networking for hybrid cloud: branchcache and cross-premises connectivity bala rajagopalan group...
TRANSCRIPT
Networking for Hybrid Cloud: BranchCache and Cross-Premises ConnectivityBala RajagopalanGroup Program ManagerMicrosoft Corporation
Rob KuehfusProgram ManagerMicrosoft Corporation
WSV333
Problem
10101010110101001101010010101010101
10101011010100110101001010101010101011100101010101
11011011010100110101001010101010101011100101010101
010101010111101010001001010101010111001010
01010101011110101000100100101010101010111
10101010110101001101010010101010101
Access and Optimization
Headquarters
URA
Hosted Cache
URA
Branch Office
Cloud
URA
Agenda
Cross-Premises ConnectivityEnabling communication between offices and with the cloud
Acceleration with BranchCacheGetting the most out of your WAN links with a cache in the office
Cross-Premises Connectivity
Bala Rajagopalan
Enabling communication between offices and the cloud
10.1.3.0/24
10.1.2.0/
24
LANS2S
Contoso Corp. HQ (10.0.0.0/16)
Contoso Branch Office (10.1.0.0/16)
10.1.3.0/24
10.1.2.0/24
Hosters network in cloud
Scenarios
DirectAccess
Cross-Premises Connectivity – Requirements
Customer perspectiveEasy to deploy, configure and useSecurity Makes network migration easy
(Additional) Hoster perspectiveAAAAvailability and scaleInteroperabilityCustomer (tenant) isolation
Connectivity to the hybrid cloud:
InternetDirectAccess & VPN: Connecting remote clients to the hybrid cloud for - Managed - Unmanaged
Cross premise connectivity: Connecting private and public clouds
Remote access: Connectivity using dedicated infrastructure
Site to Site connectivity using dedicated infrastructure
Current State
Remote Access
Site to SiteUnified Remote AccessEnd to End Security W/IPsec (Optional)
HQ
Branch
Unified State
URA
URA
Hoster/
Private Cloud/
URA Highlights
Interoperability via IKEv2 and IPSec Support for EAP, PSK, and m/c cert
Easy deployment and configuration via PowerShell and UIDynamic distribution of routes (RIPv2)IPv6-ready (Direct or Tunneled over IPv4)Auto-detection of remote endpoint reachabilityLoad-balancing and alternate path routingEncryption off-load capabilityVM-based deploymentOn-demand connection establishment
Easy to Deploy & Configure
PowerShell
Easy configuration wizard
PS> Add-VpnS2SInterface interfacename destinationip -protocol IKEv2 - Authenticationmethod PSK –SharedSecret “abc” –IPv4Subnet 10.1.1.0/24:10
Benefits
Quickly extend / migrate enterprise networks to cloud, and readily avail infrastructure servicesMinimal changes to network infrastructureSingle server to manage all remote access needs
Service customers with overlapping address spacesProvide high uptime and scalability to customersProtect investment -IPv6 ReadyProvide Remote Access service to customers
IT Pro Hoster
Cross-Premises Demo Scenario
LANS2S
Cloud-Edge
Corp-Edge
DC1
App1
Client1
2-App1
Demo
Rob KuehfusProgram ManagerWireless and Networking Services
Setting up Cross-Prem Connectivity
More on Cross-Premises Connectivity …
WSV301: Building Hosted Public and Private Clouds Using Windows Server 2012
Cross-premises replication and disaster recovery using Hyper-V Replica, Hyper-v Network Virtualization and Remote Access
Branch Cache
Rob Kuehfus
Optimizing Cross-Premises Communication
10111011101
BranchCache
10
11
00
10
01
01
10
10
01
10
01
00
10
11
01
0
10
11
00
01
00
11
10
01
10
10
10
11
01
10
11
00
10
01
01
10
10
10
11
10
01
00
11
0
10
11
10
00
01
00
11
10
11
00
10
01
0
10
11
10
10
01
00
01
01
10
1
10
11
00
10
01
01
10
11
10
0
1011100010011010
1011001001011010
101100100101101011010101
10110001001110011010
1011001001011010
101110010011011010
10111000010011
1011001001011010
1011101001011010
1011001001011010101101101101
10
11
10
10
11
01
00
10
01
10
10
10
11
00
10
01
01
10
10
10
11
01
10
1110
1110
1
10
0111
0111
1
101110101111101
10
1110
1011
1110
1
101110101111101
Get
BranchCache Hosted Cache
Put
Get
Data
Search
Get
Searc
h
Request
OfferID
ID
ID Data
Data
ID
Get
IDID DataID
Get
Get
Get
BranchCache Distributed Cache
GetData
DataID DataID
What’s new in Windows 8
Performance ScaleManagement
• Greater performance gains and bandwidth savings with state-of-the-art content chunking
• Deeply integrated with the Windows File Server
Smaller Chunks Improve Performance
Content
FingerprintUsed to choose boundaries
BlocksMax 128K
IdentifiersBlock Hashes
ID1 ID2 ID3 ID4ID5
ID6 ID7 ID8 ID9
Performance ScaleManagement
• No need for branch-by-branch configuration.
• New tools for configuring BranchCache and preloading cache data
Deploy BranchCache with One GPO
Clients use Service Connection Points (SCPs) to discover and connect to hosted cache servers.
Hosted cache servers can automatically create SCPs.
No site-by-site configuration needed.
SCP
SCP
Data is Always Encrypted
BranchCache cache is encrypted by default.
Certificate no longer required on hosted cache server
Actually a performance improvement!
Preload Data for Speedy First Access
IIS
File Server
Warm Hosted Cache
Hosted Cache
New tools let you prehash data on both file and web servers, and
create data packages.
Data Packages
Data Packages can be imported on hosted cache servers and clients
Data can be exported from “warm” hosted cache servers
Manage Remotely with WMI and PowerShell
Performance ScaleManagement
• Use BranchCache in offices of any size.
• Optimize your network at headquarters for employees connecting to the cloud
Cache More Data and Serve More Clients
Hosted cache server can store much more data, increasing bandwidth savings.
More efficient architecture based on the Extensible Storage Engine enables a single hosted cache to serve more clients.
Multi-TB cache can be spread across disks.
ESE
High Availability and Unlimited Scale
Clients can be configured to use multiple hosted cache servers in one branch.
Existing logic enables retrieval from multiple servers. Uploads done only once.
Improves scale and availability without the complexity of clustering.
Demo
Rob KuehfusProgram ManagerWireless and Networking Services
BranchCache Deployment and Acceleration
BranchCache
BranchCache Platform and Ecosystem
The Windows BranchCache Framework
IE
HTTP
BranchCache™ Platform
SMB 2
Explorer 3rd Party
Protocols
3rd Party Applications
CopyFile
Office WMP
IntuneBITS
SCCM WSUS
Visit BranchCache Partners at TechEd
BranchCache on NetAppEnhancing your Windows file experience
NetApp offers best-in-class solutions for Windows File ServicesLeading Storage Vendor, 10,000’s of joint customers, latest SMB versions
BranchCache — NetApp as a Content ServerIncrease productivity for Windows users in remote officesSaves bandwidth and administration costsProvides significant performance improvements over the WAN
Support for BranchCache V2 with Windows 8/Server 2012Enhances ease-of-use, brings substantial performance improvements
NetApp is a Platinum Sponsor here at TechEd – visit their booth!
Users at Branch Office(Distributed or Hosted Modes)
NetApp in the Data Center
customer
Rand MorimotoPresidentConvergent Computing
“Our remote office users with less than favorable bandwidth connectivity have really benefited from BranchCache. Took our IT guys moments to enable, and have provided huge improvements in time savings and employee productivity, silly for us to not have enabled it sooner!”
Related Content
WSV301: Building Hosted Public and Private Clouds Using Windows Server 2012
SIA, WSV, and VIR Track Resources
Talk to our Experts at the TLC
#TE(sessioncode)
DOWNLOAD Windows Server 2012 Release Candidate
microsoft.com/windowsserverHands-On Labs
DOWNLOAD Windows Azure
Windowsazure.com/teched
Resources
Connect. Share. Discuss.
http://northamerica.msteched.com
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Resources for Developers
http://microsoft.com/msdn
Complete an evaluation on CommNet and enter to win!
Please Complete an Evaluation Your feedback is important!
Multipleways to Evaluate Sessions
Scan the Tagto evaluate thissession now on myTechEd Mobile
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.
Backup
Deployment
IIS
File Server Group PolicyManagement BitLocker Certificate
GPOGPO
Security
BranchCache accelerates e2e encrypted traffic (TLS/HTTPS, IPsec)
Cached data encrypted on disk and in transit between clients
Prevents unauthorized access to cached data
BranchCache Security Model
Server authenticates the client and performs authorization checks.
Server transmits content information structure to the client only if the client has access. Transfer happens over the accelerated protocol.
Client uses content information structure to calculate:
-segment id (public)-encryption key (private)
Client multicasts the segment id to find a peer with the data.
Client downloads encrypted blocks from a peer or the hosted cache and decrypts them with the encryption key.
Cached data is stored in encrypted.
Hosted Cache vs Distributed Cache
Recommended for branches without any infrastructure
Easy to deploy: Enabled on clients through Group Policy
Cache availability decreases with laptops that go offline
Distributed CacheData cached amongst clients
Recommended for larger branches
Cache stored centrally: can use existing server in the branch
Cache availability is high
Enables branch-wide caching
Hosted Cache Data cached at hosted cache server
Enterprise