[AusNOG] Windows machines patching over VPN

[Matthew Solly]

If you use SCCM, you can deploy a cloud management gateway (CMG) in Azure.
The cost is around $150AUD per month, plus data egress and storage costs.

Your clients only use the CMG to retrieve policy (though you can also
deploy applications through it if you’d like). They will automatically
download software update content directly from Microsoft Update as long as
you configure everything correctly. This makes the cost of the CMG
negligible if you only use it for updates.

The only “gotcha” I’ll mention is if you use split tunnel for your VPN,
your clients may still try to pull update content from your on premises
distribution point if it is reachable over the VPN tunnel. To circumvent
this you can create new site boundaries in SCCM for your VPN range, and
direct clients within those boundaries to the CMG.

On Mon, 23 Mar 2020 at 23:14, Gr ccie <grccie at gmail.com> wrote:

> Hi All,
>
> Now that we have most of people working remotely. Any patching the laptops
> has to be done over the VPNs.
>
> Apart from usual bottlenecks - internet, fw, vpn device - what approach
> should you take? Client based throttling appears quicker than implementing
> policies at network level? Anyone  experience dealing with this willing to
> share the experience how they did it, throughputs, time taken, any gotchas?
>
> Thanks
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20200324/dbd5f021/attachment.html>