puts everything into one convenient location, and did I mention it’s free?
With Vista's release to business looming ominously, it’s time for WSUS to get an overhaul too to support it fully.
WSUS 3.0 was released to beta testers recently, and I ran through an installation to see what’s changed.
Installation
The basic prerequisites for WSUS haven’t changed - Windows Server, IIS and a database engine.
WSUS 3.0 is geared towards sitting on Longhorn Server, but it works quite well on Windows 2003 Server, which is what I used.
Although it still uses IIS for client/server communications, the WSUS administration tool is now a Microsoft Management Console (MMC) snap-in, rather than a web frontend.
This requires the latest Microsoft Management Console 3.0 to be installed, which is available as a free download for Windows 2003 but is already installed on Longhorn.
For the full reporting features of the snap-in Microsoft Report Viewer is required, and this is freely available for both Windows 2003 and Longhorn.
On either platform, IIS requires Windows Authentication, ASP.NET, 6.0 Management Compatibility and IIS Metabase Compatibility enabled. .NET Framework 2.0 and BITS 2.0 are also required (again, available for download for Windows 2003 and pre-installed on Longhorn).
Despite this list of requirements, my experience was that when I installed WSUS 3.0, everything worked fine with the IIS default settings.
WSUS 3.0 also wants an SQL 2005 database to run on, and the installer prompts for the location of an available database server. Microsoft SQL Server 2005 SP1 is recommended, but SQL 2005 Express will also work.
If neither of these are available, WSUS will install SQL 2005 Embedded Edition (SSEE) onto the local machine.
Inside WSUS
WSUS 3.0 looks and feels quite different from the current version, but the principles are largely unchanged. Microsoft have organised things in a more modular fashion - one of the benefits of the interface using MMC 3.0. Information is far easier to access and interpret.
The WSUS summary is presented in a similar fashion, with a To Do List (which looks and works exactly the same as the previous version), but the overview of updates, computers, synchronization status and server statistics are presented as pie charts.
There are also links to WSUS-specific resource pages if you need help in a hurry.
The five areas of the WSUS 1.0 admin page - Home, Updates, Reports, Computers and Options which are listed along the top of the page are now listed down the left-hand side of the WSUS 3.0 console in a file navigation structure.
There’s one new option - Downstream Servers. This lets you connect to any other WSUS server which is using the local server as its authoritative source.
This feature, and leveraging off MMC 3.0, allows you to connect to a remote WSUS 3.0 server via the snap-in and interact with it as if you are connected locally.
The information provided in the update and computer/groups views is largely unchanged. Interaction with the server and page refreshes are definitely quicker, as the requests aren’t being passed through IIS. Additionally, you finally get a right-click context menu. These are simple extras, but administrators will find them exceptionally useful.
WSUS 3.0 also supports more products that WSUS 1.0. With SP1 applied, WSUS 1.0 should support Windows Vista, but in the Products and Classifications list in WSUS 3.0, there are entries for Activesync, Longhorn Server and Windows Ultimate Extras, amongst others. So quite possibly as time goes on, WSUS 3.0 will become more of a necessity than an optional upgrade.
There are a few more options available which enhance WSUS’s functionality.
There’s a Server Cleanup Wizard which gets rid of old computer accounts and outdated updates, a Reporting Rollup which pulls computer and update status reports from downstream WSUS servers, and E-Mail Notification, where WSUS will inform you when new updates are available for install.
You can also sign up to Microsoft’s Update Improvement Program and re-run the WSUS Configuration Wizard without having to uninstall/reinstall the application.
So the next version of WSUS is looking streamlined, feature-rich and admin-friendly. These are all buzzwords sysadmins like to hear!
Unfortunately, WSUS 3.0 is in closed beta at the moment -- it's only available to Microsoft Connect members, Microsoft's core group of beta testers. Hopefully there will be a public beta release soon.