The infrastructure I inherited (You’ll see most of my posts start like this for awhile unfortunately.) consisted of 3 data centers, each with it’s own WSUS running the databases on the local servers with GPO’s pointing either to each local WSUS or one in the other data centers. Here’s a rough diagram to better explain it:
Obviously, this wasn’t ideal and my predecessor had even let the servers slip into disrepair since he was using a third party patching tool. What this left me with was a choice:
- Try and fix each WSUS server and correct the GPO’s to point everything correctly to the respective local WSUS.
- Keep using a third party product and just retire all of the WSUS infrastructure.
- Scorch earth and rebuild everything correctly.
Now, I have nothing against third party tools as I’ve used them in the past, but here, I saw an opportunity to shrink server overhead by consolidating all WSUS servers into a single VM as well as utilizing a SQL cluster for the database for enhanced performance and ultimately, incorporating the WSUS server with System Center Configuration Manager for automatic patching eventually. I couldn’t find a 3rd party product that would do all of that conveniently and frankly, reliably since most products rely on patching or registry “hacks” to trick Windows into updating.
So, seeing as how I was going to scorch earth and rebuild, I did the preliminary leg work of determining that all necessary firewall rules were open from my new central data center followed by configuring the SQL cluster for the WSUS database. I wasn’t going to be migrating any of the stand alone databases since they hadn’t been upkept in awhile, but I still wanted to follow Microsoft best practices and prepare my SQL server manually.