Security Column Vol.2
Control Windows 10 updates without the need for WSUS!
Windows 7 support ends on Jan. 14, 2020
Migration to Windows 10 is necessary
- Sudden notifications of “important updates”
- Update programs are large-sized
- Updates take a long time to apply
Network load accompanying Windows 10 updates is one issue causing headaches for many administrators. Suddenly appearing important update notifications and the network load caused by the massive size of those programs can present large obstacles to your business. Even at locations in Japan, with comparatively high-bandwidth networks, they have a large impact on business. For overseas locations where bandwidth is scarce, the effect is that much greater.
There arises a need for a way to easily manage updates that keeps business running smoothly while handling the sudden release of new updates.
One solution is to use WSUS to control the application of updates, but considering its technical and administrative aspects, it can be an over-investment depending on the scale of the user-base to be managed.
For overseas branches or small-scale branches, where WSUS is not a practical option, how can Windows 10 updates be managed to reduce network load?
We recommend it to customers with small-scale branches as a way to manage Windows 10 updates without using WSUS, and here we explain how to use KDDI Cloud Inventory to fulfill this role.
Use KDDI Cloud Inventory
to lighten update traffic load on your network
Reducing Windows 10 update network load with KDDI Cloud Inventory*1
1Control Windows 10’s deferred updates setting to spread out update timing
Windows 10 includes a setting to defer the application of updates*2. Even after a Windows update program has been released, for the period specified in this setting, updates will not be automatically applied.
Windows 10 update-caused network load stems from all computers within a company applying their updates on the same day. Using deferred updates, update times can be set per device, allowing you to spread out network load over time.
However, setting deferred updates one-by-one on all machines is a time-consuming process. By using “KDDI Cloud Inventory”, you can divide managed machines into groups, and remotely set deferred updates by group, allowing you to reduce network load without inconveniencing your network administrators.
Manually changing the update deferral setting on all your organization’s machines is a time-consuming process, but with KDDI Cloud Inventory you can set groups of them all at once!
- *1 What is KDDI Cloud Inventory? : A SaaS-style cloud service that provides security management, asset management, unauthorized device detection, and more. See details here.
- *2 Setting available in Windows Pro or higher.
2Windows updates from within your local network
One cause of the network traffic that results from Windows 10 updates is said to be the concentration of ingoing and outgoing Internet traffic to limited points of access in corporate intranets. For security, access to the Internet is limited and local breakouts are forbidden, leading to a concentration of network traffic.
Windows update traffic also gets concentrated at these specific access points, causing a large traffic load. This means that even if WSUS isn’t used, distributing Windows updates from within the corporate network can greatly reduce network load.
KDDI Cloud Inventory provides the ability to apply security patches or distribute other specified files from a file server within an intranet to client machines. By using this distribution feature, traffic congestion on the Internet connection can be avoided, allowing a smooth update process.
- * This feature is available for any version of Windows, not just Windows 10.
Furthermore, after distribution of update files, you can check the update status of clients with a glance at the administrative console, allowing you to easily confirm whether updates were applied.
The managed hardware list also shows easily checking OS versions and build versions.
As we have described here, through two different methods, KDDI Cloud Inventory enables controlling Windows 10 updates in environments without WSUS and reducing network load. If you are troubled over how to manage Windows 10 updates for your overseas or small-scale branches, why not give KDDI Cloud Inventory a try?
Apply here for a 30-day free trial
Take this opportunity to use the free trial to experience security management with KCI!
Appendix What is Windows 10 IoT?
Windows 10 IoT is a special kind of Windows used for digital signage, bank ATMs, and other such devices.
Windows 10 IoT comes in 2 editions: “Windows 10 IoT Enterprise”, based on the PC-oriented Windows 10, and “Windows 10 IoT Core”, which can be installed on compact devices like the Raspberry Pi. However, they are not on the general market, and so can’t be bought at a regular store.
Regular Windows 10 has one large upgrade per half-year, but as Windows 10 IoT has strengthened security for its IoT role, it only receives security updates. Additionally, the OS has a long-term warranty of 10 years, allowing more peace-of-mind than the 3 years provided by the same-purpose Android OS. Additionally Windows 10 IoT Enterprise is equipped with “lockdown” features that can prevent modifications to files, the registry, or keyboard use.
With IoT devices coming closer to carrying software the same as that found in PCs, Windows might be around you in places you never noticed.