Question about WSUS integration

Question about WSUS integration (Full Version)

All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager

Message

jmcleish -> Question about WSUS integration (6/5/2008 7:37:11 AM)
I moved away from using ITMU in SMS 2003 to using WSUS for my clients and servers and am now quite happy with the setup and automation. Could someone please tell me how the integration works with WSUS and SCCM. I really don't want (and don't have the time) to go back to having 12 or so delightful screens to navigate, manually approve updates, and create packages each month when I now have WSUS to automatically approve and install the types of updates that I want. How does it work in the new setup? I just noticed that sp1 for CM requires WSUS (when this is just one of the jobs you do- any part that can make life a little easier is very welcome!) Thanks Jane

rdixon -> RE: Question about WSUS integration (6/5/2008 10:20:32 AM)
With the integration of WSUS and ConfigMgr, first you only have the ability to setup auto approval from within WSUS. This you probably figured out. No auto approval option in ConfigMgr. When approving or auto approving updates in WSUS, WSUS is the tool that will actually delivering the updates to clients. When you manually approve updates in ConfigMgr, and deploy those updates, ConfigMgr will be the tool that delivers updates to clients. Once you have ConfigMgr/WSUS running, clients assigned to a site configured with WSUS/SUP Points will be configured to run scans against your WSUS/SUP Point role only automatically. If a client that is assigned to this site wants to scan against the Microsoft Updates site, the user will have to click on the link in the Windows Update dialog that says "Check online for updates from Microsoft Update". Else your client will always scan against your ConfigMgr site's WSUS/SUP point roles. Actually RTM and SP1 requires WSUS. You can't install a Software Update Point Role with WSUS previously installed. So the catch is, if you approve updates in WSUS, WSUS delivers the content/update to clients. If you approve and deploy in ConfigMgr, ConfigMgr will deliver the content/update to clients. Note: If you do both approval in WSUS and approval and deployment in ConfigMgr, the you may hit your clients twice with updates. Because one tool can come by and patch the system and needs a reboot to satisfy the installation requirement, and the other tool could come by and also attempt to patch the system not knowing it was patched already.

jsandys -> RE: Question about WSUS integration (6/5/2008 10:35:07 AM)
I concur that WSUS is a huge step up from ITMU. As for the management of patches via ConfigMrg, it is a hybrid of managing WSUS with the added power and flexibility of ConfigMgr. Everything is still package based, but to keep it simple, typically one creates a small set of packages that contain updates. There is a built in-search mechanism to find patches which can then be added to lists; this is like approving the patches because they aren't downloaded until they are added to a list. Patches in a lists can then be added to packages. This is all drag-and-drop for the most part and is completely and seemlessly integrated into the MMC. The major advantage that Software Updates in ConfigMgr has is that it is push based; i.e., you're not relying on the clients to pull the patches down. Reporting is also integrated with the rest of your ConfigMgr environment instead of being isolated in WSUS. All-in-all, it is a very good solution and night and day better than ITMU.

jmcleish -> RE: Question about WSUS integration (6/5/2008 11:13:11 AM)
Thanks for the info guys. So does it still require a seperate scan tool? I never worked out why ITMU didn't use the clients' own windows update agent since that was already on the clients. I had many problems with the scan tools and the reports weren't much better. In fact- that was one of the reasons why I changed. The reports on what servers were pending a reboot were always wrong. guess I'll need to assess whether or not to change.... mmmm, although it sound like I may just continue to patch with WSUS. (I liked rolling out .net framework v2 via WSUS. oh- 2 clicks and thats it approved :-) no packages or adverts. Richard- I read your article on the 100% CM client install. Do you know if i can import (I'm winging it here![8D]) the CM client into WSUS or is that just available via the CM SUP? Its a shame that more things aren't available through WSUS (Office compatibility pack) and (assuming you can't) the CM Client. Jason- Guess it was the non-expandable window in ITMU that broke the camels back! [:)] Cheers Jane

jsandys -> RE: Question about WSUS integration (6/6/2008 10:12:19 AM)
The seperate scan tools are gone. ConfigMgr relies on the built-in Windows Update components and thus doesn't get into the pain's that ITMU had. As for the ITMU Windows/dialog box, that was just one of the many things that I despised about ITMU :-)

rdixon -> RE: Question about WSUS integration (6/8/2008 2:37:43 AM)
Yes you can import the ConifgMgr client into WSUS. That can be done with one way. Allow a ConfigMgr Site to publish the ConfigMgr client into WSUS. Install a ConfigMgr site on your WSUS server. And only enable the Software Update Client Installation option. This will publish the site's version of the client into WSUS.

jmcleish -> RE: Question about WSUS integration (6/9/2008 7:33:46 AM)
Thanks for the responses. Thanks goodness the seperate scan tools have gone! Thanks for that info Richard too- that's good news :-) I guess things will be clearer when i start to play about with it. I may post about this again, when i'm setting up ConfigMgr or at least in my test lab (if i ever get it working!) Thanks again Guys- much appreciated. Jane

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.1875