WSUS stands for Windows Server Update Services. It is a server role developed by Microsoft to help you centralize the update and reporting of your Microsoft-based products. It is available in all supported Windows Server versions, starting from Windows Server 2012 R2 up to Windows Server 2022.

It is a free role; however, it is essential to run a licensed Windows Server edition.

Protect Your Data with BDRSuite

Cost-Effective Backup Solution for VMs, Servers, Endpoints, Cloud VMs & SaaS applications. Supports On-Premise, Remote, Hybrid and Cloud Backup, including Disaster Recovery, Ransomware Defense & more!

This article is the first in a series of articles about WSUS. Today, we start with understanding the fundamentals, and installing WSUS, and later on, we go through the implementation and configuration.

Why do you need WSUS?

It helps you to have automated ways of deploying updates to thousands of machines without so much hands-on hassle. Here are some of the benefits.

Centralized Update Management: WSUS allows you to centralize the distribution and management of updates for Microsoft products across your network. Instead of doing it manually for each Windows machine or Microsoft-based product, you can do it centrally with a few clicks.

Download Banner

Save your bandwidth: WSUS helps you download all updates locally and then distribute them during non-working hours to target hosts and products. By doing this, you save bandwidth consumption, as thousands of machines will not download updates via the Internet but locally.

Control over updates: You have control over which updates to install, what language to use, and when to download and install them.

Reporting: You can monitor the update status of your computers, and generate reports for failed or successful updates. Practically, you know which machines are updated and which are not. So, you can act accordingly.

Upstream vs Downstream WSUS server

When you deploy the WSUS server, you can set it up either as an upstream server or a downstream server. If you are deploying WSUS for the first time, you have to configure it as an upstream server.

Practically, the key differences between upstream and downstream servers lie in their data source, role, and internet connection. The data source refers to where clients download updates, the role defines which server is primary and which is secondary, and the internet connection varies between them.

Windows Server Update Services

Upstream and downstream server

An upstream server requires an internet connection because it directly connects to Microsoft and downloads updates. On the other hand, a downstream server doesn’t need an internet connection. Instead, it downloads updates from the upstream server and serves as the secondary server, distributing updates to client machines.
Some of the use cases include scenarios where you have two locations: one is the headquarters, and another is a branch office. In the headquarters, you would deploy an upstream server, and in the branch office, you would deploy a downstream server. The rest of the configuration is based on your needs, which we will explain in the next series of articles.

Supported products

In order to update certain products, you need to select the products you need and language packs. Here is what you can update:

WSUS can only be used to distribute updates to Windows and Microsoft-based products.

Windows Operating Systems: You can update Windows clients and Windows Server 2022. WSUS supports all Microsoft-supported products.

Microsoft Office: If you are still running on-premise Microsoft Office, you can update it via WSUS.

Other Microsoft Products: WSUS can update Microsoft Exchange Server, Microsoft SQL Server, Microsoft SharePoint, Microsoft .NET Framework, Microsoft Visual Studio, Windows Defender, and others.

Once you do the first sync of your WSUS server with Microsoft update, the list of supported products will be extended, also including Azure.

Windows Server Update Services

Supported products

Support update types

You can specify what classification of updates you want to synchronize and then distribute to your client machines, if applicable. You can choose critical updates, definition updates, driver sets, drivers, feature packs, security updates, service packs, tools, update rollups, and standard updates. The best practice is to select all of them.

Windows Server Update Services

Supported update types

Additionally, if you are running products in different languages than English, you can select whether you want to download updates in all languages or only specific ones.

Windows Server Update Services

Supported languages

System requirements

Before installing WSUS in your infrastructure, you need to ensure that you meet the system requirements. Here is what you need.

Windows Server 2022 (recommended) or earlier supported operating system, with 2 vCPUs, 2 GB RAM, 40 GB disk, 1 Gbit network card, installed Microsoft Report Viewer Redistributable 2008, and Microsoft .NET Framework 4.0. All of these requirements go on top of the operating system.

If you want to store your updates locally, you need to ensure your WSUS has disks with enough capacity. The size of the disk depends on how many products and language types you want to download on your local storage. It could range from 100 GB to a few terabytes.

“Both your WSUS server and the client machines you want to update have to be joined to your company domain (Active Directory Domain).

That is all for today. In the next article, we will install WSUS together on Windows Server 2022.
Stay tuned.

Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.

5/5 - (2 votes)