locked
WSUS on DMZ for SUP SCCM 2012 R2 RRS feed

  • Question

  •  

    Hi all,

    We are setting up SCCM 2012 r2 environment for production purpose and we would be having one primary . Due to security reason internet connectivity is not allowed for SCCM primary server , however we have some DMZ servers that has internet connectivity .

    My question here is

    Is it possible to have WSUS on DMZ server and SUP role in SCCM primary server ?

    Tuesday, April 29, 2014 7:11 AM

Answers

All replies

  • It is possible to install the SUP (in combination with WSUS) on your primary site server and then configure the WSUS on the DMZ server as the synchronization source.

    This scenario (and prereqs are described here, in short): http://technet.microsoft.com/en-us/library/gg712696.aspx#BKMK_WSUSSyncSource


    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

    • Proposed as answer by Jörgen NilssonMVP Tuesday, April 29, 2014 8:11 AM
    • Marked as answer by 74KMS Tuesday, April 29, 2014 10:15 AM
    • Unmarked as answer by 74KMS Tuesday, April 29, 2014 10:15 AM
    • Marked as answer by 74KMS Tuesday, April 29, 2014 10:15 AM
    Tuesday, April 29, 2014 7:45 AM
  • Thanks for you reply..

    You mean we have to install WSUS and SUP in primary site server and also install WSUS in DMZ server, then primary site server WSUS should get Sync from DMZ WSUS. Am I correct ?

    My next question is while installing SUP in SCCM primary site  , do we need give sync from an upstream data sources location as primary site WSUS or DMZ wsus ?

    Tuesday, April 29, 2014 10:22 AM
  • First statement is correct.

    Second statement is confusing. The SUP on the primary site uses the WSUS on the primary to sync with the WSUS on the DMZ (the upstream location).


    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

    • Marked as answer by 74KMS Tuesday, April 29, 2014 10:37 AM
    Tuesday, April 29, 2014 10:30 AM
  • My question is

    Whether SUP in primay site will directly contact Primary site WSUS or DMZ WSUS?

    while install SUP we need give {synchronize  from an upstream data sources location(URL) }right , there which URL need to give DMZ or primat site WSUS?

    Tuesday, April 29, 2014 10:41 AM
  • You should look at it different, a SUP is basically a layer of ConfigMgr over WSUS on the same server (in this case the primary site server). That also means that there is only one server left that can be used as your up-stream server.

    To conclude, that means that your upstream URL has to point to the WSUS on your DMZ server.


    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

    Tuesday, April 29, 2014 10:54 AM
  • How the authentication will happen from DMZ to SCCM primay domain machine ? and also in synchronize option in WSUS what port number need to give 80 or 8530 ?

    Friday, May 2, 2014 2:11 AM
  • Default WSUS installation (since Server 2012) is on port 8530 (HTTP) and port 8531 (HTTPS). So depending on the configuration of your WSUS (HTTP, or HTTPS), connect to the corresponding port.

    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

    Friday, May 2, 2014 6:25 AM
  • Thanks , Does windows file transfer need to enable ? or site server will get it from internet ?
    Thursday, May 15, 2014 9:32 AM