You may monitor the SUS server using performance counters or the Task Manager and increase the length of the approval windows if you determine the load on your SUS server is not high.Increasing the length of the approval windows will allow more clients to download Windows XP SP2 on a daily basis and reduce the time required to update all your Windows XP machines, but increasing the windows beyond a certain threshold (which will vary due to unique factors in your environment) will cause server overload and unnecessary network overhead which will result in increasing rather than decreasing the time required to update all your Windows XP machines.Introduction Key benefits of using SUS to deploy Windows XP SP2Situation overview Factors to consider when using SUS to deploy Windows XP SP2Overall recommendations Summary Windows XP Service Pack 2 (SP2) contains major security improvements designed to provide better protection against hackers, viruses, and worms.Windows XP SP2 also improves the manageability of the security features in Windows XP and provides more and better information to help users make decisions that may potentially affect their security and privacy.This is a manual but easily implemented mechanism to control the load on the SUS server and requires no additional infrastructure configuration or testing.SUS administrators can use the following formula to calculate the amount of time for which to approve the Windows XP SP2 update on each day: TA = Amount of time (in hours) the update needs to be marked as ‘approved’ on a given day NXP = Number of Windows XP systems to get SP2 via the SUS server NDE = Number of days since SP2 was first marked as approved on the SUS server For example, if there are 12000 Windows XP systems that need to get the Windows XP SP2 update via a SUS server, the calculation would work out as follows: For day 1, the update would need to be marked as approved for 2 hours, since Note: An important consideration for using this technique is to initiate the approval about 1 hour after the work day or shift starts, so the SUS server is not impacted by the spike in clients trying to download SP2 soon after they are turned on.These configuration options are available with IIS 5 as well as IIS 6.
The following guidance is provided for the minimum SUS server configuration – Intel P700 system with 512MB RAM and a 100 Mbps network card and network connection, which is dedicated to running the SUS server (no domain controller, etc.) and is on a network where the available bandwidth exceeds the bandwidth capacity of the server’s network card.
If your SUS server machines is running additional services or the available network capacity is less than the server network card capacity, you will need to adjust this guidance to reflect your situation.
There are essentially three options, depending on the number of Windows XP systems to be updated using your SUS server (if you have one or a few SUS servers) and the topology of your SUS implementation (if you have many SUS servers): For the first (no action necessary) option, it is recommended that the SUS administrator monitor the server load when the update is first approved and for the first hour of the work day or first work shift after the Windows XP SP2 update has been approved.
SUS clients that contact the server outside this time period will not see the SP2 update in the list of approved updates on the SUS server and will therefore not attempt to download it.
This also gives the SUS server time to finish servicing the clients that contacted it during the approval window before a new set of clients attempt to download SP2 when it is re-approved the next day.