Speed Up WAN Service with Windows 7

With the new BranchCache feature in Microsoft Windows 7, users in remote offices no longer must accept less-than-perfect performance when tapping data on servers at headquarters.

The tool offers a way for organizations to optimize their WAN connections by providing local cached copies of frequently accessed files. Without buying further tools, an organization can use this Windows 7 feature to reduce bandwidth, improve productivity and control data costs.

BranchCache works in two modes, with or without Windows Server 2008 Release 2 (Hosted and Distributed Cache respectively). In either mode, it requires Windows 7 running on the client.

Without Server 2008 R2, BranchCache is less scalable, and Microsoft recommends an upper limit of 50 devices on the remote network. Content normally delivered via Hypertext Transfer Protocol, Server Message Block or Background Intelligent Transfer Service can be cached. It's worth noting, however, that BranchCache always uses HTTP to retrieve cached content.

Distributed Cache

In branch offices that don't have the luxury of a dedicated server, BranchCache in Distributed Cache mode lets clients broadcast on the local network for cached copies of files (or other content) before attempting to download data from a remote server.

When a user requests content from a remote server, the content's metadata is sent back to the user's computer, and the content is retrieved from another Windows 7 client on the LAN. If the content hasn't been requested before, it's retrieved directly from the remote content server.

If a Windows 7 client on the LAN has previously cached the requested content, BranchCache encrypts the content (using a key generated from the hashes that form part of the content's metadata) and sends it. The requesting client then decrypts the content and matches the hashes against those in the content metadata received from the remote content server. That validates that the data hasn't been modified.

Hosted Cache

Hosted Cache mode uses the same hashes to identify content in the cache, but when a client downloads uncached content from a BranchCache-enabled content server at the main office, the client advertises the new content to the local cache server. The local server then connects to the client and transfers the data to its cache via HTTP. The local cache server then handles any subsequent requests for the data, again using HTTP.

How to BranchCache-Enable a Windows 2008 R2 Content Server

BranchCache must be installed in Windows Server 2008 R2 to enable content to be cached by Windows 7 or a dedicated Hosted Cache server. In this example, we'll set up BranchCache in Distributed Cache mode.

Log in to Windows Server 2008 R2 as a domain administrator. Steps 1 through 6, which are optional, detail how to install BranchCache for use with Internet Information Services and add support for a Hosted Cache. Steps 7 through 11, which are required, allow use of BranchCache in a File Server role.

• Type server manager into the Search programs and files box on the Start menu, and press the Enter key to open Server Manager.
• In the left pane of Server Manager, select Features.
• Below Features Summary in the right pane, click Add Features.
• In the Add Features Wizard dialog, check BranchCache and click Next (Figure 1).

Figure 1

• Click Install on the Confirm Installation Selections screen.
• Click Close on the Install Results screen.
• In the left pane of Server Manager, click Roles.
• In the right pane, scroll down to File Services and click Add Role Services.
• In the Add Role Services dialog, check BranchCache for network files, and click Next (Figure 2).

Figure 2

• Click Install on the Confirm Installation Selections screen.
• Click Close on the Install Results screen.

Next you need to configure BranchCache on the server. Create a Group Policy Object (GPO) that is linked to the organizational unit (OU) where the content server is located in Active Directory.

• Open Group Policy Management from Administrative Tools on the Start menu.
• In the left pane of the Group Policy Management console, expand your forest to find the OU that contains the file server's computer account. Right click the OU and select Create a GPO in this domain, and Link it here.
• In the New GPO dialog, name the GPO BranchCache – Server and click OK.
• Expand the OU, right click the BranchCache – Server GPO and select Edit from the menu.
• Below Computer Configuration in the left pane of Group Policy Management Editor, expand Policies, Administrative Templates, Network and click Lanman Server.
• In the right pane, double click Hash Publication for BranchCache. In the Hash Publication for BranchCache dialog, select Enabled and select Allow hash publication for all shared folders from the drop-down menu (Figure 3). Click OK and close Group Policy Management Editor.

Figure 3

• Reboot the file server.

Configuring Windows 7 for BranchCache

Windows 7 must also be configured for BranchCache. Repeat steps 1 through 4 above, but create and link the GPO to the OU where your Windows 7 computer accounts are located in Active Directory and name the GPO BranchCache.

• Below Computer Configuration in the left pane of Group Policy Management Editor, expand Policies, Administrative Templates, Network and click BranchCache.
• Enable Turn on BranchCache and Set BranchCache Distributed Cache mode. Enable Configure BranchCache for network files and leave the network latency value set to 80 (Figure 4).

Figure 4

• Next you need to allow two inbound exceptions for the Windows 7 firewall. Expand Windows Settings, Security Settings and Windows Firewall with Advanced Security.
• Right click Inbound Rules and select New Rule from the menu.
• In the New Inbound Rule Wizard dialog, check Predefined, select BranchCache – Content Retrieval (Uses HTTP) from the menu and click Next (Figure 5). Complete the wizard by selecting all the default settings.

Figure 5

• Create another inbound firewall rule, but this time select BranchCache – Peer Discovery (Uses WSD). Distributed Cache mode uses the Web Services Discovery UDP multicast protocol to send requests for locally cached content.
• Close Group Policy Management Editor and reboot the appropriate Windows 7 clients.

In a production environment, you should consider modifying the default inbound firewall rules created in steps 6 and 7 to work with the domain profile only.

To confirm that BranchCache is configured on your Windows 7 clients correctly, log in as an administrator, open a command prompt and type netsh branchcache to show status (Figure 6).

Figure 6

BranchCache works only with files larger than 64 kilobytes. Before a client retrieves a file from a cache, it must have been downloaded twice from the content server: once to create hashes and a second time to cache the content locally.

WAN links between offices are one of the most costly aspects of IT infrastructure. Although there are technologies available for optimizing data transfer across WANs, Windows 7 can improve transfer speeds without an additional investment. If you already have a fast network link in place, the default network latency settings in BranchCache will ensure that cached content is used only if the link becomes congested.