Windows Updates a Caching Stub zone

Windows Updates a Caching Stub zone

The issue!

Like any story and issue there are couple sides which are touching the subject. One is pulling strings to his side while the other to his. They both think that they are right and in many cases they do. Specifically in Computer Science there is an option to find a solution that will satisfy couple sides of the picture without harming the other while in the real and material world some things cannot be resolved in a similar way.

Microsoft Side of the picture

Microsoft is a huge company which supplies Desktops, Servers, Mobile and other IT platforms solutions. Their services are global and else then the development of the software they provide security and enhancement updates to their clients. Microsoft is committed to allow their clients fast and reliable updates submission\transfer.

Microsoft spreads updates for a very long time using the Internet but since their software is complex  sometimes they are required to spread a huge(in size) and urgent updates. Due to the fact that the world of IT is as wide as the sea, Microsoft uses CDN suppliers these days to spread their software and updates to their clients. But it’s not enough since in local networks the download of updates from a CDN over the Internet can be reduced into the local network using either a local centralized updates service or using some local Peer2Peer file transfer.

WSUS, why admin do not use it?

In many networks of above 10 Desktops there is a local server which can be used to spread Microsoft Windows updates and still in many cases it’s the right solution and it’s a weird situation that many admins prefer to try other solutions rather that what they were given to use.

Network Admins side of the picture

From a network admins perspective of things when Microsoft spreads a huge update to their client it can cause a Torrent(not the P2P one) of high network utilization. And since the network lines needs to be available to a more urgent things which are mandatory . They need to somehow Police the traffic in a way that windows updates traffic will not harm other clients.

Small Networks Admins

Small office networks that has 4 Desktops and 1 Server in most cases are not in real trouble unless there is a use of some kind of Web or Cloud service which huge Microsoft Updates will might cause issues with.

For Small and Medium size offices with more then 20 Desktops the situation is that Microsoft Updates repeated download can be prevented or managed in a way that will not cause issues to regular network traffic either by the local System Administrator or using Network level QOS. But when there is no System Administrator or there is some kind of combined job for couple areas, it can be easier to implement a more simple updates solution in the “network” level rather then in a System level.

ISPs Networks Admins

From an ISP Network Administrator point of view everything is bits. He needs to make sure that the “important” bits will get from the client side of the network to the edge of it. Microsoft Updates can cause a headache of these are repeatedly downloaded over and over again by each and every Microsoft client. The fast solution to allow Microsoft Updates is to slow them down or host a local Instance of Microsoft CDN partners. While for Medium and above ISPs it would be simple to host a CDN instance or server, it would not be the same for small and big networks. Most big networks either do not care about these Updates since their lines are built to handle lots of traffic or they already have one of Microsoft CDN Instances already hosted in their Racks.

For the Small and Medium sized ISP’s the situation is a bit different since they can get “stuck” when they have what can be described as “Network Clients DOS”. The solution for them are mainly local caching or targeted traffic throttling. Any of these solution is not very simple and requires knowledge in both Networking and the upper levels of the connection and only for the purpuse of debugging some issues and deciding on the right approach.

Slow Networks connections(such as SATALITE) Admins

In the case of SAT or long distance Wireless connections the admin usually have limited resources which he can spare and Microsoft Updates might not be as important as some GPS based navigation software but they mostly downloaded “automatically” these days so it’s an obstacle and in these cases Microsoft Updates are being blocked in couple layers from the IP to the application.

Network and System Admins of the future:
long distances Space-Ships

The issue is not related directly to Microsoft and their Updates but indeed they deserve respect since they will probably continue to be present in Space. Since we are moving continuously towards the future we can assume that updates will be something important. In the case of Distance Space Ships it is feasible  to assume that if multiple Ships will be out-there then a centralized distribution point (like WSUS) will probably be used to distribute static content. When it is also possible that the maintenance of such a system will not be under a single layer administration due to the complexity of the task. For these a “cache” or a “store” is the choice to distribute identical content to multiple Space Ships or Space Stations.

Consumption of limited bandwidth

When huge Microsoft Updates are being spread around the globe to their clients Network and System Administrators reporting repeatedly  about higher consumption of bandwidth and other system resources.

Continuously Repeated downloads of the same exact content

Since Microsoft is a “generic” product their updates are created for many clients and not customized  for a specific one. These are static objects\content which being downloaded over and over again and again, due to this it’s possible to prevent repeated downloads of the content.

Summary of the Issue

Couple sides are affected by the same issue.While Microsoft are off-loading or out-sourcing the distribution of the static content to other parties. And by that solving their responsibility to spread the updates and allowing their clients faster download of the updates, other parties on the network level are left to handle a weird situation. Some of these just want to “survive” a huge update while others wants to earn couple more bucks to their monthly revenue. Some are more greedy while others are in-need.

Microsoft do not offer ISP’s or network admins a caching solution for their update since this is not their domain. Microsoft leave the network admins the option to implement any solution they want but it requires an expert that knows a thing about networking HTTP and other areas which are the road and door into the palace.

The technical complexity of any solution

In order to implement a caching solution for Microsoft Updates there is a need to know first the structure of Microsoft Updates protocols and systems. There are not simple for all but there are couple issues inside this box.
Things to consider when handling the issue:

  • Preserving the Integrity of the server content
  • Handling 206 range content requests
  • Honoring privacy of non-public updates or downloads
  • Exploiting the clients operations to populate the cache
  • Exploiting ETAGs of responses
  • Microsoft uses two channels for Windows Updates to allow caching.

Existing options for a solution

We can try to approach the target from couple angles but first we need to know: what’s out there?
Also note that these are not a junior System Administrator level task so talk with others about the subject before diving to implement any solution.


Microsoft offers a solution to manage Windows Updates for Domains using a local service: