Dawie Human Infrastructure Architect Inobits Consulting WSV303 Agenda Problem background Solution modes Deployment Demo Deep Dives Content Identification Integration architecture Security ID: 738166
Download Presentation The PPT/PDF document "BranchCache : Helping You Save on WAN Ba..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1Slide2
BranchCache: Helping You Save on WAN Bandwidth Consumption at Branch Offices
Dawie Human
Infrastructure Architect
Inobits
Consulting
WSV303Slide3
Agenda
Problem background
Solution modes
Deployment
Demo
Deep Dives
Content Identification
Integration architecture
Security
End to end flow
ResourcesSlide4
Problem background
Thin, expensive WAN links between
main office and branch offices
High link utilization
Poor application responsiveness
Trend towards data centralizationSlide5
Customers say…
“We are
improving the efficiency of our branch offices and saving bandwidth by using BranchCache
in Windows Server 2008 R2 and Windows 7,” said Lukas
Kucera
, IT services manager of
Lukoil
CEEB, one of the largest integrated oil and gas companies in the world. “Some of our smaller facilities, such as the office in Slovakia and the storage terminal in Belgium, have just five to 10 users, so it’s not efficient to deploy a file server on-site, but it consumes bandwidth to have them continually accessing files from the main servers.
BranchCache is the perfect solution.”
“Taking advantage of the BranchCache feature in Windows Server 2008 R2, we can spend $20,000 rather than $50,000 per year on bandwidth by postponing our expansion schedule.
”David Feng, IT Director, Sporton International
Convergent Computing (CCO) wanted to improve remote network access for its mobile users. Using the
DirectAccess and BranchCache™ features in Windows Server® 2008 R2 and Windows 7, CCO has simplified remote connection to its network and sped the downloading of important files. It has cut costs by eliminating its virtual private network and has
seen a 43 percent savings in wide area network (WAN) bandwidth.Slide6
Solution TenetsSlide7
Get
Get
ID
Get
Data
Branch Office
Main Office
Distributed Cache
Get
ID
Data
DataSlide8
Get
Get
ID
Put
Data
Branch Office
Main Office
Hosted Cache
Get
Data
ID
Search
Get
Search
Request
Offer
ID
ID
ID
Data
ID
DataSlide9
Hosted Cache
Centralized cache of data downloaded by the branch
The Hosted cache on Windows Server 2008 R2 provides the following features
A centralized cache for
Protocols: HTTP, SMB
E2E encrypted/signed traffic: SSL,
IPsec
, SMB signing etcDoes not “modify” protocols; benefits from protocol optimizationsConfigurable size/location/persisted across reboots/flush-able
Works across multiple subnetsAdmins can seed content by writing custom scriptsCan be a virtual workload in an appliance
Easy to deploy; clients are configured via policySlide10
Hosted Cache
Data cached at hosted cache server
Recommended for larger branches
Cache stored centrally: can use existing server in the branch
Cache availability is high
Enables branch-wide caching
Hosted Cache vs. Distributed
Enterprise
Distributed Cache
Recommended for branches without any infrastructure
Easy to deploy: Enabled on clients through Group Policy
Cache availability decreases with laptops that go offline
Distributed Cache
Data cached amongst clientsSlide11
Overall Framework
IE
HTTP
BranchCache™
SMB
Explorer
3
rd
Party Applications
Robocopy
Office
WMP
BITS
Office
SharePoint
AppVSlide12
Deployment
Distributed
HQ: Content Server (must run R2)
Branch: Client (must run Win 7 or R2)
Hosted
HQ: Content Server (must run R2)
Branch: Hosted Cache (must run R2)Branch: Client (must run Win 7)
Works on Server Core R2 as well!Slide13
Deployment - Content server
HTTP server (IIS) - Install the BranchCache feature from Server Manager
SMB server (File server) – Install the BranchCache role service feature within the file server role using Server Manager
That’s it…Slide14
Deployment - ClientSlide15
Deployment – Hosted CacheSlide16
Branch
Office
IIS
File Server
Group Policy
Management
Install BranchCache™ feature on an R2 server
Group Policy to enable clients
Hosted
Cache
Optionally, install a hosted cache in your branch.
Branch Office
Branch Office
Main Office
Deployment - SummarySlide17
Additional configuration options
Enable / disable distributed cache mode
Enable / disable hosted cache mode
Set the cache size
Set the location of the hosted cache
Clear the cache
Create and replicate a shared key for use in a server clusterAnd more …
Works in domains and workgroupsSlide18
Monitoring
Event logs - Operational logs & Audit logs
Perfmon
counters - Client, hosted cache and Content Server
netsh
for querying the infrastructure for potential problems
Cache size too small, firewall issues, certificate problems etc
SCOM pack - for rolling all the information upSlide19
BranchCache in Action
demoSlide20
Going Deeper…Slide21
Group Policy – Hashing ServerSlide22
Group Policy – Client SideSlide23
Content Identifiers
S1
S2
S3
B1
B2
B1
B2
Bn
B1
B2
Bn
Content
Segments
Unit of discovery
Blocks
Unit of download
Hashes
Returned by server
Segment hashes, Block hashes
up to ~2000x data reduction
BnSlide24
HTTP Integration
http.sys
IIS
BranchCache
wininet
Open
URL
“Branch Cache Capable”
Get
data
Data
Data
Data
H1
H2
H4
H5
Hashlist
Hashlist
Hashlist
Hashlist
Data
Data
H3
BranchCache
IESlide25
SMB Integration
SMB Server
Driver
SMB Hash Generation Service
HashGen
Utility
Generate or update hash
Generate or update hash
Application
CSC Driver
SMB Client Driver
CSC
Cache
Hashlist
CSC Service
Branch
Cache
Data
Hashlist
Request
Hashes
ReadFile
Data
Prefetch
File
Data
Data
Access hashes
Save
hashes
Request
Hashes
Hashlist
HashlistSlide26
How is SSL Optimized?
Sockets
SSL
HTTP
IE
BranchCache
BranchCache
Data encrypted
Data in clear
Data in clear
Client
Server
Data encrypted
IPsec
Sockets
SSL
HTTP
IIS
Data encrypted
Data in clear
Data in clear
IPsec
Data encrypted
Data encryptedSlide27
Security
B1
B2
Bn
Blocks
Block hashes
Hash(block)
Segment hash (SH)
Hash (
Blockhashes
)
Server secret key
Ks
Private Segment key (SK)
Hash(SH, Ks)
Encryption key
Hash(SK, “
KeKeKe
”)
Segment discovery key
Hash(SK, SH+”
HoHoDk
”)
Client
ServerSlide28
Flow – a Security View
Client requests data from the server, and indicates BranchCache capability
Server authorizes the client
Server retrieves metadata (block hashes, segment hashes, private segment key) for the data
Server sends metadata on same channel as data
Client computes a segment discovery key
Broadcasts on the local networkSlide29
Flow, Continued
Serving clients receive the broadcast
Decrypt the segment hash from the segment discovery key
Respond with data availability
Client requests blocks from the serving client
Serving client computes encryption key from the segment private key
Serving client encrypts each block with the encryption key
Client receives the dataDecrypts the dataValidates block data against the block hashIf valid, returns to applicationSlide30
Security of Data at Rest
Clients
Cache only contains content requested by the client
Data in cache
ACL’d
so that it is only accessible if authorized by the server
If data leakage is a concern, then use BitLocker
or EFSHosted CacheCache contains content requested by all branch clients
Use BitLocker or EFS to encrypt cache as necessaryAll data can be purged from the cache using
netshSlide31
BranchCache Ecosystem Partners
announcingSlide32
Steelhead Appliance
RSP
VM
VM
VM
VM
Virtualization Layer
VM
Riverbed
and
Microsoft to extend optimization further for Windows 7 users with
BranchCache
Microsoft and Riverbed - Better Together
Joint Optimization Solution for Windows 7 users
Riverbed Steelhead: Leading WAN optimization solution +
BranchCache
Leader in the Gartner magic quadrant
Accelerate applications: CIFS, MAPI, HTTP/S, TCP, and all other key protocols
Cut bandwidth use: Save 65 – 95% of WAN utilization
POLP Licensing Partner, and Windows OEM
Deliver Windows to the branch with the Riverbed Services Platform (RSP): Offer Windows services such as AD, Streaming, Print, DNS and BranchCache
Visit
Booth 247
for more infoSlide33
WAN
Blue Coat – BranchCache Support
About Blue Coat
Application Delivery Network Vendor
ProxySG
for WAN Optimization & Secure Web Gateway
Leader in Gartner Magic Quadrants
Secure Web Gateway, Sep 2008
WAN Optimization Controllers, Nov 2007
Blue Coat will support BranchCache protocols
Blue Coat will license Hosted Cache protocols on
ProxySG
Edge site hosted cache for SMB2, SMB signed & IPsec
Core site proxy for legacy content servers (non-WS 2008 R2)
Remote
Office
Data Center
ProxySG
ProxySGSlide34
F5 and BranchCache
F5 is a player in Application Delivery Networking, with the mission of building network devices that support your applications, ensuring high availability, scalability, performance and security.
BranchCache adds to BIG-IP’s WAN acceleration portfolio
See a
demo
of BranchCache on the
BIG-IP 6900
–visit booth 311Slide35
New Generation Application Delivery Platform
Application Acceleration & Load Balancing
BranchCache Augments AX Native Optimized CachingSlide36
BranchCache: Enhancing the
Windows File Experience
Delivering best-in-class Windows® files services solution
Thousands of joint customers using SMB (CIFS) today
Use ranges from home directories to high performance engineering applications
Now also supporting SMB 2.0
BranchCache — NetApp® as a Content Server
Bring remote Windows users closer
Save on bandwidth and remote administration
NetApp is a gold sponsor – visit their booth!
Branch office / remote users
NetApp NAS in the data
centerSlide37
Symantec support for BranchCache
Symantec
World’s 4th largest ISV… Found in almost as many Windows environments as Microsoft
Security, Storage, HA, Backup, Archiving, Data Loss Prevention, Management…
Altiris
Server Management Suite from Symantec
Provide support for monitoring
BranchCache
on Windows Server 2008 R2
Provide alerting when problems are detected
Orchestrate and automate remediation when necessary
Branch
Corp HQ
data center
Altiris Server Management Suite
From SymantecSlide38
Site to Site VPN
Forefront Threat Management Gateway in the Branch
Branch Office
Main Office
Web Proxy & Cache
Featuring
Anti-Virus
URL Filtering
HTTPS Inspection
Network Intrusion Inspection
TMG
& Hosted Cache
Single Host for TMG & BranchCache (Hosted Cache) Standard deployment
Enterprise Management
Running on Windows Server 2008 R2Slide39
To Summarize
BranchCache
™
reduces WAN bandwidth consumed
by end users for intranet based HTTP and SMB traffic and
improves end user experience
BranchCache
™ accelerates delivery of encrypted and signed content such as when using HTTPS, IPsec
, SMB signing and at the same time ensures authorization of users by the server at the central office.
BranchCache™ doesn’t require additional equipment in the branch offices and can be
easily managed using existing systems management technology such as group policy
BranchCache has a vibrant and growing ecosystem giving customers the choice to pick a solution that works best for their needsSlide40
Resources
Website/TechNet
http://www.branchcache.com
http://technet.microsoft.com/en-us/network/dd425028.aspx
Email
branch@microsoft.comSlide41
www.microsoft.com/teched
Sessions On-Demand & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learning
Microsoft Certification and Training
R
esources
www.microsoft.com/learning
Microsoft Certification & Training Resources
ResourcesSlide42
Related Content
Breakout Sessions
WSV
312:
Enhancing the BRANCH Office Experience with Windows Server 2008
R2Slide43
Complete an evaluation on
CommNet
and enter to win!Slide44
©
2009 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT
MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.