Good info Michael, thanks for the response. Would be great to see SCCM Current Branch support express installation files down the road.
Rob From: [email protected] [mailto:[email protected]] On Behalf Of Michael Niehaus Sent: Thursday, September 1, 2016 5:41 PM To: [email protected] Subject: RE: [mssms] New Servicing Model Win7, etc. - Next Month I think you’re misunderstanding somewhat – there will be a security-only update each month, containing just the new security fixes for that month. And given your example, I don’t know how it would ever happen. Why would a PC ever only need 1 patch from July, if there were 10 released in July? When did they get the other 9, and why did they miss that one at the time? :) Let me try from a different perspective: July: 10 fixes, 10 updates, 50MB each, 500MB total August: 10 fixes, 10 updates, 50MB each, 500MB total September: 10 fixes, 10 updates, 50MB each, 500MB total October: 10 fixes, 1 update, 500MB total November: 10 fixes, 1 update, 500MB total December: 10 fixes, 1 update, 500MB total (That’s probably too many fixes, and those are probably too big given the average size, but overall it doesn’t matter – think about logical concepts, not total size :)) So in the old method, applying three months’ worth of fixes would be 1500MB of content, downloaded in 30 updates. Every client would need all 30 at some point in time, so every client is going to download 1500MB. In the new method, applying three months’ worth of fixes would be 1500MB of content, downloaded in 3 updates. Every client would need all 3 at some point in time, so every client is going to download 1500MB. It does get more interesting if you are also talking about deploying non-security fixes, since those rollups will be cumulative (and that’s where the express installation files are important). But in the security-only case, the only difference is how many updates the fixes are contained in. Thanks, -Michael From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Robert Spinelli Sent: Thursday, September 1, 2016 1:49 PM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] New Servicing Model Win7, etc. - Next Month Michael I should of worded it better. Current model July patches come out and there are 10 individual updates August patches come out and there are 10 individual updates September patches come out and there are 10 individual updates Machine comes online and needs: 1 patch for July updates that is 50MB 1 patch from August update that is 50MB 1 patch from September update that is 50MB Machine would download 3 patches for a total of 150MB New Model October monthly security update is 500MB November monthly security update is 600MB December monthly security update is 700MB Above is using monthly security only updates not monthly rollup for the example. Machine comes online and if we take same scenario above where it only needs 1 patch from each month, It would download 3 x 500MB for a total of 1.5Gb? Am I not understanding the new model in regards to monthly security update? Will there be a monthly security update each month (in my example there would be 3) or you’re saying there will be 1 monthly security update that encompasses all the months (in my example 3 months). If you’re saying it would be 1 monthly security update that encompasses all 3 months then when the client patches in December it will download 700MB December package compared to 150 MB in the current model. I’m going to vote for that user voice item for sure. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Michael Niehaus Sent: Thursday, September 1, 2016 3:53 PM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] New Servicing Model Win7, etc. - Next Month They are called “express installation files.” WU, WU for Business, and WSUS support them (because they just tell the WU agent “here’s the content, download what you want”), but not ConfigMgr yet (as it downloads the content and then tells the WU agent “the update is in this local folder, install it”). There is a user voice item related to that: https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/14255697-using-express-installation-files That limits how much gets downloaded each month (with cumulative updates where many of the components were updated in previous months), and is good overall. Peer-to-peer is also something that’s great to implement too, whether you use BranchCache, ConfigMgr peer-to-peer support (Windows PE only today, expanding to full clients in the future), Delivery Optimization (really not applicable to most ConfigMgr scenarios), or third-party alternate content providers that provide many of the same benefits. One item I don’t follow below is this one: 1. Machine needs 3 patches as below that are all 50MB currently the client would download 150MB of data. In the new model they will end up downloading the monthly security only updates. If each monthly security only updates is 500MB and it needs 3 patches as below the same client will now download 1.5TB of data. a. 1 patch from October b. 1 patch from November c. 1 patch from December Today, a client would download, say, 3 security updates, totaling about 150MB. With the changes, they will download one single security update, containing 3 fixes, and it will still be 150MB. If you are deploying only security updates, there’s zero change in the total size per month; the only change is how many updates make up that size (several or one). If a particular machine is three months out of date (or if you’re just looking at it over a three month time period), then the old way would download 12 updates for 450MB; the new way would download 3 updates for 450MB (again, sticking with the example 3 updates per month, 50MB each – obviously it’s a little more variable than that). Thanks, -Michael From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jason Sandys Sent: Thursday, September 1, 2016 12:08 PM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] New Servicing Model Win7, etc. - Next Month Although ConfigMgr doesn’t have support for it yet, WSUS and the WUA fully support only downloading the delta of the binary update package that is needed. I can’t remember what this is called though. So, it’s not like they don’t have this one covered – or will soon as I know it’s on the “list” for the product group. However, this is all the more reason to look at peer to peer content distribution – by my count, only 1610 hits (and it hopefully includes PeerCache), there will be 4 choices for p2p content delivery in ConfigMgr. J From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Robert Spinelli Sent: Thursday, September 1, 2016 12:55 PM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] New Servicing Model Win7, etc. - Next Month Yeah, not really much we can do about sucking it up. I guess my real concern now is how much the client will need to download now, even if they just need 1 patch. I feel like we’re back to SMS 2003 with ITMU, which made you download all patches even if you just needed one. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Roland Janus Sent: Thursday, September 1, 2016 11:29 AM To: [email protected]<mailto:[email protected]> Subject: AW: [mssms] New Servicing Model Win7, etc. - Next Month Was a big subject here already. Pretty sure MS approach will be, no choice to exclude or in other words: suck it up… -R Von: [email protected]<mailto:[email protected]> [mailto:[email protected]] Im Auftrag von Robert Spinelli Gesendet: Donnerstag, 1. September 2016 15:03 An: [email protected]<mailto:[email protected]> Betreff: [mssms] New Servicing Model Win7, etc. - Next Month I read the article below which gave some good detail in regards to new servicing model that MS is introducing next month. · http://myitforum.com/myitforumwp/2016/08/31/lookout-configmgr-admins-windows-monthly-updates-are-gonna-get-huge/ MS TechNet article · https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/ Below is my quick summary/understanding of both articles. Was looking for input to make sure I got it right. Basically they are going to stop releasing individual patches and release: 1. Monthly Rollup a. Addresses both security issues and reliability issues in a single update. 2. Monthly Security-only updates a. This update collects all of the security patches for that month into a single update. Unlike the Monthly Rollup, the Security-only update will only include new security patches that are released for that month 3. NET Framework Monthly Rollup a. The monthly .NET Framework Monthly Rollup will deliver both security and reliability updates to all versions of the .NET Framework as a single monthly release 4. Monthly NET Framework security-only update a. NET Framework team will also release a security-only update on Microsoft Update Catalog and Windows Server Update Services every month. Here is some reasons I’m not a fan of this: 1. Historically If there was one bad patch during the month you could exclude rolling that one patch out. In the new model you will have to hold off the whole month of patches for one bad patch. I’m not sure how MS thinks this will make things more secure. 2. Machine needs 3 patches as below that are all 50MB currently the client would download 150MB of data. In the new model they will end up downloading the monthly security only updates. If each monthly security only updates is 500MB and it needs 3 patches as below the same client will now download 1.5TB of data. a. 1 patch from October b. 1 patch from November c. 1 patch from December I’m assuming SCCM will have the option to download the Monthly Security-only updates or the Monthly Rollup (which would be larger) using manual download or ADR ? All input/feedback is welcome. Rob
