Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server Update Services
No matter the amount of network bandwidth available, WSUS offers features that allow you to shape the deployment to best fit your organization's needs. The decisions you make about how to synchronize with Microsoft Update have a dramatic effect on the efficient use of bandwidth. Use the following sections to understand WSUS features for managing bandwidth.
Deferring the Download of Updates
Filtering Updates
Using Express Installation Files
Background Intelligent Transfer Service
Deferring the Download of Updates
WSUS offers you the ability to download update metadata at a different time from the update itself during synchronizations. In this configuration, approving an update triggers the download of all the files used to install that particular update on a computer. This saves bandwidth and WSUS server disk space, because only updates that you approve for installation are downloaded in full to the WSUS server. You can test the files prior to deploying them on your network, and your client computers download the updates from the intranet. Microsoft recommends deferring the download of updates, since it makes optimal use of network bandwidth.
If you have a chain of WSUS servers, it is recommended that you do not chain them too deeply, for the following reasons:
For bandwidth savings, deferring downloads is particularly useful in conjunction with a special approval setting that only detects whether client computers require an update. With this kind of approval, the WSUS server does not download the update and clients do not install the update. Instead, clients just determine if they need the update. If they do, they send an event to the WSUS server, which is recorded in a server report. If you see that your clients require updates that were approved for detection, you can then approve them for installation.
This combination of deferring downloads and detection approvals allows an administrator to download only the updates required by the client computers that are connected to the WSUS server. WSUS allows you to automate this scenario by creating a rule on the WSUS server that automatically approves all new updates for detection. For more information about different types of approvals and creating automatic approval rules, refer to the Windows Server Update Services Operations Guide at http://technet2.microsoft.com/windowsserver/en/library/9b65850d-17a0-440e-9cad-2eb881011f5f1033.mspx?mfr=true.
If you chose to store updates locally during the WSUS setup process, deferred downloads are enabled by default. You can change this option manually. See Configure Advanced Synchronization Options for step-by-step procedures.
If you have a chain of WSUS servers, it is recommended that you do not chain them too deeply, for the following reasons:- In a chain of WSUS servers, WSUS automatically sets all downstream servers to use the deferred download option that is selected on the server directly connected to Microsoft Update. You cannot change this configuration. The entire chain of WSUS servers must either defer the download of updates or download both metadata and updates during synchronizations.
- If you have deferred downloads enabled and a downstream server requests an update that has not been approved on the upstream server, the downstream server’s request triggers a download on the upstream server. The downstream server then downloads the content on a subsequent synchronization, as shown in the "Deferred Downloads Using Multiple WSUS Servers" illustration. If you have a deep hierarchy of WSUS servers using deferred downloads, there is greater potential for delay as content is requested, downloaded, and then passed down the chain.
For bandwidth savings, deferring downloads is particularly useful in conjunction with a special approval setting that only detects whether client computers require an update. With this kind of approval, the WSUS server does not download the update and clients do not install the update. Instead, clients just determine if they need the update. If they do, they send an event to the WSUS server, which is recorded in a server report. If you see that your clients require updates that were approved for detection, you can then approve them for installation. This combination of deferring downloads and detection approvals allows an administrator to download only the updates required by the client computers that are connected to the WSUS server. WSUS allows you to automate this scenario by creating a rule on the WSUS server that automatically approves all new updates for detection. For more information about different types of approvals and creating automatic approval rules, refer to the Windows Server Update Services Operations Guide at http://technet2.microsoft.com/windowsserver/en/library/9b65850d-17a0-440e-9cad-2eb881011f5f1033.mspx?mfr=true.
If you chose to store updates locally during the WSUS setup process, deferred downloads are enabled by default. You can change this option manually. See Configure Advanced Synchronization Options for step-by-step procedures.
Filtering Updates
WSUS offers you the ability to choose only the updates your organization requires during synchronizations. You can limit synchronizations by language, product, and type of update.
In a chain of WSUS servers, WSUS automatically sets all downstream servers to use the update filtering options that are selected on the server directly connected to Microsoft Update. In other words, you can only set a filter for updates on the upstream server. You cannot change this configuration. The entire chain of WSUS servers must all use the same update filters.
By default WSUS downloads Critical and Security Updates for all Windows products in every language. Microsoft recommends that you limit languages to only those you need, to conserve bandwidth and disk space. To change language options, see Configure Advanced Synchronization Options. To change product and update classification options, see Select Products and Classifications.
In a chain of WSUS servers, WSUS automatically sets all downstream servers to use the update filtering options that are selected on the server directly connected to Microsoft Update. In other words, you can only set a filter for updates on the upstream server. You cannot change this configuration. The entire chain of WSUS servers must all use the same update filters.
By default WSUS downloads Critical and Security Updates for all Windows products in every language. Microsoft recommends that you limit languages to only those you need, to conserve bandwidth and disk space. To change language options, see Configure Advanced Synchronization Options. To change product and update classification options, see Select Products and Classifications.
Using Express Installation Files
The express installation files feature is an update distribution mechanism. You can use express installation files to limit the bandwidth consumed on your local network, but at the cost of bandwidth consumption on your Internet connection. By default, WSUS does not use express installation files. To better understand the tradeoff, you first have to understand how WSUS updates client computers.
Updates typically consist of new versions of files that already exist on the computer being updated. On a binary level these existing files might not differ very much from updated versions. The express installation files feature is a way of identifying the exact bytes that change between different versions of files, creating and distributing updates that include just these differences, and then merging the original file with the update on the client computer. Sometimes this is called delta delivery because it downloads only the difference, or delta, between two versions of a file.
When you distribute updates by using this method, it requires an initial investment in bandwidth. Express installation files are larger than the updates they are meant to distribute. This is because the express installation file must contain all the possible variations of each file it is meant to update.
The upper part of the "Express Installation Files Feature" illustration depicts an update being distributed by using the express installation files feature; the lower part of the illustration depicts the same update being distributed without using the express installation files feature. Notice that with express installation files enabled, you incur an initial download three times the size of the update. However, this cost is mitigated by the reduced amount of bandwidth required to update client computers on the corporate network. With express installation files disabled, your initial download of updates is smaller, but whatever you download must then be distributed to each of the clients on your corporate network.
The file sizes in the "Express Installation Files Feature" illustration are for illustrative purposes only. Each update and express installation file varies in size, depending on what files need to be updated. Further, the size of each file actually distributed to clients by using express installation files varies depending upon the state of the computer being updated.
Not all updates are good candidates for distribution using express installation files. If you select this option, you obtain express installation files for any updates being distributed this way. If you are not storing updates locally, you cannot use the express installation files feature. By default, WSUS does not use express installation files. To enable this option, see Configure Advanced Synchronization Options.
Updates typically consist of new versions of files that already exist on the computer being updated. On a binary level these existing files might not differ very much from updated versions. The express installation files feature is a way of identifying the exact bytes that change between different versions of files, creating and distributing updates that include just these differences, and then merging the original file with the update on the client computer. Sometimes this is called delta delivery because it downloads only the difference, or delta, between two versions of a file.
When you distribute updates by using this method, it requires an initial investment in bandwidth. Express installation files are larger than the updates they are meant to distribute. This is because the express installation file must contain all the possible variations of each file it is meant to update.
The upper part of the "Express Installation Files Feature" illustration depicts an update being distributed by using the express installation files feature; the lower part of the illustration depicts the same update being distributed without using the express installation files feature. Notice that with express installation files enabled, you incur an initial download three times the size of the update. However, this cost is mitigated by the reduced amount of bandwidth required to update client computers on the corporate network. With express installation files disabled, your initial download of updates is smaller, but whatever you download must then be distributed to each of the clients on your corporate network.
The file sizes in the "Express Installation Files Feature" illustration are for illustrative purposes only. Each update and express installation file varies in size, depending on what files need to be updated. Further, the size of each file actually distributed to clients by using express installation files varies depending upon the state of the computer being updated.  Important |
|---|
| Although there are some variables with express installation files, there are also some things you can count on. For example, express installation files are always bigger in size than the updates they are meant to distribute. As far as bandwidth goes, it is always less expensive to distribute updates using express installation files than to distribute updates without. |
Background Intelligent Transfer Service
WSUS uses Background Intelligent Transfer Service 2.0 (BITS) for all its file-transfer tasks, including downloads to clients and server synchronizations. BITS is a Microsoft technology that allows programs to download files by using spare bandwidth. BITS maintains file transfers through network disconnections and computer restarts. For more information about BITS, see the BITS documentation on the MSDN site at http://go.microsoft.com/fwlink/?LinkId=15106.
No comments:
Post a Comment