A request for help to better understand branch cache / peer cache
Hello everyone,
I've inherited an MECM environment a while ago, and while I'm fairly experienced with packaging apps and selectively updating systems, I've ran into a bit of a snafu. Our organization is looking to upgrade our existing 23H2 fleet to 25H2, and we've seen wildly inconsistent behavior with feature updates. For the majority of our users, they appear to get stuck at 0%. The interesting thing is that we have no such issues with regular security updates. Right now I think the issue is our implementation of Branch Cache and Peer Cache, which... Appears haphazard.
A little bit of information on the environment before we proceed. It's an air gapped environment with no internet or cloud connectivity. The topology looks like this:
Single Site
HQ - 500~ Workstations, Primary + Failover site servers w/ MP enabled. 2 DPs, both are SUPs (Shared content/DB), 1 of which is PXE enabled.
Regional HQ A - ~150 Workstations, 1 MP/DP/SUP (Metadata only, connects to WSUS servers at HQ) Combo
Regional HQ B - ~100 Workstations, 1 MP/DP/SUP (Metadata only connects to WSUS servers at HQ) Combo
Regional HQ C - ~50 Workstations, 1 MP/DP/SUP (Metadata only connects to WSUS servers at HQ) Combo
Remaining sites number nearly 80 or so, with varying numbers of workstations between 3-15, with numbers usually trending higher.
Outside of one specific location, all clients are desktops, with on
WSUS updates are copied from a separate, online source and imported to the primary HQ server. This process has worked well.
The HQ/Regional HQ usually have workstations that are online 24/7, except for a daily reboot that occurs at night (We're not a 24/7 organization).
The branch sites, however, have workstations that are either powered on 24/7, for a few hours a day, or not at all for weeks at a time.
Anyways, I've never had time to fully examine this environment as much as I've wanted, because it has mostly just worked and my team is already stretched thin as is. Application updates are reliable, workstations remain patched, etc. But this feature update has kicked my ass.
Anyways, I've gone and taken a look at some settings, and what I've found hasn't been pretty. GPOs are enabled which have hard-configured defaults for BITS, Branch Cache, Delivery Optimization, etc. Based on what I've learned, this isn't the correct way to go about it, and this should instead be set to not configured for most settings, with Client Settings taking precedence instead.
As is... Client settings are set to have Peer Cache everywhere, and Branch Cache on no more than a few workstations throughout the network... All of which are located at HQ. I've seen varying things from different time periods, but am I correct in thinking that this should be the reverse, with Branch Cache configured everywhere, and peer cache on more stable workstations (Conference rooms, high uptime workstations, etc.)? Does this seem right? What would you all recommend?