Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What should we use for windows update WSUS or SCCM 2012 SUP (software update point)?

user-image
Question added by Zain-Ul-Abideen Allah Dad , System Administrator / Security Administrator , National Bank of Pakistan
Date Posted: 2017/09/12
Qasim Arshad
by Qasim Arshad , Senior Consultant IT - Governance , Confidential Group

SCCM 2012 & WSUS 

SCCM has a system role called Software Update Point (SUP). This role has to be installed on WSUS server. When it is set, SCCM can manage updates catalog and binaries to make updates packages. Such as WSUS, packages can be created regarding to classification, products, languages of the update (this is not an exhaustive list). Once these updates packages is created, it can be deployed with SCCM and use its powerful scheduler:

  1. WSUS downloads updates catalog and update binaries when SCCM requests them.
  2. Primary site configures himself WSUS role. When it is done, Primary site synchronizes updates catalog and requests binaries when the update package is creating.
  3. Once an update package is created, it is deployed on Deployment Point
  4. Managed servers download this package and install it regarding to maintenance period and scheduling configured on Primary Site.
  5. Before installing updates, managed servers download update catalog from WSUS to validate them.

Regarding the storage part, when WSUS is added to SCCM, it no longer stores the binary files on its own store. Binaries are on SCCM content store. However WSUS still needs a database to store update catalog.

WSUS and SCCM are installed on the same machine. But it is the same process when WSUS is installed on another server. After integration of WSUS in SCCM hierarchy, I will deploy updates by two different methods:

  • Create packages and deploy it manually
  • Automatic Deployment rules

Once SUP is configured correctly, the catalog of updates appears in SCCM console. A filter can be created regarding some criteria (classification, updates id, products etc.). Then updates can be added to a package and can be deployed. The deployment scheduling is configured manually. Then managed servers install updates in their maintenance period. This method is very useful on complex environment such as Exchange or Hyper-V cluster where patching should be orchestrated (move Virtual Machines or databases before patching etc.). The package can be used with System Center Orchestrator to be deployed and orchestrate patching.

Moreover the Cluster-Aware Updating is not compatible with software update from SCCM. An Orchestrator runbook should be created for this task. This is why it is possible to create a package manually and then deploy this last.

Automatic Deployment rules feature provides automatic creation and deployment of updates packages. The package creation can be scheduled (such as every second Tuesday of each month) and the choice of updates is made in function of some criteria (classification, updates id, products etc.). Once the package is created, it is automatically deployed in function of scheduling configuration. Then managed servers install updates in their maintenance period. This method should be used on mockup or simple environment.

WSUS is the windows update services. We will update the security patches or other patches to windows systems. SCCM is the centralised management system. SCCM application is using to Microsoft product upgrade & patching. Able to collect all the Desktop drivers appling. Any windows related application we will put through SCCM.

Vaibhav Saxena
by Vaibhav Saxena , SYSTEM ANALYST L2 , Thought Focus Technologies Pvt. Ltd.

Microsoft SCCM has a great infrastructure to manage desktops and their applications. But, one of the limitations of SCCM is its inability to patch non Microsoft applications. This is a source of inconvenience for IT administrators as they have to work with multiple patch management tools like  in order to update all business applications in the network, making this task highly time consuming.

Narayan Debnath
by Narayan Debnath , Senior Associate , PricewaterhouseCoopers

To answer the question I would say both, because WSUS handles windows update only where SCCM SUP handles the same in different way and has many other features.

Ahmed Hamdi
by Ahmed Hamdi , IT MANAGER , Eureka24

SCCM for remote support , patch management , Deployment of OS and Client Softwares.WSUS for patching and sccm is for total automation with in windows network.

Bhaskar Reddy
by Bhaskar Reddy , Technical Specialist , IBM India Private Limited

WSUS for patching and sccm is for total automation with in windows network.

David Samuel
by David Samuel , IT Service - Server Support Engineer , Intertech LLC

for Patch management - WSUS is fine.

SCCM for remote support , patch management , Deployment of OS and Client Softwares.

Amr Hassan Mohamed Aly
by Amr Hassan Mohamed Aly , Senior System Administrator , ignite solutions

Use SCCM if available in your environment it gives you more flexiability than WSUS when applying updates to clients:

  1. You can target the clients according to collections you created based on specific HW or OS version or any other classifications
  2. you can use wake on lan
  3. you can install updates as available or required

Samiur Rahman
by Samiur Rahman , Senior System Administrator , HyperThink Systems

You can use both method for windows update but you will get more option to deploy hotfixs through SCCM

Aravind Ramanujan Nair
by Aravind Ramanujan Nair , Computer Engineer , Edrafor Emirates LLC

SCCM 2012 SUP is the better option.Anyway for getting updates from microsoft the WSUS role has to be enabled with update 4 patch in the SCCM 2012 server.

Mohammed Abid
by Mohammed Abid , Deputy Manager , Audree Infotech PVT LTD

WSUS Update Server.Manage own Target Group and Approval

More Questions Like This