Difference Between an Upstream, Downstream and Disconnected Downstream Server

by | Published on 2020.02.12 | Blog

A basic WSUS deployment is composed of a single server within a corporate firewall which connects directly to Microsoft Update. In this simple configuration, updates are downloaded directly to the server. If your configuration includes multiple servers, you’ll have a hierarchy that will include an upstream server and downstream or disconnected downstream servers.

Upstream Server
An upstream server is at the top of the hierarchy and downloads directly from Microsoft Update.  The upstream server then passes on updates, approval statuses and computer groups down the line.

Downstream Server
A downstream server is a server that receives updates—not from Microsoft Update—but from a connected upstream server. There are two different downstream configurations:

Downstream Replica (Centralized Administration) – Replica servers inherit update approvals and are not administered separately from the upstream WSUS server. 

Downstream Autonomous (Distributed Administration) – The upstream server shares product and classification lists, and updates synchronization but downstream autonomous servers are administered separately and do not receive update approval status or computer group information. 

Disconnected Downstream Server
A WSUS upstream server can be connected to the Internet but isolated from the intranet. In this scenario, to update the downstream disconnected servers, the updates need to be exported and manually imported to the disconnected servers. 

The number of WAM licenses you’ll need depends on your WSUS configuration. For a simple WSUS setup, you only need a Single or Upstream License. For multiple servers, you’ll also need a Downstream License for each downstream replica or autonomous server. In a disconnected network, you’ll need a Single or Upstream license for each online WSUS staging server and a Disconnected Downstream license for each disconnected WSUS server that you export to. Learn more about WAM licensing.

Purchase WAM and save time on WSUS maintenance.

WAM was developed by AJ Tek and is used by system administrators worldwide—from Australia to Antarctica. With over 50,000 unique downloads, it’s the preferred method of WSUS maintenance worldwide. Our vision is to make IT simple and automated.

Follow AJ Tek on Facebook and LinkedIn for
updates on new releases and products.

 

Latest Blogs

Why Use WSUS?

Keeping your organization's computers up-to-date with the latest security patches is crucial. ...

read more
Microsoft Kills WSUS Driver Sync

Microsoft Kills WSUS Driver Sync

Microsoft has recently announced its plan to deprecate WSUS (Windows Server Update Services) driver synchronization, a helpful feature that IT administrators have used to manage and distribute driver updates across their networks. This decision has stirred discussions...

How to Get the Most Out of WSUS

How to Get the Most Out of WSUS

Keeping your organization's network secure and up-to-date requires constant vigilance. Patching software vulnerabilities is a crucial defense against cyberattacks, but managing updates across numerous devices can be a daunting task. Windows Server Update Services...

WAM 2024.07: Updates and Improvements

WAM 2024.07: Updates and Improvements

We're excited to announce the release of WAM 2024.07, packed with improvements designed to streamline your WSUS maintenance experience. This update tackles bugs, introduces new functionalities, and enhances existing features. Let's dive into the details: Bug Fixes:...