Greg Shields MVP Senior Partner and Principal Technologist Concentrated Technology wwwConcentratedTechcom WSV202 Agenda Part I Understanding BranchCache Discussion Architectures youd use in your own environment ID: 595853
Download Presentation The PPT/PDF document "Inexpensively Speed Up Branch Office Acc..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Inexpensively Speed Up Branch Office Access & Reduce Wasted Time by Implementing BranchCache
Greg Shields, MVPSenior Partner and Principal TechnologistConcentrated Technologywww.ConcentratedTech.com
WSV202Slide2
Agenda
Part I: Understanding BranchCacheDiscussion: Architectures you’d use in your own environment.Discussion: Is this solution more advantageous than WAN optimizers?
Part II: Implementing BranchCache
Fairly unexciting, but that’s a good thing…
2
Not much to see in terms of DEMO.
So
,
this session focuses
on architecture and best fit for your
environment.Slide3
Part I: Understanding BranchCacheSlide4
The Problem with Branch Offices
Branch office users are people too!However, their connection to the LAN includes a hop through a sometimes nasty WAN.Local files are fast. Remote files are not.Users in branch offices often suffer because of WAN delay.
Bad for business.
Bad for IT.Slide5
Branch Offices Don’t Have to be “Branch Offices”
A “branch office” doesn’t necessarily need to be an office that exists in a branch location.A branch office in this context is really any LAN location that is separated by a slow network link.
Slow ==
< LAN speedSlide6
More Problems with Branch OfficesBranch offices are often locations with few people and resources.
Their lack of people and resources is usually the reason for their slow network connection!WAN optimizers exist, but can be expensive. Often involves hardware.But the central business problem is that there simply isn’t enough “work” at the site to justify hardware.WAN optimizers are often too powerful of a solution.
People just need faster access to files and web sites.
Businesses can’t justify cost.Slide7
Solving the Branch Office ConundrumBusinesses today need cost-effective solutions that don’t necessarily require on-site hardware.
However, such solutions should be “future proof”,e.g. scalable with hardware if needed in the future.Slide8
Solving the Branch Office Conundrum
Businesses today need cost-effective solutions that don’t necessarily require on-site hardware.However, such solutions should be “future proof”,e.g. scalable with hardware if needed in the future.
Most businesses today just need a solution to improve file and folder access, web site access, and perhaps a few applications.
Must be a “set-it-and-forget-it” solution.
Other application and data accesses can be handled through existing solutions: RDS, for example.
Solution: BranchCache!Slide9
What is BranchCache?BranchCache caches content from main office servers to branch office locations.
To specially-configured BranchCache servers……or, to one or more desktops at the branch office.What kind of content?Files and foldersHTTP / HTTPS sites
BITS-enabled applications (WSUS comes to mind)
Any tool, service, application, or widget that makes use of the SMB/HTTP/BITS stackSlide10
What is BranchCache?
BranchCache’s services operate “below” the SMB/HTTP/BITS stack.This means that any tool (Robocopy, WMP, IE, Flash, Silverlight, etc) that uses SMB/HTTP is
transparently
and
automatically
cached.Slide11
What is BranchCache?
BranchCache’s services operate “below” the SMB/HTTP/BITS stack.This means that any tool (Robocopy
, WMP, IE, Flash, Silverlight,
etc
) that uses SMB/HTTP is transparently and automatically cached.
Result: No change in user procedures.Users simply access their files in the same locations they’re used to.Under the covers, they’re transparently redirected to a locally-cached copy (if it exists).If no copy exists, one is cached after its first access and download to the remote site.Slide12
BranchCache Dataflow(Initial Access, Distributed Cache)
Client 1 sends a request for content to the main office content server. In this request, Client 1 indicates that it is BranchCache-capable.
The content server obtains
previously generated content
information from a local cache and sends it to Client 1.
Client 1 uses the content information and sends a multicast message to all computers on the subnet requesting the content; no computers have the content, however, because none of them has previously downloaded the content from the main office.Client 1 requests the content from the main office content server.Client 1 receives content from the content server and stores the content in its cache.Slide13
BranchCache
Dataflow
(Subsequent Accesses, Distributed Cache)
Client 2 sends a request for content to the main office content server. In this case, Client 2 seeks the same content that Client 1 has already obtained.
The content server obtains
previously generated content information from a local cache and sends it to Client 2.Client 2 uses the content information and sends a multicast message to determine if any clients in the branch office have already cached the content. Client 1 sends a response stating that it has the content.Client 2 requests the content from Client 1, connects to Client 1, and downloads the content.Slide14
OK, So What is this“Previously-Generated Content”?
Call it…“content metadata”.Content is broken into blocks, or “chunks of data”.For each block, block and segment hashes are computed (using SHA-256).Compression ratio of hash to original content is around 2000:1.
One file == many blocks. Discrete content chunking.Slide15
OK, So What is this“Previously-Generated Content”?
Call it…“content metadata”.Content is broken into blocks, or “chunks of data”.For each block, block and segment hashes are computed (using SHA-256).
Compression ratio of hash to original content is around 2000:1.
One file == many blocks. Discrete content chunking.
Segment hashes provide a unit of discovery.
“I’m looking for this file, do you have it, and do you have the version of it that I want?”Block hashes provide a unit of download.“You do? Good. I already have most of the file.Give me just this tiny bit of it that I still need.”Slide16
What is “Previously-Generated Content”?
All of this is transparent to both
you
and
the user
.Its faster to compare content “chunks” than actual content.Slide17
Options:Distributed & Hosted Cache
Distributed CacheWindows 7 computers store the cached content.Windows 7 computers multicast with each other to inform a requestor that they have/don’t-have content.Client bits are a default component of Windows 7 & R2 (only), must be specifically enabled.
Hosted Cache
A specially-configured Server 2008 R2 server is used for content storage at branch office.
Desktops still complete the initial download on their own. Server then caches the content from the client.
The previous example used a Distributed CacheSlide18
BranchCache Dataflow
(Initial Access, Hosted Cache)
Client 1 sends a request for content to the main office content server. In this request, Client 1 indicates that it is BranchCache-capable.
The content server obtains previously generated content information from a local cache and sends it to Client 1.
Client 1 requests the content from the hosted cache server in the branch office, and the hosted cache server informs Client 1 that it does not have the content in its cache.
Client 1 requests the content from the main office content server.Client 1 receives content from the main office content server.Client 1 advertises the content to the hosted cache server in the branch office; the hosted cache server connects to the client and downloads the content to store in its cache.Slide19
BranchCache Dataflow
(Subsequent Accesses, Hosted Cache)
Client 2 sends a request for content to the main office content server. In this case, Client 2 seeks the same content that Client 1 has already obtained.
The content server obtains previously generated content information from a local cache and sends it to Client 2.
Client 2 uses the content information and sends a request to the hosted cache server for the content. The hosted cache server sends a response stating that it has the content.
Client 2 connects to the hosted cache server and downloads the content, using the content information that it received from the main office content server to verify the data.Slide20
BranchCache Dataflow
(Subsequent Accesses, Hosted Cache)
Client 2 sends a request for content to the main office content server. In this case, Client 2 seeks the same content that Client 1 has already obtained.
The content server obtains previously generated content information from a local cache and sends it to Client 2.
Client 2 uses the content information and sends a request to the hosted cache server for the content. The hosted cache server sends a response stating that it has the content.
Client 2 connects to the hosted cache server and downloads the content, using the content information that it received from the main office content server to verify the data.Notice:Initial access in each example is always to the Main Office’s content server.Thus:
No change in user behavior.Slide21
DISCUSS:Which Would You Use? Why?
Distributed Mode?Cached Mode?Why?Slide22
Advantages of Hosted Mode
No need to use Windows 7 desktops as content storage locations.Uses drive space, slight increase in processor use.Eliminates need for multicasting around local net.Hosted cache is a server, always on.
Powered down desktops also take down cache data.
Better bandwidth savings (in comparison)
Multiple subnets with distributed mode creates cache islands. Won’t cross subnets.
Larger offices need more cached data, can justify a server purchaseAuditing: Easier to audit in hosted mode.Slide23
Protocols in Use
Protocol
Used For
SHA-256
Hashing data on content
server.HTTP / SMB / BITSInitial client communication with content (file, web, application) server.BranchCache Discovery ProtocolUsed by clients to search local network for content.WS-Discovery
Used
by BranchCache Discovery Protocol (Web Services, Multicast, UDP)
BranchCache Retrieval Protocol (MS-PCCRD)
Used by clients to obtain
content (HTTP)
BranchCache Hosted Cache Protocol (MD-PCHC)
Used by
clients to advertise to Hosted Cache that they have content for storage.Slide24
Built-in Security Features
Security at RestContent integrity through chunkingPre-transfer authentication/authorization through requesting protocol (SMB/HTTP/etc).Metadata hashes become post-transfer integrity verification.BranchCache respects NTFS ACLs at all times.
Cache can be encrypted with BitLocker or EFS.
Hosted cache further protected via certificate.
Security in Transit
SSL authentication optional for content transferTransferred content encrypted using AES 128 (key derived from metadata).Slide25
DISCUSS:Is this More Advantageous than WAN Optimizers?
Financially advantageous?Features & capabilities?Usefulness for users?Slide26
Part II: Deploying BranchCacheSlide27
Important Points for DesignBranchCache available on Windows® 7 Enterprise and Ultimate, Windows Server 2008 R2 (only).
You must enable BranchCache and create firewall exceptions to allow BranchCache traffic between client computers.Web server contentInstall the BranchCache feature on the application server or Web server whose content you wish to cache in branch offices.
File server content
The
BranchCache for network files
role service of the File Server role in Windows Server 2008 R2 must be installed and enabled.Do not also deploy WAN accelerators between branch offices and the main office.BranchCache does not function correctly when there are WAN accelerators between a branch office and the main office.Slide28
Important Points for Design
Functionality
Computer Location
Install this Component
Web
serverMain officeBranchCache featureFile serverMain officeBranchCache for Network Files role service of File Services role
BITS application server
Main office
BranchCache feature
Hosted cache server
Branch office
BranchCache feature
with hosted cache mode enabled; trusted certificate
Client cache server
Branch office
Enable
BranchCache on the clientSlide29
Important Points for DesignSlide30
Implementing Distributed ModeInstall the BranchCache for Network Files role service to a file server in the main office.Slide31
Implementing Distributed ModeInstall the BranchCache feature to a web or application server in the main office.Slide32
Implementing Distributed ModeUse Group Policy to configure BranchCache client settings
Computer Configuration | Policies | Administrative Templates | Network | BranchCacheTurn on BranchCache (Yes/No)Set BranchCache Distributed Cache mode (Yes / No)
Set BranchCache Hosted Cache mode
(Yes / No, Enter location [FQDN] of hosted cache)
Configure BranchCache for network files
(Yes / No, Round trip latency value above which files are cached)Set percentage of disk space used for client computer cache (Numerical percentage value)Slide33
Implementing Distributed ModeUse Group Policy to configure BranchCache server settings
Computer Configuration | Policies | Administrative Templates | Network | Lanman ServerHash Publication for BranchCache0 = Allow hash publication only for shared folders on which BranchCache is enabled.1 = Disallow hash publication on all shared folders
2 = Allow hash publication for all shared foldersSlide34
Implementing Distributed ModeUse Group Policy to create firewall exception.
Predefined: BranchCache – Content Retrieval (Uses HTTP)Predefined: BranchCache – Peer Discovery (Uses WSD)Slide35
Implementing Distributed Mode
Enable BranchCache on file sharesAccomplished within Shareand Storage ManagementSlide36
Implementing Hosted ModeAll of the above, plus:
Install and configure a Windows Server 2008 R2 server within the branch office site.Install a trusted web server certificate to the server.Install BranchCache feature.Link the certificate to BranchCache using netsh http add sslcert ipport=0.0.0.0:443 certhash=<SHA-1_Hash> appid={d673f5ee-a714-454d-8de2-492e4c1bd8f8}
Resize the cache on the server (defaults to 5% of active partition) with
netsh branchcache set cachesize size=<sizeInPercent> percent=TRUE
Sit back. Relax. Enjoy.Slide37
Verifying HappynessSlide38
Final ThoughtsImplementing BranchCache is ridiculously easy.
It will accelerate the things it can, and won’t for the things it can’t.You already have this technology, why not implement it?Pay careful attention to which mode makes most sense for your needs: Security, availability, centralization, etc.
Greg Shields, MVP
Senior Partner and Principal Technologist
Concentrated Technology
www.ConcentratedTech.comSlide39
Track Resources
Don’t forget to visit the
Cloud Power area within the TLC (
Blue
Section
) to see product demos and speak with experts about the Server & Cloud Platform solutions that help drive your business forward.You can also find the latest information about our products at the following links:
Windows Azure -
http://www.microsoft.com/windowsazure/
Microsoft System Center -
http://www.microsoft.com/systemcenter/
Microsoft Forefront -
http://www.microsoft.com/forefront/
Windows Server -
http://www.microsoft.com/windowsserver/
Cloud Power -
http://
www.microsoft.com/cloud/
Private Cloud -
http://
www.microsoft.com/privatecloud/
Slide40
Resources
www.microsoft.com/teched
Sessions On-Demand & Community
Microsoft Certification & Training Resources
Resources for IT Professionals
Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn
Learning
http://northamerica.msteched.com
Connect. Share. Discuss.Slide41
Complete an evaluation on
CommNet
and
enter to win!Slide42Slide43
©
2011 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment
on
the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT
MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.Slide44