2.1.2 Functional Overview
The WSUS protocols provide centralized update management in an enterprise computing environment. The protocols provides automated update discovery and delivery, and administrative control over update availability.
WSUS provides the following update functionality:
Enable update discovery by computers
Deliver relevant updates to computers
Update distribution controls for administrators
Monitor update activity
For update discovery, WSUS evaluates the rules contained in update metadata to determine whether an update is required by the target computer. Update delivery is performed through HTTP file download.
Administrators control update distribution by placing computers into target groups and creating update deployments. A target group is a collection of computers (for example, servers or desktop computers) that are defined by the WSUS administrator. The target group is used to treat a set of computers collectively rather than having to perform actions on a per-computer basis. An update deployment is an administrative intent about whether an update will be made available for a given target group. Administrators use update deployments to control the availability of updates to the computers that they manage.
Administrators can also configure a distributed server environment to manage update distribution to remote locations efficiently. Update installation is monitored by computers sending update detection and installation status using a reporting channel.
WSUS consist of the following:
One or more update servers that act as distribution points for updates, and receive and relay update status information. The update servers are essentially repositories for update metadata.
One update client on each computer that is configured to receive updates. The update client communicates with an update server to discover updates and send installation information.
To discover and install updates, the update clients send a series of requests to the update server to progressively determine updates that are applicable, while excluding updates that are not applicable. At the end of the discovery phase, the update client downloads the installation files from the update server to complete the update installation. The update client sends back information about the update detection and installation phases as events to the update server.