Windows updates, upgrades, and applications can contain packages with large files. Downloading and distributing updates can consume quite a bit of network resources on the devices receiving them. You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in your deployment. Delivery Optimization is a cloud-managed solution that allows clients to download those packages from alternate sources (such as other peers on the network) in addition to the traditional Internet-based servers. You can use Delivery Optimization with Windows Server Update Services (WSUS)
- A network
- Windows 10 version 1703 or later
- The latest Windows 10 ADMX Files
- Group Policy creation/edit access
If you block specific URLs on your firewall, please open up the prerequisites to ensure traffic can flow freely to your clients
- Open port 7680 on client devices via Group Policy
- Enable Delivery Optimization via Group policy and set applicable options
- Configure Windows Updates settings via Group Policy
- Test that clients can access the Delivery Optimization service on other clients using telnet
- Monitor the performance of the Delivery Optimization service
1. Open port 7680 on client devices via Group Policy
This is often enabled as standard but it is good practice to enable this via Group Policy to ensure the ports are available. There are already pre defined policies built into Windows 10 named Delivery Optimization (TCP-In) and Delivery Optimization (UDP-In) that will cover all aspects of incoming client traffic.
These can be enabled using a Group Policy built into the same GPO for DO and WU. The settings can be found under Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Inbound Rules
1. Create a new policy to store the settings in
2. Give the new policy an appropriate name
3. Edit the policy
4. Drill down to Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Inbound Rules
5. Tick Predefined then select DO
6. Both options will be ticked as default
7. Allow the connection will be set as default, click Finish
8. The new rules will now be shown in the Inbound rules table
2. Enable Delivery Optimization via Group policy
Inside the same GPO, navigate to the Delivery Optimization settings in Group Policy under Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization and double click Download Mode
For this guide we are going to set Download Mode to 1, HTTP blended with peering behind the same NAT. This means clients behind your router can share data but the clients will not share data with Internet Peers or members of the same Domain which are located on a WAN connection.
The following list shows the supported values for Delivery Optimization to distribute Windows Updates –
0 = HTTP only, no peering.
1 = HTTP blended with peering behind the same NAT.
2 = HTTP blended with peering across a private group. Peering occurs on devices in the same Active Directory Site (if exist) or the same domain by default. When this option is selected, peering will cross NATs. To create a custom group use Group ID in combination with Mode 2.
3 = HTTP blended with Internet Peering.
99 = Simple download mode with no peering. Delivery Optimization downloads using HTTP only and does not attempt to contact the Delivery Optimization cloud services.
100 = Bypass mode. Do not use Delivery Optimization and use BITS instead.
3. Configure Windows Updates settings via Group Policy
Please follow the article HERE to create a new GPO to store Windows Update settings
Don’t forget to apply both the GPOs to the OU containing your Windows 10 clients.
4. Test that clients can access the Delivery Optimization service
Please reboots to ensure the GPO settings have been applied correctly. Find an IP/Hostname of a client on your network that has had the GPO applied. Manually query for port 7680 to check if listening. You should get back a LISTENING status.
Note: If you get anything other than this then consider checking your firewall settings are applied and that the Delivery Optimization service isn’t set to Disabled or Manual
5. Monitor the performance of the Delivery Optimization service
The below PowerShell command can be ran locally or via a PowerShell Remote console:
- The amount of bytes uploaded to other LAN Peers in the previous calendar month
- The amount of bytes uploaded to Internet Peers, with option 1 as in this guide this will always be 0 as clients will not be uploading data to Internet Peers in the previous calendar month
- The amount of data downloaded from Microsoft Servers in the previous calendar month
- The amount of bytes downloaded from a Microsoft Connected Cache in the previous calendar month
- The amount of bytes downloaded from LAN peers in the previous calendar month
- The amount of bytes downloaded from Internet Peers in the previous calendar month
Check the current DO jobs status
Running the below PowerShell command will output the current job status showing you Download and Upload tasks for that client
Export the Delivery Optimization log file
This is achieved again via PowerShell with a simple command as below.
Get-DeliveryOptimizationLog | Set-Content c:\dosvc.txt