Slide1 l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 33

WSV303 : Deep Dive on Designing a BranchCache Infrastructure PowerPoint PPT Presentation


  • 265 Views
  • Uploaded on
  • Presentation posted in: General

WSV303 : Deep Dive on Designing a BranchCache Infrastructure . Tyler Barton Program Manager Manish Kalra Senior Product Manager Microsoft Corporation. Session Objectives and Takeaways. Identify the problems BranchCache solves Demonstrate how BranchCache works

Download Presentation

WSV303 : Deep Dive on Designing a BranchCache Infrastructure

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Wsv303 deep dive on designing a branchcache infrastructure l.jpg

WSV303: Deep Dive on Designing a BranchCache Infrastructure

Tyler Barton

Program Manager

Manish Kalra

Senior Product Manager

Microsoft Corporation


Session objectives and takeaways l.jpg

Session Objectives and Takeaways

  • Identify the problems BranchCache solves

  • Demonstrate how BranchCache works

  • Explain how to deploy BranchCache


Agenda l.jpg

Agenda

1.  Problem Background

2.  BranchCacheSolution Modes

3. Accelerated Protocols and Workloads

4.  Deployment and Management

5. BranchCache Protocols and Content Identification

6.  Security


Problem background l.jpg

Problem Background


Branch the problem space l.jpg

Branch – The problem space

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$


Problem background7 l.jpg

Problem Background

Thin, expensive WAN links between

main office and branch offices

  • High link utilization

  • Poor application responsiveness

  • Trend towards data centralization


Branchcache solution modes l.jpg

BranchCache Solution Modes


Branchcache distributed cache l.jpg

BranchCache Distributed Cache

Data

Main Office

Get

Get

ID

ID

Data

Data

Get

Get

Branch Office


Branchcache hosted cache l.jpg

BranchCache Hosted Cache

ID

Get

Main Office

Get

ID

ID

ID

ID

ID

Data

ID

Data

Data

Data

Search

Get

Offer

Search

Put

Get

Request

Branch Office


Protocols and workloads l.jpg

Protocols and Workloads


Branchcache is a platform l.jpg

BranchCache is a Platform

Content Server

Uses server side Peer Distribution APIs to get identifiers for data. IDs are packed in a Content Information structure

Content Information Structure

Transmitted over the accelerated protocol instead of data. Contains everything the client needs to find data locally.

Client

Feeds the Content Information structure into the client side Peer Distribution APIs to find and download content locally.


Framework l.jpg

Framework

3rd Party Applications

Office

CopyFile

Explorer

SharePoint

Office

BITS

WMP

IE

SMB

HTTP

BranchCache™


Peer distribution on msdn l.jpg

Peer Distribution on MSDN


Http https integration l.jpg

HTTP/HTTPS Integration

IE

IIS

Open

URL

Data

“Branch Cache Capable”

Data

Getdata

wininet

http.sys

Hashlist

Hashlist

Data

Data

Hashlist

BranchCache

BranchCache

Data

H3

H1

H2

H4

H5

Hashlist


Smb smb signing integration l.jpg

SMB/SMB Signing Integration

BranchCache

Data

Hashlist

SMB Hash Generation Service

Generate or update hash

Application

CSC Service

HashGen Utility

ReadFile

Request

Hashes

Prefetch

File

Generate or update hash

Savehashes

Data

Request

Hashes

Hashlist

Data

CSC Driver

SMB Client Driver

SMB Server

Driver

Access hashes

Hashlist

Data

CSCCache


Deployment and management l.jpg

Deployment and Management


Deployment overview l.jpg

Deployment Overview

Use Group Policy to enable Windows BranchCache on Windows 7 clients

Install the optional “Windows BranchCache” component on a Windows 2008 R2 web or file server

Branch Office

Branch Office

IIS

Group Policy

Management

File Server

Hosted Cache

Main Office

Branch Office

  • Optionally, install a hosted cache in your branch. Configure clients to use it with Group Policy


Hosted cache vs distributed cache l.jpg

Hosted Cache vs Distributed Cache

Enterprise

Hosted Cache Data cached at hosted cache server

Distributed Cache

Data cached amongst clients

  • Recommended for larger branches

  • Cache stored centrally: can use existing server in the branch

  • Cache availability is high

  • Enables branch-wide caching

  • Recommended for branches without any infrastructure

  • Easy to deploy: Enabled on clients through Group Policy

  • Cache availability decreases with laptops that go offline


Branchcache protocols and content identification l.jpg

BranchCache Protocols and Content Identification


Data bocks and segments l.jpg

Data, Bocks and Segments

Segment hashes, Block hashesup to ~2000x data reduction

Hashes

Returned by server

Blocks

Unit of download

B1

B2

Bn

B1

B2

Bn

B1

B2

Bn

Segments

Unit of discovery

S1

S2

S3

Content


Branchcache protocols l.jpg

PCCRD - Discovery

Based on WS-Discovery. Find data on computers in the same subnet

BranchCache Protocols

PCCRTP - HTTP

Extensions for retrieving Content Information over HTTP

PCCRD

PCCRTP

PCCRR

PCCRR - Retrieval

Used by a client to download blocks from a peer or the hosted cache. Also used by the hosted cache to download from a client

IIS

SMB 2.1

File Server

SMB 2.1

Extensions for retrieving Content Information over SMB

PCCRR

PCCRR

PCHC

PCHC – Hosted Cache Offer

Used by a client to alert the hosted cache when new blocks are available.


Security l.jpg

Security


Security overview l.jpg

Security Overview

Server transmits content information structure to the client only if the client has access. Transfer happens over the accelerated protocol.

Server authenticates the client and performs authorization checks

Client downloads encrypted blocks from a peer or the hosted cache and decrypts them with the encryption key,

Client uses content information structure to calculate:

-segment id (public)

-encryption key (private)

Cached data is stored in the clear, but can be protected with BitLocker or EFS

Client multicasts the segment id to find a peer with the data


Security computations l.jpg

Security Computations

Client

Segment Id

Hash(Kp, HoD + K)

Encryption key

Ke = Kp

Segment Secret

Kp = Hash(HoD, Ks)

Segment hash of data

HoD = Hash (Blockhashes)

Server secret key

Ks

Block hashes

Hash(block)

B1

B2

Bn

Blocks

Server


Non attacks l.jpg

Non-Attacks

  • Tamper with data

  • Eavesdrop on data transfers

  • Get unauthorized access to cached data

  • Predict the keys for a piece of content


How is ssl optimized l.jpg

How is SSL Optimized?

Client

Server

Branch Cache

Branch Cache

IIS

IE

Data in clear

Data in clear

HTTP

HTTP

Data in clear

Data in clear

SSL

SSL

Data encrypted

Data encrypted

Sockets

Sockets

Data encrypted

Data encrypted

IPsec

IPsec

Data encrypted


Branchcache in action l.jpg

BranchCache In Action

Tyler BartonProgram Manager

Microsoft Corporation

demo


Security of data at rest l.jpg

Security of Data at Rest

  • Clients

  • Cache only contains content requested by the client

  • Data in cache ACL’d so that it is only accessible if authorized by the server

  • If data leakage is a concern, then use BitLocker or EFS

  • Hosted Cache

  • Cache contains content requested by all branch clients

  • Use BitLocker or EFS to encrypt cache as necessary

All data can be purged from the cache using netsh


Customers say l.jpg

Customers say…

“We are improving the efficiency of our branch offices and saving bandwidth by using BranchCache in Windows Server 2008 R2 and Windows 7,” said Lukas Kucera, IT services manager of Lukoil CEEB, one of the largest integrated oil and gas companies in the world. “Some of our smaller facilities, such as the office in Slovakia and the storage terminal in Belgium, have just five to 10 users, so it’s not efficient to deploy a file server on-site, but it consumes bandwidth to have them continually accessing files from the main servers. BranchCache is the perfect solution.”

“Taking advantage of the BranchCache feature in Windows Server 2008 R2, we can spend $20,000 rather than $50,000 per year on bandwidth by postponing our expansion schedule.”

David Feng, IT Director, Sporton International

Convergent Computing (CCO) wanted to improve remote network access for its mobile users. Using the DirectAccess and BranchCache™ features in Windows Server® 2008 R2 and Windows 7, CCO has simplified remote connection to its network and sped the downloading of important files. It has cut costs by eliminating its virtual private network and has seen a 43 percent savings in wide area network (WAN) bandwidth.


To summarize l.jpg

To Summarize

BranchCache™ reduces WAN bandwidth consumed by end users for intranet based HTTP and SMB traffic and improves end user experience

BranchCache™ accelerates delivery of encrypted and signed content such as when using HTTPS, IPsec, SMB signing and at the same time ensures authorization of usersby the server at the central office.

BranchCache™ doesn’t require additional equipment in the branch offices and can be easily managed using existing systems management technology such as group policy

BranchCache has a vibrant and growing ecosystem giving customers the choice to pick a solution that works best for their needs


Session evaluations l.jpg

Session Evaluations

Tell us what you think, and you could win!

All evaluations submitted are automatically entered into a daily prize draw* 

Sign-in to the Schedule Builder at http://europe.msteched.com/topic/list/

* Details of prize draw rules can be obtained from the Information Desk.


Slide33 l.jpg

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


  • Login