cancel
Showing results for 
Search instead for 
Did you mean: 

Leverage Windows Delivery Optimisation for Windows Update with Patch mgmt policy

shawnsong
Rising Star II
Rising Star II

I planted a cliffhanger in my post managing Windows MDM policies with JC cmd about Windows Update Delivery Optimisation, figure it's time to unpack it - before the Xmas! 😀

Let's dive into it.

The Benefit

I got a few customers (especially the ones with large flee of windows devices) ask:

Is it possible to have some kinda cache "server" on their local network to distribute the update files on local network, to save the precious internet bandwidth? In combination of using JC's patch mgmt policy.  

I hate to say "no" to this validate ask, so I spent some time on Delivery Optimisation to make it work with the policy. 

Quoting from the MSFT link:

Windows updates, upgrades, and applications can contain packages with large files. Downloading and distributing updates can consume quite a bit of network resources on the devices receiving them. You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in your deployment. Delivery Optimization is a cloud-managed solution that allows clients to download those packages from alternate sources (such as other peers on the network) in addition to the traditional Internet-based servers. 

You don't need extra subscription with MSFT in this case. 😉

 

The "How"

Considerations 

There are a few things to consider before we go straight to the configurations, which is relatively straightforward.

  • Design the topology with multiple "caching hosts" if your network env has separations, large or layered with proxies. You might wanted to read a bit more here
  • Plan the "caching hosts" on lower impact devices - i.e. the IT folks 😄, or the dedicated devices. 
  • It can be configured for a mixed work force - and recommended. The DO service is flexible by prioritising the cache hosts when reachable.
  • Here is another MSFT KB about the DO service for more details.

Setting it up

  • Create a device group in JC for the elected caching hosts. 
  • Create a patch policy to make sure these hosts will be downloading the latest updates. Like this:Screenshot 2022-12-22 at 3.01.50 PM.png
  • Bond this policy ONLY to the caching hosts device group you created. 
  • Create a cmd - ideally set to "run manually", you can find the full script here
  • Create a cmd after agent install (our latest feature) with the same script - to make sure covering the new devices.
  • Change the settings accordingly:
    • Use case 1 - group the peers with a static groupID
      # Ref Test Case:
      #https://learn.microsoft.com/en-us/windows/deployment/do/delivery-optimization-test
      $groupGuid = "fde820f5-362c-4eb3-b7fa-0b961b40ff32" #Generate by ([guid]::NewGuid()).guid for a GUID based Group ID
      $session.DODownloadMode = 2
      $session.DOGroupID = $groupGuid
      $session.DOAbsoluteMaxCacheSize = 10000
      $session.DOMonthlyUploadDataCap = 10000​
    • Use case 2 - group the peers with DHCP Option ID (auto generated UUID)
      $session.DODownloadMode = 2
      $session.DOGroupIDSource = 3 #DHCP Option ID
      $session.DOAbsoluteMaxCacheSize = 10000
      $session.DOMonthlyUploadDataCap = 10000​
    • Note - Grouping will only be taking effect with Download Mode set to 2. OR you can opt for Download Mode 1 with more flexibility. 
  • Once the cmd ran on the devices, you can use the cmd below to observe the caching / peering status like this:
    Get-DeliveryOptimizationStatus | select DownloadDuration,filesize,status,NumPeers,DownloadMode,SourceURL | ft
    
    DownloadDuration  FileSize   Status NumPeers DownloadMode SourceURL
    ----------------  --------   ------ -------- ------------ ---------
    00:00:00.3240000 473943581 Complete        0        Group http://1d.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/6757f91d-e0bf-4b13-9f9...
    00:00:01.5510000  61115755  Caching        0        Group http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b429a11-819c-4fc3-8a54-e...
    00:01:08.7530000 132024555 Complete        1        Group http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fe435c57-1c78-4b7e-bd8b-1...
    00:00:05.3060000 101532152  Caching        0        Group http://2.au.download.windowsupdate.com/d/msdownload/update/software/defu/2022/12/am_base_8ba...
    00:02:08.9170000 238620000 Complete        1        Group http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9f1ffde8-d38e-4d0d-93b6-a...
    00:01:03.0940000  72536066 Complete        1        Group http://au.download.windowsupdate.com/d/msdownload/update/software/secu/2022/12/windows11.0-k...
    00:00:00.8680000  64253505  Caching        0        Group http://1d.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d37a3355-d18c-4dc6-86a...
    00:00:01.6760000  60801000  Caching        0        Group http://1d.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ff4d82a1-4a4a-4475-bbb...
    00:00:01.4670000 132922035 Complete        0        Group http://1d.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/64fd9c37-a52a-424a-870...
    ​

That's it! 😃

(p.s. I only managed to test the whole thing in a tiny env with 2 Windows instances, please share your thoughts here if you are planning to implement this in a large env).

 

 

 

 

 

0 REPLIES 0
You Might Like

New to the site? Take a look at these additional resources:

Community created scripts:

Our new Radical Admin blog:

Keep up with Product News:

Read our community guidelines

Ready to join us? You can register here.