My company has about 150 users at a remote region. they are in a shared office so they use the buildings network, not ours. All of the clients there are using Always On VPN. Rest of business is either in the main office or WFH on VPN as well. Is there any way to help improve their bandwidth? Non-Options I can see are:
Peer Cache - but this would mean all devices everywhere would be sharing content, not just devices on VPN in that remote office so pointless with VPN.
DO - Only works with Intune? Pointless with VPN anyway.
Split Tunneling - This isn’t set up (security still blocking) but I assume it wouldn’t be any help anyway. It would ease the VPN traffic but still kill their shared office network
DP - They would need their own network for this
Microsoft Connected Cache - same as point 4, would need their own network
Is the bottleneck the VPN connection to your on-prem DPs? Or is it the buildings network?
DO is not for Intune only. Windows is what has the DO service built into it.
I’d be going with a content-enabled CMG and split tunnelling. Let the devices get the content directly from the DP Microsoft are hosting for you over the users internet connection rather than serving it yourself over VPN. This would also have the added benefit that all of your VPN clients will get their content from Microsoft over the users own internet connection, rather than clogging up your VPN.
I asked this question a little while ago. I settled on treating them as Internet clients and having them connect to the CMG for content. Just like any other VPN user.
Also, not sure split-tunneling would work as that just means the VPN is out but they are all still downloading via the building network and not sharing amongst themselves and they are all on VPN so a MCC wouldn’t help
In isolation (like your WFH users) split-tunneling would mainly shift the traffic route as you describe.
Split-tunneling could help at that office when combined with BranchCache and some DO tuning. If the clients at that office could share downloaded content, the load on the office’s WAN connection would be lowered - there may be plenty of bandwidth within the office but there is likely a bottleneck to get in or out of the office.
If you do not setup a CMG, LEDBAT could help ensure you are not swamping the office’s network.
DO is supposed to detect VPNs and not peer over it, but I’d try to verify that is working in your setup. It would be ugly if they were trying to peer with each other by routing the traffic over a VPN back to your central site then back through a VPN to get to a system in the next cube.