Presentation is loading. Please wait.

Presentation is loading. Please wait.

Speeding up the Branch Office

Published byRowan Riggles Modified over 10 years ago

Similar presentations

Presentation on theme: "Speeding up the Branch Office"— Presentation transcript:

1 Speeding up the Branch Office
BranchCache Speeding up the Branch Office Chad Duffey Premier Field Engineer Microsoft Certified Master – Active Directory December 15th 2011

2 Agenda BranchCache 101 A little Deeper FAQ’s

3 Branch Cache Fundamentals

4 Branch Office Network Performance
Microsoft Confiential: Preliminary Information: NDA Only Branch Office Network Performance Windows 7 & Server 2008 R2 Solution Normal Branch Office BranchCache™ Application and data access over WAN is slow in branch offices Slow connections hurt user productivity Improving network performance is expensive and difficult to implement Caches content downloaded from file and Web servers Users in the branch can quickly open files stored in the cache Frees up network bandwidth for other uses

5 BranchCache: Two Approaches
Microsoft Confiential: Preliminary Information: NDA Only BranchCache: Two Approaches Enterprise Distributed Mode Hosted Mode Recommended for branches without a branch server Easy to deploy: Enabled on clients through Group Policy Cache availability decreases with laptops that go offline Cache stored centrally: existing server in the branch Cache availability is high Enables branch-wide caching Increased reliability

6 Deployment Summary Branch Office Main Office
Use Group Policy to enable Windows BranchCache on Windows 7 clients Branch Office Branch Office Install the optional “Windows BranchCache” component on a Windows 2008 R2 web or file server Hosted Cache Branch Office IIS File Server Optionally, install a hosted cache in your branch. Configure clients to use it with Group Policy Group Policy Management Main Office

7 How it works: BranchCache Distributed Cache
Main Office Data Data ID ID Get Get Get Get Data Branch Office

8 How it works: BranchCache Hosted Cache
Main Office Get Data Data ID ID Get Get ID Get Search Search ID Data Advertize ID Request Branch Office ID Data Put

9 Demonstration of Branch Cache

10 BranchCache Framework
3rd Party Applications IE HTTP (WebIO/http.sys) BranchCache WMP SMB(CSC/SRV) SharePoint Explorer Office BITS Office CopyFile

11 BranchCache Deployment
Distributed Cache Implementation HQ: Content Server (Windows Server 2008 R2 required) Branch: Client (Windows 7 required) Hosted Cache Implementation Branch: Hosted Cache (Windows Server 2008 R2 required)

12 Deployment - Content Server
HTTP server (IIS) - Install the BranchCache feature from Server Manager SMB server (File server) – Install the BranchCache role service feature within the file server role using Server Manager That’s it… Optional: Hasgen.exe

13 Deployment - Client Identify the “branch” Choose how to deploy
An Active Directory Site An IP address range A collection of specific client computers Choose how to deploy Group Policy netsh Deploy to clients Group policy: Use built-in ADMX files netsh: Run netsh branchcache set service distributed on all relevant clients

14 Deployment – Hosted Cache
Setup the Hosted Cache Install the BranchCache feature on an R2 server Install a server-auth certificate for use with SSL Run netsh branchcache set service hostedserver on the hosted cache Identify Branch Choose how to deploy Deploy to clients Group policy: Use built-in ADMX files netsh: Run netsh branchcache set service hostedclient location=<> on all clients

15 Demonstration of Configuration

16 Additional Configuration Options
With Group Policy and NetSH you can: Enable / disable Distributed Cache Enable / disable Hosted Cache Set the cache size Set the location of the Hosted Cache Clear the cache Create and replicate a shared key for use in a server cluster And more … Works in domains and workgroups

17 A little deeper…

18 Content identifiers Hashes Segment hashes, Block hashes
Returned by server Segment hashes, Block hashes 2000:1 compression ratio B1 B2 Bn B1 B2 Bn B1 B2 Bn Blocks Unit of download Segments Unit of discovery S1 S2 S3 Content

19 How is SSL optimized? IE IIS HTTP HTTP SSL SSL Sockets Sockets
Data in clear Data in clear BranchCache BranchCache HTTP HTTP Data in clear Data in clear SSL SSL Data encrypted Data encrypted Sockets Sockets

20 Security Client Server Encryption key Segment discovery key
Hash(SK, “KeKeKe”) Segment discovery key Hash(SK, SH+”HoHoDk”) Private Segment key (SK) Hash(SH, Ks) Segment hash (SH) Hash (Blockhashes) Server secret key Ks Block hashes Hash(block) B1 B2 Bn Blocks Server

21 Flow – a Security View Client requests data from the server, and indicates BranchCache capability Server authorizes the client Server retrieves metadata (block hashes, segment hashes, private segment key) for the data Server sends metadata on same channel as data Client computes a segment discovery key Broadcasts on the local network

22 Security of Data at Rest
Clients Cache only contains content requested by the client Data in cache ACL’d so that it is only accessible if authorized by the server If data leakage is a concern, then use BitLocker or EFS Hosted Cache Cache contains content requested by all branch clients Use BitLocker or EFS to encrypt cache as necessary All data can be purged from the cache using netsh

23 BranchCache Benefits End User Benefits Improve application responsiveness and reduce file transfer wait time Combined with other SMB offerings enhance the user experience on remote shares Optimize network utilization: Recommended for HTTP and HTTPS-based intranet traffic Performs well for SMB (and signed SMB) shares on the read path Support network security protocols (SSL, Ipsec) Reduce the cost of managing WAN IT Pro Benefits

24 Common Questions Q: When will this be made available for Vista or XP?
A: It won’t. BranchCache in only supported with Windows 7 Enterprise, Ultimate & Windows 2008 R2 editions. Q: What size content is cached? A: 64 KB and greater. Q: Is there a peer discovery timeout? A: 300 ms Q: What kind of encryption is used? A: Custom scheme based on AES128. Q: Does knowledge of the hash ID grant access? A: No. Access must still be granted by the file server.

25 Common Questions Continued…
Q: Will BranchCache work during WAN outages? A: No. Clients must be able to contact the content server to get content identifiers. Q: Can I pre-populate cached files? A: Yes. Consider using scheduled task , PowerShell Remoting or some other technique. For WSUS & SCCM, consider targeting one client in each remote office before the others. Q: How does Branch Cache avoid discovery storms? A: Responses to search requests are staggered. If a client detects that many others on the subnet already have a piece of content, it won’t bother caching it too. Q: How long does data stay in cache? A: Until NetSH is used to flush the cache or until the cache is full and starts to roll. Q: Is BranchCache supported on Server Core? A: Absolutely.

26 4/11/2017 3:20 PM © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Hashgen You can find the location with “netsh branchcache show status all” Hashgen can pre-populate a dir with hashes By default the BranchCache cache is under C:\Windows\ServiceProfiles\NetworkService \AppData\Local\PeerDistRepub.

Download ppt "Speeding up the Branch Office"

Similar presentations

P2P in Windows 7. P2P Capabilities in Windows 7 Distributed Routing Table Distributed Routing Table – A new public API suitable for building Distributed.

P2P in Windows 7. P2P Capabilities in Windows 7 Distributed Routing Table Distributed Routing Table – A new public API suitable for building Distributed.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
The following 10 questions test your knowledge of Internet-based client management in Configuration Manager 2007. Configuration Manager 2007 Internet-Based.

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.
Windows 8 (1) (2) (3) Windows 8 (1) (2) (3)

Windows 8 (1) (2) (3) Windows 8 (1) (2) (3)
Feature: Identity Management - Login © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

Feature: Identity Management - Login © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Tech·Ed North America /6/ :34 AM

Tech·Ed North America /6/ :34 AM
Charles Hottelet Improvements and best practices Deployment options.

Charles Hottelet Improvements and best practices Deployment options.
1. 3 Domains setup 4 Hybrid deployment Exchange Online Protection Office 365 public website User management Domains setup.

1. 3 Domains setup 4 Hybrid deployment Exchange Online Protection Office 365 public website User management Domains setup.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
1. 2 Branch Office Network Performance Caches content downloaded from file and Web servers Users in the branch can quickly open files stored in the cache.

1. 2 Branch Office Network Performance Caches content downloaded from file and Web servers Users in the branch can quickly open files stored in the cache.
Feature: Purchase Requisitions - Requester © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Feature: Purchase Requisitions - Requester © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Joey Snow Technical Evangelist Microsoft Corporation.

Joey Snow Technical Evangelist Microsoft Corporation.
Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation

Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation
At their deskAt their desk In a branchIn a branch On the roadOn the road Protect data & PCsProtect data & PCs Built on Windows Vista foundation Easy.

At their deskAt their desk In a branchIn a branch On the roadOn the road Protect data & PCsProtect data & PCs Built on Windows Vista foundation Easy.
Michael Kleef Technology Advisor | Microsoft Australia

Michael Kleef Technology Advisor | Microsoft Australia

Similar presentations

Ads by Google