slide1
Download
Skip this Video
Download Presentation
WSV303 : Deep Dive on Designing a BranchCache Infrastructure

Loading in 2 Seconds...

play fullscreen
1 / 33

WSV303: Deep Dive on Designing a BranchCache Infrastructure - PowerPoint PPT Presentation


  • 323 Views
  • Uploaded on

WSV303 : Deep Dive on Designing a BranchCache Infrastructure . Tyler Barton Program Manager Manish Kalra Senior Product Manager Microsoft Corporation. Session Objectives and Takeaways. Identify the problems BranchCache solves Demonstrate how BranchCache works

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'WSV303: Deep Dive on Designing a BranchCache Infrastructure' - talasi


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
wsv303 deep dive on designing a branchcache infrastructure

WSV303: Deep Dive on Designing a BranchCache Infrastructure

Tyler Barton

Program Manager

Manish Kalra

Senior Product Manager

Microsoft Corporation

session objectives and takeaways
Session Objectives and Takeaways
  • Identify the problems BranchCache solves
  • Demonstrate how BranchCache works
  • Explain how to deploy BranchCache
agenda
Agenda

1.  Problem Background

2.  BranchCacheSolution Modes

3. Accelerated Protocols and Workloads

4.  Deployment and Management

5. BranchCache Protocols and Content Identification

6.  Security

branch the problem space
Branch – The problem space

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

$$

problem background7
Problem Background

Thin, expensive WAN links between

main office and branch offices

  • High link utilization
  • Poor application responsiveness
  • Trend towards data centralization
branchcache distributed cache
BranchCache Distributed Cache

Data

Main Office

Get

Get

ID

ID

Data

Data

Get

Get

Branch Office

branchcache hosted cache
BranchCache Hosted Cache

ID

Get

Main Office

Get

ID

ID

ID

ID

ID

Data

ID

Data

Data

Data

Search

Get

Offer

Search

Put

Get

Request

Branch Office

branchcache is a platform
BranchCache is a Platform

Content Server

Uses server side Peer Distribution APIs to get identifiers for data. IDs are packed in a Content Information structure

Content Information Structure

Transmitted over the accelerated protocol instead of data. Contains everything the client needs to find data locally.

Client

Feeds the Content Information structure into the client side Peer Distribution APIs to find and download content locally.

framework
Framework

3rd Party Applications

Office

CopyFile

Explorer

SharePoint

Office

BITS

WMP

IE

SMB

HTTP

BranchCache™

http https integration
HTTP/HTTPS Integration

IE

IIS

Open

URL

Data

“Branch Cache Capable”

Data

Getdata

wininet

http.sys

Hashlist

Hashlist

Data

Data

Hashlist

BranchCache

BranchCache

Data

H3

H1

H2

H4

H5

Hashlist

smb smb signing integration
SMB/SMB Signing Integration

BranchCache

Data

Hashlist

SMB Hash Generation Service

Generate or update hash

Application

CSC Service

HashGen Utility

ReadFile

Request

Hashes

Prefetch

File

Generate or update hash

Savehashes

Data

Request

Hashes

Hashlist

Data

CSC Driver

SMB Client Driver

SMB Server

Driver

Access hashes

Hashlist

Data

CSCCache

deployment overview
Deployment Overview

Use Group Policy to enable Windows BranchCache on Windows 7 clients

Install the optional “Windows BranchCache” component on a Windows 2008 R2 web or file server

Branch Office

Branch Office

IIS

Group Policy

Management

File Server

Hosted Cache

Main Office

Branch Office

  • Optionally, install a hosted cache in your branch. Configure clients to use it with Group Policy
hosted cache vs distributed cache
Hosted Cache vs Distributed Cache

Enterprise

Hosted Cache Data cached at hosted cache server

Distributed Cache

Data cached amongst clients

  • Recommended for larger branches
  • Cache stored centrally: can use existing server in the branch
  • Cache availability is high
  • Enables branch-wide caching
  • Recommended for branches without any infrastructure
  • Easy to deploy: Enabled on clients through Group Policy
  • Cache availability decreases with laptops that go offline
data bocks and segments
Data, Bocks and Segments

Segment hashes, Block hashesup to ~2000x data reduction

Hashes

Returned by server

Blocks

Unit of download

B1

B2

Bn

B1

B2

Bn

B1

B2

Bn

Segments

Unit of discovery

S1

S2

S3

Content

branchcache protocols

PCCRD - Discovery

Based on WS-Discovery. Find data on computers in the same subnet

BranchCache Protocols

PCCRTP - HTTP

Extensions for retrieving Content Information over HTTP

PCCRD

PCCRTP

PCCRR

PCCRR - Retrieval

Used by a client to download blocks from a peer or the hosted cache. Also used by the hosted cache to download from a client

IIS

SMB 2.1

File Server

SMB 2.1

Extensions for retrieving Content Information over SMB

PCCRR

PCCRR

PCHC

PCHC – Hosted Cache Offer

Used by a client to alert the hosted cache when new blocks are available.

security overview
Security Overview

Server transmits content information structure to the client only if the client has access. Transfer happens over the accelerated protocol.

Server authenticates the client and performs authorization checks

Client downloads encrypted blocks from a peer or the hosted cache and decrypts them with the encryption key,

Client uses content information structure to calculate:

-segment id (public)

-encryption key (private)

Cached data is stored in the clear, but can be protected with BitLocker or EFS

Client multicasts the segment id to find a peer with the data

security computations
Security Computations

Client

Segment Id

Hash(Kp, HoD + K)

Encryption key

Ke = Kp

Segment Secret

Kp = Hash(HoD, Ks)

Segment hash of data

HoD = Hash (Blockhashes)

Server secret key

Ks

Block hashes

Hash(block)

B1

B2

Bn

Blocks

Server

non attacks
Non-Attacks
  • Tamper with data
  • Eavesdrop on data transfers
  • Get unauthorized access to cached data
  • Predict the keys for a piece of content
how is ssl optimized
How is SSL Optimized?

Client

Server

Branch Cache

Branch Cache

IIS

IE

Data in clear

Data in clear

HTTP

HTTP

Data in clear

Data in clear

SSL

SSL

Data encrypted

Data encrypted

Sockets

Sockets

Data encrypted

Data encrypted

IPsec

IPsec

Data encrypted

branchcache in action

BranchCache In Action

Tyler BartonProgram Manager

Microsoft Corporation

demo

security of data at rest
Security of Data at Rest
  • Clients
  • Cache only contains content requested by the client
  • Data in cache ACL’d so that it is only accessible if authorized by the server
  • If data leakage is a concern, then use BitLocker or EFS
  • Hosted Cache
  • Cache contains content requested by all branch clients
  • Use BitLocker or EFS to encrypt cache as necessary

All data can be purged from the cache using netsh

customers say
Customers say…

“We are improving the efficiency of our branch offices and saving bandwidth by using BranchCache in Windows Server 2008 R2 and Windows 7,” said Lukas Kucera, IT services manager of Lukoil CEEB, one of the largest integrated oil and gas companies in the world. “Some of our smaller facilities, such as the office in Slovakia and the storage terminal in Belgium, have just five to 10 users, so it’s not efficient to deploy a file server on-site, but it consumes bandwidth to have them continually accessing files from the main servers. BranchCache is the perfect solution.”

“Taking advantage of the BranchCache feature in Windows Server 2008 R2, we can spend $20,000 rather than $50,000 per year on bandwidth by postponing our expansion schedule.”

David Feng, IT Director, Sporton International

Convergent Computing (CCO) wanted to improve remote network access for its mobile users. Using the DirectAccess and BranchCache™ features in Windows Server® 2008 R2 and Windows 7, CCO has simplified remote connection to its network and sped the downloading of important files. It has cut costs by eliminating its virtual private network and has seen a 43 percent savings in wide area network (WAN) bandwidth.

to summarize
To Summarize

BranchCache™ reduces WAN bandwidth consumed by end users for intranet based HTTP and SMB traffic and improves end user experience

BranchCache™ accelerates delivery of encrypted and signed content such as when using HTTPS, IPsec, SMB signing and at the same time ensures authorization of usersby the server at the central office.

BranchCache™ doesn’t require additional equipment in the branch offices and can be easily managed using existing systems management technology such as group policy

BranchCache has a vibrant and growing ecosystem giving customers the choice to pick a solution that works best for their needs

session evaluations

Session Evaluations

Tell us what you think, and you could win!

All evaluations submitted are automatically entered into a daily prize draw* 

Sign-in to the Schedule Builder at http://europe.msteched.com/topic/list/

* Details of prize draw rules can be obtained from the Information Desk.

slide33

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

ad