As discussed in the BranchCache overview article, BranchCache is used to optimize access to specific HTTP and SMB based remote files. This is done by configuring the content server with a new role which enables HTTP remote file optimization and a new feature which enables SMB remote file optimization.
BranchCache can also be used in one of two different modes which determine where the specific content is cached. The first of these is via a more standard server configuration; this server will physically sit at the remote site and be a storage location of the BranchCache cache which is referred to as hosted cache mode.
The second of these modes does not require a server at the remote site and utilizes the available configured Windows 7 ultimate and enterprise clients as storage locations. In this case the availability of the cache depends on the reachability of individual clients and not a central server location; this mode is referred to as distributed cache mode.
BranchCache Client Configuration
The first thing that we will do is explain the required client firewall configuration. The Windows firewall (or whatever firewall you are using) needs to be configured to support the BranchCache traffic. The first rule which must be created is called the Content Retrieval predefined rule which opens up TCP port 80 both inbound and outbound. The second rule depends on the mode of BranchCache operation:
- Distributed cache mode – Requires the configuration of the Peer-Discovery (Uses WSD) predefined rule which opens up UDP port 3702 both inbound and outbound.
- Hosted cache mode – Requires the configuration of the Hosted Cache Client predefined rule which opens up TCP port 443 outbound.
These options are shown in Figure 1 (click on the image to see full size):
The second thing that needs to be configured on the clients is a group policy which enables BranchCache and the specific mode of operation to be used. There are three different policies which are used to configure the initial operation of BranchCache; these three are located at ‘Computer Configuration\Administrative Templates\Network\BranchCache’ node and include:
- Turn On BranchCache – Used to enable the use of BranchCache
- Set BranchCache Distributed Cache Mode – Used to enable Distributed Cache Mode operation.
- Set BranchCache Hosted Cache Mode – Used to enable Hosted Cache mode and provide the Fully Qualified Domain Name of the hosted cache server.
Now this policy can be configured on the individual machines or via a domain level with group policy. Figure 2 below shows the policy screen used when configuring the policy on each individual machines and Figure 3 below shows the policy screen used when configuring via group policy.
Figure 2 – Local Computer Policy
Figure 3 – Domain Group Policy
Another alternative that is available to configure BranchCache on clients is the use of the ‘netsh’ command line tool. The use of a single ‘netsh’ command line entry can enable BranchCache, set the cache mode and configure the appropriate firewall rules. The list below shows the commonly used ‘netsh’ BranchCache options:
- netsh branchcache reset – Resets BranchCache configuration, stops the service, resets the registry to defaults and sets the service start type to manual.
- netsh branchcache show status – Shows the current service mode and status of BranchCache.
- netsh branchcache set service mode=distributed – Configures the client to use the distributed cache mode, changes the service start type to manual, and configures the appropriate firewall rules.
- netsh branchcache set service mode=hostedclient location=hostedserver – Configures the client to use the hosted cache mode, configures the location of thehostedserver, changes the service start type to manual, and configures the appropriate firewall rules.
Server Configuration
If you are using the distributed cache mode, the content server must be configured with BranchCache. If you are utilizing the hosted cache mode, the server acting as the cache server must be configured at the remote location and the content server must be configured with BranchCache.
The configuration of the HTTP content servers and the initial configuration of the hosted cache server is the same with the installation of the BranchCache feature; this is shown in Figure 4:
Figure 4 – BranchCache Feature Configuration
The second step when configuring the hosted BranchCache server is telling the server to act as a hosted cache server by using the ‘netsh branchcache set service mode=hostedserver clientauthentication=none’.
The third step depends on the specific configuration of the network being configured. This step requires that a trusted certificate relationship exist between the hosted cache server and the clients. This can either be done using a self-signed certificate on the hosted server which is also configured on clients as a Trusted Root Certification Authority or via a PKI infrastructure.
Now for the SMB content servers to support BranchCache a separate BranchCache role is configured on the content server; this role is part of the File Services role which is shown in Figure 5:
Figure 5 – File Service Role
When configuring the File Services role you must select the ‘BranchCache for Network Files’ option; this is shown in Figure 6:
Figure 6 – BranchCache for Network Files option
When configuring the SMB content server, a second step is required that enables Hash publication for BranchCache and is shown in Figure 7.
Figure 7 – BranchCache Hash Publication
Over the years there have been a number of different products and technologies created and implemented to improve the performance of remote data. BranchCache offers a modern alternative which requires little configuration effort and has the ability to give that extra performance required in these types of deployments.
No comments:
Post a Comment