(I apologize for any information overload. I just wanted to paint as clear of a picture as I could while picking your brains )
I am beginning work on migrating our WSUS and Patch Manager servers to Windows Server 2012 R2. I wanted to get some advice on a few areas where I'm cloudy. First, here's the setup:
- One Active Directory forest at Server 2008 R2 level (two 2008 R2 DCs and one 2012 R2 DC)
- We have a flat network, internal IP scheme. Nothing fancy here
- VMWare ESX Server 5.5 (all of our servers are VMs)
- We have 1 WSUS server and 1 Patch Manager server.
- WSUS Server (Name: WSUS2008)
- Windows Server 2008 R2
- WSUS 3.2.7600.256
- Databases stored locally on server as Windows Internal Database
- Computer groups created on WSUS server. Machines report to WU and appear in Unassigned Computers. I then add them to whatever group is appropriate. The group structure mainly divides machines by processor type and the Windows Updates install setting the machine receives via GPO (manually install updates, automatically install, etc.)
- Patch Manager Server (Name: PM2008):
- Windows Server 2008 R2
- Patch Manager 2.0.2207.2 (PAS)
- Databases stored locally on server with SQL Server 2008 R2.
- NEW WSUS Server (Name: WSUS2012)
- Windows Server 2012 R2 Standard (w/GUI)
- WSUS 6.3.9600.16384 (Installed, completed the wizard, created a new GPO to redirect clients and tested a few successfully)
- Port 8530, no SSL for now (I can handle that later)
- NEW Patch Manager Server (Name: PM2012)
- Windows Server 2012 R2 Standard (w/GUI)
- Both 2008R2 and 2012R2 servers are in the same OU, and the firewall exceptions have been tested successfully.
We manage 145 machines with our WSUS infrastructure. The machines are organized into groups on the side of the WSUS Server. I can't ever remember the name for this method. Machines pull their WSUS config info from Group Policy and show up under Unassigned Computers. We have a couple of different Group Policies that lay out the installation type and schedule for updates. On WSUS, workstations are sorted by processor type (Win x64 vs x86). Servers are usually separated to match the install settings in Group Policy - a 'WSUS-Manual' for machines whose reviews need to be reviewed and updated by hand, 'WSUS-Auto' for machines that are clear to install approved updates at the next scheduled interval.
We have been working with this configuration for about four years, and it works great.
Here's what I want to accomplish:
- Migrate the WSUS installation on WSUS2008 to WSUS2012. I began this process using a guide from Microsoft (Migrate Windows Server Update Services to Windows Server 2012). However, I ran into a wall when trying to export the database. I have created a new Group Policy pointing machines to WSUS2012, and I've already tested it successfully with a few machines. I will likely just rebuild the setup from scratch. I've also completed the setup wizard on WSUS2012.
- Migrate the Patch Manager installation on PM2008 to PM2012. I was able to connect WSUS2012 to Patch Manager on PM2008, so connectivity should be fine.
- Update Patch Manager so that its databases are stored on another server. We have a Server 2008 R2 instance running SQL 2008 R2 Enterprise. I've been slowly moving application databases to this server if supported (Kiwi Syslog Server, etc.) - I plan on using SolarWinds Knowledge Base :: How to migrate a local Patch Manager database to a remote SQL server to do this..
Questions:
- What is the best method to migrate Patch Manager and related from PM2008 to PM2012. I'm comfortable with pairing the new instance with WSUS2012, so that part should be fine whether I migrate the WSUS or rebuild from scratch. I'm leaning towards the latter.
- For Patch Manager, should I do the SQL Server data relocation before or after migration to PM2012?
- Who would win in a battle between Chuck Norris and Manbearpig?
Thanks in advance for your time and input.
Jay
Message was edited by: grandgroove -- Removed old draft text.