Hallo, can anyone tell me which Protocol SCE 2007 is using to deploy the Software? Also i want to know what exactly is SCE2007 doing when it is creating a Softwarepackage? which informations do it wright down in the package? I need this because i have my final examination about SCE 2007. Thank you Guys. PS:Sorry for my bad english, i`m from Germany.
June 9th, 2009 1:51pm
Hi Sebastian, Creating a software package in SCE just like Publishing a local update. WSUS 3.0 includes new authoring and publishing APIs that allow applications such as System Center Essentials to do Local Publishing of updates. Local Publishing refers to the process of creating update metadata and publishing it to the WSUS database to be made available for client detection and installation, allowing the Windows Update Agent to install software other than Microsoft Updates. In System Center Essentials 2007, Local Publishing is implemented in the following features: 1. Importing vendor catalogs in the Essentials Console 2. Creating custom updates in the Essentials Console 3. Creating Software Packages in the Essentials Console 4. Publishing custom and vendor updates from the System Center Updates Publisher tool Each of the above items is done differently in System Center Essentials, but the underlying process is the same for all of them. Once the update is authored and published to the WSUS database, it will be generally treated the same as existing updates. The updates are deployed to computer groups, clients detect the updates and scan for applicability, then install the update if necessary. Local publishing of an update involves the following steps: 1. Creation a. The Administrator uses the System Center Essentials console or an external update publishing application to input the update information such as source files, installation parameters, and applicability rules. 2. Authoring a. The publishing application uses WSUS Authoring APIs to create the application meta-data and copy the application setup bits to the WSUS server. 3. Publishing a. The WSUS Admin API is used to create and sign a .cab file with the update installation files, import the update metadata into the WSUS database and copy the .cab file to the content directory, making it available for deployment. 4. Approving a. The administrator approves the update, making the it available to clients. 5. Installation a. The Windows Update Agent on client computers detects and installs the update. Creating software packages and custom updates in the System Center Essentials console is essentially the same process with the same wizard, only Updates will be seen in the Updates pane of the console, and Software Packages will be seen in the Software pane. The authoring and publishing of a Local Update use separate APIs and are treated as separate tasks by WSUS, but are integrated together and presented as one process in System Center Essentials. For example, when a Software Package is created and the user clicks on Create at the end of the New Software Package Wizard, the Authoring and Publishing of the update will happen when the Preparing Package screen is presented. Authoring Authoring consists of collecting the application files and necessary application metadata and copying these to a share on the Essentials server. WSUS 3.0 creates a network share for collecting all locally published updates. This share will also be used for the UNC path for MSI repair. The default location for the share will be in the same directory as the WSUS content folder on the server that WSUS is installed on. This is configured during setup and can also be updated using the wsusutil.exe /movecontent tool. In System Center Essentails, the default WSUS content base path is C:\SCE\WsusContent\ and the default application base path is C:\SCE\ UpdateServicesPackages\. The UpdateServicesPackages directory will have the following default permissions: Full control to WSUS Administrators group Read/write access for the NetworkService account Read access for Everyone During the authoring process, and XML file containing the metadata for the update is created. This is called an Update Services Package file and has a .USP extension. The .usp file and the update source files are first copied to the users %temp% directory. A directory structure for the update is then created in the UpdateServicesPackages share, with the directory name being <package name>.<packageID>. The update installation files and USP file are then copied to this folder (the USP file is deleted when the publishing process completes). For MSI applications, an install point is created in the update metadata, so that if a client computer needs to repair the application, it will go to this share. At this point, the update is ready to be published. Publishing In WSUS 3.0, the WSUS Admin API is extended to support publishing packages that have been authored via the authoring API. The publishing process consists of packaging the update installation files into a .cab file and digitally signing it, then importing the update metadata into the WSUS database. Application Packaging and Signing When a local update is published, all of its files will first be cabd together into a single package. The .cab file is created in %temp%, then copied to the package location under \UpdateServicesPackages. Wsuscertserver.exe is then used to sign the .cab file using the WSUS Code Signing Certificate that was created during setup. In order for WSUS publishers to access the signing certificate, this certificate must be in the WSUS certificate store for the local machine account (this is created during setup). Also, the certificates hash must be saved in the HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\CertHash registry key, so that the WSUS publisher can locate the exact certificate in the certificate store to use, in case there are multiple certificates in the same store. WSUS then uses Authenticode APIs to verify that the .cab file is signed properly and that the certificate that it was signed with is from a trusted publisher. For this to work, the WSUS Code Signing certificate must be present in the "Trusted Root Certification Authorities" and "Trusted Publisher" folders in the Essentials servers Certificate Store. Update Services Package (USP) XML File The Update Services Package (USP) file is an XML file used to describe metadata for applications and is created as part of the authoring process. A USP file contains the publishing metadata for the application and has a .usp extension. This is a subset of the information that is contained in the SUS XML (metadata read by clients when detecting updates).USP files will contain two parts, a general part that contains information about the update that applies to all WSUS consumers, and an environment specific part that can be modified to hold information that is specific to a particular WSUS servers environment (for example: MSI repair path). The USP file will contain a USP file GUID and integer revision number that will be used to uniquely define that application p
June 11th, 2009 12:48pm
Hey, thank you this helps me a lot.
June 16th, 2009 4:57pm