WSUS in Azure

Recently I assisted in brining a new person into my team, Matt Garton.  He comes from the world of phone queues here at Microsoft, which is where I had my roots and a lot of my foundational knowledge.  He impressed me with his product knowledge and we brought him on.  Once on-board I worked with him on some of our move to Azure plans and he worked out one of our pain points, which revolved around WSUS.

On premise we have powerful SQL boxes that run our SQL DB and WSUS DB for each site (2 boxes in a cluster per site).  We then have multiple WSUS servers for that site all pointing back to that same WSUS DB.  Against best practice recommendations (for reasons I won't cover here, but for good reason) we put all the WSUS behind a high availability load balancer (HLB) that is a single "name" that we point our clients at.  This gives resiliency and dependability to our WSUS usage for ConfigMgr clients.

As we move our infrastructure to Azure and look at other changes to come back to best practice we didn't want an HLB.  We also couldn't do a cluster in Azure and wanted to stick with as much "out of the box" stuff as we could.  SQL 2016 has availability groups to meet needs like ours so we wanted to go that route.  Apparently we were pushing boundaries because we had some issues with WSUS and had to involve some smart folks, like Matt, to get it figured out.  Matt did most of the work and got it all pinned down then decided to share that knowledge with the rest of the world.

Check out his post our team blog:  https://blogs.technet.microsoft.com/system\_center\_in\_action/2017/03/30/moving-the-wsus-database-to-sql-always-on/