Jeremy Moskowitz founded PolicyPak Software after working with hundreds of customers with the same problem they couldn’t manage their applications, browsers and operating systems using the technology they already utilized.
Using all your Bandwidth (in a Good Way) with Windows Update Delivery Optimization (WUDO)
What is Windows Update Delivery Optimization (WUDO)?
Released as new feature in Windows 10 Windows Update Delivery Optimization enables you to download Updates and Apps from other computers that have already downloaded the update or app you are looking for. This is designed to help speed up updates and app delivery as a data can be fetched from peers as well as Microsoft servers.
When it is time to download an update or install an app Windows will look across the network to see if the data can be retrieved locally or deepening on settings peers across the web. Much like peer-2-peer file sharing the updates and apps are broken into smaller bits to be shared across clients.
Microsoft securely keeps this data protected. WUDO does not transmit or come in contact with any personal data and update and applications bits are encrypted. Downloaded bits are checked against Windows Update to verify that the data has not been tampered with and the data is double checked before installation.
Starting in v1903 Windows Update Delivery Optimization uses Low Extra Delay Background Transport (LEDBAT) to control network congestion while delivering updates. This new idea is really amazing.
LEDBAT ostensibly uses all your bandwidth … the bandwidth that’s available. Some have described it as a “bandwidth scavenger.”
Basically, LEDBAT consumes available bandwidth, while checking that others on the network don’t need it. The way it works is that it If it notices a delay increase, well, then it sends less data, leaving user day to day traffic and business applications as a higher priority than sending and receiving updates.
Managing Windows Update Delivery Optimization with Group Policy
Settings for Delivery Optimization are found here:
Computer Configuration | Policies | Administrative Templates | Windows Components | Delivery Optimization
Designing WUDO settings for your environment.
There are several settings in WUDO that you will want to custom tailor to your environment. Microsoft recommends limiting group access to members of the same domain with a cache life of 24 hours.
Depending on how your environment is set up you may want to limit per site or per subnet.
Group Policy Settings
Setting Max Cache age:
This is important as once all the updates have been distributed we want to clear out the cache of updates that we no longer need. The default is three days, but depending on the environment one day may be sufficient to distribute all the updates.
Controlling bandwidth:
Limiting WUDO bandwidth if needed during business hours:
Should you need you can specify bandwidth limits during business hours.
Customizing groups for your environment:
By default, all computers in the same domain are allowed to interact with each other. Using Group ID will let you control what computers are allowed to send and receive information between each other.
Generate a GUID by using the PowerShell command [guid]::NewGuid()
This will give you a GUID to use for your group. Insert that into the WUDO GPO.
This sets the GUID for that group of Computers to use WUDO. You will need a separate GPO for each Group ID that you want to set via GPO.
Setting WUDO download mode:
To make use of group selections and turn off the default behavior of all Computers in the same domain, you would need to set the Download Mode to use the Groups you specify in the previous step.
Now that all the main Group Policy settings are in place Windows Update Delivery Optimization will help to utilize internal network bandwidth sharing Windows Updates between computers and lightening the load on expensive WAN bandwidth.
The downside to using these GPO methods is the you will need a GPO for each group of computers that you want to specify a WUDO group for.
You will also need separate GPOs for any offices that have differing hours.
PolicyPak Admin Templates Manager Makes Managing WUDO Easy
Controlling multiple sites, departments or groups of WUDO settings is easy with PolicyPak Admin Template manger.
Admin Template Manager gives us access to Item-Level Targeting. So you can have all your WUDO settings in one easy to manage place. In this case let’s take a look at managing several sites under one GPO.
Create a new GPO. Expand the Admin Template Manager and create a new Collection. A Collection is like a mini-GPO within the GPO! In this example, we’re creating a Collection just for Delivery Optimization.
Now we can create our WUDO settings. The Group IDs for each site get put in. An easy way to determine each WUDO group may be IP range. So we can generate our GUID for the group and filter this group based on IP range
Admin Templates Manager compresses a GPO for each site or group of computers down to one easy to manage GPO. Where all the WUDO settings can live in one place.
Final Thoughts
Windows Update Delivery Optimization is a powerful mechanism for delivering updates in an efficient manner, helping to save WAN bandwidth by sharing update information between machines.
PolicyPak Admin Template Manager will help you manage WUDO settings across your environment, keeping the many settings all in one nice, neat, easy to manage place.
Instead of having multiple “out of control” GPOs, with PolicyPak Admin Templates Manager you can literally have one GPO which expresses your WUDO settings, and get down to being more efficient.