4 Branch Office Network Performance Caches content downloaded from file and Web servers Users in the branch can quickly open files stored in the cache Frees up network bandwidth for other uses Application and data access over WAN is slow in branch offices Slow connections hurt user productivity Improving network performance is expensive and difficult to implement BranchCache™
5 Cache stored centrally: existing server in the branch Cache availability is high Enables branch-wide caching Increased reliability BranchCache: Two Approaches Enterprise Recommended for branches without a branch server Easy to deploy: Enabled on clients through Group Policy Cache availability decreases with laptops that go offline Distributed ModeHosted Mode
6 IIS File Server Group Policy Management Install the optional “Windows BranchCache” component on a Windows 2008 R2 web or file server Use Group Policy to enable Windows BranchCache on Windows 7 clients Hosted Cache Optionally, install a hosted cache in your branch. Configure clients to use it with Group Policy Deployment Summary
7 Get ID Get Data How it works: BranchCache Distributed Cache Get ID Data
8 Get ID Put Data How it works: BranchCache Hosted Cache Get Data ID Search Get Search Request Advertize ID Data ID Data
11 BranchCache Deployment Distributed Cache Implementation HQ: Content Server (Windows Server 2008 R2 required) Branch: Client (Windows 7 required) Hosted Cache Implementation HQ: Content Server (Windows Server 2008 R2 required) Branch: Hosted Cache (Windows Server 2008 R2 required) Branch: Client (Windows 7 required)
12 Deployment - Content Server HTTP server (IIS) - Install the BranchCache feature from Server Manager SMB server (File server) – Install the BranchCache role service feature within the file server role using Server Manager That’s it… Optional: Hasgen.exe
13 Deployment - Client Identify the “branch” An Active Directory Site An IP address range A collection of specific client computers Choose how to deploy Group Policy netsh Deploy to clients Group policy: Use built-in ADMX files netsh: Run netsh branchcache set service distributed on all relevant clients
14 Deployment – Hosted Cache Setup the Hosted Cache Install the BranchCache feature on an R2 server Install a server-auth certificate for use with SSL Run netsh branchcache set service hostedserver on the hosted cache Identify Branch Choose how to deploy Deploy to clients Group policy: Use built-in ADMX files netsh: Run netsh branchcache set service hostedclient location=<> on all clients
16 Additional Configuration Options With Group Policy and NetSH you can: Enable / disable Distributed Cache Enable / disable Hosted Cache Set the cache size Set the location of the Hosted Cache Clear the cache Create and replicate a shared key for use in a server cluster And more … Works in domains and workgroups
21 Flow – a Security View Client requests data from the server, and indicates BranchCache capability Server authorizes the client Server retrieves metadata (block hashes, segment hashes, private segment key) for the data Server sends metadata on same channel as data Client computes a segment discovery key Broadcasts on the local network
22 Security of Data at Rest Clients Cache only contains content requested by the client Data in cache ACL’d so that it is only accessible if authorized by the server If data leakage is a concern, then use BitLocker or EFS Hosted Cache Cache contains content requested by all branch clients Use BitLocker or EFS to encrypt cache as necessary All data can be purged from the cache using netsh
23 BranchCache Benefits Improve application responsiveness and reduce file transfer wait time Combined with other SMB offerings enhance the user experience on remote shares Optimize network utilization: Recommended for HTTP and HTTPS-based intranet traffic Performs well for SMB (and signed SMB) shares on the read path Support network security protocols (SSL, Ipsec) Reduce the cost of managing WAN
Common Questions Q: When will this be made available for Vista or XP? A: It won’t. BranchCache in only supported with Windows 7 Enterprise, Ultimate & Windows 2008 R2 editions. Q: What size content is cached? A: 64 KB and greater. Q: Is there a peer discovery timeout? A: 300 ms Q: What kind of encryption is used? A: Custom scheme based on AES128. Q: Does knowledge of the hash ID grant access? A: No. Access must still be granted by the file server.
Common Questions Continued… Q: Will BranchCache work during WAN outages? A: No. Clients must be able to contact the content server to get content identifiers. Q: Can I pre-populate cached files? A: Yes. Consider using scheduled task, PowerShell Remoting or some other technique. For WSUS & SCCM, consider targeting one client in each remote office before the others. Q: How does Branch Cache avoid discovery storms? A: Responses to search requests are staggered. If a client detects that many others on the subnet already have a piece of content, it won’t bother caching it too. Q: How long does data stay in cache? A: Until NetSH is used to flush the cache or until the cache is full and starts to roll. Q: Is BranchCache supported on Server Core? A: Absolutely.