Announcement

Collapse
No announcement yet.

WSUS Remote Access?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • WSUS Remote Access?

    Hi Folks,
    As you know, I manage a number of small networks (typically SBS and 10-20 clients). I have a WSUS installation on my own network and would like to set up WSUS on the remote networks up to:

    Access WSUS approval / configuration info from my WSUS server but
    Download updates directly from Microsoft to the local WSUS server.

    Can I do anything like this? If so, how? and if not, what are my alternatives?

    Ideally i do not want to spend my life approving updates on multiple servers!

    Thanks in advance
    Tom
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

  • #2
    Re: WSUS Remote Access?

    If I undersatnd correctly, you want to setup a WSUS server at your place and then point your client's WSUS machines to your already approved WSUS updates.

    Yes, you can do this. How, I have no idea.

    The Admin side of the schools network in Victoria (OZLand) have this very setup. This is to allow testing of the updates in a Lab before pushing them onto unsusupecting schools. The schools WSUS points to an Upstream WSUS which then gets its updates from MS. The schools central WSUS has the schools added into a "group" and the approved updates are then given a cut lunch and sent on their way.

    Mmm, just reread your post. You want to approve the updates on your WSUS but have the client's WSUS download the updates (which you have approved) directly from MS. Obviously I am not an expert, but I don't see how you can approve updates that don't pass through your WSUS. Unless there is a script you can run on your WSUS extracting update approvals and then apply that script to the clients (kind of like a registry hack).
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Re: WSUS Remote Access?

      Hi Biggles,
      As I understand it (still getting to grips with WSUS) you have the option to either download updates locally or approve them but the clients get them direct from MS. When servers are deployed in a chain, they seem to get the updates from the first system on the chain. This would put unacceptable stress on my ADSL, hence why I'm wondering if there is a different solution

      Tom
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: WSUS Remote Access?

        Yes, the strain would be considerable. The Admin WAN in Victoria has some 2,000+ school and this amounts to some 2,500 servers. However this all runs inside a VPN setup by a Govt who had some foresight. This cuts down on outside traffic quite considerably. Considering the download costs to the client and other management fees incurred, maybe you could set them up in your own VPN and have a dedicated WSUS connection paid for by some sort of management contract with your clients. Would also allow you to then use the connection for online backups to value enhance your bottom line. Remote management would also be an added plus.

        The old system here was SUS ond it was mainly used on the Curriculum side. 180,000+ systems updated from a PIII 550 with 128MB RAM. The bandwidth saving was mind boggling. If you got enough clients on board there is no reason why you can't do a WSUS configuration within your own VPN. I'm sure there are many considerations to be looked at and I do not have the skills to even dip my toes into these waters, but from what I have seen of SBS, this would be the platform to impliment it on. Steven would be able to provide some valuable insight into this. Don't forget that it will only strain your upload connection and if the synchronisations were staggered (obviously at night) over a 5 - 7 day period then that problem is minimal.

        As I said above, it leaves you with a connection that can be utilsed to value add to your business.
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          Re: WSUS Remote Access?

          As I understand it, chained WSUS servers get their approval options from the "parent" or "master" upstream WSUS server, but have the option of obtaining the actual update downloads, patches, drivers, etc. from either the upstream WSUS server or directly from the Microsoft Updates website itself (the WSUS clients have this option as well)

          I use WSUS at home and at work but I have not implemented chained servers.

          Jas
          Attached Files
          Last edited by jasonboche; 19th May 2006, 18:52.
          VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
          boche.net - VMware Virtualization Evangelist
          My advice has no warranties. Follow at your own risk.

          Comment


          • #6
            Re: WSUS Remote Access?

            Would be interesting to know if a FQDN can be used in the Server Name option rather than just the servername. It looks like that was really intended for an internal setup.
            1 1 was a racehorse.
            2 2 was 1 2.
            1 1 1 1 race 1 day,
            2 2 1 1 2

            Comment


            • #7
              Re: WSUS Remote Access?

              Thanks, guys
              I am going to try on one site and see how I get on.
              With thought, after the initial 6Gb or so, the overhead shouldnt be too great.

              Biggles -- point taken about the value added, the trouble is that ADSL in the UK is restricted to 256KBPS outbound from my server, so any VPN would be limited to that speed unless I go for bonded ADSL (serious ) or SDSL (very serious )

              Tom
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Re: WSUS Remote Access?

                What about a T1 line?
                1 1 was a racehorse.
                2 2 was 1 2.
                1 1 1 1 race 1 day,
                2 2 1 1 2

                Comment

                Working...
                X