WSUS Maintenance For Downstream Servers

by | Last updated 2022.06.20 | Published on 2022.06.22 | Blog

Maintaining your WSUS is a necessity in any server, as it ensures your system’s storage is not taken over by unnecessary, old, or superseded updates, keeps your system running smoothly, and helps your server to stay up-to-date through new Microsoft updates that are released monthly. This rule is no exception whether you have a downstream server or a disconnected one. But what are downstream or disconnected downstream servers and how do you most effectively and efficiently perform WSUS maintenance for them? Here’s what you need to know.

The Basics
A basic WSUS deployment is composed of a single server within a corporate firewall which connects directly to Microsoft Update. In this simple configuration, updates are downloaded directly to the server. If your configuration is more complex and includes multiple servers, you’ll have a hierarchy that will include an upstream server and downstream or disconnected downstream servers.

What Is A Downstream Server?
A WSUS system can be made up of one upstream server through which all WSUS updates are released for administrative approval and one or more servers that are connected underneath it that will automatically receive the update once approved by the administrator.

These servers underneath the upstream server are called downstream servers: When approving updates, everything that happens to the upstream server is eventually followed suit by the downstream server(s). When you perform WSUS maintenance on the system however, you should perform the maintenance from the bottom up, meaning from your downstream servers first and work your way up through to the upstream server. There are two types of downstream servers, this includes:

  1. Downstream Replica (Centralized Administration)

Replica servers automatically receive update approvals from the upstream server, meaning updates are not administered separately or autonomously.

  1. Downstream Autonomous (Distributed Administration)

While this downstream will share product and classification lists and information, however, they don’t automatically receive update approval status or computer group information.

What Does It Mean To Have A Disconnected Downstream Server?
A disconnected downstream service essentially happens when the upstream server is connected to the internet but not the intranet. This means that updates sent through to the upstream server must be manually exported from the upstream server and imported into the disconnected downstream servers by the system administrator (you).

How WAM Can Help
WAM works to help take your involvement from WSUS maintenance for downstream servers and automate it instead. This means that WAM will automatically delete old and superseded updates, and help to process individual updates from one server to another.

WAM can help automate your WSUS maintenance to make it so much easier for you to stop wasting time performing simple maintenance tasks and instead focus on what matters. WAM can be valuable to both downstream and disconnected downstream servers. Here’s how.

Downstream Servers
The number of WAM licences depends on how many servers are on your network. If you just have one server, then one Single or Upstream licence will be perfectly fine, however, if you have one upstream server and one or more downstream servers, you’re going to need individual licensing for each downstream or replica server.

Disconnected Downstream Servers
If your downstream server is disconnected, however, you’ll need a Single or Upstream licence for each online WSUS staging server and a Disconnected Downstream licence for each disconnected WSUS server that you export to.

Easily purchase WAM online and save time on WSUS maintenance.

At AJ Tek, our vision is to make IT simple and automated for other IT professionals. Our flagship product is WAM, WSUS Automated Maintenance. This system performs all of the tasks that a WSUS Administrator needs to do to maintain WSUS properly only leaving the approving of updates and reporting to the WSUS Administrator.

Connect with us on Facebook and LinkedIn for additional insights and advice.

Latest Blogs

New Version of WAM 2023.01

Another one! Here we are, 8 years from our launch and heading into 2023, still making WAM even...

read more
Windows 11 KB5031455 Moment 4 Update: Version 23H2

Windows 11 KB5031455 Moment 4 Update: Version 23H2

Windows 11, version 23H2, also known as the Windows 11 2023 Update, is now available through Windows Server Update Services (WSUS) and Windows Update for Business.  With Microsoft’s release of the Windows 11 Moment 4 Update comes 150 new features. It’s a cumulative...

Why KB-XXXXXXX Isn’t Showing Up in WSUS?

Why KB-XXXXXXX Isn’t Showing Up in WSUS?

KB stands for “Knowledge Base”. It’s a repository of articles that explain issues affecting Windows and other Microsoft products. Each security update begins with “KB” and refers to a specific Knowledge Base article. Each KB contains a number of updates and patches....