WSUS for remote users?

Discussion in 'Update Services' started by Dave, May 27, 2010.

  1. Dave

    Dave Guest

    Is there a best practice for managing remote users or users that rarely come
    into the office? Can WSUS be published using ISA / TMG?

    Thanks!
     
    Dave, May 27, 2010
    #1
    1. Advertisements

  2. Remote users that utilize VPN connectivity can be serviced by a dedicated
    Replica WSUS Server that is configured to not maintain a local content
    store. These machines will obtain approvals for updates from the replica
    server, but download content from Microsoft.com. The content can be
    downloaded anytime the remote user is connected to the Internet, without
    being dependent on the VPN connection.

    Users that do not implement regular VPN connectivity to the corporate office
    should be configured as Automatic Updates clients with installations
    scheduled to occur at a specified time or upon restart if the scheduled
    event is missed (which is the default behavior of the WUAgent).

    WSUS can be published via ISA/TMG; however, you need to implement some sort
    of methodology to ensure authentication/identification of the clients. The
    WSUS EULA prohibits open publishing of a WSUS server to the "Internet".
    Because WSUS is an *anonymous* service, some other form of authentication
    must be involved. Typically this is VPN connectivity. Where VPN connectivity
    is not employed, two theoretical methodologies are available: Client-Side
    Certificates and Reverse-Proxy with Authentication -- neither of which, to
    my knowledge, have actually been successfully implemented in a production
    environment.


    --
    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2010)

    My Blog: http://onsitechsolutions.spaces.live.com
    Microsoft WSUS Website: http://www.microsoft.com/wsus
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
     
    Lawrence Garvin [MVP], May 28, 2010
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.