WSUS at Branch Offices

Oct 14, 2005

  1. Ralph GCI

    Ralph GCI Guest

    I feel like I must be missing something.

    I want to centrally manage updates from the main office, including at
    several small branch offices, so I would think I would set up the WSUS
    servers at the branch offices to mirror the WSUS server at the main office.
    This seems fine, except then this forces all the WSUS replica servers at the
    branch offices to download their update files from the WSUS server at the
    main office, which over our WAN link is not practical.
    It seems that I should be able to have all the branch office WSUS servers
    get their management information (groups, approvals, etc.) from the main
    office server, but actually download the updates directly from Microsoft. Is
    this possible?
    Ralph GCI, Oct 14, 2005
  2. Unfortunately, Ralph, this is not currently possible with this release of
    the WSUS product.

    The choices of synchronization source (where) and local content store
    (yes/no) are independent decisions, and there's no provisions for the
    /server/ obtaining the content from a different source than the metadata.

    What you could do is set the branch office servers up as independent
    servers, and configure the server to not maintain a content store, which
    would have the clients download content directly from, but get
    the approval authorizations from the local WSUS server.

    The question becomes whether the load of the collection of clients
    downloading over a 22 hour period of time is more or less bandwidth
    intensive (on the Internet side of the pipe) than the local WSUS server
    downloading across the WAN from the central WSUS server.

    You should also know that the downloading from the main WSUS server to the
    remote servers can be controlled as to bandwidth utilization and the time of
    day such transfers are permitted, essentially allowing you to reserve
    bandwidth during the daytime for business activities, and the WSUS server
    only transfers content during off-work hours.

    See the policy at Computer Configuration \ Administrative Templates \
    Network \ Background Intelligent Transfer Service, which will allow you to
    restrict the bandwidth used, and the time of day it is used.
    Lawrence Garvin [MVP], Oct 14, 2005
  3. Ralph GCI

    Ralph GCI Guest

    Thank you for a very informative answer. I appreciate the alternative
    suggestions and guess I'll be choosing one or more of those options depending
    on the number of workstations at each branch office.

    Ralph GCI, Oct 14, 2005
