Author      Lawrence Garvin, WSUS MVPWSUS Deployment onWindows Server® 2008
Agenda  Part 1 – General considerations     »   Documentation review     »   General considerations for deployment     » ...
Agenda – Part 1  Part 1 – General considerations     »   Documentation review     »   Windows® vs SQL Server® Express    ...
General Considerations  Documentation review    »   http://go.microsoft.com/fwlink/?LinkId=71268    »   http://go.microso...
General Considerations Windows Internal Database vs SQL Server Express Edition     SQL Express limited to 1 CPU     SQL ...
General Considerations Considerations for using a remote database server    Enterprise database server with DBA already e...
General Considerations Requirements for remote database server   Database Server cannot be Domain Controller   Web serve...
General Considerations Installation prerequisites for Windows Server 2008  .NET Framework is already installed  DO NOT I...
General Considerations Internet Information Services v7  Application Server Role is NOT required  Web Server Role with t...
General Considerations  Internet Information Services v7
General Considerations  Internet Information Services v7
General Considerations Internet Information Services v7  Web Server Role with the following role services:     » Common H...
General Considerations  Internet Information Services v7
General Considerations Internet Information Services v7  Web Server Role with the following role services:     » Common H...
General Considerations  Internet Information Services v7
General Considerations  Internet Information Services v7
General Considerations  Internet Information Services v7
General Considerations Internet Information Services v7  Web Server Role with the following role services:     » Common H...
General Considerations  Internet Information Services v7
General Considerations Internet Information Services v7  Web Server Role with the following role services:     » Common H...
General Considerations  Internet Information Services v7
General Considerations  Internet Information Services v7
Agenda – Part 2  Part 2 – Installation     »   Installation on disconnected server     »   Installation on connected serv...
Installation Services Disconnected – Standalone Installer  Server does not have Internet access  Network does not have I...
Installation  Disconnected – Standalone Installer
Installation Scenarios Connected – Server Manager Role  Available Internet connection or local WSUS Server  If WSUS Serv...
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Installation  Connected – Server Manager Role
Migration  Step 1: Install new server as replica of live server.  Step 2: Perform initial synchronization to replicate  ...
Migration
Migration
Migration  Step 1: Install new server as replica of live server.  Step 2: Perform initial synchronization to replicate  ...
Migration
Migration  Step 1: Install new server as replica of live server.  Step 2: Perform initial synchronization to replicate  ...
Migration
Migration
Migration
Migration  Step 1: Install new server as replica of live server.  Step 2: Perform initial synchronization to replicate  ...
Migration
Migration  Step 1: Install new server as replica of live server.  Step 2: Perform initial synchronization to replicate  ...
Migration
Migration  Step 1: Install new server as replica of live server.  Step 2: Perform initial synchronization to replicate  ...
Migration Client-side targeting  Reconfigure Group Policy to point to new server.  Clients will automatically register w...
Migration Server-side targeting  Migrate computers from original server to new   server using the free WSUS Computer Migr...
Upgrade In-Place  The OS upgrade does work!  32-bit upgrade only     » Win2003SP2 to Win2008SP2  Win2008SP2 installs II...
Helpful Resources Did you know you can extend WSUS to update     3rd party applications & report on patch  compliance with...
Author: Lawrence Garvin, WSUS MVP                                                Thank You!     Feedback or questionslawre...
Upcoming SlideShare
Loading in …5
×

WSUS Deployment on Windows Server 2008

3,848 views

Published on

For more information on Patch Manager, visit: http://www.solarwinds.com/patch-manager.aspx

This two-part presentation will cover how to do WSUS Deployment on Windows Server 2008.

Part 1 – General considerations:
• Documentation review
• General considerations for deployment
• Local database vs Remote database
• Installation prerequisites

Part 2 – Installation:
• Installation on connected server
• Installation on disconnected server
• Migrating existing WSUS server
• Upgrade existing WSUS server

Published in: Technology

WSUS Deployment on Windows Server 2008

  1. 1. Author Lawrence Garvin, WSUS MVPWSUS Deployment onWindows Server® 2008
  2. 2. Agenda  Part 1 – General considerations » Documentation review » General considerations for deployment » Local database vs Remote database » Installation prerequisites  Part 2 – Installation » Installation on connected server » Installation on disconnected server » Migrating existing WSUS server » Upgrade existing WSUS server
  3. 3. Agenda – Part 1  Part 1 – General considerations » Documentation review » Windows® vs SQL Server® Express » Local vs Remote database » Installation prerequisites
  4. 4. General Considerations  Documentation review » http://go.microsoft.com/fwlink/?LinkId=71268 » http://go.microsoft.com/fwlink/?LinkId=139840 » http://go.microsoft.com/fwlink/?LinkId=71266 » http://go.microsoft.com/fwlink/?LinkId=71267 » http://go.microsoft.com/fwlink/?LinkId=79983 » http://go.microsoft.com/fwlink/?LinkId=139828 » http://technet.microsoft.com/en- us/library/dd939796(WS.10).aspx
  5. 5. General Considerations Windows Internal Database vs SQL Server Express Edition  SQL Express limited to 1 CPU  SQL Express limited to 1GB RAM  SQL 2005 Express limited to 4GB database size  SQL 2008 R2 Express limited to 10GB database size  Windows Internal Database not limited at all ! ! !
  6. 6. General Considerations Considerations for using a remote database server  Enterprise database server with DBA already exists  Single-server deployment for more than 3,000 clients  Front-end will run on shared web server  Front-end will run as a Virtual Machine  Requires SQL Server license  Requires SQL Server CALs for every client system
  7. 7. General Considerations Requirements for remote database server  Database Server cannot be Domain Controller  Web server cannot be running Terminal Services (AppMode)  Database Server must support Windows Authentication  Database Server must have Nested Triggers option enabled  Database Server and Web Server must be member of the same domain, or a cross-domain trust must be established  Account used to install WSUS must have access to Master database on remote database server to create SUSDB database
  8. 8. General Considerations Installation prerequisites for Windows Server 2008  .NET Framework is already installed  DO NOT INSTALL .NET Framework v4.0 on a WSUS Server!!!  Report Viewer 2008 SP1 Redistributable  Internet Information Services v7
  9. 9. General Considerations Internet Information Services v7  Application Server Role is NOT required  Web Server Role with the following role services: » Common HTTP Features (including Static Content) » ASP.NET, ISAPI Extensions, and ISAPI Features (under Application Development) » Windows Authentication (under Security) » IIS Metabase Compatibility (under Management Tools, expand IIS 6 Management Compatibility)
  10. 10. General Considerations  Internet Information Services v7
  11. 11. General Considerations  Internet Information Services v7
  12. 12. General Considerations Internet Information Services v7  Web Server Role with the following role services: » Common HTTP Features (including Static Content) » ASP.NET, ISAPI Extensions, and ISAPI Features (under Application Development) » Windows Authentication (under Security) » IIS Metabase Compatibility (under Management Tools, expand IIS 6 Management Compatibility)
  13. 13. General Considerations  Internet Information Services v7
  14. 14. General Considerations Internet Information Services v7  Web Server Role with the following role services: » Common HTTP Features (including Static Content) » ASP.NET, ISAPI Extensions, and ISAPI Features (under Application Development) » Windows Authentication (under Security) » IIS Metabase Compatibility (under Management Tools, expand IIS 6 Management Compatibility)
  15. 15. General Considerations  Internet Information Services v7
  16. 16. General Considerations  Internet Information Services v7
  17. 17. General Considerations  Internet Information Services v7
  18. 18. General Considerations Internet Information Services v7  Web Server Role with the following role services: » Common HTTP Features (including Static Content) » ASP.NET, ISAPI Extensions, and ISAPI Features (under Application Development) » Windows Authentication (under Security) » IIS Metabase Compatibility (under Management Tools, expand IIS 6 Management Compatibility)
  19. 19. General Considerations  Internet Information Services v7
  20. 20. General Considerations Internet Information Services v7  Web Server Role with the following role services: » Common HTTP Features (including Static Content) » ASP.NET, ISAPI Extensions, and ISAPI Features (under Application Development) » Windows Authentication (under Security) » IIS Metabase Compatibility (under Management Tools, expand IIS 6 Management Compatibility)
  21. 21. General Considerations  Internet Information Services v7
  22. 22. General Considerations  Internet Information Services v7
  23. 23. Agenda – Part 2  Part 2 – Installation » Installation on disconnected server » Installation on connected server » Migrating existing WSUS server » Upgrade existing WSUS server
  24. 24. Installation Services Disconnected – Standalone Installer  Server does not have Internet access  Network does not have Internet connection  Download standalone installer from Microsoft » WSUS30-KB972455-x64.exe (Win2008R2) » WSUS30-KB972455-x32.exe (Win2008SP2) » http://go.microsoft.com/fwlink/?LinkId=161140  Standalone installer will install WSUS as a Role  Web Server role service “Dynamic Content Compression” should be enabled prior to installing WSUS from standalone installer
  25. 25. Installation  Disconnected – Standalone Installer
  26. 26. Installation Scenarios Connected – Server Manager Role  Available Internet connection or local WSUS Server  If WSUS Server is being used, the WSUS 3 SP2 Dynamic Installer (KB972493) must be Approved for Installation for the target group in which the Windows Server 2008 server is a member.  Downloads installer package from WSUS or Microsoft Update, depending on how Windows Update Agent is configured.  IIS7 must be pre-installed from Server Manager
  27. 27. Installation  Connected – Server Manager Role
  28. 28. Installation  Connected – Server Manager Role
  29. 29. Installation  Connected – Server Manager Role
  30. 30. Installation  Connected – Server Manager Role
  31. 31. Installation  Connected – Server Manager Role
  32. 32. Installation  Connected – Server Manager Role
  33. 33. Installation  Connected – Server Manager Role
  34. 34. Installation  Connected – Server Manager Role
  35. 35. Installation  Connected – Server Manager Role
  36. 36. Installation  Connected – Server Manager Role
  37. 37. Installation  Connected – Server Manager Role
  38. 38. Installation  Connected – Server Manager Role
  39. 39. Installation  Connected – Server Manager Role
  40. 40. Installation  Connected – Server Manager Role
  41. 41. Installation  Connected – Server Manager Role
  42. 42. Installation  Connected – Server Manager Role
  43. 43. Installation  Connected – Server Manager Role
  44. 44. Installation  Connected – Server Manager Role
  45. 45. Migration  Step 1: Install new server as replica of live server.  Step 2: Perform initial synchronization to replicate metadata, target groups, approvals, and content.  Step 3: Verify all synchronization activity and file downloads are completed.  Step 4: Reconfigure new server as upstream.  Step 5: Synchronize with Microsoft.  Step 6: Verify that the new WSUS server can detect, download, and install updates from itself.
  46. 46. Migration
  47. 47. Migration
  48. 48. Migration  Step 1: Install new server as replica of live server.  Step 2: Perform initial synchronization to replicate metadata, target groups, approvals, and content.  Step 3: Verify all synchronization activity and file downloads are completed.  Step 4: Reconfigure new server as upstream.  Step 5: Synchronize with Microsoft.  Step 6: Verify that the new WSUS server can detect, download, and install updates from itself.
  49. 49. Migration
  50. 50. Migration  Step 1: Install new server as replica of live server.  Step 2: Perform initial synchronization to replicate metadata, target groups, approvals, and content.  Step 3: Verify all synchronization activity and file downloads are completed.  Step 4: Reconfigure new server as upstream.  Step 5: Synchronize with Microsoft.  Step 6: Verify that the new WSUS server can detect, download, and install updates from itself.
  51. 51. Migration
  52. 52. Migration
  53. 53. Migration
  54. 54. Migration  Step 1: Install new server as replica of live server.  Step 2: Perform initial synchronization to replicate metadata, target groups, approvals, and content.  Step 3: Verify all synchronization activity and file downloads are completed.  Step 4: Reconfigure new server as upstream.  Step 5: Synchronize with Microsoft.  Step 6: Verify that the new WSUS server can detect, download, and install updates from itself.
  55. 55. Migration
  56. 56. Migration  Step 1: Install new server as replica of live server.  Step 2: Perform initial synchronization to replicate metadata, target groups, approvals, and content.  Step 3: Verify all synchronization activity and file downloads are completed.  Step 4: Reconfigure new server as upstream.  Step 5: Synchronize with Microsoft.  Step 6: Verify that the new WSUS server can detect, download, and install updates from itself.
  57. 57. Migration
  58. 58. Migration  Step 1: Install new server as replica of live server.  Step 2: Perform initial synchronization to replicate metadata, target groups, approvals, and content.  Step 3: Verify all synchronization activity and file downloads are completed.  Step 4: Reconfigure new server as upstream.  Step 5: Synchronize with Microsoft.  Step 6: Verify that the new WSUS server can detect, download, and install updates from itself.
  59. 59. Migration Client-side targeting  Reconfigure Group Policy to point to new server.  Clients will automatically register with the new server in their correct groups
  60. 60. Migration Server-side targeting  Migrate computers from original server to new server using the free WSUS Computer Migrator tool • https://www.eminentware.com/cs2008/media/p/430.aspx  Reconfigure Group Policy to point to new server
  61. 61. Upgrade In-Place  The OS upgrade does work!  32-bit upgrade only » Win2003SP2 to Win2008SP2  Win2008SP2 installs IIS7 with ALL Role Services! » This may be problematic; whether WSUS has actually been tested with ALL role services installed is unknown. » So, while the upgrade is successful, it is indeterminate whether the WSUS Server will continue to function at full capacity and functionality. » TESTING is highly recommended prior to upgrading a Production server.  Did not test Win2003 x64 to Win2008 R2 upgrade.
  62. 62. Helpful Resources Did you know you can extend WSUS to update 3rd party applications & report on patch compliance with SolarWinds Patch Manager Watch Video Test Drive Live Demo Ask Our Community Download 30-day Free Trial Click any of the links above - Slide 62 -
  63. 63. Author: Lawrence Garvin, WSUS MVP Thank You! Feedback or questionslawrence.garvin@solarwinds.com

×