If you have been running a network for a while, you likely are:
- using Windows Server Update Services (WSUS) or SCCM with WSUS to manage Windows patches and download them locally
- using local file shares for Office patching.
Historically, this minimized network traffic but in recent versions of Windows 10, Microsoft has made significant strides in what they call Delivery Optimization eliminating the need for local copies of patches.
Put simply Windows 10 Delivery Optimization has the first computer that looks for updates download all the patches it needs directly from Microsoft, just like WSUS (or local file share downloads for Office365ProPlus patches). The next computer that needs patches checks with other PC’s in the same office (subnet) to see if the patches have already been downloaded. If they have, it just pulls them directly from the other PC’s. If a patch is missing (i.e. this PC has an old version of .NET that needs to be patched and the other PC’s on the LAN do not), that PC will simply pull it down from Microsoft and make it available to all other PC’s on the LAN.
Microsoft explained it this way:
- The PC talks to WSUS to determine what updates are needed.
- For each needed update, the PC checks with the Delivery Optimization service (on the internet) to find any applicable peer PCs that already have the needed content.
- If peers are available, the PC will try to get the content from the peers.
- If some or all of the content isn’t available from a peer, or if no peers are available, the remainder will be retrieved from Microsoft
SOURCE
In this way, the patches are spread out over the various PC’s in your office rather than concentrated into a single WSUS server. If any patches are missing or corrupt, the PC that needs the patches will simply download them again from Microsoft and make them available to all the other PC’s on the LAN.
Where this process used to fall down was in the definition of LAN. If you had more than one office AND had each of those offices connect to a single central office to connect to the internet (i.e. perhaps you have a serious firewall at the central office and want to route all of the external traffic from all offices through that), Delivery Optimization would not understand the structure and so it could be pulling large patches from far away offices. This was bad.
To fix this Microsoft came up added a GROUP mode way back with Windows 10 1607. GROUP mode lets you assign a different GROUP ID to the computers in each one site / Office.
For most people the default setting of LAN download mode is the ‘correct’ configuration. If you do have a pile of network segments that are all over the world and they connect to your head office before connecting to the internet, GROUP is for you.
If you want to configure Delivery Optimization through GPO:
- Launch GROUP POLICY MANAGEMENT CONSOLE
- Create a new GPO or edit and existing one
- Expand COMPUTER CONFIGURATION
- Expand ADMINISTRATIVE TEMPLATES
- Expand WINDOWS COMPONENTS
- Expand DELIVERY OPTIMIZATION
- Double click on DOWNLOAD MODE and set it to LAN(1) or whatever configuration you want
CLICK TO EXPAND SCREEN SHOT
These screen shots show you what Delivery Optimization looks like the the user.
Note that the statistics for pulling data from Microsoft directly are very high on this PC because it is the very first machine to get patches, so it has to pull down most from Microsoft.
CLICK TO EXPAND SCREEN SHOT
You can then set your WSUS to download files directly from Microsoft (which we explain HERE)
You can also set your MS Office 365 ProPlus to download and share files in much the same way which we explain HERE.
0 Comments