Introduction to BranchCache in Windows

Before you start

Objectives: Learn what is BranchCache and how we can use it to speed up data transfer over WAN links from branch to central offices.

Prerequisites: you have to know what is WAN.

Key terms: BranchCache, definition, configuration, netsh, Group Policy

 What is BranchCache

When we have branch offices, we automatically have a challenge for providing good quality connection with the central office. BranchCache helps to cope with those challenges. BranchCache caches (stores) content from remote servers (e.g. file and web servers), so users from branch offices can access information more quickly.

The BranchCache feature is only available on certain versions and editions of Windows. For example, when it comes to Windows 7, it is only available in Enterprise and Ultimate editions. Also, it can only cache content from certain Windows Servers (file and web servers). BranchCache becomes active when it takes more than 80 ms to get to the BranchCache-enabled Windows Server and back. The transfer is protected using HTTPS and IPsec encryption.

Several checks will occur when the client uses BranchCache. The client verifies that the Server hosting the requested data supports BranchCache. Then it checks the round trip time to make sure it is less than 80 ms. Once these are verified, the client checks the branch office cache to determine if the requested data has already been cached or not, and if the client has permissions has access to it. If the data is not already cached, the data is retrieved from the main server and cached in the main office.

BranchCache Modes

BranchCache can be configured to operate in two different modes. Those are:

  • Hosted Cache – the data is centrally cached on a BranchCache-enabled server running Windows Server (hosted cache server). The server doesn’t necessarily need to be dedicated to BranchCache. It can be used for other functions. In Hosted Cache mode, the cache is always available. We need to designate the address of this server on the clients. For this mode we have to have AD Certificate Services infrastructure running.
  • Distributed Cache – if we don’t have Windows Server with BranchCache capabilities, we can use Distributed Cache mode. In this mode, parts of the cache are stored on different clients (peer caching). This means that each client that is a member of the Distributed Cache mode hosts part of the cache. No single host caches all the files. When a client retrieves content over the WAN, it places this content in its own cache. If another BranchCache client attempts to access the same content, it will be able to access it directly from that first client, rather then retrieve it from over the WAN. Also, it will make a copy of that information into its own cache. The advantage of this mode is that we can deploy it without having a dedicated server in each branch office. The drawback of this mode is that the content of the cache can become unavailable if the clients hosting them shut down. So, in this case, the cache depends on the running clients. It is used in single subnet (data is cached once per subnet).

BranchCache Configuration

To configure our computer as a BranchCache client, we first have to enable it. Then we have to select if we want to use Hosted or Distributed Cache mode. Finally, we need to configure Windows Firewall to allow BranchCache traffic. The rules we open in firewall depend the mode we choose.

We can configure BranchCache trough Group Policy or by using the Netsh.exe command line tool. Some of the Group Policy settings related to BranchCache are:

  • Turn on BranchCache – enables BranchCache and configures the BranchCache service to start manually when we attempt to access data on a compatible server that exceeds the round trip time of 80 ms.
  • Set BranchCache Distributed mode – sets the client to use Distributed Cache mode.
  • Set BranchCache Hosted mode – sets the client to use Hosted Cache mode. In this mode we have to specify the server name that hosts the cache. This must match the name in the SSL certificate installed on the server.
  • Configure BranchCache for Network Files – allows us to specify the round trip latency value that triggers the use of BranchCache. The default value is 80 ms.
  • Set Percentage of Disk Space – allows us to configure space that is used to store BranchCache files. Default is 5% of total disk space on client computer.

Firewall Rules

We need to configure firewall rules only when we configure BranchCache trough Group Policy. We can use the predefined firewall rules for BranchCache. Regardless of the method we choose, we need to configure the following rules using Windows Firewall Advanced Security Snap-in:

  • BranchCache-ContentRetrieval – the rule which allows inbound and outbound HTTP traffic on TCP port 80. It is used for both Hosted and Distributed Cache modes.
  • BranchCache-PeerDiscovery – allows the inbound and outbound traffic on UDP port 3702. This rule is only required when using Distributed Cache mode.
  • BranchCache-Hosted Cache Client – allows the outbound HTTPS traffic on port 443 using TCP. This rule is only required when using Hosted Cache mode.


As we mentioned, we can use netsh.exe to configure BranchCache. When we use netsh.exe, necessary firewall rules will be automatically enabled. Any configuration set using netsh.exe, will be overwritten by Group Policy settings. We need to use elevated CMD when using netsh command to set BranchCache. Some of the common “netsh branchcache” command options are:

  • -reset – resets the current BranchCache configuration. It will stop and disable the service, reset registry values, delete any cache files. It also disables BranchCache firewall rules. We can use it if we don’t want to use BranchCache any more.
  • -show status – displays the current service mode being used, how it was configured, and the status of the service.
  • set service mode = {distributed | local | hostedclient | disabled } – sets the cache mode. If we set it to “distributed”,  it sets the client to use Distributed Cache mode, starts the BranchCache service, changes the startup type to manual, and sets firewall rules. If we set it to “local”, it sets the client to Local Cache mode. It doesn’t enable any firewall rules. In Local mode, client stores data from WAN in local cache, without sharing it with other clients on the network. This mode is only available trough netsh command. If we set it to “hostedclient” mode, we have to specify the location parameter with the IP address or the name of the server which hosts the cache. This command sets the client to use Hosted Cache mode, enables BranchCache service, and sets firewall rules. If we set it to “disabled”, it will disable BranchCache.
  • -set cachesize – allows us to set the size of the local cache as a percentage or in number of bytes.
  • -set localcache – allows us to set the location of the local cache on our computer.

Keep in mind that BranchCache service startup must be set to manual and not automatic. The service will automatically start itself any time it needs to access the BranchCache data.