Planning for Software Updates in Configuration Manager 2012

Updated: March 15, 2011

Applies To: System Center Configuration Manager 2012

Software updates in Microsoft System Center Configuration Manager 2012 requires some planning before you implement it in a production environment. Review the following sections to help you successfully deploy software updates in your enterprise.

Capacity Planning for Software Updates

The number of supported clients is dependent on the version of Windows Server Update Services (WSUS) that runs on the software update point and on whether the software update point site system role co-exists with another site system role.

  • Up to 25,000 clients1 when WSUS 3.0 or WSUS 3.0 Service Pack 1 runs on the software update point computer.

  • Up to 25,000 clients1 when WSUS 3.0 Service Pack 2 (SP2) runs on the software update point computer and the software update point co-exists with another site system role.

  • Up to 100,000 clients2 when WSUS 3.0 SP2 runs on the software update point computer and the software update point does not co-exist with another site system role.

1To support more than 25,000 clients, the software update point can be configured to use Network Load Balancing (NLB).

2The software update point must meet the WSUS requirements to support up to 100,000 clients. For more information, see (http://go.microsoft.com/fwlink/?LinkId=164389).

Determine the Software Update Point Infrastructure

The central administration site and all primary child sites must have an active software update point to deploy software updates. You will need to determine which sites should have an Internet-based software update point, when you should configure the active software update point as an NLB cluster, and when to create an active software update point at a secondary site.

ImportantImportant
For information about the internal and external dependencies required for software updates, see Prerequisites for Software Updates in Configuration Manager 2012.

Active Software Update Point

The central administration site and all primary child sites in the Configuration Manager hierarchy must have an active software update point to support software update deployments to client devices. The software update point communicates with WSUS to configure settings and to synchronize software updates. You can configure the active software update point to accept communication from only devices on the intranet or accept communication from devices on the intranet and internet. When the active software update point is not configured to accept communication from devices on the internet, you have the option to create an internet-based software update point. You can add the software update site role to a secondary site or client computers at the secondary site can connect directly to the active software update point on the parent primary site.

Internet-Based Software Update Point

The internet-based software update point accepts communication from devices on the internet. You can only create the internet-based software update point when the active software update point is not configured to accept communication from devices on the internet. This site role must be assigned to a site system that is remote from the site server, located in a perimeter network, and accessible to internet-based devices. The internet-based software update point synchronizes with the active software update point at the same site. When connectivity between the active software update point and internet-based software update point, you can manually synchronize software updates by using the export and import process.

NLB Cluster Configured as an Active Software Update Point

Using NLB provides enhanced scalability and availability for server applications. When the number of expected clients at the site reaches capacity limitations for the active software update point, you can configure the active software update point as an NLB cluster using two or more WSUS servers. For more information about the supported capacity of the software update point, see Capacity Planning for Software Updates.

Software Update Point on a Secondary Site

The software update point is optional on a secondary site. When you install a software update point on a secondary site, the WSUS database is configured as a replica instead of an autonomous WSUS instance that is used when installing the software update point on a primary site or central administration site.

Devices assigned to a secondary site are configured to use the active software update point at the parent site when a software update point is not configured at the secondary site. Typically, you will install an active software update point at a secondary site when there is limited network bandwidth between devices assigned to the secondary site and the active software update point at the parent site or when the software update point is approaching capacity. Internet-based software update points are not supported on secondary sites. After the active software update point is successfully installed and configured on the secondary site, the Group Policy is updated on client computers and they will start using the new software update point.

See Also