Out with SUS, in with WUS
Dramatic update to software updating services
Forget Software Update Services 2.0. It's Windows Update Services now;
WUS for short.
Microsoft announced the new name and details of the overhaul of the free
add-on for Windows server customers at its Microsoft Management Summit
in March. WUS will enter broad beta this summer and should ship sometime
in the second half of this year.
In case you've lost track, or never figured out what SUS/WUS was for
in the first place, it's Microsoft's patch distribution technology for
small and medium-sized organizations. Microsoft positions its patch distribution
technologies in three tiers: Windows Update for consumers and very small
businesses or telecommuters, WUS for small and medium-sized organization
and Systems Management Server (SMS) for large or complex organizations.
WUS runs as a server in an organization. It downloads patches and updates
from Microsoft's Windows Update and Microsoft Update and acts as the repository
for those patches within an organization, giving administrators control
over which patches are sent to end-user and server systems and when. It
runs on Windows 2000, Windows Server 2003 and Windows XP.
Changes between SUS and WUS hit several important areas, including the
power of the tool, the range of Microsoft products it provides patches
for and its underlying architecture, which will be a foundation for the
company's other patching technologies in the future.
In addition to Windows patches, administrators will be able to choose
to use WUS to pull patches from Microsoft for Office XP, Office 2003,
SQL Server 2000, MSDE 2000 and Exchange Server 2003. After selecting operating
system and applications, administrators will have the ability to select
by checkbox what types of information to download, from service packs
to security patches to drivers and other things.
Initially, SUS didn't support creating target groups of systems to be
updated; Microsoft chose to reserve that level of functionality for SMS.
In WUS, administrators will be able to create target groups of systems
for different patches. Those target groups can either be pulled from Active
Directory or maintained on WUS in non-AD environments. Some limited reporting
on the progress of patch installation across an organization is also being
From a usage perspective, WUS is a stopgap, filling a hole in Microsoft's
patching technologies between home users (served by Windows Update) and
enterprises (served by SMS). But from a technology perspective, WUS is
much more important. Microsoft is standardizing on the patch scanning
engine that it built for WUS. A frequent customer complaint is that users
who run Microsoft's various vulnerability scanning tools against the same
systems get different results.
That problem will be addressed in two phases. First, Microsoft will unify
its catalogs in the second half of 2004 with the delivery of WUS and SMS
2003 Service Pack 1, so the two products will begin returning similar
results. But the company is aiming for a less superficial response further
out. The WUS scanning engine will be used in Microsoft Baseline Security
Analyzer 2.0 (MBSA 2.0), which will later be incorporated into SMS. Similarly,
Microsoft is making an investment in an API for WUS to allow third-party
products to leverage the Windows service.
One thing isn't changingthe price. It's still free for those
who have plunked down the money for a Windows license in the first place.
[This article originally appeared on ENTmag.com as "Software
Update Services Overhauled" on March 17, 2004.Editor]
Scott Bekker is editor in chief of Redmond Channel Partner magazine.