1 / 45

Optimizing the Branch Infrastructure with BranchCache

Session Objectives and Takeaways. Identify the problem BranchCache? solvesDemonstrate how BranchCache? worksExplain how to deploy BranchCache?. Agenda . Problem BackgroundBranchCache Solution ModesProtocols and WorkloadsDeployment and ManagementDeep DivesContent IdentificationIntegration Ar

agostino
Download Presentation

Optimizing the Branch Infrastructure with BranchCache

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Jeff Alexander IT Pro Evangelist Microsoft Australia http://blogs.technet.com/jeffa36 Optimizing the Branch Infrastructure with BranchCache™

    3. Session Objectives and Takeaways Identify the problem BranchCache™ solves Demonstrate how BranchCache™ works Explain how to deploy BranchCache™

    4. Agenda Problem Background BranchCache Solution Modes Protocols and Workloads Deployment and Management Deep Dives Content Identification Integration Architecture Security End to End Flow

    5. Problem Background

    6. Branch – The problem space

    7. Problem Background High link utilization Poor application responsiveness Trend towards data centralization

    8. BranchCache™ Solution Modes

    9. BranchCache™ Distributed Cache

    10. BranchCache™ Hosted Cache

    11. Hosted Cache vs Distributed Cache

    12. Protocols and Workloads

    13. BranchCache™ is a Platform

    14. Overall Framework

    15. Configuration Manager & WSUS Goals Reduce WAN utilization in the remote office scenario Reduce the number of actively managed Distribution Points For users, transfer content faster and with less restrictions in the remote office scenario Integration Distribution Points (DPs) run on Windows Server 2008 R2 Download packages (apps, updates etc) once into a branch office, get it from other clients or the Hosted Cache after that Goals Reduce WAN utilization in the remote office scenario Reduce the number of actively managed Distribution Points For users, transfer content faster and with less restrictions in the remote office scenario Integration Distribution Points (DPs) run on Windows Server 2008 R2 Download packages (apps, updates etc) once into a branch office, get it from other clients or the Hosted Cache after that

    16. Application Virtualization (AppV) Goals Make users productive quickly in branch offices Save on the need for deploying IT infrastructure in branch offices Reduce bandwidth utilization over the WAN link to save costs Integration HTTP Streaming in AppV optimized using BranchCache Virtual applications only have to traverse the WAN link once Eliminate IIS Servers (AppV staging servers) from the branch office Goals Make users productive quickly in branch offices Save on the need for deploying IT infrastructure in branch offices Reduce bandwidth utilization over the WAN link to save costs Integration HTTP Streaming in AppV optimized using BranchCache Virtual applications only have to traverse the WAN link once Eliminate IIS Servers (AppV staging servers) from the branch office

    17. SharePoint & IIS Goals Improve SharePoint, IIS responsiveness in branch offices without requiring separate branch infrastructure Enable Office Web Applications to see improved performance in branch offices Integration IIS and SharePoint need to run on Windows Server 2008 R2 Users never get stale content; if content is updated, the content identifiers change Goals Improve SharePoint, IIS responsiveness in branch offices without requiring separate branch infrastructure Enable Office Web Applications to see improved performance in branch offices Integration IIS and SharePoint need to run on Windows Server 2008 R2 Users never get stale content; if content is updated, the content identifiers change

    18. File Servers Goals Improve the SMB protocol to reduce chattiness over the WAN link, and be aware of common application behaviors Reduce bandwidth utilization over the WAN link, and improve performance of applications (Robocopy, Office etc) in branch offices Integration SMB 2.1 introduces “Leasing and OpLocks” – mechanisms to improve protocol behavior over the WAN link BranchCache integration ensures that data needs to move over the WAN link only once SMB Transparent Caching enables better road-warrior scenarios Offline Files enables file access even when WAN link is down All application semantics around locking are automatically maintained Goals Improve the SMB protocol to reduce chattiness over the WAN link, and be aware of common application behaviors Reduce bandwidth utilization over the WAN link, and improve performance of applications (Robocopy, Office etc) in branch offices Integration SMB 2.1 introduces “Leasing and OpLocks” – mechanisms to improve protocol behavior over the WAN link BranchCache integration ensures that data needs to move over the WAN link only once SMB Transparent Caching enables better road-warrior scenarios Offline Files enables file access even when WAN link is down All application semantics around locking are automatically maintained

    19. DirectAccess , SSL, IPsec, SMB Signing

    20. Deployment and Management

    21. Deployment Overview

    22. Deployment - Content Server

    23. BranchCache Deployment Distributed Cache Implementation HQ: Content Server (Windows Server 2008 R2 required) Branch: Client (Windows 7 required) Hosted Cache Implementation HQ: Content Server (Windows Server 2008 R2 required) Branch: Hosted Cache (Windows Server 2008 R2 required) Branch: Client (Windows 7 required) Distributed Cache Implementation HQ: Content Server (Windows Server 2008 R2 required) Branch: Client (Windows 7 required) Hosted Cache Implementation HQ: Content Server (Windows Server 2008 R2 required) Branch: Hosted Cache (Windows Server 2008 R2 required) Branch: Client (Windows 7 required)

    24. Distributed Cache Mode Deployment Identify the “branch” An Active Directory Site An IP address range A collection of specific client computers Choose how to deploy Group Policy netsh Deploy to clients Group policy: Use built-in ADMX files netsh: Run netsh branchcache set service distributed on all relevant clients Identify the “branch” An Active Directory Site An IP address range A collection of specific client computers Choose how to deploy Group Policy netsh Deploy to clients Group policy: Use built-in ADMX files netsh: Run netsh branchcache set service distributed on all relevant clients

    25. Hosted Cache Mode Deployment Setup the Hosted Cache Install the BranchCache feature on an R2 server Install a server-auth certificate for use with SSL Run netsh branchcache set service hosted server on the hosted cache Deploy to clients Group policy: Use built-in ADMX files netsh: Run netsh branchcache set service hostedclient location=<> on all clients Setup the Hosted Cache Install the BranchCache feature on an R2 server Install a server-auth certificate for use with SSL Run netsh branchcache set service hosted server on the hosted cache Deploy to clients Group policy: Use built-in ADMX files netsh: Run netsh branchcache set service hostedclient location=<> on all clients

    26. Setting up a File Server Coming As Part Of Windows Server 2008 R2 Service Pack 1 (post-beta) Coming As Part Of Windows Server 2008 R2 Service Pack 1 (post-beta)

    27. Monitoring netsh for querying the infrastructure for potential problems Cache size too small, firewall issues, certificate problems etc netsh for querying the infrastructure for potential problems Cache size too small, firewall issues, certificate problems etc

    28. Additional Configuration Options With group policy and NetSH you can: Enable / disable Distributed Cache Enable / disable Hosted Cache Set the cache size Set the location of the Hosted Cache Clear the cache Create and replicate a shared key for use in a server cluster And more … With group policy and NetSH you can: Enable / disable Distributed Cache Enable / disable Hosted Cache Set the cache size Set the location of the Hosted Cache Clear the cache Create and replicate a shared key for use in a server cluster And more …

    29. Group Policy and NetSh BranchCache™ in Action! Coming As Part Of Windows Server 2008 R2 Service Pack 1 (post-beta) Coming As Part Of Windows Server 2008 R2 Service Pack 1 (post-beta)

    30. Deep Dives

    31. Content Identifiers A segment is a 32MB chunk of data. Blocks – 64K in size SHA256 hashes are calculated over those blocks which gives you the 2000X data reduction A segment is a 32MB chunk of data. Blocks – 64K in size SHA256 hashes are calculated over those blocks which gives you the 2000X data reduction

    32. HTTP/HTTPS Integration

    33. SMB/SMB Signing Integration

    34. Security Overview

    35. Security

    36. Flow – a Security View Client requests data from the server, and indicates BranchCache capability Server authorizes the client Server retrieves content identifiers (block hashes, segment hashes, segment secrets) for the data Server sends content identifiers on same channel as data Client computes a segment ID Broadcasts on the local network Client requests data from the server, and indicates BranchCache capability Server authorizes the client Server retrieves content identifiers (block hashes, segment hashes, segment secrets) for the data Server sends content identifiers on same channel as data Client computes a segment ID Broadcasts on the local network

    37. Flow, Continued Serving clients receive the broadcast Decrypt the segment hash from the segment discovery key Respond with data availability Client requests blocks from the serving client Serving client computes encryption key from the segment secret Serving client encrypts each block with the encryption key Client receives the data Decrypts the data Validates block data against the block hash If valid, returns to application Serving clients receive the broadcast Decrypt the segment hash from the segment discovery key Respond with data availability Client requests blocks from the serving client Serving client computes encryption key from the segment secret Serving client encrypts each block with the encryption key Client receives the data Decrypts the data Validates block data against the block hash If valid, returns to application

    38. Security of Data at Rest Clients Cache only contains content requested by the client Data in cache ACL’d so that it is only accessible if authorized by the server If data leakage is a concern, then use BitLocker or EFS Hosted Cache Cache contains content requested by all branch clients Use BitLocker or EFS to encrypt cache as necessary Clients Cache only contains content requested by the client Data in cache ACL’d so that it is only accessible if authorized by the server If data leakage is a concern, then use BitLocker or EFS Hosted Cache Cache contains content requested by all branch clients Use BitLocker or EFS to encrypt cache as necessary

    39. Results from Microsoft IT Pilot

    40. WAN Optimization Appliance Partners

    41. To Summarize sucand can be easily managed using existing systems management technology such as group policy h as when using HTTPS, IPsec, SMB signing and at the same time ensures authorization of users by the server at the central office. sucand can be easily managed using existing systems management technology such as group policy h as when using HTTPS, IPsec, SMB signing and at the same time ensures authorization of users by the server at the central office.

    42. BranchCache Resources Content Identification (PCCRC) Discovery (PCCRD) Retrieval (PCCRR) Hosted Cache Offer (PCHC) HTTP extensions for BranchCache (PCCRTP) SMB extensions for BranchCache (SMB2.1) Protocol parsers BranchCache Executive Overview BranchCache Technical Overview BranchCache Security Guide BranchCache Deployment Guide Sporton International Convergent Computing Content Identification (PCCRC) Discovery (PCCRD) Retrieval (PCCRR) Hosted Cache Offer (PCHC) HTTP extensions for BranchCache (PCCRTP) SMB extensions for BranchCache (SMB2.1) Protocol parsers BranchCache Executive Overview BranchCache Technical Overview BranchCache Security Guide BranchCache Deployment Guide Sporton International Convergent Computing

    43. Related Content SVR303: DirectAccess Configuration, Tips, Tricks and Best Practices

    44. Question & Answer Session

    46. Resources

More Related