90 Network Forum volume of large favorably virtualized infrastructure Windows 2008 11-wsus Server installation and configuration

Most Windows operating systems update patches in a timely manner, whether in the data center or the corporate network. For home users, or for most enterprise users, it is customary to upgrade online from the Windows Update site, or use third-party tools (such as 360) to download upgrades from a Microsoft site (360 does not provide patches and mirrors itself). However, when the number of servers and workstations in the network, and more products, are upgraded from the Microsoft Web site, one is slow, and the second is to occupy a large amount of internet bandwidth. In addition, especially in the data center of cloud computing, it is simple and easy to configure a new virtual server, for example, it takes 2, 3 minutes or even less time to configure a virtual machine, but it may take a few 10 minutes or more to update the patch, and the patch download takes a long time.

This chapter describes the Microsoft System Update Service-wsus, which describes how to deploy an upgrade server in a data center or enterprise network to provide fast patch Update Services for a data center or enterprise network. Prior to Windows Server 2008, WSUS was a product that needed to be downloaded from the Microsoft Web site, and the product was already integrated in the server operating system after Windows Server 2008 (actually a link, When you add the service, the installer downloads the latest installer from the Microsoft Web site. The following will begin the system requirements, installation configuration, and use of WSUS.

3.1 WSUS 3.0 Overview and system requirements

WSUS is the short name for Windows Server Update Services and is a network-patched distribution solution launched by Microsoft. With WSUS, all Microsoft product updates can be centrally downloaded, allowing clients to quickly and easily download the required updates from the WSUS server without having to connect to the Microsoft website to download, saving bandwidth and improving efficiency. The features of the WSUS server are as follows:

· WSUS is a free product, launched by Microsoft, product security, compatibility is beyond doubt.

· WSUS does not require much of your computer, as long as you have enough hard disk space.

· WSUS supports Microsoft's many operating systems, applications, and server-class products, such as Windows XP, Windows Server 2003, Windows 7, Windows Server 2008, Office XP, office 2003. Office 2007, SQL Server, Exchange, and so on.

· The WSUS server does not need to be added to the domain, as long as it is a server within the network.

The client uses the WSUS server for patch escalation and management, and does not require too many complex settings for the client. If you are a workstation in a domain, you can use Group Policy to unify the settings. All computers joined to the domain can be automatically upgraded from the WSUS server. Computers that are not joined to the domain can be set up by importing registry files.

Typically, the Windows operating system downloads patches for Microsoft products from the Microsoft Update site or other partner sites (see figure 3-1) and then installs them manually. This is mostly used by home users or SME users. However, if the network size is large, the number of computers will occupy a large amount of network bandwidth, thus affecting other network applications. In addition, Windows patches are not published together, may be released several times a few times, if manually download the update, will occupy the administrator and the user a lot of time.

Figure 3-1 Normal User upgrade method

WSUS is an enterprise-wide upgrade server that can download all Microsoft updates from the Microsoft Update site, while workstations are upgraded from the WSUS server (see Figure 3-2), which not only significantly reduces bandwidth consumption, but also manages workstations to "automatically" upgrade.

Figure 3-2 WSUS architecture

If your enterprise network is large and a WSUS server does not meet your needs, you can use a "multilevel" WSUS architecture that configures a "downstream" WSUS server for different networks, downloads updates from an upstream WSUS server, and an "upstream" WSUS server directly from Microsoft Update site download updates, as shown in 3-3.

Figure 3-3 multi-level WSUS architecture

3.2 Installation and configuration of WSUS 3.0

The WSUS 3.0 SP1 Installer can be downloaded from the following sites:

http://www.microsoft.com/downloads/zh-cn/details.aspx?familyid=f87b4c5e-4161-48af-9ff8-a96993c688df& Displaylang=zh-cn

When downloading, the file name Wsussetup_30sp1_x64.exe is the 64-bit version, the file name Wsussetup_30sp1_x86.exe is 32-bit version, please choose the appropriate version according to the product of the server operating system.

"description" While doing this experiment, because the WSUS server needs to download updates from Microsoft's Web site, make sure that the Windows 2008 virtual machine has access to the Internet and that users need to set up IP addresses and DNS in the virtual machine based on their own site conditions.

3.2.1 Installing the WSUS server

The WSUS server requires support for IIS with Microsoft. NET Framework 3.0. If you are installing a WSUS server, you first need to install IIS, the main steps are as follows:

(1) In the Server Manager dialog box, add features and select the. Net Framework 3.0 features check box in the Choose Features dialog box, as shown in 3-4.

Figure 3-4 Adding. Net Framework Features

(2) After installing the. Net Framework, add roles, install the IIS service, and select at least static content, ASP, 6.0 Management compatibility, Windows authentication services, and 3-5.

Figure 3-5 Installing IIS and its associated roles

After the. NET framework and IIS services have been installed, you can install WSUS 3.0 SP1, the main steps are as follows:

(1) Run the Setup program for WSUS 3.0 SP1, and enter the Installation wizard for WSUS 3.0 SP1, as shown in 3-6.

(2) in the Installation Mode selection dialog box, select the Include full server installation for Management Console radio button, and then click Next button, 3-7.

Figure 3-6 WSUS Setup Wizard Figure 3-7 installation mode selection

(3) In the License Agreement dialog box, select the I accept the terms of the License Agreement radio button, and then click the Next button, as shown in 3-8.

(4) In the use components required by the Manage UI dialog box, click the Next button, as shown in 3-9.

(5) In the Select Update Source dialog box, select the location where the WSUS update files are saved. By default, the installer automatically selects a partition with the largest space and is saved in the WSUS folder, as shown in 3-10.

(6) In the Database Options dialog box, select the file location where you saved the WSUS 3.0 database, as shown in 3-11.

Figure 3-8 "License Agreement" dialog box 3-9 using the components required to manage the UI

Figure 3-10 "Select Update Source" dialog box 3-11 "Database Options" dialog

(7) In the Site Selection dialog box, specify the Web site for the WSUS 3.0 service. If the server where WSUS 3.0 is installed is not intended for other purposes, you can select the use an existing IIS Default Web site radio button, so that all WSUS clients will use TCP's 80 port access and update patches, as shown in 3-12. If the IIS Default Web site for the server on which WSUS 3.0 is installed has other uses, you can select the Create Windows Server Update Services 3.0 SP1 Web site radio button so that all WSUS clients will access and update patches using TCP 8530 ports. As shown in 3-13. It is recommended to select the latter to create a separate administration site for the WSUS server.

Figure 3-12 Choosing the default figure 3-13 creating a Web site

(8) The installation information is displayed in the "Preparing to install Windows Server Update Services 3.0 SP1" dialog box, click the "Next" button to continue, as shown in 3-14.

(9) In the Completing the Windows Server Update Services 3.0 SP1 Setup Wizard dialog box, click the Finish button to complete the installation as shown in 3-15.

Figure 3-14 Show installation information Figure 3-15 installation complete

3.2.2 Configuration Wizard for WSUS 3.0

After you complete the WSUS installation, you first go to the Windows Server Update Services Configuration Wizard dialog box, which follows the configuration of the WSUS server side, in the following steps:

(1) Click the Finish button in Figure 3-15 to bring up the Windows Server Update Services Configuration Wizard dialog box, click the Next button in the Before you begin page, 3-16.

(2) in the Join Microsoft Update Improvement Program dialog box, choose whether to join the Microsoft Update Improvement Program as needed, as shown in 3-17.

Figure 3-16 Configuration Wizard Figure 3-17 Join the Microsoft Update Improvement Program

Regardless of whether you join the Microsoft Update Improvement Program, the use of WSUS 3.0 is not affected (in this case, the Microsoft Update Improvement Program is included).

(3) in the Select Upstream Server dialog box, select the upstream server from which the current WSUS server synchronizes. If this is a WSUS server on your network, select the "Synchronize from Microsoft Update" radio button, shown in 3-18. If an upstream WSUS server already exists in your network, select the Synchronize from another Windows Server Update Services server radio button, and in the Server Name text box, enter the IP address or computer name of the upstream WSUS server, and in the port number Enter the port number for the upstream WSUS server in the text box, as shown in 3-19 (in this case, synchronizing from Microsoft Update)

Figure 3-18 Synchronizing from Microsoft Update to figure 3-19 from another server

(4) In the Specify Proxy Server dialog box, set how the current WSUS server accesses the Internet. If the current computer needs to use a proxy server to access Microsoft Update (or the WSUS upstream server), select the use a proxy server when synchronizing check box and set the parameters for the proxy server correctly, if the current computer does not require a proxy server, leave the default value 3-20 (the proxy server is not used in this example).

(5) in the Connect to Upstream Server dialog box, click the Start Connection button, and the current WSUS server will get updated information from Microsoft Update (choose the setting shown in Figure 3-21) or the upstream server.

Figure 3-20 Specifying a proxy server figure 3-21 connecting Microsoft Update

When the connection is complete, click the Next button.

(6) In the Select Language dialog box, select the language you want (by default, select the language used by the current server, in this case "Chinese-simplified"), 3-22. If the current WSUS server is updated from an "upstream" WSUS server, "Download updates for all languages supported by the upstream server" or "Download updates for these languages only (the upstream server only supports languages marked with asterisks)", or if the current WSUS server is from the Microsoft Update updates, the download updates for all languages, including the new language, or download updates for these languages are displayed. Typically, you only have WSUS download updates in the same language as the WSUS server.

(7) In the Select Product dialog box, select the product updates that the current WSUS server will download. For administrators, you can choose from the Microsoft operating systems, servers, applications, and so on, that are installed on the network that you administer. In this case, because it is the management of the experiment, only virtual pc,3-23 is selected as shown.

Figure 3-22 Selecting a language figure 3-23 selecting a product

Description After you install WSUS, you can increase or decrease the selection of updated Microsoft products as needed at any time.

(8) In the Select Category dialog box, specify the update classifications to synchronize, as shown in 3-24.

(9) in the Set Synchronization Schedule dialog box, select the Auto Sync radio button to set how long the current WSUS server synchronizes with the upstream WSUS server. Typically, select the time that the network is idle, such as midnight per day, as shown in 3-25.

Figure 3-24 Selecting a product category Figure 3-25 setting the synchronization time

(10) In the Finish dialog box, select the start the Windows Server Update Services management Console check box, and uncheck the Start initial synchronization check box, as shown in 3-26.

(11) in the "Next Steps" dialog box, click the "Finish" button to complete the installation of WSUS, as shown in 3-27.

Figure 3-26 Complete dialog box 3-27 completing the installation of WSUS

The installation and configuration of the server-side WSUS upgrade server is basically complete, and the installation and configuration of the client are described below.

3.2.3 Configuring the WSUS server

In order for the WSUS server to "fully automatically" obtain updates and automatic approvals from Microsoft's update server, or to modify WSUS's update configuration, you can follow these steps:

(1) From Administrative Tools, execute Microsoft Windows Server Update Services 3.0 SP1, go to the WSUS administration console, select options in the left pane, and configure the WSUS server on the right. Click the "Auto-approval" link, shown in 3-28.

Figure 3-28 Automatic approval

(2) In the Automatic Approval dialog box, click the "Security updates, Critical Updates" link (see Figure 3-29), and in the "Select Update Category" dialog box that pops up, select "All categories", as shown in 3-30.

Figure 3-29 Modifying automatic approval Figure 3-30 selecting all Categories

Once set, click the OK button to return to the WSUS administration console. This way, the WSUS server will complete the automatic approval process later when updates are made to the WSUS server upstream update server or Microsoft Update server.

(3) After returning to the WSUS administration console, click on the "Update Files and Languages" link, as shown in 3-31.

Figure 3-31 Updating files and languages

(4) Open the Update Files and Languages dialog box, and on the Update Files tab, select the Download quick Install Files check box, as shown in 3-32. If you want to modify the update language, you can modify it in the "Update Language" tab, as shown in 3-33.

Figure 3-32 Download Quick Install file Figure 3-33 Update language

(5) After you return to the WSUS administration console, click the Products and classifications link to open the Products and Classifications dialog box, in the Products tab, specify the products that you want to synchronize updates, 3-34, and in the Classifications tab, specify the update classifications that you want to synchronize, as shown in 3-35.

Figure 3-34 New product Figure 3-35 Update Classification

(6) After Setup, click the server computer name in the left task pane, click the Sync now link on the right, and the WSUS server will start retrieving available updates from the Microsoft Update server and automatically download them, as shown in 3-36. The synchronization status is displayed in the synchronization status, the number of file updates that are currently required to download, the size of the downloaded update, the size of the update that needs to be downloaded, and the update port, server version, and so on for the current WSUS server are displayed in the download status.

More exciting on the 90 BBS: www.90wang.top

90 Network Forum volume of large favorably virtualized infrastructure Windows 2008 11-wsus Server installation and configuration