Hi there,
I am currently upgrading our WSUS solution to version 3 and while I was doing this I wanted to improve our setup to conserve bandwidth on our MPLS network.
http://img291.imageshack.us/my.php?image=presentation1kg1.jpg
As you'll see, from my rather rubbish diagram, we have a data centre with an internet breakout. The problem with this setup is that the WAN link from there to our main office is very slow and doesn't cope well with all our remote sites connected to it for citrix, internet, email and other services.
Our current WSUS solution is simply a single server at our main office which means all updates for remote clients have to go over the slow WAN link. These remote users float from site to site with laptops and quite often come to the main office as well.
Now I want authorise updates on the WSUS server at the data centre, and sync the updates overnight with a downstream server at the main office. The replica at the main office will then distribute update to computers at the main office, and the main WSUS server at the data centre will take care of people at the remote sites.
I think I can do this by linking a gpo to our site objects in AD. We have a site setup in AD with all the remote sites and one for our main office. These sites use different subnets and have metric information meaning that computers know which site they will get the best response from.
Now what worries me is that I can't see this approach documented anywhere, which means A - it won't work or B - there's a better way of doing it. I looked into the DNS and round robin method but that would still leave us with traffic going over the WAN link unless I've missed something.
Also I want to enable BITS peer caching but I can't see the setting in AD, do I need a new template?
Thanks
Steve
I am currently upgrading our WSUS solution to version 3 and while I was doing this I wanted to improve our setup to conserve bandwidth on our MPLS network.
http://img291.imageshack.us/my.php?image=presentation1kg1.jpg
As you'll see, from my rather rubbish diagram, we have a data centre with an internet breakout. The problem with this setup is that the WAN link from there to our main office is very slow and doesn't cope well with all our remote sites connected to it for citrix, internet, email and other services.
Our current WSUS solution is simply a single server at our main office which means all updates for remote clients have to go over the slow WAN link. These remote users float from site to site with laptops and quite often come to the main office as well.
Now I want authorise updates on the WSUS server at the data centre, and sync the updates overnight with a downstream server at the main office. The replica at the main office will then distribute update to computers at the main office, and the main WSUS server at the data centre will take care of people at the remote sites.
I think I can do this by linking a gpo to our site objects in AD. We have a site setup in AD with all the remote sites and one for our main office. These sites use different subnets and have metric information meaning that computers know which site they will get the best response from.
Now what worries me is that I can't see this approach documented anywhere, which means A - it won't work or B - there's a better way of doing it. I looked into the DNS and round robin method but that would still leave us with traffic going over the WAN link unless I've missed something.
Also I want to enable BITS peer caching but I can't see the setting in AD, do I need a new template?
Thanks
Steve
Last edited:
