Microsoft Clarifies Windows 10 Peer-to-Peer Update Controls
Organizations have some Group Policy control options over Microsoft's recently described "Delivery Optimization" update service for Windows 10 clients.
Delivery Optimization is a peer-to-peer client update service that uses PCs, both local PCs and nonlocal devices via the Internet, to deliver updated Windows 10 bits to an organization's networked PCs. It combines partial bits from PCs with partial bits from Microsoft's datacenters to update a computing environment. The idea is to reduce bandwidth issues during the update process. Updates are greatly speeded up with Windows 10, as Microsoft now sometimes changes client operating system features on a monthly basis.
Microsoft unveiled the Delivery Optimization service last week as a feature that got initiated with Windows 10 version 1607 (the "anniversary update"), which was released on Aug. 2. However, the Delivery Optimization service also works with Windows 10 version 1511, although there are a few nuances. The details were explained by Michael Niehaus, a Microsoft senior product marketing manager for Windows, in a new announcement today.
The Delivery Optimization service will only initiate peer-to-peer sharing when Microsoft is delivering its "larger updates like feature updates and cumulative updates," Niehaus clarified. Possibly, he is referring to Microsoft's original summer/fall major release-cycle scheme for Windows 10. For instance, Microsoft's Windows 10 versions 1507 and 1511 last year might be considered to be major operating system feature update releases, along with this year's anniversary update. Technically speaking, though, Microsoft releases feature updates and cumulative updates for Windows 10 every month.
It's also possible to completely turn off the Delivery Optimization service using Group Policy by selecting the "None" option. A Microsoft TechNet article lists the Group Policy options as follows:
- None. Turns off Delivery Optimization.
- Group. Gets or sends updates and apps to PCs on the same local network domain.
- Internet. Gets or sends updates and apps to PCs on the Internet.
- LAN. Gets or sends updates and apps to PCs on the same NAT only.
- Simple. Simple download mode with no peering.
- Bypass. Use BITS instead of Windows Update Delivery Optimization.
Niehaus explained that the "Simple" mode might be used "for 'closed' networks where PCs wouldn't be able to get to the Delivery Optimization service on the internet."
The "Bypass" option might be used by organizations using Microsoft's BranchCache service (instead of Delivery Optimization) to keep PCs up to date. However, Windows 10 version 1511 lacks Bypass mode support. Niehaus offered a suggestion for organizations using that version.
"Since Windows 10 1511 doesn't have a Bypass mode, you can use 'HTTP only' mode 0 to skip Delivery Optimization peer checks on closed networks," he explained.
Delivery Optimization uses a "LAN" download mode by default. PCs with the same IP address are considered to be peers under the LAN approach. However, organizations can specify which PCs should be considered peers by the Delivery Optimization service by specifying the "Group" mode. There's a nuance between the two Windows 10 versions, though, when using Group. Niehaus explained it in this way:
With Windows 10 1511, groupings are based on the AD domain and an optional group ID that you can set via policy. With Windows 10 1607, the groups are based on AD domain and AD site, and can also add in an optional group ID.
Organizations might want to use Group if they are spread out geographically. Group can be used to make the peer-to-peer sharing happen with local machines, Niehaus explained.
However, Niehaus recommended using the "Group ID" mode if an organization's Active Directory sites aren't defined according to a physical location or if an organization is using Windows 10 version 1511. That nuance wasn't mentioned in Microsoft's TechNet article.
Even though there are Group Policy options available to control the Delivery Optimization service, Microsoft contends that tapping other PCs outside a local network for Windows 10 updating purposes isn't a security risk.
"Delivery Optimization can't be used to download or send personal content," a Delivery Optimization FAQ claimed.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.