Editor's note 9.25.2024: This post has been updated to define deprecation and provide clarity on how this impacts WSUS. As part of our vision for simplified Windows management from the cloud, Micr...
Updated Sep 24, 2024
Version 2.0
Blog Post
Karl-WE"Yet it was never a fully integrated role into Windows Server. Too many external dependencies like IIS, Certs, Reporting Services, Database and what not."
I have trouble following that line of thought. How else is WSUS going to persist state, if not into a database? How else is WSUS going to deliver updates, if not via a HTTPS server? Of course you use existing features like IIS and WID, instead of developing and shipping a custom web server and database solution. And none of the features you listed are external dependencies. All of them are built-in Windows Server roles and features, except for the reporting services, which aren't, because they typically ought to be installed on the admin's computer and it's just a binary that needs no configuration. As to certificates, I really don't know how to respond to that. How else would you setup a trust relationship between the WU clients and the WSUS server?
"Compared to AD DS or other roles and features the setup was abolutely not straight forward"
The only thing you need to do is to install WSUS and configure the WU clients via GPO. If you want to enable HTTPS, that is a separate set I'd recommend. I don't see how that is "absolutely not straight forward". And I don't find it fair that you compare an obviously advanced WSUS design with the basic Active Directory setup. More fair would be, if you compare it to a secure AD environment, with the security baseline applied and LDAPS enabled, which also requires you to deploy certificates, typically done by running AD Certificate Services. Not so straight forward now, is it?