SCCM Software Update PART 1 – Introduction to SCCM and WSUS

Updating of computer equipment is an aspect often overlooked by companies because there are too many constraints. It is necessary to manage downtime, while patches provide sometime malfunctions. However, updates computer equipment is a necessity for security. In this article series I will introduce you how to update your computers limiting constraints with SCCM Software update.

WSUS

WSUS (Windows Server Update Service) is a role that provides a central management point for Microsoft Update. Thanks to WSUS, all servers no longer need to connect to Microsoft Update to download patches and hotfix. WSUS is in charge of downloading updates and distribute them on different machines.

Because there are a lot of updates for several products, downloading updates is performed according to some rules such as classification, languages or products.

However WSUS can’t be used alone in a big IT infrastructure requiring automation. This product doesn’t have a granular scheduler to deploy update. This is why SCCM is used with WSUS.

 SCCM and WSUS

SCCM has a system role called Software Update Point (SUP). This role has to be installed on WSUS server. When it is set, SCCM can manage updates catalog and binaries to make updates packages. Such as WSUS, packages can be created regarding to classification, products, languages of the update (this is not an exhaustive list). Once these updates packages is created, it can be deployed with SCCM and use its powerful scheduler:

WSUS-SCCM01

  1. WSUS downloads updates catalog and update binaries when SCCM requests them.
  2. Primary site configures himself WSUS role. When it is done, Primary site synchronizes updates catalog and requests binaries when the update package is creating.
  3. Once an update package is created, it is deployed on Deployment Point
  4. Managed servers download this package and install it regarding to maintenance period and scheduling configured on Primary Site.
  5. Before installing updates, managed servers download update catalog from WSUS to validate them.

Below the network flow according to above schema:

WSUS-SCCM02

Regarding the storage part, when WSUS is added to SCCM, it no longer stores the binary files on its own store. Binaries are on SCCM content store. However WSUS still needs a database to store update catalog.

WSUS-SCCM03

 On the next part, I will present the configuration of an SUP point. WSUS and SCCM are installed on the same machine. But it is the same process when WSUS is installed on another server. After integration of WSUS in SCCM hierarchy, I will deploy updates by two different methods:

  • Create packages and deploy it manually
  • Automatic Deployment rules

Once SUP is configured correctly, the catalog of updates appears in SCCM console. A filter can be created regarding some criteria (classification, updates id, products etc.). Then updates can be added to a package and can be deployed. The deployment scheduling is configured manually. Then managed servers install updates in their maintenance period. This method is very useful on complex environment such as Exchange or Hyper-V cluster where patching should be orchestrated (move Virtual Machines or databases before patching etc.). The package can be used with System Center Orchestrator to be deployed and orchestrate patching.

Moreover the Cluster-Aware Updating is not compatible with software update from SCCM. An Orchestrator runbook should be created for this task. This is why it is possible to create a package manually and then deploy this last.

Automatic Deployment rules feature provides automatic creation and deployment of updates packages. The package creation can be scheduled (such as every second Tuesday of each month) and the choice of updates is made in function of some criteria (classification, updates id, products etc.). Once the package is created, it is automatically deployed in function of scheduling configuration. Then managed servers install updates in their maintenance period. This method should be used on mockup or simple environment.

About Romain Serre

Romain Serre works in Lyon as a Senior Consultant. He is focused on Microsoft Technology, especially on Hyper-V, System Center, Storage, networking and Cloud OS technology as Microsoft Azure or Azure Stack. He is a MVP and he is certified Microsoft Certified Solution Expert (MCSE Server Infrastructure & Private Cloud), on Hyper-V and on Microsoft Azure (Implementing a Microsoft Azure Solution).

One comment

  1. Thanks for the great information
    I have 20 countries in Africa with poor bandwidth. I need WSUS to collect all the updates and then it would be great if SCCm could manage and get WSUS on the local site to deploy the updates. Is that possible..Its too much work / cost to install sccm at each location in Africa

    Any ideas

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

x

Check Also

SCCM 2012 R2 Primary Site Installation

This part covers the first SCCM Primary Site installation.   In Part 1, SCCM Prerequisites ...

SCCM 2012 R2 SQL Server Installation-Configuration

This part covers the SQL Server installation and configuration for a SCCM 2012 R2 environment. ...

SCCM 2012 R2 Environment Preparation Requirements

This article covers the installation on a SCCM 2012 R2 environment for Computer management (OS ...