2.1.3 Applicability
WSUS is appropriate for the management of updates for groups of computers. Additionally, it is applicable to situations in which several groups of computers need to be managed separately.
WSUS is not useful for situations in which computers that require updates are not on the network with the WSUS servers.
WSUS can be implemented in a Windows environment by enabling the update server component on computers running applicable Windows Server releases and configuring the update client on computers with Windows to communicate with the update server. For the Windows versions that WSUS supports, see section 4.
In a distributed deployment of WSUS with more than one update server, a downstream server (DSS) communicates with an upstream server (USS) to synchronize the update metadata and associated content, and optionally, administrative intent such as target groups and deployments. In addition, the DSS can be configured to relay information about the update installation information that it collected from update clients to the USS.
WSUS defines a set of internal protocols to enable server-to-server and client-to-server communication, as described in section 2.1. There are no external protocols defined by WSUS.
The following figure shows the layout of multiple update servers that are deployed as a hierarchy. Computers are configured to receive updates from one of the update servers in the hierarchy. The server-to-server communication is represented using solid lines, and client-to-server communication is represented using dashed lines. Within the context of each server pair communicating with each other, the parent server forms the USS, and the child server forms the DSS.

Figure 4: Windows Server Update Services overview