Practical Technology

for practical people.

BranchCache Basics: Moving the Central Office Closer

| 0 comments

It’s Monday morning, everyone’s hammering the servers, and your customers want the information yesterday. Part of the remote branch IT blues is that it can be darn hard to get quick access to the data stored at the company’s central office when you need it Right Now.

With Windows 7 and Server 2008 R2, Microsoft has an answer to these woes. BranchCache enables a user in a remote office or home office to access the central office’s files much faster. The first person who wants the file — let’s call it MarketingBudget.xls — still needs to download it over the Internet the way you’re used to. But, once the first remote office user (we’ll call her Nancy) downloads the file, a copy is cached locally on either a local Windows Server 2008 R2 server, or, if need be, on a PC running Windows 7 Enterprise or Windows 7 Ultimate. That way, when Joe (in the cubicle next to Nancy) needs the file, Joe’s PC automatically grabs it from the local BranchCache server. Joe doesn’t waste time, not to mention bandwidth, by dragging the file from the central network servers all over again .

Doesn’t sound like much? Think again. Let’s say your company has several dozen employees all accessing the same multi-megabyte pricing Excel spreadsheet several times a day. The difference between waiting for the file repeatedly over a 1.54 Megabit per second T1 line adds up. What might take a minute or two over an Internet VPN or Secure Remote Connect takes less than a second over your local office’s Gigabit or even Fast Ethernet (100 Mbps) network.

The basics of BranchCache, in either Distributed or Hosted, are quite simple. Frequently accessed files are kept locally, either on Windows 7 PCs or Windows Server 2008 R2. When a file is called for, BranchCache checks in with the central office to make sure it’s up-to-date. If it is, it delivers the data at LAN speed instead of Internet speeds.

Of course, as with many of Windows 7’s best networking features, Windows 7 can’t use BranchCache by itself. You also need to run Windows Server 2008 R2. However, the good news is that you only need Windows Server 2008 R2 at the home office data center; it’s not an absolute requirement to have a Windows Server 2008 R2 server at your branch offices. Here’s how it works.

First, keep in mind that BranchCache doesn’t cache everything. You can’t use it, for example, to speed up an application you’re running from a home office data server. What BranchCache does help you with is any data or files that can be transferred by Background Intelligent Transfer service (BITS), Server Message Block 2 (SMB) protocol, Secure Hypertext Transfer Protocol (HTTPs), and Hypertext Transfer Protocol 1.1 (HTTP). Still, that should cover 99% of data transfers.

If you don’t have an instance of Server 2008 R2 running at the local office, you need to use Distributed Cache. In this approach, your local Windows 7 client PCs can cache content from the central office after the first person who needs it. Then, if someone else needs the file in the local office, the request is intercepted by the Windows 7 BranchCache software and the file is sent to the other user via a peer-to-peer networking link.

If you have a Server 2008 R2 server at hand, you are better off using it with Hosted Cache. Here, BranchCache operates as a classic client/server application. As a user requests the popular Web page or file, the Windows 7 PC retrieves the the file from the server. The hosted cache software keeps track of what everyone is requesting from the home office. In server mode, BranchCache isn’t too demanding; you can use the server for other lightweight jobs such as file and print-serving.

To set up either version, turn to Microsoft Technet’s BranchCache Early Adopter’s Guide. While this Microsoft document hasn’t been updated since April 2009, in my BranchCache testing I didn’t find any outdated information.

For the most part, there’s little to choose from between these two modes. There is, however, one important difference: how they scale. Microsoft recommends, and I agree with them, that you should only use Distributed Cache if you have 50 or fewer Windows 7 PCs in your office. If you go over that, chances are you’ll start running into local slowdowns that erase the advantage you were getting from BranchCache in the first place.

Another difference between Distributed and Hosted Cache is that Distributed Cache can only work on a single subnet. With Hosted Cache mode, however, that’s not a problem. If the clients can reach the Server 2008 R2 server, they can get to its Hosted Cache files, even if they’re on different subnets.

The moral of this story is pretty clear. If you operate a good-sized office with 50 or more Windows 7 PCs, just bite the bullet and add a Windows Server 2008 R2 box to the local hardware mix.

No matter which method you use, BranchCache works in the same basic way. Whenever someone asks for a file or a Web page that might be held in a cache, the client software first checks to see if there’s an up-to-date version of the file locally. This is done by seeing if the local content’s metadata matches up with the home office’s content metadata. If it does, the local client goes on to retrieve the data from the local BranchCache server, be it another Windows 7 PC or a Server 2008 R2 server.

Before BranchCache goes that far, though, it checks to make sure that the Windows 7 PC and its user are authorized to get at the data. This authentication and authorization works just as it would if BranchCache wasn’t in the loop at all. Thus, BranchCache uses your normal security protocols without needing any additional safeguards.

Those of you with a hacker’s turn of mind might be thinking, “That’s all well and good, but what about the data sitting on a Windows 7 PC in a Distributed Cache? What’s to stop me from walking over to that PC and seeing how much Joe in accounting really makes?” That is a problem.

You see, both Windows 7 and Windows Server 2008 R2 keeps the cached data in its ordinary format. If you want to keep that safe-and I think you will-you need to use BitLocker on the BranchCache computer drive. Alternatively, although it’s more trouble, you can use the older Encrypting File System on just the cache directory.

One thing you won’t need to worry about though is someone grabbing the cached information as it moves from PC to PC on your LAN. BranchCache data transmissions are automatically encrypted with 128-bit Advanced Encryption Standard (AES). Of course, when the data first gets to your local office it’s probably made it there over the Internet, but you are using a VPN or Secure Remote Connect? Right? Of course you are.

Finally, I feel I should spell it out: This feature, which makes corporate office file and Web site caching totally transparent to users, is only available to Windows 7 Enterprise and Windows 7 Ultimate PC users. You can’t get any good from BranchCache with Windows 7 Professional or any earlier version of Windows like Windows XP Pro.

That’s rather a pity, since it strikes me that would be easy to implement and very useful for small to medium businesses; they are likely to be Windows 7 Pro customers. That said, for larger customers with multiple offices and Windows 7 Enterprise or Windows 7 Ultimate on their IT shopping list for 2010, BranchCache should prove to be a very useful feature.

A version of this story was first published in IT Expert Zone. >

Leave a Reply