Configuring SCCM and Branch Cache

Configuring SCCM and Branch Cache

Branch cache is a feature introduced with Windows 2008 R2 that allows systems within the same subnet and separated from a content source (such as a WSUS server) to share downloaded content locally rather than each system having to traverse a latent network link back to the content source. Branch cache has two modes of operation – distributed cache mode and hosted cache mode. SCCM only supports distributed cache mode.
As mentioned, branch cache is a function of the OS and not of SCCM but, with the release of SCCM SP2, we now are able to leverage branch cache on enabled servers. When we find branch cache enabled we use it – there is no special SCCM configuration requirements for branch cache other than what is likely in se in most environments anyway. We will highlight those shortly but to start a diagram of a sample configuration might help explain how this is all setup.

In the diagram we have 4 systems. The SCCM SP2 site server, an SCCM distribution point being hosted on a Windows 2008 R2 server that has branch cache enabled and two client systems – one server and one workstation. We have mentioned already that to support branch cache we need to use a Windows 2008 R2 system – but what about clients? From the diagram note that branch cache is supported natively on Windows 2008 R2 and Windows 7 – and with the addition of BITS 4.0 clients can also take advantage of branch cache on Vista SP1 and Windows 2008 SP1/SP2.
The diagram shows how SCCM works with branch cache. The first time content is requested from the distribution point the client has no choice but to retrieve it across the latent network. Once retrieved the content is stored by branch cache. When the second client attempts to retrieve the content it detects a latent network and sends out a request for any peers with the content. The first client responds and serves up the content thus avoiding the need to pull it across from the distribution point.
OK, so we have the general concept of how it works – so how do we set it up? It’s fairly easy. First, what are the requirements in SCCM to make use of branch cache. We need our distribution point to be installed on Windows 2008 R2 and to be BITS enabled.

The only other requirement is that your advertisement be set to download and execute locally.

Both of these settings are common in most environments and are all that is required on the SCCM side. There is no selection in SCCM to ‘enable’ branch cache – with the settings above it just happens.
So how do we configure branch cache on the OS side? Just a few settings to configure. First we need to enable branch cache – let’s start with the distribution point. In Server Manager, select features and add the branch cache feature. There is no configuration here – the feature is either on or off. Once installed you will see it in the feature list.

Next, we have to configure branch cache on our clients. This can be done through local policy on each system or – much easier – through domain policy. On my domain controller I open the group policy management console. In my lab I created an OU for just the systems I want to enable for branch cache and I created a GPO to enable branch cache.

Editing the properties of the GPO we have two places to configure. First, is branch cache policy. Here we enable branch cache, set distributed cache mode, define the speed that we consider to be a latent network (default 80 ms) and configure the percentage of disk space to allocate to branch cache activity.

Note that the one option we did not configure was to enable hosted cache mode. Why? Remember, SCCM only supports distributed cache mode so, for SCCM, there is no need to enabled hosted cache mode.
A word about hosted cache mode. The OS documentation that discusses branch cache discusses both modes of operation and discuses steos to configure SMB file transfers through branch cache. To me, the documentation is a bit fuzz. From what I can tell, configuring branch cache to support SMB requires some additional configuration on the content server – such as enabling a role service called ‘branch cache for network files’ and configuring specific shares to support branch cache using the ‘share and storage management tool’. Since SCCM uses branch cache via BITS there is no need to do this additional configuration to support SMB.
In addition to the above we must configure the windows firewall to allow branch cache specific communication as follows:

Both the inbound and outbound firewall rules are accessible on the predefined list – so configuring them is as easy as selecting from the drop down menu when configuring a new rule.

OK, so all of this is configured – how do we know if it’s working? To test, I setup a package and advertisement. When testing it’s important to understand that once the package is downloaded and cached, you have to either modify the content or setup a new package because unless there is a change, clients will always pull the content from the cache after the first download due to the latent network conditions.
For the test, I start with a fresh package. The client that will download the content first will have to go to the distribution point – nothing will come from the cache since no content has yet been downloaded.

With all of this I’m ready to start the download but to simulate a latent network in my lab I must first start a tool that will ‘inject’ latency into the network connection between the distribution point and my first client. I’ll use a tool we have internally to introduce a 30 ms latency – I will maintain this latency throughout my testing. Note that my policy settings above consider any network more latent than 20 ms to be slow.

With all of this configured, I start my advertisement which initiates a download of content.

At the end of the download I run the advertisement and then move on to my second machine. This second machine is where we expect to see branch cache in action.
I prepare to run the same advertisement on the second machine – note you can tell that this advertisement has never been run before on my system – which is important when testing branch cache.

I’m about to hit run but how can I tell whether branch cache actually fires up? Performance monitor. With performance monitor you can determine whether content is being transferred from the local branch cache or from a branch cache partner vs. the network. The chart below shows a chart of perfmon counters that you get from the branch cache object. The two most interesting are the Bytes from cache and Bytes from server. If content is being retrieved from either a systems local branch cache or a peer systems branch cache, that counter will show activity. In our test case and on the second system, no content for this advertisement has ever been downloaded before so we expect content to be retrieved from our peer client that is branch cache enabled.

We initiate the advertisement as before and downloading begins.
We allow the download to finish, complete the advertisement and then look back at our performance counter numbers to see what happened.
By looking at our counters we can see that we did pull the content from our peer caching partner – so branch cache worked.
Another way we can tell that our package came over from branch cache is by looking in the event log on the system as show below. Look for event 60 and on the detail tab look for the peerProtocolFlags value. If it is set to 1 then branch cache was used to deliver the content. Thanks to my colleague Frank for the tip!

Branch cache is just one more option available to administrators to help deliver content to clients efficiently and reduce load on the network. It’s not difficult to setup and offers notable performance advantage – defiantly worth taking a look.

0 comments:

Post a Comment