Steelhead PoC Best Practices

Bob Ashmore Riverbed Sales Engineer

May 2013
Copyright Riverbed Technology 2 Riverbed Confidential

Prerequisites
This presentation:

is a review of best practices for performing a basic Steelhead Proof-of-Concept. assumes the engineer has taken the introductory Steelhead SADM course or has completed the on-line RTSA-W and RTSS-W and has some hands-on experience.

Riverbed Confidential

Steelhead PoC steps

Gather Requirements

Size the Solution

Establish Success Criteria

Prepare for Install

Steelhead Installation

Health Check
Present Results

Riverbed Confidential

Gather Network Requirements

Obtain or develop a network diagram
a picture is worth a thousand words

What applications are running across the WAN? How many offices/locations?

Any mobile workers?

Need for High Availability, clustering, or redundancy? Print, AD, or DNS servers at branch office? Are they using SSL (HTTPS)? Are they using signed-SMB or encrypted MAPI?

Riverbed Confidential

Gather Application and Traffic Information

Ask questions to uncover opportunities

Application Acceleration Slow applications? What applications? End users complaining? Large file transfers? Collaboration? Mobile Workers
Number of mobile workers? Sales people or execs who travel?

Consolidation
Centralizing data? Consolidating servers? Want to remove servers from remote sites?

Virtualization
Virtualizing servers? Virtualizing desktops? Replicating virtual machines?

Disaster Recovery

Network Based Back-up

DR site? Still doing disk or tape Using replication solution? backup? How long does it take? How long does it take? How often and how much data?

Always ask how many sites and their sizes.

Riverbed Confidential

Steelhead CX Appliances are Sized to Meet Your Needs

755-L

Massive Scaling
Interceptor 9350

150-M

1 Mbps optimized throughput 20 optimized TCP connections 40 GB Data Store

10 Mbps optimized throughput 900 optimized TCP connections 100 GB Data Store

5055-M

755-M

250-L

1 Mbps optimized throughput 40 optimized TCP connections 40 GB Data Store

10 Mbps optimized throughput 1500 optimized TCP connections 100 GB Data Store

200 Mbps optimized throughput 14,000 optimized TCP connections 640 GB Data Store (SSDs)

40 Gbps optimized throughput 1,000,000 optimized TCP connections

Management & Reporting

5055-H

755-H

250-M

2 Mbps optimized throughput 125 optimized TCP connections 40 GB Data Store

20 Mbps optimized throughput 2300 optimized TCP connections 160 GB Data Store (SSDs)

250-H

CMC 8150- 50 devices Optional Component Manages and monitors hundreds of 622 Mbps optimized throughput appliances at once 75,000 optimized TCP connections 1.6 TB Data Store (SSDs)

400 Mbps optimized throughput 25,000 optimized TCP connections 640 GB Data Store (SSDs)

Central Management Console

7055-L

Mobile Worker

2 Mbps optimized throughput 200 optimized TCP connections 40 GB Data Store

1555-L

555-M

50 Mbps optimized throughput 3000 optimized TCP connections 400 GB Data Store

7055-M

Steelhead Mobile Software

6 Mbps optimized throughput 350 optimized TCP connections 80 GB Data Store

1555-M

1 Gbps optimized throughput 100,000 optimized TCP connections 2.4 TB Data Store (SSDs)

Installed on end-user machine Min1.5Ghz Celeron, 512MB RAM, 1GB HDD

555-H

50 Mbps optimized throughput 4500 optimized TCP connections 400 GB Data Store

7055-H

Steelhead Mobile Controller

10 Mbps optimized throughput 650 optimized TCP connections 80 GB Data Store

Copyright Riverbed Technology

1555-H

100 Mbps optimized throughput 6000 optimized TCP connections 320 GB Data Store (SSDs)
7

1.5 Gbps optimized throughput 150,000 optimized TCP connections 4.8 TB Data Store (SSDs)

Required for Steelhead Mobile SMC appliance 40 to 4,000 concurrent users Cluster to scale higher SMC-VE 10-100 concurrent users
Riverbed Confidential

Steelhead EX Appliances are Sized to Meet Your Needs

1160-L 1260-L

560-L

760-L

4 Mbps optimized throughput 250 optimized TCP connections 40 GB Data Store (SSDs) 190/190 GB Block Store/VSP Partition 4/9 GB Ram for VSP

10 Mbps optimized throughput 900 optimized TCP connections 150 GB Data Store (SSDs) 190/190 GB Block Store/VSP Partition 8 GB Ram for VSP

10 Mbps optimized throughput 900 optimized TCP connections 150 GB Data Store (SSDs) 275/275 GB Granite Block Store/VSP 10 GB Ram for VSP

10 Mbps optimized throughput 900 optimized TCP connections 100 Gig Data Store 575 or 1230 GB Block Store/VSP 11-47 GB Ram for VSP

1260-M

1160-M

560-M

760-M

6 Mbps optimized throughput 350 optimized TCP connections 70 GB Data Store (SSDs) 190/190 GB Block Store/VSP Partition 4/9 GB Ram for VSP

560-H

10 Mbps optimized throughput 1,500 optimized TCP connections 150 GB Data Store (SSDs) 190/190 GB Block Store/VSP Partition 8 GB Ram for VSP

10 Mbps optimized throughput 1500 optimized TCP connections 150 GB Data Store (SSDs) 275/275 GB Granite Block Store/VSP 10 GB Ram for VSP

10 Mbps optimized throughput 1500 optimized TCP connections 100 Gig Data Store 575 or 1230 GB Block Store/VSP 11-47 GB Ram for VSP

1260-H

1160-H

10 Mbps optimized throughput 650 optimized TCP connections 70 GB Data Store (SSDs) 190/190 GB Block Store/VSP Partition 4/9 GB Ram for VSP

760-H

20 Mbps optimized throughput 2,300 optimized TCP connections 150 GB Data Store (SSDs) 190/190 GB Block Store/VSP Partition 8 GB Ram for VSP

20 Mbps optimized throughput 2300 optimized TCP connections 150 GB Data Store (SSDs) 275/275 GB Granite Block Store/VSP 10 GB Ram for VSP

20 Mbps optimized throughput 2300 optimized TCP connections 160 Gig Data Store (SSDs) 575 or 1230 GB Block Store/VSP 11-47 GB Ram for VSP

1260-VH

1160-VH

Copyright Riverbed Technology 8

50 Mbps optimized throughput 4000 optimized TCP connections 300 GB Data Store (SSDs) 275/275 GB Granite Block Store/VSP 12 GB Ram for VSP

50 Mbps optimized throughput 4000 optimized TCP connections 160 Gig Data Store (SSDs) 575 or 1230 GB Block Store/VSP 7-44 GB Ram for VSP

Riverbed Confidential

Size the Steelheads

Size branch Steelheads to match WAN bandwidth Consider connection count
# of branch users x 10 connections per user = # of connections

Use sum of branch bandwidths and connection counts to size the datacenter Steelhead
b/w branch1 branch2 data center 4Mb/s 10Mb/s 4+10=14Mb/s users 28 130 28+130=158 connections 280 1300 280+1300=1580 Steelhead 555M 755M 755H
Riverbed Confidential

Define and Document Success Criteria

Objective Criteria for Success Result

Improve response time of AutoCAD

Open 500 MB AutoCAD file from remote office in less than 40 seconds

???

Shorten time to complete data backup

Reduce SnapMirror backup time from 22 hours to under 3 hours

???

Avoid bandwidth upgrade

Reduce peak bandwidth usage to under 3Mbps

???

Riverbed Confidential

Pre-PoC Checklist
Before arriving make sure you: Confirm date for installation
Make sure all necessary stakeholders are available
IT manager, project managers, etc.

Make sure any necessary change window is scheduled.

Confirm equipment will arrive before installation date Confirm sufficient rack-space, power, and cable-lengths Download recent Riverbed-recommended RiOS version to your laptop

Help customer complete Pre-PoC Questionnaire before installation date

Riverbed Confidential

Deployment Methodologies
Physical In-Path
The Steelhead is placed between the switch and the router/firewall, directly in the path of traffic. Be aware of /30 subnets in this location. We need an IP address on the subnet between the switch and the router/firewall for the in-path interface. 95% of all Steelhead PoCs are done Physically In-path.

Server-side Out-of-Path
Useful when customer will not allow the Steelhead to be placed directly in the path of traffic. This only provides for optimization one direction.
All of the clients must be in one location and all of the servers must be in another location.

Cable only the Primary interface to a port on the L2-switch Do not cable the in-path interfaces Create a Fixed-target rule on the Client-side Steelhead pointing to the Primary port of the Server-side Steelhead. Refer to the documentation for details
Riverbed Confidential

Physical In-Path Steelhead PoC Basic Steps (1 of 2)

Connect serial cable (9600,8N1) Login using admin/password Complete jumpstart wizard # (config) configuration jumpstart

Connect laptop to Primary (Ethernet) port

If licensing errors, see subsequent slide Configure>Maintenance>Software Upgrade
Switch to backup version if newer than booted version Upgrade to recent recommended version available at support.riverbed.com
Use serial number from Support tab in Steelhead GUI Switch to Backup Version

Shutdown Steelhead and disconnect power

Riverbed Confidential

Physical In-Path Steelhead PoC Basic Steps (2 of 2)

Cable Steelhead in-path interfaces before connecting power

Confirm cabling by pinging through Steelhead

Ensure no traffic can circumnavigate the Steelhead (no asymmetric routes) Power on the Steelhead Check for errors (see upcoming slides)

Riverbed Confidential

Server-side Out-of Path Steelhead PoC Basic Steps Skip if Deploying In-Path
Connect serial cable (9600,8N1)

Login using admin/password

Complete jumpstart wizard # (config) configuration jumpstart Connect Primary (Ethernet) port to L2 switch with straight-through cable If licensing errors, see next slide Configure>Maintenance>Software Upgrade
Switch to Backup version if newer than Booted version Upgrade to recent recommended version available at support.riverbed.com
Use serial number from Support tab in Steelhead GUI Switch to Backup Version

Reboot the Steelhead

Check for errors (see upcoming slides)

Riverbed Confidential

Resolving Licensing Anomalies Main Steelhead page says Critical due to Licensing and Optimization Error Configure>Maintenance>Licenses
Click on Fetch Updates Now

If errors remain, navigate to licensing.riverbed.com

Copy & paste s/n, click Next, enter your email address, click Submit
If required, CAREFULLY activate each serial number

Copy & paste license into Steelhead GUI

Riverbed Confidential

PoC Health Check

Confirm installation is getting best possible results

Riverbed Confidential

Steelhead Health Check

Check physical layer Check Connected Peers Check Current Connections Application -layer errors
CIFS SMB signing MAPI encryption

Check Traffic Summary

Application-specific optimizations

Riverbed Confidential

Cabling types
Non-Switch
Crossover cable Straight-through cable

Switch

These rules apply on either side (LAN or WAN)

Riverbed Confidential

Speed Issues Duplex Mismatch (Steelhead)

Symptom:
After Steelhead installation, traffic does not speed up or inconsistent speed increase

Troubleshooting:
Look at Reports Networking Interface Counters for errors If counters on Steelhead are low, check directly-attached network gear Look for alarm/log message about error counts rising Packet traces (tcpdump) see lots of retransmissions

Likely problem:
Duplex mismatch between Steelhead and connected devices

What to do:
Change the interface speed/duplex to match *Warning* ideally the WAN and LAN have the same duplex settings, because otherwise they will have a duplex mismatch when we fail-to-wire

Riverbed Confidential

Interface Statistics
Reports Networking Interface Counters

Check LAN/WAN for errors. Must be at least 100/full (1000 Mb/s preferred)

Riverbed Confidential

Connected Peer Steelheads

Reports>Optimization>Peers

Confirm that all Steelheads are visible

Riverbed Confidential

Current Connections
Reports Networking Current Connections

Check that connections are being optimized. For detailed info, click on magnifying glass
Riverbed Confidential

Current Connections issues

What does that red triangle mean?

Shows a protocol error in the current connections report Common reasons CIFS SMB signing is the likely cause, possibly SMBv2

MAPI Encrypted Outlook (on by default for Outlook 2007+)

Both can be solved by joining the server-side Steelhead to the domain

Riverbed Confidential

Join the Domain

Join Server-side Steelhead (SSH) to a Windows domain.
Configure > Networking > Host Settings
Update Primary DNS Server with DNS IP address for the domain Update DNS domain list to include the domain name Confirm the clock is correct

Configure > Networking > Windows Domain

Select Domain Settings Join Account Type as:
BDC for 2003 domains RoDC for 2008 domains

Enter details for the domain settings and click Join

Riverbed Confidential

SMB Signing and Encrypted MAPI

SMB Signing Configure Optimization CIFS (SMB1)
Enable SMB Signing NTLM Transparent Mode Configure > Optimization > SMB2/3 Enable SMB2 Optimizations NTLM Transparent Mode

Encrypted MAPI Configure Optimization MAPI

Enable Encrypted Optimization NTLM Transparent Mode

Riverbed Confidential

Traffic Summary Report

Look for applications with 0% reduction, indicating the traffic is pre-compressed or encrypted Options:

1. Find the application server and turn off encryption & compression 2. Use pass-through rule to bypass the traffic. (no reason to waste resources for negative compression)
Look for 0% reduction
Riverbed Confidential

Enable other Optimizations as Needed

Ask the customer if they have any of the following:
Citrix: Enable under Configure>Optimization>Citrix
Then pull out ports 1494 and 2598 from the Interactive port label

RDP: First turn off Encryption at the RDP server and turn off compression on the RDP client
Then add an auto-discovery in-path rule with neural framing mode set to never for port 3389

Oracle: Enable under Configure>Optimization>Oracle Forms

Then add an auto-discovery in-path rule with neural framing mode set to never for oracle traffic (usually port 9000) and Preoptimization Policy set to Oracle Forms

Databases: Add an auto-discovery in-path rule with neural framing mode set to never for the database traffic port SSL: Steelhead will decrypt, optimize, and re-encrypt. Certs need to copied onto the Server-side Steelhead only.
- Refer to the Steelhead Deployment Guide for Details Riverbed Confidential

Presenting Results
Record results in the Result column of the Success Criteria Table. Highlight objectives that were met. Use Steelhead reports to support conclusions
Current Connections Bandwidth Optimization Traffic Summary

120 100 80 60 40 20 0 Before Riverbed After Riverbed

Data Replication (minutes)

Riverbed Confidential

Bandwidth Optimization Report

Show Overall Data Reduction: i.e. 88%! Compare WAN vs. LAN data

2006 RIVERBED TECHNOLOGY, INC CONFIDENTIAL

Riverbed Confidential

Traffic Summary Report

Shows optimization by application Dont forget you can adjust time period.

2006 RIVERBED TECHNOLOGY, INC CONFIDENTIAL

Riverbed Confidential

Additional Resources
Pre-PoC Questionnaire
Post-PoC Documentation Steelhead Deployment Guide on Partner Center and on Support site

Optimizing in a Secure Windows Environment on Partner Center and Support site

For documentation, code upgrades, and Knowledge Base, please visit http://support.riverbed.com For licensing issues, please visit http://licensing.riverbed.com

If you cannot resolve a problem, please contact a Riverbed Engineer or Riverbed Support
Riverbed Confidential