The software update point role is integral to the software update mechanism and is responsible for synchronizing all patches from Microsoft Update and making them available in the Configuration Manager 2012 R2 interface for deployment. The software update point requires that Windows Software Update Services 3.0 SP2 be installed on the same server where the software update point is being installed and requires that the instance of WSUS be dedicated to interfacing with the software update point and providing service to Configuration Manager. No sharing allowed! Also, administrators should not perform any administrative work on the WSUS server itself. All administrative work should be done through the Configuration Manager console. You will find that the options available in the Configuration Manager console are very similar to what are found in WSUS itself.
If the software update point has not yet been added, you will need to select it in the Add Site System Roles Wizard, as shown in Figure
1. Choose the server where the WSUS component is installed.
2. Select the role in the Add Site System Roles Wizard.
3. Click Next to proceed to the Software Update Point page of the wizard.
4. On the Software Update Point page, configure whether to use ports 80 and 443 for client communications or the customized 8530 and 8531. Determine what kind of client connection type you expect, whether they are intranet-only, Internet-only, or both. Click Next to proceed to the Proxy and Account Settings page of the wizard.
5. A proxy server should be used when synchronizing software updates and also when downloading content with auto deployment rules. Also, choose whether alternate credentials will be used to connect to the WSUS server. If a proxy server is needed, supply the needed information for the proxy server. This is shown in Figure
2. Select the role in the Add Site System Roles Wizard.
3. Click Next to proceed to the Software Update Point page of the wizard.
4. On the Software Update Point page, configure whether to use ports 80 and 443 for client communications or the customized 8530 and 8531. Determine what kind of client connection type you expect, whether they are intranet-only, Internet-only, or both. Click Next to proceed to the Proxy and Account Settings page of the wizard.
5. A proxy server should be used when synchronizing software updates and also when downloading content with auto deployment rules. Also, choose whether alternate credentials will be used to connect to the WSUS server. If a proxy server is needed, supply the needed information for the proxy server. This is shown in Figure
6. Once all configuration is complete, click Next to proceed to the Synchronization Source page of the wizard, shown in Figure
If software update services will be used in Configuration Manager, at least one software update point is required. Note that a single software update point on properly sized hardware is capable of supporting 100,000 clients in Configuration Manager 2012 R2.
7. On the Synchronization Source page, configure the location that the software update point will use for obtaining update information. Typically this setting will be to synchronize from Microsoft Update from the Internet. If this software update point is installed at a child site in a hierarchy, then the option to choose here will be to synchronize from an upstream update point. In this case the CAS would host the top-level software update point and the primary site would synchronize from it.
If the software update point is on the CAS and the CAS does not have access to the Internet, then it’s possible to synchronize manually. If this is the case, choose the option Do Not Synchronize From Microsoft Update Or Upstream Data Source.
8. In the WSUS Reporting Events section, choose whether or not to create any or all WSUS reporting events.
9. Once all configuration is compete, click Next to proceed to the Synchronization Schedule page. Choose whether or not synchronization should proceed on a schedule. It is not required that the software update point be configured to synchronize automatically, but in most environments a recurring schedule is ideal. The schedule is up to you; just remember that Microsoft publishes new patches the second Tuesday of every month and from time to time will have out-of-band patch releases. If you are using Endpoint Protection in Configuration Manager, it is recommended to perform synchronization no less than daily (or as often as three times per day).
10. If you would like an alert when synchronization fails (a good idea), select that option as well.
11. Once all configuration is complete, click Next to proceed to the Supersedence Rules page shown in Figure
12. On the Supersedence Rules page, choose the behavior that happens when a new update is available and synchronized that replaces an existing update. This option is new to Configuration Manager 2012. The first option, Immediately Expire A Superseded Software Update, is the default, and this was the only option in Configuration Manager 2007. This option caused frustration in many environments—not because an update was superseded, but because the action of superseding also caused the original update to be expired. When an update is expired it can no longer be deployed. While it is a good idea to stop deploying a superseded update when it has been replaced, the truth is that testing cycles in many environments do not easily allow for this kind of rapid change. For that reason, the second choice (Months To Wait Before A Superseded Software UpdateIs Expired) was made available in Configuration Manager 2012 R2. Note that the superseded update is still superseded; it just isn’t expired and can still be deployed.
13. Once all configuration is complete, click Next to proceed to the Classifications page shown in Figure
14. On the Classifications page, choose the classifications of updates that should be retrieved from Microsoft Update and made available in Configuration Manager 2012 R2 for deployment.
15. Once all configuration is complete, click Next to proceed to the Products page shown in Figure
16. On the Products page, choose the products or product families that should be included when retrieving updates from the categories just configured. The expanded list is shown in the figure.
17. Once all configuration is complete, click Next to proceed to the Languages page. Here, choose all languages that are in use in your environment. This will ensure the appropriate language-specific patches are included during synchronization as well.
18. Once all configuration is complete, click Next and proceed through the remaining wizard pages to complete the configuration.
No comments:
Post a Comment