New Objects in Software Update Management
The Software Update Management (SUM) feature in System Center Configuration Manager 2007 no longer uses the software distribution components (packages, programs, and advertisements) to distribute software updates to client computers, but instead uses deployment packages and deployments. There are also a few other objects to help make administration of this feature easier which are discussed at the end of the article.
Deployment Packages
Deployment packages host the software update source files. Deployment package objects are replicated to child sites as read-only objects.
Deployment packages contain software update source files and are created either by running the Download Updates Wizard or Deploy Software Updates Wizard. Both methods download the software update to a network shared folder, compress it into a package file, and extract and copy the software update files to each distribution point defined in the deployment package.
There is no hard link between a deployment and deployment package. Clients install software updates in a deployment by using any distribution point that has the software updates available, regardless of the deployment package. Even if a deployment package is deleted for an active deployment, clients are still able to install the software updates in the deployment as long as each update has been defined in at least one other deployment package and available on a distribution point accessible from the client.
Deployments
Deployments are used to deploy software updates to clients in the target collection. Deployment objects are replicated to child sites as read-only objects.
When client computers receive a mandatory deployment, they connect to a distribution point, download the software updates in the deployment to their local cache, and initiate the installation of mandatory deployments at the configured deadline. Deployments that are optional must be initiated by the user, and at that time the software updates are downloaded to the local cache and installed.
When clients receive a new deployment, they will use the software update source files from any distribution point that has them, even from a package and distribution point that were not configured in the deployment package defined for the deployment if necessary.
In Configuration Manager 2007, software updates are always downloaded to the local cache and then installed. There is no longer an option to install the software updates directly from a distribution point as there was in SMS 2003 using ITMU. The new selective download feature plays an important part here.
Selective Download
Selective download is a new feature in Configuration Manager 2007. Client computers identify which targeted software updates are required and only retrieve the files appropriate for installation from the package contents that might contain both applicable and non-applicable software updates. This allows administrators to have multiple software updates in a single deployment package and use the package in deployments that target clients which only need a subset of the package contents.
When a client receives a software update deployment instruction with an assigned deadline, clients download the applicable software update files immediately to the local cache. The installation for software updates with an assigned deadline occurs either when the deadline is reached or when the installation is manually initiated prior to deadline. Optional software updates are downloaded to the local cache only after installation is manually initiated.
There is no longer an option to run the software update installation from the network for Configuration Manager 2007 client computers. SMS 2003 clients continue to have this option.
Deployment Deadline
Deployments can be configured with a deadline. Setting a deadline makes the deployment mandatory and enforces the software update installation on client computers by the configured date and time. If the deadline is reached and the software update deployment has not yet run on the client computer, the installation starts automatically whether or not a user is logged on. A system restart may be enforced if it is necessary for the software update installation to complete.
Important Difference
In SMS 2003, deadlines were set to occur x days after either the client received the policy to install a software update, or after a software update was authorised. This meant that individual updates within a given package could have different deadlines. Deployment deadlines in Configuration Manager 2007 are now configured for an explicit date and time for a given deployment, and can no longer be individual to each update within a deployment. SMS 2003 clients that are still in the Configuration Manager hierarchy will also use the configured deadline date and time for deployments targeted to them.
Client Settings
When a client receives a software update deployment policy with a configured deadline, the required software updates are downloaded immediately and stored in the local cache. The client computer will run software update installation from the local cache when the deadline is reached or the installation is initiated manually from the Available Software Updates dialog box.
When software updates that have a configured deadline become available, a display notification is presented in the notification area that informs users of the pending deadline. Display notifications are presented on a periodic basis until all pending mandatory software update installations have completed. By default, they are displayed every 3 hours for deadlines more than 24 hours away, every hour for deadlines less than 24 hours away, and every 15 minutes for deadlines that are less than 1 hour away.
Other Objects
In addition to the two key objects above (deployment packages and deployments) there are a number of other objects that help simplify update management.
Deployment Templates
Deployment templates store many of the software update deployment properties and are used when creating software update deployments to ensure consistency in similar deployments and to save time.
Update Lists
Update lists are used to initiate deployments for a set of updates without having to manually select the updates in the set each time a new deployment is created, or each time the updates are added to an existing deployment.
Search Folders
Search folders provide an easy way to retrieve a set of software updates that meet the defined search criteria e.g. all Microsoft updates that have been deployed.