Results 1 to 7 of 7
  1. #1
    New Lounger
    Join Date
    Feb 2016
    Posts
    3
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Question Pushing WinUpdates over slow WAN lines via SUS

    Hi,
    We are a Utility with a number of small WAN sites sporting relatively slow network links (256k / 512k).

    A few of these sites have 6 or so PC's at them that we need to keep updated via our one central SUS server.
    Sending updates to just one pc at one of these sites takes up 98% of the link and makes it impossible to work.

    I tried to use BITS throttling, but it only applies to background transfers. Since these pc's are plant HMI's and
    I have to manually take them down one by one, I need to do foreground transfers.

    I read about Peer Caching and thought it was perfect since it doesn't require a remote server, but the more
    reading/testing I did made me realize that since we have Win 7 and BITS 4.0, it's disabled.

    It was replaced with BranchCache, but that seems to require at least Server 2008 set up at the remote site,
    and it's very unlikely I'll be able to get that from IT.

    So the questions I have are :
    1. Is there any way to get peer caching to work with BITS 4?
    2. Does anyone have a better method to solve our issue?

    Thanks for any help offered!
    -Anthony

  2. #2
    5 Star Lounger
    Join Date
    Jan 2004
    Location
    Praha
    Posts
    988
    Thanks
    56
    Thanked 105 Times in 90 Posts
    Don't take this as a silly answer please !

    If you've got a good AV and firewall, those PC's can run without updates for an extended period without significant risk.

    Why not turn off Windows updates ?

    You can update from downloaded files when you next visit . . .

  3. #3
    New Lounger
    Join Date
    Feb 2016
    Posts
    3
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Not at all silly! It's a very good point, and that's how we've been running for years. The SCADA pc's have no Internet access, are behind an up to date Enterprise firewall and have their USB ports locked down, and this has served us well. But all it took was a security audit and some friendly auditor to tell management that we'd better get the pc's up to date with patches and keep them that way... So now, quarterly patches.

  4. #4
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,162
    Thanks
    47
    Thanked 976 Times in 906 Posts
    Don't you hate auditors who don't take the whole picture into account, or is it the knee jerk reaction of management?!

    Without a slave WSUS server you are stuck with manual updates.
    Make sure you write a spreadsheet of the cost of doing the updates for the boss.

    cheers, Paul

  5. The Following 2 Users Say Thank You to Paul T For This Useful Post:

    Fascist Nation (2016-02-10),ScadaBoy (2016-02-09)

  6. #5
    5 Star Lounger
    Join Date
    Jan 2004
    Location
    Praha
    Posts
    988
    Thanks
    56
    Thanked 105 Times in 90 Posts
    Have the auditor describe the risk (there isn't one).

    Auditors CAN be wrong and, from your description, this is one such case.

    If they argue, refer them to me !

  7. The Following 2 Users Say Thank You to MartinM For This Useful Post:

    Paul T (2016-02-09),ScadaBoy (2016-02-09)

  8. #6
    New Lounger
    Join Date
    Feb 2016
    Posts
    3
    Thanks
    2
    Thanked 0 Times in 0 Posts
    I had a feeling that manual updates was the only way. Oh well! Martin, I appreciate the offer to talk sense to the auditors,
    but they are long gone and management wants it now Anyway, thanks for your responses!

  9. #7
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    quarterly? = sneakerware?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •