Hello,
We've about 500 user in HQ site and around 20-50 user in 50 small branch and all sites connected through fiber connection, so whats the recommendations and best practice for design WSUS server.
Thanks in advance
Hello,
We've about 500 user in HQ site and around 20-50 user in 50 small branch and all sites connected through fiber connection, so whats the recommendations and best practice for design WSUS server.
Thanks in advance
@AhmedEssam-4837
Is there any updates of the case? Whether the solutions which LeonLaude and Marshall provided below are helpful or not.
Please keep us in touch if there are any updates of the case. Remember to mark the answer if the solutions are helpful.
Thanks for your time and have a nice day.
Hi @AhmedEssam-4837,
I'm not certain if there are best practices design-wise as every company/organization are unique and different, there are however common best practices for security and other configurations which you can find over here:
Windows Server Update Services best practices
https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/windows-server-update-services-best-practices
Security best practices for Windows Server Update Services (WSUS)
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/security-best-practices-for-windows-server-update-services-wsus/ba-p/1587536
If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!
Best regards,
Leon
If you're looking at distributed load off the HQ, use replica downstream servers at each site. If you're looking at creating a single point of connection, drawing all updates from HQ, a single WSUS server will work. If you're looking for creating a single WSUS server for HQ, but having all other sites get approvals from WSUS but download directly from Microsoft, use a replica downstream at HQ, but specifying that updates will be approved only on WSUS but downloaded from Microsoft and setup your Location for each of the sites to use this replica downstream WSUS server (similar to the externally facing WSUS server as linked in my guide below).
Some links of interest:
https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-1-choosing-your-server-os/
https://www.ajtek.ca/wsus/externally-facing-wsus-servers/
https://www.ajtek.ca/wsus/dual-scan-making-sense-of-why-so-many-admins-have-issues/
10 people are following this question.