Jason Sandys Principal Consultant Catapult Systems UDB405 Overview Infrastructure Requirements and Operations Update Deployment Client Functionality User Experience Dos and Donts Software Update considerations ID: 416802
Download Presentation The PPT/PDF document "Software Updates Zen" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1Slide2
Software Updates Zen
Jason SandysPrincipal ConsultantCatapult Systems
UD-B405Slide3
Overview
Infrastructure Requirements and OperationsUpdate DeploymentClient Functionality
User Experience
Dos and Don’tsSlide4
Software Update considerations
Define service level agreement with the “business”Include test and pilot phases
Understand the implications of rebooting and not rebooting
Know system dependencies and design with them in mind
Account
for expectations
Document the process
Automate the processSlide5
Infrastructure Requirements and OperationsSlide6
Requires Windows Server Update Services (WSUS)
Must be on the top-level site and all primary sites where you wish to manage updates on clientsOnly manages the software update catalog (and EULAs)
Does not download or distri
b
ute update binaries to clients
The Software Update PointSlide7
Windows Update / Microsoft Update (WU/MU)
Updated twice a month (normally)Does not contain every possible Microsoft UpdateThe Windows Update CatalogSlide8
The update catalog in a hierarchy
WSUS
SUP
WSUS
Microsoft
WSUS
SUP
Parent
Child
DB
DB
Using an upstream WSUS server in new in 2012 SP1
Clients
Clients
Parent can be a CAS (no clients) or a primary site
Child can be a primary (if the parent is a CAS) or a secondarySlide9
Multiple SUPs
New for 2012 SP1Replaces Network Load BalancingIs for availability and cross forest scenarios only
SUP selection by client is random and not location aware
Failover based on four unsuccessful scan attempts
Clients do not failbackSlide10
Multiple SUPs in a primary site
WSUS
SUP
WSUS
Microsoft
WSUS
SUP
SUP 1
SUP 2
WSUS
DB
ClientsSlide11
Update binaries
Updates download by clients from DPs (like all content in ConfigMgr)Clients only download assigned and applicable updates
Client pre-cache binaries for required updatesSlide12
Update binary flow
Site
Server
Microsoft
Clients
DP
Console
Content
Library
Update
Package
Source
Folder
ADR
ManualSlide13
Update DeploymentSlide14
Update ObjectsSlide15
Automated Deployment Rules (ADR)
ADRs create or updateSoftware Update Groups
Update Deployments
Update Packages
ADRs do not deploy/install/distribute updates
ADRs run on a schedule (or manually)
ADRs automate the grunt workSlide16
ADR CreationSlide17
ADR Limitations
Cannot change an ADR’s update package (in the UI)
ADR search criteria is not as rich as console searching
ADRs create mandatory deployments only
ADRs only create or update one deployment
ADRs do not deploy updatesSlide18
Update schedulingSlide19
Update scheduling examples
Group A
Group B
Exceptions
No maintenance windows
Software
Update
Group(s)
Deployments
Group A
Group B
Exceptions
Deployment
Master
Limited
Maintenance windows
Maintenance windows appliedSlide20
How many (general guidelines)?
There is no relationship between Software Update Groups and Update Packages; clients pull updates from any available Update Package.Slide21
Client FunctionalitySlide22
The Windows Update Agent (WUA)
Downloads the update catalogScans clients for compliance
At the configured scan time
Whenever new updates are available via a deployment
Before update installation
After update installation
After a reboot following update installation
Compliance results stored in WMI by the ConfigMgr agent
Installs Updates
Can still install updates outside of ConfigMgr*Slide23
Client Processing
MP
Client
DP
WSUS
Update catalog
Update binaries
(content download)
Update deployments
(machine policy)
SUP
Compliance
ConfigMgr
Agent
Windows
Update
Agent
Compliance Scan
Compliance
(state messages)
*
* The ConfigMgr agent initiates all compliance scansSlide24
Group Policy and the client
ConfigMgr client agent sets a local group policySpecify Intranet Microsoft
u
pdate service location
Can be overwritten by domain Group Policy
Group Policy settings for Windows update are largely N/A
Reboot warnings from the WUA
Disable the Configure Automatic Updates Group Policy settingSlide25
Group Policy and
Software UpdatesSlide26
Updating the WUA
The WUA is periodically updatedNo stand-alone installer available for the latest versionsUpdated WUA must come from WSUSSlide27
User ExperienceSlide28
Let them eat cakeSlide29
Software CenterSlide30
Dos and Don’tsSlide31
Simon SaysSlide32
Take it with you
Software Updates uses WSUS but it isn’t WSUS
Automated
Deployment Rules aren’t a complete solution
User
involvement can be a good
thing
Plan your update deployment based on realistic business requirements
Know your business requirements
Communicate the process and expectationsSlide33
Evaluation
Complete your session evaluations today and enter to win prizes daily.
Provide your feedback at a CommNet kiosk or log on at
www.2013mms.com
.
Upon submission you will receive instant notification if you have won a prize.
Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer.
Entry details can be found on the MMS website.
We want to hear from you!Slide34
Resources
http://channel9.msdn.com/Events
Access MMS Online to view session recordings after the event.Slide35
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.