Unified Update Platform with ConfigMgr – Questions from the Field

Hello everyone! I´m Stefan Röll, Cloud Solution Architect at Microsoft Germany for Intune and Microsoft Configuration Manager. In the past weeks, I got a lot of questions from customers around the recently released Unified Update Platform (UUP). In this Blog I want to cover some of them.

The challenge with large updates

UUP Updates are a big step forward for on-prem environments that want to leverage features, which were previously reserved for online environments. However, every cumulative update (CU) is now about 10GB in size which might be a challenge to handle for slow connected systems. However, Microsoft Configuration Manager (ConfigMgr) uses clever technologies to limit the impact on the backend side.

image1.png

Do I have to download 10GB every month to my source location?

When you have successfully downloaded the first UUP update, you might wonder if you must download 10 GB every month to your source directory:

image2.png

At a first glance it looks like it, but if you look closely at the PatchDownloader.log (normally stored in the %temp% folder), you can see that the downloader tries to create hard links:

image3.png

That means all the files that stay the same every month don´t need additional space at your source location nor will they be downloaded.

This scenario only works if the files will be downloaded to the same share as the previous updates.

If the files are found on a different share, they will take up additional space, but will not be downloaded from the internet, but instead copied over locally.

It´s hard to catch hard links. In the screenshot below it looks like the updates from March and April take up 18.5 GB of space on the hard disk T:

image4.png

However, in this test these are the only files stored on this drive. Therefore, we can see the used space in the properties of the drive:

image5.png

Another way to verify that hard links are being used is fsutil:

image6.png

Do we have to distribute 10GB to all DPs monthly?

The next question that easily comes up is if you have distribute 10 GB to all your Distribution Points (DPs) every month.

But, since ConfigMgr 2012 it uses a single instance store better known as the Content Library (ContentLib). It will only store a single instance of each file in it. As the largest files of UUP updates stay the same every month, there is no need for transfers every month.

But let´s have a closer look. I´ve downloaded the March and the April UUP Updates into separate deployment packages:

image7.png

It looks like this in the content source:

image8.png

To make things a little easier, we will focus on the largest file. This file has the same hash value in both packages:

BCEFB8987E4368CC43DF40D0D2F73B9AB6404AF5FC1F6E0D4B451D15E3DA5A13

image9.png

Using the first four letters, we can find it in the ContentLib – only one time:

image10.png

If we transfer only the Win-03 Package from the Primary Site to a DP, we can see that the file in question is getting transferred:

image11.png

Once completed, we can distribute the Win11-04 deployment package. It will complete quickly, and the file did not transfer again:

image12.png

To further prove the behaviour, I´ve captured a Wireshark trace on the DP while transferring the Win11-03 package:

image13.png

And while transferring the Win11-04 package:

image14.png

So you don´t need to worry about the monthly traffic from your Primary Site to DPs or Pull DPs.

However, one challenge could be if a deployment package gets into a failed state for whatever reason. If that happens you have to distribute the complete 10 GB content to your DP. Unfortunately, there is no supported way to get around this behavior.

What about Site-to-Site traffic?

If you have a Central Administration Site (CAS) and one or more Primary Sites, which you should only have if you must manage more than 150k clients, content is not transferred with the Package Transfer Manager.

It is transferred via Site-to-Site traffic and here the single instance store is not used in every scenario.

If you add for example the April CU to the same package as the March CU, only the delta will be transferred:

image15.png

However, if you create a new package for the April CU, all content will be transferred:

image16.png

Do we need to open port 8005?

In the Ports used for connections documentation you can find the port 8005 for Distribution Points. This port was required for express updates but is not required for UUP Updates on the Distribution Point side.

On the client side you don't have to open the port in the client firewall. However, if a local third-party software uses the port 8005, you might have to change it in the client settings.

Is the download on the Client side optimized by peer-to-peer technology from Delivery Optimization?

When the Client downloads an UUP update, it is downloaded by the Delivery Optimization downloader and not BITS.

When the UUP update is available and downloaded from your Distribution Points, then peer-to-peer technology is not used. You can check this by running Get-DeliveryOptimizationStatus, after the download of an update.

image17.png

However, if the update is not available on a DP it will be downloaded from the internet, if you allowed it in the deployment. If that´s the case, Delivery Optimizations peer-to-peer technology will be used:

image18.png

Is the download on the Client side optimized by peer-to-peer technology from BranchCache?

When the Client downloads an UUP update, it is downloaded by the Delivery Optimization downloader and not BITS. Therefore, BranchCache is not used when downloading UUP updates.

If you want to find out more about the difference between DO and BITS, check out my previous Blog.

Do I need to enable ‘Allow clients to download delta content when available' in the Client settings?

UUP Updates are downloaded with the ‘download delta content' method. When you are on ConfigMgr 2203 and above, there is no need to enable this setting.

If the setting is disabled, only UUP Updates will be downloaded over this method. All other updates will download as usual over BITS.

However, if you enable it, all updates will be downloaded over this method.

image19.jpeg

Next steps

Have a look at the links below to get even more information about UUP Updates.

Stefan Röll

Cloud Solution Architect – Microsoft Germany

Helpful resources and references:

Unified update platform (UUP) FAQ's

https://techcommunity.microsoft.com/t5/configuration-manager-blog/unified-update-platform-uup-faq-s/ba-p/3808697

Optimize Windows 10 or later update delivery with Configuration Manager

https://learn.microsoft.com/en-us/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery

Allow clients to download delta content when available

https://learn.microsoft.com/en-us/mem/configmgr/core/clients/deploy/about-client-settings#allow-clients-to-download-delta-content-when-available

Get ready for the first UUP on premises updates coming in March!

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-ready-for-the-first-uup-on-premises-updates-coming-in-march/ba-p/3738461

What's UUP? New update style coming next week!

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-uup-new-update-style-coming-next-week/ba-p/3773065

What is Delivery Optimization?

https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization

FAQ: WSUS and Unified Update Platform (UUP) on premises

https://techcommunity.microsoft.com/t5/windows-servicing/faq-wsus-and-unified-update-platform-uup-on-premises/m-p/3773235

Modern Content Distribution: Microsoft Endpoint Manager and Connected Cache

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/modern-content-distribution-microsoft-endpoint-manager-and/ba-p/1148669

Disclaimer:
The sample are not supported under any Microsoft standard support program or service. The sample are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.

 

This article was originally published by Microsoft's PowerShell Blog. You can find the original article here.