Automation Server Design

Question

Everything that I've been seeing suggests having your WSUS server on a different server than your automation server.  Is this best practice or does it matter?  Are there any issues with having an automation server and WSUS server on the same VM?  Thanks.

kellytice · Accepted Answer

It shouldn't really matter as long as the WSUS is a decent machine.

Many people using Patch Manager will install the "main" Patch Manager server (sometimes called the 'Primary Application Server' or PAS) on the same box as the upstream WSUS server.

The PAS will have an Automation Server on it, but as long as the machine has enough CPU/memory, that usually works just fine.

In that particular scenario, some people would use a remote SQL server to host the Patch Manager database to help with performance, but that is just recommended - not required.

Additionally, in many environments that have downstream WSUS servers at remote sites, they will actually put an Automation Server role on each of those downstream WSUS servers; they coexist nicely usually.

-------------------------------------------

Now - one caution i would have is that if you choose to install the optional Web Console piece of Patch Manager - you probably don't want that optional Web Console piece to be on the WSUS server. It might be possible to get that type of setup to work, but it may take some work and isn't recommended.

-------------------------------------------

So, in short:

Patch Manager PAS + WSUS ---> fine, but remote SQL for PM database recommended
WSUS + Patch Manager Automation Server role ---> fine
WSUS + Patch Manager web (Orion) console ---> not recommended

Automation Server Design

Top Replies