450 likes | 920 Views
Session Objectives and Takeaways. Identify the problem BranchCache? solvesDemonstrate how BranchCache? worksExplain how to deploy BranchCache?. Agenda . Problem BackgroundBranchCache Solution ModesProtocols and WorkloadsDeployment and ManagementDeep DivesContent IdentificationIntegration Ar
E N D
1. Jeff Alexander
IT Pro Evangelist
Microsoft Australia
http://blogs.technet.com/jeffa36 Optimizing the Branch Infrastructure with BranchCache™
3. Session Objectives and Takeaways
Identify the problem BranchCache™ solves
Demonstrate how BranchCache™ works
Explain how to deploy BranchCache™
4. Agenda Problem Background
BranchCache Solution Modes
Protocols and Workloads
Deployment and Management
Deep Dives
Content Identification
Integration Architecture
Security
End to End Flow
5. Problem Background
6. Branch – The problem space
7. Problem Background High link utilization
Poor application responsiveness
Trend towards data centralization
8. BranchCache™ Solution Modes
9. BranchCache™ Distributed Cache
10. BranchCache™ Hosted Cache
11. Hosted Cache vs Distributed Cache
12. Protocols and Workloads
13. BranchCache™ is a Platform
14. Overall Framework
15. Configuration Manager & WSUS Goals
Reduce WAN utilization in the remote office scenario
Reduce the number of actively managed Distribution Points
For users, transfer content faster and with less restrictions in the remote office scenario
Integration
Distribution Points (DPs) run on Windows Server 2008 R2
Download packages (apps, updates etc) once into a branch office, get it from other clients or the Hosted Cache after that
Goals
Reduce WAN utilization in the remote office scenario
Reduce the number of actively managed Distribution Points
For users, transfer content faster and with less restrictions in the remote office scenario
Integration
Distribution Points (DPs) run on Windows Server 2008 R2
Download packages (apps, updates etc) once into a branch office, get it from other clients or the Hosted Cache after that
16. Application Virtualization (AppV) Goals
Make users productive quickly in branch offices
Save on the need for deploying IT infrastructure in branch offices
Reduce bandwidth utilization over the WAN link to save costs
Integration
HTTP Streaming in AppV optimized using BranchCache
Virtual applications only have to traverse the WAN link once
Eliminate IIS Servers (AppV staging servers) from the branch office
Goals
Make users productive quickly in branch offices
Save on the need for deploying IT infrastructure in branch offices
Reduce bandwidth utilization over the WAN link to save costs
Integration
HTTP Streaming in AppV optimized using BranchCache
Virtual applications only have to traverse the WAN link once
Eliminate IIS Servers (AppV staging servers) from the branch office
17. SharePoint & IIS Goals
Improve SharePoint, IIS responsiveness in branch offices without requiring separate branch infrastructure
Enable Office Web Applications to see improved performance in branch offices
Integration
IIS and SharePoint need to run on Windows Server 2008 R2
Users never get stale content; if content is updated, the content identifiers change
Goals
Improve SharePoint, IIS responsiveness in branch offices without requiring separate branch infrastructure
Enable Office Web Applications to see improved performance in branch offices
Integration
IIS and SharePoint need to run on Windows Server 2008 R2
Users never get stale content; if content is updated, the content identifiers change
18. File Servers Goals
Improve the SMB protocol to reduce chattiness over the WAN link, and be aware of common application behaviors
Reduce bandwidth utilization over the WAN link, and improve performance of applications (Robocopy, Office etc) in branch offices
Integration
SMB 2.1 introduces “Leasing and OpLocks” – mechanisms to improve protocol behavior over the WAN link
BranchCache integration ensures that data needs to move over the WAN link only once
SMB Transparent Caching enables better road-warrior scenarios
Offline Files enables file access even when WAN link is down
All application semantics around locking are automatically maintained
Goals
Improve the SMB protocol to reduce chattiness over the WAN link, and be aware of common application behaviors
Reduce bandwidth utilization over the WAN link, and improve performance of applications (Robocopy, Office etc) in branch offices
Integration
SMB 2.1 introduces “Leasing and OpLocks” – mechanisms to improve protocol behavior over the WAN link
BranchCache integration ensures that data needs to move over the WAN link only once
SMB Transparent Caching enables better road-warrior scenarios
Offline Files enables file access even when WAN link is down
All application semantics around locking are automatically maintained
19. DirectAccess , SSL, IPsec, SMB Signing
20. Deployment and Management
21. Deployment Overview
22. Deployment - Content Server
23. BranchCache Deployment Distributed Cache Implementation
HQ: Content Server (Windows Server 2008 R2 required)
Branch: Client (Windows 7 required)
Hosted Cache Implementation
HQ: Content Server (Windows Server 2008 R2 required)
Branch: Hosted Cache (Windows Server 2008 R2 required)
Branch: Client (Windows 7 required)
Distributed Cache Implementation
HQ: Content Server (Windows Server 2008 R2 required)
Branch: Client (Windows 7 required)
Hosted Cache Implementation
HQ: Content Server (Windows Server 2008 R2 required)
Branch: Hosted Cache (Windows Server 2008 R2 required)
Branch: Client (Windows 7 required)
24. Distributed Cache Mode Deployment Identify the “branch”
An Active Directory Site
An IP address range
A collection of specific client computers
Choose how to deploy
Group Policy
netsh
Deploy to clients
Group policy: Use built-in ADMX files
netsh: Run netsh branchcache set service distributed on all relevant clients
Identify the “branch”
An Active Directory Site
An IP address range
A collection of specific client computers
Choose how to deploy
Group Policy
netsh
Deploy to clients
Group policy: Use built-in ADMX files
netsh: Run netsh branchcache set service distributed on all relevant clients
25. Hosted Cache Mode Deployment Setup the Hosted Cache
Install the BranchCache feature on an R2 server
Install a server-auth certificate for use with SSL
Run netsh branchcache set service hosted server on the hosted cache
Deploy to clients
Group policy: Use built-in ADMX files
netsh: Run netsh branchcache set service hostedclient location=<> on all clients
Setup the Hosted Cache
Install the BranchCache feature on an R2 server
Install a server-auth certificate for use with SSL
Run netsh branchcache set service hosted server on the hosted cache
Deploy to clients
Group policy: Use built-in ADMX files
netsh: Run netsh branchcache set service hostedclient location=<> on all clients
26. Setting up a File Server Coming As Part Of Windows Server 2008 R2 Service Pack 1 (post-beta)
Coming As Part Of Windows Server 2008 R2 Service Pack 1 (post-beta)
27. Monitoring netsh for querying the infrastructure for potential problems
Cache size too small, firewall issues, certificate problems etc
netsh for querying the infrastructure for potential problems
Cache size too small, firewall issues, certificate problems etc
28. Additional Configuration Options With group policy and NetSH you can:
Enable / disable Distributed Cache
Enable / disable Hosted Cache
Set the cache size
Set the location of the Hosted Cache
Clear the cache
Create and replicate a shared key for use in a server cluster
And more …
With group policy and NetSH you can:
Enable / disable Distributed Cache
Enable / disable Hosted Cache
Set the cache size
Set the location of the Hosted Cache
Clear the cache
Create and replicate a shared key for use in a server cluster
And more …
29. Group Policy and NetShBranchCache™ in Action! Coming As Part Of Windows Server 2008 R2 Service Pack 1 (post-beta)
Coming As Part Of Windows Server 2008 R2 Service Pack 1 (post-beta)
30. Deep Dives
31. Content Identifiers A segment is a 32MB chunk of data.
Blocks – 64K in size
SHA256 hashes are calculated over those blocks which gives you the 2000X data reduction
A segment is a 32MB chunk of data.
Blocks – 64K in size
SHA256 hashes are calculated over those blocks which gives you the 2000X data reduction
32. HTTP/HTTPS Integration
33. SMB/SMB Signing Integration
34. Security Overview
35. Security
36. Flow – a Security View Client requests data from the server, and indicates BranchCache capability
Server authorizes the client
Server retrieves content identifiers (block hashes, segment hashes, segment secrets) for the data
Server sends content identifiers on same channel as data
Client computes a segment ID
Broadcasts on the local network
Client requests data from the server, and indicates BranchCache capability
Server authorizes the client
Server retrieves content identifiers (block hashes, segment hashes, segment secrets) for the data
Server sends content identifiers on same channel as data
Client computes a segment ID
Broadcasts on the local network
37. Flow, Continued Serving clients receive the broadcast
Decrypt the segment hash from the segment discovery key
Respond with data availability
Client requests blocks from the serving client
Serving client computes encryption key from the segment secret
Serving client encrypts each block with the encryption key
Client receives the data
Decrypts the data
Validates block data against the block hash
If valid, returns to application
Serving clients receive the broadcast
Decrypt the segment hash from the segment discovery key
Respond with data availability
Client requests blocks from the serving client
Serving client computes encryption key from the segment secret
Serving client encrypts each block with the encryption key
Client receives the data
Decrypts the data
Validates block data against the block hash
If valid, returns to application
38. Security of Data at Rest Clients
Cache only contains content requested by the client
Data in cache ACL’d so that it is only accessible if authorized by the server
If data leakage is a concern, then use BitLocker or EFS
Hosted Cache
Cache contains content requested by all branch clients
Use BitLocker or EFS to encrypt cache as necessary
Clients
Cache only contains content requested by the client
Data in cache ACL’d so that it is only accessible if authorized by the server
If data leakage is a concern, then use BitLocker or EFS
Hosted Cache
Cache contains content requested by all branch clients
Use BitLocker or EFS to encrypt cache as necessary
39. Results from Microsoft IT Pilot
40. WAN Optimization Appliance Partners
41. To Summarize sucand can be easily managed using existing systems management technology such as group policy
h as when using HTTPS, IPsec, SMB signing and at the same time ensures authorization of users by the server at the central office. sucand can be easily managed using existing systems management technology such as group policy
h as when using HTTPS, IPsec, SMB signing and at the same time ensures authorization of users by the server at the central office.
42. BranchCache Resources Content Identification (PCCRC)
Discovery (PCCRD)
Retrieval (PCCRR)
Hosted Cache Offer (PCHC)
HTTP extensions for BranchCache (PCCRTP)
SMB extensions for BranchCache (SMB2.1)
Protocol parsers
BranchCache Executive Overview
BranchCache Technical Overview
BranchCache Security Guide
BranchCache Deployment Guide
Sporton International
Convergent Computing
Content Identification (PCCRC)
Discovery (PCCRD)
Retrieval (PCCRR)
Hosted Cache Offer (PCHC)
HTTP extensions for BranchCache (PCCRTP)
SMB extensions for BranchCache (SMB2.1)
Protocol parsers
BranchCache Executive Overview
BranchCache Technical Overview
BranchCache Security Guide
BranchCache Deployment Guide
Sporton International
Convergent Computing
43. Related Content SVR303: DirectAccess Configuration, Tips, Tricks and Best Practices
44. Question & Answer Session
46. Resources