Module 12

Providing Efficient Network Access for Remote Offices

Module Overview
Overview of Remote Office Requirements Implementing Read-Only Domain Controllers

Implementing BranchCache

Lesson 1: Overview of Remote Office Requirements

Discussion: Challenges of Managing Remote Office

Connectivity Resources

Options for Providing Efficient Access to Network

Discussion: Challenges to Managing Remote Office Connectivity

Why are network connections between remote offices

and the head office slow and unreliable?

How does slow and unreliable network connectivity

affect the users in remote offices?

How does management of computers systems in

remote offices compare with the management of computer systems in the head office?

How does system security in remote offices compare

with system security in the head office?

Options for Providing Efficient Access to Network Resources

Read-Only Domain Controller:

Installed in remote offices Increase logon speed and reliability

Address security concerns

BranchCache:
Speed up access to files that are cached
Reduces WAN utilization

Lesson 2: Implementing Read-Only Domain Controllers

Read-Only Domain Controller Features How to Deploy an RODC

What Is a Password Replication Policy?

Demonstration: How to Configure a Password Replication

Policy

Demonstration: Administering RODC Credentials Caching Overview of Administrator Role Separations

Read-Only Domain Controller Features

Read-Only Domain Controller:
Contains a read-only copy of an Active Directory domain
Replicates Active Directory changes one-way

Caches credentials based on a Password Replication Policy

Limits risk if the RODC is compromised

Allows administration to be delegated

Supports read-only DNS

How to Deploy an RODC

When deploying an RODC:

Ensure the forest functional level is at least Windows Server 2003 or later Run ADPrep /RODCPrep

that there is a writable Windows Server 2008 domain Ensure controller

Consider replication patterns

Types of installation:
Attended or unattended installation Staged installation

What Is a Password Replication Policy?

Password Replication Policy:

Determines which credentials are cached on a specific RODC

User accounts Computer accounts

Contains an allowed list and a denied list

Allowed RODC Password Replication Group Denied RODC Password Replication Group

Do not cache domain administrative accounts

Demonstration: How to Configure a Password Replication Policy

In this demonstration, you will see how to configure the PRP for an RODC

Demonstration: Administering RODC Credentials Caching

In this demonstration, you will see:
How to view passwords stored on an RODC

How to prepopulate passwords on an RODC

Overview of Administrator Role Separation

Delegate RODC administrator to local administrators Set a single security principal as administrator:
User Group

Enable by using the following methods:

Managed By in RODC computer account dsmgmt

Ntdsutil

Cache the password of delegated administrators

Lab A: Deploying a Read-Only Domain Controller

Exercise 1: Installing an RODC Exercise 2: Configuring Password Replication Policy and

Credential Caching

Logon information
6419B-NYC-DC1

Virtual machine User name Password

Estimated time: 30 minutes

6419B-NYC-SVR1 6419B-NYC-CL1 Contoso\Administrator Pa$$w0rd

Lab Scenario

NYC-SVR1

Windows 7 NYC-CL1 NYC-DC1

Head Office Remote Office

Lab Review
Why did you not run ADPrep /RODC to prepare the forest? Why should you cache computer credentials on an RODC?

Lesson 3: Implementing BranchCache

Overview of BranchCache Compare Hosted Cache Mode to Distributed Cache Mode

BranchCache Requirements
Server Configuration for BranchCache Client Configuration for BranchCache

Demonstration: Configuring BranchCache

BranchCache Monitoring

Overview of BranchCache
BranchCache:
Reduces WAN utilization Supports the following protocols:
HTTP/HTTPS SMB

BITS

Multimedia: Compare Hosted Cache Mode with Distributed Cache Mode

Hosted Cache Data is cached at Hosted Cache server Distributed Cache Data is cached amongst clients

Recommended for larger branch offices

Enables branch-wide caching Cache is stored centrally. You can use the existing server in the branch office Cache availability is high

Recommended for branch offices without any infrastructure

Enabled on clients through Group Policy. Easy to deploy Cache availability decreases with laptops that go offline

Click the icon below to view the Hosted Cache vs. Distributed Cache animation

BranchCache Requirements
Requirements for using BranchCache
Install the BranchCache feature

Requirements for distributed and hosted cache modes

In the distributed cache mode,

or the BranchCache for Network Files feature on the server that is hosting the content Configure clients, either by using Group Policy or the netsh command

no server is required in the branch office; just Windows 7 or Windows Server 2008 R2 clients are required In the hosted cache mode, Windows Server 2008 R2 server must be configured for BranchCache host in the branch office The BranchCache host server must have a digital certificate

Server Configuration for BranchCache

Configuring the File Server
1 Install BranchCache for Network
Files role service

Configuring the Web Server 1 Install the BranchCache feature

2 Enable BranchCache on the server

3 Enable BranchCache on file shares

Configuring the Hosted Cache Server 1 Add the BranchCache feature to the
Windows Server 2008 R2 server certificate

2 Configure BranchCache with a trusted

Client Configuration for BranchCache

To enable and configure BranchCache, you need to perform the following steps:
1 Enable BranchCache

2
3

Enable the distributed cache mode or hosted cache mode

Configure the client firewall

You can modify BranchCache settings and perform additional configuration tasks, such as:
Setting the cache size Setting the location of hosted cache Clearing the cache Creating and replicating a shared key for using in a

server cluster

Demonstration: Configuring BranchCache

In this demonstration, you will see:
How to enable branch cache for a file server

How to configure client settings in a GPO

BranchCache Monitoring

BranchCache monitoring tools include:

Netsh branchcache show status all

Event Viewer
Performance counters

Lab B: Deploying BranchCache

Exercise 1: Configuring BranchCache in Distributed Cache

Mode

Exercise 2: Configuring BranchCache in Hosted Cache

Mode (Optional)

Virtual machine User name Password

Estimated time: 30 minutes

6419B-NYC-DC1 6419B-NYC-SVR1 6419B-NYC-CL1 6419B-NYC-CL2 Contoso\Administrator Pa$$w0rd

Lab Scenario

NYC-SVR1

Windows 7 NYC-CL1 NYC-DC1

Head Office

Windows 7 NYC-CL2

Remote Office

Lab Review
Can you enable BranchCache only at the client? Why did NYC-SVR1 need to be placed in its own OU?

Module Review and Takeaways

Review Questions Real-World Issues and Scenarios Best Practices Related to RODC Password Caching

Windows Server 2008 R2 Features Introduced in this

Module