Software Updates Zen - PowerPoint Presentation

Slide1
Slide2

Software Updates Zen

Jason SandysPrincipal ConsultantCatapult Systems

UD-B405Slide3

Overview

Infrastructure Requirements and OperationsUpdate DeploymentClient Functionality

User Experience

Dos and Don’tsSlide4

Software Update considerations

Define service level agreement with the “business”Include test and pilot phases

Understand the implications of rebooting and not rebooting

Know system dependencies and design with them in mind

Account

for expectations

Document the process

Automate the processSlide5

Infrastructure Requirements and OperationsSlide6

Requires Windows Server Update Services (WSUS)

Must be on the top-level site and all primary sites where you wish to manage updates on clientsOnly manages the software update catalog (and EULAs)

Does not download or distri

b

ute update binaries to clients

The Software Update PointSlide7

Windows Update / Microsoft Update (WU/MU)

Updated twice a month (normally)Does not contain every possible Microsoft UpdateThe Windows Update CatalogSlide8

The update catalog in a hierarchy

WSUS

SUP

WSUS

Microsoft

WSUS

SUP

Parent

Child

DB

DB

Using an upstream WSUS server in new in 2012 SP1

Clients

Clients

Parent can be a CAS (no clients) or a primary site

Child can be a primary (if the parent is a CAS) or a secondarySlide9

Multiple SUPs

New for 2012 SP1Replaces Network Load BalancingIs for availability and cross forest scenarios only

SUP selection by client is random and not location aware

Failover based on four unsuccessful scan attempts

Clients do not failbackSlide10

Multiple SUPs in a primary site

WSUS

SUP

WSUS

Microsoft

WSUS

SUP

SUP 1

SUP 2

WSUS

DB

ClientsSlide11

Update binaries

Updates download by clients from DPs (like all content in ConfigMgr)Clients only download assigned and applicable updates

Client pre-cache binaries for required updatesSlide12

Update binary flow

Site

Server

Microsoft

Clients

DP

Console

Content

Library

Update

Package

Source

Folder

ADR

ManualSlide13

Update DeploymentSlide14

Update ObjectsSlide15

Automated Deployment Rules (ADR)

ADRs create or updateSoftware Update Groups

Update Deployments

Update Packages

ADRs do not deploy/install/distribute updates

ADRs run on a schedule (or manually)

ADRs automate the grunt workSlide16

ADR CreationSlide17

ADR Limitations

Cannot change an ADR’s update package (in the UI)

ADR search criteria is not as rich as console searching

ADRs create mandatory deployments only

ADRs only create or update one deployment

ADRs do not deploy updatesSlide18

Update schedulingSlide19

Update scheduling examples

Group A

Group B

Exceptions

No maintenance windows

Software

Update

Group(s)

Deployments

Group A

Group B

Exceptions

Deployment

Master

Limited

Maintenance windows

Maintenance windows appliedSlide20

How many (general guidelines)?

There is no relationship between Software Update Groups and Update Packages; clients pull updates from any available Update Package.Slide21

Client FunctionalitySlide22

The Windows Update Agent (WUA)

Downloads the update catalogScans clients for compliance

At the configured scan time

Whenever new updates are available via a deployment

Before update installation

After update installation

After a reboot following update installation

Compliance results stored in WMI by the ConfigMgr agent

Installs Updates

Can still install updates outside of ConfigMgr*Slide23

Client Processing

MP

Client

DP

WSUS

Update catalog

Update binaries

(content download)

Update deployments

(machine policy)

SUP

Compliance

ConfigMgr

Agent

Windows

Update

Agent

Compliance Scan

Compliance

(state messages)

*

* The ConfigMgr agent initiates all compliance scansSlide24

Group Policy and the client

ConfigMgr client agent sets a local group policySpecify Intranet Microsoft

u

pdate service location

Can be overwritten by domain Group Policy

Group Policy settings for Windows update are largely N/A

Reboot warnings from the WUA

Disable the Configure Automatic Updates Group Policy settingSlide25

Group Policy and

Software UpdatesSlide26

Updating the WUA

The WUA is periodically updatedNo stand-alone installer available for the latest versionsUpdated WUA must come from WSUSSlide27

User ExperienceSlide28

Let them eat cakeSlide29

Software CenterSlide30

Dos and Don’tsSlide31

Simon SaysSlide32

Take it with you

Software Updates uses WSUS but it isn’t WSUS

Automated

Deployment Rules aren’t a complete solution

User

involvement can be a good

thing

Plan your update deployment based on realistic business requirements

Know your business requirements

Communicate the process and expectationsSlide33

Evaluation

Complete your session evaluations today and enter to win prizes daily.

Provide your feedback at a CommNet kiosk or log on at

www.2013mms.com

.

Upon submission you will receive instant notification if you have won a prize.

Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer.

Entry details can be found on the MMS website.

We want to hear from you!Slide34

Resources

http://channel9.msdn.com/Events

Access MMS Online to view session recordings after the event.Slide35

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.