migration from software update services to windows server update services jeff alexander it pro...
TRANSCRIPT
Migration from Software Update Migration from Software Update Services to Windows Server Services to Windows Server Update Services Update Services
Jeff AlexanderJeff AlexanderIT Pro EvangelistIT Pro EvangelistMicrosoft AustraliaMicrosoft Australia
Scott KormanScott KormanWSUS MVPWSUS MVP
SEC316
Our time todayOur time today
Review WSUS CapabilitiesReview WSUS Capabilities
WSUS DemoWSUS Demo
Migration ScenariosMigration Scenarios
Considerations Considerations
ToolsTools
Migration DemoMigration Demo
WSUS continues to support…WSUS continues to support…
Single serverSingle server
Multiple serversMultiple serversAutonomous vs. ReplicaAutonomous vs. Replica
Client policy settingsClient policy settings
Language selectionLanguage selection
Download only update descriptions – Download only update descriptions – binaries stay on Windows Updatebinaries stay on Windows Update
Microsoft Windows updatesMicrosoft Windows updates
New WSUS CapabilitiesNew WSUS Capabilities
Solution and infrastructureSolution and infrastructureTarget groups (Client or Server)Target groups (Client or Server)Port configuration (not just 80)Port configuration (not just 80)Detect only evaluationDetect only evaluationMore products (Microsoft Windows and other More products (Microsoft Windows and other Microsoft products) Microsoft products) Update classifications selectionUpdate classifications selectionDownload updates to server only after Download updates to server only after approval (default)approval (default)ReportingReportingNew client policy settingsNew client policy settings
New Client ConfigurationsNew Client Configurations
Polling frequencyPolling frequency
Target groupTarget group
Reboot behaviorsReboot behaviors
Allow local admin to configure AU settings Allow local admin to configure AU settings except for disableexcept for disable
Non-administrators can install updates (like Non-administrators can install updates (like administrators)administrators)
Update at shutdown (Microsoft Windows XP Update at shutdown (Microsoft Windows XP SP2 and later only)SP2 and later only)
WSUS ReviewWSUS Review
Migration …Migration …
Migration ScenariosMigration Scenarios
Single serverSingle serverWSUS and SUS 1.0 on a single serverWSUS and SUS 1.0 on a single server
Multiple serversMultiple serversWSUS and SUS 1.0 on separate serversWSUS and SUS 1.0 on separate servers
Multiple SUS 1.0 servers to a single Multiple SUS 1.0 servers to a single WSUS serverWSUS server
Multiple SUS 1.0 servers to multiple Multiple SUS 1.0 servers to multiple WSUS serversWSUS servers
Environment ConsiderationsEnvironment Considerations
Ease of updating client settingsEase of updating client settingsE.g., policy or scriptedE.g., policy or scripted
New clients coming into environment New clients coming into environment which are not yet WSUS compatiblewhich are not yet WSUS compatible
Branch office scenariosBranch office scenarios
Targeting group modelTargeting group model
Migration ConsiderationsMigration Considerations
WSUS and SUS 1.0 can not synchronise WSUS and SUS 1.0 can not synchronise metadata with each othermetadata with each other
Only one way SUS 1.0 to WSUS migrationOnly one way SUS 1.0 to WSUS migration
Migration of update approvals overwrites Migration of update approvals overwrites any pre-existing approvals per target any pre-existing approvals per target group group
What doesn’t migrateWhat doesn’t migrateproxy server settingsproxy server settings
Internet Information Services (IIS) settingsInternet Information Services (IIS) settings
Single Server MigrationSingle Server Migration
For customers with few serversFor customers with few serversRequires WSUS to be initially installed Requires WSUS to be initially installed on a different port than SUS 1.0on a different port than SUS 1.0Requires updating all clients as they Requires updating all clients as they connect once the WSUS server is connect once the WSUS server is installedinstalledPotentially requires redirecting clients Potentially requires redirecting clients to a different port on the same serverto a different port on the same serverClients will still use SUS 1.0 for updates Clients will still use SUS 1.0 for updates until redirected to the WSUS port, or until redirected to the WSUS port, or SUS 1.0 is decommissionedSUS 1.0 is decommissioned
SUS 1.0 serverSUS 1.0 server WSUS server WSUS server
SUS clientSUS client
Single Server MigrationSingle Server Migration
WSUS serverWSUS serverSUS 1.0 serverSUS 1.0 server
WSUS clientWSUS clientSUS clientSUS clientdirected todirected toport 8530port 8530
WSUS clientWSUS clientdirected todirected toport 8530port 8530
WSUS serverWSUS server
Port 8530
WSUS
selfupdate tree Port 80
SUS
selfupdate tree
Port 80
WSUS
selfupdate tree
WSUS clientWSUS clientdirected todirected toport 8530port 8530
A C
Separate Server MigrationSeparate Server Migration
More flexibility in client self update More flexibility in client self update deployment optionsdeployment options
More flexibility in configuring the More flexibility in configuring the server port server port
Clients continue to use SUS 1.0 until Clients continue to use SUS 1.0 until client policy changes to point to new client policy changes to point to new WSUS serverWSUS server
Requires another Windows Server Requires another Windows Server
SUS 1.0 serverSUS 1.0 server
Separate Server MigrationSeparate Server Migration
WSUS serverWSUS server
Port 80
SUS
selfupdate tree Port 80
WSUS
selfupdate tree
SUS clientSUS clientWSUS clientWSUS clientSUS clientSUS clientWSUS clientWSUS client
A C
Multiple SUS server migrationMultiple SUS server migration
To a single WSUS serverTo a single WSUS serverTake advantage of target groups Take advantage of target groups
Consolidate Windows Servers Consolidate Windows Servers
To multiple WSUS serversTo multiple WSUS serversMaintain organisational structures with Maintain organisational structures with different administratorsdifferent administrators
Support branch officesSupport branch offices
SUS 1.0 serverSUS 1.0 server
Multiple SUS Server MigrationMultiple SUS Server Migration
Port 80
SUS
selfupdate tree
WSUS serverWSUS server
Port 80
WSUS
selfupdate tree
SUS clientSUS clientWSUS clientWSUS client““Test”Test”SUS clientSUS clientWSUS clientWSUS client
““Test”Test”
SUS 1.0 serverSUS 1.0 server
Port 80
SUS
selfupdate tree
SUS clientSUS clientWSUS clientWSUS client““Production”Production”
ProductionProductiontarget grouptarget group
TestTesttarget grouptarget group
A CA C
What are the Migration capabilitiesWhat are the Migration capabilities
Enabled through the Migration toolEnabled through the Migration tool
Content and approvals to all computers groupContent and approvals to all computers group
Content and approvals to a specific target groupContent and approvals to a specific target group
Content onlyContent only
Approvals onlyApprovals only
Remember …Remember …
Tool is in %programfiles%\Update Services\ToolsTool is in %programfiles%\Update Services\Tools
You must synchronise your WSUS server before You must synchronise your WSUS server before using the migration tool using the migration tool
Tool must be run on the target WSUS serverTool must be run on the target WSUS server
Migration ToolMigration Tool
WSUSUTIL.EXE migratesusWSUSUTIL.EXE migratesus
/content <content share>/content <content share>Migrate content from a SUS 1.0 <content share>Migrate content from a SUS 1.0 <content share>
/approvals <server name>/approvals <server name>Migrate approvals from the SUS 1.0 serverMigrate approvals from the SUS 1.0 server
““target_group”target_group”Apply approvals to the target group Apply approvals to the target group "target_group"."target_group".
Requires /approvals to be specified.Requires /approvals to be specified.
/log <log_file>/log <log_file>Log the migration activities to the <log file> fileLog the migration activities to the <log file> file
Content and Approvals to All Content and Approvals to All Computers GroupComputers Group
Syntax:Syntax:wsusutil.exe migratesus /content path_to wsusutil.exe migratesus /content path_to
local_SUS_content /approvals SUSserverlocal_SUS_content /approvals SUSservername /log filenamename /log filename
Example:Example:wsusutil.exe migratesus /content c:\sus\wsusutil.exe migratesus /content c:\sus\
content\cabs /approvals sus1 /log content\cabs /approvals sus1 /log local_migration.log local_migration.log
Content and Approvals to a Specific Content and Approvals to a Specific Target GroupTarget Group
Syntax:Syntax:wsusutil.exe migratesus /content path_to wsusutil.exe migratesus /content path_to
local_SUS_content local_SUS_content /approvals SUSserver_name "WSUS_targ /approvals SUSserver_name "WSUS_target_group name" /log filenameet_group name" /log filename
Example:Example:wsusutil.exe migratesus /content c:\sus\wsusutil.exe migratesus /content c:\sus\
content\cabs /approvals sus1 "all content\cabs /approvals sus1 "all desktops" /log local_migration.logdesktops" /log local_migration.log
Content OnlyContent Only
Syntax:Syntax:wsusutil.exe migratesus /content path_to wsusutil.exe migratesus /content path_to
local_SUS_content /log filenamelocal_SUS_content /log filename
Example:Example:wsusutil.exe migratesus /content c:\sus\wsusutil.exe migratesus /content c:\sus\
content\cabs /log local_migration.logcontent\cabs /log local_migration.log
Approvals OnlyApprovals Only
Syntax:Syntax:wsusutil.exe migratesus /approvals SUS wsusutil.exe migratesus /approvals SUS
server_name /log filenameserver_name /log filename
Example:Example:wsusutil.exe migratesus /approvals sus1 wsusutil.exe migratesus /approvals sus1
/log local_migration.log/log local_migration.log
Migrate ApprovalsMigrate Approvals
Scott KormanScott KormanWSUS MVPWSUS MVP
WSUS ResourcesWSUS Resources
WSUS homepage: http://www.microsoft.com/updateservices
WSUS Server download
Deployment and Operations Guides
SDK and Troubleshooter
Online Documentation
Newsgroups
Microsoft Update: http://update.microsoft.com/microsoftupdate
WSUS Community ResourcesWSUS Community Resources
Support Forums: www.wsus.info
Wiki: www.wsuswiki.com
Email List: www.patchmanagement.org
Reporting Rollup ToolReporting Rollup Tool
Status data merged on central serverStatus data merged on central server
Sample tool using WSUS APISample tool using WSUS API
To be released by MondayTo be released by Monday
We invite you to participate in ourWe invite you to participate in our online evaluationonline evaluation on CommNet,on CommNet,
accessible Friday onlyaccessible Friday only
If you choose to complete the evaluation online, If you choose to complete the evaluation online, there isthere is no need to complete the paper evaluationno need to complete the paper evaluation
© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
