Windows Software Update Services (WSUS)
Lesson 2

WSUS REQUIREMENTS

By Sai Kurada
August 09, 2023

To set up and operate Windows Server Update Services (WSUS), you need to meet certain system and software requirement. The following are the typical requirements for deploying WSUS:


Server Operating System:

  • Windows Server: WSUS is typically deployed on a Windows Server operating system. The supported versions vary depending on the version of WSUS you're using.

Server Hardware:

  • Processor: A modern multicore processor is recommended.
  • Memory: The amount of RAM you need depends on the number of clients you're managing. Generally, you should have at least 4 GB of RAM, but more is recommended for larger environments.
  • Storage: The storage requirements will depend on the number of updates you plan to store and distribute. A few hundred GBs of disk space are usually sufficient, but this can vary.

Database:

  • WSUS uses a database to store configuration information, update metadata, and client information. You can use either the built-in Windows Internal Database (WID) or an external database like Microsoft SQL Server.
  • If you're using SQL Server, make sure it's supported by the version of WSUS you're installing.

Internet Connection:

  • The WSUS server requires internet connectivity to download updates from Microsoft's update servers. If your network is isolated from the internet, you can use another WSUS server that's connected to the internet to synchronize updates, and then manually transfer the updates to the isolated network.

Ports and Firewall Settings:

  • Ensure that the necessary ports are open in your network firewall to allow communication between the WSUS server and client computers.

Permissions:

  • The account used to install WSUS needs administrative privileges on the server.
  • The account used for configuring Group Policy settings for client computers should have the necessary permissions to perform updates.

Group Policy Objects (GPO):

  • You'll need to create or modify Group Policy settings to direct client computers to the WSUS server for updates. Make sure you understand GPO configuration if you're planning to use it.

DNS Configuration:

  • The WSUS server and client computers should be able to resolve each other's hostnames using DNS.

Network Requirements:

  • Ensure that your network infrastructure can handle the communication between the WSUS server and the client computers, especially in larger environments.

Supported Operating Systems:

  • WSUS can be used to manage updates for various versions of Windows client and server operating systems. The exact list of supported systems can vary depending on the version of WSUS you're using.

Before you begin the installation, it's important to review the specific requirements for the version of WSUS you're planning to use. The requirements might vary between different versions and updates of WSUS. Always refer to the official Microsoft documentation for the most accurate and up-to-date information regarding WSUS requirements.


WSUS Firewall Ports / Exceptions


When you set up WSUS server, it is important that the server connects to Microsoft update to download updates. If there is a corporate firewall between WSUS and the Internet, you might have to configure that firewall to ensure WSUS can obtain updates.

To obtain updates from Microsoft Update, the WSUS server uses port 443 for HTTPS protocol. You must allow Internet access from WSUS to the following list of URLs :-


http://windowsupdate.microsoft.com


http://*.windowsupdate.microsoft.com


https://*.windowsupdate.microsoft.com


http://*.update.microsoft.com


https://*.update.microsoft.com


http://*.windowsupdate.com


http://download.windowsupdate.com


https://download.microsoft.com


http://*.download.windowsupdate.com


http://wustat.windows.com


http://ntservicepack.microsoft.com


http://go.microsoft.com


http://dl.delivery.mp.microsoft.com


https://dl.delivery.mp.microsoft.com