Enable Distributed BranchCache on a Microsoft Azure File Server
In a previous article, Improving Azure File Server Performance using BranchCache, I discussed how a company could use BranchCache to improve the performance of a remote file server, such as one that was migrated or deployed in Microsoft Azure. In this article, I will show you how to deploy a small-to-medium enterprise (SME) scenario where there are no on-premises servers and the on-premises client devices use BranchCache in a peer-to-peer Distribute Mode to optimize the use of file servers that are placed in a remote network, such as an Azure vNET access via VPN or ExpressRoute.
The server must be running Windows Server 2008 R2 or later. Note that there are further performance gains by using Windows Server 2012 or later. BranchCache can optimize services offered by a file server, IIS web services, and applications that share data using BITS, such as System Center Configuration Manager (SCCM).
The client device must be running the Enterprise edition of Windows 7 or later. As with the server, there are further performance gains with Windows 8 or later.
Although you can deploy non-domain member machines, the simplest and best-overall solution is to join the machines to a common domain and configure the client devices using Group Policy.
What is “Inside Microsoft Teams”?
“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.
The design in this scenario looks like the following:
- There are one or more domain controllers in an availability set.
- A file server is deployed as an Azure virtual machine.
- Client devices can access the Azure VNET using some kind of remote networking and are members of the domain. Note that a domain is not required for BranchCache, but it makes management easier.
The File Server
BranchCache functionality needs to be added to the file server. Add the BranchCache for Network Files role service to the file server. Note that this requires the File Server role service, too. You really should be using this on all file servers. You should also check out File Server Resource Manager and Data Deduplication to see what they can offer you.
Open up Server Manager, and browse to File And Storage Spaces > Shares. Right-click a share, select Properties, and browse to Settings. Check the box called Enable BranchCache On The File Share, and click OK. You now have BranchCache enabled on that shared folder.
You will need to configure the file server and client devices in Group Policy.
Create a group policy object (GPO) that will affect your file server. Navigate to Computer Configuration > Policies > Administrative Templates > Network > Lanman Server and enable Hash Publication For BranchCache. This enables hashing of the 64 KB blocks that make up your files. Without this feature being enabled, BranchCache will only cache files and not blocks, which results in BranchCache being much less efficient. This policy has a few options; I would normally only enable hashing on shares that have BranchCache enabled.
Note: BranchCache only caches and optimizes files that are 64 KB or larger.
Run GUPDATE /FORCE on the file server when a DC within the file server’s AD site has replicated. You can force hashes to be generated by running HASHGEN –F <path to folder>.
Once the file server is ready, you can enable and configure BranchCache on client devices using Group Policy. Create or edit a GPO that affects your client devices. There are three policies, which are located in Computer Configuration > Policies > Administrative Templates > Network > BranchCache:
- Turn On BranchCache: Set to Enabled.
- Set BranchCache Distributed Cache Mode: Set to Enabled.
- Configure BranchCache For Network Files: Set to Enabled.
Note that in Distributed Mode, a client device will broadcast on its VLAN to see if peers might have some of the required blocks of a file, which is identified by the above hashing on the file server. Broadcasts are bounded by VLANs, so there will be different BrachCache peer-to-peer networks on each on-premises VLAN. Use Hosted Mode Branch Cache if you want to avoid this, but note that this requires an on-premises server.
You can force a group policy update on a test client device once the DCs in the local Active Directory site have replicated.
Verify BranchCache is Working
You should wait until all of the files in your BranchCache-enabled shared folder have hashes (HASHGEN) and that your test client device has been configured by GPO before run some tests to verify that BranchCache is working.
Place some large files into a BranchCache-enabled share and copy the files. Then log into a configured client device and download one of the files. This will be a regular slow download. Download the file again — this should be much faster. Download a copy of that same file, and this should also be very fast.
If downloading the same file doesn’t get optimized after the first copy, then BranchCache is not working. Check the shared folder and the client configuration.
There is also one other thing to check: by default, BranchCache for shared folders (GPO: Configure BranchCache For Network Files) will only optimize files when latency between the client and file server is greater than 80 MS. In my lab, the latency was normally around 30 MS and BranchCache was only working sometimes when latency spiked. The solution here is to edit Configure BranchCache For Network Files and set the latency to something lower (I used 10 MS).
If downloading a copy of an already cached file isn’t optimized, then hashing isn’t working correctly; verify that hashing was enabled by GPO and that the files have hashes.