Post by ArheniusI have a question around guidance/documentation around how WSUS should be
setup for an environment with multiple security zones.
Ie. should I have a WSUS server in each zone
or
have one (or number determined by load) WSUS that provides updates to
multiple zones and if so how do I manage the risk of this server being used
to bridge the zones.
any help will be much appreciated
Security Zones, Sites, Domains, Forests... etc, are all pretty much
irrelevant to WSUS deployment.
What's relevant to WSUS deployment is:
[a] the number of managed clients at each physical location
[b] the available bandwidth between the WSUS server and those physical
location(s)
If a physical location has a significant number of managed systems and an
existing server infrastructure, you should consider deploying a downstream
server in that location.
If a physical location does not have sufficient available bandwidth to
provide at least 5kbit/sec of bandwidth to each managed system during
non-working hours, then you should consider deploying a downstream server in
that location.
If a physical location or organizational group has a significantly different
set of update services requirements than the central site, e.g. language or
product differences, then you should consider deploying a downstream server
to meet the special needs of that location or group.
--
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2010)
My Blog: http://onsitechsolutions.spaces.live.com
Microsoft WSUS Website: http://www.microsoft.com/wsus
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin