Oct 30 2020 12:09 PM
Oct 30 2020 12:09 PM
Due to this being a tricky question regarding my scenario i have put it under windows 10 management because i am trying to manage windows 10 devices.
After the MS update that all WSUS connections should go via a HTTPS and use an ssl certificate this has disrupt my normal updating method using WSUS completely and being within a company that explaining why we should need an SSL certificate just to update our devices will be a hassle if the come with an easy explanation as "if I just let it go via https instead of WSUS I will not need to buy an SSL certificate"
This has sparked my interest to start searching for alternatives for updating my devices, still in a controlled manner but without using WSUS or buying an SSL certificate. After reading this post: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/changes-to-improve-security-for-windows-d... and additionally this post: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/security-best-practices-for-windows-serve...
There was one user that wrote the following:
WSUS is a (not officially) deprecated product in many ways. I strongly recommend moving on to WuFB and Delivery Optmization."
After that i started to work on a Proof of Concept how i should deploy this within my environment.
Our environment consists of Windows Server 2008R2 standard servers that will be upgraded to Windows Server 2019 when the available resources become available but the majority of our devices run Windows 10 1809 and Later.
The questions that i have are the following:
1: Is it possible to have 1 Virtual Machine, one with windows 10 installed and the other one with windows server 2019 installed that will be updated to the latest versions and will hold all the updates on their hard drives and act as the Cache Servers?
I know that WSUS has its benefits to control updates based on delivery groups but reading regarding WUfb and delivery optimization is also possible to achieve the same aspect(at least what I could understand) from creating security groups or OU's and create a GPO specific to that OU/Security group.