Driven by challenges of reducing cost and complexity of Branch IT, organizations are seeking to centralize applications. However, as organizations centralize applications the dependency on the availability and quality of the WAN link increases. A direct result of centralization is the increased utilization of the WAN link, and the degradation of application performance. Recent studies have shown the despite of the reduction of costs associated with WAN links, and WAN costs are still a major component of enterprises’ operational expenses.
Figure 31: The branch office problem
The BranchCache™™ feature in Windows Server 2008 R2 and Windows 7 Client reduces the network utilization on WAN links that connect branch offices and improve end user experience at branch locations, by locally caching frequently used content on the branch office network.
As remote branch clients attempt to retrieve data from servers located in the corporate data center, they store a copy of the retrieved content on the local branch office network. Subsequent requests for the same content are served from this local cache in the branch office, thereby improving access times locally and reducing WAN bandwidth utilization between the branch and corpnet. BranchCache™ caches both HTTP and SMB content and ensures access to only authorized users as the authorization process is carried out at the servers located in the data center. BranchCache™ works alongside SSL or IPSEC encrypted content and accelerates delivery of such content as well.
BranchCache™ can be implemented in two ways: The first involves storing the cached content on a dedicated BranchCache™ server located in the branch office which improves cache availability. This scenario will likely be the most popular and is intended for larger branch offices where numerous users might be looking to access the BranchCache™ feature simultaneously. A BranchCache™ server at the remote site ensures that content is always available as well as maintaining end-to-end security for all content requests.
Figure 32: The BranchCache™ server deployment scenario
The second deployment scenario centers around peer content requests and is intended solely for very small remote offices, with roughly 5-10 users that don’t warrant a dedicated local server resource. In this scenario, the BranchCache™ server at corpnet receives a client content request, and if the content has been previously requested at the remote site will return a set of hash directions to the content’s location on the remote network, usually another worker’s PC. Content is then served from this location. If the content was never requested or if the user who previously requested the content is off-site, then the request is fulfilled normally across the WAN.
Figure 33: BranchCache™ peer-based deployment model
Hosted Caching for HTTP Content: Step-by-step Feature Review
To review how the Hosted Caching feature works for HTTP content, you need to complete the following tasks:
Configure the BranchCache feature to support caching of HTTP content.
Enable the BranchCache feature on client computers using Group Policy settings.
Verify the performance of HTTP content caching.
Note: Perform these steps in a test environment as these steps could adversely affect your production environment. Also, you need to have a method of simulating a Wide Area Network (WAN) connection to perform these steps.
The value of Current Cache Size indicates how much data is stored in the hosted cache.
Hosted Caching for SMB Content: Step-by-step Feature Review
To review how the Hosted Caching feature works for SMB content, you need to complete the following tasks:
Create a BranchCache-enabled shared network folder
Publish files hashes and generate file hashes for files stored in the network shared folder.
Verify the performance of SMB content caching
Note: Perform these steps in a test environment as these steps could adversely affect your production environment. Also, you need to have a method of simulating a WAN connection to perform these steps.
Create a BranchCache-enabled Shared Network Folder
Perform the steps in the following table while logged on as a member of the Enterprise Admins security group.
Table 1516: Configure BranchCache Feature for HTTP Content Caching
Start Server Manager
On the Start menu, point to Administrative Tools, and then click Share and Storage Management.
Create a BranchCache-enabled shared network folder
In the Share and Storage Management, console in the Actions pane, click Provision Share.
In Location, type C:\inetpub\wwwroot, and then click Next.
On the second client computer, on the Start menu, in Start Search, type \\server_name\corpfiles, and then press Enter (where server_name is the name of your server where BranchCache is enabled).
Download the SMB content on the second client computer
Copy the same file from the shared network folder.
Record the download speed of the content while waiting for the content to download.
Note: The content should download almost immediately because the content is being downloaded from the hosted cache.
Improved Security for Branch Offices
Windows Server 2008 introduced the read-only domain controller feature, which allows a read-only copy of Active Directory to be placed in less secure environments such as branch offices. Windows Server 2008 R2 introduces support for read-only copies of information stored in Distributed File System (DFS) replicas, as illustrated in the following figure.
Figure 34: Read-only DFS in a branch office scenario
Read-only DFS replicas helps protect your digital assets by allowing branch offices read-only access to information that you replicate to the offices by using DFS. Because the information is read-only, users are unable to modify the content stored in read-only DFS replicated content and thereby protects data in DFS replicas from accidental deletion at branch office locations.
More Efficient Power Management
Windows 7 includes a number of power-management features that allow you to control power utilization in your organization with a finer degree of granularity than in previous operating systems. Windows 7 allows you to take advantage of the latest hardware developments for reducing power consumption in desktop and laptop computers.
Windows Server 2008 R2 includes a number of Group Policy settings that allow you to centrally manage the power consumption of computers running Windows 7.
Improved Virtualized Desktop Integration
Windows 7 introduces the RemoteApp & Desktop (RAD) feeds feature, which helps integrate desktops and applications virtualized by using Remote Desktop Services with the Windows 7 user interface. This integration makes the user experience for running virtualized applications or desktops the same as running the applications locally. For a detailed description of RDS and VDI, see the “Terminal Services Becomes Remote Desktop Services for Improved Presentation Virtualization” section earlier in this guide.
Higher Fault Tolerance for Connectivity Between Sites
One of the most common scenarios facing organizations today is connectivity between sites and locations. Many organizations connect their sites and locations by using VPN tunnels over public networks, such as the Internet.
One problem with existing VPN solutions is that they are not resilient to connection failures or device outages. When any outage occurs, the VPN tunnel is terminated and the VPN tunnel must be reestablished, resulting in momentary connectivity outages.
The Agile VPN feature in Windows Server 2008 R2 allows a VPN to have multiple network paths between points in the VPN tunnel. In the event of a failure, Agile VPN automatically uses another network path to maintain the existing VPN tunnel, with no interruption of connectivity.
Increased Protection for Removable Drives
In Windows Server 2008 and prior operating systems primarily used BitLocker Drive Encryption (BitLocker) to protect the operating system volume. Information stored on other volumes, including removable media, was encrypted by using Encrypted File System (EFS).
In Windows 7, you can use BitLocker to encrypt removable drives, such as eSATA hard disks, USB hard disks, USB thumb drives, or CompactFlash drives. This allows you to protect information stored on removable media with the same level of protection as the operating system volume.
BitLocker requires the use of a Trusted Platform Module (TPM) device or physical key to access information encrypted by BitLocker. You can also require a personal identification number (PIN) in addition to the TPM device or physical key.
BitLocker keys can also be archived in Active Directory, which provide an extra level of protection in the event that the physical key is lost or the TPM device fails. This integration between Windows 7 and Windows Server 2008 R2 allows you to protect sensitive information without worrying about users losing their physical key.
The Offline Files feature allows you to designate files and folders stored on network shared folders for use even when the network shared folders are unavailable (offline); for example, when a mobile user disconnects a laptop computer from your intranet and works from a remote location.
The Offline Files feature has the following operation modes:
Online mode. The user is working in online mode when they are connected to the server, and most file requests are sent to the server.
Offline mode. The user is working in offline mode when they are not connected to the server, and all file requests are satisfied from the Offline Files cache stored locally on the computer.
In Windows Server 2008 RTM and Windows Vista, the Offline Files feature was configured for online mode by default. In Windows Server 2008 R2 and Windows 7, the Offline Files feature supports transitioning to offline mode when on a slow network by default. This helps reduce network traffic while connected to your intranet because the users are modifying locally cached copies of the information stored in the Offline Files local cache. However, the information stored in the Offline Files local cache is still protected from loss because the information is synchronized with the network shared folder.