BranchCache in Windows Server 2012 and Windows 8
In this post, I would like to discuss the changes that BranchCache technology has undergone in Windows Server 2012 and Windows 8 . The principle of operation and the architecture of technology have already been discussed in one of the previous posts, so I will mainly focus on new features and improvements.
Nonetheless, literally in a nutshell about what BranchCache is, in case you first come across this technology. BranchCache is a technology for caching data transmitted via SMB and HTTP / HTTPS protocols. Accordingly, BranchCache is used in branch offices and remote offices to reduce the traffic transmitted over the WAN channels and to increase the response speed of applications when working with data located on remote servers.
Two important features of BranchCache that distinguish it from other caching technologies:
To use BranchCache, a file server or a web server must be located on Windows Server 2008 R2 or Windows Server 2012, and client computers must have one of the following operating systems installed: Windows 7 Enterprise, Windows 7 Ultimate, or Windows 8 Enterprise.
')
All changes in BranchCache in Windows Server 2012 and Windows 8 can be grouped in three areas: performance, management, scalability. Consider successively every direction.
The principle of splitting source files into blocks for calculating metadata (hash for each block) has changed. If earlier the file was divided into blocks of equal size (64 KB), now the block boundaries for each file are determined based on the Rabin fingerprint method.
What does this give? Suppose there is a 100 KB image on a website page. The same picture is inserted into the document, which is stored on the file ball. When processing both the site pages and the document using fingerprint, the boundaries of the blocks will be arranged in such a way that the picture there and there will be separated into a separate block of 100 KB. And since the contents of these blocks are the same in both cases, the hashes of these blocks will be the same (for example, ID2 in the figure above). A branch user is accessing a webpage for the first time, and it is downloaded block by block from the website and placed in the cache. Now, if the same or another user of this branch opens the mentioned document with the balls removed, then the document content is also block-by-block downloaded from the file server, with the exception of the picture, the block with which is already in the branch.
It should be added that exactly the same algorithm for determining block boundaries is used by the Windows Server 2012 deduplication service. Therefore, if the section on which the contents of the web site and / or file balls reside is deduplicated, then the files into blocks are already broken, the hashes are already calculated, and BranchCache uses this metadata without repartitioning / computing.
Previously, it was actually necessary for each branch to create its own GPO to configure BranchCache on branch clients. This is especially true if the branch office used a dedicated cache server (hosted cache), since it was the GPO that indicated the name of this server, and the clients thus understood where the dedicated cache is located.
A hosted cache server running Windows Server 2012 can register a Service Connection Point (SCP) in Active Directory. Clients running Windows 8 Enterprise, using AD, use SCP to locate the cache server, and the one closest to them, that is, located in the same AD site. This, in turn, allows you to potentially have only one GPO to configure all BranchCache clients of the organization.
Traditionally for Windows Server 2012 and Windows 8, the whole range of BranchCache administration tasks — installation, configuration, status checking — can be implemented using PowerShell, which I also consider to be pluses. In Windows 7, for example, it was necessary to use the less friendly Netsh to check the status or reset the cache. Returning to the hosted cache, installing the necessary BranchCache components, configuring the server as a cache server and registering the SCP is done by two cmdlets:
After that, by running
In order for clients with Windows 8 to use SCP to search for the cache server, you must enable the new Enable Automatic Hosted Cache Discovery by Service Connection Point option in the GPO.
I note that if the Set BranchCache Distributed Cache mode option is enabled along with this parameter, the client first tries to detect and use hosted cache through the SCP, and if this fails, it switches to distributed cache mode.
In many scenarios, it would be useful to be able to pre-cache certain data, for example, reports that are updated at the end of each week, so that on Monday morning the latest reports are already located in the branch cache. Now this can be implemented with the following cmdlets:
The first line generates metadata for files in the specified folder and adds data blocks of these files to a so-called data package for export. A similar cmdlet for a website is called
The resulting archive is exported in any available way to the required cache servers in the branches, where it is imported using:
Thus, we get a "heated" cache.
The last innovation that I would like to point out in the management context is that the cached data is stored in encrypted form by default. The administrator is no longer required any additional gestures, such as turning on BitLocker, configuring EFS, etc., to ensure the security of the cache. There is also no need to configure the certificate on the hosted cache server, which will even more relieve the already busy sysadmin. :) However, a certificate is still needed if clients with Windows 7 will access the cache server.
Branch branch discord. After the appearance of BranchCache in Windows Server 2008 R2 and Windows 7, we encountered scenarios for using technology in branch offices with a staff of several thousand and a cache size of hundreds of gigabytes. The original BranchCache implementation was not optimized for this scale. BranchCache now uses the Extensible Storage Engine (ESE) as its storage, allowing it to process terabytes of data.
In addition, if earlier it was possible to configure only one hosted cache server per branch, now, in particular, due to SCP, there is no such limitation. You can scale the branch cache both vertically using the ESE engine and horizontally, deploying as many cache servers as you need.
In general, it seems to me that the changes are very interesting. A number of new settings (see p. New BranchCache Group Policy settings for the link) BranchCache in Group Policies will help ensure that Windows 7 and Windows 8 clients work correctly in one branch office. And, therefore, there are fewer reasons not to use the technology.
For more information on this and other features of Windows Server 2012 and Windows 8, you can view free courses on the Microsoft Virtual Academy portal:
• New features of Windows Server 2012. Part 1. Virtualization, networks, storage
• New features of Windows Server 2012. Part 2. Security, management, remote access, web platform
Hope the material was helpful.
Thank!
Nonetheless, literally in a nutshell about what BranchCache is, in case you first come across this technology. BranchCache is a technology for caching data transmitted via SMB and HTTP / HTTPS protocols. Accordingly, BranchCache is used in branch offices and remote offices to reduce the traffic transmitted over the WAN channels and to increase the response speed of applications when working with data located on remote servers.
Two important features of BranchCache that distinguish it from other caching technologies:
- Data in BranchCache is always relevant. To put it more precisely, if an application retrieves data from the cache, BranchCache technology ensures that this data is up to date.
- No access to the server - no access to the cache. In other words, if the BranchCache module cannot verify the identity of the original and cached files (the server is turned off, problems with the communication channel, etc.), then the data from the cache is not used.
To use BranchCache, a file server or a web server must be located on Windows Server 2008 R2 or Windows Server 2012, and client computers must have one of the following operating systems installed: Windows 7 Enterprise, Windows 7 Ultimate, or Windows 8 Enterprise.
')
All changes in BranchCache in Windows Server 2012 and Windows 8 can be grouped in three areas: performance, management, scalability. Consider successively every direction.
Performance
The principle of splitting source files into blocks for calculating metadata (hash for each block) has changed. If earlier the file was divided into blocks of equal size (64 KB), now the block boundaries for each file are determined based on the Rabin fingerprint method.
What does this give? Suppose there is a 100 KB image on a website page. The same picture is inserted into the document, which is stored on the file ball. When processing both the site pages and the document using fingerprint, the boundaries of the blocks will be arranged in such a way that the picture there and there will be separated into a separate block of 100 KB. And since the contents of these blocks are the same in both cases, the hashes of these blocks will be the same (for example, ID2 in the figure above). A branch user is accessing a webpage for the first time, and it is downloaded block by block from the website and placed in the cache. Now, if the same or another user of this branch opens the mentioned document with the balls removed, then the document content is also block-by-block downloaded from the file server, with the exception of the picture, the block with which is already in the branch.
It should be added that exactly the same algorithm for determining block boundaries is used by the Windows Server 2012 deduplication service. Therefore, if the section on which the contents of the web site and / or file balls reside is deduplicated, then the files into blocks are already broken, the hashes are already calculated, and BranchCache uses this metadata without repartitioning / computing.
Control
Previously, it was actually necessary for each branch to create its own GPO to configure BranchCache on branch clients. This is especially true if the branch office used a dedicated cache server (hosted cache), since it was the GPO that indicated the name of this server, and the clients thus understood where the dedicated cache is located.
A hosted cache server running Windows Server 2012 can register a Service Connection Point (SCP) in Active Directory. Clients running Windows 8 Enterprise, using AD, use SCP to locate the cache server, and the one closest to them, that is, located in the same AD site. This, in turn, allows you to potentially have only one GPO to configure all BranchCache clients of the organization.
Traditionally for Windows Server 2012 and Windows 8, the whole range of BranchCache administration tasks — installation, configuration, status checking — can be implemented using PowerShell, which I also consider to be pluses. In Windows 7, for example, it was necessary to use the less friendly Netsh to check the status or reset the cache. Returning to the hosted cache, installing the necessary BranchCache components, configuring the server as a cache server and registering the SCP is done by two cmdlets:
Install-WindowsFeature BranchCache –IncludeManagementTools Enable-BCHostedServer –RegisterSCP After that, by running
Get-BCStatus , you need to make sure that the two parameters in the HostedCacheServerConfiguration section are set to True .In order for clients with Windows 8 to use SCP to search for the cache server, you must enable the new Enable Automatic Hosted Cache Discovery by Service Connection Point option in the GPO.
I note that if the Set BranchCache Distributed Cache mode option is enabled along with this parameter, the client first tries to detect and use hosted cache through the SCP, and if this fails, it switches to distributed cache mode.
In many scenarios, it would be useful to be able to pre-cache certain data, for example, reports that are updated at the end of each week, so that on Monday morning the latest reports are already located in the branch cache. Now this can be implemented with the following cmdlets:
Publish-BCFileContent 'D:\Branch Documents' -StageData Export-BCCachePackage -Destination D:\Temp The first line generates metadata for files in the specified folder and adds data blocks of these files to a so-called data package for export. A similar cmdlet for a website is called
Publish-BCWebContent . The second line actually exports a set of hashes and data blocks to an archive file with the standard name PeerDistPackage.zip in the specified directory. The archive structure is as follows:The resulting archive is exported in any available way to the required cache servers in the branches, where it is imported using:
Import-BCCachePackage -Path D:\Temp\PeerDistPackage.zip Thus, we get a "heated" cache.
The last innovation that I would like to point out in the management context is that the cached data is stored in encrypted form by default. The administrator is no longer required any additional gestures, such as turning on BitLocker, configuring EFS, etc., to ensure the security of the cache. There is also no need to configure the certificate on the hosted cache server, which will even more relieve the already busy sysadmin. :) However, a certificate is still needed if clients with Windows 7 will access the cache server.
Scalability
Branch branch discord. After the appearance of BranchCache in Windows Server 2008 R2 and Windows 7, we encountered scenarios for using technology in branch offices with a staff of several thousand and a cache size of hundreds of gigabytes. The original BranchCache implementation was not optimized for this scale. BranchCache now uses the Extensible Storage Engine (ESE) as its storage, allowing it to process terabytes of data.
In addition, if earlier it was possible to configure only one hosted cache server per branch, now, in particular, due to SCP, there is no such limitation. You can scale the branch cache both vertically using the ESE engine and horizontally, deploying as many cache servers as you need.
In general, it seems to me that the changes are very interesting. A number of new settings (see p. New BranchCache Group Policy settings for the link) BranchCache in Group Policies will help ensure that Windows 7 and Windows 8 clients work correctly in one branch office. And, therefore, there are fewer reasons not to use the technology.
For more information on this and other features of Windows Server 2012 and Windows 8, you can view free courses on the Microsoft Virtual Academy portal:
• New features of Windows Server 2012. Part 1. Virtualization, networks, storage
• New features of Windows Server 2012. Part 2. Security, management, remote access, web platform
Hope the material was helpful.
Thank!
Source: https://habr.com/ru/post/166483/
All Articles