Retina CS facilitates both Microsoft and third party patching by integrating with Microsoft Windows Server Update Services (WSUS). Retina CS utilizes WSUS as the patching engine and effectively becomes a management console to WSUS. This integration does not preclude you from using the WSUS/Update Server console plug-in independent of Retina CS; however, BeyondTrust recommends that patching be managed through Retina CS since all patch activity is recorded in the database.
Familiarity with the native functions and features of WSUS is necessary to fully understand the Retina CS integration. The native WSUS client is built into the Microsoft OS, however, it needs to be enabled and configured. In typical WSUS-only environments this is accomplished through GPOs. When using Retina CS, clients are enabled and configured through Retina CS.
The Retina CS configuration and patch deployment process is outlined in the following diagram:
- Configure a Retina CS connection to an existing WSUS Server; Retina CS becomes a management console for WSUS.
- Enable specific Smart Groups for patch management. This configures members of the Smart Group, i.e., the clients, for WSUS by making changes to the registry.
- Identify and approve patches.
- Clients periodically check WSUS for approved patches which are then subsequently downloaded and installed.
These functions are detailed in the following three sections, additionally, reporting, best practices and troubleshooting tips will be provided.