Prerequisites of the infrastructure
Endpoint Protection in System Center 2012 Configuration Manager has external dependencies and requirements in the product to make it work. This depends somewhat on what platform you're running on, and what your infrastructure and network looks like. You will find some pointers and tips later in this book. Now, you are most likely to have a WSUS in your infrastructure already, but you cannot use this with Configuration Manager. You need to set up a new one, as re-using an existing old WSUS server is not supported nor recommended by Microsoft. SCCM will setup and configure the WSUS with the settings from the Software Update Point role and therefore needs to be a fresh new database and WSUS installation.
Getting ready
First, start the Server Manager on your Windows Server, most likely at your primary site; or on the server that you will be using for the Software Update Point role for the SCCM hierarchy.
Windows Server Manager and status of Roles and Features Installed
The WSUS role should be installed. I recommend putting its database to the full SQL Server and not Internal Database. The SQL License is included with SCCM. Make sure Internal Database is not selected. You might want to install it as a separate instance on your SQL server for performance monitoring and balancing resources like memory, CPU and disk, but this is not a requirement. Remember to press Cancel on the last part of the Wizard when it wants you to configure the WSUS products and type of updates. Configuration Manager will take care of that part when setting up the software update role afterwards in Configuration Manager.
When WSUS is installed go into Configuration Manager Console and Administration.
Configuration Manager Console where you add Site System Roles
In Site Configuration | Servers and Site System Roles you would right click on the Server you want to use as the Software update point and click Add Site System Roles
From there it's pretty straight forward. Microsoft recommends using port 8530, and the WSUS Role installation in Server Manager suggests you use this. These are also the ports that are default when you're on Windows Server 2012 and 2012 R2. While on Windows Server 2008 and 2008 R2, the default ports are 80 and 443.
So the software update role in Configuration Manager uses and relies on the WSUS role in the Windows Server.
In the next chapter we will go through in more detail how to configure all the settings you need.
How to do it…
Regarding the planning phase, when it comes to Configuration Manager there are some external dependencies.
Note
Please see the Prerequisites at Microsoft Technet:
How it works…
Basically the software update role within Configuration Manager utilizes and uses the WSUS role that comes with the Windows Server.
