WSUS Scaling to 75K users to a cenral location?
i'm looking @ might take deploy wsus ~75k machines connected to 1 central location on locked down 512k-1mbit managed, private vpn link (no split tunnel, or direct internet access allowed).
these machines independant, or @ best in small workgroups, not in domain, , few (< 5) in 1 physical location, rules out branch level wsus servers.
i realize have deploy registry changes hand, or more likely via a .reg file that's distributed, since config via gpos out of question.
right pulling updates on public schedule between 17:00 , 22:00 direct ms. if choke bandwidth down, 75k times reasonable like, 100kps still lot of gigabits to move when major service pack comes out. i'm worried next big sp could saturate both vpn devices , our > 1 gig internet connection. i'd not save on internet bandwidth, spread out patch downloads clients across 24-48 hour period (by creating different group) instead of default 5 hour period.
is there guidance on how many subscribers single wsus instance can handle on commonly avalible dedicated server (dual quad core 3 ghz, 16 gb ram). windows 2008 core picked max capacity on each box. i've done digging on technet , haven't found lot on wsus scaling.
i'm looking @ design machine dedicated the master, , guessing need several dedicated slave wsus servers serve content many machines, how many? war stories or whitepapers deployments of size greately appreciated, or know of way to simulate wsus load in lab?
thanks.
these machines independant, or @ best in small workgroups, not in domain, , few (< 5) in 1 physical location, rules out branch level wsus servers.
i realize have deploy registry changes hand, or more likely via a .reg file that's distributed, since config via gpos out of question.
right pulling updates on public schedule between 17:00 , 22:00 direct ms. if choke bandwidth down, 75k times reasonable like, 100kps still lot of gigabits to move when major service pack comes out. i'm worried next big sp could saturate both vpn devices , our > 1 gig internet connection. i'd not save on internet bandwidth, spread out patch downloads clients across 24-48 hour period (by creating different group) instead of default 5 hour period.
is there guidance on how many subscribers single wsus instance can handle on commonly avalible dedicated server (dual quad core 3 ghz, 16 gb ram). windows 2008 core picked max capacity on each box. i've done digging on technet , haven't found lot on wsus scaling.
i'm looking @ design machine dedicated the master, , guessing need several dedicated slave wsus servers serve content many machines, how many? war stories or whitepapers deployments of size greately appreciated, or know of way to simulate wsus load in lab?
thanks.
i'm looking @ might take deploy wsus ~75k machines connected to 1 central location on locked down 512k-1mbit managed, private vpn link (no split tunnel, or direct internet access allowed).single multi-core x64 wsus server can handle load of 75k clients; however, research suggests 5kb/sec per client necessary support connectivity remote sites rollout of update deployment -- 75k clients demand bandwidth in half gigabit range! (75k * 5k = 375mb)
right pulling updates on public schedule between 17:00 , 22:00 direct ms.i'm not sure how interpret meaning in statement. statement implies believe downloads ocurring between 5pm , 10pm, , can assure not case. detection interval parameter configured number of hours of next detection last successful detection - default every 17-22 hours. net effect (and design) of system clients download content around clock.
even if choke bandwidth down, 75k times reasonable like, 100kps still lot of gigabits to move when major service pack comes out.did analysis several years ago xp service pack 2 (235mb), , determined deployment of service pack across wan connection required 10kb/sec of bandwidth per client deploy service pack clients within space of 3 day weekend, suggest you'd need bandwidth approaching full gigabit range service pack rollout within single weekend.
i'm worried next big sp saturate both vpn devices , our > 1 gig internet connection. i'd not save on internet bandwidth, spread out patch downloads clients across 24-48 hour period (by creating different group)wait, i'm confused. if have locked megabit private link support remote sites, other 999 megabits of gigabit internet connection irrelevant.
however, staggering membership in remote sites multiple groups , approving/deploying update across multiple weekends, rather attempting 75k machines in single event, solution need crafted.
instead of default 5 hour period.statement, again, suggests misunderstanding of behavior of windows update agent regard detection/download/installation process.
is there guidance on how many subscribers single wsus instance can handle on commonly avalible dedicated server (dual quad core 3 ghz, 16 gb ram).guidance, wsus deployment guide describes minimum system requirements support 100k clients on single server 7 hour detection -- , 7 hour detection more sufficient remote clients (i'd suggest 12-18 hour detections remote clients.) -- presumes gigabit network connectivity , lan-based clients. we've noted, actual bottleneck in wsus deployment remote clients available wan bandwidth.
windows 2008 core picked max capacity on each box.windows server 2008 core not deployment option wsus, wsus requires installation of .net framework v2.0 , server core not support installation of .net framework.
i've done digging on technet , haven't found lot on wsus scaling.wsus deployment guide place start.
i'm looking @ design machine dedicated the master, , guessing need several dedicated slave wsus servers serve content many machines, how many?number of replica servers might need driven how can segregate groupings of remote clients , bandwidth available within groupings. given bandwidth constraints, it's highly unlikely you'd exceed capacity of single wsus server; however, large number of clients such this, there advantages in deploying replica servers.
one advantage having administration , reporting on dedicated machine, not servicing clients. second advantage configure nlb replica cluster (with back-end database server), provide fault-tolerance and/or load-balancing. while wsus server being offline organization can survive few days -- when we're talking managing deployments 75k clients, "few days" becomes critical loss of resource availability.
lawrence garvin, m.s., mcitp:ea, mcdba, mcsa
principal/cto, onsite technology solutions, houston, texas
microsoft mvp - software distribution (2005-2010)
mvp profile: http://mvp.support.microsoft.com/profile/lawrence.garvin
blog: http://onsitechsolutions.spaces.live.com
Windows Server > WSUS
Comments
Post a Comment