33

Steelhead PoC Best Practices

Embed Size (px)

DESCRIPTION

Riverbed Steelhead PoC Best Practices

Citation preview

Page 1: Steelhead PoC Best Practices
Page 2: Steelhead PoC Best Practices

Riverbed Confidential

Steelhead PoC Best Practices Bob Ashmore

Riverbed Sales Engineer

Copyright Riverbed Technology 2

May 2013

Page 3: Steelhead PoC Best Practices

Riverbed Confidential

Prerequisites

This presentation:

● is a review of best practices for performing a basic

Steelhead Proof-of-Concept.

● assumes the engineer has taken the introductory

Steelhead SADM course or has completed the on-line

RTSA-W and RTSS-W and has some hands-on

experience.

Page 4: Steelhead PoC Best Practices

Riverbed Confidential

Steelhead PoC steps

● Gather Requirements

● Size the Solution

● Establish Success Criteria

● Prepare for Install

● Steelhead Installation

● Health Check

● Present Results

Page 5: Steelhead PoC Best Practices

Riverbed Confidential

Gather Network Requirements

● Obtain or develop a network diagram “a picture is worth a thousand words”

● What applications are running across the WAN?

● How many offices/locations?

● Any mobile workers?

● Need for High Availability, clustering, or redundancy?

● Print, AD, or DNS servers at branch office?

● Are they using SSL (HTTPS)?

● Are they using signed-SMB or encrypted MAPI?

Page 6: Steelhead PoC Best Practices

Riverbed Confidential

Gather Application and Traffic

Information

Application Acceleration Consolidation Virtualization

• Slow applications? • What applications? • End users complaining? • Large file transfers? • Collaboration?

• Centralizing data?

• Consolidating servers?

• Want to remove

servers from remote

sites?

• Virtualizing servers?

• Virtualizing desktops?

• Replicating virtual

machines?

Ask questions to uncover opportunities

Disaster Recovery

• Still doing disk or tape

backup?

• How long does it take?

• How often and how

much data?

Mobile Workers

• Number of mobile

workers?

• Sales people or execs

who travel?

Network Based Back-up

• DR site?

• Using replication solution?

• How long does it take?

Always ask how many sites and their sizes.

Page 7: Steelhead PoC Best Practices

Riverbed Confidential

Steelhead CX Appliances

are Sized to Meet Your Needs

Copyright Riverbed Technology 7

755-L 10 Mbps optimized throughput

900 optimized TCP connections

100 GB Data Store

755-M 10 Mbps optimized throughput

1500 optimized TCP

connections

100 GB Data Store

755-H 20 Mbps optimized throughput

2300 optimized TCP

connections

160 GB Data Store (SSDs)

1555-L 50 Mbps optimized throughput

3000 optimized TCP connections

400 GB Data Store

1555-M 50 Mbps optimized throughput

4500 optimized TCP connections

400 GB Data Store

1555-H 100 Mbps optimized throughput

6000 optimized TCP connections

320 GB Data Store (SSDs)

5055-M 200 Mbps optimized throughput

14,000 optimized TCP connections

640 GB Data Store (SSDs)

7055-L 622 Mbps optimized throughput

75,000 optimized TCP connections

1.6 TB Data Store (SSDs)

150-M • 1 Mbps optimized throughput

• 20 optimized TCP connections

• 40 GB Data Store

250-L 1 Mbps optimized throughput

40 optimized TCP connections

40 GB Data Store

250-M 2 Mbps optimized throughput

125 optimized TCP connections

40 GB Data Store

250-H 2 Mbps optimized throughput

200 optimized TCP connections

40 GB Data Store

555-M 6 Mbps optimized throughput

350 optimized TCP connections

80 GB Data Store

555-H 10 Mbps optimized throughput

650 optimized TCP connections

80 GB Data Store

5055-H 400 Mbps optimized throughput

25,000 optimized TCP connections

640 GB Data Store (SSDs)

Massive Scaling Interceptor 9350 40 Gbps optimized throughput

1,000,000 optimized TCP

connections

Steelhead Mobile Software Installed on end-user machine

Min1.5Ghz Celeron, 512MB RAM,

1GB HDD

Central Management

Console CMC 8150- 50 devices

Optional Component

Manages and monitors hundreds of

appliances at once

Steelhead Mobile

Controller Required for Steelhead Mobile

SMC appliance

• 40 to 4,000 concurrent users

• Cluster to scale higher

SMC-VE

• 10-100 concurrent users

Management & Reporting

Mobile Worker

7055-M 1 Gbps optimized throughput

100,000 optimized TCP

connections

2.4 TB Data Store (SSDs)

7055-H 1.5 Gbps optimized throughput

150,000 optimized TCP

connections

4.8 TB Data Store (SSDs)

Page 8: Steelhead PoC Best Practices

Riverbed Confidential Copyright Riverbed Technology 8

Steelhead EX Appliances

are Sized to Meet Your Needs

1160-L 10 Mbps optimized throughput

900 optimized TCP connections

150 GB Data Store (SSDs)

275/275 GB Granite Block

Store/VSP

10 GB Ram for VSP

1160-M 10 Mbps optimized throughput

1500 optimized TCP connections

150 GB Data Store (SSDs)

275/275 GB Granite Block

Store/VSP

10 GB Ram for VSP

1160-H 20 Mbps optimized throughput

2300 optimized TCP connections

150 GB Data Store (SSDs)

275/275 GB Granite Block

Store/VSP

10 GB Ram for VSP

1160-VH • 50 Mbps optimized throughput

• 4000 optimized TCP connections

• 300 GB Data Store (SSDs)

• 275/275 GB Granite Block

Store/VSP

• 12 GB Ram for VSP

560-L • 4 Mbps optimized throughput

• 250 optimized TCP connections

• 40 GB Data Store (SSDs)

• 190/190 GB Block Store/VSP

Partition

• 4/9 GB Ram for VSP

560-M 6 Mbps optimized throughput

350 optimized TCP connections

70 GB Data Store (SSDs)

190/190 GB Block Store/VSP

Partition

4/9 GB Ram for VSP

560-H 10 Mbps optimized throughput

650 optimized TCP connections

70 GB Data Store (SSDs)

190/190 GB Block Store/VSP

Partition

4/9 GB Ram for VSP

1260-L 10 Mbps optimized throughput

900 optimized TCP connections

100 Gig Data Store

575 or 1230 GB Block Store/VSP

11-47 GB Ram for VSP

1260-M 10 Mbps optimized throughput

1500 optimized TCP connections

100 Gig Data Store

575 or 1230 GB Block Store/VSP

11-47 GB Ram for VSP

1260-H 20 Mbps optimized throughput

2300 optimized TCP connections

160 Gig Data Store (SSDs)

575 or 1230 GB Block Store/VSP

11-47 GB Ram for VSP

1260-VH • 50 Mbps optimized throughput

• 4000 optimized TCP connections

• 160 Gig Data Store (SSDs)

• 575 or 1230 GB Block Store/VSP

• 7-44 GB Ram for VSP

760-L 10 Mbps optimized throughput

900 optimized TCP connections

150 GB Data Store (SSDs)

190/190 GB Block Store/VSP

Partition

8 GB Ram for VSP

760-M 10 Mbps optimized throughput

1,500 optimized TCP

connections

150 GB Data Store (SSDs)

190/190 GB Block Store/VSP

Partition

8 GB Ram for VSP

760-H 20 Mbps optimized throughput

2,300 optimized TCP

connections

150 GB Data Store (SSDs)

190/190 GB Block Store/VSP

Partition

8 GB Ram for VSP

Page 9: Steelhead PoC Best Practices

Riverbed Confidential

Size the Steelheads

• Size branch Steelheads to match WAN bandwidth

• Consider connection count ▪ # of branch users x 10 connections per user = # of connections

• Use sum of branch bandwidths and connection counts to

size the datacenter Steelhead

b/w users connections Steelhead

branch1 4Mb/s 28 280 555M

branch2 10Mb/s 130 1300 755M

data center 4+10=14Mb/s 28+130=158 280+1300=1580 755H

Page 10: Steelhead PoC Best Practices

Riverbed Confidential

Define and Document Success

Criteria

Objective Criteria for Success Result

Improve response time of AutoCAD Open 500 MB AutoCAD file from remote office

in less than 40 seconds ???

Shorten time to complete data

backup

Reduce SnapMirror backup time from 22

hours to under 3 hours ???

Avoid bandwidth upgrade Reduce peak bandwidth usage to under

3Mbps ???

Page 11: Steelhead PoC Best Practices

Riverbed Confidential

Pre-PoC Checklist

Before arriving make sure you:

● Confirm date for installation – Make sure all necessary stakeholders are available

• IT manager, project managers, etc.

– Make sure any necessary change window is scheduled.

● Confirm equipment will arrive before installation date

● Confirm sufficient rack-space, power, and cable-lengths

● Download recent Riverbed-recommended RiOS

version to your laptop

● Help customer complete “Pre-PoC Questionnaire”

before installation date

Page 12: Steelhead PoC Best Practices

Riverbed Confidential

Deployment Methodologies

● Physical In-Path – The Steelhead is placed between the switch and the router/firewall,

directly in the path of traffic.

– Be aware of /30 subnets in this location. We need an IP address on

the subnet between the switch and the router/firewall for the in-path

interface.

– 95% of all Steelhead PoCs are done Physically In-path.

● Server-side Out-of-Path – Useful when customer will not allow the Steelhead to be placed

directly in the path of traffic.

– This only provides for optimization one direction.

• All of the clients must be in one location and all of the servers must be in

another location.

– Cable only the Primary interface to a port on the L2-switch

– Do not cable the in-path interfaces

– Create a Fixed-target rule on the Client-side Steelhead pointing to the

Primary port of the Server-side Steelhead. Refer to the

documentation for details

Page 13: Steelhead PoC Best Practices

Riverbed Confidential

Physical In-Path Steelhead PoC Basic Steps

(1 of 2)

Connect serial cable (9600,8N1)

Login using admin/password

Complete jumpstart wizard # (config) configuration jumpstart

Connect laptop to Primary (Ethernet) port

If licensing errors, see subsequent slide

Configure>Maintenance>Software Upgrade Switch to “backup” version if newer than “booted” version

Upgrade to recent recommended version available at support.riverbed.com

Use serial number from Support tab in Steelhead GUI

Switch to Backup Version

Shutdown Steelhead and disconnect power

Page 14: Steelhead PoC Best Practices

Riverbed Confidential

Physical In-Path Steelhead PoC Basic Steps

(2 of 2)

Cable Steelhead in-path interfaces before connecting power

Confirm cabling by pinging “through” Steelhead

Ensure no traffic can circumnavigate the Steelhead (no asymmetric routes)

Power on the Steelhead

Check for errors (see upcoming slides)

Page 15: Steelhead PoC Best Practices

Riverbed Confidential

Server-side Out-of Path Steelhead PoC

Basic Steps Skip if Deploying In-Path

Connect serial cable (9600,8N1)

Login using admin/password

Complete jumpstart wizard # (config) configuration jumpstart

Connect Primary (Ethernet) port to L2 switch with straight-through cable

If licensing errors, see next slide

Configure>Maintenance>Software Upgrade Switch to Backup version if newer than Booted version

Upgrade to recent recommended version available at support.riverbed.com

Use serial number from Support tab in Steelhead GUI

Switch to Backup Version

Reboot the Steelhead

Check for errors (see upcoming slides)

Page 16: Steelhead PoC Best Practices

Riverbed Confidential

Resolving Licensing Anomalies

Main Steelhead page says “Critical” due to Licensing and Optimization

Error

Configure>Maintenance>Licenses Click on Fetch Updates Now

If errors remain, navigate to licensing.riverbed.com Copy & paste s/n, click Next, enter your email address, click Submit

If required, CAREFULLY activate each serial number

Copy & paste license into Steelhead GUI

Page 17: Steelhead PoC Best Practices

Riverbed Confidential

PoC Health Check

● Confirm installation is getting best possible results

Page 18: Steelhead PoC Best Practices

Riverbed Confidential

Steelhead Health Check

Check physical layer

Check “Connected Peers”

Check “Current Connections”

Application -layer errors CIFS SMB signing

MAPI encryption

Check “Traffic Summary” Application-specific optimizations

Page 19: Steelhead PoC Best Practices

Riverbed Confidential

Cabling types

Non-Switch Switch

Crossover cable

Straight-through cable

These rules apply on either side (LAN or WAN)

Page 20: Steelhead PoC Best Practices

Riverbed Confidential

Speed Issues – Duplex Mismatch (Steelhead)

● Symptom: – After Steelhead installation, traffic does not speed up or inconsistent speed increase

● Troubleshooting: – Look at Reports › Networking › Interface Counters for errors

– If counters on Steelhead are low, check directly-attached network gear

– Look for alarm/log message about error counts rising

– Packet traces (tcpdump) see lots of retransmissions

● Likely problem: – Duplex mismatch between Steelhead and connected devices

● What to do: – Change the interface speed/duplex to match

– *Warning* ideally the WAN and LAN have the same duplex settings, because

otherwise they will have a duplex mismatch when we fail-to-wire

Page 21: Steelhead PoC Best Practices

Riverbed Confidential

Interface Statistics

Reports › Networking › Interface Counters

Check LAN/WAN for errors. Must be at least 100/full

(1000 Mb/s preferred)

Page 22: Steelhead PoC Best Practices

Riverbed Confidential

Connected Peer Steelheads

Reports>Optimization>Peers

Confirm that all Steelheads are visible

Page 23: Steelhead PoC Best Practices

Riverbed Confidential

Current Connections

Reports › Networking › Current Connections

Check that connections are being optimized.

For detailed info, click on magnifying glass

Page 24: Steelhead PoC Best Practices

Riverbed Confidential

Current Connections issues

What does that red triangle mean? Shows a protocol error in the current connections report

Common reasons

CIFS – SMB signing is the likely cause, possibly SMBv2

MAPI – Encrypted Outlook (on by default for Outlook 2007+)

Both can be solved by joining the server-side Steelhead to the domain

Page 25: Steelhead PoC Best Practices

Riverbed Confidential

Join the Domain

Join Server-side Steelhead (SSH)

to a Windows domain.

– Configure > Networking > Host

Settings

• Update “Primary DNS Server” with

DNS IP address for the domain

• Update “DNS domain list” to include

the domain name

• Confirm the clock is correct

– Configure > Networking >

Windows Domain

• Select “Domain Settings”

• Join Account Type as:

– BDC for 2003 domains

– RoDC for 2008 domains

• Enter details for the domain settings

and click “Join”

Page 26: Steelhead PoC Best Practices

Riverbed Confidential

SMB Signing and Encrypted MAPI

SMB Signing

• Configure › Optimization › CIFS (SMB1)

• Enable SMB Signing

• NTLM Transparent Mode

• Configure > Optimization > SMB2/3

• Enable SMB2 Optimizations

• NTLM Transparent Mode

Encrypted MAPI

• Configure › Optimization › MAPI

• Enable Encrypted Optimization

• NTLM Transparent Mode

Page 27: Steelhead PoC Best Practices

Riverbed Confidential

Traffic Summary Report

Look for applications

with 0% reduction,

indicating the traffic is

pre-compressed or

encrypted

Options:

1. Find the application

server and turn off

encryption &

compression

2. Use pass-through rule

to bypass the traffic.

(no reason to waste

resources for negative

compression)

Look for 0% reduction

Page 28: Steelhead PoC Best Practices

Riverbed Confidential

Enable other Optimizations as Needed

● Ask the customer if they have any of the following: – Citrix: Enable under Configure>Optimization>Citrix

• Then pull out ports 1494 and 2598 from the “Interactive” port label

– RDP: First turn off Encryption at the RDP server and turn off compression on

the RDP client

• Then add an auto-discovery in-path rule with “neural framing mode” set to “never”

for port 3389

– Oracle: Enable under Configure>Optimization>Oracle Forms

• Then add an auto-discovery in-path rule with “neural framing mode” set to “never”

for oracle traffic (usually port 9000) and Preoptimization Policy set to Oracle Forms

– Databases: Add an auto-discovery in-path rule with “neural framing mode” set

to “never” for the database traffic port

– SSL: Steelhead will decrypt, optimize, and re-encrypt. Certs need to copied

onto the Server-side Steelhead only.

- Refer to the “Steelhead Deployment Guide” for Details -

Page 29: Steelhead PoC Best Practices

Riverbed Confidential

Presenting Results

● Record results in the “Result” column of the Success

Criteria Table.

● Highlight objectives that were met.

● Use Steelhead reports to support conclusions – Current Connections

– Bandwidth Optimization

– Traffic Summary

0

20

40

60

80

100

120

Before Riverbed

After Riverbed

Data Replication (minutes)

Page 30: Steelhead PoC Best Practices

Riverbed Confidential

Bandwidth Optimization Report

• Show Overall Data

Reduction:

i.e. 88%!

• Compare WAN vs.

LAN data

© 2006 RIVERBED TECHNOLOGY, INC – CONFIDENTIAL

Page 31: Steelhead PoC Best Practices

Riverbed Confidential

Traffic Summary Report

© 2006 RIVERBED TECHNOLOGY, INC – CONFIDENTIAL

● Shows

optimization by

application

● Don’t forget you

can adjust time

period.

Page 32: Steelhead PoC Best Practices

Riverbed Confidential

Additional Resources

● “Pre-PoC Questionnaire”

● “Post-PoC Documentation”

● “Steelhead Deployment Guide” on Partner Center and on Support site

● “Optimizing in a Secure Windows Environment” on Partner Center and

Support site

● For documentation, code upgrades, and Knowledge Base, please visit

http://support.riverbed.com

● For licensing issues, please visit http://licensing.riverbed.com

● If you cannot resolve a problem, please contact a Riverbed Engineer or

Riverbed Support

Page 33: Steelhead PoC Best Practices