Offline WSUS Updates File Transfare

Question

So What I need is to have a WSUS server in an Air gapped domain, provide updates to computers and servers. If I do all updates, we are talking a GIANT amount of data every month.

1. So I would ASSUME that there is a set of small files (Lets call them index files) I can
2. download from my CORE (Online) WSUS Server
3. sneaker net them over to the Air Gap WSUS and import
4. Clients check in and report what they need
5. I take this list and get the updates off the CORE WSUS
6. Sneaker Net the limited required update files to the Air Gapped WSUS
7. Import the updates, and they are now available to the clients

I can't possibly be the only one to have this issue. There are a lot of questions and assumptions in this, and I don't know where to start.
Is there such an index file?
Is there some document or blog that has already done this?

Answer 1

Hi @stay puft ，

We would use 2 WSUS servers - 1 online to grab the updates, and export/copy them to media. Then you would have 1 disconnected WSUS server for importing the updates from the export/copy and actually distributing them to your client systems based on need.
https://learn.microsoft.com/de-de/security-updates/windowsupdateservices/18127442

Here is the screenshot we could refer to:
1)After approving the update required from the online updates, the file could be in this location:

2)Using the cmd by following screenshot to export the metadata, and copy the metadata from online WSUS to the offline WSUS:

3)then copy the binary from the online WSUS to the offline WSUS,

4)Using the cmd by following screenshot to import the metadata.

---

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.