Dennis Chung - Going the Extra Mile...

Infrastructure Planning and Design Guides—Release Announcement

Microsoft Forefront Unified Access Gateway

The Infrastructure Planning and Design team has released a new guide: Microsoft Forefront Unified Access Gateway.

This guide outlines the critical infrastructure design elements that are key to a successful implementation of Forefront Unified Access Gateway (Forefront UAG). The reader is guided through the logical three-step process of selecting the Forefront UAG features required, determining the number of instances, and designing the infrastructure. If access logging is required, the guide leads the reader through selecting and designing the most appropriate data store.

Download the IPD Guide for Microsoft Forefront Unified Access Gateway at http://go.microsoft.com/fwlink/?LinkId=169356.

Infrastructure Planning and Design series guides streamline the planning process by:

• Defining the technical decision flow through the planning process.

• Listing the decisions to be made and the commonly available options and considerations.

• Relating the decisions and options to the business in terms of cost, complexity, and other characteristics.

• Framing decisions in terms of additional questions to the business to ensure a comprehensive alignment with the appropriate business landscape.

Tell your peers about IPD guides! Please forward this mail to anyone who wants to learn more about Infrastructure Planning and Design guides.

Join the Beta
Subscribe to the IPD beta program and we will notify you when new beta guides become available for your review and feedback. These are open beta downloads. If you are not already a member of the IPD Beta Program and would like to join, follow these steps:

1. Go here to join the IPD beta program:

https://connect.microsoft.com/InvitationUse.aspx?ProgramID=1587&InvitationID=IPDM-QX6H-7TTV&SiteID=14

If the link does not work for you, copy and paste it into the Web browser address bar.

2. Sign in using a valid Windows Live ID.

3. Enter your registration information.

4. Continue to the IPD program beta page, scroll down to Infrastructure Planning and Design,

Already a member of the IPD beta program? Go here to get the latest IPD beta downloads: https://connect.microsoft.com/content/content.aspx?ContentID=6556&SiteID=14

Related Resources
Check out all that the Infrastructure Planning and Design team has to offer! Visit the IPD page on TechNet, http://www.microsoft.com/ipd, for additional information, including our most recent guides.

We appreciate your comments and feedback; please send mail to IPDfdbk@microsoft.com.

Windows 7 BranchCache™ Explained

Posted By: yung | Dec 8th @ 9:35 AM | 4,542 Views | 0 Comments

Formats:

One of the key capabilities delivered in Windows 7 for enabling people to be productive anywhere is BranchCache™. It not only speeds up access to data and documents from Web and file servers by reducing web and file access over a WAN link, it frees up bandwidth over the WAN link for other uses.

With BranchCache™, the first request from a branch office network to download content from a web server or file server (or in the context of BranchCache™ a “content server”) also caches a copy in the local, branch network. In a subsequent request from the branch network for the same content in the content server, instead of downloading content from the content server over the WAN, clients receive the locally cached copy from the branch network. This occurs once the content server authenticates and authorizes the request. BranchCache™ has two operating modes, Distributed Cache mode and Hosted Cache mode.

Distributed Cache mode is for a small branch without a local file server, that can be used as a hosted cache server. This configuration caches content downloaded from a content server over the WAN at the user’s computer. Caching occurs at the very first request from a user in a branch office. Subsequent branch office requests for the same content will locate the cached content by broadcasting to the local network, and then collecting it from that user’s computer in the local area network. Peer-to-peer sharing is the basic idea. -- There is no central repository in the branch. There are no requirements for servers or services  in the branch office beyond client computers running Windows 7.

Hosted Cache mode, on the other hand, specifies a branch office server for caching content downloaded over the WAN. It is recommended for a branch with more than 50 clients. The key differences from the Distributed Cache Mode process are:

• Content downloaded over the WAN on the first request is only cached in a designated server local to a branch office, while Distributed Cache Mode caches content at a requester’s computer.
• Clients issuing subsequent requests for the content  establish a direct connection with the designated server to acquire it, once the content server authenticates and authorizes the request. In Distributed Cache Mode, clients broadcast over the local network to find the computer with the cached content. 

The concept of BranchCache™ is fairly straightforward. Technical specifics which minimize the communications and reduce the bandwidth over the WAN are, however, quite interesting. While a second Windows 7 client requests the same file from the content server, a user is authenticated and authorized in exactly the same manner it would if BranchCache™ was not being used. If successful, the content server returns content metadata over the same channel that data would normally have been sent. The metadata is the mechanism for reducing bandwidth, because the content metadata is significantly smaller than the actual content. It is important that the content server sends the content metadata to each client to ensure that a client always receives hashes for the most up-to-date content. This process ensures that users are always accessing the most current data. The content is broken into blocks. For each block, a hash is computed (known as the “block hash”). A hash is also computed on a collection of blocks (known as the “segment hash”). Content metadata is primarily composed of block hashes and segment hashes and the segment hashes provide a unit of discovery. The hash algorithm that is used is Secure Hash Algorithm (or SHA) 256. The compression ratio achieved is approximately 2000:1; that is, the size of the metadata sent over the wire is ~2000 times smaller than the size of the original data itself.

This is how the BranchCache™ process works:

1. A Windows 7 client connects to the content server in the central office and requests a file (or file segment) exactly as it would if it were retrieving the file without using BranchCache™.
2. The content server authenticates and authorizes the client exactly as it would without BranchCache™. If successful, it returns content metadata over the same channel that data would normally have been sent. If this is the first time any client from the branch office network is requesting a file not already cached on the local network, the client retrieves the file directly from the content server.
3. In Distributed Cache mode, the client sends a request on the local network for the required file by using the Web Services Discovery (WS-Discovery) multicast protocol. The segment hashes provide a unit of discovery. This helps reduce the total number of lookups performed for a given piece of content (versus looking up each block). The client that previously cached the file sends the file to the requesting client. The data is encrypted using a key derived from the hashes sent by the content server, as part of the content metadata. The client decrypts the data, computes the hashes on the blocks received from the first client, and ensures that it is identical to the block hashes provided as part of the content metadata by the content server. This ensures that the content has not been modified.

While in Hosted Cache mode, the client uses the hashes in the metadata to search for the file in the Hosted Cache server. A key difference in Hosted Cache mode is that a client establishes an SSL connection with the Hosted Cache server, and it offers content identifiers over this encrypted channel. The Hosted Cache server connects to the client and retrieves the set of blocks that are not cached.

To implement BranchCache, client computers must be running Windows® 7, with the BranchCache™ feature enabled. Web servers and file servers must be running Windows® Server 2008 R2, with the BranchCache™ feature enabled.

BranchCache™ is designed to give branch-office users an experience similar to being connected directly to the central office. It works with your existing network and security infrastructure including IPv4, IPv6, and end-to-end encryption methods such as Secure Sockets Layer (SSL) and Internet Protocol Security (IPSec). The process requires that a content server authenticates and authorizes a client before retrieving content from within the branch. Additionally, the content server returns content metadata to a requesting client to ensure that the client will reference the current version of requested content in the content server.

Tags: branch cache, Branch Office, Windows 7, Windows Server 2008 R2

A colleague of mine, Jeff Alexander, well known IT Pro Evangelist from Australia will conduct two Live Meeting sessions which will explore Windows® 7’s core platform security improvements, securing anywhere access, data protection, and protecting desktop users.

We will be discussing User Account Control improvements, enhanced auditing, Network Access Protection (NAP), Firewall improvements, Applocker, Bitlocker and Bitlocker to go enhancements, Direct Access, Internet Explorer 8 security improvements, and EFS enhancements.

Other topics covered:

· Fundamentally Secure Platform

· Helping Secure Anywhere Access

· Protecting Data

· Protecting Users and Infrastructure

Demonstrations include:

· How to Configure AppLocker

· Enabling Auditing

· Using Network Access Protection

Session details:

Monday 23 November at 2pm Sydney time | Register here

Thursday 26 November at 4pm Sydney time | Register Here

/Dennis

SharepointPros.SG - a Technical User Group in Singapore has organized a meet up to talk about Sharepoint 2010.

Date: 12th November 2009

Time: 6.45pm

Venue: Microsoft Singapore (1 Marina Boulevard #22-00 Singapore 018989)
Level 22, Conference Rm 12

Topic: Are you Ready for Sharepoint 2010?

Now that SharePoint 2010 has been publicly announced, come and join us for an evening of SharePoint 2010.  Presented by the local Singapore MVPs, Randy Williams, Sarbjit Singh and Steve Sofian, discover what’s coming in SharePoint 2010, get an overview and what’s new for developers and IT Pros with SharePoint 2010.

To Register for Event; RSVP to ssofian@mvps.org to confirm your attendance.

I am preparing to manage my TechNet/MSDN booth at the New Efficiency Launch @ Suntec City. I will be speaking as part of keynotes. On the side track, i am managing the TechNet/MSDN booth.

At the booth, you can sign up to TechNet/MSDN Flash newsletters to get in touch with our Singapore team, and also a quiz to win a Lenovo S10-2. As part of this, i need to provide internet access to 2 laptop kiosk that we make available at this booth. We will be in Room 209 at Suntec Convention Center. Beside us will be MS Press. We've partnered with them to provide you 30% discount at the event site off any MS Press books.

So i had to think about providing internet access to both stations and my own laptop. There are several ways to do it, but i stumbled on this Connectify and i thought its quite innovative. The last time i came across something like this was for the mobile phone.

This software allows you to turn your Windows 7 into a WIFI Hotspot to share the internet connection that runs on a Windows 7 laptop. So now i can easily use a mobile internet usb device from the telco and share the connection with other machines. There are still some kinks with device support, but definitely something worth a checkout.

Join the beta test now.

/Dennis

HelloWorld();

I work in a very passionate team of Microsoft, known as Developers and Platform Evangelism group (DPE in short). I work as the IT Pro Evangelist for the Singapore Subsidiary.

Within the subsidiary, i am responsible for conversations with IT Professionals from all walks of life. The goal is to help customers understand Microsoft's core platforms and maximize the investments one has on their IT infrastructure.

Oh, i run TechNet in Singapore too.

A little about myself;

I have about 10 years of working experience in Information Technology. Started my early days as an applications developer, writing applications for Unix and Windows. I'm conversant with C++ and VB. Soon after, i looked into bigger things. Started developing systems integration components (not those that you get to see at the desktop, more like getting Lotus Notes to work with Active Directory etc).

Soon after, Infrastructure caught my interests and bang, i am an IT Pro, but still retained my developer skills.

I worked in various large scale datacenter, from government space to private sectors. Managed and worked in roles ranging from Level 2 Network engineer in a local Telco, Technical Support Officer in a Local Library, Infrastructure Lead in a local education Institution supporting 18,000 users, to a Microsoft Certified Trainer at a CPLS.

Let's not let this be my resume page. :-) I hope to use this blog to bring you the following;

- Happenings in MS Space in Singapore related to IT Pros
- Technologies and information that are key in making IT Pros successful in their work
- Connecting you to our local community space
- The fun technology things that i work on

This is no space for marketing. :-)

/Dennis

*My other blogs: http://pingdennis.com