davedavedave Posted April 23, 2014 Report post Posted April 23, 2014 Hi Guys Since i have 10 different site, both are in same forest, but in different location, worst is they are connected but with very low bandwidth linked(which <500kbs),but their external connection have more than 10Mbs, so i am decide to create a WSUS with DP in their own site. what i am confuse is, if i am going to deploy it as site system role. i will only able to select SUP and no more option about pointing which WSUS to serve the client. which i dont wanna happen is "B" site client go to "A" site's wsus for windows update. i have create different boundries to manage the network for software distubrtion hope it's going to work. 1.I would like the WSUS it to download the update individually, and the site client will only request the site WSUS for windows update.or the SCCM client will only find the WSUS for update services. should i create the GPO for different site client to connect with only the site WSUS? 2.Should i using the same WSUS DB for all site WSUS? Cause i have successfully install 2 WSUS with same database, and i could update both software update list if one of the WSUS node request for Microsoft update sync. of course the DB have goes into single user mode, and bring me a lot of headache. Since i have more WSUS to go, and when i start to install the third WSUS the problem apper again, i have way to sort out the SUSBD back to muti user mode but its kind of pain to me already, so i was wondering if i ma doing this right or not. Any advise about this also? 3.Or simply i should deploy all site in secondary site and no more problem will cost? since every site is only serving not more than 500 peoples. And i found some discussion already about how many user should deploy with secondary site, so i dont think i am in those case but simply with limited network bandwidth. Thank you Best Dave Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted April 23, 2014 Report post Posted April 23, 2014 The main problem with a flat design, is indeed the locating of management points and software update points, because these are selected "at random" within the same site. Do keep in mind that the traffic to a software update point or a management point is very little, the most traffic is to the distribution point and that you can control. So either accept it how it is, or use a secondary site to "control" the sotware update points and the management points. I would never use a GPO as a workaround as it will only bring you problem (local policies vs. GPOs). Quote Share this post Link to post Share on other sites More sharing options...
davedavedave Posted April 24, 2014 Report post Posted April 24, 2014 The main problem with a flat design, is indeed the locating of management points and software update points, because these are selected "at random" within the same site. Do keep in mind that the traffic to a software update point or a management point is very little, the most traffic is to the distribution point and that you can control. So either accept it how it is, or use a secondary site to "control" the sotware update points and the management points. I would never use a GPO as a workaround as it will only bring you problem (local policies vs. GPOs). Hi Peter thanks for the reply, what i was confuse is about the WSUS traffic and management, please correct me if i am wrong on this, by my understanding, i believe the SUP will download the update content via the primary WSUS, which i was install with the Primary site server on 8530 port. If i deploy the software update to client, the data will transmit to DP, then distrubte the content to the Client. but those traffic was what i am trying to prevent. And the distrubtion point will not able / know to call the same site WSUS to download the update individually i am a little confuse if i am getting this right. please advise the above is correct or not. About the GPO, since it was the exsiting enviroment and production for a long time already, its kind of hard to change it. I get the point about local policies. cause i have already hit the problem of policy overlap. So i would like to do some clarification about my though was right. If those traffic was not able to reduce, i might possible let the WSUS works as before(which every location with their own WSUS and GPO override for update) rather than change it to manage by SCCM. Quote Share this post Link to post Share on other sites More sharing options...
