ravi rao senior program manager microsoft corporation wsv303
TRANSCRIPT
![Page 1: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/1.jpg)
![Page 2: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/2.jpg)
BranchCache: Helping You Save on WAN Bandwidth Consumption at Branch Offices Ravi Rao
Senior Program ManagerMicrosoft CorporationWSV303
![Page 3: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/3.jpg)
Agenda
Problem backgroundSolution modesDeploymentDemoDeep Dives
Content IdentificationIntegration architectureSecurityEnd to end flow
PartnersResources
![Page 4: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/4.jpg)
Problem BackgroundThin, expensive WAN links between main office and branch offices
High link utilization Poor application responsiveness Trend towards data centralization
![Page 5: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/5.jpg)
Customers Say…“We are improving the efficiency of our branch offices and saving bandwidth by using BranchCache in Windows Server 2008 R2 and Windows 7,” said Lukas Kucera, IT services manager of Lukoil CEEB, one of the largest integrated oil and gas companies in the world. “Some of our smaller facilities, such as the office in Slovakia and the storage terminal in Belgium, have just five to 10 users, so it’s not efficient to deploy a file server on-site, but it consumes bandwidth to have them continually accessing files from the main servers. BranchCache is the perfect solution.”
“Taking advantage of the BranchCache feature in Windows Server 2008 R2, we can spend $20,000 rather than $50,000 per year on bandwidth by postponing our expansion schedule.”David Feng, IT Director, Sporton International
Convergent Computing (CCO) wanted to improve remote network access for its mobile users. Using the DirectAccess and BranchCache™ features in Windows Server® 2008 R2 and Windows 7, CCO has simplified remote connection to its network and sped the downloading of important files. It has cut costs by eliminating its virtual private network and has seen a 43 percent savings in wide area network (WAN) bandwidth.
![Page 6: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/6.jpg)
Solution Tenets
Optimized
• Distributed – retrieve from other clients in the branch
• Centralized – retrieve from a “hosted cache” in the branch
Secured• Client can only
retrieve content locally if authorized by the content server
• All data transfers in the branch are encrypted
End to End• Maintains
protocol integrity
• Benefits from protocol optimizations
• Optimizes SSL, IPsec, SMB signing, HTTP, SMB
![Page 7: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/7.jpg)
Get
GetID
Get
Data
Distributed Cache
Get
IDData
Data
![Page 8: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/8.jpg)
Get
GetID
Put
Data
Hosted Cache
Get
DataID
Search
Get
Sear
ch
Request
Offer
ID
ID
ID
Data
ID
Data
![Page 9: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/9.jpg)
Hosted CacheCentralized cache of data downloaded by the branch
The Hosted cache on Windows Server 2008 R2 provides the following features
A centralized cache for Protocols: HTTP, SMB E2E encrypted/signed traffic: SSL, IPsec, SMB signing etc
Does not “modify” protocols; benefits from protocol optimizationsConfigurable size/location/persisted across reboots/flush-ableWorks across multiple subnetsAdmins can seed content by writing custom scriptsCan be a virtual workload in an appliance
Easy to deploy; clients are configured via policy
![Page 10: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/10.jpg)
Hosted CacheData cached at hosted cache server
Recommended for larger branchesCache stored centrally: can use existing server in the branchCache availability is highEnables branch-wide caching
Hosted Cache vs. Distributed
Enterprise
Distributed CacheDistributed CacheData cached amongst clients
Recommended for branches without any infrastructureEasy to deploy: Enabled on clients through Group PolicyCache availability decreases with laptops that go offline
![Page 11: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/11.jpg)
Overall Framework
IE
HTTP
BranchCache™
SMB
Explorer
3rd Party Applications
Robocopy
Office WMPBITSOfficeSharePointAppV
![Page 12: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/12.jpg)
Deployment
![Page 13: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/13.jpg)
Deployment
DistributedHQ: Content Server (must run R2)Branch: Client (must run Win 7 or R2)
HostedHQ: Content Server (must run R2)Branch: Hosted Cache (must run R2)Branch: Client (must run Win 7)
Works on Server Core R2 as well!
![Page 14: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/14.jpg)
Deployment - Content server
HTTP server (IIS) - Install the BranchCache feature from Server Manager
SMB server (File server) – Install the BranchCache role service feature within the file server role using Server Manager
That’s it…
![Page 15: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/15.jpg)
Deployment - ClientIdentify the “branch”• An Active Directory Site• An IP address range• A collection of specific client computers
Choose how to deploy• Group Policy• netsh
Deploy to clients!• Group policy: Use built-in ADMX files• netsh: Run netsh branchcache set service distributed on all relevant clients
![Page 16: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/16.jpg)
Deployment – Hosted CacheSetup the hosted cache• Install the BranchCache feature on an R2 server• Install a server-auth certificate for use with SSL• Run netsh branchcache set service hostedserver on the hosted cache
Identify Branch
Choose how to deploy
Deploy to clients!• Group policy: Use built-in ADMX files• netsh: Run netsh branchcache set service hostedclient location=<> on all clients
![Page 17: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/17.jpg)
IISFile Server
Group PolicyManagement
Install BranchCache™ feature on an R2 server
Group Policy to enable clients
HostedCache
Optionally, install a hosted cache in your branch
Deployment - Summary
![Page 18: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/18.jpg)
Additional configuration options
Enable / disable distributed cache modeEnable / disable hosted cache modeSet the cache sizeSet the location of the hosted cacheClear the cacheCreate and replicate a shared key for use in a server clusterAnd more …
Works in domains and workgroups
![Page 19: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/19.jpg)
Monitoring
Event logs - Operational logs & Audit logs
Perfmon counters - Client, hosted cache and Content Server
netsh for querying the infrastructure for |potential problems
Cache size too small, firewall issues, certificate problems etc
SCOM pack - for rolling all the information up
![Page 20: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/20.jpg)
BranchCache in ActionDevrim IyigunSenior Product ManagerMicrosoft Corporation
demo
![Page 21: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/21.jpg)
Going Deeper…
![Page 22: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/22.jpg)
Content Identifiers
S1 S2 S3
B1
B2
B1
B2
Bn
B1
B2
Bn
Content
SegmentsUnit of discovery
BlocksUnit of download
HashesReturned by server
Segment hashes, Block hashesup to ~2000x data reduction
Bn
![Page 23: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/23.jpg)
HTTP Integration
http.sys
IIS
BranchCache
wininet
Open URL
“Branch Cache Capable” Get data
Data
Data
Data
H1 H2 H4 H5Hashlist
Hashlist
HashlistHashlist
Data
Data
H3
BranchCache
IE
![Page 24: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/24.jpg)
SMB Integration
SMB ServerDriver
SMB Hash Generation
Service HashGen Utility
Generate or update hash
Generate or update hashApplication
CSC Driver SMB Client Driver
CSCCache
Hashlist
CSC Service
BranchCache
DataHashlist
Request Hashes
ReadFile
Data
Prefetch File Data
DataAccess hashes
Savehashes
Request Hashes
Hashlist
Hashlist
![Page 25: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/25.jpg)
How is SSL Optimized?
Sockets
SSL
HTTP
IE
BranchCach
e
BranchCach
e
Data encrypted
Data in clear
Data in clear
Client Server
Data encryptedIPsec
Sockets
SSL
HTTP
IIS
Data encrypted
Data in clear
Data in clear
IPsec
Data encryptedData encrypted
![Page 26: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/26.jpg)
Security
B1
B2
BnBlocks
Block hashesHash(block)
Segment hash (SH)Hash (Blockhashes)
Server secret keyKs
Private Segment key (SK)Hash(SH, Ks)
Encryption keyHash(SK, “KeKeKe”)
Segment discovery keyHash(SK, SH+”HoHoDk”)
Client
Server
![Page 27: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/27.jpg)
Flow – a Security View
Client requests data from the server, and indicates BranchCache capability
Server authorizes the clientServer retrieves metadata (block hashes, segment hashes, private segment key) for the dataServer sends metadata on same channel as data
Client computes a segment discovery keyBroadcasts on the local network
![Page 28: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/28.jpg)
Flow, Continued
Serving clients receive the broadcastDecrypt the segment hash from the segment discovery keyRespond with data availability
Client requests blocks from the serving clientServing client computes encryption key from the segment private keyServing client encrypts each block with the encryption key
Client receives the dataDecrypts the dataValidates block data against the block hashIf valid, returns to application
![Page 29: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/29.jpg)
Security of Data at Rest
ClientsCache only contains content requested by the clientData in cache ACL’d so that it is only accessible if authorized by the serverIf data leakage is a concern, then use BitLocker or EFS
Hosted CacheCache contains content requested by all branch clients Use BitLocker or EFS to encrypt cache as necessary
All data can be purged from the cache using netsh
![Page 30: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/30.jpg)
BranchCache Ecosystem Partnersannouncing
![Page 31: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/31.jpg)
Steelhead ApplianceRSP
VM VM VM VM
Virtualization Layer
VM
Riverbed and Microsoft to extend optimization further for Windows 7 users with BranchCache
Microsoft and Riverbed - Better TogetherJoint Optimization Solution for Windows 7 users
Riverbed Steelhead: Leading WAN optimization solution + BranchCacheLeader in the Gartner magic quadrantAccelerate applications: CIFS, MAPI, HTTP/S, TCP, and all other key protocolsCut bandwidth use: Save 65 – 95% of WAN utilizationPOLP Licensing Partner, and Windows OEMDeliver Windows to the branch with the Riverbed Services Platform (RSP): Offer Windows services such as AD, Streaming, Print, DNS and BranchCacheVisit Booth 247 for more info
![Page 32: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/32.jpg)
WAN
Blue Coat – BranchCache Support
About Blue Coat Application Delivery Network Vendor ProxySG for WAN Optimization & Secure Web GatewayLeader in Gartner Magic Quadrants
Secure Web Gateway, Sep 2008 WAN Optimization Controllers, Nov 2007
Blue Coat will support BranchCache protocolsBlue Coat will license Hosted Cache protocols on ProxySGEdge site hosted cache for SMB2, SMB signed & IPsecCore site proxy for legacy content servers (non-WS 2008 R2)
RemoteOffice
Data Center
ProxySG
ProxySG
![Page 33: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/33.jpg)
F5 and BranchCache
F5 is a player in Application Delivery Networking, with the mission of building network devices that support your applications, ensuring high availability, scalability, performance and security.BranchCache adds to BIG-IP’s WAN acceleration portfolioSee a demo of BranchCache on the BIG-IP 6900 –visit booth 311
![Page 34: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/34.jpg)
New Generation Application Delivery PlatformApplication Acceleration & Load Balancing BranchCache Augments AX Native Optimized Caching
![Page 35: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/35.jpg)
BranchCache: Enhancing the Windows File Experience
Delivering best-in-class Windows® files services solutionThousands of joint customers using SMB (CIFS) todayUse ranges from home directories to high performance engineering applicationsNow also supporting SMB 2.0
BranchCache — NetApp® as a Content ServerBring remote Windows users closerSave on bandwidth and remote administration
NetApp is a gold sponsor – visit their booth!
Branch office / remote users
NetApp NAS in the data
center
![Page 36: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/36.jpg)
Symantec Support for BranchCacheSymantec
World’s 4th largest ISV… Found in almost as many Windows environments as Microsoft
Security, Storage, HA, Backup, Archiving, Data Loss Prevention, Management…
Altiris Server Management Suite from SymantecProvide support for monitoring BranchCache on Windows Server 2008 R2Provide alerting when problems are detectedOrchestrate and automate remediation when necessary Branch
Corp HQ data center
Altiris Server Management
SuiteFrom Symantec
![Page 37: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/37.jpg)
Site to Site VPN
Forefront Threat Management Gateway in the Branch
Web Proxy & CacheFeaturing• Anti-Virus• URL Filtering• HTTPS Inspection• Network Intrusion Inspection
Single Host for TMG & BranchCache (Hosted Cache) Standard deployment
• Enterprise Management• Running on Windows
Server 2008 R2
![Page 38: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/38.jpg)
To SummarizeBranchCache™ reduces WAN bandwidth consumed by end users for intranet based HTTP and SMB traffic and improves end user experience
BranchCache™ accelerates delivery of encrypted and signed content such as when using HTTPS, IPsec, SMB signing and at the same time ensures authorization of users by the server at the central office.
BranchCache™ doesn’t require additional equipment in the branch offices and can be easily managed using existing systems management technology such as group policy
BranchCache has a vibrant and growing ecosystem giving customers the choice to pick a solution that works best for their needs
![Page 39: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/39.jpg)
ResourcesWebsite/TechNet
http://www.branchcache.com http://technet.microsoft.com/en-us/network/dd425028.aspx
At TechEd, we have booths in the TLC Orange AreaWindows Server Branch Office Solutions - BranchCacheWindows Services for the Branch – Partner Solutions
![Page 40: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/40.jpg)
www.microsoft.com/teched
Sessions On-Demand & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learningMicrosoft Certification and Training Resources
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources
![Page 41: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/41.jpg)
Related Content
Breakout Sessions WSV 403: Enhancing the Branch office experience with Windows Server 2008 R2
Hands-on LabsWSV14-HOL: Windows Server 2008 R2 - BranchCaching
![Page 42: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/42.jpg)
Windows Server ResourcesMake sure you pick up your copy of Windows Server 2008 R2 RC from the Materials Distribution Counter
Learn More about Windows Server 2008 R2: www.microsoft.com/WindowsServer2008R2
Technical Learning Center (Orange Section): Highlighting Windows Server 2008 and R2 technologies•Over 15 booths and experts from Microsoft and our partners
![Page 43: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/43.jpg)
Complete an evaluation on CommNet and enter to win!
![Page 44: Ravi Rao Senior Program Manager Microsoft Corporation WSV303](https://reader035.vdocument.in/reader035/viewer/2022081419/551b0ec9550346f70d8b5ddb/html5/thumbnails/44.jpg)
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.