1 / 25

ADMINISTERING SOFTWARE UPDATE SERVICES

Chapter 8. ADMINISTERING SOFTWARE UPDATE SERVICES. OVERVIEW. Describe the role of Microsoft Software Update Services (SUS) on a network. List the benefits of clients connecting to a SUS server rather than to the Microsoft Windows Update servers.

kiona-burke
Download Presentation

ADMINISTERING SOFTWARE UPDATE SERVICES

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 8 ADMINISTERING SOFTWARE UPDATE SERVICES

  2. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES OVERVIEW • Describe the role of Microsoft Software Update Services (SUS) on a network. • List the benefits of clients connecting to a SUS server rather than to the Microsoft Windows Update servers. • Understand how to install SUS on a computer running Microsoft Windows Server 2003. • Understand the options available in configuring SUS.

  3. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES OVERVIEW (CONTINUED) • Describe how to install or deploy Automatic Updates for SUS clients. • Explain how to administer SUS and Automatic Updates. • Describe how to monitor, troubleshoot, back up, and restore SUS.

  4. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES HOT FIXES AND SERVICE PACKS • Service pack—A collection of patches and other updates that are tested and packaged as a single unit. • Hot fix—A single patch designed to address a specific issue.

  5. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES UNDERSTANDING SOFTWARE UPDATE SERVICES • Allows software updates to be downloaded once for the entire organization. • Provides administrative control over which updates are applied to clients. • Reduces Internet usage.

  6. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES INSTALLING SOFTWARE UPDATE SERVICESON COMPUTERS RUNNING WINDOWS SERVER 2003 • SUS is not included on the Windows Server 2003 distribution CD and must be downloaded from the Microsoft Web site. • SUS client components are already included on computers that are running Windows Server 2003 or Microsoft Windows XP Service Pack 1.

  7. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES SUS TOPOLOGY • SUS topology dictates how software updates are downloaded and distributed. • Four SUS topologies can be used: • Multiple-server • Strict parent/child • Loose parent/child • Test/production

  8. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES CONFIGURING AND ADMINISTERING SUS

  9. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES CONFIGURING SOFTWARE UPDATE SERVICES

  10. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES SYNCHRONIZING SOFTWARE UPDATE SERVICES

  11. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES APPROVING UPDATES

  12. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES THE AUTOMATIC UPDATES CLIENT

  13. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES DOWNLOAD BEHAVIOR • Automatic Updates supports two download behaviors: • Automatic—Updates are downloaded without notification to the user. • With notification—The Automatic Updates client waits for a user with Administrator credentials to log on before offering notification of available updates.

  14. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES INSTALLATION BEHAVIOR • If installation is configured to supply notification: • Nonadministrative users are not made aware of the update availability. • Administrative users can choose which updates will be installed. • If installation behavior is configured to be automatic: • Nonadministrative users cannot intervene in the update process. • Administrators can delay the installation process.

  15. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES CONFIGURING AUTOMATIC UPDATES THROUGH GROUP POLICY

  16. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES MONITORING SOFTWARE UPDATE SERVICES • On the server, SUS monitoring information can be viewed through: • Monitor Server page • Synchronization log • Approval log • Wutrack.bin file • On the client, SUS-related informationcan be viewed through the Windows Update log

  17. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES SOFTWARE UPDATE SERVICES SYSTEM EVENTS • SUS-generated events are written to the System log of Event Viewer at the following intervals: • Each time a synchronization is performed • When updates are approved

  18. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES TROUBLESHOOTING SOFTWAREUPDATE SERVICES • Reloading the memory cache • Restarting the Synchronization service • Restarting Microsoft Internet Information Services (IIS)

  19. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES SOFTWARE UPDATE SERVICES BACKUPAND RECOVERY • Like any other critical network service, SUS must be backed up for recovery purposes. • SUS server recovery requires a specific procedure to be followed.

  20. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES BACKING UP SOFTWARE UPDATE SERVICES • Performing a backup of SUS requires two steps: • Make a copy of the metabase using the IIS Manager console. • Back up the IIS and SUS components using a backup utility such as Ntbackup or a third-party product.

  21. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES SOFTWARE UPDATE SERVICESSERVER RECOVERY • Restoration of a SUS server requires a specific procedure to be followed. • If a certain step is unnecessary, you can skip it, but perform the remaining steps in sequence.

  22. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES DESIGNING A NETWORK SECURITY UPDATE INFRASTRUCTURE • A network security update infrastructure is a series of policies that are designed to help the network administrator perform the following tasks: • Determine which computers need to be updated. • Test update releases on multiple system configurations. • Determine when updates should be released. • Deploy update releases to large numbers of clients.

  23. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES USING MICROSOFT BASELINESECURITY ANALYZER

  24. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES SUMMARY • SUS is an intranet application that runs on IIS 6 (or on IIS 5 on a server running Windows 2000 Server or higher) and is administered through a Web-based administration site: http://SUS_servername/SUSAdmin. • The SUS server synchronizes information about critical updates and security rollups and allows an administrator to configure approval centrally for each update. • Automatic Updates, which runs on Windows 2000, Windows XP, and Windows Server 2003, is responsible for downloading and installing updates on the client.

  25. Chapter 8: ADMINISTERING SOFTWARE UPDATE SERVICES SUMMARY (CONTINUED) • Group Policy can be used to configure Automatic Updates to retrieve patches from a SUS server rather than from the Windows Update servers. Group Policy Objects (GPOs) can also drive the download, installation, and restart behavior of the client computers. • MBSA is a tool that scans computers on a network and examines them for security vulnerabilities, such as missing security updates, improper passwords, and account vulnerabilities.

More Related