Keeping Many Debian Machines Updated

There are an increasing number of Ubuntu Linux machines on the Mzuzu University campus network (DHCP, squid, iptables, email, web, and some desktops). As you all know, keeping both Windows and Linux machines up-to-date with security updates can be very bandwidth intensive. Because our 256 kb/s connection is used heavily during the day we are trying to schedule all security updates to run once at night and then have all of our client machines connect to the local repository during the day for their security updates so as not to use bandwidth while students and professors are trying to connect online.

Over the past month, we have been comparing various Ubuntu local security update repository solutions: apt-proxy and apt-cacher. Our result: apt-cacher wins hands down. We found apt-proxy to be quite buggy and not to perform very well when multiple machines connected to the security update server at the same time. We have had no problems with apt-cacher. It was easy to install and configure. Most importantly it has greatly reduced the amount of bandwidth needed to keep our campus computers up-to-date with the latest Linux security updates.

Our next task is to find a way to do something similar for Windows machines. Currently each computer on campus is connecting to the windowsupdate.microsft.com website and downloading security updates individually. This is one of the heaviest uses of bandwidth on our network. I have found Windows Server Update Services . Its BETA version, but I think it might do what we need it to.

Any other ideas are most welcome here in Malawi.