branchcache - helping you save on wan bandwidth consumption at branch offices
DESCRIPTION
BranchCacheTRANSCRIPT
BranchCache: Helping You Save on WAN Bandwidth Consumption at Branch Offices
TechEd North America 20095/12/2009 4:55 PM 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
1BranchCache: Helping You Save on WAN Bandwidth Consumption at Branch OfficesRavi RaoSenior Program ManagerMicrosoft CorporationWSV303TechEd North America 20095/12/2009 4:57 PM 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
2AgendaProblem backgroundSolution modesDeploymentDemoDeep DivesContent IdentificationIntegration architectureSecurityEnd to end flowPartnersResources3
Problem BackgroundThin, expensive WAN links between main office and branch offices
High link utilization Poor application responsiveness Trend towards data centralization
4Customers SayWe are improving the efficiency of our branch offices and saving bandwidth by using BranchCache in Windows Server 2008 R2 and Windows 7, said Lukas Kucera, IT services manager of Lukoil CEEB, one of the largest integrated oil and gas companies in the world. Some of our smaller facilities, such as the office in Slovakia and the storage terminal in Belgium, have just five to 10 users, so its not efficient to deploy a file server on-site, but it consumes bandwidth to have them continually accessing files from the main servers. BranchCache is the perfect solution.Taking advantage of the BranchCache feature in Windows Server 2008 R2, we can spend $20,000 rather than $50,000 per year on bandwidth by postponing our expansion schedule.David Feng, IT Director, Sporton InternationalConvergent Computing (CCO) wanted to improve remote network access for its mobile users. Using the DirectAccess and BranchCache features in Windows Server 2008 R2 and Windows 7, CCO has simplified remote connection to its network and sped the downloading of important files. It has cut costs by eliminating its virtual private network and has seen a 43 percent savings in wide area network (WAN) bandwidth.5Solution Tenets6
GetGet
IDGet
Data
Branch OfficeMain OfficeDistributed CacheGet
ID
Data
Data7
GetGet
IDPut
Data
Branch OfficeMain OfficeHosted CacheGet
Data
ID
SearchGetSearchRequestOffer
ID
ID
ID
Data
ID
Data8Hosted CacheCentralized cache of data downloaded by the branch
The Hosted cache on Windows Server 2008 R2 provides the following featuresA centralized cache for Protocols: HTTP, SMB E2E encrypted/signed traffic: SSL, IPsec, SMB signing etcDoes not modify protocols; benefits from protocol optimizationsConfigurable size/location/persisted across reboots/flush-ableWorks across multiple subnetsAdmins can seed content by writing custom scriptsCan be a virtual workload in an appliance
Easy to deploy; clients are configured via policy
9Hosted CacheData cached at hosted cache serverRecommended for larger branchesCache stored centrally: can use existing server in the branchCache availability is highEnables branch-wide cachingHosted Cache vs. Distributed
Enterprise
Distributed Cache
Distributed Cache
Data cached amongst clientsRecommended for branches without any infrastructureEasy to deploy: Enabled on clients through Group PolicyCache availability decreases with laptops that go offline
10Microsoft Confiential: Preliminary Information: NDA OnlyOverall FrameworkIEHTTP BranchCacheSMBExplorer3rd Party ApplicationsRobocopyOfficeWMPBITSOfficeSharePointAppV11Deployment12DeploymentDistributedHQ: Content Server (must run R2)Branch: Client (must run Win 7 or R2)
HostedHQ: Content Server (must run R2)Branch: Hosted Cache (must run R2)Branch: Client (must run Win 7)
Works on Server Core R2 as well!13Deployment - Content serverHTTP server (IIS) - Install the BranchCache feature from Server Manager
SMB server (File server) Install the BranchCache role service feature within the file server role using Server Manager
Thats it14Deployment - Client15Deployment Hosted Cache16
Branch OfficeIISFile ServerGroup PolicyManagement
Install BranchCache feature on an R2 server
Group Policy to enable clients
HostedCacheOptionally, install a hosted cache in your branch
Branch OfficeBranch OfficeMain OfficeDeployment - Summary17Additional configuration optionsEnable / disable distributed cache modeEnable / disable hosted cache modeSet the cache sizeSet the location of the hosted cacheClear the cacheCreate and replicate a shared key for use in a server clusterAnd more
Works in domains and workgroups18MonitoringEvent logs - Operational logs & Audit logs
Perfmon counters - Client, hosted cache and Content Server
netsh for querying the infrastructure for |potential problemsCache size too small, firewall issues, certificate problems etc
SCOM pack - for rolling all the information up19BranchCache in ActionDevrim IyigunSenior Product ManagerMicrosoft Corporationdemo5/12/2009 4:56 PM 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
20Going Deeper21Content IdentifiersS1S2S3B1B2B1B2BnB1B2BnContentSegmentsUnit of discoveryBlocksUnit of downloadHashesReturned by serverSegment hashes, Block hashesup to ~2000x data reductionBn22HTTP Integrationhttp.sysIISBranchCachewininetOpen URLBranch Cache CapableGet dataDataDataDataH1H2H4H5HashlistHashlistHashlistHashlist
DataDataH3
BranchCacheIE23SMB IntegrationSMB ServerDriverSMB Hash Generation ServiceHashGen UtilityGenerate or update hashGenerate or update hashApplicationCSC DriverSMB Client DriverCSCCacheHashlistCSC ServiceBranchCacheDataHashlistRequest HashesReadFileDataPrefetch FileDataDataAccess hashesSavehashesRequest HashesHashlistHashlist24How is SSL Optimized?SocketsSSLHTTPIEBranchCacheBranchCacheData encryptedData in clearData in clearClientServerData encryptedIPsecSocketsSSLHTTPIISData encryptedData in clearData in clearIPsecData encryptedData encrypted25SecurityB1B2BnBlocksBlock hashesHash(block)Segment hash (SH)Hash (Blockhashes)Server secret keyKsPrivate Segment key (SK)Hash(SH, Ks)Encryption keyHash(SK, KeKeKe)Segment discovery keyHash(SK, SH+HoHoDk)
ClientServer26Flow a Security ViewClient requests data from the server, and indicates BranchCache capabilityServer authorizes the clientServer retrieves metadata (block hashes, segment hashes, private segment key) for the dataServer sends metadata on same channel as data
Client computes a segment discovery keyBroadcasts on the local network27Flow, ContinuedServing clients receive the broadcastDecrypt the segment hash from the segment discovery keyRespond with data availabilityClient requests blocks from the serving clientServing client computes encryption key from the segment private keyServing client encrypts each block with the encryption keyClient receives the dataDecrypts the dataValidates block data against the block hashIf valid, returns to application
28Security of Data at RestClientsCache only contains content requested by the clientData in cache ACLd so that it is only accessible if authorized by the serverIf data leakage is a concern, then use BitLocker or EFS
Hosted CacheCache contains content requested by all branch clients Use BitLocker or EFS to encrypt cache as necessary
All data can be purged from the cache using netsh29BranchCache Ecosystem Partnersannouncing5/12/2009 4:56 PM 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
30
Steelhead ApplianceRSPVMVMVMVMVirtualization Layer
VMRiverbed and Microsoft to extend optimization further for Windows 7 users with BranchCacheMicrosoft and Riverbed - Better TogetherJoint Optimization Solution for Windows 7 users
Riverbed Steelhead: Leading WAN optimization solution + BranchCacheLeader in the Gartner magic quadrantAccelerate applications: CIFS, MAPI, HTTP/S, TCP, and all other key protocolsCut bandwidth use: Save 65 95% of WAN utilizationPOLP Licensing Partner, and Windows OEMDeliver Windows to the branch with the Riverbed Services Platform (RSP): Offer Windows services such as AD, Streaming, Print, DNS and BranchCacheVisit Booth 247 for more info
31
WANBlue Coat BranchCache SupportAbout Blue Coat Application Delivery Network Vendor ProxySG for WAN Optimization & Secure Web GatewayLeader in Gartner Magic QuadrantsSecure Web Gateway, Sep 2008 WAN Optimization Controllers, Nov 2007
Blue Coat will support BranchCache protocolsBlue Coat will license Hosted Cache protocols on ProxySGEdge site hosted cache for SMB2, SMB signed & IPsecCore site proxy for legacy content servers (non-WS 2008 R2)RemoteOfficeData Center
ProxySG
ProxySG
32F5 and BranchCacheF5 is a player in Application Delivery Networking, with the mission of building network devices that support your applications, ensuring high availability, scalability, performance and security.BranchCache adds to BIG-IPs WAN acceleration portfolioSee a demo of BranchCache on the BIG-IP 6900 visit booth 311
33New Generation Application Delivery PlatformApplication Acceleration & Load Balancing BranchCache Augments AX Native Optimized Caching
34
BranchCache: Enhancing the Windows File ExperienceDelivering best-in-class Windows files services solutionThousands of joint customers using SMB (CIFS) todayUse ranges from home directories to high performance engineering applicationsNow also supporting SMB 2.0 BranchCache NetApp as a Content ServerBring remote Windows users closerSave on bandwidth and remote administrationNetApp is a gold sponsor visit their booth!
Branch office / remote usersNetApp NAS in the datacenter
35
Symantec Support for BranchCacheSymantecWorlds 4th largest ISV Found in almost as many Windows environments as MicrosoftSecurity, Storage, HA, Backup, Archiving, Data Loss Prevention, Management
Altiris Server Management Suite from SymantecProvide support for monitoring BranchCache on Windows Server 2008 R2Provide alerting when problems are detectedOrchestrate and automate remediation when necessaryBranchCorp HQ data center
Altiris Server Management SuiteFrom Symantec
36
Site to Site VPNForefront Threat Management Gateway in the Branch
Branch OfficeMain Office
Web Proxy & CacheFeaturingAnti-VirusURL FilteringHTTPS InspectionNetwork Intrusion Inspection
TMG& Hosted Cache
Single Host for TMG & BranchCache (Hosted Cache) Standard deploymentEnterprise ManagementRunning on Windows Server 2008 R2
37To SummarizeBranchCache reduces WAN bandwidth consumed by end users for intranet based HTTP and SMB traffic and improves end user experience
BranchCache accelerates delivery of encrypted and signed content such as when using HTTPS, IPsec, SMB signing and at the same time ensures authorization of users by the server at the central office.
BranchCache doesnt require additional equipment in the branch offices and can be easily managed using existing systems management technology such as group policy
BranchCache has a vibrant and growing ecosystem giving customers the choice to pick a solution that works best for their needs
38ResourcesWebsite/TechNethttp://www.branchcache.com http://technet.microsoft.com/en-us/network/dd425028.aspx
At TechEd, we have booths in the TLC Orange AreaWindows Server Branch Office Solutions - BranchCacheWindows Services for the Branch Partner Solutions
39
www.microsoft.com/teched
Sessions On-Demand & Communityhttp://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developerswww.microsoft.com/learningMicrosoft Certification and Training Resourceswww.microsoft.com/learning
Microsoft Certification & Training ResourcesResources
40Related ContentBreakout Sessions WSV 403: Enhancing the Branch office experience with Windows Server 2008 R2Hands-on LabsWSV14-HOL: Windows Server 2008 R2 - BranchCaching41Windows Server ResourcesMake sure you pick up your copy of Windows Server 2008 R2 RC from the Materials Distribution CounterLearn More about Windows Server 2008 R2: www.microsoft.com/WindowsServer2008R2 Technical Learning Center (Orange Section): Highlighting Windows Server 2008 and R2 technologiesOver 15 booths and experts from Microsoft and our partners
42Complete an evaluation on CommNet and enter to win!
43
2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.5/12/2009 4:56 PM 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
44