Thursday, April 14, 2011

Throttle WSUS durring business hours

Deploying a WSUS server in a corporate network is pretty standard practice but it can negatively impact users when the PCs have to download updates from a remote WSUS server over a WAN connection.

The problem is that WSUS does not throttle the amount of bandwidth available to download the updates it will just use as much of your WAN circuit as possible while the PCs download the required updates.

One solution would be to enable throttling of the WSUS traffic on your routers during business hours. This can be complex to setup if it’s even supported by your routers. An easier option is to enable IIS throttling on your WSUS site in IIS during business hours and disable IIS throttling after closing.

To do this you need to use the script adsutil.vbs in "C:\Inetpub\AdminScripts\" and create a scheduled task to enable/disable the throttle.

1. You need to find the site identifier for your WSUS Administration site. Open the IIS Manager click on "Web Sites". Look at the "Identifier" column of your WSUS Administration site. This is your sites id.

2. Create a new scheduled task to enable the throttle. Enter the site id for your WSUS Administration site from step 1. Pick a time when you want to start the throttle. I picked 6:00AM because I want to make sure it’s enabled before anyone shows up to work. The property to enable the throttle is "MaxBandwidth" and is in bps. If you want to limit WSUS to 512K you must enter "524288" (512 * 1024) the IIS Manager will list this in Kbps.
C:\WINDOWS\system32\cscript.exe "C:\Inetpub\AdminScripts\adsutil.vbs" SET /w3svc/<siteid>/MaxBandwidth 524288

3. Create a second task to disable the throttle. To disable the throttle we set the value to its max not to 0. I scheduled this task to run at 8:00PM after everyone has left.
C:\WINDOWS\system32\cscript.exe "C:\Inetpub\AdminScripts\adsutil.vbs" SET /w3svc/<siteid>/MaxBandwidth 4294967295

In the end you have two scheduled task that look somewhat like this. One that will enable throttling on your WSUS site to prevent it from saturating your WAN during the day and a second to disable it so the PCs can get their updates as fast as possible in the evening.

Wednesday, April 6, 2011

SCVMM: Mount Shared ISO

I have been using SCVMM R2 for a while but one thing I never got working correctly is the ability to mount an ISO directly from the library share rather than copy the ISO to the VM. There are plenty of guides to help you get that setup. Like here:
http://blogs.technet.com/b/dutchpts/archive/2009/02/09/hyper-v-and-scvmm-2008-mounting-iso-s-from-a-network-share.aspx?wa=wsignin1.0

It never worked for me until I found this other little blog entry by Timothy. http://www.avianwaves.com/Blog/default.aspx?id=187&t=SCVMM-Mounting-Shared-ISOs-From-The-Lib

Basically if your SCVMM library is on the same server as the Hyper-V host you just need to add the NT AUTHORITY\Network Service user account to both your library Share and NTFS permissions.