250 likes | 390 Views
Chapter 8. ADMINISTERING SOFTWARE UPDATE SERVICES. OVERVIEW. Describe the role of Microsoft Software Update Services (SUS) on a network. List the benefits of clients connecting to a SUS server rather than to the Microsoft Windows Update servers.
E N D
Chapter 8 ADMINISTERING SOFTWARE UPDATE SERVICES
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES OVERVIEW • Describe the role of Microsoft Software Update Services (SUS) on a network. • List the benefits of clients connecting to a SUS server rather than to the Microsoft Windows Update servers. • Understand how to install SUS on a computer running Microsoft Windows Server 2003. • Understand the options available in configuring SUS.
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES OVERVIEW (CONTINUED) • Describe how to install or deploy Automatic Updates for SUS clients. • Explain how to administer SUS and Automatic Updates. • Describe how to monitor, troubleshoot, back up, and restore SUS.
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES HOT FIXES AND SERVICE PACKS • Service pack—A collection of patches and other updates that are tested and packaged as a single unit. • Hot fix—A single patch designed to address a specific issue.
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES UNDERSTANDING SOFTWARE UPDATE SERVICES • Allows software updates to be downloaded once for the entire organization. • Provides administrative control over which updates are applied to clients. • Reduces Internet usage.
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES INSTALLING SOFTWARE UPDATE SERVICESON COMPUTERS RUNNING WINDOWS SERVER 2003 • SUS is not included on the Windows Server 2003 distribution CD and must be downloaded from the Microsoft Web site. • SUS client components are already included on computers that are running Windows Server 2003 or Microsoft Windows XP Service Pack 1.
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES SUS TOPOLOGY • SUS topology dictates how software updates are downloaded and distributed. • Four SUS topologies can be used: • Multiple-server • Strict parent/child • Loose parent/child • Test/production
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES CONFIGURING AND ADMINISTERING SUS
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES CONFIGURING SOFTWARE UPDATE SERVICES
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES SYNCHRONIZING SOFTWARE UPDATE SERVICES
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES APPROVING UPDATES
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES THE AUTOMATIC UPDATES CLIENT
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES DOWNLOAD BEHAVIOR • Automatic Updates supports two download behaviors: • Automatic—Updates are downloaded without notification to the user. • With notification—The Automatic Updates client waits for a user with Administrator credentials to log on before offering notification of available updates.
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES INSTALLATION BEHAVIOR • If installation is configured to supply notification: • Nonadministrative users are not made aware of the update availability. • Administrative users can choose which updates will be installed. • If installation behavior is configured to be automatic: • Nonadministrative users cannot intervene in the update process. • Administrators can delay the installation process.
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES CONFIGURING AUTOMATIC UPDATES THROUGH GROUP POLICY
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES MONITORING SOFTWARE UPDATE SERVICES • On the server, SUS monitoring information can be viewed through: • Monitor Server page • Synchronization log • Approval log • Wutrack.bin file • On the client, SUS-related informationcan be viewed through the Windows Update log
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES SOFTWARE UPDATE SERVICES SYSTEM EVENTS • SUS-generated events are written to the System log of Event Viewer at the following intervals: • Each time a synchronization is performed • When updates are approved
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES TROUBLESHOOTING SOFTWAREUPDATE SERVICES • Reloading the memory cache • Restarting the Synchronization service • Restarting Microsoft Internet Information Services (IIS)
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES SOFTWARE UPDATE SERVICES BACKUPAND RECOVERY • Like any other critical network service, SUS must be backed up for recovery purposes. • SUS server recovery requires a specific procedure to be followed.
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES BACKING UP SOFTWARE UPDATE SERVICES • Performing a backup of SUS requires two steps: • Make a copy of the metabase using the IIS Manager console. • Back up the IIS and SUS components using a backup utility such as Ntbackup or a third-party product.
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES SOFTWARE UPDATE SERVICESSERVER RECOVERY • Restoration of a SUS server requires a specific procedure to be followed. • If a certain step is unnecessary, you can skip it, but perform the remaining steps in sequence.
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES DESIGNING A NETWORK SECURITY UPDATE INFRASTRUCTURE • A network security update infrastructure is a series of policies that are designed to help the network administrator perform the following tasks: • Determine which computers need to be updated. • Test update releases on multiple system configurations. • Determine when updates should be released. • Deploy update releases to large numbers of clients.
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES USING MICROSOFT BASELINESECURITY ANALYZER
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES SUMMARY • SUS is an intranet application that runs on IIS 6 (or on IIS 5 on a server running Windows 2000 Server or higher) and is administered through a Web-based administration site: http://SUS_servername/SUSAdmin. • The SUS server synchronizes information about critical updates and security rollups and allows an administrator to configure approval centrally for each update. • Automatic Updates, which runs on Windows 2000, Windows XP, and Windows Server 2003, is responsible for downloading and installing updates on the client.
Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES SUMMARY (CONTINUED) • Group Policy can be used to configure Automatic Updates to retrieve patches from a SUS server rather than from the Windows Update servers. Group Policy Objects (GPOs) can also drive the download, installation, and restart behavior of the client computers. • MBSA is a tool that scans computers on a network and examines them for security vulnerabilities, such as missing security updates, improper passwords, and account vulnerabilities.