The central site server is the primary site server at the top of the Configuration Manager hierarchy. An active software update point is configured on the central site so that software updates can be centrally managed and monitored. Many of the software updates synchronization settings are configured at the central site and not available at child sites, such as the synchronization schedule and languages synchronized for software updates summary information. The active software update point on the central site synchronizes with Microsoft Update.

All primary sites in the Configuration Manager hierarchy must have an active software update point. The child site synchronizes with the active software update point configured for the parent site. Secondary site servers can be configured with an active software update point, or client computers at the secondary site can connect directly to the active software update point on the parent primary site.

When the site is in native mode, the active software update point can be configured to accept connections from client computers both on the intranet and on the Internet or from only clients on the intranet. When Internet-based client computer connectivity is not accepted on the active software update point, an active Internet-based software update point can be created.

When a site server is in native mode, you have an option to create an Internet-based software update point that allows connectivity from Internet-based client computers. This site system server role must be assigned to a site system server that is remote to the site server and active software update point. When there are Internet-based client computers assigned to a site and the active software update point has been configured not to accept connections from Internet-based client computers or access to the site server is not possible, you must configure an active Internet-based software update point.

Note
Internet-based software update points are supported only on site systems for primary site servers. Even though the option to install an Internet-based software update point on secondary sites is available, it will not be accessed by client computers and is not supported.

For more information about installing the Internet-based software update point, see the last four steps in Administrator Checklist: Configuring the Software Update Point in a Native Mode Site.

When the active Internet-based software update point does not have connectivity to the active software update point for the site, you must use the export and import function of the WSUSUtil tool to synchronize the software update metadata. For more information, see How to Synchronize Updates Using Export and Import.

Using NLB provides enhanced scalability and availability for server applications. When the software update point is remote from the site server, WSUS supports up to 25,000 clients. Fewer clients are supported when installing the software update point on the site server, depending on the resources used on the computer. When more than the supported number of client computers will likely connect to WSUS on the active software update point site system server, an NLB cluster must be configured using two or more WSUS servers. When configuring the NLB cluster, there are several steps that must be taken. For more information, see How to Configure the Active Software Update Point Component to Use an NLB Cluster.

The client computers assigned to secondary sites will automatically be configured to use the software update point at the parent site until an active software update point site system is configured for the secondary site. Creating an active software update point at the secondary site is recommended when there is limited network bandwidth from client computers to the software update point site system running WSUS or when the number of client computers connecting to the software update point is approaching capacity. Internet-based software update points are not supported on secondary sites.

Note
Generally, if you have decided that a proxy management point is necessary at the secondary site, you might want to consider an active software update point at the site as well.

After the active software update point is successfully installed and configured on the secondary site, the Group Policy is updated on client computers and they will start using the new software update point. For more information about how to install the software update point on a secondary site, see How to Create and Configure an Active Software Update Point on a Secondary Site.

Tasks

Concepts