Configuring SCCM and Branch Cache
BranchCache is a feature introduced with Windows 2008 R2 that allows systems within the same subnet and separated from a content source (such as a WSUS server) to share downloaded content locally rather than each system having to traverse a latent network link back to the content source. BranchCache has two modes of operation – distributed cache mode and hosted cache mode. SCCM only supports distributed cache mode.
As mentioned, BranchCache is a function of the OS and not of SCCM but, with the release of SCCM SP2, we now are able to leverage BranchCache on enabled servers. When we find BranchCache enabled we use it – there is no special SCCM configuration requirements for BranchCache other than what is likely in se in most environments anyway. We will highlight those shortly but to start a diagram of a sample configuration might help explain how this is all setup.
In the diagram we have 4 systems. The SCCM SP2 site server, an SCCM distribution point being hosted on a Windows 2008 R2 server that has BranchCache enabled and two client systems – one server and one workstation. We have mentioned already that to support BranchCache we need to use a Windows 2008 R2 system – but what about clients? From the diagram note that BranchCache is supported natively on Windows 2008 R2 and Windows 7 – and with the addition of BITS 4.0 clients can also take advantage of BranchCache on Vista SP1 and Windows 2008 SP1/SP2.
The diagram shows how SCCM works with BranchCache. The first time content is requested from the distribution point the client has no choice but to retrieve it across the latent network. Once retrieved the content is stored by BranchCache. When the second client attempts to retrieve the content it detects a latent network and sends out a request for any peers with the content. The first client responds and serves up the content thus avoiding the need to pull it across from the distribution point.
OK, so we have the general concept of how it works – so how do we set it up? It’s fairly easy. First, what are the requirements in SCCM to make use of BranchCache. We need our distribution point to be installed on Windows 2008 R2 and to be BITS enabled.
The only other requirement is that your advertisement be set to download and execute locally.
Both of these settings are common in most environments and are all that is required on the SCCM side. There is no selection in SCCM to ‘enable’ BranchCache – with the settings above it just happens.
So how do we configure BranchCache on the OS side? Just a few settings to configure. First we need to enable BranchCache – let’s start with the distribution point. In Server Manager, select features and add the BranchCache feature. There is no configuration here – the feature is either on or off. Once installed you will see it in the feature list.
Next, we have to configure BranchCache on our clients. This can be done through local policy on each system or – much easier – through domain policy. On my domain controller I open the group policy management console. In my lab I created an OU for just the systems I want to enable for BranchCache and I created a GPO to enable BranchCache.
Editing the properties of the GPO we have two places to configure. First, is BranchCache policy. Here we enable BranchCcache, set distributed cache mode, define the speed that we consider to be a latent network (default 80 ms) and configure the percentage of disk space to allocate to BranchCache activity.
Note that the one option we did not configure was to enable hosted cache mode. Why? Remember, SCCM only supports distributed cache mode so, for SCCM, there is no need to enabled hosted cache mode.
A word about hosted cache mode. The OS documentation that discusses BranchCache discusses both modes of operation and discuses steps to configure SMB file transfers through BranchCache. Configuring BranchCache to support SMB requires some additional configuration on the content server – such as enabling a role service called ‘BranchCache for network files’ and configuring specific shares to support BranchCache using the ‘share and storage management tool’. Since SCCM uses BranchCache via BITS there is no need to do this additional configuration to support SMB.
In addition to the above we must configure the windows firewall to allow BranchCache specific communication as follows:
Both the inbound and outbound firewall rules are accessible on the predefined list – so configuring them is as easy as selecting from the drop down menu when configuring a new rule.
OK, so all of this is configured – how do we know if it’s working? To test, I setup a package and advertisement. When testing it’s important to understand that once the package is downloaded and cached, you have to either modify the content or setup a new package because unless there is a change, clients will always pull the content from the cache after the first download due to the latent network conditions.
For the test, I start with a fresh package. The client that will download the content first will have to go to the distribution point – nothing will come from the cache since no content has yet been downloaded.
With all of this I’m ready to start the download but to simulate a latent network in my lab I must first start a tool that will ‘inject’ latency into the network connection between the distribution point and my first client. I’ll use a tool we have internally to introduce a 30 ms latency – I will maintain this latency throughout my testing. Note that my policy settings above consider any network more latent than 20 ms to be slow.
With all of this configured, I start my advertisement which initiates a download of content.
At the end of the download I run the advertisement and then move on to my second machine. This second machine is where we expect to see BranchCache in action.
I prepare to run the same advertisement on the second machine – note you can tell that this advertisement has never been run before on my system – which is important when testing BranchCache.
I’m about to hit run but how can I tell whether BranchCache actually fires up? Performance monitor. With performance monitor you can determine whether content is being transferred from the local BranchCache or from a BranchCache partner vs. the network. The chart below shows a chart of perfmon counters that you get from the BranchCache object. The two most interesting are the Bytes from cache and Bytes from server. If content is being retrieved from either a systems local BranchCache or a peer systems BranchCache, that counter will show activity. In our test case and on the second system, no content for this advertisement has ever been downloaded before so we expect content to be retrieved from our peer client that is BranchCache enabled.
We initiate the advertisement as before and downloading begins.
We allow the download to finish, complete the advertisement and then look back at our performance counter numbers to see what happened.
By looking at our counters we can see that we did pull the content from our peer caching partner – so BranchCache worked.
Another way we can tell that our package came over from BranchCache is by looking in the event log on the system as show below. Look for event 60 and on the detail tab look for the peerProtocolFlags value. If it is set to 1 then BranchCache was used to deliver the content. Thanks to my colleague Frank for the tip!
BranchCache is just one more option available to administrators to help deliver content to clients efficiently and reduce load on the network. It’s not difficult to setup and offers notable performance advantage – defiantly worth taking a look.
For specific documentation on BranchCache visit http://www.branchcache.com