Introduction to BranchCache - Part 1: Overview of BranchCache Features and Capabilities

by Thomas Shinder [Published on 29 Oct. 2009 / Last Updated on 29 Oct. 2009]

An overview of BranchCache’s features and capabilities.

If you would like to read the other parts in this article series please go to:

Note: This article series was continued by Debra Shinder MVP from part 3.

Introduction

As businesses grow, so does the number of branch offices. All businesses start small, and over time their main headquarters grow too. As they become more successful, they need to do more business with more people in more places. To bring their employees closer to customers and partners, successful businesses need to establish branch offices. Branch offices allow a company to exert influence in communities that it might otherwise not be able to obtain.

Branch office employees often need access to information stored at the main office. This information is often housed on Web file servers. To allow branch office users access to this information at the main office, IT needs to provide network connectivity. Historically, dedicated WAN links were used for this type of connectivity. However, due to the high cost of dedicated WAN links, many companies moved to virtual private networking technology (VPN) that leveraged the relatively low cost of Internet connectivity to create site to site VPNs. Site to site VPNs provided the same connectivity enabled by dedicated WAN links, but at a fraction of the cost.

Unfortunately, connecting branch offices to the main office is just the first problem. Regardless of the method used to connect the branch office to the main office, the speed of the connection is typically limited. This creates a productivity challenge for branch office workers. Employees need access to information at the main office in order to get their work done, but all the employees at the branch office need to share the same limited bandwidth available to the branch office. If all the workers need access to files at the main office at the same time, there is going to be a bandwidth problem. Even if all the users do not need to access the main office at the same, a single user might need to access large files in the multi-megabyte range, which can take minutes to hours to download. And if another user wants to access the same file, that user will have to wait the same amount of time for the same file and will clog the Internet “pipe” for the same amount of time as the first users.

There has got to be a better way.

Wide Area Files Services

Clearly, this is no efficient way to run a branch office. A number of solutions have been employed to speed up the branch office employee’s experience. These are collectivity known as “wide area files services” or WAFS solutions. The goal of all of these solutions is to make branch office users more productive by speeding up access to information obtained over relatively slow WAN links.

The big problem with most of the WAFS solutions out there is that they prohibitively expense and are often very complex to set up and configure. The combination of the high cost on-boarding experience with the significant expenses involved with ramping up the IT group on using the solution make it debatable whether the outlay for the WAFS solutions increases productivity enough to make for a good return on investment.

What we really need is a cost effective solution that is easy to manage. It would be even better if the technologies were baked into the client and server operating systems used on the network.

BranchCache Comes to the Rescue

Windows Server 2008 R2 and Windows 7 are just the solutions you have been waiting for. When you pair up Windows 7 clients with Windows Server 2008 R2 file and Web servers, you have the ability to take advantage of a new technology known as “BranchCache”. BranchCache is a new Microsoft technology that allows branch offices to cache content that branch office employees obtain from the main office.

Content obtained from BranchCache enabled servers (sometimes called “content servers” in BranchCache speak) can be cached on the client systems at the branch office or on BranchCache servers at the branch office.

Content can be cached when accessed using one of three protocols:

  • SMB 2.0
  • HTTP
  • BITS (Background Intelligent Transfer Service)

BranchCache works with other network encryption schemes you might already have in place. So if users at the branch office access content on an SSL site hosted at the main office, BranchCache will work with those connections with no extra configuration or effort on the part of IT or the end user. In the same way, if you use IPsec on your network, for example in a server or domain isolation environment, BranchCache will work with IPsec protected connections.

You can use BranchCache on IPv4 or IPv6 networks. This is great news to those of you who are worried about IPv6 because of DirectAccess. Even if you can not deploy DirectAccess because you are not up to speed yet on IPv6 or do not have an IPv6 environment to support DirectAccess, you can still run BranchCache, since it has no dependencies on IPv6.

BranchCache needs to be enabled on both the client and the server. When a user tries to access information on a BranchCache enabled file or Web server, the user is still authenticated in the same way the user would be authenticated even if BranchCache were not deployed. After the user is authenticated, the user is then authorized, again in the same way that it would take place even if BranchCache was not enabled.

BranchCache Hosted Mode and Distributed Mode

BranchCache can be configured to work in one of two modes:

  • Hosted Mode
  • Distributed Mode

Hosted Mode is used when you have more than 50 client systems at the branch office. With Hosted Mode, branch office client computers are configured with the FQDN of a machine at the branch office that is configured to be a BranchCache server.

When the client obtains content from BranchCache enabled Web or file server at the main office, it advertises this content to the BranchCache server at the branch office and the BranchCache server downloads that content from the client and makes it available to other clients at the branch office when they request the same content from the branch office.

This allows the branch office client machines to obtain the same content as the first user who accessed the content, but this time from the BranchCache server over a fast LAN connection instead of a slow WAN link.

Distributed Mode can be used when you have fewer than 50 client systems at the branch office. In this case, there is no BranchCache server. Instead, the BranchCache enabled client machines cache content on their local hard drives.

When the first machine at the branch office obtains some content on a BranchCache enabled Web or file server at the main office, the client caches the content on its local hard drive. By default, 5% of the BranchCache enabled client’s hard disk is reserved for the cache. When another machine on the branch office network tries to obtain the same content at the main office, the content is returned from the first client that accessed the content, instead of the main office file or Web server.

Distributed Mode uses a multicast protocol to advertise the cached content on the clients. For this reason, all clients on the branch office network need to be on the same network ID, or more accurately, all within the same multicast range. Also, machines that are hibernating or disconnected from the network would not be able to provide cached content to other users. However, there is an indication that machines in sleep mode might wake up if they are hosting cached content. I am not certain about this at this time, but the current documentation does suggest this possibility.

It should be pointed out that the same client cannot be configured to use Hosted and Distributed mode. If the client is configured to use Hosted Mode, then it will not maintain its own local cache of content. If the client is configured to use Distributed Mode, then it will not contact a local Hosted Mode BranchCache server.

Any application that uses the built in networking stack in Windows 7 will benefit from BranchCache when accessing content on BranchCache enabled servers using SMB 2.0 or HTTP 1.1. This means that users accessing content using Internet Explorer, Windows Explorer, Windows Media Player, and another other application that hooks into the client OS networking stack will benefit. However, if you have applications that implement their own HTTP 1.1. or SMB services, they will not benefit from BranchCache. That is to say, those applications will not benefit. However, other applications on the same machine will benefit if they use the native OS stack.

BranchCache Metadata

In order to make sure that the correct content is delivered to the clients requesting it, BranchCache enabled servers use a hashing scheme to identify content. When a user tries to access content on a BranchCache enabled Web or file server, the server returns to the user a SHA 256 hash value of the content instead of the content itself. This significantly reduces the amount of data transferred over the WAN link, since the metadata is about 2000 times smaller than the actual content.

Note:
The user must be authenticated and authorized to access that content before the metadata is sent to the user.

BranchCache calculates two hash values:

  • Content is broken down into blocks and a hash value is assigned to each block
  • Collections of blocks are defined and are labeled “segments”. A hash value is assigned to each segment

Segment hash values are used to identify content and block hash values are used to download content. If hash values on the segments has changed, it indicates that the content has changed and the file will need to be obtained either from another cache with updated content or from the original Web or file server.

Content is encrypted when it moves between peers (in Distributed Mode) or between the client and server (in Hosted Mode). The content is decrypted using an identifier provided by the original server from which the content was obtained. The identifier is only made available to users who have successfully authenticated with the BranchCache enabled Web or file server and only after they are confirmed as authorized to access that content. This prevents users who are not authorized to obtain the content from obtaining it from cached sources.

How Does BranchCache Work In Distributed Mode?

BranchCache works differently depending on whether you are using Hosted Mode or Distributed Mode.

For Distributed Mode, the series of events works like this:

  1. A client at the branch office requests a file on a BranchCache enabled Web or file server at the main office. This can be over SMB 2.0, HTTP 1.1 or BITS. The client tells the BranchCache enabled server that is BranchCache capable using a series of fields, messages or headers that are part of the BranchCache enabled protocol used by the Windows 7 client networking stack
  2. The BranchCache enabled server responds and provides the client a collection of identifiers that define the content the client wants. This information is transmitted using the established connection between the client and server using the protocol used to establish the original connection (SMB, HTTP 1.1 or BITS).
  3. The client tries to find a local computer that already has the content, based on the identifiers provided by the BranchCache enabled server. The Windows 7 client uses a new protocol, the BranchCache Discovery Protocol, which uses WS-Discovery, to multicast the request to all machines on the same network ID as the client system wanting the content. In this example, the client is the first client on the branch office network requesting the content and there is no copy of the content cached at the branch office.
  4. Since the client can’t get a cached copy of the content at the branch office, is makes another request to the BranchCache enabled server. This time, the client indicates to the BranchCache enabled server that the client isn’t BranchCache capable, meaning that the client tried to find the content in a BranchCache at the branch office but was not able to. The server responds by providing the actual data to the client, and the client puts this in its local cache on its local hard disk.
  5. Now a second machine at the branch office needs access to the same information. It makes a connection to the BranchCache enabled server at the main office, and downloads the identifiers for the requested information after being authenticated and authorized to obtain that content.
  6. The second machine then uses the BranchCache Discovery Protocol to multicast a request for this data to the machines at the branch office. The first client receives the multicast request from the second client and finds that it has the requested information in its local cache and sends a response to the second client.
  7. The second client then responds with a request for the content from the first client. This connection uses the BranchCache Retrieval Protocol, which uses HTTP. The first client sends the content to the second client over HTTP. Note that this content is encrypted using the identifiers sent by the content server, so this information can’t be intercepted while in flight over the network. The second client verifies the content against the identifiers it has (obtained from the content server). If verification is confirmed, the content is opened by the requesting application.

How Does BranchCache Work in Hosted Mode?

BranchCache in Hosted Mode works a little differently, using a different set of network protocols to support the solution:

  1. A client at the branch office requests a file on a BranchCache enabled Web or file server at the main office. This can be over SMB 2.0, HTTP 1.1 or BITS. The client tells the BranchCache enabled server that is BranchCache capable using a series of fields, messages or headers that are part of the BranchCache enabled protocol used by the Windows 7 client networking stack
  2. The client then sends a request for the content from the Hosted Mode BranchCache server on the branch office network. using the BranchCache Retrieval Protocol, or MS-PCCRD, which uses HTTP with a ephemeral source post on the client and TCP 80 on the BranchCache Hosted Mode server. The Hosted Mode server informs the client that it does not have the content.
  3. The client sends another request to the BranchCache enabled server at the main office, this time informing the server that it is not BranchCache capable. In this case, the server sends the data to the client.
  4. The client then informs the BranchCache Hosted Mode server in the branch office that it has new content to cache. It does this using the BranchCache Hosted Cache Protocol or MS-PCHC. This is done over HTTPS, with an ephemeral source port on the client and a destination port on the server of TCP 443.
  5. The Hosted Mode BranchCache server then connects to the client over an HTTP connection, using the BranchCache Retrieval Protocol, MS-PCCRD, which uses an ephemeral source port on the server and a destination port to the client of TCP port 80.
  6. The client sends the content to the Hosted Mode BranchCache server at the branch office.
  7. A second client makes a request for the same data to the BranchCache enabled Web or file server at the main office. The client receives the identifiers from the main office server. The client then makes a request for this content from the branch office Hosted Mode BranchCache server over the BranchCache Retrieval Protocol. The BranchCache Hosted Mode server sends the encrypted content.
  8. The client verifies the content and after verification, opens it in the requesting application.

Summary

As organizations grow the need for branch offices is increasing. Branch office employees need access to information contained on main office Web and file servers. The problem is that WAN links are relative slow compared to LAN speeds. In order to improve performance and employee productivity, wide area file services can be used to accelerate access to remote content. Windows Server 2008 R2 and Windows 7 introduce a new option – BranchCache. BranchCache enables Windows 7 clients to obtain main office content that has been cached on the branch office network. BranchCache works in one of two modes: Distributed or Hosted Mode. Distributed allows clients to request cached content from one another, while Hosted Mode centralizes the cache on a BranchCache server. Distributed Mode should be used when there are fewer than 50 clients on the branch office network. BranchCache respects authentication and authorization requirements on the Web and file servers, so that access is not different than a non-BranchCache scenario. BranchCache content transferred over the wire is encrypted, so that it cannot be intercepted while in flight.

If you would like to read the other parts in this article series please go to:

Note: This article series was continued by Debra Shinder MVP from part 3.

Featured Links