Skip navigation

WSUS Ain't a Wuss


Microsoft publicly unveiled the first release candidate (RC) build of Windows Server Update Services (WSUS) last week. WSUS is the company's free patch and software update management service for Windows Server 2003 and Windows 2000 Server. Previously known as Software Update Services (SUS) 2.0 and then Windows Update Service (WUS), WSUS is set for a second quarter 2005 release.

First, I need to address the new name. I had assumed that Microsoft had changed the name to avoid the unfortunate similarity of WUS to the derogatory term "wuss." But Sabrena McBride, a Windows and Enterprise Management program manager at Microsoft, says that the name change came about because the company wanted to suggest the product's full update capabilities as well as its relationship to Windows Server. That's plausible.

Regardless of the name, WSUS addresses the same need as its predecessor, giving small and midsized businesses (SMBs) that don't have a formal patch-management infrastructure a way to provide patches and other software updates to desktops in a centralized, easily managed fashion. Microsoft is essentially positioning WSUS as a free Feature Pack for Windows 2003 and Win2K Server Service Pack 4 (SP4) and higher. That means that the WSUS functionality, or a future version of that functionality, will one day be added to the core Windows Server product. And of course, the company will continue to offer Microsoft Systems Management Server (SMS) as a more full-featured patch-management solution at additional cost.

As an integrated component in Microsoft's patch-management infrastructure, WSUS doesn't stand alone. The release version of the product will run off of the company's new Microsoft Update service, which will soon replace Windows Update. Microsoft Update, like Windows Update, offers patches for various Windows products. But Microsoft Update will go beyond that functionality by offering patches for all Microsoft's currently supported products. At launch, WSUS will support only Windows, Microsoft Office, SQL Server, and Exchange Server, but other products will be added to that list over time.

SUS 1.0 users will be interested to hear that the changes in functionality to WSUS and the introduction of Microsoft Update won't change the way SUS works: SUS 1.0 will continue to gather its updates from the Windows-only Windows Update service. So if you continue using SUS, you'll get the same functionality going forward.

I've covered the main features of WSUS elsewhere (see the links below), but I felt it would be worth examining a few little-discussed features. First, let's look at how this product compares with the new Microsoft Update service and SMS 2003. Microsoft Update will continue as the unmanaged patch-updating service used by home users and small businesses that don't have a Windows-based server. Unlike WSUS and SMS, Microsoft Update will support Windows XP Home Edition. WSUS adds support for simple content targeting and patch-distribution control (so you can manage which patches are delivered to particular system groups), basic patch-delivery scheduling, and status reporting.

SMS, as a full-featured patch-management solution, supports all the functionality from WSUS, but adds more fine-grained content targeting and patch-distribution controls, advanced status reporting, inventory management (what I think of as configuration management), and compliance-checking functionality. As with its SUS predecessor, WSUS acts as an intermediary between Microsoft's Web-based updating service (Microsoft Update in this case, rather than Windows Update) and sits inside your corporate firewall. And WSUS still uses Automatic Updates as its client component, so there's no client installation per se.

One nice feature in this version is the ability to chain WSUS servers. In such a scenario, chained WSUS servers are considered to be downstream or upstream of each other in the chain. Each WSUS server receives its updates from the WSUS machine that's most immediately upstream of it; the server that's logically at the top of the chain gets its updates from Microsoft Update. Though simple, this structure lets you easily deploy WSUS servers in fairly large environments. You can also roll out WSUS servers in distributed environments with multiple sites. In such cases, each site will have its own WSUS server, which logically sits downstream from a WSUS server at a central office.

WSUS uses a SQL Server-based database to store server-configuration information, update metadata, and client PC information. Depending on the size of your organization, you can choose from various SQL Server versions, including Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), which ships with WSUS; the freely downloadable SQL Server MSDE 2000; or SQL Server 2000. The SQL Server MSDE 2000 that ships with WSUS is actually a better choice than the separately downloadable version because it has no database size or connection limitations. MSDE 2000, by comparison, suffers from these and other performance-oriented limitations.

WSUS will require Windows 2003 (32-bit only) and Win2K Server SP4 and later. Supported clients include Windows 2003 (32-bit only), Windows 2003 with SP1 (x64 and Itanium), XP, XP Professional x64 Edition, and Win2K SP3 and later. You can find the free download of the RC version of WSUS at the fourth URL below.

Links

Microsoft Ships WUS Beta, Cancels Windows 2000 SP5
http://www.windowsitpro.com/article/articleid/44634/44634.html?ad=1

What You Need to Know About Windows Update Services Public Beta
http://www.windowsitpro.com/article/articleid/44970/44970.html

A Preview of Windows Update Services
http://www.windowsitpro.com/article/articleid/42117/42117.html

Released: Windows Server Update Services RC
http://www.microsoft.com/wsus

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish