Why Software Updates with ConfigMgr vs WSUS standalone

Why Software Updates with ConfigMgr vs WSUS standalone (Full Version)

All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager

Message

cldpeak -> Why Software Updates with ConfigMgr vs WSUS standalone (9/13/2008 4:57:51 PM)
Building my presentation for ConfigMgr 07 Patch Management and need to inlclude arguments for using ConfigMgr instead of just WSUS. Since I haven't used WSUS 3.0 I'm not as familiar with the pros and cons of WSUS standalone. Looking for suggestions on statements I can make on the advantages of moving to ConfigMgr 2007 for Software Updates vs WSUS 3.0 Standalone... Thanks, Ray

jsandys -> RE: Why Software Updates with ConfigMgr vs WSUS standalone (9/14/2008 10:21:04 PM)
This is a question faced by a lot folks. WSUS worls pretty well, even for large organizations, so justifying the replacement of it by ConfigMgr (which of course uses WSUS to limited extent) is no trivial task. So here's a quick list: Integrated reporting. With a separate installation of WSUS, you have no easy way to patch data correlate them with other data in ConfigMgr like hardware inventory. Customized Reporting. There is no direct and easy way to customize reports out of the box. Deployment control. With WSUS alone, you have to rely on group policies to tell clients to pull updates. This can go wrong for a lot of different reasons. Also, the availabe group policies are somewhat limitied do not alow for granual control over deployment times and behavior. ConfigMgr updates are deployed using a similar process as software distribution and gives you fine grained control over deployments including the use of Maintenance Windows. WAN/branch office friendly. Using Branch DPs you do not have to put a downstream WSUS server in branch offices to control the distribution of patches to smaller sites. Single tool. Every tool imposes some overhead to configure and maintain. One tool is better than two. There may be more than this, I'd definately like to hear what other have to say.

jquirk822 -> RE: Why Software Updates with ConfigMgr vs WSUS standalone (9/15/2008 5:40:35 AM)
I agree with all of Jason's points. The crucial points for me are that you only use one interface. For the first time ever Microsoft can claim that they have a true PC Lifecycle management tool. The tool that you use to create the image which you used to build the PC in the first place is the same tool that you patch and manage it with and is ultimately the same tool which you decommission the machine with at the end of its life (via the Replace Computer scenario). The second major advantage from my perspective is around infrastructure. You already have a ConfigMgr infrastructure in place to provide for local access to package content. Using WSUS you would need to deploy multiple WSUS servers with multiple group policy configurations to point the machines at the local server, this has the potential to reduce the "romability" of the solution, but is also a management headache. Integrate a single WSUS server with ConfigMgr and all of this goes away. The client will intelligently locate its nearest software update source and obtain the content from there. It's the same distribution methosology as all other software/OS distribution tasks, killer benefit to me.

wbracken -> RE: Why Software Updates with ConfigMgr vs WSUS standalone (9/15/2008 8:54:28 AM)
I agree that these are all great points and do give a compelling argument for SCCM. Just to give some argument to the other side of question here are a few reasons why you may not want to use SCCM to manage WSUS. (These points are all taken from my lab environment where I tested potentially replacing my WSUS with SCCM) 1. Much more complex management interface in SCCM. Simple things like declining certain updates is much more intuitive via the WSUS console in my opinion. 2. If you do not have complex scheduling requirements WSUS is easier to "manage". Although SCCM can be used to schedule patch installs via script as a standard distribution so this is sort of a moot point. 3. In my experience I am much more likely to have problems with my SMS client than I am with GPO's. If I have a machine that cannot receive a software push from SCCM that's a problem but not one that affects the network. If my machine is not receiving updates then I have a much bigger security risk on my network. 4. The SCCM Patch management inteface on the client side is not very intuitive (again in my opinion). There are buttons that seem out of place in certain dialogs that could confuse users if you choose to display them. 5. Disk Space. This is typically not much of an issue these with the price of drives these days however the amount of required server space is drastically increased as you have your WSUS server that downloads the updates, which then have to be "packaged" by SMS which then creates another compressed copy and the uncompressed copy that gets placed on the DP. The one DISTINCT disadvantage of WSUS in my opinion is the reporting. Plain and simple the reporting sucks. :( You get just enough information to keep you informed of issues but trying to drill more info out is not an easy task. I think it really all comes down to what your requirements are. I chose not to add the complexity in my envirnment at this time. A lot of that reason is also the buggy results I experienced in my lab. There are some really compelling features of managing WSUS via SCCM but I found that it added more complexities than benefits for my environnment. [:)]

cldpeak -> RE: Why Software Updates with ConfigMgr vs WSUS standalone (9/15/2008 12:42:37 PM)
Thanks so much for your input! There's several points there that I had not thought about and will use in my presentation to convince others to move to ConfigMgr... Rhea

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.1875