1 / 33

WSV303 : Deep Dive on Designing a BranchCache Infrastructure

WSV303 : Deep Dive on Designing a BranchCache Infrastructure . Tyler Barton Program Manager Manish Kalra Senior Product Manager Microsoft Corporation. Session Objectives and Takeaways. Identify the problems BranchCache solves Demonstrate how BranchCache works

Télécharger la présentation

WSV303 : Deep Dive on Designing a BranchCache Infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. WSV303: Deep Dive on Designing a BranchCache Infrastructure Tyler Barton Program Manager Manish Kalra Senior Product Manager Microsoft Corporation

  2. Session Objectives and Takeaways • Identify the problems BranchCache solves • Demonstrate how BranchCache works • Explain how to deploy BranchCache

  3. Agenda 1.  Problem Background 2.  BranchCacheSolution Modes 3. Accelerated Protocols and Workloads 4.  Deployment and Management 5. BranchCache Protocols and Content Identification 6.  Security

  4. Problem Background

  5. Branch – The problem space $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$ $$

  6. Problem Background Thin, expensive WAN links between main office and branch offices • High link utilization • Poor application responsiveness • Trend towards data centralization

  7. BranchCache Solution Modes

  8. BranchCache Distributed Cache Data Main Office Get Get ID ID Data Data Get Get Branch Office

  9. BranchCache Hosted Cache ID Get Main Office Get ID ID ID ID ID Data ID Data Data Data Search Get Offer Search Put Get Request Branch Office

  10. Protocols and Workloads

  11. BranchCache is a Platform Content Server Uses server side Peer Distribution APIs to get identifiers for data. IDs are packed in a Content Information structure Content Information Structure Transmitted over the accelerated protocol instead of data. Contains everything the client needs to find data locally. Client Feeds the Content Information structure into the client side Peer Distribution APIs to find and download content locally.

  12. Framework 3rd Party Applications Office CopyFile Explorer SharePoint Office BITS WMP IE SMB HTTP BranchCache™

  13. Peer Distribution on MSDN

  14. HTTP/HTTPS Integration IE IIS Open URL Data “Branch Cache Capable” Data Getdata wininet http.sys Hashlist Hashlist Data Data Hashlist BranchCache BranchCache Data H3 H1 H2 H4 H5 Hashlist

  15. SMB/SMB Signing Integration BranchCache Data Hashlist SMB Hash Generation Service Generate or update hash Application CSC Service HashGen Utility ReadFile Request Hashes Prefetch File Generate or update hash Savehashes Data Request Hashes Hashlist Data CSC Driver SMB Client Driver SMB Server Driver Access hashes Hashlist Data CSCCache

  16. Deployment and Management

  17. Deployment Overview Use Group Policy to enable Windows BranchCache on Windows 7 clients Install the optional “Windows BranchCache” component on a Windows 2008 R2 web or file server Branch Office Branch Office IIS Group Policy Management File Server Hosted Cache Main Office Branch Office • Optionally, install a hosted cache in your branch. Configure clients to use it with Group Policy

  18. Hosted Cache vs Distributed Cache Enterprise Hosted Cache Data cached at hosted cache server Distributed Cache Data cached amongst clients • Recommended for larger branches • Cache stored centrally: can use existing server in the branch • Cache availability is high • Enables branch-wide caching • Recommended for branches without any infrastructure • Easy to deploy: Enabled on clients through Group Policy • Cache availability decreases with laptops that go offline

  19. BranchCache Protocols and Content Identification

  20. Data, Bocks and Segments Segment hashes, Block hashesup to ~2000x data reduction Hashes Returned by server Blocks Unit of download B1 B2 Bn B1 B2 Bn B1 B2 Bn Segments Unit of discovery S1 S2 S3 Content

  21. PCCRD - Discovery Based on WS-Discovery. Find data on computers in the same subnet BranchCache Protocols PCCRTP - HTTP Extensions for retrieving Content Information over HTTP PCCRD PCCRTP PCCRR PCCRR - Retrieval Used by a client to download blocks from a peer or the hosted cache. Also used by the hosted cache to download from a client IIS SMB 2.1 File Server SMB 2.1 Extensions for retrieving Content Information over SMB PCCRR PCCRR PCHC PCHC – Hosted Cache Offer Used by a client to alert the hosted cache when new blocks are available.

  22. Security

  23. Security Overview Server transmits content information structure to the client only if the client has access. Transfer happens over the accelerated protocol. Server authenticates the client and performs authorization checks Client downloads encrypted blocks from a peer or the hosted cache and decrypts them with the encryption key, Client uses content information structure to calculate: -segment id (public) -encryption key (private) Cached data is stored in the clear, but can be protected with BitLocker or EFS Client multicasts the segment id to find a peer with the data

  24. Security Computations Client Segment Id Hash(Kp, HoD + K) Encryption key Ke = Kp Segment Secret Kp = Hash(HoD, Ks) Segment hash of data HoD = Hash (Blockhashes) Server secret key Ks Block hashes Hash(block) B1 B2 Bn Blocks Server

  25. Non-Attacks • Tamper with data • Eavesdrop on data transfers • Get unauthorized access to cached data • Predict the keys for a piece of content

  26. How is SSL Optimized? Client Server Branch Cache Branch Cache IIS IE Data in clear Data in clear HTTP HTTP Data in clear Data in clear SSL SSL Data encrypted Data encrypted Sockets Sockets Data encrypted Data encrypted IPsec IPsec Data encrypted

  27. BranchCache In Action Tyler BartonProgram Manager Microsoft Corporation demo

  28. Security of Data at Rest • Clients • Cache only contains content requested by the client • Data in cache ACL’d so that it is only accessible if authorized by the server • If data leakage is a concern, then use BitLocker or EFS • Hosted Cache • Cache contains content requested by all branch clients • Use BitLocker or EFS to encrypt cache as necessary All data can be purged from the cache using netsh

  29. Customers say… “We are improving the efficiency of our branch offices and saving bandwidth by using BranchCache in Windows Server 2008 R2 and Windows 7,” said Lukas Kucera, IT services manager of Lukoil CEEB, one of the largest integrated oil and gas companies in the world. “Some of our smaller facilities, such as the office in Slovakia and the storage terminal in Belgium, have just five to 10 users, so it’s not efficient to deploy a file server on-site, but it consumes bandwidth to have them continually accessing files from the main servers. BranchCache is the perfect solution.” “Taking advantage of the BranchCache feature in Windows Server 2008 R2, we can spend $20,000 rather than $50,000 per year on bandwidth by postponing our expansion schedule.” David Feng, IT Director, Sporton International Convergent Computing (CCO) wanted to improve remote network access for its mobile users. Using the DirectAccess and BranchCache™ features in Windows Server® 2008 R2 and Windows 7, CCO has simplified remote connection to its network and sped the downloading of important files. It has cut costs by eliminating its virtual private network and has seen a 43 percent savings in wide area network (WAN) bandwidth.

  30. To Summarize BranchCache™ reduces WAN bandwidth consumed by end users for intranet based HTTP and SMB traffic and improves end user experience BranchCache™ accelerates delivery of encrypted and signed content such as when using HTTPS, IPsec, SMB signing and at the same time ensures authorization of usersby the server at the central office. BranchCache™ doesn’t require additional equipment in the branch offices and can be easily managed using existing systems management technology such as group policy BranchCache has a vibrant and growing ecosystem giving customers the choice to pick a solution that works best for their needs

  31. Session Evaluations Tell us what you think, and you could win! All evaluations submitted are automatically entered into a daily prize draw*  Sign-in to the Schedule Builder at * Details of prize draw rules can be obtained from the Information Desk.

  32. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related