Out with SUS, in with WUS

Dramatic update to software updating services

Forget Software Update Services 2.0. It's Windows Update Services now; WUS for short.

Microsoft announced the new name and details of the overhaul of the free add-on for Windows server customers at its Microsoft Management Summit in March. WUS will enter broad beta this summer and should ship sometime in the second half of this year.

In case you've lost track, or never figured out what SUS/WUS was for in the first place, it's Microsoft's patch distribution technology for small and medium-sized organizations. Microsoft positions its patch distribution technologies in three tiers: Windows Update for consumers and very small businesses or telecommuters, WUS for small and medium-sized organization and Systems Management Server (SMS) for large or complex organizations.

WUS runs as a server in an organization. It downloads patches and updates from Microsoft's Windows Update and Microsoft Update and acts as the repository for those patches within an organization, giving administrators control over which patches are sent to end-user and server systems and when. It runs on Windows 2000, Windows Server 2003 and Windows XP.
Changes between SUS and WUS hit several important areas, including the power of the tool, the range of Microsoft products it provides patches for and its underlying architecture, which will be a foundation for the company's other patching technologies in the future.

In addition to Windows patches, administrators will be able to choose to use WUS to pull patches from Microsoft for Office XP, Office 2003, SQL Server 2000, MSDE 2000 and Exchange Server 2003. After selecting operating system and applications, administrators will have the ability to select by checkbox what types of information to download, from service packs to security patches to drivers and other things.

Initially, SUS didn't support creating target groups of systems to be updated; Microsoft chose to reserve that level of functionality for SMS. In WUS, administrators will be able to create target groups of systems for different patches. Those target groups can either be pulled from Active Directory or maintained on WUS in non-AD environments. Some limited reporting on the progress of patch installation across an organization is also being added.

From a usage perspective, WUS is a stopgap, filling a hole in Microsoft's patching technologies between home users (served by Windows Update) and enterprises (served by SMS). But from a technology perspective, WUS is much more important. Microsoft is standardizing on the patch scanning engine that it built for WUS. A frequent customer complaint is that users who run Microsoft's various vulnerability scanning tools against the same systems get different results.

That problem will be addressed in two phases. First, Microsoft will unify its catalogs in the second half of 2004 with the delivery of WUS and SMS 2003 Service Pack 1, so the two products will begin returning similar results. But the company is aiming for a less superficial response further out. The WUS scanning engine will be used in Microsoft Baseline Security Analyzer 2.0 (MBSA 2.0), which will later be incorporated into SMS. Similarly, Microsoft is making an investment in an API for WUS to allow third-party products to leverage the Windows service.

One thing isn't changingthe price. It's still free for those who have plunked down the money for a Windows license in the first place.

[This article originally appeared on as "Software Update Services Overhauled" on March 17, 2004.—Editor]

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


comments powered by Disqus

Subscribe on YouTube