SUS ran on a Windows Server operating system and downloaded updates for the specified versions of Windows from the remote Windows Update site which was operated by Microsoft.
Clients could then download updates from this internal server, rather than connecting directly to Windows Update.
Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft Corporation that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers in a corporate environment.
WSUS downloads these updates from the Microsoft Update website and then distributes them to computers on a network. At first, it only delivered hotfixes and patches for Microsoft operating systems.
System administrators can also configure WSUS to approve certain classes of updates automatically (critical updates, security updates, service packs, drivers, etc.).
One can also approve updates for "detection" only, allowing an administrator to see what machines will require a given update without also installing that update.
As background, WSUS clients must connect to the Self Update virtual directory to check for a new version of the WSUS client before checking for new updates.
This always happens anonymously over port 80, even if WSUS is configured to use a custom port, such as port 8530.
Microsoft's KB3148812 patch for WSUS was supposed enable automatic decryption of Windows 10 feature updates in preparation for Microsoft's "anniversary update," coming this summer.
However, the patch had some flaws, causing WSUS to not be able to connect with Windows clients, among other problems.
I previously had it set up on a Win2k3 server and all of the clients were failing to report status.
I removed it from that server and installed it on the 2k8 one.
Windows Server Update Services 2.0 and above comprise a repository of update packages from Microsoft.