MSDN Library

17.2 Windows Server Update Services Protocols Functionality

This section describes basic Windows Server Update Services protocols concepts and provides some background for the WSUS model.

The WSUS family of protocols provides support for central publication and distribution of software components and software updates from server machines to client machines, and for the hierarchical synchronization of available software components between servers.

WSUS management infrastructure includes the following functionality:

  • Microsoft Update - The Microsoft website that distributes updates for Microsoft products.

  • WSUS server - The server component that is installed on a computer running Microsoft Windows Server 2003 or 2008 operating system (OS) inside a corporate firewall. WSUS server software enables administrators to manage and distribute updates through an administrative console, which can be used to manage any WSUS server in any domain with which it has a trust relationship. A WSUS server can obtain updates either from Microsoft Update or from another WSUS server, but at least one WSUS server in the network must connect to Microsoft Update to get available updates. The administrator can decide how many WSUS servers should connect directly to Microsoft Update, based on network configuration, bandwidth, and security considerations. These servers can then distribute updates to other downstream WSUS servers.

  • Automatic Updates - The client computer component built into Windows OSs. Automatic Updates enables both server and client computers to receive updates either from Microsoft Update or from a WSUS server.

  • Software updates - includes:

    1. Update files - The actual files that are installed on client computers.

    2. Update metadata - The information needed to perform the installation. This includes (i) update properties (title, description, Knowledge Base article, Microsoft Security Response Center number) and (ii) applicability rules (used by Automatic Updates to determine whether or not the update is needed on a particular computer).

  • Installation information - Command-line options to apply when installing the updates.

Update files and Update metadata can be downloaded independently of each other. For example, WSUS can be configured so that it will not store updates locally, meaning that only update metadata (and any applicable Microsoft Software License Terms) will be downloaded to the WSUS server; clients will get their update files directly from Microsoft Update. If updates are stored locally on the WSUS server, a Windows client can either download everything at the time of synchronization, or download only the metadata during the synchronization, leaving the actual update files to be downloaded after the update is approved.

When updates are synchronized to the WSUS server, the metadata and update files are stored in two separate locations. Metadata is stored in the WSUS database. Update files can be stored either on the WSUS server or on Microsoft Update servers, depending on how the synchronization options have been configured. If the update files are stored on Microsoft Update servers, only metadata is downloaded at the time of synchronization, and updates are approved through the WSUS console. Client computers then get the update files directly from Microsoft Update at the time of installation. WSUS may be configured to deliver specific updates to target groups of computers, according to each group's update settings.

The Implementation Scenarios section, later in this document, provides examples that illustrate the interaction of some of the protocols in two sample configurations.

© 2016 Microsoft