Use of WSUS
I noticed that the ABB Network Configuration manual (3BSE034463-*) mentions the use of a WSUS server to handle Microsoft Windows security patches. This would mean downloading them from an external source and then approving them based upon ABB's validation document (3BSE041902). How is this any better or more effective than downloading the "System 800xA Qualified Security Updates..." from Solutionsbank?
I realize that the one difference is that to receive the security file(s) from ABB one needs a subscription ($$). If this is the case, is there any other reason to employ a WSUS server for my 800xA system?
Voted best answer
If I'm correct (I only have experience from WSUS...) WSUS and ABB QSU uses different delivery mechanisms each with pros and cons.
WSUS pros:
- Can download patches from update.microsoft.com by itself
- Less work intensive when updating a computer (just login as admin and acknowledge the installation of patches*)
- Higher level of automation
WSUS cons:
- Need contact with Internet (you *can* move patches from one WSUS to another with e.g. an external USB disk but that is more work)
- Manual effort to approve only the validated patches among all that become downloaded
ABB QSU pros:
- No internet connection needed
- QSU media comes "pre-filtered" ready-to-go for 800xA (no manual filtering required)
ABB QSU cons:
- More manual work in each client
*) I recommend to perform "Configuration Wizard -> Maintenance -> Stop all processes associated with Process Portal A" in each computer before performing any updating.
A bat file can be crafted to assist with the PPA shutdown, triggering of check for updates and finally a reboot:
wuauclt /detectnow
afwconfigwizard.exe
shutdown -i
/Stefan
Answers
Hello,
Windows security patches are more essential & since development of security patches are continuous so it needs to validated by the ABB 800xA team for each version, then they will release on the common pool(solution bank), so can be deploying on the actual system, so if we deploy the certified patches then our system will be free from vulnerables.
ABB will release the bulletin whenever they release the latest WSUS with compatibility of the system.
Use should use WSUS server, when you want to control the deployment of Security Updates from one single location. SYstem 800xA Qualified Security Updates is run node based. The end result is the same.
by JClouseau Rank: 152 on 6/1/2015 6:49:41 AM | Like (0) | Report
Has anyone tried using both? That is get the ABB QSU files from solutionsbank and then copy the files to the WSUS server for deployment. I've done a little research on this but can't seem to find a good method to do this.
Add new comment