StifleR Planning and Deployment Guide · 5 2Pint S o f t w a r e STIFLER PLANNING AND DEPLOYMENT...

2PintS o f t w a r e

StifleR Planning and Deployment Guide

2Pint Software

v 2.0

4/11/19

1


STIFLER PLANNING AND DEPLOYMENT GUIDE 2PINT SOFTWARE

2PINT SOFTWARE

Contents TL;DR version ................................................................................................................................................................ 5

StifleR Overview............................................................................................................................................................ 6

Executive Summary ................................................................................................................................................ 6

What Does It Do?................................................................................................................................................. 6

Why Do You Need It? .......................................................................................................................................... 6

How it Works – the overview from10,000 feet .............................................................................................. 6

The StifleR Solution ................................................................................................................................................. 7

Features Overview ....................................................................................................................................................... 7

Network Traffic Reduction ..................................................................................................................................... 8

Bandwidth Control ................................................................................................................................................... 9

Stop, Pause, Resume .............................................................................................................................................. 9

Other Features ......................................................................................................................................................... 9

Visibility and Control through the StifleR Dashboards ................................................................................. 9

Automation ........................................................................................................................................................ 10

StifleR and Configuration Manager ............................................................................................................... 10

Technical Overview .................................................................................................................................................... 11

Server and Client .................................................................................................................................................... 11

Bandwidth Measurement - Beacon Server ....................................................................................................... 11

SignalR Communication ...................................................................................................................................... 11

StifleR Rules ........................................................................................................................................................... 11

Security .................................................................................................................................................................... 12

Communication Channels ............................................................................................................................... 12

User Administrative Access ............................................................................................................................ 12

StifleR Standard Features .................................................................................................................................... 12

Content Accelerator.......................................................................................................................................... 12

Bandwidth Control ............................................................................................................................................ 12

Bandwidth sharing ............................................................................................................................................ 12

Visibility and Control through the StifleR Dashboards ............................................................................... 13

Administrative Control via the StifleR Dashboards .................................................................................... 14

Automation and Efficiency .............................................................................................................................. 14

Pause and Resume ........................................................................................................................................... 15

Stop and Resume.............................................................................................................................................. 15

StifleR Enterprise Features .................................................................................................................................. 17

BranchCache V2-V1 Auto Detection ............................................................................................................. 17

Inter VLAN P2P .................................................................................................................................................. 17

Command Line Execution ............................................................................................................................... 17

2



2PINT SOFTWARE

PowerShell Everywhere!................................................................................................................................... 17

Create Your Own BITS Downloads ................................................................................................................ 17

Wake-On-LAN .................................................................................................................................................... 17

Planning Your StifleR Implementation ................................................................................................................... 18

Server ....................................................................................................................................................................... 18

Location .............................................................................................................................................................. 18

Hardware ............................................................................................................................................................ 18

Software ............................................................................................................................................................. 18

Redundancy ....................................................................................................................................................... 19

Large Enterprise Considerations .................................................................................................................... 19

Beacon Server ........................................................................................................................................................ 20

HTTP v HTTPS ....................................................................................................................................................... 20

StifleRulez.xml........................................................................................................................................................ 20

IIS and Browser requirements ........................................................................................................................ 20

Roaming clients ..................................................................................................................................................... 21

Roaming Clients ................................................................................................................................................ 21

Well Connected Networks ................................................................................................................................... 22

Client ........................................................................................................................................................................ 22

Hardware ............................................................................................................................................................ 22

Software Requirements ................................................................................................................................... 22

Mode of operation ............................................................................................................................................ 22

StifleR Ports ....................................................................................................................................................... 23

StifleR Client on Windows Server ....................................................................................................................... 24

Network ................................................................................................................................................................... 25

Default Basic Automation ............................................................................................................................... 25

Manual configuration ....................................................................................................................................... 25

Intelligent Automation of Location and Subnet Configuration ................................................................. 25

Locations ............................................................................................................................................................ 28

Security .................................................................................................................................................................... 28

User Access Control ......................................................................................................................................... 28

StifleR Client Access Control .......................................................................................................................... 28

Test Function ..................................................................................................................................................... 29

Installation ................................................................................................................................................................... 29

Order of Installation............................................................................................................................................... 29

StifleR Server Installation ..................................................................................................................................... 31

Manual Server Installation ............................................................................................................................... 31

Automated Server Installation ........................................................................................................................ 38

Post StifleR Dashboards Installation – IIS Configuration ......................................................................... 39

Server Installation - Post Installation Checks .............................................................................................. 40

3



2PINT SOFTWARE

Dashboards installation ....................................................................................................................................... 44

Manual Installation ........................................................................................................................................... 44

Automatic Installation ...................................................................................................................................... 44

Beacon Server Installation ................................................................................................................................... 44

StifleR Client Installation ...................................................................................................................................... 45

Pre-requisites ..................................................................................................................................................... 45

Client Modes ...................................................................................................................................................... 45

StifleRulez.xml file update ............................................................................................................................... 45

Manual Installation ........................................................................................................................................... 46

Automated Installation .................................................................................................................................... 49

Post Installation Checks .................................................................................................................................. 51

Configure Delivery Optimization ..................................................................................................................... 52

Testing Quick Start Guide .................................................................................................................................... 53

Troubleshooting ......................................................................................................................................................... 54

StifleR Generic Concepts .......................................................................................................................................... 56

Subnets.................................................................................................................................................................... 56

Locations................................................................................................................................................................. 56

Parent/Child and Location/Subnet structure ................................................................................................... 58

Red Leader .............................................................................................................................................................. 58

Red Leader Assignment .................................................................................................................................. 59

Enterprise Environment - Blue Leader ............................................................................................................... 65

Bandwidth Management .......................................................................................................................................... 66

Bandwidth Policy Configuration for VPN and Roaming Clients ................................................................... 66

Disconnected Policies (Client) ........................................................................................................................ 66

Connected (Client) ............................................................................................................................................ 66

Bandwidth Tuning Monitoring and Control ...................................................................................................... 68

Latency Detection (BandwidthTuning = 1) ................................................................................................... 68

Low Bandwidth Usage Detection (BandwidthTuning = 2) ........................................................................ 69

High Bandwidth Usage Detection (BandwidthTuning = 4) ........................................................................ 69

LEDBAT (BandwidthTuning=8) ....................................................................................................................... 69

Bandwidth Measurement – Beacon Server (BandwidthTuning=16) ...................................................... 70

Beacon Server Setup and Configuration ...................................................................................................... 71

Latency Auto-Tuning Management (No Beacon Server) ............................................................................... 73

Sample WMI Commands to enable auto Latency tuning ......................................................................... 73

Bandwidth Tuning Adjustment options ............................................................................................................. 74

WMI Events on Thresholds .................................................................................................................................. 74

StifleR WMI Provider .................................................................................................................................................. 75

Updating Values ..................................................................................................................................................... 76

Listing Method and Instance Parameters ........................................................................................................ 76

4



2PINT SOFTWARE

Further Reading ................................................................................................................................................. 78

StifleR Feature Details ............................................................................................................................................... 79

StifleR Standard Features .................................................................................................................................... 79

Data Visualization ............................................................................................................................................. 80

Scripting with WMI............................................................................................................................................ 84

Windows Event log Logging............................................................................................................................ 84

WMI Events ........................................................................................................................................................ 84

Multi Servers ...................................................................................................................................................... 84

Server Client Reconnect Instruction .............................................................................................................. 84

BITS Control - StifleRulez.xml ......................................................................................................................... 84

BITS Job Management .................................................................................................................................... 89

Notification System .......................................................................................................................................... 93

Multi-Lane Downloads ..................................................................................................................................... 93

Red Leader Selection........................................................................................................................................ 93

StifleR Enterprise Edition Features..................................................................................................................... 94

StifleR and Wake-On-LAN (WOL) ................................................................................................................... 94

BranchCache V2->V1 Auto Generation ......................................................................................................... 94

Inter-VLAN BranchCache Transfers .............................................................................................................. 95

StifleR Client Command Line Execution. ...................................................................................................... 98

StifleR Client PowerShell Execution. ............................................................................................................. 98

StifleR Client BITS Job Creation ..................................................................................................................... 99

Linking Several Subnets into a “Location” ....................................................................................................... 100

Further Reading ........................................................................................................................................................ 102

5



2PINT SOFTWARE

TL;DR version 1. Ensure that your P2P environment is working – BITS, BrancheCache, DO, LEDBAT enabled

2. Set up your Global Administrator, Dashboard Access and Global Read Operator accounts

3. Install the StifleR Server components – Service, Dashboards and Beacon

4. Install at least three clients on a separate subnet

5. Run some BITS downloads on the clients and/or run Microsoft updates and Install some Store

Apps

6. Browse to the StifleR Dashboard website – http://IIS_ServerURL/StifleRDashboard

7. Run the StifleR.ClientApp.exe in interactive mode through the CMD prompt and check out

what’s happening on client. (Stop the StifleR Client Service first)

8. Go have a quick look at Testing Quick Start Guide in this manual for a couple more things to try.

9. Enjoy!

6



2PINT SOFTWARE

StifleR Overview Executive Summary What Does It Do? StifleR optimises WAN usage and ensures that your Users and Workstations obtain the content that

they need from a source local to them in the most efficient way possible, while protecting network

bandwidth, prioritizing traffic, and giving real-time visibility and control over your Software Distributions

through the StifleR Dashboards.

Why Do You Need It? ‘StifleR – How to be the Network team’s best friend in 5 minutes or less’

Would you get onto an airplane knowing that Air Traffic Control Radar wasn’t working? Of course not! Without StifleR your WAN and LAN traffic is ‘flying blind’ with little control over speed or priority. Without

monitoring or control, how do you know if your Users aren’t choking the corporate network, downloading

or streaming mundane or personal content and blocking high priority business traffic such as your

Point-of-Sale data or critical Windows Updates? StifleR delivers the ability to centrally monitor and

dynamically control these data streams.

StifleR assisted content delivery quickly decreases the bandwidth load on your network. The greater the

number of StifleR enabled clients across an enterprise, the more efficient content delivery becomes.

How it Works – the overview from10,000 feet Microsoft clearly sees P2P as the future of content delivery and so should you!

StifleR has been built around the awesome Microsoft Content Distribution and Peer to Peer Caching

technologies that are now an integral part of Microsoft’s preferred delivery solutions. BranchCache is

the mature WAN Accelerator that’s been built into the Windows operating systems for over 7 years. In

Windows 10, StifleR gives you the power to manage Delivery Optimization (DO) which is now the

download and cache engine of choice for that platform and for Microsoft distributed content in general.

SifleR also manages and enhances the performance of Microsoft Configuration Manager Client Peer

Cache which is the solution specifically designed for CM content delivery. Now with Windows Server

2016, StifleR gives you control and visibility over Microsoft’s latency optimized, network congestion

control provider called LEDBAT, which stands for Low Extra Delay Background Transfer. LEDBAT is

designed to automatically yield bandwidth to users and applications, but is able to utilise the entire

bandwidth available and allocate any extra to background services.

StifleR is built on Microsoft’s SignalR which is a massively scalable lightweight platform for real-time

network wide communications which enables up to the moment monitoring and end point control

between Servers and consumers.

By uniting and giving you control over these various technologies we built a solution that can pamper,

whittle, slice and dice your content delivery from the CEO’s Surface Book all the way to the remotest of

remote Locations. You have full control and visibility over Windows Updates, Applications, Office files,

CM Content even your users personal content streaming, all in real time.

7



2PINT SOFTWARE

The StifleR Solution At 2Pint Software we noticed that although the various P2P technologies are awesome at what they do,

there were some obvious areas for improvement. Firstly, the manner in which the content is downloaded

(bandwidth control) and secondly, how many machines actually need to download that content from

remote data sources onto the local site or subnet before sharing it at the local level. (Single Site Download)

Bandwidth control Microsoft P2P solutions use several delivery protocols which by default are difficult to control at a

granular level. Taking BITS (BranchCache) as an example: An Administrator can set maximum bandwidth

usage for various BITS job priorities but those priorities can only to be set at a very high level and over a

wide variety of distribution types which may not necessarily align with your Network or Management

requirements. In the case of User initiated Configuration Manager Jobs, control is virtually removed

entirely and these are automatically set to Foreground Priority (use all available bandwidth) which has no

respect for Bandwidth Limits and will push other (possibly more important) jobs down the queue. The

StifleR client agent returns control and allows an Administrator to set priority levels for content download

down to specific job types and delivers the ability to centrally adjust and tweak those settings down to an

individual job level.

But Job Priority is just half the challenge. The Job Priority settings only enable an Administrator to set a

maximum bandwidth level for a download (which unmanaged clients will use if unchecked). If all clients are trying to download content from a remote data centre over a low bandwidth connection, it doesn’t

take long for the expensive WAN link to become congested and for your users to start suffering a loss of

production data.

StifleR to the rescue! Not only does StifleR allow you to set the priority, and therefore the bandwidth

available to a certain content transfer, it also monitors latency during a download and will dynamically adjust the download transfer rate up or down in order to keep the bandwidth usage within configurable

QoS limits and allow business critical data to flow without interruption.

Single Site Download Controlling the bandwidth consumed by your individual clients when they are downloading content is

fine to a point but if there are a large number of clients that all need to download content at same time

then the sheer weight of numbers can quickly overwhelm a highly utilised link.

StifleR provides a solution to this problem through the concept of the Red and Blue leaders. There’s a lot

more about this later on in this document but, in a nutshell, it works by the most suitable client in a

subnet being dynamically appointed to be the only client for that location to download the content from

the remote source. This “Leader” client alone is allowed to make full use of the priority bandwidth for the

download thus delivering the content to the local network in the quickest time. The other clients will

throttle down and wait for the content to be available. Once the content has been downloaded to the

“Red Leader” client on the local network, Microsoft P2P bandwidth accelerating caching technologies

enable that content to be shared efficiently with other clients on the LAN, leaving the WAN link clear for

your business critical production traffic.

In StifleR Enterprise, this concept is further enhanced and expanded to the Site level with the

introduction of Blue Leaders. Blue Leaders communicate with each other over Subnet boundaries. They

pick up local broadcast discovery requests and pass these on to other Blue Leaders which can then re-

broadcast those messages onto their local network thus allowing the sharing of content with and

between all the clients at a multi subnet location. The end result of this infrastructure is that content

may be downloaded once over the WAN for an entire remote site with that content then shared directly

between Peers on the well connected LAN.

Features Overview StifleR is designed to provide several enhancements to Enterprise-wide Content Distribution.

8



2PINT SOFTWARE

• To greatly reduce the volume of WAN traffic transferred from content servers to remote client

systems.

• To provide granular monitoring and control over WAN (and LAN) traffic, and to provide

administrators with the ability to optimize network utilization, prioritize traffic and effectively

control bandwidth usage.

Network Traffic Reduction Microsoft has embraced Peer to Peer (P2P) technologies as the solution to efficiently disseminate

content to millions of managed end points around the globe. As mentioned above, this started with

BranchCache. We have since seen the introduction of CM Peer Cache, for the efficient delivery of

Configuration Manager content and, most recently, Delivery Optimization (DO) is the default manager for

the download and P2P sharing of Windows Updates and Windows Store content between Windows PCs

both locally and even on the internet. For more information on these various P2P solutions head over to

the 2Pint Software web site and have a dig around. There are all sorts of gems waiting to be uncovered.

StifleR enhances the efficiency of content transfers by utilizing and enhancing this built in Microsoft P2P

Service infrastructure including Caching, Data Deduplication and Peer-to-Peer sharing of downloaded

content at the local network level. Every endpoint that fetches data from a Peer is saving you WAN link

bandwidth and saving you costs both directly in WAN charges and indirectly in workplace efficiency.

StifleR with Microsoft P2P Caching solutions has a profound effect on where users actually source their

content and the amount of bandwidth consumed in retrieving that content.

It eliminates unnecessary repeated download of content to many local computers from remote data

centres by firstly limiting the number of clients in a remote location that will download required content

and secondly by storing an accessible copy of downloaded content in the local computers cache which

can then be shared with peer computers immediately or at a later time.

Data-DeDuplication These caching solutions also work closely with the Data De-duplication feature of Windows Server to

ensure that content is only transferred in its Deduplicated form which further greatly reduces the total volume of content that is transferred over your corporate WAN links. Data De-duplication is an extremely

powerful Microsoft Server technology that chops up data on a disk into small chunks which can then be

compared. If the data contained in a chunk from one file is identical to a chunk in another file then the

chunk is only stored once on the disk and the files are now reparse points with metadata and links that

point to where the file data is located in the chunk-store. This indexing extends to download data so if a

chunk is present in the chunk store it is not downloaded and referenced instead. To give you an idea about

how this can help save disk and data traffic, just think about how much data is duplicated across

Operating System .wim files! Taking advantage of this technology alone saves Gb’s at a time in disk space

and network traffic. StifleR takes advantage of this technology by allowing multilane transfers to take

place where the relatively small amount of De-Duplicated data required to complete a download may be

allowed, at reduced bandwidth, in the background while another larger download uses the full bandwidth

allowance as usual.

Altogether, this results in a significant reduction in bandwidth used allows users to access content much

faster than if they were retrieving it from the remote datacentre which means you will have Happy,

Productive Users and a Healthy Network.

LEDBAT++ To quench latency and improve the user experience, Windows has implemented a low latency transport

protocol called LEDBAT. The LEDBAT algorithm seeks to utilize the available bandwidth on an end-to-

end path while limiting the consequent increase in queueing delay on that path. In laymen’s terms, use

any available bandwidth without anyone noticing. LEDBAT does this by detecting changes in one-way

delay measurements to limit congestion that the calling application itself induces in the network.

9



2PINT SOFTWARE

Microsoft describes Low Extra Delay Background Transport (LEDBaT).as follows:

" Windows LEDBAT transfers data in the background and does not interfere with other TCP connections. LEDBAT does this by only consuming unused bandwidth. When LEDBAT detects increased latency that indicates other TCP connections are consuming bandwidth it reduces its own consumption to prevent interference. When the latency decreases again LEDBAT ramps up and consumes the unused bandwidth."

LEDBAT has been around for some years now, and most famously used by BitTorrent (in their P2P

content transfers) and Apple (in their Software Update infrastructure). Now adopted and enhanced by

Microsoft their implementation, LEDBaT++, is a bit of a game changer in the world of Content Delivery

and Bandwidth Management. As of Server 2019 this is a fully supported Windows feature and is now

also included as a delivery option for Configuration Manager Content. As it is controlled from the

delivery side it is not dependent on the client side operating system and is simply enabled on the

Distribution Point through a simple check box in much the same was that we saw at the introduction of

BranchCache into CM content delivery. It didn’t take long for BranchCache to become automatically

enabled for all CM content distribution and we would expect LEDBAT to go the same way.

StifleR has the ability to bandwidth manage LEDBAT aware downloads in much the same way as BITS.

For the latest on this technology head on over to the 2Pint Software Support pages or drop us a line

directly.

Bandwidth Control If you can’t control the technology that your Microsoft management infrastructure uses to transfer content

around your enterprise, you simply aren’t in control.

StifleR enables easy administration of content transfers to Windows client computers in real time by

providing configurable automatic controls over the Microsoft content downloader (BITS/DO etc).

StifleR can automatically pause or re-prioritize content transfer while also dynamically limiting or

increasing the amount of Bandwidth used between your content servers and client systems at any

Location. This helps to ensure that your business-critical network traffic is not impacted by the day-to-

day distribution of the large volume of enterprise content that should ideally move around your network

quietly and efficiently every day.

StifleR detects if a client is Roaming, Connected to the corporate network, Connected through VPN, “Well

Connected” or simply Home Alone and allows administrators to control settings and maximise bandwidth

efficiency in each of these situations.

Stop, Pause, Resume As StifleR allows for real-time granular control over your downloads, it gives you the ability to immediately

STOP, Pause and resume, any or all downloads at the Individual Client, Subnet, Site or Enterprise level

through the Dashboards Interface or from the command line. No catches – it is that effective.

Other Features Visibility and Control through the StifleR Dashboards The 2Pint StifleR Dashboards allow you to monitor and control the movement and location of individual

data streams, while it is being transferred over the network, in real time.

Without this visibility, you’re flying blind and may be at risk when dealing with zero-day security patches,

requests from high profile users, mission-critical fixes, and other high priority content distribution.

The various StifleR Dashboards allow you to drill down through Location and/or Job paths. At each step

there is the ability to set various parameters and control distribution through such settings as Bandwidth

allowance or job priorities from the Global level, Site/Subnet level, right down to the individual client.

10



2PINT SOFTWARE

Automation Once configured with the relevant Network and Location data, StifleR is designed to run on ‘Auto-Pilot’

and will transparently and automatically manage and adjust bandwidth controls across the Enterprise. In

cases where there is a need to change settings manually, to expedite certain custom deployments for

example, instant configuration changes can be automated and scripted via PowerShell and the 2Pint WMI

Provider or can be changed directly through the dashboard GUI interface all at the client, subnet, site or

enterprise level.

StifleR and Configuration Manager StifleR is designed to greatly enhance how all content is delivered including Configuration Manager data.

Also, unlike CM, StifleR doesn’t have to store static information in a database which means that it is

awesome at providing up to the second information for small datasets. StifleR gives you full visibility over content delivery with the ability to monitor content in transit and to automatically tune bandwidth usage in real time. StifleR also gives you visibility and control over your Configuration Manager Peer

Cache data delivery as well as LEDBAT traffic.

11



2PINT SOFTWARE

Technical Overview Server and Client StifleR consists of two main parts. The StifleR server component and the StifleR clients.

Each StifleR client makes a lightweight connection to the StifleR server and sends up information about

the current content download queue. This information is evaluated and the server (dynamically) assigns

the most suitable system per Location to be the “Red Leader”. The Red Leader system is then responsible

for downloading content and obeying the defined network bandwidth limits for that Location. Other clients

at that same Location, that would otherwise also download the content from the remote source, will not

download from the remote location but instead will throttle down, wait, and then copy the data locally

from the Red Leader and other Peers using Microsoft P2P transfer functions. The end result is that rather

than all clients downloading remote content, WAN traffic is limited to between the single Red Leader and the remote content server. Should the current Red Leader system become unavailable, a new Red Leader

is automatically selected, which results in uninterrupted, efficient and dynamic workflow.

This functionality also extends to Windows 10 Delivery Optimization groups and respects the Bandwidth

administrative settings present under any DO control policy that may be in place.

In StifleR Enterprise, this concept is further enhanced and expanded to the Site level with the

introduction of Blue Leaders. Blue Leaders communicate with each other over Subnet boundaries. They

pick up local broadcast discovery requests and pass these on to other Blue Leaders which can then

broadcast these messages onto their local segment thus allowing the sharing of content with and

between all the clients at a multi subnet location. The end result of this infrastructure is that content is

downloaded only once over the WAN for an entire remote site with that content then shared directly

between Peers on the well connected LAN.

Bandwidth Measurement - Beacon Server The StifleR Beacon Server component is installed at your file server locations. These then act as known

end points to allow the StifleR clients to benchmark bandwidth parameters and set and tune limits

accordingly.

SignalR Communication StifleR is a typical Client – Server application that uses bi-directional communication channels. The

Server hosts an OWIN (Open Web Interface for .NET) implementation of Microsoft SignalR. All

communication is based on the Microsoft the Microsoft SignalR protocol, a web-sockets based protocol

that runs over UDP, initiated first through an HTTP connection which then steps things up to web

sockets. StifleR server also uses SignalR to communicate with the endpoint clients and any connected

dashboards. Understanding how SignalR works is not mandatory to use StifleR but is required if custom

scripting or advanced configuration of StifleR is to be undertaken. Please refer to the 2PintSoftware

Website for advanced information on the Microsoft SignalR platform including “SignalR and Connection

Management” on the Knowledge Base and the companion document to this guide “Securing StifleR

Operations Using SSL” which includes SignalR configuration.

StifleR Rules The StifleR client checks through its queue of active downloads (both BITS and DO) and then prioritizes

them according to a locally held XML configuration file (StifleRulez.xml) which contains a set of rules that

are configured centrally by the administrator and automatically downloaded by the clients.

This file contains a simple rule set that defines the content download jobs and the priority that the

administrator has assigned to each job type.

As an example, Microsoft Maps sync could be set to a low priority, while Windows Update patches

would be set to high. Using this rule set, you can effectively control which downloads should be

12



2PINT SOFTWARE

completed ahead of others. All of these configuration settings can be changed centrally at any time with

any such changes automatically replicated to your clients in seconds.

Security Communication Channels In order to secure the SignalR communication channels in StifleR we recommend that you use SSL. A

full explanation of this can be found in the companion document “Securing StifleR Operations Using

SSL”

User Administrative Access StifleR uses a delegated security model in both WMI and the Web portal. There are several basic

security levels:

Global Administrators (Mandatory)

• Access to all locations and WMI regardless of location rights.

• Only Global Administrators have rights and visibility over roaming clients

Delegated Access.

• Granted by a Global Administrator on the individual Subnet level. Rights to WMI methods only

on the allowed subnet or clients in that subnet.

Global Read

• Gives read only rights to ALL locations and statistics. Including WMI.

Dashboard Access

• Access to Dashboard and overview statistics only

Anonymous Read

• Allows anonymous access. Should be disabled in all but a test environment.

StifleR Standard Features Content Accelerator StifleR accelerates content transfers by utilizing the various Microsoft P2P services, enabling caching, Deduplication and Peer-to-Peer distribution of content on local networks. By utilizing and improving the

Microsoft P2P functionality, StifleR has a profound effect on where users actually source their content,

the network bandwidth consumed in retrieving that content and the speed with which the content is

delivered to consumers.

Bandwidth Control StifleR gives you control over content transfers to Windows client computers by enabling granular

configuration of the Background Intelligent Transfer (BITS) and/or Delivery Optimization (DO). Services

not natively available.

Bandwidth sharing As the Red Leaders are continuously communicating download details back to the StifleR Server, the

Server is aware of how many active subnets transferring data there are at any moment in time. At a

remote location the allowed Bandwidth between the Location and the Datacentre is dynamically

apportioned between the number of active Red Leaders (Subnets) at that Location allowing maximum

bandwidth to be assigned to each at all times.

13



2PINT SOFTWARE

Visibility and Control through the StifleR Dashboards NOTE: We strongly advise to view the Dashboards only on administrative workstations rather than

directly on a Server. Servers are generally not built with feature rich graphical applications in mind.

Real Time Monitoring Reporting and Visibility Using StifleR you have complete visibility over WAN and LAN transfers globally through the Dashboards.

The Dashboards update several times per second thus giving an up to the second view of content

transfers. The SignalR architecture also allows you to have as many dashboards open as you like

without putting a strain on the server infrastructure.

The dashboards allow real time monitoring of all content transfers within the enterprise, all from a single

view. From the main dashboard you can then drill down from a multi subnet Site through individual

subnets right down to single client data.

StifleR tracks all content being downloaded on the clients and reports this data back to the StifleR

server. All this data is then made available for reporting on the StifleR server directly in WMI or

graphically through the Dashboards interface. StifleR will give you a view of all active and queued downloads at a given Location. A BITS client only supports a single active download at a time and

therefore it is on this that StifleR reports and sends data.

Figure 1 The StifleR transfer overview dashboard gives a summary at a glance of data movements enterprise wide

14



2PINT SOFTWARE

Administrative Control via the StifleR Dashboards

Server Configuration Server settings can be configured through the ‘Server Settings’ dashboard

Subnet Configuration Subnet level settings can be set via the Subnet dashboard, including TargetBandwidth/Well

Connected/Address etc.

Locations Configuration Further to the Subnet settings above, you can also set Delivery Optimization parameters such as

GroupID and Download mode, LEDBAT Target Bandwidth and Well Connected Bandwidth limits

Job management Within the BITS and DO job dashboards, StifleR gives you the ability to Stop, Start, Pause or change the

priority of individual job downloads with a simple click of the mouse. These controls are instant and can

be used to control traffic at all levels of the infrastructure.

Administrators Security Global Administrators have the ability to grant granular administrative control to Delegated

Administrators over StifleR resources all through the Dashboard interface. A Deputy Administrator can

be granted the ability to monitor and set controls for particular subnets only. They are granted security

access to the WMI methods and controls for the subnet.

Automation and Efficiency While the Dashboard interface can be used for small scale manual configuration and control, for

serious, Enterprise wide automated administration StifleR can be configured via Microsoft PowerShell

or WMIC scripting which interacts with the StifleR Windows Management Instrumentation (WMI)

Namespace. There are limitless possibilities in this regard and there is an excellent downloadable guide

– “StifleR WMIC Command Line Tool” – on the 2Pint Software KB site that provides plenty of examples and inspiration to get you started.

You will also find the StifleRServerScriptingGuidance.ps1 script in the StifleR Server Installation folder

which contains numerous handy code snippets to help with various administrative tasks.

Change Content Delivery Priorities StifleR is designed to enable configuration and control over the static priority of different content types

and allows you to change the priority of a job immediately using WMI. You can change the job priority in

several different ways, depending on what you want to achieve:

1. Pause a running higher priority job in order to allow the next job in line to start. The original job

can then be resumed once the other has completed.

2. Make changes centrally to the StifleR download job definition file (stiflerulez.xml) and push this

to clients instantly via StifleR. e.g. change one type of BITS job to a higher priority to get certain

content distributed ahead of existing traffic.

Changes to the bandwidth and priorities directly using WMI (or through the Dashboard) replicates

settings within seconds, regardless of how many Locations you have targeted.

15



2PINT SOFTWARE

Multilane transfer Intelligent Bandwidth Sharing between active Devices

StifleR also allows for multilane transfers, i.e. multiple transfers at the same time. Using a combination

of the locally cached BranchCache content and Data Deduplication, transfers can be allowed that put

none, or very little, traffic on the WAN as most of the content is actually present already and it is only the

balance of content that needs transferring. Here’s a scenario to help your understanding of how this

works in the real world: -

A client at a remote location starts to download content. At the same time another peer at that same remote Location needs to download & install an updated version of the same content. Because of Windows Deduplication, a large percentage of the content is not required to be transferred over the WAN. Instead of waiting for the complete local data to become available the StifleR client on the second Peer will allow the download to go ahead, at the same priority as the existing download but at reduced bandwidth. This allows the peer to slowly download the content, which, due to De-Dupe, may be enough to get the installation started faster as most of the content will be sourced from the local caches and only a trivial amount coming over the WAN.

Summary StifleR empowers you to re-prioritize content delivery quickly and non-destructively (without killing jobs).

When you change content priorities, any paused content automatically resumes after the new higher

priority content transfer completes, without retransmitting data already downloaded. You can specify

job priority and also allow jobs to run side by side while using appropriate bandwidth in proportion to the

job needs. StifleR also has the ability to monitor and adjust bandwidth usage up or down according to

set limits. StifleR makes it easy to view, configure and manage all content priority changes and to

monitor content transfer in real time.

Pause and Resume An important function utilized by StifleR, which should already be healthy in your Software Distribution

solution, is automatic pause and resume. This is the control that sets the ability to move something to

the top of the queue, causing the currently active item to pause immediately. Later, when the urgent

content finishes downloading, BITS will resume the interrupted download exactly where it left off

without missing a byte and without re-transmitting data already downloaded. The healthy state of this

function in the enterprise should be considered a pre-requisite for StifleR operation.

Stop and Resume In some exceptional circumstances you may need to completely stop traffic from transmitting over the

WAN.

Stopping every BITS job in the entire Enterprise is as easy as a click in the Dashboard or a single WMI

command line:

-ArgumentList "Suspend", False, "*", 0, "ALL"

16



2PINT SOFTWARE

Figure 2 Suspending all BITS jobs in the Enterprise

StifleR uses the default BITS API commands so an administrator can just as easily Suspend, Resume,

Cancel or Complete jobs.

By changing the argument list around a little, you can do some powerful stuff. If we change the “ALL” to

an IP Network ID we can target resources in a more granular manner:

-ArgumentList "Suspend", False, "*", 0, "192.168.137.0"

Figure 3 This screenshot shows how you can instantly pause all content transfers going into a specific Subnet with a single command.

If true pause/resume is important to your organization, then it’s important to understand why this is

unique. You can instantly pause content transfer non-destructively (without killing jobs) anywhere in

your enterprise, and later resume exactly where it left off. There is no limit to the scope:

• For delivery of a single piece of content

• For all content delivery to a single Location or subnet

• For all content delivery globally

By using PowerShell or any other WMI aware scripting language you can easily pipe objects to each

other. For example, you can select a Location where bandwidth usage is too high and then suspend all

jobs temporarily as required. Once again, refer to the scripting guide for examples and ideas in this

regard.

17



2PINT SOFTWARE

StifleR Enterprise Features BranchCache V2-V1 Auto Detection StifleR is able to detect that you have a mixture of BranchCache V2 and V1 computers in your

environment and automatically assign the V2 machines to become Red Leaders. V2 computers are able

to generate hashed data for both V1 and V2 clients. Unlike V1 machines however, V2 machines are able

to utilize deduplication on the download side which greatly speeds up the overall transfer time for the V1

clients. For more information on BranchCache version interoperation please visit the 2Pint website.

Inter VLAN P2P At Locations with multiple VLANs or Subnets StifleR Blue Leaders are assigned. These clients are able

to act as BranchCache communication proxies and allow P2P traffic to cross network boundaries. In

larger locations with limited WAN connectivity back to the data centre this feature is invaluable in order

to limit WAN usage as far as possible.

Command Line Execution Using the command line execution feature you can easily run commands across many systems at one

time.

PowerShell Everywhere! Same as the Command Line execution, but with PowerShell scripts on Clients instead. Each script is

distributed to the client and executed.

Create Your Own BITS Downloads StifleR not only monitors BITS downloads, it can create them too. Here’s a couple of suggestions for

usage of this feature:–

• Download the ‘top 10’ most accessed files from your corporate intranet into the BranchCache cache overnight

• Seed (pre stage) certain key systems in remote Locations with Software Updates that can then

be shared via BranchCache.

Wake-On-LAN StifleR has Wake-on-LAN technology built in which may be used to power on systems in a Location that hold cached content that are needed by Peer clients. This saves bandwidth and time as the transfer

becomes P2P instead of WAN based.

18



2PINT SOFTWARE

Planning Your StifleR Implementation Planning for integrating StifleR into your Content Distribution System is simple. Like most technical

projects however, preparation and attention to details pays dividends.

Server Location Location of the StifleR server should be considered although it is not too critical unless you have

multiple geographical locations etc in which case you may consider having multiple StifleR servers at

key hub locations. More important is the spec of the server and its Network connectivity. Bear in mind

that the server will have incoming and outgoing connections to all StifleR clients – sometimes all at

once during a large scheduled deployment.

Hardware The following table can be used as a summarised view of the hardware requirements.

Size CPU Memory NIC Disk Under 10.000 clients 4 cores 8GB Virtual/1GB 1x SSD for DBs* 10.000 – 20.000 clients 8 cores 16GB 1GB/10 GB 2x SSD for DBs* 20.000 – 50.000 clients 16 cores 32 GB 10 GB 4x SSD for DBs* 50.000 – 100k clients 32 cores 64 GB 2*10 GB 6x SSD for DBs* 100k to 200k clients 48 cores 256 GB 4*10 GB 8x SSD drives for DBs* * As data loads can greatly vary depending on data retention periods, please contact us if you have any questions.

CPU StifleR is CPU intensive. Since StifleR does not use that many threads, a higher frequency (Ghz) is

recommended. We recommend at least a 2.4Ghz processor with 8 cores. Don’t forget that most CPU’s

must also handle some of the Network connectivity management.

Memory StifleR writes a lot of historical data to databases, as well as maintaining in-RAM memory objects. Since

each connection and all connection data is stored in RAM a decent size of RAM is recommended but

32GB should be plenty for most installations.

Disk

StifleR saves a lot of information to ESENT databases, especially with the System Resource Tracking

features enabled. Fast SSD disks are preferred for housing these Databases.

Network Connectivity Each client has a non-managed SignalR client connection (web sockets) to the server, so if you want to

run 100k clients to a single server you need to beef up the network connectivity.

If you are supporting a large number of clients, you probably want dual or quad 10Gb/s NIC’s for your

StifleR server. This will ensure that the NIC’s have enough power to manage the large number of

connections.

Software StifleR server requires Windows Server 2012 with Microsoft ,NET version 4.7.2 or higher. If you wish to

run StifleR on Windows server 2008 contact us first for a chat.

There are also requirements around IIS settings. Please refer to the Dashboard installation section for

important information in this regard.

19



2PINT SOFTWARE

Redundancy Multiple StifleR servers can be configured for larger enterprises so that clients can fail-over to a second

server should the primary server become unavailable.

Large Enterprise Considerations For larger installations we recommend splitting the load across several StifleR servers. For example one

server per geographical region.

20



2PINT SOFTWARE

Beacon Server The server-side component (iperf3.exe) can run on any Windows OS (talk to us if you want to run it on

Linux) It acts as the end point to which the StifleR Client Red Leaders send test packets. This allows the

Red Leaders to accurately measure the maximum bandwidth available between the a Subnet/Location

and the content source. Typically, you will install this component on a server in a central location (such

as an SCCM Distribution Point) from which your clients obtain the bulk of their content. If you have a

central datacentre for instance you can simply install the StifleR Beacon service onto any server at that

location. The StifleR Beacon Service may be installed on the StifleR Server if required but there is no

dependency on this configuration.

HTTP v HTTPS We recommend that http communication channels only be used in your initial high level testing. In a

production environment we strongly recommend that you configure StifleR communication to be

secured over https. For more information on SSL configuration, and all things certificate related, please

refer to the companion document “Securing StifleR operations using SSL” which gives an overview of

not only the StifleR and SignalR configuration but also how to set up the underlying Configuration

Manager security environment to get you started.

StifleRulez.xml The StifleR client will check through its queue of active downloads (both BITS and DO) and will prioritize

them according to a locally held XML configuration file containing a set of rules that are configured

centrally by the administrator and automatically distributed to clients.

This file contains a simple rule set that defines the content download jobs and the priority that the

administrator has assigned to each job type. The “StifleR Rules XML Guide” is available for download

from 2Pint website on the StifleR Product Page which gives details on how to create and configure the

rules file. There is a default rules file copied into the ProgramData location as part of the Client installation but this is static and should only be used for initial basic testing purposes.

The clients will download the rules definition XML from a configured URL. If you wish to configure your

own rules definition file or your client do not have internet access then you need to create this URL on

your internal IIS server. If not then the clients will default to use one which is stored on the 2Pint

website.

IIS and Browser requirements SignalR can be used in a variety of client platforms. This section describes the system requirements for

using SignalR in web browsers, Windows desktop applications, Silverlight applications, and mobile

devices.

Supported server IIS versions When StifleR’s SignalR driven Dashboards are hosted in IIS, the following versions and configurations

are supported.

• IIS 10

• IIS 8, 8.5 or IIS 8 Express.

• IIS 7 and 7.5. Support for extensionless URLs is required.

• IIS must be running in integrated mode; classic mode is not supported. Message delays of up to

30 seconds may be experienced if IIS is run in classic mode using the Server-Sent Events

transport.

• The hosting application must be running in full trust mode.

http://support.microsoft.com/kb/980368

21



2PINT SOFTWARE

Note: If a client operating system is used, such as for development (Windows 8 or Windows 7), full

versions of IIS or Cassini should not be used due to the built in limit of 10 simultaneous connections

imposed This limit will be reached very quickly as connections are transient, frequently re-established,

and are not disposed of immediately when no longer being used. IIS Express should be used on client

operating systems.

Note: For SignalR to use WebSocket, IIS 8 or IIS 8 Express must be used, the server must be using

Windows 8, Windows Server 2012, or later, and WebSocket must be enabled in IIS. For information on

how to enable WebSocket in IIS, see IIS 8.0 WebSocket Protocol Support.

Web browsers SignalR can be used in a variety of web browsers, but typically, only the most recent two versions are

supported.

Applications that use SignalR in browsers must use jQuery version 1.6.4 or major later versions (such as

1.7.2, 1.8.2, or 1.9.1).

SignalR can be used in the following browsers:

• Microsoft Internet Explorer versions 8, 9, 10, and 11. Modern, Desktop, and Mobile versions are

supported.

• Microsoft Edge

• Mozilla Firefox: current version - 1, both Windows and Mac versions.

• Google Chrome: current version - 1, both Windows and Mac versions.

• Safari: current version - 1, both Mac and iOS versions.

• Opera: current version - 1, Windows only.

• Android browser

In addition to requiring certain browsers, the various transports that SignalR uses have requirements of

their own. The following transports are supported under the following configurations:

Web Browser Transport Requirements Transport *Internet

Explorer

Chrome

(Windows or iOS)

Firefox Safari

(OSX or iOS)

Android

WebSockets 10+ current – 1 current - 1 current – 1 N/A

Server-Sent Events N/A current – 1 current - 1 current – 1 N/A

ForeverFrame 8+ N/A N/A N/A 4.1

Long Polling 8+ current – 1 current - 1 current – 1 4.1

*: 6+ required for full functionality.

Unsupported Browsers While SignalR may run without major issues in older browser versions, we do not actively test SignalR in them and generally will not fix bugs that may appear in them.

Roaming clients Roaming Clients StifleR uses the concept of 'Roaming Clients' and enables the ability to set bandwidth according to the

client location and connectivity. A roaming client (in StifleR terms) is one that is not connected to the

corporate network i.e a known location/subnet or is non-domain joined and/or authenticated.

http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-websocket-protocol-support

22



2PINT SOFTWARE

In these cases there are a couple of choices as to how these clients can be configured. These are

determined by the StifleR Server setting DefaultRoamingBandwidth.

The default setting is 0 (disabled) which means that by default a StifleR client that roams will have all

Bandwidth policies removed.

If, however, that parameter is set to anything other than zero Roaming policy will be applied (split

between Delivery Optimization and BITS)

i.e. If a Default RoamingBandwidth of 50Mbs (51200) is set then the clients would get 25Mbs for BITS

and 25Mbs for Delivery Optimization

There are two types of Roaming Client – Roaming and connected to a StifleR server: (possible if the

client still has a route to the StifleR Server – via Azure for instance) and - Roaming but not connected to

a StifleR server.

Well Connected Networks Well Connected locations are networks where the bandwidth available to clients is fairly generous

(>100Mb/s). In this scenario StifleR can still assist with improving Peer-to-Peer and caching efficiencies,

which help to offload both network and memory/CPU load from source servers (Distribution Points etc)

How it Works:

Instead of setting a 'Target Bandwidth', you can set the location to 'WellConnected' and then set DO and

BITS (BranchCache) Bandwidth limits. A Red Leader will still be selected, but the bandwidth allocated to

'Non-Red Leaders' is the same. This allows for faster P2P transfers and faster deployments in general.

The Default Setting is False - (Not Well Connected)

Note: You can change a subnet to Well Connected and the clients at that location will get the new Well-

Connected bandwidth settings from the server. If you change back to Not Well Connected, the clients

will not revert to the original Subnet Target Bandwidth until the next service restart.

Client Hardware If the client hardware can run Windows, it can run the StifleR Client. CPU & Memory utilization is very

low.

Software Requirements

Pre-requisite

• Windows 7 SP1 or later

• Supported are x86 or x64 versions of the operating systems

o Professional, Enterprise or Ultimate versions

o Newer Educational SKU is also supported

• Microsoft .NET 4.7.2 must be installed on the client

The client is a .NET 4.7.2 executable with some C++ helper DLLs. It will run on any operating system that

is capable of running .NET 4.7.2 and BranchCache. This includes most operating systems from

Windows 7 and above with the exceptions of Home and other consumer versions of Windows.

Hotfixes for Windows 7 - https://support.microsoft.com/en-us/kb/3036149 (not required but fixes a bug within BITS that can cause it to ignore Bandwidth Policy)

Mode of operation The StifleR Client can be installed in one of three modes;

https://support.microsoft.com/en-us/kb/3036149

23



2PINT SOFTWARE

1. Windows Service Based Mode – always connected to the StifleR Server, running as a Windows

Service

2. Event Triggered Mode – only starts & connects when a download job is created and running.

3. Read Only Mode

Windows Service Based Mode The benefit of Service Mode is that the Administrator can send configuration changes to the Client

immediately at any time. This does not happen in the Event Driven mode as the client is only active

when a download job is run and the client will only receive configuration changes at start up.

When running as a service, the StifleR client runs as a Windows Service and monitors job creation every

few seconds according to the configured interval.

Event Triggered Mode (advanced only) The client is not always running in this mode lowering utilization on both client and server. This however

means that the server cannot reliably perform certain configuration tasks on the client in real time.

When the StifleR client is event driven it is triggered by the Windows ETW (Event Tracking for Windows)

system using a Scheduled Task that launches the StifleR Client on BITS Event ID 3 (BITS Job created).

Once all queued BITS jobs have completed, the Client exits out.

The reason that Event Driven mode was first written into the product was to cater for a situation where

a customer may deploy your content in ’Maintenance Windows’ within set times during off-peak hours

for instance and may not want the service running outside these hours. We have not seen any

requirement for this in real world usage and accordingly this mode should be considered for advanced

use only.

Read Only Mode This mode requires separate licensing. It is a limited version only for network monitoring and dashboard

visibility.

StifleR Ports The following (client) ports are used for the InterVLAN feature (see later). An asterisk (*) indicates a

dynamic Port number. BranchCache tries to use a random port among the dynamic port range (49152-

65535) as specified in RFC6335 section 6. Port Number Ranges:

From To Source Port Destination Port Protocol Component Details

Client Subnet * (dynamic) 3702 UDP Multicast BranchCache Probe

Leader Leaders 3704 3704 UDP Unicast StifleR Client Fwd Request

Leader Subnet 3703 3702 UDP Multicast StifleR Client Fwd Request

Client Leader 3703 * UDP Unicast BranchCache Probe Match

Leader Leader 3705 3705 UDP Unicast StifleR Fwd Probe Match

Leader Client 3703 3702 UDP Unicast StifleR Fwd Probe Match

Client Leader * 81 (Configurable) HTTP (TCP/IP) BranchCache Req. Data

Leader Client * 80 (BranchCache) HTTP (TCP/IP) StifleR Req. Data

Figure 4 Port number matrix

Server – Client Communication

• Source – dynamic

• Destination – Port 1414 TCP/IP & Port 1414 UDP for Web Sockets

Web Server - Dashboards

24



2PINT SOFTWARE

• Source - dynamic

• Port 9000 is used by server to host the dashboard/data API. Dashboard uses it to connect to

the REST API to get data.

• Port 80 - dashboards

Beacon Server Port

• For clients to send iperf packets – Server TCP 5201

StifleR Client on Windows Server The StifleR client can be run on a Windows Server system where, for example, you may want to monitor

the Bandwidth performance of an SCCM Pull Distribution Point. In order to do this you must edit the

following line into the StifleR.ClientApp.exe.config file and restart the StifleR service:

Once the Service has been restarted, the server can be monitored like any other client. NB: It will not

appear in the ‘Servers’ dashboard.

25



2PINT SOFTWARE

Network Default Basic Automation StifleR automatically ‘learns’ about networks as the StifleR clients connect and report data to the server.

The Server builds up a list of subnets with a default bandwidth limit set for each new one that is

discovered. This information is stored in the StifleR Database file which is stored in the StifleR Server

program data folder.

Manual configuration To manually “pre-configure” the StifleR Network Infrastructure you can load all of your network

information into StifleR prior to deploying any clients. This can be achieved via automation through

PowerShell/WMI scripting etc,.

Intelligent Automation of Location and Subnet Configuration As mentioned above, in the default process, when a StifleR Client reports in from a subnet that does not

exist, a new subnet is automatically created with default parameters applied.

There is however a much more intelligent method that uses PowerShell scripting to Generate and then

Modify settings for these newly discovered locations. This feature is enabled within the

StifleR.Service.exe.config file using the following parameters:

NOTE: The default setting for each of these options is disabled (0). Changing this to a value of “1” enables the feature. Location in this context is not referring to a StifleR Enterprise “Location” but rather discovered subnets.

NOTE: Sample Generate and Modify scripts can be found in the installation folder.

Generate New Location with PowerShell • Enable key:

• Default path to the script for PS Generation of Sites

This first option is the most commonly used, as it allows you to set a default ‘template’ for a new subnet

according to your preferences. For instance, the overall default Target Bandwidth for a new location

may be 1024Mb/s, and you may want to set this to be higher (or lower).

PowerShell can generate any parameter for a new subnet and logic can be used to determine different

settings depending on the incoming criteria (subnet, IP Address Range, Physical Location, Computer

Name etc)

If the GenerateNewLocationsWithPowerShell setting is enabled, the script identified in the PowerShellExtensionLocationCreateScriptPath is executed as soon as a Client reports in a new subnet.

26



2PINT SOFTWARE

A basic script is as follows:

#always get the parameter data from the incoming request param($SessionData) #Next, instantiate the boot object, which is what you return back from this PowerShell Session $Location = new-object StifleR.Service.LocationItem.RootLocation This is an example of the SessionData typically returned to the PowerShell provider;

#clientProtocol;1.4

#transport;webSockets

#connectionData;[{"Name":"StiflerHub"}]

#connectionToken;AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAmrQEwkrggEKYwxYz++YeUQAAAAACAAAAAAADZg

AAwAAAABAAAADaO2indeSlBQTVPahgLP0kAAAAAASAAACgAAAAEAAAANtmbDDVdua96FFJYRerfPgoAAAAZ/X3

q8t8kusojYoeYe2dcefqR2It+qUzbqalCJdvZEQcgUiHqZJopBQAAAC8eAnvyVfo/UMD00GEl3pI27tQTw==

#networkId;192.168.138.0

#GatewayMAC;B8-AE-ED-73-49-A6 ***USE THIS FOR A LOCATION GWMAC***

#OSBuild;Microsoft Windows NT 6.3.9600.0

#version;1.6.1.5

#ComputerName;NUC5

#MachineGUID;28ac4bb5-97a9-4af2-8c45-f3668d3528ce

#NotLeaderMaterial;False

#ServerType;false

#ServerAndClient;False

#NetworkName;2PSTEST1.LOCAL

#Status;Connected

#Category;Authenticated

#ConnectedTime;2018-02-18 10:47:22

#CreatedTime;2015-05-20 14:42:24

#Connectivity;IPv6NoTraffic, IPv4Internet

#Description;2PSTEST1.LOCAL

#DomainType;DomainAuthenticated

#IsConnectedToInternet;True

#Managed;True

#Signature;010103000F0000F0A00000000F0000F0967D2CE4D1530F00FE1094B93C821F374E91CA96D62BE8BE

F8B7174D15FD45FD

#MSGatewayMAC;04-DA-D2-84-AE-42 ***DONT USE THIS FOR A LOCATION GWMAC***

#Type;Ethernet

#GeoPosition;11.9516:57.6967

Once this data is returned you can then write some new data back to the new subnet

The new subnet must have a unique GUID

$locationId = [guid]::NewGuid()

Once you have a way to identify the subnet you can edit configuration options. In the following snippet

we set a Target Bandwidth of 4096 and setup the Delivery Optimization policy so that the clients in that

subnet will only Peer within that subnet.

27



2PINT SOFTWARE

$Location.TargetBandwidth = 4096 #sets a default target bandwidth $Location.DateAdded = [System.DateTime]::Now $Location.Subnet = $SessionData["networkId"] $Location.GatewayMAC = $SessionData["GatewayMAC"] $Location.id = $locationId #These Delivery Optimization parameters are set #So that DO will only P2P within this subnet #This should be changed for multiple subnet sites #Do NOT set these DO params if you are managing DO via GPO/DHCP/SCCM etc $Location.DOGroupID = $locationId $Location.DODownloadMode = 2

Finally, we write the new subnet – job done!

return $Location

Modify New Location with Powershell • Enable Key:

• Default path to script for PS modification

This option is similar to the Generate function but allows you to Modify a subnet once is has been

created. This enables you to have your Generate script set some defaults for new subnets and then let

the Modify script change some further parameters depending on other criteria.

If the ModifyNewLocationsWithPowerShell setting is enabled, the script identified in PowerShellExtensionLocationModifyScriptPath is executed as soon as a new subnet has been created

A basic script is as follows:

#always get the param data from request param($SessionData)

#This section sets the variables from the SessionData $LocationId = $SessionData["Id"] $LocationSubnet = $SessionData["Subnet"] $LocationGatewayMAC = $SessionData["GatewayMAC"] $LocationName = $SessionData["LocationName"]

#Now get and modify the resource $LocationToModify = [wmi]"\root\StifleR:Subnets.subnetID='$LocationSubnet,$LocationGatewayMAC'"

Once we have the new location we can do some lookups, for example examine the IPAddress and set a new target bandwidth based on the Address Range – being in PowerShell land the sky is the limit! Here’s some pseudo code to give you an idea: If subnet starts with 192 – then target bandwidth should be 10Mb If subnet starts with 10 – then target bandwidth should be 2Mb #Finally update the location with the new values swmi -path $LocationToModify.path -Arguments @{TargetBandwidth=$NewBandwidth;Description="Modified by PowerShell"}

28



2PINT SOFTWARE

Locations Once subnets are known to StifleR you can then group local subnets together in Parent/Child

relationships to form Locations. You can then use these Locations to control Bandwidth usage for the

multiple subnets or VLANs as a single administrative unit. As part of your StifleR infrastructure planning

you should gather as much information as you can regarding your geographic locations and associated

WAN/LAN configurations, speed etc and then group your subnets into StifleR Locations as required.

Please feel free to contact us for recommendations in this regard. This process can be automated as

above.

Security StifleR controls access to the two main server components, i.e the SignalR Hub and the Web service.

This control applies to both users (which required access to StifleR Dashboards) and StifleR Clients

(who need to access the SignalR Hub).

User Access Control Access to the StifleR Dashboards and WMI objects are controlled by Domain Group membership and

StifleR Configuration file settings. These are described below

If the AllowAnonymousRead is enabled (value of “1”) in the StifleR Configuration file, we allow all read

operations and the following options are not in play.

Full Administrative Access to StifleR Server is restricted to Accounts that are members of a Global

Administrators Group. This group is defined during the installation of the StifleR Server. These Global

Administrators can then grant specific rights (read/write) over individual resources to Delegated

Administrators. Delegated Administrators can only see and administer those Sites and Subnets over

which they have been granted control. See table below for full details.

Group Description Access Global Administrators

DefaultStifleRAdmins*

Full read and write right access to ALL

objects All (does NOT require

Dashboard Access

membership)

Dashboard Access StifleRDashboardAccess*

Access to dashboard and overview

statistics only Statistics, summary data etc.

No WMI access

Global Read

DefaultStifleRRead*

Gives read only rights to ALL locations

and statistics. Including WMI. Read Access on ALL

locations. Must be member of

Dashboard Access also

Location Administrators Delegated Admin Role. Provides read (or write) access to individual locations.

Read /write access to only

selected (defined) locations.

Needs to be in Dashboard

Access in order to connect to

the dashboard system.

*StifleR Configuration file setting name

StifleR Client Access Control NOTE; Unless otherwise stated, the following settings can be found in the StifleR.Service.exe.config file

which is located in the StifleR Server Installation folder.

No Authentication If the AllowAnonymousSignalRConnections value is set to “1” – then any StifleR client can connect.

This is default currently, as older StifleR Clients (pre- 1.9.7.4) are not capable of ANY authentication and

29



2PINT SOFTWARE

would be rejected if this were set to “0”. This can be disabled by setting the

ConnectionSendCredentials option to “0” in the configuration file of the client.

Group Membership The StifleR client runs as Local System (NT AUTHORITY\System)

If the client and the server are both in the same domain (or trusted), then the Local System account

uses the computer account (hostname followed by a $ character, i.e. computer1$) to login on the

remote computer. This can then be checked on the server side for limiting access, i.e. verify that the

machines ac

StifleR Planning and Deployment Guide · 5 2Pint S o f t w a r e STIFLER PLANNING AND DEPLOYMENT...

Documents

Transcript of StifleR Planning and Deployment Guide · 5 2Pint S o f t w a r e STIFLER PLANNING AND DEPLOYMENT...