[AusNOG] Windows machines patching over VPN

Gr ccie grccie at gmail.com
Tue Mar 24 16:03:22 EST 2020


Thanks Matt and everyone for inputs- much appreciated. 

> On 24 Mar 2020, at 8:19 am, Matthew Solly <matthew.solly at monash.edu> wrote:
> 
> 
> If you use SCCM, you can deploy a cloud management gateway (CMG) in Azure. The cost is around $150AUD per month, plus data egress and storage costs.
> 
> Your clients only use the CMG to retrieve policy (though you can also deploy applications through it if you’d like). They will automatically download software update content directly from Microsoft Update as long as you configure everything correctly. This makes the cost of the CMG negligible if you only use it for updates. 
> 
> The only “gotcha” I’ll mention is if you use split tunnel for your VPN, your clients may still try to pull update content from your on premises distribution point if it is reachable over the VPN tunnel. To circumvent this you can create new site boundaries in SCCM for your VPN range, and direct clients within those boundaries to the CMG. 
> 
>> On Mon, 23 Mar 2020 at 23:14, Gr ccie <grccie at gmail.com> wrote:
>> Hi All,
>> 
>> Now that we have most of people working remotely. Any patching the laptops has to be done over the VPNs. 
>> 
>> Apart from usual bottlenecks - internet, fw, vpn device - what approach should you take? Client based throttling appears quicker than implementing policies at network level? Anyone  experience dealing with this willing to share the experience how they did it, throughputs, time taken, any gotchas?
>> 
>> Thanks
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20200324/357f60e6/attachment.html>


More information about the AusNOG mailing list