How Software Updates Work
Figure 1 shows a high level overview of the software updates process in Configuration Manager.
Figure 1: Software Updates Overview
Table 2 describes each step of the Software Update process in more detail.
1. Configuration Manager Site Server triggers a synchronisation of the SUP. This is performed on a schedule, or can be
manually triggered using the Configuration Manager Administrator Console.
2. This signals WSUS on the SUP to contact the Microsoft Update servers and download Update Metadata on all
selected products and categories. No updates are downloaded to the SUP, just metadata describing the updates and
how to detect them, and any applicable license information.
3. The metadata is retrieved by the Configuration Manager site server and stored in the Configuration Manager
database. At this stage, clients can start to report information back to the Configuration Manager server on the patch
status. The clients contact the SUP in order to retrieve Update Metadata and the Update Agent can perform a scan.
This information is sent to Configuration Manager server where an IT Administrator can view the status of software
updates across the healthcare organisation’s infrastructure.
4. Having decided which software updates are required for the healthcare organisation, the IT Administrator can now
create Search Folders (to allow required updates to be viewed easily), Update Lists (which allow compliance reports
to be viewed and updates to be grouped) and Deployment Packages (which contain the binary files necessary to
update the clients). At this stage, the IT Administrator can either download the updates from the Microsoft Update,
ready for a deployment in the future, or create the deployment at the same time.
5. The IT Administrator creates the deployment. A deployment is carried out by specifying the Deployment Package
that will be deployed, associating that package with a Collection and specifying or creating a Deployment Template.
Once the deployment is configured, the Configuration Manager server will place all update files (If not already done)
on the required DPs. A policy will be created and placed on the Management Point (MP) so clients know the new
updates are available and where they should be installed from.
6. Clients perform a scheduled scan for new updates and retrieve the policy from the MP. If any updates are applicable
on the client, they will be installed from the closest DP. As the client scans for required updates and installs them,
State Messages are sent to the Configuration Manager infrastructure so the IT Administrator has an up-to-date view
of the status of the deployment.
7. Once the synchronisation at the Central Site has occurred, a site-to-site replication of a synchronisation request is
sent to the child sites. This triggers the same actions as steps 1 to 3, the only difference being that the lower level
SUP will synchronise data with its parent, rather than going directly to the Microsoft Update servers.