BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Windows Server Update Services is generally simple to deploy, but the update process can demand huge bandwidth...
commitments. This is especially true in large organizations with many systems to update. These commitments can cause unexpected performance hits to some bandwidth- or latency-sensitive applications.
Windows Server Update Services (WSUS) is a tool for administrators to manage patches and updates to Windows Server and the client operating system. WSUS features include an automatic download of updates by category, targeting updates to specific computers, and multiple language support.
The planning stage is an important part of WSUS deployment, and there are several ways to enhance WSUS performance.
First, delay downloads to the WSUS servers until the approval process is complete. This makes better use of bandwidth and storage space. For example, a hierarchical WSUS network would have the upstream parent WSUS server immediately synchronize updates and download the content from Microsoft Update, but defer the downloads to the downstream child WSUS servers -- this reduces the load on the network.
Next, take advantage of the filtering options to organize updates by topics such as classifications, languages or products. For example, administrators can configure WSUS servers to receive updates only for a certain version of Windows. Default updates involve Windows and Office, and the classifications are usually critical, security and definition updates. Administrators can adjust these factors to conserve bandwidth and storage space, thus improving WSUS performance.
If internal network bandwidth is critical or limited, use WSUS express installation files option. Update files are often almost identical to the older files they replace, and the express installation files option delivers only the bytes that have changed -- the delta or differential -- between versions. This option merges the existing file with the updated bytes to produce the update. However, express installation files are typically larger than individual updates because they cover every possible version of the file that needs the update. The WSUS performance benefit is lower local bandwidth usage, because just the delta is moved to the individual systems. However, the download and disk space is larger from Microsoft Update to the WSUS servers, so avoid this option if storage is the critical resource constraint.
Windows Server 2016 features focus on evolving IT landscape
Cloud architect Thomas Maurer speaks with SearchWindowsServer to discuss the new features in Windows Server 2016 and how to be ready for a cloud- and contained-dominated future. Click here for an edited transcript of the podcast.
Another way to improve WSUS performance from a network perspective is to configure WSUS servers in a hub-and-spoke topology, which is less sensitive to propagation issues and bottlenecks than a hierarchical topology. If the WSUS deployment will service mobile computers, use domain name system netmask ordering and have mobile computers gather updates from the geographically local WSUS server to lower latency.
Consider throttling and putting target systems into groups to limit bandwidth usage. For example, Background Intelligent Transfer Service throttling can help limit bandwidth to applications, and Internet Information Services throttling can limit bandwidth to web services. Also, IT can organize computers into client groups to stagger large rollouts between groups or group subsets, preventing one large hit to the network in a company-wide update.
New feature in Windows Server 2016 can reduce upgrade pain
How a WSUS server can help the update process
Techniques to troubleshoot Windows Update issues