Pre-caching

The product formerly referred to as Nomad has been rebranded as Content Distribution. Although the new name is implemented in the majority of documentation and user interfaces, references to Nomad may still appear in specific tools, scripts, or contexts.

Pre-caching lets you preload the Content Distribution caches of particular machines directly from the Configuration Manager console. This enables downloads to be available on the branch prior to a deployment taking place, which can be very useful in large-scale deployment scenarios.

Before you start, ensure the following prerequisites are met:

  • 1E Platform is accessible, with Content Distribution features enabled.

  • Content Distribution Configuration Manager console extensions must be installed.

Refer to Using Nomad with Operating System Deployment OSD for example scenarios about how to use Content Distribution to maximize the efficiency of distributing large OS content across the network and how you can monitor those deployments using the Content Distribution app.

Architecture and ports

Pre-caching uses the following ports in its communications. If a site server is configured to use custom ports, pre-caching will use those ports to communicate with a management or distribution points. To ensure high-availability, pre-caching falls back to next available site server if it fails to communicate with a management or distribution point.

Ports

Description

N/A

Step 1

Choose a package and run the Content Distribution pre-caching wizard, selecting the target device collection. This step does not require any port configuration but the Content Distribution Configuration Manager console extensions must be installed in the Configuration Manager Console.

TCP 80 (HTTP)

TCP 443 (HTTPS)

Step 2

The Content Distribution pre-caching wizard stores the target device and package information in 1E Platform.

TCP 80 (HTTP)

TCP 443 (HTTPS)

Step 3

The Content Distribution clients, where the pre-cache feature has been enabled, poll 1E Platform every 24 hours to see if they need to pre-cache some content. This takes the form of pre-caching notifications that tell the Content Distribution clients they need to process a download job to fetch the specified content.

TCP 80 (HTTP)

TCP 443 (HTTPS)

Step 4

The Content Distribution clients, with pre-caching notifications, contact the Management Point to locate the Distribution Point that holds the content. This may use HTTP or HTTPS depending on how the Management Point is configured.

TCP 80 (HTTP)

TCP 443 (HTTPS)

TCP 139 (SMB)

TCP 445 (SMB over TCP)

Step 5

A Content Distribution Master election takes place and the elected master processes the job by downloading the pre-cache content using Content Distribution as provider. This is then distributed locally to the Content Distribution peers that also require the pre-cached content. This communication depends on how the DP is configured. It may be one of the following:

  • HTTP

  • HTTPS

  • SMB

  • SMB over TCP

For Configuration Manager the default setting is either HTTP or HTTPS.

Enabling pre-caching

When you consider how to install the Nomad Branch Tools (refer to Installing 1E Content Distribution Tools), you can also install them in unattended mode by using the MODULE.NOMAD.PLATFORMURL installer property or by setting the PlatformURL registry value on the machine where the extensions are installed post-installation.

Content Distribution clients must also be configured to support pre-caching. This is done during installation in the Content Distribution screen of the 1E Client installer, for more details refer to Content Distribution client.

Although the Single-Site Download option must be enabled in the installer, you can use the Content Distribution pre-caching feature without using SSD by not configuring the Single Site Download feature. If you are already using the SSD feature in your environment, no further Content Distribution client configuration will be required to enable pre-caching.

Using pre-caching

Pre-caching is directly integrated with the Configuration Manager Console, is fully compliant and works with Role Based Access in Configuration Manager, refer to Pre-caching RBAC support.

To start the pre-cache wizard, right-click any of the following types of content in the Configuration Manger console and from the context menu, choose Pre-cache content using Nomad.

  • Applications

  • Packages

  • Driver packages

  • Operating system images

  • Operating system upgrade packages

  • Boot images

  • Task sequences: Refer to the note in the table under Dynamic pre-caching

  1. On the Targeting screen, choose the device collection you want to pre-cache.

  2. On the Summary screen, verify your selection.

    • Click Apply if it is correct.

    • If it is incorrect, click Previous to start again.

  3. The Progress screen displays the status while the wizard sets up the pre-cache notification in ContentDistribution.

    There is support for providing alternate credentials to authenticate with the 1E Platform. If your 1E Platform instance resides in another domain or the cloud, you will be prompted to enter alternate credentials for that location, which get stored in the credential store for any future requests.

  4. On the Completion screen, click Finish to close the wizard.

Viewing pre-cached jobs

If you are not a full administrator, you can only view pre-cached jobs provided you have Read permissions on the collection as well as the content.

To view pre-cached jobs:

  1. In Configuration Manager, choose Monitoring.

  2. Expand the 1E Nomad node and select Pre-caching Jobs.

The attributes for the job are displayed in the right-hand pane as follows:

Column title

Attribute definition

Job Id

The ContentDistribution identifier of the job.

Content Id

Configuration Manager identifier for the content referenced by the job.

Content Name

Name of the content referenced by the job.

Content Version

Version of the content referenced by the job.

Content Type

Type of the content referenced by the job (i.e. application, task sequence).

Target Collection Id

Device collection identifier targeted by the job.

Target Collection Name

Device collection name targeted by the jobs.

Creation Time

The time the job was created.

Created By

The person who created the job.

Content Status

(Visible only to those with full administrator rights) – displays the status of the content, i.e whether it exists or is deleted.

Target Collection Status

(Visible only to those with full administrator rights) – status of the device collection, i.e. whether it exists or is deleted.

Deleting pre-cached jobs

You can only delete pre-cached jobs if you have permissions for a particular content type. If you are not a full administrator, you will need:

  • Read permissions on collections (through a security role).

  • Access to the pre-cached job (i.e. content and the device collection).

To delete a pre-cached job:

  1. In Configuration Manager, choose Monitoring.

  2. Expand the Overview tree and choose Nomad Pre-cache jobs.

  3. In the Nomad Pre-cache jobs list, right-click the pre-cached you want and from the context menu, choose Delete.

Managing pre-cached jobs with Powershell cmdlets

You can also manage pre-cached jobs by using PowerShell cmdlets.

To get all pre-cached jobs from ContentDistribution, run:

Copy
Get-PreCachingJobs [-PlatformURL <String>] [<CommonParameters>]

To remove pre-cached jobs from ContentDistribution run:

Copy
Remove-PreCachingJobs [-Id] <String> [-PlatformURL <String>] [-Confirm [<SwitchParameter>]] [<CommonParameters>]
Copy
Remove-PreCachingJobs -Before <String> [-PlatformURL <String>] [-Confirm [<SwitchParameter>]] [<CommonParameters>]
Copy
Remove-PreCachingJobs -AgeInDays <UInt32> [-PlatformURL <String>] [-Confirm [<SwitchParameter>]] [<CommonParameters>]
Copy
Remove-PreCachingJobs -All [<SwitchParameter>] [-PlatformURL <String>] [-Confirm [<SwitchParameter>]] [<CommonParameters>]

The parameters are:

Parameter

Optionality

Notes

-Id

Mandatory

ID for the job to delete.

-PlatformURL <string>

Optional

Location of ContentDistribution. If not provided, it is retrieved from the NomadAdminUI registry value.

-Confirm

Optional

Suppresses the confirmation prompt for the deletion.

-Before

Mandatory

Delete jobs before a particular date and time where the notation is yyyyMMddHHmmss.

-AgeInDays

Mandatory

Delete jobs older than a particular number of days.

-All

Mandatory

Delete all jobs. Exercise caution if you use this.

<CommonParameters>

 

Values are: Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.

There is more information about CommonParameters at about_CommonParameters.

Dynamic pre-caching

If the content or membership of a targeted collection changes after a pre-cached job is created, Content Distribution is updated to keep in sync with Configuration Manager. It does this by polling the Configuration Manager database at regular intervals to fetch updated content.

Each synchronization task fetches the following:

  • Pre-caching data (device collections and contents)

  • Dashboard data (status messages)

Pre-cached jobs are affected when these events take place in Configuration Manager, and on the next synchronization with Content Distribution:

Configuration Manager events

Next Content Distribution synchronization cycle

 

Device collections

  • Where there is a change in membership for a device collection.

  • Where a device collection is deleted.

  • Content Distribution collection is updated to reflect the change in membership for that device.

  • Pre-cached jobs for that device collection is deleted.

Packages

  • Where a package is updated.

  • Where a package is deleted.

  • Content Distribution is updated with the packages.

  • Pre-cached jobs for that package as well as any pre-cached jobs referenced in a task sequence is deleted.

Applications

  • where deployment types are added or removed.

  • where an application is deleted.

  • Content Distribution deployment types for that application is updated.

  • Pre-cached jobs for that package as well as any pre-cached job referenced in a task sequence is deleted.

Task sequences

If you chose to automatically pre-cache references (as well as those added later).

Content Distribution is updated when:

  • References are added or removed.

  • Referenced content is updated or deleted.

  • A reference is deleted.

Applications and packages that will be installed using a dynamic variable list will not be automatically pre-cached.

Also be aware that any other dynamic content will not be pre-cached, for example drivers deployed using Modern Driver Management.

Dynamic content needs to be pre-cached independently as separate jobs.

If you chose to selectively pre-cache references:

Content Distribution is not updated when:

  • References are added or removed.

  • Content Distribution is updated when referenced content is updated or deleted.

  • Content Distribution is not updated when a reference is deleted.

 

Hash validation

Hash validation is used when content is downloaded for pre-cached jobs and for LSZgen requests for these jobs. When a pre-cached job is created:

  • For task sequences, hashes for all referenced packages and applications are posted to Content Distribution.

  • For applications, hashes for all its child deployment types are posted to Content Distribution.

On the client side:

  • Where a job is queued, the client queries the management point for content locations. The management point returns a hash for application content types only. If it does not return a hash, the client retrieves it from Content Distribution. Hashes from management points take priority over Content Distribution.

  • For the 1E server hosting Content Distribution, the client fetches the hash during the pre-cache cycle for that particular content.

Content Distribution clients polling the ContentDistribution database

After running the wizard, Content Distribution clients that are registered with the ContentDistribution database, and that were included in the selected device collection, will get a pre-cache notification within 24 hours. This notification tells Content Distribution that it has to process a download job on the content to be cached. The default number of notifications a client processes in one pre-cache poll cycle is 20, but you can modify this by updating the PrecachePollBatchSize registry value.

When is polling disabled?

Content Distribution clients normally start their polling cycle when the service starts, with a random delay to minimize the possibility of multiple simultaneous polls from different clients. However, polling will not start if any of the following is true:

  1. The 1E Platform URL is not set in the Content Distribution registry.

  2. Content Distribution is running on a machine using the Win PE operating system.

  3. The Configuration Manager client is not installed on the machine – in order to download pre-cached content, the Content Distribution service needs to contact the management point and this is only possible if the client is installed locally.

To explicitly turn polling off for a Content Distribution client set the PrecachePollMinutes registry value to 0.

Pre-caching RBAC support

Pre-caching is tightly integrated into Configuration Manager and honors the permissions and restrictions enforced by role-based access control (RBAC). The following rules are used to determine whether a particular user is allowed to pre-cache a particular content on a particular collection or not:

  1. A user is only allowed to pre-cache a content item if they have the RBAC permissions to deploy it via Configuration Manager.

  2. A user is only allowed to pre-cache to a device collection if they have the RBAC permissions to access that collection.

Configuration Manager administrators will need to be a member of the Content Distribution Administrators group, so they can manage Configuration Manager collections, for example create, view and delete pre-cache and paused collections. Refer to Roles and permissions for details.

If an administrator does not have the necessary RBAC permissions, they will not be able to see or access any of the pre-cache features in the Configuration Manager Admin console. Similarly, if they do not have the right permissions to a device collection, that collection will not be available to them in the Targeting screen of the pre-cache wizard.

However, full administrators will see:

The following table provides an overview of the availability of pre-caching for the built-in Configuration Manager security roles.

Pre-caching support based on the Configuration Manager security role

Built-in Configuration Manager Security Roles

 

 

 

SOFTWARE LIBRARY

 

 

 

 

APPLICATION MANAGEMENT

Operating System

 

 

 

Applications Packages

Driver Packages

Operating System Images

Boot Images

Task Sequences

Pre-caching Wizard

 

 

 

 

Application Administrator

Pre-caching available

(Access to Collection required)

Not available

 

 

 

Application Author

Pre-caching Not available

(Access to Application Management only)

Not available

 

 

 

Application Deployment Manager

Pre-caching available

(Access to Collection required)

Not available

 

 

 

Asset Manager

No access to Software Library

 

 

 

 

Company Resource Access Manager

 

 

 

 

 

Compliance Settings Manager

Pre-caching Not Applicable for Software Updates

(No Access to Application Management & Operating System, Only Software Updates under Software Library available)

 

 

 

 

Endpoint Protection Manager

No Access to Software Library

 

 

 

 

Full Administrator

Pre-caching available

(Access to Collection required)

 

 

 

 

Infrastructure Administrator

Pre-caching not available

(Access only to Windows Sideloading Keys in Application Management under Software Library)

 

 

 

 

Operating System Deployment Manager

Pre-caching not available

Pre-caching available.

(access to Collection required).

If Package/Application is part of a task sequence, pre-caching does not happen

 

 

 

Operations Administrator

Pre-caching available

(Access to Collection required)

 

 

 

 

Read-only Analyst

Pre-caching not available

(Configuration Manager console is in Read-Only mode)

 

 

 

 

Remote Tools Operator

No access to Software Library

 

 

 

 

Security Administrator

 

 

 

 

 

Software Update Manager

Pre-caching not applicable for Software Updates

(No access to Application Management & Operating System, Only Software Updates under Software Library available)

 

 

 

 

Limitations

The following limitations are part of the current implementation of the pre-caching feature:

  1. Software Updates are not supported by pre-caching. Instead, make use of the available and mandatory advertisement dates.

  2. Disabling Content Distribution Content Registration with the ContentDistribution database prevents clients from fetching further pre-caching notifications after the first batch of 20.

  3. The pre-caching Wizard allows packages that do not have content to be selected for pre-caching.

  4. Delays may be seen when processing pre-caching notifications for devices with many notifications. By default, clients will poll the ContentDistribution database once a day. Each time a client polls it will fetch a batch of 20 notifications to process, so for a client with 100 outstanding pre-caching notifications, it will take 5 days for all the notifications to be processed. The time between polls depends on the PrecachePollMinutes setting which can be reduced if there are many pre-caching jobs, though the 24-hour default is recommended.

  5. Pre-caching jobs do not support Content Distribution additional settings (such as those configurable in the Nomad tab in the Package or Task Sequence properties).

  6. Content Distribution won't re-download a pre-caching job with updated data format (that is compressed/encrypted), if the content has previously downloaded to the cache. The conversion will happen when ACP triggers the same content.

  7. Content Distribution synchronization may cause issues if there is any replication issues between the central administration site and primary site.

  8. Workgroup member clients may not be able to use the pre-caching feature, as it requires ContentDistribution registration using their FQDN.

Using network access accounts

Prior to this release, when a download is initiated, Content Distribution only used the credentials from the first Configuration Manager network access account it found to authenticate, and if that failed, the download stopped. From this release, Content Distribution cycles through all native Configuration Manager network access accounts to authenticate, thereby reducing the risk of failure.

Content Distribution won't use network access accounts for SMB downloads from Distribution share. It uses the SYSTEM$account to connect to the package share location.