Windows Software Update Services doesn't require the end-user to be part of a domain to get updates. You just need to define the WSUS server as the source for updates by changing a few registry entries and make sure the server is available via HTTP or HTTPS to your customers. You can read more at Microsoft's site.
Even though you can make it work, I believe in doing so you will be running afoul of the WSUS license agreement if it's not a corporate LAN/Domain. I don't have the text of it in front of me, but I remember this issue coming up on <nntp://microsoft.public.windows.server.update_services> Since automating clients to use wsus requires either a registry or local/group policy change on the clients, you would have to find some way of manipulating this facet as well. I would say the best course is to contact the wsus/mu team via the above mentioned newsgroup and see if they'll become more cache friendly with a future version of wsus. The squid trick seems ideal if only you could be assured of having the latest files. ~JasonG --