Overview of Windows Server Update Services 3.0 SP2
WSUS provides a management infrastructure that consists of the following components:
The Microsoft Web site that distributes updates for Microsoft products.
Windows Server Update Services (WSUS) server
The server component that is installed on a computer that runs a supported operating system inside the corporate firewall. WSUS server software lets administrators manage and distribute updates through an administrative console.
A WSUS server can obtain updates from Microsoft Update or from another WSUS server. At least one WSUS server in the network must connect to Microsoft Update to obtain available updates. Depending on network configuration, bandwidth, and security considerations, additional WSUS servers can connect directly to Microsoft Update to get available updates. These servers can then distribute updates to other downstream WSUS servers.
WSUS Administration Console
The WSUS Administration Console is automatically installed on the WSUS server, and it can also be installed on any computer that runs on a supported operating system. You can use the WSUS Administration Console to manage any WSUS server in any domain with which it has a trust relationship.
The client computer software component that is built into Windows operating systems. Automatic Updates enables the server and client computers to receive updates from Microsoft Update or from a WSUS server.
Software updates consist of files and metadata:
The actual update files that are installed on client computers.
The information that is required to install an update. Metadata includes the following data:
Title, description, Knowledge Base article, and Microsoft Security Response Center (MSRC) number.
Rules that are used by Automatic Updates to determine whether the update is needed on a particular computer.
Command-line options to apply when the updates are installed.
The two parts of an update can be downloaded independently of each other. For example, if you do not store update files locally, only update metadata is downloaded to the WSUS server, and client computers will receive their update files directly from Microsoft Update. If you store updates locally on the WSUS server, you can download everything at the time of synchronization, or you can download only the metadata during the synchronization and leave the actual update files to be downloaded after you have approved the update.