Szerkesztés

Megosztás a következőn keresztül:


Configure Delivery Optimization (DO) for Windows

This article describes the different configuration considerations to optimize Delivery Optimization (DO) in your environment.

Delivery Optimization set up considerations

Use this checklist to guide you through different aspects when modifying Delivery Optimization configurations for your environment.

  1. Prerequisites to allow Delivery Optimization communication

  2. Evaluate Delivery Optimization policies based on the following items:

    • Network topology
    • Organization size
    • System resources
    • Improve P2P efficiencies
  3. Using Microsoft Connected Cache

  4. Choose where to set Delivery Optimization policies

1. Prerequisites to allow Delivery Optimization communication

Screenshot of the considerations to allow Delivery Optimization communication.

Delivery Optimization (DO) is used to download Microsoft content from different sources (HTTP source, peers, and/or dedicated cache solution). It requires communication between the DO client and services to find the best and most reliable sources of content. For this technology to work, the DO client running on the Windows device must be able to reach the DO cloud service.

Find out more about the requirements for Firewall, Proxy, and Port settings to enable Delivery Optimization communication.

Firewall

There are service endpoints that you need to permit through your Firewall to communicate with the Delivery Optimization service. Check the full list of endpoints to permit.

Proxy

To allow peer-to-peer (P2P) to work properly, you need to allow direct calls to the Delivery Optimization service from your devices. When using a proxy, you want to bypass calls from the Delivery Optimization service (*.prod.do.dsp.mp.microsoft.com).

Local proxy

For downloads from HTTP sources, Delivery Optimization can use the automatic proxy discovery capability of WinHttp to handle communication with the proxy server. It's important to know that Delivery Optimization uses byte range requests, so you'll want to make sure your proxy allows this capability. Learn more about using Delivery Optimization with a proxy server.

Cloud proxy

If you're using a cloud proxy, the calls to the DO service are funneled through your cloud proxy and the public IP address of the devices is altered, preventing P2P from working properly. To avoid any issues, you should configure it to allow Delivery Optimization traffic to bypass the proxy. Otherwise, you may experience reduced performance and increased bandwidth consumption.

Ports

Delivery Optimization requires the use of certain ports to deliver content. Make sure all the required ports are open to make Delivery Optimization work seamlessly.

Port Protocol Function
7680 TCP/IP Listen for P2P using TCP/IP
3544 UDP Use Teredo to discover and connect to peers across NATs. For more information, see the Teredo documentation.
443 HTTPS / TLS 1.2 Use to communicate Delivery Optimization client and service

2. Evaluate Delivery Optimization policies

There are a range of Delivery Optimization settings available to meet the needs of your environment. To fully leverage Delivery Optimization, you should focus on key areas to determine the most suitable settings for your unique environment.

2a. Network topology

Screenshot of Delivery Optimization network topology considerations.

Peer groups can be defined in Delivery Optimization using a combination of settings such as DODownloadMode, DOGroupID, DOGroupIDSource, and DORestrictPeerSelection. The combination of settings used depends on your desired peer group(s) and your network topology.

Peering setup options

Delivery Optimization can use P2P to help improve bandwidth efficiencies. The section outlines the different options available to define peer groups for your environment.

Local area network (LAN)

To define a peer group limited to your LAN, choose DODownloadMode (1), LAN-mode. This download mode setting includes any devices that share the same public IP address when they connect to the Internet (behind the same NAT) in a single peer group.

Note

Consider using Group download mode and/or limiting peer selection to the subnet if your network topology is a Hub and Spoke.

Wide area network (WAN)

To achieve peer groups across NATs within the same site, over the WAN, or to have more control in your local environment, use download mode '2', Group-mode. Group download mode allows you to define a unique GUID Group ID or use existing logical groupings (for example, AD Site) in your enterprise with the DOGroupIDSource setting to identify a peer group.

GroupIDSource default behavior

There are several options for identifying your Group ID using the DOGroupIDSource. The default behavior, when the DOGroupID or DOGroupIDSource policies aren't set, is to determine the Group ID using AD Site (1), Authenticated domain SID (2), or Microsoft Entra tenant ID (5). Learn more about all DOGroupIDSource available options.

Note

If your peer group spans across NATs, the Teredo service will be used on port 3544.

For Configuration Manager users, we recommend leveraging existing boundary groups to define the peer groups.

Restrict peer selection

If your environment requires a more granular approach, you can use the restrict peer discovery setting alongside the download mode to achieve more control. For example, if you have several different subnets behind the same NAT but want to limit your peer groups to a single subnet, choose DODownloadMode (1) and DORestrictPeerSelection (Subnet). This setting can be used with any of the peer-related download modes (1, 2, or 3).

Nonpeering options

There are two valid download modes that don't use P2P functionality to deliver content; download modes (0) and (99). Download mode (0) uses additional metadata provided by the Delivery Optimization services for a peerless, reliable, and efficient download experience. Download mode (99) will provide a reliable download experience over HTTP from the download's original source or Microsoft, with no other checks.

Peering with VPN

By default, if Delivery Optimization detects a VPN, peering isn't used. To change this behavior, use the DOAllowVPNPeerCaching policy. The Delivery Optimization client looks in the network adapter's 'Description' and 'FriendlyName' strings to determine VPN usage. To allow greater flexibility for VPN identification, use the DOVpnKeywords to add descriptors for a particular VPN you use in your organization.

Note

The default keyword list is "VPN", "Secure", and "Virtual Private Network". For example, "MYVPN" matches the "VPN" keyword and would be detected as a VPN connection.

2b. Organization size

Screenshot of optimizing P2P usage for your organization.

Delivery Optimization is designed to perform best in a large-scale environment with many devices. Depending on the size of the environment, you should evaluate the value of the DOMinFileSizeToCache to optimize peering.

Minimum file size to cache

Content peering has a limited number of slots available at any given time. By default, only content files that are 50 MB or larger can be used for peering. In an environment with more than 30 devices, change the DOMinFileSizeToCache to a lower value (10 MB), to have more content available for peering, which can be distributed among many devices. For an even larger number of devices (>100), you can raise this setting to (1 MB).

Mobile devices

By default, P2P capabilities aren't enabled for devices using a battery. If there are many mobile devices in your environment, consider enabling the DOMinBatteryPercentageAllowedToUpload policy to 60%, to use peering while on battery.

2c. System resources

Screenshot of Delivery Optimization system resources considerations.

There are some Delivery Optimization configurations that can make an impact when various system resources are available.

Disk size

Alter the minimum disk size (default is 32 GB) a device must have to use peering with the DOMinDiskSizeAllowedToPeer setting.

Optimize cache size

You can also manage the amount of space the Delivery Optimization cache uses with the following settings: DOMaxCacheSize (default is 20%) and DOAbsoluteMaxCacheSize (default isn't configured).

RAM size

Control the minimum amount of RAM (inclusive) allowed to use peer caching (default is 4 GB), with DOMinRAMAllowedToPeer.

Large number of devices with idle system resources

In an environment with devices that are plugged in and have ample free disk space try increasing the content expiration interval of DOMaxCacheAge to seven or more (up to 30 days). You can take advantage of these devices, using them as excellent upload sources to upload more content over a longer period.

2d. Improve P2P efficiency

Screenshot of Delivery Optimization improve efficiency considerations.

Looking to improve P2P efficiency? Some of the most powerful settings you can change that could have a significant impact within your environment include:

  • Help optimize peer connection over HTTP connections using the DOMinBackgroundQoS policy. A good value for the DOMinBackgroundQoS policy is something lower than the average download speed seen in your network. For example, if your average speed is 1000 KB/s, set this policy to 500 KB/s.

  • Improve chances of downloading from peers and/or cache server by delaying the time DO attempts to make connections before falling back to the HTTP source. The set of delay-related policies include:

    To improve efficiencies from peers or a dedicated cache server, a good starting point is 60 seconds for background settings and 30 seconds for foreground settings.

Note

Not all content types are eligible for P2P. Refer to the complete list to learn more.

Bandwidth throttling options

Regardless of P2P, consider setting the following policies to avoid network disruption.

Note

The absolute policies are recommended in low bandwidth environments.

3. Using Connected Cache

Screenshot of Delivery Optimization options when using Connected Cache.

4. Choose where to set Delivery Optimization policies

Screenshot of different product areas where you find Delivery Optimization.

Group Policies

Use Group Policy to manage Delivery Optimization settings here,

Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization

MDM Policies

Use MDM to manage Delivery Optimization settings here,

.Vendor/MSFT/Policy/Config/DeliveryOptimization/

Delivery Optimization is integrated with both Microsoft Endpoint Manager and Configuration Manager.

Summary of basic configuration recommendations

Use case Policy Recommended value
Use P2P DownloadMode 1 or 2
Don't use P2P DownloadMode 0
Number of devices in the organization MinFileSizeToCache 1 MB for peer group > 100 devices
Idle system resources MaxCacheAge 7 days (604800 seconds)
Improve P2P efficiency MinBackgroundQoS and DelayBackgroundDownloadFromHttp / DelayForegroundDownloadFromHttp 500 KB/s and 60/30 seconds
Using Connected Cache? DelayCacheServerFallbackBackground / DelayCacheServerFallbackForeground 60/30 seconds

Monitor Delivery Optimization

Whether you opt for the default Delivery Optimization configurations or tailor them to suit your environment, you'll want to track the outcomes to see how they improve your efficiency. Learn more about the monitoring options for Delivery Optimization.

Troubleshoot Delivery Optimization

There could be many different reasons why Delivery Optimization isn't working in your environment. Learn more about the DO Troubleshooter and common problems and solutions to help improve the experience of using Delivery Optimization.

Test Delivery Optimization

Learn more about guidance on basic testing scenarios to see how Delivery Optimization works.