20,213 questions
Simple answer is that you can't without 2 WSUS servers - 1 is the upstream, the other is a downstream replica.
WSUS Update on Premise and Cloud VMs - Split Download source
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
Hi,
we are running a WSUS for local Systems and want tu use the same configuration for Update intervalls etc. for our Cloud Systems.
The Problem we are facing is, that the WSUS is downloading packages for the on premise systems and for the Cloud Systems in Azure.
We want the Cloud systems to download the Update data directly from Microsoft instead of our datacenter like the on premise systems to minimize the traffic.
Is there a way to split the WSUS?
- On Premise Systems receive Update Information and packages from WSUS
- Cloud Systems only receive Update Information and download directly from Microsoft.
I tried to configure a group policy setting the "Alternate download Server" for the Cloud systems to: "https://*windowsupdate.microsoft.com"
Is the URL Wrong maybe or is there an existing variable?
Another way i found is setting up a second WSUS with different settings but is it possible to Administrate both "System platforms" via one unified WSUS?
Windows for business | Windows Server | User experience | Other
Accepted answer
1 additional answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Limitless Technology 44,766 Reputation points2023-06-28T12:12:57.05+00:00 Hello Jonathan,
Thank you for your question and for reaching out with your question today.
Yes, it is possible to split the WSUS configuration to have different update behavior for on-premise systems and cloud systems. There are a couple of approaches you can take to achieve this:
- Group Policy with Alternate Download Server:
- Configure a Group Policy Object (GPO) targeted specifically to the cloud systems.
- In the GPO, set the "Specify intranet Microsoft update service location" policy to your WSUS server for update information but leave the "Set the intranet update service for detecting updates" and "Set the intranet statistics server" policies blank.
- Set the "Alternate download server" policy to "https://*windowsupdate.microsoft.com" or "https://update.microsoft.com" to allow the cloud systems to download updates directly from Microsoft.
- Link this GPO to the Organizational Unit (OU) containing the cloud systems.
- Separate WSUS for Cloud Systems:
- Set up a separate WSUS server or use an existing one dedicated to managing updates for cloud systems.
- Configure the cloud systems to use the separate WSUS server by setting the "Specify intranet Microsoft update service location" policy to the new WSUS server's URL.
- Ensure that the cloud systems have access to the new WSUS server, either directly or through appropriate network configurations.
- You can use the same management console to administer both WSUS servers by adding the second WSUS server to the console. This way, you can have a unified view and manage updates for both on-premise and cloud systems.
Both approaches have their advantages and considerations. Using Group Policy with an alternate download server is simpler and requires fewer infrastructure changes, but it relies on the cloud systems correctly recognizing and utilizing the alternate download server. Setting up a separate WSUS server gives you more control but requires managing two WSUS instances.
Ensure that you thoroughly test any changes in a controlled environment before applying them to production systems.
I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.
If the reply was helpful, please don’t forget to upvote or accept as answer.
-
Anonymous
2023-06-28T12:47:33.2566667+00:00 Well that's basically exactly what i wrote just with more text :D Your reply to the first method contains the difference that I should leave the fields to the WSUS blank and just let Microsoft do the Updates but we got the WSUS for exactly that not happening. We want our systems to be updated slightly later after the test environment confirms that everything is running alright and then the production systems receive the updates, that's why we want the WSUS to manage the Update time.
The Second method is basically exactly what I already know but thanks anyway, I think i need to go with that.
I can wait some more days maybe another solution will be provided here, thanks anyway.
Sign in to comment - Group Policy with Alternate Download Server: