Speeding SMS Patch Distribution

In this article, we'll look at a way to speed SMS patch distribution by simultaneously distributing SMS patches from one central server to any number of Windows servers.

By Steve Bannister

Microsoft Server Management System (SMS) automatically delivers software updates to Windows servers. While SMS helps with basic patch delivery, however, its method of point-to-point patch delivery leaves servers across the enterprise in various states of readiness at any given time, because it can take hours to patch every server. In this article, we'll look at a way to speed SMS patch distribution by simultaneously distributing SMS patches from one central server to any number of Windows servers. The approach significantly improves security by ensuring that all servers are quickly patched after a new patch arrives, and it reduces patch distribution overhead for IT managers on tight budgets.

Standard SMS patch distribution

When used for patch distribution to servers located across a WAN, SMS typically uses TCP-based, non-parallel distribution. In effect, the patch file is sent from the central site server to each destination server, one transaction at a time. Server performance, file size, and network bandwidth can all introduce significant delivery delays in such a scheme. For example, if you used this system to send a 50 MB file over a 1.544 Mb link to 100 remote sites, it would take 7.7 hours to deliver the patch to all sites.

The time estimation is an approximation, of course. Companies with remote offices connected via DSL or low-bandwidth Frame Relay times will spend even more time distributing patches to servers at these sites. In addition, IT administrators must periodically monitor the patching process to ensure that patches are properly delivered and installed.

Patch Distribution with IP Multicast

IP multicast content distribution software can greatly speed the process while reducing IT management overhead. With IP multicast software, the patch distribution time for a 50MB file on 100 servers can be reduced to about 4.5 minutes (Figure 1.).


Distribution with Standard SMS

Distribution Time with IP Multicast

Time to deliver

7.7 hours

4.5 minutes

Bandwidth used

5 gigabits

50 megabits

Figure 1. Resources needed to distribute a 100MB file to 100 remote sites

The difference is that rather than point-to-point delivery, IP multicast uses point-to-multipoint delivery. A standard Windows server can deliver files up to 1 terabyte in size to as many as 100,000 servers, reaching all of them at the same time. As a result, multicasting reduces the bandwidth requirement for a 100-server patching session by 99 percent. And since the patch file travels across the network only once, this method saves a lot of time, which is important when patches are responses to zero-day attacks or other critical security issues.

IT administrators planning ahead for the Windows Vista upgrade should also note that current Vista builds are running about 3 gigabytes in size, so IP Multicasting will enable electronic distribution of these upgrades that would otherwise be impossible in networks with thousands of computers.

Requirements for multicast patch distribution

Multicast content distribution products like Stratacache's OmniCast for SMS2003 use IP multicast technology to enable simultaneous patch delivery within the normal SMS architecture in the shortest possible time. The user installs a new sender program on a server in the data center, and then installs receiver clients on the destination servers.

Requirements are as follows:

  • Standard SMS 2003 architecture (a primary site delivering packages across a WAN to secondary site/distribution point servers)
  • A multicast-enabled WAN*
  • OmniCast for SMS deployed on a standard Windows server.

* Note: If multicast is not available, this solution can operate over unicast UDP or TCP, with some benefits, although the greatest scalability and time-to-delivery benefits are achieved in multicast networks.

OmniCast for SMS is delivered as an InstallShield package, and is installed on each primary and secondary site server involved in the distribution architecture. Using the software's SMS Properties pages, IT personnel can configure such distribution parameters as the endpoint targets to be reached, site-specific bandwidth requirements, and delivery schedules. Once configured, OmniCast for SMS appears as another available SMS sender.

Once OmniCast for SMS is installed and running, the process for deploying patches is very straightforward:

  1. Create the same package you normally create for server patching in SMS.
  2. Select the OmniCast for SMS sender for the package.
  3. Initiate the distribution.

Assuming use of multicast distribution, OmniCast for SMS ensures that all servers will simultaneously receive the patch. It is easy to monitor this by watching either central site server activity or network activity. When the session is complete, OmniCast can generate a report showing that the job has been completed.

By integrating multicast distribution to ensure simultaneous patch distribution to all servers with SMS, administrators gain the following key benefits:

  • The fastest possible patch delivery to an arbitrarily large number of servers
  • The ability to have all servers across the IT infrastructure in the same patched state at the same time
  • Reduced IT monitoring of patch distribution
  • Minimum usage of hardware and network resources

OmniCast for SMS and other IP multicast products speed SMS patch distribution by making smarter use of available network resources. It is an easily-deployed method of slashing bandwidth use, patching time, and the IT resources needed to baby-sit patching jobs. It also ensures that servers across the enterprise are all updated with the same software at the same time.