A few months back, an administrator working an older job reached out to a colleague of mine named Todd Lamothe to ask how they might reduce the bandwidth Windows Update was taking on their network. Todd has been working in the IT field for more than 20 years and he is the principal consultant for Nattrac Consulting Ltd. where he does IT consulting focusing on Windows deployments, Windows Server technology, Azure Cloud and Exchange / Office 365 deployments. The admin who reached out to Todd said his company had about 90 locations connected hub and spoke to the central office all sharing the same Internet connection, and they wanted to reduce the amount of bandwidth being used between the sub-offices and the central location. Both I and Todd knew immediately that the answer to this person’s problem would be Delivery Optimization.
So what exactly is Delivery Optimization? I asked Todd and he replied that “Microsoft defines it as follows: Windows Update Delivery Optimization lets you get Windows updates and Microsoft Store apps from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection but can also help you reduce the amount of bandwidth needed to keep all of your organization’s PCs up to date.” I said that sounded rather vague and simple and Todd agreed, saying, “This is oversimplified, but essentially it means your Windows 10 computer will reach out to the Delivery Optimization service located in the cloud and asks for Windows Updates and will get back information about other peers you may download Windows Updates from along with receiving the updates from the Windows Update service.”
Using Group Policy to configure Delivery Optimization
Since Todd has had more experience with this particular Windows feature than I myself have, I asked him if he could briefly explain how to set up and configure Delivery Optimization in an Active Directory environment. “You can set the policies using Group Policy or through MDM settings.” Which would be the best approach for the admin who contacted you? “In this case, they are heavily invested in GPO, so we need to use Group Policy to set the settings.” I asked Todd to explain for us how this is done and he responded with the following brief tutorial:
Settings in GPO reside in Computer Configuration under Administrative Templates under Windows Components under Delivery Optimization. The first option that needs to be set is Download mode. We have six options here:
- None Turns off Delivery Optimization.
- Group Gets or sends updates and apps to PCs on the same local network domain.
- Internet Gets or sends updates and apps to PCs on the Internet.
- LAN Gets or sends updates and apps to PCs on the same NAT only
- Simple Simple download mode with no peering.
- Bypass Use BITS instead of Windows Update Delivery Optimization.
At first glance, one might think LAN would be the best method but, in this case, it is not. Let me explain. In LAN mode, all the machines check in with the cloud and because they all use the same Internet connection, to the service they will all be peers. But in fact, one machine may be in Toronto, another may be in Los Angeles and in fact those two machines cannot speak to one another (basic premise of peer to peer). For my customer, the best option is the setting called Group. Using this mode, Windows 10 1607 and above respects Active Directory Sites and will limit the peers to machines within an AD Site and on the same Domain. Exactly what I need for this customer and their situation.
Now with this configured and GPO applied correctly, let us test out the configuration. On a desktop running Windows 10 1803, I open into updates and check for Windows Updates. There was a few to install so I chose to download and install them and then reboot. I then check the Delivery Optimization stats of my machine using PowerShell and the Get-DeliveryOptimizationPerfSnap cmdlet. Here is a screenshot of what was reported:
We can see in the screenshot that the number of files downloaded was five and files uploaded was 0. Great. Now I fire up my laptop and tell it to update. The machine checks for updates and installs a few. After I check the stats of my desktop PC again, I see the following:
I now see files uploaded at a value of 1, which means my machine uploaded one file to the laptop when it checked for updates.
For more information, a good PowerShell command to use is Get-DeliveryOptimizationStatus | ft.
So that’s the basics of Delivery Optimization!
Tips and tweaks
At this point, I told Todd this all seemed really simple so it must be a no-brainer for Windows admins to implement Delivery Optimization for reducing Windows Update bandwidth and making updating their systems more reliable on networks that have unreliable Internet connections. Todd replied by saying, “Well, as with all things Microsoft, you may want to make a few changes from the default. Here is a screenshot of all the settings that can be applied using GPO.”
I responded by saying that it looked like there are a lot of different policy settings one can fiddle around with and asked Todd which settings might be the best ones to tweak to make Delivery Optimization work best. He responded with some useful tips based on his own personal experience using this feature. “Some of those changes I usually make are:
- Configure the option Minimum File Size to Cache The default is set to 50MB so I would recommend adjusting that value as it makes sense for you considering your Internet connection size and the number of machines in your organization. Microsoft recommends lowering this value to 10MB for organizations with more than 30 computers and a further drop to 1MB for more than 100 computers.
- Enable Peer Caching while the device connects via VPN This one you will want to adjust as needed. Some companies I work with have VPNs set so that all traffic routes through the main office. Considerations need to be addressed looking at how your tunnel and how the Internet connection is handled. It may make sense to not include machines connected by VPN if you have a split tunnel, but you may wish to use delivery optimization for those who route all traffic back through the VPN.
- Allow uploads on battery power Most places I support now have laptops only with a few desktops here and there as needed. One of the recommendations from Microsoft is to allow machines on battery to upload content. By default, machines on battery power do no contribute to the peer group. The recommendation is to set the value to 60 percent.
- Max Cache Age The default cache age is three days. You may wish to change this to ensure the local peers have the file for an extended length of time. Setting this number between seven and 30 is Microsoft’s recommendation. In my own environment, I keep them at 30 days.”
Where to learn more
I ended by telling Todd I was grateful for him covering the basics and some of the customizations around Delivery Optimization, and I asked him where our readers can find out more about this Windows feature if they’re interested in implementing it. He suggested checking out Session BRK3019 from Microsoft Ignite 2018. You can find this and other useful sessions from Ignite 2018 linked in this post on Michael Niehaus’ blog.
Featured image: Shutterstock