Networking for Hybrid Cloud: BranchCache and Cross-Premises Connectivity Bala Rajagopalan Group Program Manager Microsoft Corporation Rob Kuehfus Program.

Networking for Hybrid Cloud: BranchCache and Cross-Premises ConnectivityBala RajagopalanGroup Program ManagerMicrosoft Corporation

Rob KuehfusProgram ManagerMicrosoft Corporation

WSV333

Problem

10101010110101001101010010101010101

10101011010100110101001010101010101011100101010101

11011011010100110101001010101010101011100101010101

010101010111101010001001010101010111001010

01010101011110101000100100101010101010111

10101010110101001101010010101010101

Access and Optimization

Headquarters

URA

Hosted Cache

URA

Branch Office

Cloud

URA

Agenda

Cross-Premises ConnectivityEnabling communication between offices and with the cloud

Acceleration with BranchCacheGetting the most out of your WAN links with a cache in the office

Cross-Premises Connectivity

Bala Rajagopalan

Enabling communication between offices and the cloud

10.1.3.0/24

10.1.2.0/

24

LANS2S

Contoso Corp. HQ (10.0.0.0/16)

Contoso Branch Office (10.1.0.0/16)

10.1.3.0/24

10.1.2.0/24

Hosters network in cloud

Scenarios

DirectAccess

Cross-Premises Connectivity – Requirements

Customer perspectiveEasy to deploy, configure and useSecurity Makes network migration easy

(Additional) Hoster perspectiveAAAAvailability and scaleInteroperabilityCustomer (tenant) isolation

Connectivity to the hybrid cloud:

InternetDirectAccess & VPN: Connecting remote clients to the hybrid cloud for - Managed - Unmanaged

Cross premise connectivity: Connecting private and public clouds

Remote access: Connectivity using dedicated infrastructure

Site to Site connectivity using dedicated infrastructure

Current State

Remote Access

Site to SiteUnified Remote AccessEnd to End Security W/IPsec (Optional)

HQ

Branch

Unified State

URA

URA

Hoster/

Private Cloud/

URA Highlights

Interoperability via IKEv2 and IPSec Support for EAP, PSK, and m/c cert

Easy deployment and configuration via PowerShell and UIDynamic distribution of routes (RIPv2)IPv6-ready (Direct or Tunneled over IPv4)Auto-detection of remote endpoint reachabilityLoad-balancing and alternate path routingEncryption off-load capabilityVM-based deploymentOn-demand connection establishment

Easy to Deploy & Configure

PowerShell

Easy configuration wizard

PS> Add-VpnS2SInterface interfacename destinationip -protocol IKEv2 - Authenticationmethod PSK –SharedSecret “abc” –IPv4Subnet 10.1.1.0/24:10

Benefits

Quickly extend / migrate enterprise networks to cloud, and readily avail infrastructure servicesMinimal changes to network infrastructureSingle server to manage all remote access needs

Service customers with overlapping address spacesProvide high uptime and scalability to customersProtect investment -IPv6 ReadyProvide Remote Access service to customers

IT Pro Hoster

Cross-Premises Demo Scenario

LANS2S

Cloud-Edge

Corp-Edge

DC1

App1

Client1

2-App1

Demo

Rob KuehfusProgram ManagerWireless and Networking Services

Setting up Cross-Prem Connectivity

More on Cross-Premises Connectivity …

WSV301: Building Hosted Public and Private Clouds Using Windows Server 2012

Cross-premises replication and disaster recovery using Hyper-V Replica, Hyper-v Network Virtualization and Remote Access

Branch Cache

Rob Kuehfus

Optimizing Cross-Premises Communication

10111011101

BranchCache

10

11

00

10

01

01

10

10

01

10

01

00

10

11

01

0

10

11

00

01

00

11

10

01

10

10

10

11

01

10

11

00

10

01

01

10

10

10

11

10

01

00

11

0

10

11

10

00

01

00

11

10

11

00

10

01

0

10

11

10

10

01

00

01

01

10

1

10

11

00

10

01

01

10

11

10

0

1011100010011010

1011001001011010

101100100101101011010101

10110001001110011010

1011001001011010

101110010011011010

10111000010011

1011001001011010

1011101001011010

1011001001011010101101101101

10

11

10

10

11

01

00

10

01

10

10

10

11

00

10

01

01

10

10

10

11

01

10

1110

1110

1

10

0111

0111

1

101110101111101

10

1110

1011

1110

1

101110101111101

Get

BranchCache Hosted Cache

Put

Get

Data

Search

Get

Searc

h

Request

OfferID

ID

ID Data

Data

ID

Get

IDID DataID

Get

Get

Get

BranchCache Distributed Cache

GetData

DataID DataID

What’s new in Windows 8

Performance ScaleManagement

• Greater performance gains and bandwidth savings with state-of-the-art content chunking

• Deeply integrated with the Windows File Server

Smaller Chunks Improve Performance

Content

FingerprintUsed to choose boundaries

BlocksMax 128K

IdentifiersBlock Hashes

ID1 ID2 ID3 ID4ID5

ID6 ID7 ID8 ID9

Performance ScaleManagement

• No need for branch-by-branch configuration.

• New tools for configuring BranchCache and preloading cache data

Deploy BranchCache with One GPO

Clients use Service Connection Points (SCPs) to discover and connect to hosted cache servers.

Hosted cache servers can automatically create SCPs.

No site-by-site configuration needed.

SCP

SCP

Data is Always Encrypted

BranchCache cache is encrypted by default.

Certificate no longer required on hosted cache server

Actually a performance improvement!

Preload Data for Speedy First Access

IIS

File Server

Warm Hosted Cache

Hosted Cache

New tools let you prehash data on both file and web servers, and

create data packages.

Data Packages

Data Packages can be imported on hosted cache servers and clients

Data can be exported from “warm” hosted cache servers

Manage Remotely with WMI and PowerShell

Performance ScaleManagement

• Use BranchCache in offices of any size.

• Optimize your network at headquarters for employees connecting to the cloud

Cache More Data and Serve More Clients

Hosted cache server can store much more data, increasing bandwidth savings.

More efficient architecture based on the Extensible Storage Engine enables a single hosted cache to serve more clients.

Multi-TB cache can be spread across disks.

ESE

High Availability and Unlimited Scale

Clients can be configured to use multiple hosted cache servers in one branch.

Existing logic enables retrieval from multiple servers. Uploads done only once.

Improves scale and availability without the complexity of clustering.

Demo

Rob KuehfusProgram ManagerWireless and Networking Services

BranchCache Deployment and Acceleration

BranchCache

BranchCache Platform and Ecosystem

The Windows BranchCache Framework

IE

HTTP

BranchCache™ Platform

SMB 2

Explorer 3rd Party

Protocols

3rd Party Applications

CopyFile

Office WMP

IntuneBITS

SCCM WSUS

Visit BranchCache Partners at TechEd

BranchCache on NetAppEnhancing your Windows file experience

NetApp offers best-in-class solutions for Windows File ServicesLeading Storage Vendor, 10,000’s of joint customers, latest SMB versions

BranchCache — NetApp as a Content ServerIncrease productivity for Windows users in remote officesSaves bandwidth and administration costsProvides significant performance improvements over the WAN

Support for BranchCache V2 with Windows 8/Server 2012Enhances ease-of-use, brings substantial performance improvements

NetApp is a Platinum Sponsor here at TechEd – visit their booth!

Users at Branch Office(Distributed or Hosted Modes)

NetApp in the Data Center

customer

Rand MorimotoPresidentConvergent Computing

“Our remote office users with less than favorable bandwidth connectivity have really benefited from BranchCache.  Took our IT guys moments to enable, and have provided huge improvements in time savings and employee productivity, silly for us to not have enabled it sooner!”

Related Content

WSV301: Building Hosted Public and Private Clouds Using Windows Server 2012

SIA, WSV, and VIR Track Resources

Talk to our Experts at the TLC

#TE(sessioncode)

DOWNLOAD Windows Server 2012 Release Candidate

microsoft.com/windowsserverHands-On Labs

DOWNLOAD Windows Azure

Windowsazure.com/teched

Resources

Connect. Share. Discuss.

http://northamerica.msteched.com

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Resources for Developers

http://microsoft.com/msdn

Complete an evaluation on CommNet and enter to win!

Please Complete an Evaluation Your feedback is important!

Multipleways to Evaluate Sessions

Scan the Tagto evaluate thissession now on myTechEd Mobile

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS

PRESENTATION.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS

PRESENTATION.

Backup

Deployment

IIS

File Server Group PolicyManagement BitLocker Certificate

GPOGPO

Security

BranchCache accelerates e2e encrypted traffic (TLS/HTTPS, IPsec)

Cached data encrypted on disk and in transit between clients

Prevents unauthorized access to cached data

BranchCache Security Model

Server authenticates the client and performs authorization checks.

Server transmits content information structure to the client only if the client has access. Transfer happens over the accelerated protocol.

Client uses content information structure to calculate:

-segment id (public)-encryption key (private)

Client multicasts the segment id to find a peer with the data.

Client downloads encrypted blocks from a peer or the hosted cache and decrypts them with the encryption key.

Cached data is stored in encrypted.

Hosted Cache vs Distributed Cache

Recommended for branches without any infrastructure

Easy to deploy: Enabled on clients through Group Policy

Cache availability decreases with laptops that go offline

Distributed CacheData cached amongst clients

Recommended for larger branches

Cache stored centrally: can use existing server in the branch

Cache availability is high

Enables branch-wide caching

Hosted Cache Data cached at hosted cache server

Enterprise