Fundamental concepts for content management in Configuration Manager
Applies to: Configuration Manager (current branch)
Configuration Manager supports a robust system of tools and options to manage software content. Software deployments such as applications, packages, software updates, and OS deployments all need content. Configuration Manager stores the content on both site servers and distribution points. This content requires a large amount of network bandwidth when it's being transferred between locations. To plan and use the content management infrastructure effectively, first understand the available options and configurations. Then consider how to use them to best fit your networking environment and content deployment needs.
For more information about the content distribution process and to find help in diagnosing and resolving general content distribution problems, see Understanding and Troubleshooting Content Distribution in Microsoft Configuration Manager.
The following sections are key concepts for content management. When a concept requires additional or complex information, links are provided to direct you to those details.
Accounts used for content management
The following accounts can be used with content management:
Network access account
Used by clients to connect to a distribution point and access content. By default, the computer account is tried first.
This account is also used by pull-distribution points to download content from a source distribution point in a remote forest.
Starting in version 1806, some scenarios no longer require a network access account. You can enable the site to use Enhanced HTTP with Azure Active Directory authentication.
For more information, see Network access account.
Package access account
By default, Configuration Manager grants access to content on a distribution point to the generic access accounts Users and Administrators. However, you can configure additional permissions to restrict access.
For more information, see Package access account.
Bandwidth throttling and scheduling
Both throttling and scheduling are options that help you control when content is distributed from a site server to distribution points. These capabilities are similar to, but not directly related to bandwidth controls for site-to-site file-based replication.
For more information, see Manage network bandwidth.
Binary differential replication
Configuration Manager uses binary differential replication (BDR) to update content that you previously distributed to other sites or to remote distribution points. To support BDR's reduction of bandwidth usage, install the Remote Differential Compression feature on distribution points. For more information, see Distribution point prerequisites.
BDR minimizes the network bandwidth used to send updates for distributed content. It resends only the new or changed content instead of sending the entire set of content source files each time you change those files.
When BDR is used, Configuration Manager identifies the changes that occur to source files for each set of content that you previously distributed.
When files in the source content change, the site creates a new incremental version of the content. It then replicates only the changed files to destination sites and distribution points. A file is considered changed if you renamed or moved it, or if you changed the contents of the file. For example, if you replace a single driver file for a driver package that you previously distributed to several sites, only the changed driver file is replicated.
Configuration Manager supports up to five incremental versions of a content set before it resends the entire content set. After the fifth update, the next change to the content set causes the site to create a new version of the content set. Configuration Manager then distributes the new version of the content set to replace the previous set and any of its incremental versions. After the new content set is distributed, later incremental changes to the source files are again replicated by BDR.
BDR is supported between each parent and child site in a hierarchy. BDR is supported within a site between the site server and its regular distribution points. However, pull-distribution points and cloud distribution points don't support BDR to transfer content. Pull-distribution points support file-level deltas, transferring new files, but not blocks within a file.
Applications always use binary differential replication. BDR is optional for packages and isn't enabled by default. To use BDR for packages, enable this functionality for each package. Select the option Enable binary differential replication when you create or edit a package.
BDR or delta replication
The following lists summarize the differences between binary differential replication (BDR) and delta replication.
Summary of binary differential replication
- Configuration Manager's term for Windows Remote Differential Compression
- Block-level differences
- Always enabled for apps
- Optional on legacy packages
- If a file already exists on the distribution point, and there's a change, the site uses BDR to replicate the block-level change instead of the entire file.
Summary of delta replication
- File-level differences
- On by default, not configurable
- When a package changes, the site checks for changes to the individual files instead of the entire package.
- If a file changes, use BDR to do the work
- If there's a new file, copy the new file
Peer caching technologies
Configuration Manager supports several options for managing content between peer devices on the same network:
Use the following table to compare major features of these technologies:
|Feature||Peer cache||Delivery Optimization||BranchCache|
|Throttle bandwidth||Yes (BITS)||Yes (native)||Yes (BITS)|
|Control cache size on disk||Yes||Yes||Yes|
|Peer source discovery||Manual (client setting)||Automatic||Automatic|
|Peer discovery||Via management point using boundary groups||DO cloud service||Broadcast|
|Reporting||Client data sources dashboard||Client data sources dashboard||Client data sources dashboard|
|WAN usage control||Boundary groups||DO GroupID||Subnet only|
|Supported content||All ConfigMgr content||Windows updates, drivers, store apps||All ConfigMgr content|
|Policy control||Client agent settings||Client agent settings (partial)||Client agent settings|
Modern management: If you're already using modern tools such as Intune, implement Delivery Optimization
Configuration Manager and co-management: Use a combination of peer cache and Delivery Optimization. Use peer cache with on-premises distribution points, and use Delivery Optimization for cloud scenarios.
Existing BranchCache implemented: Use all three technologies in parallel. Use peer cache and Delivery Optimization for scenarios that aren't supported by BranchCache.
BranchCache is a Windows technology. Clients that support BranchCache, and have downloaded a deployment that you configure for BranchCache, then serve as a content source to other BranchCache-enabled clients.
For example, you have a distribution point that runs Windows Server 2012 or later, and is configured as a BranchCache server. When the first BranchCache-enabled client requests content from this server, the client downloads that content and caches it.
- That client then makes the content available for additional BranchCache-enabled clients on the same subnet that also cache the content.
- Other clients on the same subnet don't have to download content from the distribution point.
- The content is distributed across multiple clients for future transfers.
For more information, see Support for Windows BranchCache.
You use Configuration Manager boundary groups to define and regulate content distribution across your corporate network and to remote offices. Windows Delivery Optimization is a cloud-based, peer-to-peer technology to share content between Windows 10 devices. Configure Delivery Optimization to use your boundary groups when sharing content among peers. Client settings apply the boundary group identifier as the Delivery Optimization group identifier on the client. When the client communicates with the Delivery Optimization cloud service, it uses this identifier to locate peers with the content. For more information, see delivery optimization client settings.
Delivery Optimization is the recommended technology to optimize Windows 10 update delivery of express installation files for Windows 10 quality updates.
Microsoft Connected Cache
Starting in version 1906, you can install a Microsoft Connected Cache server on your distribution points. By caching this content on-premises, your clients can benefit from the Delivery Optimization feature, but you can help to protect WAN links.
Starting in version 1910, this feature is now called Microsoft Connected Cache. It was previously known as Delivery Optimization In-Network Cache (DOINC).
This cache server acts as an on-demand transparent cache for content downloaded by Delivery Optimization. Use client settings to make sure this server is offered only to the members of the local Configuration Manager boundary group.
This cache is separate from Configuration Manager's distribution point content. If you choose the same drive as the distribution point role, it stores content separately.
For more information, see Microsoft Connected Cache in Configuration Manager.
Client peer cache helps you manage deployment of content to clients in remote locations. Peer cache is a built-in Configuration Manager solution that enables clients to share content with other clients directly from their local cache.
First deploy client settings that enable peer cache to a collection. Then members of that collection can act as a peer content source for other clients in the same boundary group.
Starting in version 1806, client peer cache sources can divide content into parts. These parts minimize the network transfer to reduce WAN utilization. The management point provides more detailed tracking of the content parts. It tries to eliminate more than one download of the same content per boundary group.
For more information, see Peer cache for Configuration Manager clients.
Windows PE peer cache
When you deploy a new OS with Configuration Manager, computers that run the task sequence can use Windows PE peer cache. They download content from a peer cache source instead of from a distribution point. This behavior helps minimize WAN traffic in branch office scenarios where there's no local distribution point.
For more information, see Windows PE peer cache.
Windows Low Extra Delay Background Transport (LEDBAT) is a network congestion control feature of Windows Server to help manage background network transfers. For distribution points running on supported versions of Windows Server, enable an option to help adjust network traffic. Then clients only use network bandwidth when it's available.
For more information on Windows LEDBAT in general, see the New transport advancements blog post.
For more information on how to use Windows LEDBAT with Configuration Manager distribution points, see the setting to Adjust the download speed to use the unused network bandwidth (Windows LEDBAT) when you Configure the general settings of a distribution point.
The following are locations that clients access content from:
Distribution points can use HTTP or HTTPs.
Only use a cloud distribution point for fallback when on-premises distribution points aren't available.
Requires internet-facing distribution points to accept HTTPS.
Can use a cloud distribution point or cloud management gateway (CMG).
Starting in version 1806, a CMG can also serve content to clients. This functionality reduces the required certificates and cost of Azure VMs. For more information, see Modify a CMG.
Requires distribution points to accept HTTPS.
Can use a cloud distribution point or CMG.
Content source priority
When a client needs content, it makes a content location request to the management point. The management point returns a list of source locations that are valid for the requested content. This list varies depending upon the specific scenario, technologies in use, site design, boundary groups, and deployment settings. The following list contains all of the possible content source locations that a client can use, in the order in which it prioritizes them:
- The distribution point on the same computer as the client
- A peer source in the same network subnet
- A distribution point in the same network subnet
- A peer source in the same boundary group
- A distribution point in the current boundary group
- A distribution point in a neighbor boundary group configured for fallback
- A distribution point in the default site boundary group
- The Windows Update cloud service
- An internet-facing distribution point
- A cloud distribution point in Azure
NoteDelivery Optimization isn't applicable to this source prioritization. This list is how the Configuration Manager client finds content. The Windows Update Agent downloads content for Delivery Optimization. If the Windows Update Agent can't find the content, then the Configuration Manager client uses this list to search for it.
The content library is the single-instance store of content in Configuration Manager. This library reduces the overall size of content that you distribute.
- Learn more about the content library.
- Use the content library cleanup tool to remove content that is no longer associated with an application.
Configuration Manager uses distribution points to store files that are required for software to run on client computers. Clients must have access to at least one distribution point from which they can download the files for content that you deploy.
The basic (non-specialized) distribution point is commonly referred to as a standard distribution point. There are two variations on the standard distribution point that receive special attention:
Pull-distribution point: A variation of a distribution point where the distribution point obtains content from another distribution point (a source distribution point). This process is similar to how clients download content from distribution points. Pull-distribution points can help you avoid network bandwidth bottlenecks that occur when the site server must directly distribute content to each distribution point. Use a pull-distribution point.
Cloud distribution point: A variation of a distribution point that's installed on Microsoft Azure. Learn how to use a cloud distribution point.
Standard distribution points support a range of configurations and features:
Use controls such as schedules or bandwidth throttling to help control this transfer.
Use other options, including prestaged content, and pull-distribution points to minimize and control network consumption.
BranchCache, peer cache, and Delivery Optimization are peer-to-peer technologies to reduce the network bandwidth that's used when you deploy content.
Options for mobile devices
Cloud and pull distribution points support many of these same configurations, but have limitations that are specific to each distribution point variation.
Distribution point groups
Distribution point groups are logical groupings of distribution points that can simplify content distribution.
For more information, see Manage distribution point groups.
Distribution point priority
The distribution point priority value is based on how long it took to transfer previous deployments to that distribution point.
This value is self-tuning. It's set on each distribution point to help Configuration Manager more quickly transfer content to more distribution points.
When you distribute content to multiple distributions points at the same time, or to a distribution point group, the site first sends the content to the server with the highest priority. Then it sends that same content to a distribution point with a lower priority.
Distribution point priority doesn't replace the distribution priority for packages. Package priority remains the deciding factor of when the site sends different content.
For example, you have a package that has a high package priority. You distribute it to a server with a low distribution point priority. This high priority package always transfers before a package that has a lower priority. The package priority applies even if the site distributes lower priority packages to servers with higher distribution point priorities.
The high priority of the package ensures that Configuration Manager distributes that content to distribution points before it sends any packages with a lower priority.
Pull-distribution points also use a concept of priority to order the sequence of their source distribution points.
- The distribution point priority for content transfers to the server is distinct from the priority that pull-distribution points use. Pull-distribution points use their priority when they search for content from a source distribution point.
- For more information, see Use a pull-distribution point.
Several things have changed with Configuration Manager current branch in the way that clients find a distribution point that has content, including fallback.
Clients that can't find content from a distribution point that's associated with their current boundary group fall back to use content source locations associated with neighbor boundary groups. To be used for fallback, a neighbor boundary group must have a defined relationship with the client’s current boundary group. This relationship includes a configured time that must pass before a client that can't find content locally includes content sources from the neighbor boundary group as part of its search.
The concepts of preferred distribution points are no longer used, and settings for Allow fallback source locations for content are no longer available or enforced.
For more information, see Boundary groups.
To help manage the amount of network bandwidth that's used when you distribute content, you can use the following options:
Prestaged content: Transferring content to a distribution point without distributing the content across the network.
Scheduling and throttling: Configurations that help you control when and how content is distributed to distribution points.
For more information, see Manage network bandwidth.
Network connection speed to content source
Several things have changed with Configuration Manager current branch in the way that clients find a distribution point that has content. These changes include the network speed to a content source.
Network connection speeds that define a distribution point as Fast or Slow are no longer used. Instead, each site system that's associated with a boundary group is treated the same.
For more information, see Boundary groups.
On-demand content distribution
On-demand content distribution is an option for individual application and package deployments. This option enables on-demand content distribution to preferred servers.
To enable this setting for a deployment, enable: Distribute the content for this package to preferred distribution points.
When you enable this option for a deployment, and a client requests that content but the content isn't available on any of the client's preferred distribution points, Configuration Manager automatically distributes that content to the client's preferred distribution points.
Although this triggers Configuration Manager to automatically distribute the content to that client's preferred distribution points, the client might obtain that content from other distribution points before the preferred distribution points for the client receive the deployment. When this behavior occurs, the content will then be present on that distribution point for use by the next client that seeks that deployment.
For more information, see Boundary groups.
Package transfer manager
Package transfer manager is the site server component that transfers content to distribution points on other computers.
For more information, see Package transfer manager.
Prestaging content is a process of transferring content to a distribution point without distributing the content across the network.
For more information, see Manage network bandwidth.