Supporting Mobile Windows 7 Users : Understanding DirectAccess & Using BranchCache

1. Understanding DirectAccess

DirectAccess is a new feature available with Windows 7 and Windows Server 2008 R2. It allows clients to access internal resources using Internet access but without creating a VPN.

You can think of DirectAccess as a virtual tunnel. It uses IPv6 over IPSec to secure the traffic. Once it is configured, remote clients can access servers on the internal network over the Internet, just as if they were on the internal network. In other words, as long as the clients have access to the Internet, they can access servers on the internal network.

In order to take advantage of DirectAccess, you must meet several requirements:

Clients

Clients must be running Windows 7 Enterprise or Ultimate edition. The clients must also be members of the same domain hosting the DirectAccess servers.

Servers

Servers must be running Windows Server 2008 R2 or later. These servers have two NICs. One NIC is connected to the internal network, and one NIC is connected to the Internet.

IPv6

Both the client and server must be running IPv6. This includes DNSv6 and DHCPv6 if DHCP is being used.

Network resources

The servers must be in a Windows domain. Domain controllers and DNS servers must be running at least Windows Server 2008 SP2 or Windows Server 2008 R2. The network must also have a Public Key Infrastructure to issue certificates.

2. Using BranchCache

BranchCache is another new feature available only for Windows 7 and Server 2008 R2 servers. It doesn't apply to mobile computers but instead applies to remote offices. You can use BranchCache to improve performance for users in remote offices.

The primary benefit of BranchCache is to reduce the amount of traffic over a WAN link. It also improves the response time for users in the remote office because they are able to retrieve data quicker.

Consider Figure 1. It shows a company with a main office and a branch office. The two offices are connected via a wide area network. Clients in the branch office have access to servers in the main office. However, because they have to traverse the WAN link, it is slower.

Imagine that Sally and Bob both work in the branch office. Sally needs to access a project file in the main office, so she retrieves it over the WAN link. A few minutes later, Bob needs to access the same file. He would also retrieve the file over the WAN link.

Figure 1. Multiple-site company

However, if BranchCache is used, the file is cached on a computer in the branch office. When Bob needs to access the file, his system is able to retrieve the cached file stored in the branch office. The WAN link is used less, and the performance for users is improved.

2.1. BranchCache Modes

BranchCache uses two modes. The mode you select largely depends on whether you have a Windows Server 2008 R2 server in the branch office. The two modes are as follows:

Hosted cache mode

Files are stored on a Windows Server 2008 R2 server located in the remote office. The server can be doing other functions, but it needs to have the BranchCache feature enabled.

Distributed cache mode

Windows 7 clients cache content using a peer-to-peer architecture. Distributed cache mode doesn't require a Windows Server 2008 R2 server in the branch office. The first client that retrieves the file caches it. Other clients in the branch office can then retrieve the file from the first client. Clients can automatically detect the existence of BranchCache files stored on Windows 7 computers in the same subnet. If the remote office has more than one subnet, clients on different subnets can cache the same content.

2.2. BranchCache Requirements

BranchCache has several specific requirements that must be met. These primarily focus on ensuring that you have the right operating systems and that they are configured to use BranchCache. The requirements are as follows:

Windows 7 clients must be configured.

Only Windows 7 clients can cache or access files used with BranchCache. In addition, the clients must be configured using either Group Policy or the netshnetsh branchcache set service distributed. This command will configure the firewall and service settings. You can disable it with this command: netsh branchcache set service disabled. command. For example, you can use this command from an administrative command prompt to configure clients to use distributed caching:

Source servers must be running Server 2008 R2.

The server hosting content that will be cached must be running Windows Server 2008 R2, and the BranchCache For Network Files role service must be added as part of the File Services role. Also, shares must be configured to support BranchCache. Some servers, such as web servers, require additional configuration.

Remote office servers must be running Windows Server 2008 R2.

If hosted cache mode is used, you must enable the BranchCache feature on a Windows Server 2008 R2 server in the remote office. If you don't have a Windows Server 2008 R2 server, you can use distributed cache mode instead.