Hi @Ahmed Essam ,
I'm not certain if there are best practices design-wise as every company/organization are unique and different, there are however common best practices for security and other configurations which you can find over here:
Windows Server Update Services best practices
Security best practices for Windows Server Update Services (WSUS)
If the reply was helpful please don't forget to
accept as answer, thank you!