Windows Patch Management, SUS Feature Pack (Architectural Review)
Thus far, our Windows Patch Management series has limited its scope to patch management solutions. While this approach is valid in some cases, many organizations seek products that provide more comprehensive capabilities, including asset inventory, software deployment, license monitoring, and remote control functionality. To accommodate these needs, Microsoft developed the Software Update Services Feature Pack, which installs as an add-on to its popular class management solution Systems Management Server 2.0 (SMS 2.0). It also incorporated its functionality directly into Systems Management Server 2003.Microsoft's SUS Feature Pack aims to meet a broad spectrum of enterprise needs, including asset inventory, software deployment, and license monitoring. We dissect the key improvements and components in the latest release.
This article focuses on the Software Update Services Feature Pack.
Systems Management Server 2.0's features cover a wide administrative spectrum, including hardware and software inventory, software distribution and metering, remote and network diagnostic tools, and reporting. Robust and customizable software distribution mechanisms include flexible scheduling, targeting based on characteristics derived from Active Directory or hardware/software inventory, and detailed status information. Highly scalable architecture, which functions well in practically any Windows environment, regardless of size, is based on a hierarchy consisting of groups (called sites, typically designated areas sharing fast network links) of SMS servers functioning in various roles (such as providing inventory database store and processing power, communicating with clients, monitoring license usage, and storing and replicating software installation packages) and collections of client computers running SMS agents.
Even though deploying Windows updates via traditional SMS 2.0 software distribution methods is possible, the process is time consuming and error prone. Microsoft decided to leverage existing functionality and create a group of add-ins to automate patch deployment. The software was released in November 2002 with the name "Software Update Services Feature Pack for SMS 2.0" (SUS Feature Pack). the similar naming, the SUS Feature Pack is not based the same technology as the Software Update Services described in the previous two articles. It also offers a number of significant advantages over the SUS solution. Its successor, the forthcoming upcoming Windows Update Services, will aim to narrow this gap.
SUS Feature Pack includes the following improvements:
- Deployment of software updates to all client SMS-2.0-supported operating system (SUS 1.x covers only Windows 2000, 2003, and XP), including MS Office updates
- Selective targeting of automatically populated collections of clients sharing common, arbitrarily selected criteria, such as type of system (server vs. workstation), location (based on IP subnet), operating system, and service pack level
- Powerful centralized administration, with flexible scheduling capabilities
- Detailed status reporting and inventory capabilities
- The ability to perform testing and pilot multistaged rollouts and rollbacks
While SUS Feature Pack leverages the entire SMS infrastructure, its primary operations take place in three specific areas SMS Site server (the first one installed in any SMS site and serving as a focal point for control and communication with other SMS servers in the same site), SMS clients, and a designated computer (or group of computers) with an Internet connection responsible for communicating with the Microsoft Windows Update Web site. SUS Feature Pack is available free of charge (beyond the cost of SMS 2.0) as a self-extracting executable SMSSUSFP_enu.exe from the SMS 2.0 portion of the Microsoft Web site.