Table Of ContentSteelhead Management Console User’s
®
Guide
Steelhead® EX (xx60)
Version 1.0.2 (RiOS 7.0.3)
April 2012
© 2012 Riverbed Technology. All rights reserved.
Riverbed®, Cloud Steelhead®, Granite™, Interceptor®, RiOS®, Steelhead®, Think Fast®, Virtual Steelhead®, Whitewater®,
Mazu®, Cascade®, Cascade Pilot™, Shark®, AirPcap®, SkipWare®, TurboCap®, WinPcap®, Wireshark®, and Stingray™ are
trademarks or registered trademarks of Riverbed Technology, Inc. in the United States and other countries. Riverbed and any
Riverbed product or service name or logo used herein are trademarks of Riverbed Technology. All other trademarks used herein
belong to their respective owners. The trademarks and logos displayed herein cannot be used without the prior written consent
of Riverbed Technology or their respective owners.
Akamai® and the Akamai wave logo are registered trademarks of Akamai Technologies, Inc. SureRoute is a service mark of
Akamai. Apple and Mac are registered trademarks of Apple, Incorporated in the United States and in other countries. Cisco is a
registered trademark of Cisco Systems, Inc. and its affiliates in the United States and in other countries. EMC, Symmetrix, and
SRDF are registered trademarks of EMC Corporation and its affiliates in the United States and in other countries. IBM, iSeries, and
AS/400 are registered trademarks of IBM Corporation and its affiliates in the United States and in other countries. Linux is a
trademark of Linus Torvalds in the United States and in other countries. Microsoft, Windows, Vista, Outlook, and Internet
Explorer are trademarks or registered trademarks of Microsoft Corporation in the United States and in other countries. Oracle and
JInitiator are trademarks or registered trademarks of Oracle Corporation in the United States and in other countries. UNIX is a
registered trademark in the United States and in other countries, exclusively licensed through X/Open Company, Ltd. VMware,
ESX, ESXi are trademarks or registered trademarks of VMware, Incorporated in the United States and in other countries.
This product includes software developed by the University of California, Berkeley (and its contributors), EMC, and Comtech
AHA Corporation. This product is derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm.
NetApp Manageability Software Development Kit (NM SDK), including any third-party software available for review with such
SDK which can be found at http://communities.netapp.com/docs/DOC-3777, and are included in a NOTICES file included
within the downloaded files.
For detailed copyright and license agreements or modified source code (where required), see the Riverbed Support site at
https://support.riverbed.com. Certain libraries were used in the development of this software, licensed under GNU Lesser
General Public License, Version 2.1, February 1999. For a list of libraries, see the Riverbed Support at https://
support.riverbed.com.
This documentation is furnished “AS IS” and is subject to change without notice and should not be construed as a commitment
by Riverbed Technology. This documentation may not be copied, modified or distributed without the express authorization of
Riverbed Technology and may be used only in connection with Riverbed products and services. Use, duplication, reproduction,
release, modification, disclosure or transfer of this documentation is restricted in accordance with the Federal Acquisition
Regulations as applied to civilian agencies and the Defense Federal Acquisition Regulation Supplement as applied to military
agencies. This documentation qualifies as “commercial computer software documentation” and any use by the government shall
be governed solely by these terms. All other use is prohibited. Riverbed Technology assumes no responsibility or liability for any
errors or inaccuracies that may appear in this documentation.
Riverbed Technology
199 Fremont Street
San Francisco, CA 94105
Phone: 415.247.8800
Fax: 415.247.8801 PPaarrtt NNuummbbeerr
Web: http://www.riverbed.com 771122--0000007788--0011
Contents
Contents
Preface.........................................................................................................................................................1
About This Guide..........................................................................................................................................1
Audience..................................................................................................................................................1
Document Conventions.........................................................................................................................1
Product Dependencies and Compatibility.................................................................................................2
Hardware and Software Dependencies...............................................................................................2
CMC Compatibility................................................................................................................................3
Ethernet Network Compatibility.........................................................................................................3
SNMP-Based Management Compatibility..........................................................................................4
Antivirus Compatibility........................................................................................................................4
Additional Resources....................................................................................................................................5
Release Notes..........................................................................................................................................5
Riverbed Documentation and Support Knowledge Base.................................................................5
Contacting Riverbed......................................................................................................................................5
Internet.....................................................................................................................................................5
Technical Support...................................................................................................................................6
Professional Services..............................................................................................................................6
Documentation........................................................................................................................................6
Chapter 1 - Modifying Host and Network Interface Settings..................................................................7
Modifying General Host Settings................................................................................................................7
Modifying Base Interfaces..........................................................................................................................11
Modifying In-Path Interfaces.....................................................................................................................17
Configuring a Management In-Path Interface.................................................................................21
Chapter 2 - Configuring and Using VSP.................................................................................................25
Overview of VSP..........................................................................................................................................25
VSP Support for Virtual-In Path Deployments................................................................................26
Virtual Network Interfaces..................................................................................................................26
VNI Rules...............................................................................................................................................28
VSP Watchdog.......................................................................................................................................30
Installing and Managing VSP Packages...................................................................................................31
Adding VSP Packages..........................................................................................................................31
Viewing VSP Slot Status......................................................................................................................33
Installing a Package in a Slot...............................................................................................................34
Managing Installed Packages.............................................................................................................35
Managing Virtual Network Interfaces...............................................................................................38
Managing Virtual Disks.......................................................................................................................39
Steelhead Management Console User’s Guide iii
Contents
Uninstalling a Slot................................................................................................................................44
Configuring VSP Backups..........................................................................................................................45
Restoring a VSP Backup......................................................................................................................47
Configuring VSP High Availability..........................................................................................................47
Configuring VSP Data Flow.......................................................................................................................49
VSP Data Flow Overview....................................................................................................................50
Adding a VNI to the Data Flow.........................................................................................................50
Adding Rules to an Optimization VNI.............................................................................................52
Bridging a Management VNI to an Interface...................................................................................55
Chapter 3 - Overview of the Management Console...............................................................................57
Using the Management Console................................................................................................................57
Connecting to the Management Console..........................................................................................58
The Home Page.....................................................................................................................................59
Navigating in the Management Console..........................................................................................60
Getting Help..........................................................................................................................................62
Next Steps.....................................................................................................................................................63
Chapter 4 - Configuring Branch Services..............................................................................................65
Enabling DNS Caching...............................................................................................................................65
Configuring Disk Management.................................................................................................................70
Configuring Branch Storage.......................................................................................................................71
Chapter 5 - Configuring In-Path Rules....................................................................................................73
In-Path Rules Overview..............................................................................................................................73
Creating In-Path Rules for Packet-Mode Optimization..................................................................74
Default In-Path Rules..................................................................................................................................75
Configuring In-Path Rules..........................................................................................................................75
Chapter 6 - Configuring Optimization Features.....................................................................................89
Configuring General Service Settings.......................................................................................................90
Enabling Basic Deployment Options.................................................................................................90
Enabling Failover..................................................................................................................................90
Configuring Connection Limits..........................................................................................................91
Enabling Peering and Configuring Peering Rules..................................................................................97
About Regular and Enhanced Automatic Discovery......................................................................97
Configuring Peering.............................................................................................................................98
Configuring the RiOS Data Store............................................................................................................105
Encrypting the RiOS Data Store.......................................................................................................105
Synchronizing Peer RiOS Data Stores.............................................................................................107
Clearing the RiOS Data Store............................................................................................................109
Improving Steelhead Mobile Client Performance.........................................................................109
iv Steelhead Management Console User’s Guide
Contents
Receiving a Notification When the RiOS Data Store Wraps........................................................111
Improving Performance............................................................................................................................112
Selecting a RiOS Data Store Segment Replacement Policy...........................................................113
Optimizing the RiOS Data Store for High-Throughput Environments......................................113
Configuring CPU Settings.................................................................................................................116
Configuring the Steelhead Cloud Accelerator.......................................................................................116
Prerequistes.........................................................................................................................................117
Configuring CIFS Prepopulation.............................................................................................................119
Viewing CIFS Prepopulation Share Logs........................................................................................121
Configuring TCP, Satellite Optimization, and High-Speed TCP .......................................................123
Optimizing TCP and Satellite WANs..............................................................................................123
High-Speed TCP Optimization.........................................................................................................129
Configuring Service Ports.........................................................................................................................130
Configuring Port Labels............................................................................................................................132
Modifying Ports in a Port Label.......................................................................................................133
Configuring CIFS Optimization..............................................................................................................134
Optimizing CIFS SMB1......................................................................................................................135
Optimizing SMB2...............................................................................................................................139
Configuring SMB Signing.................................................................................................................140
Configuring HTTP Optimization............................................................................................................150
About HTTP Optimization...............................................................................................................150
Configuring HTTP Optimization Feature Settings........................................................................152
Configuring Oracle Forms Optimization...............................................................................................160
Determining the Deployment Mode................................................................................................160
Enabling Oracle Forms Optimization..............................................................................................161
Configuring MAPI Optimization............................................................................................................164
Optimizing MAPI Exchange in Out-of-Path Deployments..........................................................169
Deploying Steelhead Appliances with Exchange Servers Behind Load Balancers..................169
Configuring MS-SQL Optimization........................................................................................................170
Configuring NFS Optimization...............................................................................................................172
Configuring Lotus Notes Optimization.................................................................................................177
Encryption Optimization Servers Table..........................................................................................180
Unoptimized IP Address Table.........................................................................................................180
Configuring Citrix Optimization.............................................................................................................181
Citrix Version Support.......................................................................................................................181
Basic Steps............................................................................................................................................182
Configuring FCIP Optimization..............................................................................................................186
Viewing FCIP Connections...............................................................................................................188
FCIP Rules (VMAX-to-VMAX Traffic Only)...................................................................................188
Configuring SRDF Optimization.............................................................................................................190
Viewing SRDF Connections..............................................................................................................192
SRDF Rules (VMAX-to-VMAX Traffic Only).................................................................................192
Windows Domain Authentication..........................................................................................................194
Steelhead Management Console User’s Guide v
Contents
Delegation............................................................................................................................................195
Auto-Delegation Mode......................................................................................................................201
Configuring Replication Users (Kerberos)......................................................................................208
Granting Replication User Privileges on the DC...........................................................................211
Verifying the Domain Functional Level..........................................................................................211
Configuring PRP on the DC..............................................................................................................211
Chapter 7 - Configuring SSL and a Secure Inner Channel.................................................................213
Configuring SSL Server Certificates and Certificate Authorities.......................................................213
How Does SSL Work?........................................................................................................................214
Prerequisite Tasks...............................................................................................................................215
Configuring SSL Main Settings................................................................................................................219
Configuring SSL Server Certificates................................................................................................221
Preventing the Export of SSL Server Certificates and Private Keys............................................224
Configuring SSL Certificate Authorities.........................................................................................225
Modifying SSL Server Certificate Settings......................................................................................226
Configuring CRL Management...............................................................................................................231
Managing CRL Distribution Points (CDPs)....................................................................................233
Configuring Secure Peers.........................................................................................................................234
Secure Inner Channel Overview......................................................................................................235
Enabling Secure Peers........................................................................................................................235
Configuring Peer Trust......................................................................................................................238
Configuring Advanced and SSL Cipher Settings..................................................................................245
Setting Advanced SSL Options.........................................................................................................245
Configuring SSL Cipher Settings.....................................................................................................249
Performing Bulk Imports and Exports............................................................................................253
Chapter 8 - Configuring Network Integration Features.......................................................................257
Configuring Asymmetric Routing Features..........................................................................................257
Troubleshooting Asymmetric Routes..............................................................................................259
Configuring Connection Forwarding Features.....................................................................................261
Configuring IPSec Encryption.................................................................................................................264
Configuring Subnet Side Rules................................................................................................................266
Configuring Flow Export..........................................................................................................................268
Flow Export in Virtual In-Path Deployments.................................................................................268
Troubleshooting..................................................................................................................................269
Applying QoS Policies..............................................................................................................................272
QoS Overview.....................................................................................................................................273
QoS EX xx60 Series Limits.................................................................................................................275
Basic or Advanced Outbound QoS..................................................................................................276
QoS Classes..........................................................................................................................................277
Configuring Outbound QoS (Basic)........................................................................................................284
Overview.............................................................................................................................................284
Adding a Remote Site........................................................................................................................287
vi Steelhead Management Console User’s Guide
Contents
Adding an Application......................................................................................................................289
Adding a Service Policy.....................................................................................................................293
Configuring Outbound QoS (Advanced) ..............................................................................................297
Migrating from Basic Outbound QoS to Advanced Outbound QoS..........................................297
Creating QoS Classes.........................................................................................................................300
Modifying QoS Classes or Rules......................................................................................................309
Enabling MX-TCP Queue Policies (Advanced Outbound QoS only).........................................312
Configuring Inbound QoS........................................................................................................................313
How a Steelhead Appliance Identifies and Shapes Inbound Traffic...........................................315
Creating Inbound QoS Classes.........................................................................................................318
Joining a Windows Domain or Workgroup...........................................................................................325
Domain and Local Workgroup Settings..........................................................................................325
Configuring Simplified Routing Features..............................................................................................332
Configuring WCCP ..................................................................................................................................333
Verifying a Multiple In-Path Interface Configuration...................................................................339
Modifying WCCP Group Settings....................................................................................................340
Configuring Hardware Assist Rules.......................................................................................................341
Chapter 9 - Managing Steelhead Appliances.......................................................................................345
Starting and Stopping the Optimization Service..................................................................................345
Configuring Scheduled Jobs ....................................................................................................................346
Upgrading Your Software.........................................................................................................................348
Rebooting and Shutting Down the Steelhead Appliance....................................................................349
Managing Licenses and Model Upgrades..............................................................................................350
Flexible Licensing Overview.............................................................................................................351
Installing a License.............................................................................................................................352
Model Upgrade Overview................................................................................................................354
Viewing Permissions.................................................................................................................................357
Managing Configuration Files.................................................................................................................358
Configuring General Security Settings...................................................................................................361
Managing User Permissions ....................................................................................................................362
Capability-Based Accounts...............................................................................................................362
Setting RADIUS Servers...........................................................................................................................366
Configuring TACACS+ Access................................................................................................................369
Unlocking the Secure Vault......................................................................................................................370
Configuring a Management ACL............................................................................................................372
ACL Management Rules...................................................................................................................374
Configuring Web Settings ........................................................................................................................377
Managing Web SSL Certificates........................................................................................................378
Steelhead Management Console User’s Guide vii
Contents
Chapter 10 - Viewing Reports and Logs...............................................................................................381
Viewing Current Connections..................................................................................................................383
What This Report Tells You...............................................................................................................383
Viewing a Current Connections Summary.....................................................................................384
Viewing Individual Connections.....................................................................................................385
Viewing Connection History....................................................................................................................396
What This Report Tells You...............................................................................................................397
About Report Graphs.........................................................................................................................397
About Report Data.............................................................................................................................398
Viewing Connection Forwarding Reports.............................................................................................399
What This Report Tells You...............................................................................................................399
About Report Graphs.........................................................................................................................400
About Report Data.............................................................................................................................400
Viewing Outbound QoS (Dropped) Reports.........................................................................................401
What This Report Tells You...............................................................................................................401
About Report Graphs.........................................................................................................................402
About Report Data.............................................................................................................................402
Viewing Outbound QoS (Sent) Reports..................................................................................................404
What This Report Tells You...............................................................................................................404
About Report Graphs.........................................................................................................................404
About Report Data.............................................................................................................................405
Viewing Inbound QoS (Dropped) Reports............................................................................................406
What This Report Tells You...............................................................................................................406
About Report Graphs.........................................................................................................................407
About Report Data.............................................................................................................................407
Viewing Inbound QoS (Sent) Reports.....................................................................................................408
What This Report Tells You...............................................................................................................409
About Report Graphs.........................................................................................................................409
About Report Data.............................................................................................................................409
Viewing Top Talkers Reports...................................................................................................................411
What This Report Tells You...............................................................................................................412
About Report Graphs.........................................................................................................................412
About Report Data.............................................................................................................................412
Viewing Traffic Summary Reports..........................................................................................................414
What This Report Tells You...............................................................................................................415
About Report Data.............................................................................................................................415
Viewing Interface Counters......................................................................................................................416
What This Report Tells You...............................................................................................................417
Viewing TCP Statistics Reports...............................................................................................................418
What This Report Tells You...............................................................................................................418
Viewing Optimized Throughput Reports..............................................................................................419
What This Report Tells You...............................................................................................................419
About Report Graphs.........................................................................................................................419
About Report Data.............................................................................................................................420
Viewing Bandwidth Optimization Reports...........................................................................................421
viii Steelhead Management Console User’s Guide
Contents
What This Report Tells You...............................................................................................................422
About Report Graphs.........................................................................................................................422
About Report Data.............................................................................................................................422
Viewing Data Reduction Reports............................................................................................................424
What This Report Tells You...............................................................................................................424
About Report Graphs.........................................................................................................................424
About Report Data.............................................................................................................................425
Viewing Connected Appliances Reports................................................................................................426
What This Report Tells You...............................................................................................................426
Viewing Connection Pooling...................................................................................................................427
What This Report Tells You...............................................................................................................427
About Report Graphs.........................................................................................................................427
About Report Data.............................................................................................................................428
Viewing CIFS Prepopulation Share Log Reports..................................................................................429
Viewing HTTP Reports.............................................................................................................................430
What This Report Tells You...............................................................................................................431
About Report Graphs.........................................................................................................................431
About Report Data.............................................................................................................................431
Viewing NFS Reports................................................................................................................................433
What This Report Tells You...............................................................................................................433
About Report Graphs.........................................................................................................................433
About Report Data.............................................................................................................................434
Viewing SRDF Reports..............................................................................................................................435
What This Report Tells You...............................................................................................................435
About Report Graphs.........................................................................................................................436
About Report Data.............................................................................................................................436
Viewing Details for a Symmetrix ID................................................................................................438
Viewing Details for an RDF Group..................................................................................................440
Viewing SSL Reports.................................................................................................................................442
What This Report Tells You...............................................................................................................442
About Report Data.............................................................................................................................443
Viewing Data Store Status Reports.........................................................................................................444
What This Report Tells You...............................................................................................................444
Viewing Data Store SDR-Adaptive Reports..........................................................................................445
What This Report Tells You...............................................................................................................446
Viewing Data Store Disk Load Reports..................................................................................................448
What This Report Tells You...............................................................................................................448
Viewing Data Store Read Efficiency Reports.........................................................................................449
What This Report Tells You...............................................................................................................449
About Report Graphs.........................................................................................................................450
Viewing Data Store Hit Rate Reports......................................................................................................451
What This Report Tells You...............................................................................................................451
About Report Graphs.........................................................................................................................451
About Report Data.............................................................................................................................452
Steelhead Management Console User’s Guide ix
Contents
Viewing Data Store IO Reports................................................................................................................453
What This Report Tells You...............................................................................................................453
About Report Graphs.........................................................................................................................454
Viewing DNS Cache Hits..........................................................................................................................455
What This Report Tells You...............................................................................................................455
About Report Graphs.........................................................................................................................455
About Report Data.............................................................................................................................456
Viewing DNS Cache Utilization..............................................................................................................457
What This Report Tells You...............................................................................................................457
About Report Graphs.........................................................................................................................457
About Report Data.............................................................................................................................458
Viewing Granite Storage Reports............................................................................................................459
Viewing the Granite LUN I/O Report.............................................................................................459
Viewing the Granite Initiator I/O Report.......................................................................................461
Viewing the Granite Network I/O Report......................................................................................463
Viewing the Granite Blockstore Metrics Report.............................................................................464
Viewing the VSP VNI IO Report.............................................................................................................466
What This Report Tells You...............................................................................................................466
About Report Graphs.........................................................................................................................466
About Report Data.............................................................................................................................466
Viewing Alarm Status Reports.................................................................................................................468
What This Report Tells You...............................................................................................................476
Viewing CPU Utilization Reports...........................................................................................................477
What This Report Tells You...............................................................................................................477
About Report Graphs.........................................................................................................................477
Viewing Memory Paging Reports...........................................................................................................479
What This Report Tells You...............................................................................................................479
About Report Graphs.........................................................................................................................479
Viewing TCP Memory Reports................................................................................................................481
What This Report Tells You...............................................................................................................482
About Report Graphs.........................................................................................................................482
Viewing System Details Reports..............................................................................................................484
What This Report Tells You...............................................................................................................485
Viewing Disk Status Reports....................................................................................................................486
What This Report Tells You...............................................................................................................487
Checking Steelhead Appliance Health Status.......................................................................................488
Viewing Logs..............................................................................................................................................491
Viewing User Logs.............................................................................................................................491
Viewing System Logs.........................................................................................................................493
Downloading Log Files.............................................................................................................................495
Downloading User Log Files............................................................................................................495
Downloading System Log Files........................................................................................................496
Downloading Hypervisor Log Files................................................................................................496
Viewing the System Dumps List.............................................................................................................497
x Steelhead Management Console User’s Guide
Description:SkipWare®, TurboCap®, WinPcap®, Wireshark®, and Stingray™ are .. Enabling DNS Caching Enabling Peering and Configuring Peering
