Hi,

Can anyone provide any advice on the below scenario please:

Software updates must be deployed to ALL client machines including VPN based clients.

The boundary group has been configured with the VPN IP address range, the decision I'm pondering on is whether to set the connection to "Fast" or "Slow". 

My understanding is if selecting "Fast" then all clients within the VPN boundary will receive the software updates. If selecting "Slow" then clients within the VPN boundary will only receive the software updates if the content settings are configured to "Download content from the distribution point and run locally".

So either option clients within the VPN boundary will receive the software updates, although how is the unreliable network boundary defined?

Initially my preferred option was to create the boundary group, configure with the VPN IP address and set the connection to "Fast", although I'm concerned with VPN client computers with a slow connection will have problems receiving the software updates. But then again, ALL client computers MUST receive the software updates! 

Any suggestions/advice would be much appreciated!

Thanks

Hi,

I would set the boundary to slow for the VPN clients, then you can decide per application/package/software update instead. then you can allow software updates but block large applications for instance.

If you set the software updates to deploy on slow networks then your VPN clients will install the updates as well.

Regards,
jrgen

Thanks Jorgen!

There is no unreliable network, there is only Fast and Slow with exact definition or choice of which to choose totally up to you. The only ramification between the two is as you've stated, whether or not deployments are enforced or not on clients based on the settings within those deployments. 

I would definitely create a separate boundary and boundary group for your VPN clients and then assign your preferred DP to it marking it as slow. Then ensure that all of your required software update deployments allow installation for slow boundaries. This way, you can at least restrict which other software (application and package) deployments go out to these clients.

There is no way to make a distinction between clients that connect via your VPN using a good or poor connection though -- they will just have to live with it. Also remember that clients always use BITS to download content so even on slower connections, you will have some bandwidth limiting/control in place.

Thanks both - Software updates are now being deployed to VPN based clients.

Another question, do you know if task sequences can be deployed to VPN based clients? Its not an OSD task sequence, the task sequence in question has a couple of program installs and relatively small in size.

Thanks

Craig

Hi,

Glad to hear it works.

It will work just fine to deploy a custom task sequence on VPN-Clients.

Regards,
Jrgen

Hi Jorgen,

I have been testing and the deployment just stays on "Downloading", so I assume the device cannot locate the content on the DP within the VPN (configured Slow) boundary.

The packages in the custom TS are located on the DP, so its either the boundary or a task sequence configuration.

As I mentioned earlier, the software updates deploy successfully to VPN based clients within the same boundary, so I'm inclined to say it might be the task sequence?

Any suggestions?