Hello everyone! I´m Stefan Röll, Cloud Solution Architect at Microsoft Germany for Intune and Microsoft Configuration Manager. In the past weeks, I got a lot of questions from customers around the recently released Unified Update Platform (UUP). In this Blog I want to cover some of them.
The challenge with large updates
UUP Updates are a big step forward for on-prem environments that want to leverage features, which were previously reserved for online environments. However, every cumulative update (CU) is now about 10GB in size which might be a challenge to handle for slow connected systems. However, Microsoft Configuration Manager (ConfigMgr) uses clever technologies to limit the impact on the backend side.
Do I have to download 10GB every month to my source location?
When you have successfully downloaded the first UUP update, you might wonder if you must download 10 GB every month to your source directory:
At a first glance it looks like it, but if you look closely at the PatchDownloader.log (normally stored in the %temp% folder), you can see that the downloader tries to create hard links:
That means all the files that stay the same every month don´t need additional space at your source location nor will they be downloaded.
This scenario only works if the files will be downloaded to the same share as the previous updates.
If the files are found on a different share, they will take up additional space, but will not be downloaded from the internet, but instead copied over locally.
It´s hard to catch hard links. In the screenshot below it looks like the updates from March and April take up 18.5 GB of space on the hard disk T:
However, in this test these are the only files stored on this drive. Therefore, we can see the used space in the properties of the drive:
Another way to verify that hard links are being used is fsutil:
Do we have to distribute 10GB to all DPs monthly?
The next question that easily comes up is if you have distribute 10 GB to all your Distribution Points (DPs) every month.
But, since ConfigMgr 2012 it uses a single instance store better known as the Content Library (ContentLib). It will only store a single instance of each file in it. As the largest files of UUP updates stay the same every month, there is no need for big data transfers every month.
But let´s have a closer look. I´ve downloaded the March and the April UUP Updates into separate deployment packages:
It looks like this in the content source:
To make things a little easier, we will focus on the largest file. This file has the same hash value in both packages:
Using the first four letters, we can find it in the ContentLib – only one time:
If we transfer only the Win-03 Package from the Primary Site to a DP, we can see that the file in question is getting transferred:
Once completed, we can distribute the Win11-04 deployment package. It will complete quickly, and the file did not transfer again:
To further prove the behaviour, I´ve captured a Wireshark trace on the DP while transferring the Win11-03 package:
And while transferring the Win11-04 package:
So you don´t need to worry about the monthly traffic from your Primary Site to DPs or Pull DPs.
However, one challenge could be if a deployment package gets into a failed state for whatever reason. If that happens you have to distribute the complete 10 GB content to your DP. Unfortunately, there is no supported way to get around this behavior.
What about Site-to-Site traffic?
If you have a Central Administration Site (CAS) and one or more Primary Sites, which you should only have if you must manage more than 150k clients, content is not transferred with the Package Transfer Manager.
It is transferred via Site-to-Site traffic and here the single instance store is not used in every scenario.
If you add for example the April CU to the same package as the March CU, only the delta will be transferred:
However, if you create a new package for the April CU, all content will be transferred:
Do we need to open port 8005?
In the Ports used for connections documentation you can find the port 8005 for Distribution Points. This port was required for express updates but is not required for UUP Updates on the Distribution Point side.
On the client side you don't have to open the port in the client firewall. However, if a local third-party software uses the port 8005, you might have to change it in the client settings.
Is the download on the Client side optimized by peer-to-peer technology from Delivery Optimization?
When the Client downloads an UUP update, it is downloaded by the Delivery Optimization downloader and not BITS.
When the UUP update is available and downloaded from your Distribution Points, then peer-to-peer technology is not used. You can check this by running Get-DeliveryOptimizationStatus, after the download of an update.
However, if the update is not available on a DP it will be downloaded from the internet, if you allowed it in the deployment. If that´s the case, Delivery Optimizations peer-to-peer technology will be used:
Is the download on the Client side optimized by peer-to-peer technology from BranchCache?
When the Client downloads an UUP update, it is downloaded by the Delivery Optimization downloader and not BITS. Therefore, BranchCache is not used when downloading UUP updates.
If you want to find out more about the difference between DO and BITS, check out my previous Blog.
Do I need to enable ‘Allow clients to download delta content when available’ in the Client settings?
UUP Updates are downloaded with the ‘download delta content' method. When you are on ConfigMgr 2203 and above, there is no need to enable this setting.
If the setting is disabled, only UUP Updates will be downloaded over this method. All other updates will download as usual over BITS.
However, if you enable it, all updates will be downloaded over this method.
Have a look at the links below to get even more information about UUP Updates.
Cloud Solution Architect – Microsoft Germany
Helpful resources and references:
Unified update platform (UUP) FAQ's
Optimize Windows 10 or later update delivery with Configuration Manager
Allow clients to download delta content when available
Get ready for the first UUP on premises updates coming in March!
What's UUP? New update style coming next week!
What is Delivery Optimization?
FAQ: WSUS and Unified Update Platform (UUP) on premises
Modern Content Distribution: Microsoft Endpoint Manager and Connected Cache
The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.