Your company has a branch office that contains a Windows Server 2008 R2 computer. The Windows
Server 2008 R2 computer runs Windows Server Update Services (WSUS). The WSUS server is
configured to store updates locally. The company opens four new satellite offices. Each satellite
office connects to the branch office by using a dedicated WAN link. Internet access is provided
through the branch office. You need to design a strategy for patch management that meets the
following requirements:
• WSUS updates are approved independently for each satellite office.
• Internet traffic is minimized.
What should you include in your design?
A.
In each satellite office, install a WSUS server. Configure each satellite office WSUS server as an
autonomous server.
B.
In each satellite office, install a WSUS server. Configure each satellite office WSUS server as a
replica of the branch office WSUS server.
C.
In each satellite office, install a WSUS server. Configure each satellite office WSUS server to use
the branch office WSUS server as an upstream server.
D.
For each satellite office, create organizational units (OUs). Create and link the Group Policy
objects (GPOs) to the OUs. Configure different schedules to download updates from the branch
office WSUS server to the client computers in each satellite office.
Explanation:
http ://technet.microsoft.com/en-us/library/hh852344.aspx
In addition, a Windows Server 2008 server running WSUS server can act as an upstream server—an
update source for other WSUS servers within your organization. At least one WSUS server in your
network must connect to the Microsoft Update Web site to get available update information. How
many other servers connect directly to Microsoft Update is something you need to determine as
part of your planning process, and depends upon network configuration and security requirements.
In this deployment model, the WSUS server that receives updates from the Microsoft Update server
is designated as the upstream server. A WSUS server that retrieves updates from another WSUS
server is designated as a downstream server.
Autonomous mode: The Autonomous mode, also called distributed administration, is the default
installation option for WSUS. In Autonomous mode, an upstream WSUS server shares updates with
downstream servers during synchronization. Downstream WSUS servers are administered
separately, and they do not receive update approval status or computer group information from the
upstream server. By using the distributed management model, each WSUS server administrator
selects update languages, creates computer groups, assigns computers to groups, tests and
approves updates, and makes sure that the correct updates are installed to the appropriate
computer groups. The following image shows how you might deploy autonomous WSUS servers in a
branch office environment:
Replica mode: The Replica mode, also called centralized administration, works by having an
upstream WSUS server that shares updates, approval status, and computer groups with downstream
servers. Replica servers inherit update approvals and are not administered separately from the
upstream WSUS server. The following image shows how you might deploy replica WSUS servers in a
branch office environment.
Branch Office
You can leverage the Branch Office feature in Windows to optimize WSUS deployment. This type of
deployment offers the following advantages:
Helps reduce WAN link utilization and improves application responsiveness. To enable BranchCache
acceleration of content that is served by the WSUS server, install the BranchCache feature on the
server and the clients, and ensure that the BranchCache service has started. No other steps are
necessary.
In branch offices that have low-bandwidth connections to the central office but high-bandwidth
connections to the Internet, the Branch Office feature can also be used. In this case you may want to
configure downstream WSUS servers to get information about which updates to install from the
central WSUS server, but download the updates from Microsoft Update.
