branchcache speeding up the branch office chad duffey premier field engineer microsoft certified...
TRANSCRIPT
![Page 1: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/1.jpg)
BranchCacheSpeeding up the Branch Office
Chad Duffey
Premier Field Engineer
Microsoft Certified Master – Active Directory
December 15th 2011
![Page 2: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/2.jpg)
Agenda
• BranchCache 101• A little Deeper• FAQ’s
![Page 3: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/3.jpg)
Branch Cache Fundamentals
![Page 4: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/4.jpg)
4
Branch Office Network Performance
Caches content downloaded from file and Web serversUsers in the branch can quickly open files stored in the cacheFrees up network bandwidth for other uses
Application and data access over WAN is slow in branch officesSlow connections hurt user productivity Improving network performance is expensive and difficult to implement
Normal Branch Office Windows 7 & Server 2008 R2 SolutionBranchCache™
![Page 5: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/5.jpg)
5
Cache stored centrally: existing server in the branchCache availability is highEnables branch-wide cachingIncreased reliability
BranchCache: Two Approaches
Enterprise
Recommended for branches without a branch serverEasy to deploy: Enabled on clients through Group PolicyCache availability decreases with laptops that go offline
Distributed Mode Hosted Mode
![Page 6: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/6.jpg)
6
IISFile Server
Group PolicyManagement
Install the optional “Windows BranchCache” component on a Windows 2008 R2 web or file server
Use Group Policy to enable Windows BranchCache on Windows 7 clients
HostedCache
Optionally, install a hosted cache in your branch. Configure clients to use it with Group Policy
Deployment Summary
![Page 7: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/7.jpg)
7
Get
GetID
Get
Data
How it works: BranchCache Distributed Cache
Get
IDData
Data
![Page 8: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/8.jpg)
8
Get
GetID
Put
Data
How it works: BranchCache Hosted Cache
Get
DataID
Search
Get
Sear
ch
Request
Advertize
ID
ID
ID
Data
ID
Data
![Page 9: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/9.jpg)
Demonstration of Branch Cache
![Page 10: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/10.jpg)
10
BranchCache Framework
3rd Party Applications
IE
HTTP (WebIO/http.sys)
BranchCache
WMP
SMB(CSC/SRV)
SharePointExplorer Office BITSOffice CopyFile
![Page 11: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/11.jpg)
11
BranchCache Deployment
Distributed Cache Implementation
HQ: Content Server (Windows Server 2008 R2 required)Branch: Client (Windows 7 required)
Hosted Cache Implementation
HQ: Content Server (Windows Server 2008 R2 required) Branch: Hosted Cache (Windows Server 2008 R2 required) Branch: Client (Windows 7 required)
![Page 12: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/12.jpg)
12
Deployment - Content Server
HTTP server (IIS) - Install the BranchCache feature from Server Manager
SMB server (File server) – Install the BranchCache role service feature within the file server role using Server Manager
That’s it…
Optional: Hasgen.exe
![Page 13: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/13.jpg)
13
Deployment - Client
Identify the “branch”• An Active Directory Site• An IP address range• A collection of specific client computers
Choose how to deploy• Group Policy• netsh
Deploy to clients• Group policy: Use built-in ADMX files• netsh: Run netsh branchcache set service distributed on all relevant clients
![Page 14: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/14.jpg)
14
Deployment – Hosted Cache
Setup the Hosted Cache• Install the BranchCache feature on an R2 server• Install a server-auth certificate for use with SSL• Run netsh branchcache set service hostedserver on the
hosted cache
Identify Branch
Choose how to deploy
Deploy to clients• Group policy: Use built-in ADMX files• netsh: Run netsh branchcache set service hostedclient location=<> on all clients
![Page 15: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/15.jpg)
Demonstration of Configuration
![Page 16: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/16.jpg)
16
Additional Configuration Options
With Group Policy and NetSH you can:Enable / disable Distributed CacheEnable / disable Hosted CacheSet the cache sizeSet the location of the Hosted CacheClear the cacheCreate and replicate a shared key for use in a server clusterAnd more …
Works in domains and workgroups
![Page 17: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/17.jpg)
A little deeper…
![Page 18: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/18.jpg)
18
Content identifiers
S1 S2 S3
B1
B2
B1
B2
Bn
B1
B2
Bn
Content
SegmentsUnit of discovery
BlocksUnit of download
HashesReturned by server
Segment hashes, Block hashes2000:1 compression ratio
Bn
![Page 19: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/19.jpg)
19
How is SSL optimized?
Sockets
SSL
HTTP
IE
Sockets
SSL
HTTP
IIS
Data in clear
Data in clear
Data encrypted
BranchCache
BranchCache
Data encrypted
Data in clear
Data in clear
![Page 20: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/20.jpg)
20
Security
B1
B2
BnBlocks
Block hashesHash(block)
Segment hash (SH)Hash (Blockhashes)
Server secret keyKs
Private Segment key (SK)Hash(SH, Ks)
Encryption keyHash(SK, “KeKeKe”)
Segment discovery keyHash(SK, SH+”HoHoDk”)
Client
Server
![Page 21: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/21.jpg)
21
Flow – a Security View
Client requests data from the server, and indicates BranchCache capabilityServer authorizes the clientServer retrieves metadata (block hashes, segment hashes, private segment key) for the dataServer sends metadata on same channel as data
Client computes a segment discovery keyBroadcasts on the local network
![Page 22: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/22.jpg)
22
Security of Data at Rest
ClientsCache only contains content requested by the clientData in cache ACL’d so that it is only accessible if authorized by the serverIf data leakage is a concern, then use BitLocker or EFS
Hosted CacheCache contains content requested by all branch clients Use BitLocker or EFS to encrypt cache as necessary
All data can be purged from the cache using netsh
![Page 23: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/23.jpg)
23
BranchCache Benefits
Improve application responsiveness and reduce file transfer wait timeCombined with other SMB offerings enhance the user experience on remote shares
Optimize network utilization:Recommended for HTTP and HTTPS-based intranet trafficPerforms well for SMB (and signed SMB) shares on the read pathSupport network security protocols (SSL, Ipsec)Reduce the cost of managing WAN
End User Benefits
IT Pro Benefits
![Page 24: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/24.jpg)
Common Questions
Q: When will this be made available for Vista or XP?A: It won’t. BranchCache in only supported with Windows 7 Enterprise, Ultimate & Windows 2008 R2
editions.
Q: What size content is cached?A: 64 KB and greater.
Q: Is there a peer discovery timeout? A: 300 ms
Q: What kind of encryption is used?A: Custom scheme based on AES128.
Q: Does knowledge of the hash ID grant access?A: No. Access must still be granted by the file server.
![Page 25: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/25.jpg)
Common Questions Continued…
Q: Will BranchCache work during WAN outages?A: No. Clients must be able to contact the content server to get content identifiers.
Q: Can I pre-populate cached files?A: Yes. Consider using scheduled task , PowerShell Remoting or some other technique. For WSUS &
SCCM, consider targeting one client in each remote office before the others.
Q: How does Branch Cache avoid discovery storms?A: Responses to search requests are staggered. If a client detects that many others on the subnet
already have a piece of content, it won’t bother caching it too.
Q: How long does data stay in cache? A: Until NetSH is used to flush the cache or until the cache is full and starts to roll.
Q: Is BranchCache supported on Server Core? A: Absolutely.
![Page 26: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/26.jpg)
26
Microsoft Confidential
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of
Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
![Page 27: BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory chduffey@microsoft.com December](https://reader035.vdocuments.net/reader035/viewer/2022062518/56649c7c5503460f9493145f/html5/thumbnails/27.jpg)
27
Microsoft Confidential
Hashgen
By default the BranchCache cache is under C:\Windows\ServiceProfiles\NetworkService\AppData\Local\PeerDistRepub.