Manejar AD DS
Enviado por ahitequierover • 7 de Mayo de 2013 • 8.041 Palabras (33 Páginas) • 409 Visitas
Module Overview
Operating systems and applications require updates on a regular basis. You need to plan the infrastructure to deploy these updates with the same care and thought that you would use to deploy other network infrastructure components such as Active Directory Domain Controllers, Domain Name System (DNS) Servers, or Dynamic Host Configuration Protocol (DHCP) Servers. Improperly planning the placement of Windows Server Update Services (WSUS) servers and improperly planning the management of updates could leave the computers in your organization vulnerable to malware or compromise by nefarious third parties.
Objectives
After completing this module, you will be able to:
• Plan an appropriate Windows Server Update Services (WSUS) topology.
• Deploy and manage updates.
Planning Update Deployment 11-3
Lesson 1
WSUS Topologies
While Windows Server Update Services is included as a server role on computers running Windows Server
2008 R2, this does not mean that you should deploy it without adequate planning. An effective infrastructure for the timely deployment of software updates is as important to an organization as a properly designed Active Directory Domain Services infrastructure or name resolution infrastructure. An effective infrastructure not only includes the placement of physical servers, but also must take into account internal and external bandwidth considerations and the availability of systems administration personnel who will actually manage the software update deployment process.
Objectives
After completing this lesson, you will be able to:
• Understand the importance of using an appropriate WSUS topology.
• Deploy WSUS.
• Determine whether a Replica, an Autonomous server, or no server is appropriate for a specific site.
• Configure WSUS for use on disconnected networks.
• Optimize WSUS administration.
11-4 Planning and Implementing Windows Server® 2008 Servers
Importance of an Appropriate WSUS Topology
Planning an appropriate WSUS topology will minimize costs by reducing the amount of data that needs to be downloaded from the Microsoft Update servers on the Internet. It will also reduce the amount of administrator intervention required to successfully deploy updates.
Benefits of using an appropriate WSUS topology:
• Reduces internet bandwidth cost.
• Reduces intranet and wide area network (WAN) bandwidth congestion.
• Minimizes administrative burden.
• Utilizes local administrator resources.
Reduces Internet Bandwidth Cost
If an organization has not deployed WSUS or another update management product, each computer in that organization will need to separately retrieve updates from the Microsoft Update servers on the Internet. If an organization has several hundred or several thousand computers, and if the average size of updates is 50–100 megabytes (MB) per month, having each computer download updates will constitute a significant use of bandwidth. WSUS allows you to have all updates downloaded once to the internal network and then distributed centrally.
Reduces Intranet and WAN Bandwidth Congestion
WSUS can leverage Background Intelligent Transfer System (BITS) to optimize the transfer of updates to clients on the internal network. Placing a WSUS server at each site means that clients are able to obtain updates from a local source rather than having to pull those updates across a WAN link or from the Microsoft Update servers on the Internet.
Planning Update Deployment 11-5
Minimizes Administrative Burden
By deploying WSUS servers as replicas, it is possible for an update to be approved once, allowing that update to be deployed to all computers in the organization or a select group of computers through the use of WSUS computer groups WSUS can also be configured to use automatic approval rules meaning that updates that meet specific criteria will be automatically approved for distribution.
Utilizes Local Administrator Resources
WSUS can be deployed in autonomous or replica configuration, which means that you can choose to allow administrators at a specific site to have the responsibility for approving updates, or have that responsibility handled by administrators at another site.
11-6 Planning and Implementing Windows Server® 2008 Servers
Deploying WSUS
Although WSUS is available as a role on computers running Windows Server 2008 R2 that can be added by using the Add Role Wizard, it is still necessary to prepare a server for this role because prerequisite components are not added automatically, as is the case when you deploy other roles by using the Add Role Wizard or the add-windowsfeature PowerShell command.
Configure Network Settings if Proxy Is Required
Use the Internet Options item in Control Panel to ensure that the server has connectivity to the Internet if your organization has a proxy that requires authentication. This step is not necessary if the proxy server does not require authentication.
Install Prerequisite Roles and Features
Prior to installing WSUS, you need to ensure that the following roles and services are deployed on the
WSUS server:
• Web Server
• ASP.NET
• ISAPI Extensions
• ISAPI Filter
• Windows Authentication
• Dynamic Compression
• IIS 6 Metabase Compatibility
...