Inexpensively Speed Up Branch Office Access & Reduce Wa - PowerPoint Presentation

Slide1

Inexpensively Speed Up Branch Office Access & Reduce Wasted Time by Implementing BranchCache

Greg Shields, MVPSenior Partner and Principal TechnologistConcentrated Technologywww.ConcentratedTech.com

WSV202Slide2

Agenda

Part I: Understanding BranchCacheDiscussion: Architectures you’d use in your own environment.Discussion: Is this solution more advantageous than WAN optimizers?

Part II: Implementing BranchCache

Fairly unexciting, but that’s a good thing…

2

Not much to see in terms of DEMO.

So

,

this session focuses

on architecture and best fit for your

environment.Slide3

Part I: Understanding BranchCacheSlide4

The Problem with Branch Offices

Branch office users are people too!However, their connection to the LAN includes a hop through a sometimes nasty WAN.Local files are fast. Remote files are not.Users in branch offices often suffer because of WAN delay.

Bad for business.

Bad for IT.Slide5

Branch Offices Don’t Have to be “Branch Offices”

A “branch office” doesn’t necessarily need to be an office that exists in a branch location.A branch office in this context is really any LAN location that is separated by a slow network link.

Slow ==

< LAN speedSlide6

More Problems with Branch OfficesBranch offices are often locations with few people and resources.

Their lack of people and resources is usually the reason for their slow network connection!WAN optimizers exist, but can be expensive. Often involves hardware.But the central business problem is that there simply isn’t enough “work” at the site to justify hardware.WAN optimizers are often too powerful of a solution.

People just need faster access to files and web sites.

Businesses can’t justify cost.Slide7

Solving the Branch Office ConundrumBusinesses today need cost-effective solutions that don’t necessarily require on-site hardware.

However, such solutions should be “future proof”,e.g. scalable with hardware if needed in the future.Slide8

Solving the Branch Office Conundrum

Businesses today need cost-effective solutions that don’t necessarily require on-site hardware.However, such solutions should be “future proof”,e.g. scalable with hardware if needed in the future.

Most businesses today just need a solution to improve file and folder access, web site access, and perhaps a few applications.

Must be a “set-it-and-forget-it” solution.

Other application and data accesses can be handled through existing solutions: RDS, for example.

Solution: BranchCache!Slide9

What is BranchCache?BranchCache caches content from main office servers to branch office locations.

To specially-configured BranchCache servers……or, to one or more desktops at the branch office.What kind of content?Files and foldersHTTP / HTTPS sites

BITS-enabled applications (WSUS comes to mind)

Any tool, service, application, or widget that makes use of the SMB/HTTP/BITS stackSlide10

What is BranchCache?

BranchCache’s services operate “below” the SMB/HTTP/BITS stack.This means that any tool (Robocopy, WMP, IE, Flash, Silverlight, etc) that uses SMB/HTTP is

transparently

and

automatically

cached.Slide11

What is BranchCache?

BranchCache’s services operate “below” the SMB/HTTP/BITS stack.This means that any tool (Robocopy

, WMP, IE, Flash, Silverlight,

etc

) that uses SMB/HTTP is transparently and automatically cached.

Result: No change in user procedures.Users simply access their files in the same locations they’re used to.Under the covers, they’re transparently redirected to a locally-cached copy (if it exists).If no copy exists, one is cached after its first access and download to the remote site.Slide12

BranchCache Dataflow(Initial Access, Distributed Cache)

Client 1 sends a request for content to the main office content server. In this request, Client 1 indicates that it is BranchCache-capable.

The content server obtains

previously generated content

information from a local cache and sends it to Client 1.

Client 1 uses the content information and sends a multicast message to all computers on the subnet requesting the content; no computers have the content, however, because none of them has previously downloaded the content from the main office.Client 1 requests the content from the main office content server.Client 1 receives content from the content server and stores the content in its cache.Slide13

BranchCache

Dataflow

(Subsequent Accesses, Distributed Cache)

Client 2 sends a request for content to the main office content server. In this case, Client 2 seeks the same content that Client 1 has already obtained.

The content server obtains

previously generated content information from a local cache and sends it to Client 2.Client 2 uses the content information and sends a multicast message to determine if any clients in the branch office have already cached the content. Client 1 sends a response stating that it has the content.Client 2 requests the content from Client 1, connects to Client 1, and downloads the content.Slide14

OK, So What is this“Previously-Generated Content”?

Call it…“content metadata”.Content is broken into blocks, or “chunks of data”.For each block, block and segment hashes are computed (using SHA-256).Compression ratio of hash to original content is around 2000:1.

One file == many blocks. Discrete content chunking.Slide15

OK, So What is this“Previously-Generated Content”?

Call it…“content metadata”.Content is broken into blocks, or “chunks of data”.For each block, block and segment hashes are computed (using SHA-256).

Compression ratio of hash to original content is around 2000:1.

One file == many blocks. Discrete content chunking.

Segment hashes provide a unit of discovery.

“I’m looking for this file, do you have it, and do you have the version of it that I want?”Block hashes provide a unit of download.“You do? Good. I already have most of the file.Give me just this tiny bit of it that I still need.”Slide16

What is “Previously-Generated Content”?

All of this is transparent to both

you

and

the user

.Its faster to compare content “chunks” than actual content.Slide17

Options:Distributed & Hosted Cache

Distributed CacheWindows 7 computers store the cached content.Windows 7 computers multicast with each other to inform a requestor that they have/don’t-have content.Client bits are a default component of Windows 7 & R2 (only), must be specifically enabled.

Hosted Cache

A specially-configured Server 2008 R2 server is used for content storage at branch office.

Desktops still complete the initial download on their own. Server then caches the content from the client.

The previous example used a Distributed CacheSlide18

BranchCache Dataflow

(Initial Access, Hosted Cache)

Client 1 sends a request for content to the main office content server. In this request, Client 1 indicates that it is BranchCache-capable.

The content server obtains previously generated content information from a local cache and sends it to Client 1.

Client 1 requests the content from the hosted cache server in the branch office, and the hosted cache server informs Client 1 that it does not have the content in its cache.

Client 1 requests the content from the main office content server.Client 1 receives content from the main office content server.Client 1 advertises the content to the hosted cache server in the branch office; the hosted cache server connects to the client and downloads the content to store in its cache.Slide19

BranchCache Dataflow

(Subsequent Accesses, Hosted Cache)

Client 2 sends a request for content to the main office content server. In this case, Client 2 seeks the same content that Client 1 has already obtained.

The content server obtains previously generated content information from a local cache and sends it to Client 2.

Client 2 uses the content information and sends a request to the hosted cache server for the content. The hosted cache server sends a response stating that it has the content.

Client 2 connects to the hosted cache server and downloads the content, using the content information that it received from the main office content server to verify the data.Slide20

BranchCache Dataflow

(Subsequent Accesses, Hosted Cache)

Client 2 sends a request for content to the main office content server. In this case, Client 2 seeks the same content that Client 1 has already obtained.

The content server obtains previously generated content information from a local cache and sends it to Client 2.

Client 2 uses the content information and sends a request to the hosted cache server for the content. The hosted cache server sends a response stating that it has the content.

Client 2 connects to the hosted cache server and downloads the content, using the content information that it received from the main office content server to verify the data.Notice:Initial access in each example is always to the Main Office’s content server.Thus:

No change in user behavior.Slide21

DISCUSS:Which Would You Use? Why?

Distributed Mode?Cached Mode?Why?Slide22

Advantages of Hosted Mode

No need to use Windows 7 desktops as content storage locations.Uses drive space, slight increase in processor use.Eliminates need for multicasting around local net.Hosted cache is a server, always on.

Powered down desktops also take down cache data.

Better bandwidth savings (in comparison)

Multiple subnets with distributed mode creates cache islands. Won’t cross subnets.

Larger offices need more cached data, can justify a server purchaseAuditing: Easier to audit in hosted mode.Slide23

Protocols in Use

Protocol

Used For

SHA-256

Hashing data on content

server.HTTP / SMB / BITSInitial client communication with content (file, web, application) server.BranchCache Discovery ProtocolUsed by clients to search local network for content.WS-Discovery

Used

by BranchCache Discovery Protocol (Web Services, Multicast, UDP)

BranchCache Retrieval Protocol (MS-PCCRD)

Used by clients to obtain

content (HTTP)

BranchCache Hosted Cache Protocol (MD-PCHC)

Used by

clients to advertise to Hosted Cache that they have content for storage.Slide24

Built-in Security Features

Security at RestContent integrity through chunkingPre-transfer authentication/authorization through requesting protocol (SMB/HTTP/etc).Metadata hashes become post-transfer integrity verification.BranchCache respects NTFS ACLs at all times.

Cache can be encrypted with BitLocker or EFS.

Hosted cache further protected via certificate.

Security in Transit

SSL authentication optional for content transferTransferred content encrypted using AES 128 (key derived from metadata).Slide25

DISCUSS:Is this More Advantageous than WAN Optimizers?

Financially advantageous?Features & capabilities?Usefulness for users?Slide26

Part II: Deploying BranchCacheSlide27

Important Points for DesignBranchCache available on Windows® 7 Enterprise and Ultimate, Windows Server 2008 R2 (only).

You must enable BranchCache and create firewall exceptions to allow BranchCache traffic between client computers.Web server contentInstall the BranchCache feature on the application server or Web server whose content you wish to cache in branch offices.

File server content

The

BranchCache for network files

role service of the File Server role in Windows Server 2008 R2 must be installed and enabled.Do not also deploy WAN accelerators between branch offices and the main office.BranchCache does not function correctly when there are WAN accelerators between a branch office and the main office.Slide28

Important Points for Design

Functionality

Computer Location

Install this Component

Web

serverMain officeBranchCache featureFile serverMain officeBranchCache for Network Files role service of File Services role

BITS application server

Main office

BranchCache feature

Hosted cache server

Branch office

BranchCache feature

with hosted cache mode enabled; trusted certificate

Client cache server

Branch office

Enable

BranchCache on the clientSlide29

Important Points for DesignSlide30

Implementing Distributed ModeInstall the BranchCache for Network Files role service to a file server in the main office.Slide31

Implementing Distributed ModeInstall the BranchCache feature to a web or application server in the main office.Slide32

Implementing Distributed ModeUse Group Policy to configure BranchCache client settings

Computer Configuration | Policies | Administrative Templates | Network | BranchCacheTurn on BranchCache (Yes/No)Set BranchCache Distributed Cache mode (Yes / No)

Set BranchCache Hosted Cache mode

(Yes / No, Enter location [FQDN] of hosted cache)

Configure BranchCache for network files

(Yes / No, Round trip latency value above which files are cached)Set percentage of disk space used for client computer cache (Numerical percentage value)Slide33

Implementing Distributed ModeUse Group Policy to configure BranchCache server settings

Computer Configuration | Policies | Administrative Templates | Network | Lanman ServerHash Publication for BranchCache0 = Allow hash publication only for shared folders on which BranchCache is enabled.1 = Disallow hash publication on all shared folders

2 = Allow hash publication for all shared foldersSlide34

Implementing Distributed ModeUse Group Policy to create firewall exception.

Predefined: BranchCache – Content Retrieval (Uses HTTP)Predefined: BranchCache – Peer Discovery (Uses WSD)Slide35

Implementing Distributed Mode

Enable BranchCache on file sharesAccomplished within Shareand Storage ManagementSlide36

Implementing Hosted ModeAll of the above, plus:

Install and configure a Windows Server 2008 R2 server within the branch office site.Install a trusted web server certificate to the server.Install BranchCache feature.Link the certificate to BranchCache using netsh http add sslcert ipport=0.0.0.0:443 certhash=<SHA-1_Hash> appid={d673f5ee-a714-454d-8de2-492e4c1bd8f8}

Resize the cache on the server (defaults to 5% of active partition) with

netsh branchcache set cachesize size=<sizeInPercent> percent=TRUE

Sit back. Relax. Enjoy.Slide37

Verifying HappynessSlide38

Final ThoughtsImplementing BranchCache is ridiculously easy.

It will accelerate the things it can, and won’t for the things it can’t.You already have this technology, why not implement it?Pay careful attention to which mode makes most sense for your needs: Security, availability, centralization, etc.

Greg Shields, MVP

Senior Partner and Principal Technologist

Concentrated Technology

www.ConcentratedTech.comSlide39

Track Resources

Don’t forget to visit the

Cloud Power area within the TLC (

Blue

Section

) to see product demos and speak with experts about the Server & Cloud Platform solutions that help drive your business forward.You can also find the latest information about our products at the following links:

Windows Azure -

http://www.microsoft.com/windowsazure/

Microsoft System Center -

http://www.microsoft.com/systemcenter/

Microsoft Forefront -

http://www.microsoft.com/forefront/

Windows Server -

http://www.microsoft.com/windowsserver/

Cloud Power -

http://

www.microsoft.com/cloud/

Private Cloud -

http://

www.microsoft.com/privatecloud/

Slide40

Resources

www.microsoft.com/teched

Sessions On-Demand & Community

Microsoft Certification & Training Resources

Resources for IT Professionals

Resources for Developers

www.microsoft.com/learning

http://microsoft.com/technet

http://microsoft.com/msdn

Learning

http://northamerica.msteched.com

Connect. Share. Discuss.Slide41

Complete an evaluation on

CommNet

and

enter to win!Slide42
Slide43

©

2011 Microsoft

Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment

on

the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT

MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.Slide44