Keep Windows 10 updated with Delivery Optimization

A few months back, an administrator working an older job reached out to a colleague of mine named Todd Lamothe to ask how they might reduce the bandwidth Windows Update was taking on their network. Todd has been working in the IT field for more than 20 years and he is the principal consultant for Nattrac Consulting Ltd. where he does IT consulting focusing on Windows deployments, Windows Server technology, Azure Cloud and Exchange / Office 365 deployments. The admin who reached out to Todd said his company had about 90 locations connected hub and spoke to the central office all sharing the same Internet connection, and they wanted to reduce the amount of bandwidth being used between the sub-offices and the central location. Both I and Todd knew immediately that the answer to this person’s problem would be Delivery Optimization.

So what exactly is Delivery Optimization? I asked Todd and he replied that “Microsoft defines it as follows: Windows Update Delivery Optimization lets you get Windows updates and Microsoft Store apps from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection but can also help you reduce the amount of bandwidth needed to keep all of your organization’s PCs up to date.” I said that sounded rather vague and simple and Todd agreed, saying, “This is oversimplified, but essentially it means your Windows 10 computer will reach out to the Delivery Optimization service located in the cloud and asks for Windows Updates and will get back information about other peers you may download Windows Updates from along with receiving the updates from the Windows Update service.”

Using Group Policy to configure Delivery Optimization

Since Todd has had more experience with this particular Windows feature than I myself have, I asked him if he could briefly explain how to set up and configure Delivery Optimization in an Active Directory environment. “You can set the policies using Group Policy or through MDM settings.” Which would be the best approach for the admin who contacted you? “In this case, they are heavily invested in GPO, so we need to use Group Policy to set the settings.” I asked Todd to explain for us how this is done and he responded with the following brief tutorial:

Settings in GPO reside in Computer Configuration under Administrative Templates under Windows Components under Delivery Optimization. The first option that needs to be set is Download mode. We have six options here:

  • None Turns off Delivery Optimization.
  • Group Gets or sends updates and apps to PCs on the same local network domain.
  • Internet Gets or sends updates and apps to PCs on the Internet.
  • LAN Gets or sends updates and apps to PCs on the same NAT only
  • Simple Simple download mode with no peering.
  • Bypass Use BITS instead of Windows Update Delivery Optimization.

At first glance, one might think LAN would be the best method but, in this case, it is not. Let me explain. In LAN mode, all the machines check in with the cloud and because they all use the same Internet connection, to the service they will all be peers. But in fact, one machine may be in Toronto, another may be in Los Angeles and in fact those two machines cannot speak to one another (basic premise of peer to peer). For my customer, the best option is the setting called Group. Using this mode, Windows 10 1607 and above respects Active Directory Sites and will limit the peers to machines within an AD Site and on the same Domain. Exactly what I need for this customer and their situation.

Now with this configured and GPO applied correctly, let us test out the configuration. On a desktop running Windows 10 1803, I open into updates and check for Windows Updates. There was a few to install so I chose to download and install them and then reboot. I then check the Delivery Optimization stats of my machine using PowerShell and the Get-DeliveryOptimizationPerfSnap cmdlet. Here is a screenshot of what was reported:

We can see in the screenshot that the number of files downloaded was five and files uploaded was 0. Great. Now I fire up my laptop and tell it to update. The machine checks for updates and installs a few. After I check the stats of my desktop PC again, I see the following:

I now see files uploaded at a value of 1, which means my machine uploaded one file to the laptop when it checked for updates.

For more information, a good PowerShell command to use is Get-DeliveryOptimizationStatus | ft.

So that’s the basics of Delivery Optimization!

Tips and tweaks

At this point, I told Todd this all seemed really simple so it must be a no-brainer for Windows admins to implement Delivery Optimization for reducing Windows Update bandwidth and making updating their systems more reliable on networks that have unreliable Internet connections. Todd replied by saying, “Well, as with all things Microsoft, you may want to make a few changes from the default. Here is a screenshot of all the settings that can be applied using GPO.”

I responded by saying that it looked like there are a lot of different policy settings one can fiddle around with and asked Todd which settings might be the best ones to tweak to make Delivery Optimization work best. He responded with some useful tips based on his own personal experience using this feature. “Some of those changes I usually make are:

  • Configure the option Minimum File Size to Cache The default is set to 50MB so I would recommend adjusting that value as it makes sense for you considering your Internet connection size and the number of machines in your organization. Microsoft recommends lowering this value to 10MB for organizations with more than 30 computers and a further drop to 1MB for more than 100 computers.
  • Enable Peer Caching while the device connects via VPN This one you will want to adjust as needed. Some companies I work with have VPNs set so that all traffic routes through the main office. Considerations need to be addressed looking at how your tunnel and how the Internet connection is handled. It may make sense to not include machines connected by VPN if you have a split tunnel, but you may wish to use delivery optimization for those who route all traffic back through the VPN.
  • Allow uploads on battery power Most places I support now have laptops only with a few desktops here and there as needed. One of the recommendations from Microsoft is to allow machines on battery to upload content. By default, machines on battery power do no contribute to the peer group. The recommendation is to set the value to 60 percent.
  • Max Cache Age The default cache age is three days. You may wish to change this to ensure the local peers have the file for an extended length of time. Setting this number between seven and 30 is Microsoft’s recommendation. In my own environment, I keep them at 30 days.”

Where to learn more

I ended by telling Todd I was grateful for him covering the basics and some of the customizations around Delivery Optimization, and I asked him where our readers can find out more about this Windows feature if they’re interested in implementing it. He suggested checking out Session BRK3019 from Microsoft Ignite 2018. You can find this and other useful sessions from Ignite 2018 linked in this post on Michael Niehaus’ blog.

Featured image: Shutterstock

Mitch Tulloch

Mitch Tulloch is Senior Editor of both WServerNews and FitITproNews and is a widely recognized expert on Windows Server and cloud technologies. He has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press and other publishers. Mitch has also been a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management. He currently runs an IT content development business in Winnipeg, Canada.

Share
Published by
Mitch Tulloch

Recent Posts

Hardware RAID vs. software RAID: Pros and cons for each

RAID is a technique to virtualize independent disks into arrays for improved performance. Should you…

4 days ago

After the plague: What IT will look like in a post-COVID-19 world

COVID-19 has changed everything, but once it disappears, we will not go back to how…

4 days ago

Solved: Outlook defaults to Microsoft 365 version with Exchange server

An Exchange server with a hybrid connection to Microsoft 365 is usually pretty seamless —…

4 days ago

How chatbots are changing the way teams communicate internally

Chatots are primarily thought of as consumer-facing solutions. They bring life to customer interactions by…

4 days ago

Hakbit ransomware campaign targeting specific European countries

The newly uncovered Hakbit ransomware campaign spread via spear-phishing emails may indicate a shift in…

5 days ago

Credential stuffing: Everything you need to know to avoid being a victim

Credential stuffing is yet another weapon being used by cybercriminals. Here’s what credential stuffing is…

5 days ago