Deploying a Hosted Mode BranchCache Server - Part 2: The Lab Network and Order of Operations

by Thomas Shinder [Published on 24 Nov. 2009 / Last Updated on 24 Nov. 2009]

How to deploy a Hosted Mode BranchCache server. Taking a look at the lab network and order of operations.

If you would like to read the other parts in this article series please go to:

Note: This article series was continued by Debra Shinder MVP from part 3.

Introduction

In this first part of this series on BranchCache, I went over some of the basic principles that underlie the BranchCache infrastructure and how the request, response and caching processes work. If you have not had a chance to read that yet, then I suggest you give it a quick look now so that you will understand what it is that we are trying to accomplish in this and subsequent articles.

Remember that BranchCache works in one of two modes:

  1. Hosted Mode
  2. Distributed Mode

With Hosted Mode, BranchCache caches content on a central BranchCache server on the branch office network. With Distributed Mode, the content is cached throughout the branch office network on Windows 7 or Windows Server 2008 R2 machines. In most cases you will want to take advantage of Hosted Mode, since you can run the BranchCache service on the same machine that might be acting as a file server, Web server, or even domain controller. The reason for this is that BranchCache does not take a lot of processor, memory or networking resources.

The Lab Network

Our lab network is going to be a bit different than those you might have seen in demos done on BranchCache on the Internet. In these online demos, the presenter typically uses some type of software to throttle bandwidth between the simulated branch office network and the main office network. This is nice because the presenter can show how slow the initial access is, and then how fast access it is after the content is cached at the branch office. It does a good sales job and that is the point of most of these presentations.

In our lab network we are going to use a single subnet and we are not going to create a simulated branch office and main office network. We already know that content that is accessed locally over a 1 Gbps network is going to be faster than when it’s accessed over a 1.5Mbps WAN link. We get that. So, we will use a simple single segment network and then use Network Monitor to show the connections between the clients, the content server, and the BranchCache server. These network monitor traces will demonstrate that content is indeed obtained from the BranchCache server and not the original content server.

Speaking of the lab network, take a look at the figure below to get a basic overview of the machines that will participate in this configuration guide. Note that I am using VMware Workstation 7.0 for this series, but you can also use VMware ESX or Hyper-V. The virtualization platform is not important and the configuration will work on any platform.


Figure 1: The Lab Network

The machines participating in the lab are:

  1. DC.branchcache.com – this machine is the domain controller for the branchcache.com domain. This machine also has Active Directory Certificate Services installed on it because we will need to obtain a server certificate for the BranchCache server on the network. This machine is running Windows Server 2008 R2 and has the IP address 10.0.0.2/24.
  2. FileServer.branchcache.com – this machine is a file server and a Web server that will act as the BranchCache content server. I have already installed the Web Server role on this machine. I will need to enable BranchCache on this machine and then when the configuration is complete, we will see if the machine sends the content identifiers and other metadata to the clients. This machine is running Windows Server 2008 R2 and has the IP address 10.0.0.3/24
  3. BC.branchcache.com – this is the Hosted Mode BranchCache server. The content that is obtained by the clients from the content server will be cached on this content server. We will use Network Monitor at the end of the configuration process to prove that content is indeed obtained from the cache, and not from the content server on subsequent requests. This machine is running Windows Server 2008 R2 and has the IP address 10.0.0.4/24.
  4. Client1.branchcache.com and Client2.branchcache.com – these are Windows 7 client computers that will access the content from the content server. The Client1 machine will make the initial connection to the content server and then will offer the content to the BranchCache server. The Client2 machine will make a request for the same content from the content server, and we’ll see that the content ends up actually being provided by the BranchCache server

It’s Not Hard – But It’s Not Easy Either

There is existing documentation on how to deploy the BranchCache feature. However, I found that it is very difficult to understand what to do solely based on this document. Part of the problem is that they have mixed the Hosted Mode and Distributed Mode configuration steps in a single document. Another problem is that they have configured all the headings using the same header levels, so it is hard to tell when one set of procedures starts and when one set of procedures ends.

BranchCache is designed to be a “set it and forget it” service. There is not a lot of management involved after the BranchCache solution is installed and configured – it just works. However, in order to get it to a point where “it just works” you need to do a lot of preparatory work. There are a lot of places where things can go wrong, so it’s important to have a high level understanding of what you are going to do before you get started.

Here is the process:

  1. Install BranchCache on the content server – this step is simple – you just need to install the BranchCache feature on the content server. The content server is the machine that contains the Files Shares or Web content that users will download. In a production environment this machine is located at the main office. In our lab, all the machines are connected to the same network.
  2. Install Files services role on the content server – BranchCache can cache files for both Web and files servers. I have already installed the Web server role on the content server because there’s nothing special you need to do with the Web server to make BranchCache work on the content server. However, there are some things you need to do after installing the File Services role in order to cache the content obtained over SMB 2.0.

    - Configure the File Services Role – after installing the File Services role, we will need to carry out some configuration tasks to get BranchCache working.

    - Enable Hash Publication – because hash values are used to find and identify content, we need to configure the content server hosting content over SMB 2.0 to create and publish these hash values.
  3. Create a File Server OU – we will create a file server OU in Active Directory so that we can apply some specific Group Policy configurations to File Servers that will act as BranchCache content servers infallible.

    - Move the File Server into the File Server OU – after creating the File Servers OU, the next step will be to move the File Servers into this OU.
  4. Create a Hash Publication Group Policy Object – to simplify the process of configuring File Server to publish hashes for the content they server, we will manage these configuration tasks using Group Policy. You’ll want to do this in a production environment because there is much less overhead in using Group Policy compared to going to each machine and manually configuring these settings on each box.

    - Configure the Hash Publication Group Policy Object – after creating the Hash Publishing Group Policy Object, the next step is to configure it. Makes sense :)
  5. Enable BranchCache on a File Share – you can configure BranchCache to work on all file shares on a BranchCache content server, or you can do it on a per-folder basis. In this step we will show you how to enable it for all shares or for specific shares. In this lab, we will enable BranchCache for a specific share.
  6. Configure Clients to use BranchCache Hosted Mode – at this point we are done configuring the BranchCache content server – it is ready to server Web and File content to Windows 7 and Windows Server 2008 R2 computers that are BranchCache client enabled. So now we need to move to the clients and get them BranchCache enabled.

    - Use Group Policy to BranchCache enable the clients – while we could use netsh to manually configure the clients so that they are BranchCache enabled, that would be a major hassle in a production environment. Instead, we will reduce our management overhead by using Group Policy.

    - Use Group Policy Windows Firewall snap-in to configure client firewalls – there are a number of protocols that we need to enable so that clients can request cached files from the BranchCache server and also to allow the BranchCache server to obtained cached content from the machines that made the initial request from the content server. We’ll use the Windows Firewall with Advanced Security GPO snap-in to configure the clients with the right firewall settings for BranchCache.
  7. Install and Configure the BranchCache Hosted Mode Server – at this point we are done with the clients so we can move on to configuring the BranchCache Hosted Mode server. This is the most complex series of configuration settings and offers the greatest opportunity for making an error – so make sure you understand the process flow for getting the BranchCache Hosted Mode server configuration going before you get started.

    - Install the BranchCache Feature on the BranchCache Hosted Mode Server – the first step on the BranchCache server is to install the feature. This is easy.

    - Enable BranchCache on the Hosted Mode BranchCache server – After installing the BranchCache feature, we will enable it.

    - Install a certificate on the Hosted Mode BranchCache server – this is probably the most complex series of steps that we will carry out. Not because of the BranchCache component, but because we are going to move away from the BranchCache configuration steps to the PKI configuration. The BranchCache server needs a server certificate because it must be able to authenticate itself to a client that offers content to it after the client obtains content from a BranchCache enabled content server. The way this works is that after the client obtains the content from the content server, it advertises this content to the BranchCache Hosted Mode server. When the client connects to the BranchCache Hosted Mode server, the Hosted Mode server must be able to authenticate itself to the client using a server certificate – that is the purpose of the certificate.
  • Create a Hosted Mode BranchCache Servers Group in Active Directory – we will do that so that we can configure autoenrollment for the BranchCache servers
  • Add Hosted Mode BranchCache Servers to the Active Directory Hosted Mode BranchCache Servers Group – after creating the group, we need to populate it with the machines that will act as Hosted Mode BranchCache servers
  • Configure a Certificate Template for the BranchCache Hosted Mode Servers on the Certificate Authority – we will create a certificate template that will be used to issue certificates to the BranchCache Hosted Mode servers through autoenrollment
  • Configure Autoenrollment – did I say autoenrollment? Yes—now we need to configure autoenrollment in Group Policy so that the Hosted Mode BranchCache servers can obtain their server certificates automatically. Sure, we could do this manually, but you’ll likely have a number of Hosted Mode BranchCache servers, so why not automate the certificate issuance?
  • Refresh Group Policy – we need to do this to make sure that everyone gets their Group Policy settings and that the BranchCache Hosted Mode servers obtain their certificates
  • Obtain SHA-1 Hash of Server Certificate – this hash of the certificate will be used to link the certificate to the BranchCache service
  • Link Certificate to BranchCache Finally, we need to link the certificate to the BranchCache service

After everything is installed and configured, we will test the solution by making a request for content from the content server and then having a second client make a request for the same content. We will use Network Monitor to see what’s happening “on the wire” and prove to ourselves that subsequent requires for content are being served from the BranchCache Hosted Mode server and not from the content server.

That’s it – and that is what we are going to do in this series of articles. So to summarize, there are seven major steps that we need to carry out:

  • Install BranchCache on the content server
  • Install the File Services role on the content server
  • Create a File Server OU
  • Create a hash publication Group Policy Object
  • Enable BranchCache on a File Share
  • Configure Clients to use BranchCache Hosted Mode
  • Install and Configure the BranchCache Hosted Mode Server

As you can see, there are going to be a lot of moving parts and everything needs to be done right for it to work. We will go through each of the steps in detail, discuss the rationale behind the steps, and have plenty of screenshots so that you can see what needs to be done before you do it yourself.

Summary

In this, part two of our series on BranchCache, we went over the configuration of the lab network and then did a detailed review of the steps required to make BranchCache Hosted Mode work. While BranchCache is designed to be a “set it and forget it” solution, it is important to understand that there are a lot of moving parts behind the scenes that need to be configured before you can “forget it”. In the next installment of this series, we will get to the configuration tasks and get the ball rolling. At this point I am not sure how many parts this series will be, but I figure at least three more – with maybe one more to show you some troubleshooting and performance monitoring tricks. See you next time! –Tom.

If you would like to read the other parts in this article series please go to:

Note: This article series was continued by Debra Shinder MVP from part 3.

Advertisement

Featured Links