How to Setup BranchCache
Guide:
Overview:
This article provides instructions on how to implement BranchCache.Topology:
- Three office locations:
- Primary office in Atlanta (ATL).
- Branch offices in Chicago (CHI) and Washington D.C (DCA).
- CHI and ATL host local file servers (i.e., hosted cache mode).
- DCA is the only office without a dedicated file server (i.e., distributed cache mode).
- All clients use Windows Enterprise.
Implement BranchCache:
- Install the BranchCache Role and Feature.
- BranchCace SSL Certificates.
- BranchCache Group policy.
Step 1. Add Roles and Features.
Run the Add Roles and Features Wizard on each file server. Install the (a) BranchCache for Network Files Role; and (b)the BranchCache Feature.
PowerShell:
Install-WindowsFeature BranchCache -IncludeManagementTools
Enable-BCHostedServer -RegisterSCP
Step 2. Adjust Caching.
BranchCache stores files in two directories: (a) HashCache and (b) DataCache.
File servers store file hashes in the HashCache directory. Remote Hosted Cache servers, as well as Distributed Cache clients, use files hashes for content tracking and updates.
The DataCache directory stores content derived from the hash. This directory contains cached remote content (i.e., files) that are served to local clients. Both directories are stored on the system drive -not good!
Adjust the Cache Location:
netsh branchcache set publicationcache directory=D:\BranchCache\
netsh branchcache set localcache directory=D:\LocalCache\
The default HashCache size is a measly 1% of the system disk. The Data Cache is slightly improved with 5% of total disk. Now consider that most system drives hold less that than 100GB. 5GB does not provide enough storage to make BrachCache worthwhile. Let's make BrachCache useful:
Adjust the Cache Size:
Netsh branchcache set publicationcachesize size=5 percent=TRUE
Netsh branchcache set localcachesize size=5 percent=TRUE
Additional caching attributes will be configured via Group Policy (Step 4).
Step 3. BranchCache SSL
BranchCache SSL certificates support Windows 7 clients. It's not necessary for organizations with only Windows 8 or Windows 10 clients. Of course, the file server will probably require certificates for other services -just not BranchCache.
Any trusted SSL certificate will work with BranchCache. We simply need to associate the server certificate with BranchCache:
- Add a server certificate in the personal certificate directory for each BranchCache hosted cache server (e.g., ATL and CHI).
- Bind
the SSL certificate hash (i.e., thumbprint) to the hosted cache server. Use the following command:
NETSH HTTP ADD SSLCERT IPPORT=0.0.0.0:443 CERTHASH=xxxxxxxxxxx APPID={d673f5ee-a714-454d-8de2-492e4c1bd8f8}
Step 4. Group Policy
Use Group Policies to adjust caching attributes and client settings.
Policies for the File Servers:
Table 1. BranchCache Policy for File
Servers.
Policy
|
Path
|
Setting
|
Function
|
Turn on BranchCache
|
ComputerConfiguration/
Administrative Templates/ Network/ BranchCache |
Enabled
|
|
Hash Publication for BranchCache
|
ComputerConfiguration/
Administrative
Templates/ Network/
LanmanServer
|
Enabled:
Value 2 |
(Hash publication for all shared folders).
|
MinContentLength Registry Key
|
ComputerConfiguration/
Preferences/
Windows
Settings/
Registry/
MinContentLength
|
Reg_D
WORD:
32768
(Decimal)
|
Default caching 64KB.
New caching 32K. Set as low as 4KB. N.B., Low values may impact performance. |
Policies for Windows clients:
Table 2.
BranchCache policies for Win 8 and Win 10:
Policy
|
Path
|
Setting
|
Turn on BranchCache
|
ComputerConfiguration/
Administrative
Templates/
Network/BranchCache
|
Enabled
|
Configure BranchCache for network files
|
Computer Configuration/
Administrative
Templates/
Network/
BranchCache
|
Enabled
Value:10 |
Enable Automatic Hosted Cache Discovery by Service Connection
Point
|
Computer Configuration/
Administrative
Templates/
Network/
BranchCache
|
Enabled
|
Set BranchCache Distributed Cache mode
|
Computer Configuration/
Administrative
Templates/
Network/
BranchCache |
Enabled
|
BranchCache Firewall Policies:
BranchCache requires inbound and outbound client firewall rules.
Table 3.
BranchCache Inbound Firewall Group Policies
Policy
|
Path
|
Action
|
BranchCache Content Retrieval (HTTP-In)
|
Computer Configuration/
Policies/ Windows Settings/ Security Settings/ Windows Firewall with Advanced Security/ Inbound Rules |
a. Right-click Inbound Rules.
b. Left-click New Rule. c. Add predefined BranchCache rules. |
BranchCache Hosted Cache Server
(HTTP-In)
|
||
BranchCache Peer Discovery (WSD-In)
|
||
BranchCache Content Retrieval
(HTTP-Out)
|
Computer Configuration/
Policies/ Windows Settings/ Security Settings/ Windows Firewall with Advanced Security/ Outbound Rules |
a. Right-click Inbound Rules.
b. Left-click New Rule.
c. Add predefined BranchCache rules.
|
BranchCache Hosted Cache Clietnt
(HTTP-Out)
|
||
BranchCache Hosted Cache Server
(HTTP-Out)
|
||
BranchCache Peer Discovery (WSD-Out)
|
Optional: BranchCache for WSUS and IIS Servers
BranchCache also accelerates content for web servers and BITS application
servers. Simply install the BranchCache feature and ensure the service is
running. No other configuration steps are necessary.
Evaluate
User PowerShell and Performance monitor to ensure BranchCache works:
That's It!