Branch Cache in Windows 7

Posted By: Adam Bomb | Jan 18th, 2009 @ 11:53 PM | 64,307 Views | 16 Comments

Formats:

I recently had an opportunity to sit down with Devrim Iyigun to talk about the Branch Cache feature of Windows 7 and Server 2008 R2.

Branch Cache is really cool – when the first person in a branch location requests a file over the WAN, it will be cached locally for any subsequent requests within the branch. The cached files can either be distributed across machines in the branch, or centrally on a host server, if one exists.

Set up and enabling the roles is straightforward, and the functionality is all available in the betas today.

check it out!

Tags: branch cache, Top 10, Windows 7, Windows Server 2008 R2

Rating:

Goran Topalovic

It is nice to see that great features from great products, such as ISA server, are embedded in desktop and server OS. I presume that this will not be available in Vista and Windows 2008.
I would like to know what happens if in distributed scenario, when the client that has file which is infected, and other "clean" client is asking for that file, what would happen. Maybe this would be another way to spread the malware through the network. In addition, yes I know that Defender is free, but its usability is questionable, from my experience©.

efla

In reply to Goran Topalovic

#Jan 25th, 2009 @ 9:17 PM

Windows BranchCache will not be available on Windows Server 2008. It will be available on Windows Server 2008 R2 and Windows 7. BranchCache is a brand new feature and is not based on any feature in ISA server.

In a distributed scenario or in a hosted cache scenario the defense against malicious content is the same. Basically, a client will only read content from a peer (or hosted cache) which matches the content hashes the client retrieved from the original content server.

Example:
----
Client1 wants to access http:\\headquarters\example.foo. Client1's HTTP stack resolves headquarters and sends it an HTTP GET for example.foo.

The headquarters server responds with BranchCache content information for example.foo (essentially hashes used to validate that some data are in fact part of the original content).

Client1 searches on the LAN for peers who have any part of the content (content is identified by a hash derived from the content itself so there is no ambiguity about which version of a file is being requested). Client0 responds that it has the content. Unfortunately, Client0 somehow ended up with a copy of example.foo which is infected with malware.

Client1 downloads example.foo from Client0 in small chunks. Each chunk is hashed (using SHA-256 or higher) and compared to the hashes download in the content information from the headquarters server. If any chunk's hash fails to match the hash Client1 got from headquarters then Client1 stops communicating with Client0 and tries to get the content from other peers. Because Client0's copy of example.foo is infected it must not match the clean copy on the headquarters server so some part of it will fail to match the hashes Client1 retrieved from headquarters (either that or headquarters had an infected copy to start with, which BranchCache can't defend against). A process which is using BranchCache to retrieve a file will not see any content chunks whose hashes do not match the hashes retrieved from the server.
----

Regarding malware scanning software, use of any software which tries to detect malware by comparing files to a database of examples of known malware is questionable for defending against new threats. Malware authors have access to the malware scanning engine. All the malware author needs to do is massage the format of the malware until the malware detector fails to detect it. The malware detector must respond by identifying the new malware by some other means and shipping an update to the malware detector. The malware authors always have the advantage.

Goran Topalovic

In reply to efla

#Jan 26th, 2009 @ 9:45 AM

This new feature reminded me on ISA Branch office scenario, and that is why I thought it was based on ISA Server.

"Basically, a client will only read content from a peer (or hosted cache) which matches the content hashes the client retrieved from the original content server."

This makes AV software irrelevant on the client machine in the distributed scenario, and this answers my question completely.

Thank you.

Kerry Brown

It appears that the BranchCache service takes over port 80 which interfers with using Apache on a workstation. What are the implications of disabling the BranchCache service on a workstation in order to free up port 80?

SpankyDave

If sourced from peers (vs. hosted cache) - will I be serviced from just one or multiple caches ? (Torrent-esque)

Subsequently, can rate-limiting be applied via GPO to minimize potential impact to other upload sensitive apps. (Like a soft-phone client)

DerekSchauland

How does the branch caching feature deal with possible cache poisoning as has been seen when DNS is cached?

ates

Teşekkürler Devrim Smiley

Qrious

Does it cache all HTTP content or only the ones with the pre-requisite "HTTP:" headers.

For how long does it cache HTTPS & CIFS SMB content?

chengajun
itgb

I have configured a file server which can run branch cache successfully by following the <BranchCache Early Adopter's Guide>, how ever the IIS dosen't work.
how can i branchCache IIS?