Software Update Services Overhauled
- By Scott Bekker
LAS VEGAS -- Software Update Services 2.0, Microsoft's next release of a patch management technology for small and medium organizations, is getting a major overhaul and a new name -- Windows Update Services. Changes hit several important areas including the power of the tool, the range of Microsoft products it provides patches for and its underlying architecture, which will be a foundation for Microsoft's other patching technologies. It will continue to be delivered as a free add-on.
Microsoft positions its patch distribution technologies in three tiers -- Windows Update for consumers and very small businesses or telecommuters, Windows Update Services for small and medium-sized organization and Systems Management Server for large or complex organizations.
Windows Update Services runs as a server in an organization. It downloads patches and updates from Microsoft's Windows Update and Microsoft Update and acts as the repository for those patches within an organization, giving administrators control over which patches are sent to end-user and server systems and when. It can run on Windows 2000, Windows Server 2003 or Windows XP.
Microsoft chose to rename the technology because SUS hadn't gained much mindshare as a brand and was often confused with the SMS abbreviation for Systems Management Server. The company also wanted to reinforce the product's standing as a component of Windows Server. It has been and will continue to be offered as a free add-on for Windows servers, and it will be integrated into the baseline server in a future release.
More important than the new name are a raft of feature enhancements. Microsoft is greatly expanding support for the types of Microsoft patches it supports. In addition to Windows patches, administrators can choose to use WUS to pull patches from Microsoft for Office XP, Office 2003, SQL Server 2000, MSDE 2000 and Exchange Server 2003. After selecting operating system and applications, administrators will have the ability to select by checkbox what types of information to download from service packs to security patches to drivers and other things.
Initially SUS did not support creating target groups of systems; Microsoft chose to reserve that level of functionality for SMS. However, in WUS, administrators will be able to create target groups of systems for different patches. Those target groups can either be pulled from Active Directory or maintained on WUS in non-Active Directory environments.
Some limited reporting on the progress of patch installation across an organization is also being added. "This is a huge step forward from SUS where people had basically no reporting at all," said Bob Muglia, Microsoft senior vice president of the Windows Division.
Microsoft is releasing a limited beta of Windows Update Services this week. A broader beta is planned for this summer and the completed version is supposed to ship later this year.
From a marketing perspective, WUS is something of a stopgap, filling a hole in Microsoft's patching technologies between home users (served by Windows Update) and enterprises (served by SMS). But from a technology perspective, WUS is much more important. Microsoft is standardizing on the patch scanning engine that it built for WUS. A frequent customer complaint is that users who run Microsoft's various vulnerability scanning tools against the same systems get different results. That problem will be addressed in two phases. First, Microsoft will unify its catalogs in the second half of 2004 with the delivery of WUS and SMS 2003 Service Pack 1, so the two products will begin returning similar results. But the company is aiming for a less superficial response further out. The WUS scanning engine will be used in Microsoft Baseline Security Analyzer 2.0 (MBSA 2.0), which will later be incorporated into SMS. Similarly, Microsoft is making an investment in an API for WUS to allow other products to leverage the Windows service.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.