Notatka
Dostęp do tej strony wymaga autoryzacji. Może spróbować zalogować się lub zmienić katalogi.
Dostęp do tej strony wymaga autoryzacji. Możesz spróbować zmienić katalogi.
This article outlines key configuration considerations for optimizing Delivery Optimization (DO) in your environment. While Delivery Optimization has specific technical requirements, how those requirements are implemented depends on your organization’s infrastructure and business needs.
Delivery Optimization set up considerations
Use this checklist to guide your configuration decisions across key areas of Delivery Optimization.
Prerequisites to allow Delivery Optimization communication
Evaluate Delivery Optimization policies based on the following items:
- Network topology
- Organization size
- System resources
- Improve peer-to-peer (P2P) efficiencies
Using Microsoft Connected Cache
Choose where to set Delivery Optimization policies
1. Prerequisites to allow Delivery Optimization communication
Delivery Optimization (DO) is used to download Microsoft content from different sources (HTTP source, peers, and/or dedicated cache solution). It requires communication between the DO client and services to find the best and most reliable sources of content. For this technology to work, the DO client running on the Windows device must be able to reach the DO cloud service.
Find out more about the requirements for Firewall, Proxy, and Port settings to enable Delivery Optimization communication.
Firewall
Allow the following hostnames through your firewall to support Delivery Optimization communication:
For communication between clients and the Delivery Optimization cloud service:
*.prod.do.dsp.mp.microsoft.com
For Delivery Optimization metadata:
*.dl.delivery.mp.microsoft.com*.windowsupdate.com
For group peers across multiple NATs (Teredo):
win1910.ipv6.microsoft.com
For more information, see Endpoints for Delivery Optimization and Microsoft Connected Cache for a list of all content endpoints needed.
Proxy
Delivery Optimization supports proxy configurations; however, certain requirements must be met for P2P functionality and optimal performance. See Using a proxy with Delivery Optimization for detailed configuration guidance.
Ports
Delivery Optimization requires the following ports to be open for inbound and outbound traffic through your firewall.
| Port | Protocol | Function |
|---|---|---|
| 7680 | TCP/IP | Peer-to-peer content sharing between devices on the network. |
| 3544 | UDP | Teredo NAT traversal to discover and connect to peers across NATs. Required when using DownloadMode Group (2) or Internet (3). See the Teredo documentation for firewall configuration details. |
| 443 | HTTPS / TLS 1.2 | Communication between the Delivery Optimization client and cloud service for HTTPS content. |
| 67 | UDP | DHCP client — inbound responses for DHCP-based groups and/or cache server discovery. |
| 68 | UDP | DHCP client — outbound responses for DHCP-based groups and/or cache server discovery. |
Note
Port 7680 is automatically registered and opened by the Delivery Optimization service. If you block port 7680, peer-to-peer functionality is disabled. However, devices can still download content using HTTP over port 80 or HTTPS over port 443.
2. Evaluate Delivery Optimization policies
There are a range of Delivery Optimization settings available to meet the needs of your environment. To fully leverage Delivery Optimization, you should focus on key areas to determine the most suitable settings for your unique environment.
2a. Network topology
Peer groups can be defined in Delivery Optimization using a combination of settings such as DODownloadMode, DOGroupID, DOGroupIDSource, and DORestrictPeerSelection. The combination of settings used depends on your desired peer group(s) and your network topology.
Peering setup options
Delivery Optimization can use P2P to help improve bandwidth efficiencies. The section outlines the different options available to define peer groups for your environment.
Local area network (LAN)
To define a peer group limited to your LAN, choose DODownloadMode (1), LAN-mode. This download mode setting includes any devices that share the same public IP address when they connect to the Internet (behind the same NAT) in a single peer group.
Note
Consider using Group download mode and/or limiting peer selection to the subnet if your network topology is a Hub and Spoke.
Wide area network (WAN)
To achieve peer groups across NATs within the same site, over the WAN, or to have more control in your local environment, use download mode '2', Group-mode. Group download mode allows you to define a unique GUID Group ID or use existing logical groupings (for example, AD Site) in your enterprise with the DOGroupIDSource setting to identify a peer group.
GroupIDSource default behavior
There are several options for identifying your Group ID using the DOGroupIDSource. The default behavior, when the DOGroupID or DOGroupIDSource policies aren't set, is to determine the Group ID using AD Site (1), Authenticated domain SID (2), or Microsoft Entra tenant ID (5). Learn more about all DOGroupIDSource available options.
Note
If your peer group spans across NATs, the Teredo service is used on port 3544.
For Configuration Manager users, we recommend leveraging existing boundary groups to define the peer groups.
Restrict peer selection
If your environment requires a more granular approach, you can use the restrict peer discovery setting alongside the download mode to achieve more control. For example, if you have several different subnets behind the same NAT but want to limit your peer groups to a single subnet, choose DODownloadMode (1) and DORestrictPeerSelection (Subnet). This setting can be used with any of the peer-related download modes (1, 2, or 3).
Non-peering options
There are two valid download modes that don't use P2P functionality to deliver content; download modes (0) and (99). Download mode (0) uses additional metadata provided by the Delivery Optimization services for a peerless, reliable, and efficient download experience. Download mode (99) will provide a reliable download experience over HTTP from the download's original source or Microsoft, with no other checks.
Peering with VPN
By default, if Delivery Optimization detects a VPN, peering isn't used. To change this behavior, use the DOAllowVPNPeerCaching policy. The Delivery Optimization client looks in the network adapter's 'Description' and 'FriendlyName' strings to determine VPN usage. To allow greater flexibility for VPN identification, use the DOVpnKeywords to add descriptors for a particular VPN you use in your organization.
Note
The default keyword list is "VPN", "Secure", and "Virtual Private Network". For example, "MYVPN" matches the "VPN" keyword and would be detected as a VPN connection.
2b. Organization size
Delivery Optimization is designed to perform best in a large-scale environment with many devices. Depending on the size of the environment, you should evaluate the value of the DOMinFileSizeToCache to optimize peering.
Minimum file size to cache
Content peering has a limited number of slots available at any given time. By default, only content files that are 50 MB or larger can be used for peering. In an environment with more than 30 devices, change the DOMinFileSizeToCache to a lower value (10 MB), to have more content available for peering, which can be distributed among many devices. For an even larger number of devices (>100), you can raise this setting to (1 MB).
Mobile devices
By default, P2P capabilities aren't enabled for devices using a battery. If there are many mobile devices in your environment, consider enabling the DOMinBatteryPercentageAllowedToUpload policy to 60%, to use peering while on battery.
2c. System resources
There are some Delivery Optimization configurations that can make an impact when various system resources are available.
Disk size
Alter the minimum disk size (default is 32 GB) a device must have to use peering with the DOMinDiskSizeAllowedToPeer setting.
Optimize cache size
You can also manage the amount of space the Delivery Optimization cache uses with the following settings: DOMaxCacheSize (default is 20%) and DOAbsoluteMaxCacheSize (default isn't configured).
RAM size
Control the minimum amount of RAM (inclusive) allowed to use peer caching (default is 4 GB), with DOMinRAMAllowedToPeer.
Large number of devices with idle system resources
In an environment with devices that are plugged in and have ample free disk space try increasing the content expiration interval of DOMaxCacheAge to seven or more (up to 30 days). You can take advantage of these devices, using them as excellent upload sources to upload more content over a longer period.
2d. Improve P2P efficiency
Looking to improve P2P efficiency? Some of the most powerful settings you can change that could have a significant impact within your environment include:
Help optimize peer connection over HTTP connections using the DOMinBackgroundQoS policy. A good value for the DOMinBackgroundQoS policy is something lower than the average download speed seen in your network. For example, if your average speed is 1000 KB/s, set this policy to 500 KB/s.
Improve chances of downloading from peers and/or cache server by delaying the time DO attempts to make connections before falling back to the HTTP source. The set of delay-related policies include:
To improve efficiencies from peers or a dedicated cache server, a good starting point is 60 seconds for background settings and 30 seconds for foreground settings.
Note
Not all content types are eligible for P2P. Refer to the complete list to learn more.
Bandwidth throttling options
To protect network stability, regardless of P2P settings, consider these policies.
To manage network usage as a percentage or absolute value, use these policies:
- DOPercentageMaxBackgroundBandwidth
- DOPercentageMaxForegroundBandwidth
- DOMaxBackgroundDownloadBandwidth
- DOMaxForegroundDownloadBandwidth
To reduce disruptions by throttling differently at different times of day, use these policies:
Note
The absolute policies are recommended in low bandwidth environments.
3. Using Connected Cache
Note
When multiple Connected Cache servers are configured, the Delivery Optimization client connects to them in the order they appear in the list. If you’ve enabled delay settings for cache server fallback, the fallback-to-HTTP source delay applies to each new file download. This delay is not tied to any specific cache server.
- DOCacheHost is the list of cache host server names, separated with commas.
- DOCacheHostSource can be used to dynamically discover cache host servers on the network, using DHCP.
- DelayCacheServerFallbackBackground and DelayCacheServerFallbackForeground are the delay policies to help improve chances of pulling content from the network cache host servers. (See recommended values in Improve P2P efficiency section above).
- DODisallowCacheServerDownloadsOnVPN allows control of the cache host server to supply content, when device is on a VPN connection.
4. Choose where to set Delivery Optimization policies
Group Policies
Use Group Policy to manage Delivery Optimization settings here,
Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization
MDM Policies
Use MDM to manage Delivery Optimization settings here,
.Vendor/MSFT/Policy/Config/DeliveryOptimization/
Delivery Optimization is integrated with both Microsoft Endpoint Manager and Configuration Manager.
Summary of basic configuration recommendations
| Use case | Policy | Recommended value |
|---|---|---|
| Use P2P | DownloadMode | 1 or 2 |
| Don't use P2P | DownloadMode | 0 |
| Number of devices in the organization | MinFileSizeToCache | 1 MB for peer group > 100 devices |
| Idle system resources | MaxCacheAge | 7 days (604800 seconds) |
| Improve P2P efficiency | MinBackgroundQoS and DelayBackgroundDownloadFromHttp / DelayForegroundDownloadFromHttp | 500 KB/s and 60/30 seconds |
| Using Connected Cache | DelayCacheServerFallbackBackground / DelayCacheServerFallbackForeground | 60/30 seconds |
Enterprise using Intune
For a straightforward overview of configuring Delivery Optimization in Intune, check out this enterprise-focused guide with helpful recommendations.
Monitor Delivery Optimization
Whether you opt for the default Delivery Optimization configurations or tailor them to suit your environment, you want to track the outcomes to see how they improve your efficiency. The following options are available to monitor Delivery Optimization:
- On clients, review the activity monitor, which displays a breakdown of downloads by source, average speed, and upload stats for the current month
- Windows 11: Settings > Windows Update > Advanced Options > Delivery Optimization > Activity Monitor
- Windows 10: Settings > Update & Security > Delivery Optimization > Activity Monitor
- Windows Update for Business reports offers a Delivery Optimization report. For more information, see Monitor Delivery Optimization.
Troubleshoot Delivery Optimization
There could be many different reasons why Delivery Optimization isn't working in your environment. Learn more about the DO Troubleshooter and common problems and solutions to help improve the experience of using Delivery Optimization.
Test Delivery Optimization
Learn more about guidance on basic testing scenarios to see how Delivery Optimization works.