Deploying Windows XP Service Pack 2 using Software Update Services. Published: August 1. On This Page. Introduction. Key benefits of using SUS to deploy Windows XP SP2. Situation overview. Factors to consider when using SUS to deploy Windows XP SP2 Overall recommendations. Summary. Introduction. Windows XP Service Pack 2 (SP2) contains major security improvements designed to provide better protection against hackers, viruses, and worms. Windows XP SP2 also improves the manageability of the security features in Windows XP and provides more and better information to help users make decisions that may potentially affect their security and privacy. Microsoft strongly urges customers with Windows XP and Windows XP Service Pack 1- based systems to update to Windows XP SP2 as soon as possible. As a best- practice approach to implementing a managed rollout of Windows XP SP2, customers are encouraged to use a corporate update management solution such as Systems Management Server (SMS) 2. Software Update Services (SUS). The following section details considerations for deploying Windows XP SP2 using SUS. Key benefits of using SUS to deploy Windows XP SP2. Allow administrators to control the deployment Windows XP SP2 (as well as other updates) across their Windows systems. Allow customers to safely disable direct Automatic Updates (AU) or Windows Update (WU) access from individual systems, while allowing these systems to get the necessary critical security updates and other administrator- approved updates. SUS will automatically and silently install Windows XP SP2, while installation of Windows XP SP2 via WU or AU requires user or administrator interaction on each system. Dramatically reduces network traffic into the organization, since updates only need to be downloaded to one or a small number of servers within the organization, instead of being downloaded separately to each system requiring the update. More information on SUS is available at www. Situation overview. Because Windows XP SP2 is a relatively large update (approximately 2. MB), SUS administrators need to consider the impact on internal network traffic and on the machine on which the SUS server is running. For the vast majority of SUS implementations, server and network load will not be a concern and SUS administrators will not have to take mitigation actions described below, although it is recommended that the SUS administrator monitor the performance and load on the SUS server when the update is initially approved. Under ideal conditions for a dedicated SUS server, assuming a 1. Mbps server network card capacity with 2. SUS client to download the Windows XP SP2 update from the server. This translates to 2. While this is the theoretical number of clients that can be supported in a 2.
These include: SUS clients contact the server at randomized intervals of between 1. Hence, the client synchronizations are not serialized and it is likely that more than one client will contact the server at the same time, particularly in environments that have a large number of SUS clients. If the SUS client machine is turned off when it is scheduled to contact the server, it will attempt to contact the SUS server approximately 1. Because many systems would typically be turned on around the beginning of the work day or the start of a work shift, an unusually high number of clients (relative the volume of clients contacting the server through the rest of the day) would attempt to contact the SUS server at this time. Although clients that cannot be serviced by the SUS server because of capacity limitations will attempt to contact the server again after approximately 5 hours, this overload situation will result in slowing down the server and generating additional network overhead. The following section provides guidance to prevent this situation from occurring. Factors to consider when using SUS to deploy Windows XP SP2 Number of Windows XP systems configured to use a SUS server. Client operating systems Latest update or service pack End of mainstream support End of extended support; Windows Vista : Service Pack 2: April 10, 2012.Bandwidth capacity of the SUS server machine’s network card or network connection Whether the SUS server machine is running other services (e. Available network bandwidth for deploying Windows XP SP2 (if this is less than the bandwidth capacity of the SUS server machine) The following guidance is provided for the minimum SUS server configuration – Intel P7. MB RAM and a 1. 00 Mbps network card and network connection, which is dedicated to running the SUS server (no domain controller, etc.) and is on a network where the available bandwidth exceeds the bandwidth capacity of the server’s network card. If your SUS server machines is running additional services or the available network capacity is less than the server network card capacity, you will need to adjust this guidance to reflect your situation. Overall recommendations. There are essentially three options, depending on the number of Windows XP systems to be updated using your SUS server (if you have one or a few SUS servers) and the topology of your SUS implementation (if you have many SUS servers): No action is necessary if you have less than 2. Windows XP machines that need to be updated with Windows XP SP2 per SUS server. Because Windows XP SP2 is a relatively large update (approximately 270 MB), SUS administrators need to consider the impact on internal. Use the limited- time approval technique described below if you have between 2. Windows XP machines that need to be updated with Windows XP SP2 via the SUS server Implement one of the following bandwidth throttling mechanisms if you need to control the maximum bandwidth used to deploy Windows XP SP2 using SUS: Limit the maximum number of concurrent connections and maximum bandwidth served on SUS IIS server. Limit the maximum bandwidth used by SUS clients to download SUS content by configuring BITS (Background Intelligent Transfer Service) 2. For the first (no action necessary) option, it is recommended that the SUS administrator monitor the server load when the update is first approved and for the first hour of the work day or first work shift after the Windows XP SP2 update has been approved. The limited- time approval technique works by limiting the number of SUS clients that see the Windows XP SP2 update on the list of approved updates when they contact the SUS server on any given day while this technique is in use, thereby controlling the number of clients that are serviced per day and limiting the server load and additional network overhead (retry attempts, etc.). The third set of options works by limiting the bandwidth used by the SUS implementation, thereby controlling the load on the server and the network. Note: Limiting the load on the SUS server or the network via the options described here will result in it taking longer for all the Windows XP systems to be updated, because the bottleneck is the server load. The guidance provided below for each option is based on the same server load assumption, so it should take approximately the same length of time to deploy Windows XP SP2 irrespective of the option implemented. The following table summarizes the options for the various situations: Option. Do nothing. Use the limited- time approval technique. Implement bandwidth throttling using IIS or BITS 2. Windows XP systems per SUS server. Less than 2. 00. 0Between 2. Typically more than 1. SUS server implementation. SUS servers. One or a few. One or a few. Many. Key requirement. None. Daily SUS administrator intervention, until the number of Windows XP systems left to be updated is less than 2. Configuration of IIS or BITS before approving Windows XP SP2 and resetting the configuration, after fewer than 2. Note: If the bottleneck is the SUS server, one option to address the situation is to add one or more SUS servers (most easily implemented behind a load- balanced network). Limited- time approval technique. This technique relies on the SUS administrator to approve and then un- approve the Windows XP SP2 update on the SUS server on a daily basis, until the number of Windows XP systems that have not received the SP2 update is less than 2. Because the update is only approved for a limited time each day, only a subset of the SUS clients contacting the server on a given day will see the update marked as . SUS clients that contact the server outside this time period will not see the SP2 update in the list of approved updates on the SUS server and will therefore not attempt to download it. This also gives the SUS server time to finish servicing the clients that contacted it during the approval window before a new set of clients attempt to download SP2 when it is re- approved the next day. This is a manual but easily implemented mechanism to control the load on the SUS server and requires no additional infrastructure configuration or testing. SUS administrators can use the following formula to calculate the amount of time for which to approve the Windows XP SP2 update on each day. TA = 2. 40. 00 / (NXP – (1. NDE))Where. TA = Amount of time (in hours) the update needs to be marked as . Using this technique, it is estimated that between 1. SUS client machines will get the Windows XP SP2 update per day. You may monitor the SUS server using performance counters or the Task Manager and increase the length of the approval windows if you determine the load on your SUS server is not high. Increasing the length of the approval windows will allow more clients to download Windows XP SP2 on a daily basis and reduce the time required to update all your Windows XP machines, but increasing the windows beyond a certain threshold (which will vary due to unique factors in your environment) will cause server overload and unnecessary network overhead which will result in increasing rather than decreasing the time required to update all your Windows XP machines.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |