locked
WSUS and SCCM server setup RRS feed

  • Question

  • Hey everyone.  Just looking for a little guidance here on what is the best or preferred method for my specific setup.  Basically I have 3 locations, all spreadout throughout the state.  I will have ONE SCCM server located at our main office.  My understanding is that clients can no longer communicate with secondary sites in SCCM 2012 R2 so I will just have the one primary site at our main office and thats it.  At the other two sites I will just make those servers software update points, and distribution points.  With that being said, I want each location to download their own updates from Microsoft on their own servers (I don't want to push anything across the network to other sites).  Do I install WSUS on everything first and then install SCCM on the main server?  Its my understanding that I don't need to install SCCM on any of the other two sites because I can just make them a SUP and DP from my main site correct?  Any help is apprecited.

    P.S.  I should add that I want to install WSUS and SCCM on the same server.  It's only handling 25 clients so performance isn't a concern for me.

    Friday, August 8, 2014 8:27 PM

Answers

  • If you want to use SCCM for patch mangement, your clients do not download updates from WSUS. They download updates from the distribution point.

    With a total of approx. 60 clients, SCCM might not be the optimal solution for you and your company.

    SCCM is designed for large enterprises. The administrative overhead and the cost to maintain the solution, might not be the best solution for you...


    Ronni Pedersen | Microsoft MVP - ConfigMgr | Blogs: www.ronnipedersen.com/ and www.SCUG.dk/ | Twitter @ronnipedersen


    • Edited by Ronni PedersenMVP Friday, August 8, 2014 9:33 PM
    • Proposed as answer by Garth JonesMVP Saturday, August 23, 2014 3:04 PM
    • Marked as answer by Joyce L Tuesday, August 26, 2014 7:03 AM
    Friday, August 8, 2014 9:27 PM
  • I'd not go so far as to say to not use ConfigMgr, but I would state you would want to make sure that you spend adequate time learning the product (training course, seminars/conferences, virtual labs, product documentation, etc.) before you try to implement it so that you know how to make it do the job you want it to do. It is a complex product, but can do a ton of great things - when you know how to make it do those things.

    Yes, you would just have one Configuration Manager primary site, and could have remote software update points and distribution points. Each SUP needs WSUS before it can be deployed as a SUP.

    Even though you do not need secondary sites, your statement about clients not being able to communicate with them is incorrect. Controlling client traffic is the #1 reason that you would implement secondary sites. But again, for only 20 clients at each remote location, a secondary site isn't going to buy you that much benefit in those remote locations.


    Wally Mead

    • Proposed as answer by Garth JonesMVP Saturday, August 23, 2014 3:04 PM
    • Marked as answer by Joyce L Tuesday, August 26, 2014 7:03 AM
    Friday, August 8, 2014 11:33 PM

All replies

  • Based on the information provided, you dont need any seconday site servers or remote WSUS Servers.

    All you need is a single primary site server with all the roles you need.

    You might need Distribution points on the 2 remote locations.

    How many clients to you have on each site?


    Ronni Pedersen | Microsoft MVP - ConfigMgr | Blogs: www.ronnipedersen.com/ and www.SCUG.dk/ | Twitter @ronnipedersen

    Friday, August 8, 2014 9:22 PM
  • I've got about 20 clients at each site.  I want each location to go to their own local wsus server though to download the microsoft updates.  I don't want to push any updates across the network because we have slow connections at one of the locations so I'd prefer they all download the updates directly from microsoft and then the clients can look to the local server.
    Friday, August 8, 2014 9:24 PM
  • If you want to use SCCM for patch mangement, your clients do not download updates from WSUS. They download updates from the distribution point.

    With a total of approx. 60 clients, SCCM might not be the optimal solution for you and your company.

    SCCM is designed for large enterprises. The administrative overhead and the cost to maintain the solution, might not be the best solution for you...


    Ronni Pedersen | Microsoft MVP - ConfigMgr | Blogs: www.ronnipedersen.com/ and www.SCUG.dk/ | Twitter @ronnipedersen


    • Edited by Ronni PedersenMVP Friday, August 8, 2014 9:33 PM
    • Proposed as answer by Garth JonesMVP Saturday, August 23, 2014 3:04 PM
    • Marked as answer by Joyce L Tuesday, August 26, 2014 7:03 AM
    Friday, August 8, 2014 9:27 PM
  • I'd not go so far as to say to not use ConfigMgr, but I would state you would want to make sure that you spend adequate time learning the product (training course, seminars/conferences, virtual labs, product documentation, etc.) before you try to implement it so that you know how to make it do the job you want it to do. It is a complex product, but can do a ton of great things - when you know how to make it do those things.

    Yes, you would just have one Configuration Manager primary site, and could have remote software update points and distribution points. Each SUP needs WSUS before it can be deployed as a SUP.

    Even though you do not need secondary sites, your statement about clients not being able to communicate with them is incorrect. Controlling client traffic is the #1 reason that you would implement secondary sites. But again, for only 20 clients at each remote location, a secondary site isn't going to buy you that much benefit in those remote locations.


    Wally Mead

    • Proposed as answer by Garth JonesMVP Saturday, August 23, 2014 3:04 PM
    • Marked as answer by Joyce L Tuesday, August 26, 2014 7:03 AM
    Friday, August 8, 2014 11:33 PM
  • We already use SCCM 2007 and I've taken a 5 day training course for Administering SCCM 2012 R2, but we did not cover any implementation at the training, just administering and if you've gone from 2007 to 2012 the products are extremely different as far as implementing goes (clients can no longer talk to secondary sites, central administration sites, etc).  We use it currently for patch management, program/application installs, and mostly use it as our remote assistance tool.  For us being so spread out it is a great tool with all the reporting, VPN pushes, etc and it integrates well with our existing software.  I was just curious about the software update points.  And Wally I'll double check, but from what I got from the training you can no longer manage clients from a secondary site in 2012 R2, they changed that from 2007 supposedly, but I don't know because I don't have it implemented yet.
    Monday, August 11, 2014 2:18 PM
  • clients can no longer talk to secondary sites

    That's not true. Not much has changed from CM07 to CM12 when it comes to secondaries (the basics are still the same). Client cannot talk to a CAS - but a CAS is only needed if there are more than 100k clients to manage.

    Torsten Meringer | http://www.mssccmfaq.de

    Monday, August 11, 2014 2:33 PM
  • Correct, as stated, the primary reason for a secondary is to control client traffic. If a client could not talk to a secondary, that would really make them worthless.

    I can't think of anything that changed in a secondary from ConfigMgr 2007 to ConfigMgr 2012 that they would be implying in the class here. Something got messed up in the delivery/reception if that is what you got out of it.

    The biggest thing that changed in secondary sites is that they now use SQL Server for some stuff. But client communications have remained the same (that I can recall).


    Wally Mead

    Monday, August 11, 2014 4:35 PM