One of the ongoing challenges with the release of WSUS for Windows Server 2012 (Win2012) was how to remotely administer the WSUS server. Currently, a WSUS server installed on Windows Server 2012 (also known as WSUS v6) can only be remotely administered from a Windows 8 or Win2012 system. This is a result of dependencies in the console infrastructure that cannot (or at least, will not) be rolled back to Windows 7 systems, and that introduces a very significant challenge for organizations who would like to migrate to WSUS v6: They also have to install Windows 8 or an additional Windows Server 2012, just to have a remote console.
With the release of SolarWinds Patch Manager (SPM) v1.85 on Jan 22, 2013, SPM now brings a unique capability to the WSUS environment: The ability to manage both WSUS v3 and WSUS v6 servers from a Patch Manager remote console installed on Windows 7.
To clarify: WSUS v6 is the version of WSUS that ships with (Win2012), as compared to WSUS v3 which is the version of WSUS available for Windows Server 2008 R2, Windows Server 2008 SP2, and Windows Server 2003 SP2. Unless otherwise specified, this entire article refers exclusively to WSUS v6.
There are five scenarios in which SPM can be implemented to remotely administer a WSUS v6 server from Windows 7. I’m going to present them in what I believe is the optimal order of choice:
- Install the primary SPM server on a Win2012 system.
- Install a secondary Automation Role server on a Win2012 system.
- Install a secondary Automation Role server on the WSUS system.
- Install the primary SPM server on the WSUS system.
- Install a secondary Automation Role server on a Windows 8 workstation.
Install the primary SPM server on a Win 2012 system
If you’re installing a new instance of SPM you should consider installing it on Win2012. When SPM is installed on Win2012, the installer will automatically install the console components of WSUS. This functionally is identical to how SPM has installed the WSUS v3 console on pre-Win2012 systems. Register the new WSUS server and you’re ready to go.
Install a secondary Automation Role server on a Win2012 system
If you already have SPM implemented in your environment, it may not be desirable to migrate your existing primary server (PAS) just to get WSUS v6 manageability. As an alternative, after upgrading your existing PAS to v1.85, you can install an Automation Role server on a Win2012 system. The installation of the Automation Role will also install the WSUS console components. Register the WSUS server after the installation is completed. One additional step is required within SPM: You will need to create an Automation Server Routing Rule for the WSUS server to ensure it is managed by the Automation Role installed on the Win2012 system. (For more information about Automation Role servers and Automation Server Routing Rules, also see Chapter 14 of the Patch Manager Administrator Guide.)
Install a secondary Automation Role server on the WSUS system
If you don’t have another available Win2012 instance, you can also install the Automation Role onto the WSUS system. Register the WSUS server after the installation is complete, and create the Automation Server Routing Rule for the WSUS system.
Install the primary SPM server on the WSUS v6 system
As a last resort – you can install SPM on the same system as WSUS v6. Ideally in this scenario, both WSUS and SPM will use a back-end SQL Server database server. However, the WSUS v6 scenario brings one additional complication to the table. While SPM v1.85 is supported with SQL Server 2012 (SQL2012), as of this moment, WSUS is not supported with SQL2012. If you choose to use a remote SQL Server for both WSUS and Patch Manager, you must use an instance of SQL Server 2008 R2 SP1.
Install a secondary Automation Role server on a Windows 8 workstation
If you don’t have an additional Win2012 system, and do not wish to install SPM on the WSUS system or already have a PAS deployed, the Automation Role server can also be installed onto a Windows 8 system. In this instance, the SPM installer will download and install the Remote Server Administration Tools (RSAT) for Win2012 in order to provide access to the WSUS console. As with the other secondary server options, you will also need to configure an Automation Server Routing Rule.
The WSUS v6 server will appear in every Patch Manager console along with any existing WSUS v3 servers in the Update Services node.
To download Patch Manager v1.85, existing maintenance customers will find it available in the Customer Portal. A free 30-day evaluation of Patch Manager v1.85 is also available from the SolarWinds website.