BranchCache in Windows 7 and Windows Server 2008 R2 Overview
Applies To: Windows 7, Windows Server 2008 R2
BranchCache™ is a feature in Windows® 7 and Windows Server® 2008 R2 that can reduce wide area network (WAN) utilization and enhance network application responsiveness when users access content in a central office from branch office locations. When you enable BranchCache, a copy of the content that is retrieved from the Web server or file server is cached within the branch office. If another client in the branch requests the same content, the client can download it directly from the local branch network without needing to retrieve the content by using the Wide Area Network (WAN).
This whitepaper provides an overview of BranchCache, explains the different modes in which BranchCache operates, and describes how BranchCache is configured. The paper also explains how BranchCache works with Web servers and file servers and the steps BranchCache takes to determine that the content is up-to-date.
For a complete view of Windows 7 resources, articles, demos, and guidance, please visit the Springboard Series for Windows 7 on the Windows Client TechCenter.
Users at branch offices often experience poor performance when they use network applications that connect to servers by using the WAN. For example, it might take several seconds or even minutes for a branch-office user to open a large file on a shared folder located on a server at the central office. Similarly, a user attempting to view a video in their Web browser might have to wait for a long time for the video to load.
BranchCache is designed to give branch-office users an experience like being connected directly to the central office. With BranchCache, the first client to download data from a Web server or file server (known as the content server) caches a copy on the local branch network. Subsequent clients, download the locally cached copy of the content from within the branch after it is authenticated and authorized by the content server.
BranchCache is designed to work with your existing network and security infrastructure. It supports IPv4, IPv6, and end-to-end encryption methods such as SSL and IPsec. BranchCache ensures that the most up-to-date version of content is served and that clients are authorized by the content server before they can retrieve content from within the branch.
Your system must meet the following requirements to use BranchCache:
Client computers must be running Windows 7, with the BranchCache feature enabled.
Web servers file servers must be running Windows Server 2008 R2, with the BranchCache feature enabled.
Depending on where the cache is located, BranchCache can operate in one of two modes: Hosted Cache mode or Distributed Cache mode. The Hosted Cache mode operates by deploying a computer that is running Windows Server 2008 R2 as a host in the branch office. Clients are configured with the fully qualified domain name of the host computer so that they can retrieve content from the Hosted Cache, when available. If the content is not available in the Hosted Cache, it is retrieved from the content server by using the WAN and then offered to the Hosted Cache so that subsequent clients can benefit.
For branch offices with fewer than 50 users, BranchCache can be configured in Distributed Cache mode. In this mode, local Windows 7 clients keep a copy of the content and make it available to other authorized clients that request the same data. This eliminates the need to have a server in the branch office. However, unlike Hosted Cache mode, this configuration works across a single subnet only (that is, the content has to be retrieved once per subnet in the branch office by using the WAN ). In addition, clients that hibernate or otherwise disconnect from the network are not able to provide content to requesting clients. The sections that follow describe Hosted Cache mode and Distributed Cache mode in more detail.
The mechanism for reducing bandwidth is to send metadata about the content (known as content metadata) to clients, which retrieve the content from within the branch. This reduces the WAN bandwidth because the content metadata is significantly smaller than the actual content. Prior to sending content metadata, the server authorizes the client.It is important that the content server sends the content metadata to each client to ensure that the client always receives hashes for the most up-to-date content.
The content is broken into blocks. For each block, a hash is computed (known as the block hash). A hash is also computed on a collection of blocks (known as the segment hash). Content metadata is primarily composed of block hashes and segment hashes.The hash algorithm that is used is SHA 256. The compression ratio achieved is approximately 2000:1. That is, the size of the metadata is ~2000 times smaller than the size of the original data itself.
Segment hashes provide a unit of discovery. This helps reduce the total number of lookups performed for a given content (compared to looking up every block). Block hashes are a unit of download. When a client needs to retrieve data from the Hosted Cache or another client, it downloads the content in units of blocks to ensure that the data can quickly return to the application.
The minimum size of content that BranchCache would cache is 64 KB. When content is less than 64 KB, data is directly retrieved from the content server by using the WAN.
Figure 1 Blocks and hashes
Hosted Cache mode
The Hosted Cache is a central repository of data downloaded from BranchCache enabled servers into the branch office by BranchCache enabled clients. The configuration of Hosted Cache mode is described later in this document.
Hosted Cache mode does not require a dedicated server. The BranchCache feature can be enabled on a server that is running Windows Server 2008 R2, which is located in a branch that is also running other workloads. In addition, BranchCache can be set up as a virtual workload and run on a server with other workloads, such as File and Print.
Figure 2 illustrates Hosted Cache mode and provides a simplified illustration of the document caching and retrieval process.
Figure 2 Hosted Cache mode
At a detailed level, Hosted Cache mode uses the following process to cache and retrieve data:
The Windows 7 client connects to the content server and requests a file (or part of a file) exactly as it would if it were to retrieve the file without using BranchCache.
The content server authenticates and authorizes the client exactly as it would without using BranchCache. If successful, it returns content metadata over the same channel that data would normally have been sent.
The client uses the hashes in the metadata to search for the file in the Hosted Cache server. Because this is the first time any client has retrieved the file, it is not already cached on the local network. Therefore, the client retrieves the file directly from the content server.
The client establishes a Secure Sockets Layer (SSL) connection with the Hosted Cache server, and it offers the content identifiers over this encrypted channel.
The Hosted Cache server connects to the client and retrieves the set of blocks that it does not have cached.
A second Windows 7 client requests the same file from the content server. Again, the content server authorizes the user and returns content identifiers.
The client uses these identifiers to request the data from the Hosted Cache server. The Hosted Cache server encrypts the data and returns it to the client. (The data is encrypted by using a key that is derived from the hashes sent by the content server as part of the content metadata.)
The client decrypts the data, computes the hashes on the blocks received from the Hosted Cache, and ensures that it is identical to the block hashes that the content server provided as part of the content metadata. This ensures that the content has not been modified.
Distributed Cache mode
In Distributed Cache mode, Windows 7 clients cache content that they retrieve by using the WAN, then send that content directly to other authorized Windows 7 clients upon request. Distributed Cache mode is best suited for branch offices with fewer than 50 users.
Figure 3 illustrates Distributed Cache mode and provides a simplified illustration of the caching and retrieval process. The first client to retrieve content from a content server by using the WAN becomes a source for that content within the branch for other clients requesting the same content. When a second client requests the same content, it downloads the content metadata from the content server. The second client then sends a request for the segment hashes on the local network to determine if any other client already has the data cached. Finding the first client, the second client retrieves the content locally from it.
Figure 3 Distributed Cache mode
This process is similar to the process followed by the Hosted Cache mode, except that the requests for cached content are sent to the local network and a Hosted Cache server is not required.
At a detailed level, the Distributed Cache mode uses the following process to cache and retrieve data:
A Windows 7 client connects to the content server and requests a file (or part of a file), exactly as it would if it were to retrieve the file without using BranchCache.
The content server authenticates and authorizes the client, and the server returns an identifier that the client uses to search for the file on the local network. Because this is the first time any client has attempted to retrieve the file, it is not already cached on the local network. Therefore, the client retrieves the file directly from the content server and caches it.
A second Windows 7 client requests the same file from the content server. The content server authenticates and authorizes the user in exactly the same manner it would if BranchCache were not being used. If successful, it returns content metadata over the same channel that data would normally have been sent.
The second client sends a request on the local network for the required file by using the Web Services Discovery (WS-Discovery) multicast protocol. For more information about WS_Discovery, see the whitepaper Web Services Dynamic Discovery.
The client that previously cached the file sends the file to the requesting client. The data is encrypted by using a key that is derived from the hashes sent by the content server as part of the content metadata.
The client decrypts the data, computes the hashes on the blocks received from the first client, and ensures that it is identical to the block hashes provided as part of the content metadata by the content server. This ensures that the content has not been modified.
Distributed Cache mode allows IT professionals to take advantage of BranchCache with minimal hardware deployments in the branch office. However, if the branch has deployed other infrastructure (for example, servers running workloads such as file or print), using Hosted Cache mode may be beneficial for the following reasons:
Increased cache availability. Hosted Cache mode increases the cache efficiency because content is available even if the client that originally requested the data is offline.
Caching for the entire branch office. Distributed Cache mode operates on a single subnet. If a branch office that is using Distributed Cache mode has multiple subnets, a client on each subnet needs to download a separate copy of each requested file. With Hosted Cache mode, all clients in a branch office can access a single cache, even if they are on different subnets.