Streamlining the Branch Infrastructure with BranchCache

Optimizing the branch infrastructure with branchcache l.jpg
1 / 45
1254 days ago, 338 views
PowerPoint PPT Presentation
Motivation. 1.

Presentation Transcript

Slide 1

Required Slide SESSION CODE: WSV322 Optimizing the Branch Infrastructure with BranchCache Tyler Barton Program Manager Microsoft Corporation Manish Kalra Senior Product Manager Microsoft Corporation

Slide 2

Agenda 1. Issue Background 2. BranchCache Solution Modes 3. Conventions and Workloads 4. Sending and Management 5. Profound Dives Content Identification Integration Architecture Security End to End Flow 6. Q&A

Slide 3

Problem Background

Slide 4

Branch – The issue space $$ $$

Slide 5

Problem Background High connection use Poor application responsiveness Trend towards information centralization Thin, costly WAN connections between primary office and branch workplaces

Slide 6

BranchCache Solution Modes

Slide 7

BranchCache Distributed Cache Data Main Office Get ID Data Get Branch Office

Slide 8

BranchCache Hosted Cache ID Get Main Office Get ID Data ID Data Search Get Offer Search Put Get Request Branch Office

Slide 9

Entities in the Solution Distributed Cache Client (in the branch)– wishes to get content Serving customer (in the branch) – serves substance to asking for customer Content Server (over the WAN connection) Hosted Cache Client (in the branch) Hosted Cache Server (in the branch) Content Server (over the WAN connection)

Slide 10

Hosted Cache versus Distributed Cache Enterprise Hosted Cache Data reserved at facilitated store server Distributed Cache Data stored among customers Recommended for bigger branches Cache put away midway: can utilize existing server in the branch Cache accessibility is high Enables far reaching reserving Recommended for branches with no foundation Easy to send: Enabled on customers through Group Policy Cache accessibility diminishes with tablets that go disconnected

Slide 11

Protocols and Workloads

Slide 12

Overall Framework outsider Applications Office CopyFile Explorer SharePoint Office BITS WMP IE SMB HTTP BranchCache™

Slide 13

Configuration Manager & WSUS Goals Reduce WAN use in the remote office situation Reduce the quantity of effectively oversaw Distribution Points For clients, exchange content quicker and with less confinements in the remote office situation Integration Distribution Points (DPs) keep running on Windows Server 2008 R2 Download bundles (applications, refreshes and so on) once into a branch office, get it from different customers or the Hosted Cache after that Support for Configuration Manager (and WSUS) customers accessible on Windows Vista, Windows Server 2008 R2

Slide 14

Application Virtualization ( AppV ) Goals Make clients beneficial rapidly in branch workplaces Save on the requirement for conveying IT framework in branch workplaces Reduce transmission capacity use over the WAN connection to spare costs Integration HTTP Streaming in AppV advanced utilizing BranchCache Virtual applications just need to cross the WAN connection once Eliminate IIS Servers ( AppV organizing servers) from the branch office Support accessible on Windows 7 and Windows Server 2008 R2

Slide 15

SharePoint & IIS Goals Improve SharePoint, IIS responsiveness in branch workplaces without requiring separate branch foundation Enable Office Web Applications to see enhanced execution in branch workplaces Integration IIS and SharePoint need to keep running on Windows Server 2008 R2 Users never get stale substance; if substance is refreshed, the substance identifiers change Support accessible for Windows 7 and Windows 2008 R2

Slide 16

File Servers Goals Improve the SMB convention to decrease glibness over the WAN connection, and know about normal application practices Reduce transfer speed usage over the WAN connection, and enhance execution of utilizations ( Robocopy , Office and so on) in branch workplaces Integration SMB 2.1 presents "Renting and OpLocks " – instruments to enhance convention conduct over the WAN connection BranchCache reconciliation guarantees that information needs to move over the WAN connection just once SMB Transparent Caching empowers better street warrior situations Offline Files empowers document get to notwithstanding when WAN connection is down All application semantics around locking are consequently kept up Available on Windows 7 and Windows Server 2008 R2

Slide 17

DirectAccess , SSL, IPsec , SMB Signing Scenarios obliging end-to-end secure, scrambled transports "simply work" with BranchCache thus, DirectAccess , IPsec situations, (for example, Server/Domain Isolation) and even indicate point VPNs naturally work

Slide 18

How is SSL Optimized? Customer Server Branch Cache Branch Cache IIS IE Data in clear Data in clear HTTP Data in clear Data in clear SSL Data encoded Data scrambled Sockets Data scrambled Data scrambled IPsec Data encoded

Slide 19

Deployment and Management

Slide 20

Deployment Overview Use Group Policy to empower Windows BranchCache on Windows 7 customers Install the discretionary "Windows BranchCache" part on a Windows 2008 R2 web or record server Branch Office Branch Office IIS Group Policy Management File Server Hosted Cache Main Office Branch Office Optionally, introduce a facilitated store in your branch. Design customers to utilize it with Group Policy

Slide 21

Deployment - Content Server HTTP server (IIS) - Install the BranchCache include from Server Manager SMB server (File server) – Install the BranchCache part benefit highlight inside the record server part utilizing Server Manager That's it…

Slide 22

BranchCache Deployment Distributed Cache Implementation HQ: Content Server (Windows Server 2008 R2 required) Branch: Client (Windows 7 required) Hosted Cache Implementation HQ: Content Server (Windows Server 2008 R2 required) Branch: Hosted Cache (Windows Server 2008 R2 required) Branch: Client (Windows 7 required)

Slide 23

Distributed Cache Mode Deployment Identify the "branch" An Active Directory Site An IP address extend A gathering of particular customer PCs Choose how to convey Group Policy netsh Deploy to customers Group strategy: Use worked in ADMX documents netsh : Run netsh branchcache set administration disseminated on every single important customer

Slide 24

Hosted Cache Mode Deployment Setup the Hosted Cache Install the BranchCache include on a R2 server Install a server-auth authentication for use with SSL Run netsh branchcache set administration facilitated server on the facilitated store Identify Branch Choose how to convey Deploy to customers Group approach: Use worked in ADMX records netsh : Run netsh branchcache set administration hostedclient location=<> on all customers

Slide 25

Monitoring Event logs - Operational logs & Audit logs Perfmon counters - Client, facilitated reserve and Content Server netsh for questioning the framework for potential issues Cache estimate too little, firewall issues, endorsement issues and so forth MOM pack - for moving all the data up

Slide 26

Additional Configuration Options With gathering arrangement and NetSH you can: Enable/impair Distributed Cache Enable/handicap Hosted Cache Set the reserve measure Set the area of the Hosted Cache Clear the reserve Create and recreate a common key for use in a server bunch And more … Works in spaces and workgroups

Slide 27

BranchCache Demo Tyler Barton Program Manager Microsoft Corporation DEMO

Slide 28

Deep Dives

Slide 29

Content Identifiers Segment hashes, Block hashes up to ~2000x information lessening Hashes Returned by server Blocks Unit of download B1 B2 Bn B1 B2 Bn B1 B2 Bn Segments Unit of disclosure S1 S2 S3 Content

Slide 30

HTTP/HTTPS Integration IE IIS Open URL Data "Branch Cache Capable" Data Get information wininet http.sys Hashlist Data Hashlist Branch Cache Branch Cache Data H3 H1 H2 H4 H5 Hashlist

Slide 31

SMB/SMB Signing Integration Branch Cache Data Hashlist SMB Hash Generation Service Generate or refresh hash Application CSC Service HashGen Utility ReadFile Request Hashes Prefetch File Generate or refresh hash Save hashes Data Request Hashes Hashlist Data CSC Driver SMB Client Driver SMB Server Driver Access hashes Hashlist Data CSC Cache

Slide 32

Security Client Segment Id Hash( Kp , HoD + K) Encryption key Ke = Kp Segment Secret Kp = Hash( HoD , Ks) Segment hash of information HoD = Hash ( Blockhashes ) Server mystery key Ks Block hashes Hash(block) B1 B2 Bn Blocks Server

Slide 33

Flow – a Security View Client asks for information from the server, and shows BranchCache capacity Server approves the customer Server recovers content identifiers (square hashes, portion hashes, section privileged insights) for the information Server sends content identifiers on same station as information Client processes a fragment ID Broadcasts on the nearby system

Slide 34

Flow, Continued Serving customers get the communicate Decrypt the section hash from the portion revelation key Respond with information accessibility Client asks for pieces from the serving customer Serving customer figures encryption key from the portion mystery Serving customer scrambles each square with the encryption key Client gets the information Decrypts the information Validates square information against the piece hash If legitimate, comes back to application

Slide 35

Security of Data at Rest Clients Cache just contains content asked for by the customer Data in store ACL'd so it is just available if approved by the server If information spillage is a worry, then utilize BitLocker or EFS Hosted Cache contains content asked for by all branch customers Use BitLocker or EFS to encode reserve as vital All information can be cleansed from the reserve utilizing netsh

Slide 36

Customers say… "We are enhancing the productivity of our branch workplaces and sparing transmission capacity by utilizing BranchCache in Windows Server 2008 R2 and Windows 7," said Lukas Kucera , IT administrations administrator of Lukoil CEEB, one of the biggest coordinated oil and gas organizations on the planet. "Some of our littler offices, for example, the workplace in Slovakia and the capacity terminal in Belgium