The Software Update service is Apple's equivalent of Microsoft's Windows Server Update Services (WSUS). Your OS X server downloads updates directly from Apple's software update servers. Then, using Profile Manager, you point your Mac clients toward the local update server and they get their updates from you instead of from Apple, saving Internet bandwidth and increasing the speed of large downloads.
When set to Automatic, the service will automatically publish new updates to your Mac clients as they're made available from Apple. Selecting Manual gives you the option to hold back updates for testing before pushing it out to all of your clients. Anyone who has ever installed a new OS X point update on the day it's made available knows that you're taking a certain amount of risk by doing so, and holding all but the most critical security updates for at least a few days makes some sense if you're trying to reduce support calls.
The Software Update service can update all of the same things that Apple's servers can, including Mac firmware updates; updates for Safari, iTunes, and other Apple app updates not handled through the Mac App Store (you can use the Caching service to handle updates for those); and system updates for OS X versions reaching all the way back to 10.4. A full copy of Apple's update catalog is going to require several gigabytes of hard drive space. The ability to download and distribute iOS updates from your local server still isn't included.
There are also a few other limitations here compared to something like WSUS. While you can hold updates back from your users, there's no way to push them out. Once you've approved an update, your users can pull it down through the normal Software Update process, but you can't mandate that the update be installed and there's no way to check update compliance throughout your organization. If your users choose to defer the updates, there's really not much you can do about it. The best way to skirt this limitation is to use the Software Update service in concert with a management tool like Apple Remote Desktop, which can force update checks and install manually or on a schedule of your choosing.
Additionally, there's no way to approve updates for certain groups or individuals while holding them back from other groups and individuals, functionality that WSUS has because of its tight Active Directory integration. Like many of OS X Server's services, Software Update is useful in a home with many Macs or in a small business with Macs numbering in the low-to-mid double digits, but organizations with hundreds or thousands of Macs to manage may find that it doesn't scale particularly well.
Areas of overlap
If you're running the Software Update service and the Caching service on the same server at the same time, there are a couple of things to keep in mind. First, since both services will cache system updates, you might end up storing the same update multiple times; OS X point updates are regularly over a gigabyte in size, so this could add up over time. However, since the Caching service only downloads things you and your users actually need, you won't have to waste gigabytes of space on the ancient OS X updates that Software Update will download in Automatic mode.
Finally, Software Update gives you the ability to hold back certain updates for testing if you'd like, while Caching caches and serves everything without restriction. The same set-it-and-forget-it configuration that makes the Caching service so easy to start using also makes it difficult to live with if you need more granular or advanced controls.
Reference:
Software Update
http://arstechnica.com/apple/2013/12/a-power-users-guide-to-os-x-server-mavericks-edition/6/
You are welcome!
ReplyDelete