Maintaining your WSUS is a necessity in any server, as it ensures your system’s storage is not taken over by unnecessary, old, or superseded updates, keeps your system running smoothly, and helps your server to stay up-to-date through new Microsoft updates that are released monthly. This rule is no exception whether you have a downstream server or a disconnected one. But what are downstream or disconnected downstream servers and how do you most effectively and efficiently perform WSUS maintenance for them? Here’s what you need to know.
A basic WSUS deployment is composed of a single server within a corporate firewall which connects directly to Microsoft Update. In this simple configuration, updates are downloaded directly to the server. If your configuration is more complex and includes multiple servers, you’ll have a hierarchy that will include an upstream server and downstream or disconnected downstream servers.
What Is A Downstream Server?
A WSUS system can be made up of one upstream server through which all WSUS updates are released for administrative approval and one or more servers that are connected underneath it that will automatically receive the update once approved by the administrator.
These servers underneath the upstream server are called downstream servers: When approving updates, everything that happens to the upstream server is eventually followed suit by the downstream server(s). When you perform WSUS maintenance on the system however, you should perform the maintenance from the bottom up, meaning from your downstream servers first and work your way up through to the upstream server. There are two types of downstream servers, this includes:
- Downstream Replica (Centralized Administration)
Replica servers automatically receive update approvals from the upstream server, meaning updates are not administered separately or autonomously.
- Downstream Autonomous (Distributed Administration)
While this downstream will share product and classification lists and information, however, they don’t automatically receive update approval status or computer group information.
What Does It Mean To Have A Disconnected Downstream Server?
A disconnected downstream service essentially happens when the upstream server is connected to the internet but not the intranet. This means that updates sent through to the upstream server must be manually exported from the upstream server and imported into the disconnected downstream servers by the system administrator (you).
How WAM Can Help
WAM works to help take your involvement from WSUS maintenance for downstream servers and automate it instead. This means that WAM will automatically delete old and superseded updates, and help to process individual updates from one server to another.
WAM can help automate your WSUS maintenance to make it so much easier for you to stop wasting time performing simple maintenance tasks and instead focus on what matters. WAM can be valuable to both downstream and disconnected downstream servers. Here’s how.
The number of WAM licences depends on how many servers are on your network. If you just have one server, then one Single or Upstream licence will be perfectly fine, however, if you have one upstream server and one or more downstream servers, you’re going to need individual licensing for each downstream or replica server.
Disconnected Downstream Servers
If your downstream server is disconnected, however, you’ll need a Single or Upstream licence for each online WSUS staging server and a Disconnected Downstream licence for each disconnected WSUS server that you export to.
At AJ Tek, our vision is to make IT simple and automated for other IT professionals. Our flagship product is WAM, WSUS Automated Maintenance. This system performs all of the tasks that a WSUS Administrator needs to do to maintain WSUS properly only leaving the approving of updates and reporting to the WSUS Administrator.