Introduction to BranchCache

[patris1]

کد:

http://www.windowsnetworking.com/articles_tutorials/Introduction-BranchCache-Part1.html

Part 1: Overview of BranchCache Features and Capabilities


Introduction

As businesses grow, so does the number of branch offices. All businesses start small, and over time their main headquarters grow too. As they become more successful, they need to do more business with more people in more places. To bring their employees closer to customers and partners, successful businesses need to establish branch offices. Branch offices allow a company to exert influence in communities that it might otherwise not be able to obtain.
Branch office employees often need access to information stored at the main office. This information is often housed on Web file servers. To allow branch office users access to this information at the main office, IT needs to provide network connectivity. Historically, dedicated WAN links were used for this type of connectivity. However, due to the high cost of dedicated WAN links, many companies moved to virtual private networking technology (VPN) that leveraged the relatively low cost of Internet connectivity to create site to site VPNs. Site to site VPNs provided the same connectivity enabled by dedicated WAN links, but at a fraction of the cost.
Unfortunately, connecting branch offices to the main office is just the first problem. Regardless of the method used to connect the branch office to the main office, the speed of the connection is typically limited. This creates a productivity challenge for branch office workers. Employees need access to information at the main office in order to get their work done, but all the employees at the branch office need to share the same limited bandwidth available to the branch office. If all the workers need access to files at the main office at the same time, there is going to be a bandwidth problem. Even if all the users do not need to access the main office at the same, a single user might need to access large files in the multi-megabyte range, which can take minutes to hours to download. And if another user wants to access the same file, that user will have to wait the same amount of time for the same file and will clog the Internet “pipe” for the same amount of time as the first users.
There has got to be a better way.
Wide Area Files Services

Clearly, this is no efficient way to run a branch office. A number of solutions have been employed to speed up the branch office employee’s experience. These are collectivity known as “wide area files services” or WAFS solutions. The goal of all of these solutions is to make branch office users more productive by speeding up access to information obtained over relatively slow WAN links.
The big problem with most of the WAFS solutions out there is that they prohibitively expense and are often very complex to set up and configure. The combination of the high cost on-boarding experience with the significant expenses involved with ramping up the IT group on using the solution make it debatable whether the outlay for the WAFS solutions increases productivity enough to make for a good return on investment.
What we really need is a cost effective solution that is easy to manage. It would be even better if the technologies were baked into the client and server operating systems used on the network.
BranchCache Comes to the Rescue

Windows Server 2008 R2 and Windows 7 are just the solutions you have been waiting for. When you pair up Windows 7 clients with Windows Server 2008 R2 file and Web servers, you have the ability to take advantage of a new technology known as “BranchCache”. BranchCache is a new Microsoft technology that allows branch offices to cache content that branch office employees obtain from the main office.
Content obtained from BranchCache enabled servers (sometimes called “content servers” in BranchCache speak) can be cached on the client systems at the branch office or on BranchCache servers at the branch office.
Content can be cached when accessed using one of three protocols:

• SMB 2.0
• HTTP
• BITS (Background Intelligent Transfer Service)

BranchCache works with other network encryption schemes you might already have in place. So if users at the branch office access content on an SSL site hosted at the main office, BranchCache will work with those connections with no extra configuration or effort on the part of IT or the end user. In the same way, if you use IPsec on your network, for example in a server or domain isolation environment, BranchCache will work with IPsec protected connections.
You can use BranchCache on IPv4 or IPv6 networks. This is great news to those of you who are worried about IPv6 because of DirectAccess. Even if you can not deploy DirectAccess because you are not up to speed yet on IPv6 or do not have an IPv6 environment to support DirectAccess, you can still run BranchCache, since it has no dependencies on IPv6.
BranchCache needs to be enabled on both the client and the server. When a user tries to access information on a BranchCache enabled file or Web server, the user is still authenticated in the same way the user would be authenticated even if BranchCache were not deployed. After the user is authenticated, the user is then authorized, again in the same way that it would take place even if BranchCache was not enabled.
BranchCache Hosted Mode and Distributed Mode


BranchCache can be configured to work in one of two modes:

• Hosted Mode
• Distributed Mode

Hosted Mode is used when you have more than 50 client systems at the branch office. With Hosted Mode, branch office client computers are configured with the FQDN of a machine at the branch office that is configured to be a BranchCache server.
When the client obtains content from BranchCache enabled Web or file server at the main office, it advertises this content to the BranchCache server at the branch office and the BranchCache server downloads that content from the client and makes it available to other clients at the branch office when they request the same content from the branch office.
This allows the branch office client machines to obtain the same content as the first user who accessed the content, but this time from the BranchCache server over a fast LAN connection instead of a slow WAN link.
Distributed Mode can be used when you have fewer than 50 client systems at the branch office. In this case, there is no BranchCache server. Instead, the BranchCache enabled client machines cache content on their local hard drives.
When the first machine at the branch office obtains some content on a BranchCache enabled Web or file server at the main office, the client caches the content on its local hard drive. By default, 5% of the BranchCache enabled client’s hard disk is reserved for the cache. When another machine on the branch office network tries to obtain the same content at the main office, the content is returned from the first client that accessed the content, instead of the main office file or Web server.
Distributed Mode uses a multicast protocol to advertise the cached content on the clients. For this reason, all clients on the branch office network need to be on the same network ID, or more accurately, all within the same multicast range. Also, machines that are hibernating or disconnected from the network would not be able to provide cached content to other users. However, there is an indication that machines in sleep mode might wake up if they are hosting cached content. I am not certain about this at this time, but the current documentation does suggest this possibility.
It should be pointed out that the same client cannot be configured to use Hosted and Distributed mode. If the client is configured to use Hosted Mode, then it will not maintain its own local cache of content. If the client is configured to use Distributed Mode, then it will not contact a local Hosted Mode BranchCache server.
Any application that uses the built in networking stack in Windows 7 will benefit from BranchCache when accessing content on BranchCache enabled servers using SMB 2.0 or HTTP 1.1. This means that users accessing content using Internet Explorer, Windows Explorer, Windows Media Player, and another other application that hooks into the client OS networking stack will benefit. However, if you have applications that implement their own HTTP 1.1. or SMB services, they will not benefit from BranchCache. That is to say, those applications will not benefit. However, other applications on the same machine will benefit if they use the native OS stack.
BranchCache Metadata


In order to make sure that the correct content is delivered to the clients requesting it, BranchCache enabled servers use a hashing scheme to identify content. When a user tries to access content on a BranchCache enabled Web or file server, the server returns to the user a SHA 256 hash value of the content instead of the content itself. This significantly reduces the amount of data transferred over the WAN link, since the metadata is about 2000 times smaller than the actual content.
Note:
The user must be authenticated and authorized to access that content before the metadata is sent to the user.
BranchCache calculates two hash values:

• Content is broken down into blocks and a hash value is assigned to each block
• Collections of blocks are defined and are labeled “segments”. A hash value is assigned to each segment

Segment hash values are used to identify content and block hash values are used to download content. If hash values on the segments has changed, it indicates that the content has changed and the file will need to be obtained either from another cache with updated content or from the original Web or file server.
Content is encrypted when it moves between peers (in Distributed Mode) or between the client and server (in Hosted Mode). The content is decrypted using an identifier provided by the original server from which the content was obtained. The identifier is only made available to users who have successfully authenticated with the BranchCache enabled Web or file server and only after they are confirmed as authorized to access that content. This prevents users who are not authorized to obtain the content from obtaining it from cached sources.
How Does BranchCache Work In Distributed Mode?


BranchCache works differently depending on whether you are using Hosted Mode or Distributed Mode.
For Distributed Mode, the series of events works like this:

1. A client at the branch office requests a file on a BranchCache enabled Web or file server at the main office. This can be over SMB 2.0, HTTP 1.1 or BITS. The client tells the BranchCache enabled server that is BranchCache capable using a series of fields, messages or headers that are part of the BranchCache enabled protocol used by the Windows 7 client networking stack
2. The BranchCache enabled server responds and provides the client a collection of identifiers that define the content the client wants. This information is transmitted using the established connection between the client and server using the protocol used to establish the original connection (SMB, HTTP 1.1 or BITS).
3. The client tries to find a local computer that already has the content, based on the identifiers provided by the BranchCache enabled server. The Windows 7 client uses a new protocol, the BranchCache Discovery Protocol, which uses WS-Discovery, to multicast the request to all machines on the same network ID as the client system wanting the content. In this example, the client is the first client on the branch office network requesting the content and there is no copy of the content cached at the branch office.
4. Since the client can’t get a cached copy of the content at the branch office, is makes another request to the BranchCache enabled server. This time, the client indicates to the BranchCache enabled server that the client isn’t BranchCache capable, meaning that the client tried to find the content in a BranchCache at the branch office but was not able to. The server responds by providing the actual data to the client, and the client puts this in its local cache on its local hard disk.
5. Now a second machine at the branch office needs access to the same information. It makes a connection to the BranchCache enabled server at the main office, and downloads the identifiers for the requested information after being authenticated and authorized to obtain that content.
6. The second machine then uses the BranchCache Discovery Protocol to multicast a request for this data to the machines at the branch office. The first client receives the multicast request from the second client and finds that it has the requested information in its local cache and sends a response to the second client.
7. The second client then responds with a request for the content from the first client. This connection uses the BranchCache Retrieval Protocol, which uses HTTP. The first client sends the content to the second client over HTTP. Note that this content is encrypted using the identifiers sent by the content server, so this information can’t be intercepted while in flight over the network. The second client verifies the content against the identifiers it has (obtained from the content server). If verification is confirmed, the content is opened by the requesting application.

How Does BranchCache Work in Hosted Mode?

BranchCache in Hosted Mode works a little differently, using a different set of network protocols to support the solution:

1. A client at the branch office requests a file on a BranchCache enabled Web or file server at the main office. This can be over SMB 2.0, HTTP 1.1 or BITS. The client tells the BranchCache enabled server that is BranchCache capable using a series of fields, messages or headers that are part of the BranchCache enabled protocol used by the Windows 7 client networking stack
2. The client then sends a request for the content from the Hosted Mode BranchCache server on the branch office network. using the BranchCache Retrieval Protocol, or MS-PCCRD, which uses HTTP with a ephemeral source post on the client and TCP 80 on the BranchCache Hosted Mode server. The Hosted Mode server informs the client that it does not have the content.
3. The client sends another request to the BranchCache enabled server at the main office, this time informing the server that it is not BranchCache capable. In this case, the server sends the data to the client.
4. The client then informs the BranchCache Hosted Mode server in the branch office that it has new content to cache. It does this using the BranchCache Hosted Cache Protocol or MS-PCHC. This is done over HTTPS, with an ephemeral source port on the client and a destination port on the server of TCP 443.
5. The Hosted Mode BranchCache server then connects to the client over an HTTP connection, using the BranchCache Retrieval Protocol, MS-PCCRD, which uses an ephemeral source port on the server and a destination port to the client of TCP port 80.
6. The client sends the content to the Hosted Mode BranchCache server at the branch office.
7. A second client makes a request for the same data to the BranchCache enabled Web or file server at the main office. The client receives the identifiers from the main office server. The client then makes a request for this content from the branch office Hosted Mode BranchCache server over the BranchCache Retrieval Protocol. The BranchCache Hosted Mode server sends the encrypted content.
8. The client verifies the content and after verification, opens it in the requesting application.

Summary


As organizations grow the need for branch offices is increasing. Branch office employees need access to information contained on main office Web and file servers. The problem is that WAN links are relative slow compared to LAN speeds. In order to improve performance and employee productivity, wide area file services can be used to accelerate access to remote content. Windows Server 2008 R2 and Windows 7 introduce a new option – BranchCache. BranchCache enables Windows 7 clients to obtain main office content that has been cached on the branch office network. BranchCache works in one of two modes: Distributed or Hosted Mode. Distributed allows clients to request cached content from one another, while Hosted Mode centralizes the cache on a BranchCache server. Distributed Mode should be used when there are fewer than 50 clients on the branch office network. BranchCache respects authentication and authorization requirements on the Web and file servers, so that access is not different than a non-BranchCache scenario. BranchCache content transferred over the wire is encrypted, so that it cannot be intercepted while in flight.

---

موضوعات مشابه:

• introduction to intellimirror
• BranchCache and DirectAccess: Improving the Branch Office Experience

---

[patris1]

کد:

http://www.windowsnetworking.com/articles_tutorials/Deploying-Hosted-Mode-BranchCache-Server-Part2.html

Deploying a Hosted Mode BranchCache Server - Part 2: The Lab Network and Order of Operations


Introduction

In this first part of this series on BranchCache, I went over some of the basic principles that underlie the BranchCache infrastructure and how the request, response and caching processes work. If you have not had a chance to read that yet, then I suggest you give it a quick look now so that you will understand what it is that we are trying to accomplish in this and subsequent articles.
Remember that BranchCache works in one of two modes:

1. Hosted Mode
2. Distributed Mode

With Hosted Mode, BranchCache caches content on a central BranchCache server on the branch office network. With Distributed Mode, the content is cached throughout the branch office network on Windows 7 or Windows Server 2008 R2 machines. In most cases you will want to take advantage of Hosted Mode, since you can run the BranchCache service on the same machine that might be acting as a file server, Web server, or even domain controller. The reason for this is that BranchCache does not take a lot of processor, memory or networking resources.
The Lab Network


Our lab network is going to be a bit different than those you might have seen in demos done on BranchCache on the Internet. In these online demos, the presenter typically uses some type of software to throttle bandwidth between the simulated branch office network and the main office network. This is nice because the presenter can show how slow the initial access is, and then how fast access it is after the content is cached at the branch office. It does a good sales job and that is the point of most of these presentations.
In our lab network we are going to use a single subnet and we are not going to create a simulated branch office and main office network. We already know that content that is accessed locally over a 1 Gbps network is going to be faster than when it’s accessed over a 1.5Mbps WAN link. We get that. So, we will use a simple single segment network and then use Network Monitor to show the connections between the clients, the content server, and the BranchCache server. These network monitor traces will demonstrate that content is indeed obtained from the BranchCache server and not the original content server.
Speaking of the lab network, take a look at the figure below to get a basic overview of the machines that will participate in this configuration guide. Note that I am using VMware Workstation 7.0 for this series, but you can also use VMware ESX or Hyper-V. The virtualization platform is not important and the configuration will work on any platform.

Figure 1: The Lab Network
The machines participating in the lab are:

1. DC.branchcache.com – this machine is the domain controller for the branchcache.com domain. This machine also has Active Directory Certificate Services installed on it because we will need to obtain a server certificate for the BranchCache server on the network. This machine is running Windows Server 2008 R2 and has the IP address 10.0.0.2/24.
2. FileServer.branchcache.com – this machine is a file server and a Web server that will act as the BranchCache content server. I have already installed the Web Server role on this machine. I will need to enable BranchCache on this machine and then when the configuration is complete, we will see if the machine sends the content identifiers and other metadata to the clients. This machine is running Windows Server 2008 R2 and has the IP address 10.0.0.3/24
3. BC.branchcache.com – this is the Hosted Mode BranchCache server. The content that is obtained by the clients from the content server will be cached on this content server. We will use Network Monitor at the end of the configuration process to prove that content is indeed obtained from the cache, and not from the content server on subsequent requests. This machine is running Windows Server 2008 R2 and has the IP address 10.0.0.4/24.
4. Client1.branchcache.com and Client2.branchcache.com – these are Windows 7 client computers that will access the content from the content server. The Client1 machine will make the initial connection to the content server and then will offer the content to the BranchCache server. The Client2 machine will make a request for the same content from the content server, and we’ll see that the content ends up actually being provided by the BranchCache server

It’s Not Hard – But It’s Not Easy Either


There is existing documentation on how to deploy the BranchCache feature. However, I found that it is very difficult to understand what to do solely based on this document. Part of the problem is that they have mixed the Hosted Mode and Distributed Mode configuration steps in a single document. Another problem is that they have configured all the headings using the same header levels, so it is hard to tell when one set of procedures starts and when one set of procedures ends.
BranchCache is designed to be a “set it and forget it” service. There is not a lot of management involved after the BranchCache solution is installed and configured – it just works. However, in order to get it to a point where “it just works” you need to do a lot of preparatory work. There are a lot of places where things can go wrong, so it’s important to have a high level understanding of what you are going to do before you get started.
Here is the process:

1. Install BranchCache on the content server – this step is simple – you just need to install the BranchCache feature on the content server. The content server is the machine that contains the Files Shares or Web content that users will download. In a production environment this machine is located at the main office. In our lab, all the machines are connected to the same network.
2. Install Files services role on the content server – BranchCache can cache files for both Web and files servers. I have already installed the Web server role on the content server because there’s nothing special you need to do with the Web server to make BranchCache work on the content server. However, there are some things you need to do after installing the File Services role in order to cache the content obtained over SMB 2.0.
   
   - Configure the File Services Role – after installing the File Services role, we will need to carry out some configuration tasks to get BranchCache working.
   
   - Enable Hash Publication – because hash values are used to find and identify content, we need to configure the content server hosting content over SMB 2.0 to create and publish these hash values.
3. Create a File Server OU – we will create a file server OU in Active Directory so that we can apply some specific Group Policy configurations to File Servers that will act as BranchCache content servers infallible.
   
   - Move the File Server into the File Server OU – after creating the File Servers OU, the next step will be to move the File Servers into this OU.
4. Create a Hash Publication Group Policy Object – to simplify the process of configuring File Server to publish hashes for the content they server, we will manage these configuration tasks using Group Policy. You’ll want to do this in a production environment because there is much less overhead in using Group Policy compared to going to each machine and manually configuring these settings on each box.
   
   - Configure the Hash Publication Group Policy Object – after creating the Hash Publishing Group Policy Object, the next step is to configure it. Makes sense
5. Enable BranchCache on a File Share – you can configure BranchCache to work on all file shares on a BranchCache content server, or you can do it on a per-folder basis. In this step we will show you how to enable it for all shares or for specific shares. In this lab, we will enable BranchCache for a specific share.
6. Configure Clients to use BranchCache Hosted Mode – at this point we are done configuring the BranchCache content server – it is ready to server Web and File content to Windows 7 and Windows Server 2008 R2 computers that are BranchCache client enabled. So now we need to move to the clients and get them BranchCache enabled.
   
   - Use Group Policy to BranchCache enable the clients – while we could use netsh to manually configure the clients so that they are BranchCache enabled, that would be a major hassle in a production environment. Instead, we will reduce our management overhead by using Group Policy.
   
   - Use Group Policy Windows Firewall snap-in to configure client firewalls – there are a number of protocols that we need to enable so that clients can request cached files from the BranchCache server and also to allow the BranchCache server to obtained cached content from the machines that made the initial request from the content server. We’ll use the Windows Firewall with Advanced Security GPO snap-in to configure the clients with the right firewall settings for BranchCache.
7. Install and Configure the BranchCache Hosted Mode Server – at this point we are done with the clients so we can move on to configuring the BranchCache Hosted Mode server. This is the most complex series of configuration settings and offers the greatest opportunity for making an error – so make sure you understand the process flow for getting the BranchCache Hosted Mode server configuration going before you get started.
   
   - Install the BranchCache Feature on the BranchCache Hosted Mode Server – the first step on the BranchCache server is to install the feature. This is easy.
   
   - Enable BranchCache on the Hosted Mode BranchCache server – After installing the BranchCache feature, we will enable it.
   
   - Install a certificate on the Hosted Mode BranchCache server – this is probably the most complex series of steps that we will carry out. Not because of the BranchCache component, but because we are going to move away from the BranchCache configuration steps to the PKI configuration. The BranchCache server needs a server certificate because it must be able to authenticate itself to a client that offers content to it after the client obtains content from a BranchCache enabled content server. The way this works is that after the client obtains the content from the content server, it advertises this content to the BranchCache Hosted Mode server. When the client connects to the BranchCache Hosted Mode server, the Hosted Mode server must be able to authenticate itself to the client using a server certificate – that is the purpose of the certificate.

• Create a Hosted Mode BranchCache Servers Group in Active Directory – we will do that so that we can configure autoenrollment for the BranchCache servers
• Add Hosted Mode BranchCache Servers to the Active Directory Hosted Mode BranchCache Servers Group – after creating the group, we need to populate it with the machines that will act as Hosted Mode BranchCache servers
• Configure a Certificate Template for the BranchCache Hosted Mode Servers on the Certificate Authority – we will create a certificate template that will be used to issue certificates to the BranchCache Hosted Mode servers through autoenrollment
• Configure Autoenrollment – did I say autoenrollment? Yes—now we need to configure autoenrollment in Group Policy so that the Hosted Mode BranchCache servers can obtain their server certificates automatically. Sure, we could do this manually, but you’ll likely have a number of Hosted Mode BranchCache servers, so why not automate the certificate issuance?
• Refresh Group Policy – we need to do this to make sure that everyone gets their Group Policy settings and that the BranchCache Hosted Mode servers obtain their certificates
• Obtain SHA-1 Hash of Server Certificate – this hash of the certificate will be used to link the certificate to the BranchCache service
• Link Certificate to BranchCache –Finally, we need to link the certificate to the BranchCache service

After everything is installed and configured, we will test the solution by making a request for content from the content server and then having a second client make a request for the same content. We will use Network Monitor to see what’s happening “on the wire” and prove to ourselves that subsequent requires for content are being served from the BranchCache Hosted Mode server and not from the content server.
That’s it – and that is what we are going to do in this series of articles. So to summarize, there are seven major steps that we need to carry out:

• Install BranchCache on the content server
• Install the File Services role on the content server
• Create a File Server OU
• Create a hash publication Group Policy Object
• Enable BranchCache on a File Share
• Configure Clients to use BranchCache Hosted Mode
• Install and Configure the BranchCache Hosted Mode Server

As you can see, there are going to be a lot of moving parts and everything needs to be done right for it to work. We will go through each of the steps in detail, discuss the rationale behind the steps, and have plenty of screenshots so that you can see what needs to be done before you do it yourself.
Summary


In this, part two of our series on BranchCache, we went over the configuration of the lab network and then did a detailed review of the steps required to make BranchCache Hosted Mode work. While BranchCache is designed to be a “set it and forget it” solution, it is important to understand that there are a lot of moving parts behind the scenes that need to be configured before you can “forget it”. In the next installment of this series, we will get to the configuration tasks and get the ball rolling. At this point I am not sure how many parts this series will be, but I figure at least three more – with maybe one more to show you some troubleshooting and performance monitoring tricks. See you next time! –Tom.

[patris1]

کد:

http://www.windowsnetworking.com/articles_tutorials/Deploying-Hosted-Mode-BranchCache-Server-Part3.html

Part 3: Installing BranchCache and Configuring GPO Support for BranchCache


Introduction

In the first article in this series, Tom explained that BranchCache is a new feature in Windows Server 2008 R2 and Windows 7 that allows you to cache files and other content obtained over HTTP, HTTPS, BITS or SMB2. This feature speeds up file access for computers located at a branch office that might be connected to a main office over a relatively slow WAN link. After the first computer at the branch office obtains a piece of content, that content is shared with a Hosted Mode BranchCache Server at the branch office. The second host at the branch office to request the same content from the main office will have the content delivered to it from the BranchCache Hosted Mode server in the branch office instead of the content server at the main office. This allows file and other content at fast LAN speeds, compared to slow WAN speeds.
In the second part of the series, he went over the details of the lab setup and provided a general description of what needs to be done to get the solution to work. In this part 3, I will begin the configuration process – starting the series of steps as those described in part 2. Let’s get started!
Here is what we are going to cover in this article:

• Installing BranchCache on the Content Server
• Installing the BranchCache Enabled File Server Role
• Creating a BranchCache File Servers OU
• Moving the BranchCache enabled file server into the File Servers OU
• Creating a BranchCache File Servers GPO
• Configuring the BranchCache File Server GPO to support BranchCache Hash Publication
• Turning on BranchCache on a File Share on the content server

Install BranchCache on the Content Server


The first thing we need to do is install the BranchCache feature on the content server.

1. On the content server (FILESERVER), open Server Manager.
2. In the left pane of the console, click the Features node. Then click the Add Features link on the right side of the console.

Figure 1

1. In the Add Features Wizard, in Features, select the BranchCache check box, and then click Next.

Figure 2

1. In Confirm Installation Selections, click Install.
2. In Installation Results, Confirm that the Installation Succeeded. Click Close in the Add Features Wizard.
3. In the left pane of the console, expand Configuration and click Services.
4. In the middle pane, in Services, click BranchCache. Then click the Start Service button.

Figure 3
Note that the BranchCache service is set to automatic, so that it will start automatically when the machine is restarted.
Install the BranchCache Enabled File Server


That’s all for the BranchCache server at this time. Now we need to go to the file server that will act as the BranchCache enabled content server. The first step is to add the file server role and the BranchCache role service.
Perform the following steps on the File Server virtual machine:

1. Open Server Manager and click Roles in the left pane. Click the Add Roles link on the right side of the console.
2. Click Next on the Before You Begin page.
3. On the Select Server Roles page, in the Roles list, put a checkmark in the File Services check box, and click Next.

Figure 4

1. On the File Services page, read the information and click Next.
2. On the Select Role Services page, in the Role services list, confirm that File Server is selected. Then put a checkmark in the BranchCache for network files check box, and then click Next.

Figure 5

1. On the Confirm Installation Selections page click Install.
2. Confirm the Installation succeeded and click Close.

Note that after the service is installed successfully, the wizard tells you that you need to configure the folders to support BranchCache. We will do that later.
Create a BranchCache File Servers OU


The next step is to create a BranchCache File Servers OU. We do that so that we can use a GPO to enable hash publication for file servers. These hashes are part of the metadata that the content server sends to the client. So we will first create the File Servers OU, and then create a GPO for that OU that enables hash publication for those file servers.
Perform the following steps on the domain controller.

1. On the domain controller, open Active Directory Users and Computers.
2. In the Active Directory Users and Computers console, right-click branchcache.com to add the OU. Point to New, and then click Organizational Unit. The New Object – Organizational Unit dialog box opens.
3. In the New Object – Organizational Unit dialog box, in Name, type a name for the new OU. For example, if you want to name the OU BranchCache file servers, type BranchCache file servers, and then click OK.

Figure 6
Move the File Server into the BranchCache File Servers OU

Now we need to move the file server into the OU.
Perform this step on the domain controller:

1. On the domain controller, open the Active Directory Users and Computers console.
2. In the Active Directory Users and Computers console, locate FILESERVER in the Computers container, left-click to select the account, and then drag and drop FILESERVER on the BranchCache file servers OU. Click Yes in the dialog box to confirm that you want to move FILESERVER to the new OU.

Figure 7

1. FILESERVER now appears in the new OU.

Figure 8
Create the BranchCache File Servers GPO


Now we have the BranchCache File Servers OU created and we have placed the FILESERVER computer into that OU. Now we will create a GPO for that OU so that we can publish the file hashes to support BranchCache.
Perform the following steps on the domain controller.

1. From the Administrative Tools menu, open the Group Policy Management console.
2. In the Group Policy Management console, expand the path to the BranchCache File Servers OU and then left click on the OU.

Figure 9

1. Right-click Group Policy Objects, and then click New. The New GPO dialog box opens. In Name, type a name for the new Group Policy object (GPO). In this example, we’ll name the object BranchCache Hash Publication. Click OK.

Figure 10

1. In the Group Policy Management console, right-click the BranchCache File Servers OU and then click Link an Existing GPO. In the Select GPO dialog box, in Group Policy objects, click the BranchCache hash publication GPO. Click OK.

Figure 11
Enable File Server BranchCache Hash Publication in the BranchCache Hash Publication GPO


With a GPO in place, we can now configure it to create the hashes needed to support BranchCache on the file server.
Perform the following steps on the domain controller.

1. In the Group Policy Management console, expand the path to the BranchCache hash publication GPO.

Figure 12

1. Right-click the BranchCache Hash Publication GPO and click Edit.
2. In the Group Policy Management Editor console, expand to: Computer Configuration | Policies, Administrative Templates | Network | Lanman Server.

Figure 13

1. Click Lanman Server. In the details pane, double-click Hash Publication for BranchCache. The Hash Publication for BranchCache dialog box opens.
2. In the Hash Publication for BranchCache dialog box, click Enabled.

Figure 14

1. Under Options, click Allow hash publication for all shared folder, and then click one of the following:
   a. To enable hash publication for all shared folders on this computer, click Allow hash publication for all shared folder.
   b. To enable hash publication only for shared folders for which BranchCache is enabled, click Allow hash publication only for shared folders on which BranchCache is enabled.
   c. To disallow hash publication for all shared folders on the computer even if BranchCache is enabled on the file shares, click Disallow hash publication on all shared folders.
2. In this example, we will select Allow publication for all shared folder [sic].
3. Click OK.

Turn on BranchCache on a File Share


We are almost there. Now that BranchCache is enabled and hash publication is being performed, we can enable BranchCache on a file share. In this example, we have created a share on the desktop called Shared Files, and Domain Users have permission to read the file.
Perform the following steps on File Server.

1. From the Administrative Tools menu, open the Share and Storage Management console.
2. In the middle pane, on the Shares tab, right-click the share, and then click Properties. The share’s Properties dialog box opens.
3. In the Properties dialog box, on the Sharing tab, click Advanced.

Figure 15

1. Click the Caching tab, confirm that Only the files and programs that users specify are available offline is enabled, and then put a checkmark in the Enable BranchCache checkbox.

Figure 16

1. Click OK twice to close the dialog boxes.

And that is it!!
Summary


In this article, part 3 in our series on how to configure the BranchCache Hosted Mode solution, we went over the installation process for the BranchCache feature on the file server, creating the BranchCache File Servers OU, creating a GPO to enable hash publication for the members of that OU, and then configured the GPO so that hashes are published for shared files on the BranchCache enabled file server. Finally, we enabled BranchCache on a file share that we created on the BranchCache enabled file server.
In part 4 of this series, we turn our attention to the client computers and the BranchCache server. The client computers need to be configured to support BranchCache Hosted Mode, and the BranchCache server itself needs to be configured to work in Hosted Mode. See you next week! – Deb.