locked
WSUS and SCCM Architectural Question RRS feed

  • Question

  • Hi,

    We currently have a WSUS server on our estate, it manages and pushes out security updates to Windows 10 clients, all is working normally and well.

    We also have SCCM CB - SCCM is only used for application and OS deployment. No updates are deployed through SCCM, SUP is not enabled. 

    I want to enable SUP in SCCM and have it get updates from WSUS (or microsoft) but I don't want to retire and move away from using the WSUS server. I've read strange things happen to the WSUS server when you connect SCCM to it, but I'd like to know what to expect before doing so. 

    The driver for this is to better manage Windows Servicing, because - at present, i'm having to use task sequences to deploy CBB upgrades through SCCM instead of just using Windows Servicing (less work!) 

    I've been pushing to get updates deployed through SCCM, but the business pushes back on it, (due to WSUS working well) I understand CBB upgrades can be done through WSUS but not for me, it's better to do through SCCM due to having more control over it.

    I don't currently have a through understanding of how a WSUS server and SCCM server work on the estate, can anyone provide some experience or info?


    Many thanks.

    Wednesday, September 26, 2018 3:42 PM

Answers

  • > "(less work!) "

    Not necessarily. Windows 10 Servicing does not and cannot (easily and gracefully) account for many common issues that occur in enterprises when upgrading Windows 10 like language packs, drivers, and application removal/reinstallation to name a few.

    > "CBB "

    This is called Semi-annual Channel now.

    This article should get you started: https://home.configmgrftw.com/software-update-point-facts/


    Jason | https://home.configmgrftw.com | @jasonsandys

    • Proposed as answer by Dan Padgett Wednesday, September 26, 2018 7:21 PM
    • Marked as answer by JohnLB_9 Friday, September 28, 2018 9:16 AM
    Wednesday, September 26, 2018 6:48 PM

All replies

  • > "(less work!) "

    Not necessarily. Windows 10 Servicing does not and cannot (easily and gracefully) account for many common issues that occur in enterprises when upgrading Windows 10 like language packs, drivers, and application removal/reinstallation to name a few.

    > "CBB "

    This is called Semi-annual Channel now.

    This article should get you started: https://home.configmgrftw.com/software-update-point-facts/


    Jason | https://home.configmgrftw.com | @jasonsandys

    • Proposed as answer by Dan Padgett Wednesday, September 26, 2018 7:21 PM
    • Marked as answer by JohnLB_9 Friday, September 28, 2018 9:16 AM
    Wednesday, September 26, 2018 6:48 PM
  • Hello,
     
    In SCCM, SUP is used for managing updates through interacting with WSUS. But if you already have a standalone WSUS server, it is not supported to install the software update point site system role on it or using a software update point to directly manage WSUS clients. Existing WSUS servers are only supported as upstream synchronization sources for the active software update point. 
     
    https://docs.microsoft.com/en-us/sccm/sum/get-started/install-a-software-update-point
     
    Best Regards,
    Ray

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 27, 2018 6:05 AM
  • Indeed... I like to dis-illusion myself from time to time. I was being a bit tongue in cheek when I said "less work" 

    I've already had to navigate a number of incompatibility issues but fortunately for now - no major application problems. We use McAfee encryption and virusscan enterprise.. 

    https://kc.mcafee.com/corporate/index?page=content&id=KB89000

    which we're not currently on the right version for yet.. oh Bitlocker where art thou.

    Thanks for the links and coming back to me.

    Friday, September 28, 2018 9:16 AM
  • You confirmed what I suspected, thanks.

    Friday, September 28, 2018 9:16 AM
  • > Indeed... I like to dis-illusion myself from time to time. I was being a bit tongue in cheek when I said "less work" 

    Well, theoretically, it certainly should be less work, it just doesn't usually work out that way in an enterprise.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Friday, September 28, 2018 2:43 PM