Deploying BranchCache with Remote Access Technologies

  • Article

Hosted Cache mode and host-based VPN software

Note that it is not appropriate to enable Hosted Cache on clients in a branch office if these clients use a host-based VPN that does not support split tunneling. In this scenario, client computers route traffic through the main office VPN servers when downloading from the local Hosted Cache. BranchCache is compatible with VPN software that supports split tunneling.

BranchCache and Microsoft DirectAccess

If the computers in your branch office connect directly to the internet and access corporate resources using DirectAccess, you must take some extra steps to enable BranchCache.

  • To configure clients in Distributed Cache mode, you must configure IPsec/firewall rules that allow the WS-Discovery (UDP multicast on port 3702) and HTTP (TCP on port 80) protocols to execute between roaming peers.

  • To configure clients in Hosted Cache mode, you must configure IPsec/firewall rules that allow HTTP (TCP on port 80) protocols to execute between the roaming peer and the remote Hosted Cache server.

BranchCache uses a custom encryption scheme based on AES128 for transfers between peers in Distributed Cache mode and between a roaming client and the Hosted Cache server. There is minimal value in enabling encryption with IPsec for BranchCache for these transfers.