Planning a Distributed WSUS Deployment

by Chris Sanders [Published on 11 Jan. 2007 / Last Updated on 11 Jan. 2007]

When you our managing a LAN/WAN that is veritably spread out, you may want to consider a distributed approach to SUS/WSUS deployment.

Microsoft Windows Software Update Services, or WSUS, is an application that allows group policy driven automatic deployment of Microsoft product updates. It is usually a given when planning a WSUS deployment that you let it reside on its own dedicated server. This is due to the sheer size of all the Windows services packs and hotfixes residing on the server as well as the large amounts of hard disk I/O experienced when deploying these updates.

This being the case, the common downfall in planning a WSUS deployment is not underestimated the physical server requirements, but rather the bandwidth requirements of the installation. WSUS was designed with these type of environments in mind and allows for a distributed environment in which one WSUS server acts as the master and all outlying WSUS servers act as slaves.

In any situation where you have a significant number of clients connected to your main network segment via a slower link you will want to consider this master-slave setup in order to be able to effectively deliver Microsoft updates.

For more information on setting up WSUS in a distributed environment, see the Microsoft WSUS deployment guide at

See Also

The Author — Chris Sanders

Chris Sanders is a network security analyst for EWA Government Systems Inc. Chris is the author of the book Practical Packet Analysis as well as several technical articles. His personal website at contains a great deal of information, articles, and guides related to network administration, network security, packet analysis, and general information technology.

Featured Links