Table Of ContentSteelHead Management Console
™
User’s Guide
SteelHead CX (x70), (xx70), (xx55)
Version 9.5
December 2016
© 2017 Riverbed Technology, Inc. All rights reserved.
Riverbed and any Riverbed product or service name or logo used herein are trademarks of Riverbed. All other trademarks used
herein belong to their respective owners. The trademarks and logos displayed herein cannot be used without the prior written
consent of Riverbed or their respective owners.
Akamai® and the Akamai wave logo are registered trademarks of Akamai Technologies, Inc. SureRoute is a service mark of
Akamai. Apple and Mac are registered trademarks of Apple, Incorporated in the United States and in other countries. Cisco
is a registered trademark of Cisco Systems, Inc. and its affiliates in the United States and in other countries. EMC, Symmetrix,
and SRDF are registered trademarks of EMC Corporation and its affiliates in the United States and in other countries. IBM,
iSeries, and AS/400 are registered trademarks of IBM Corporation and its affiliates in the United States and in other
countries. Juniper Networks and Junos are registered trademarks of Juniper Networks, Incorporated in the United States and
other countries. Linux is a trademark of Linus Torvalds in the United States and in other countries. Microsoft, Windows, Vista,
Outlook, and Internet Explorer are trademarks or registered trademarks of Microsoft Corporation in the United States and in
other countries. Oracle and JInitiator are trademarks or registered trademarks of Oracle Corporation in the United States and
in other countries. UNIX is a registered trademark in the United States and in other countries, exclusively licensed through X/
Open Company, Ltd. VMware, ESX, ESXi are trademarks or registered trademarks of VMware, Inc. in the United States and in
other countries.
This product includes Windows Azure Linux Agent developed by the Microsoft Corporation (http://www.microsoft.com/).
Copyright 2016 Microsoft Corporation.
This product includes software developed by the University of California, Berkeley (and its contributors), EMC, and Comtech
AHA Corporation. This product is derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm.
The SteelHead Mobile Controller (virtual edition) includes VMware Tools. Portions Copyright © 1998-2016 VMware, Inc. All
Rights Reserved.
NetApp Manageability Software Development Kit (NM SDK), including any third-party software available for review with such
SDK which can be found at http://communities.netapp.com/docs/DOC-1152, and are included in a NOTICES file included
within the downloaded files.
For a list of open source software (including libraries) used in the development of this software along with associated
copyright and license agreements, see the Riverbed Support site at https//support.riverbed.com.
This documentation is furnished “AS IS” and is subject to change without notice and should not be construed as a
commitment by Riverbed. This documentation may not be copied, modified or distributed without the express authorization
of Riverbed and may be used only in connection with Riverbed products and services. Use, duplication, reproduction, release,
modification, disclosure or transfer of this documentation is restricted in accordance with the Federal Acquisition
Regulations as applied to civilian agencies and the Defense Federal Acquisition Regulation Supplement as applied to military
agencies. This documentation qualifies as “commercial computer software documentation” and any use by the government
shall be governed solely by these terms. All other use is prohibited. Riverbed assumes no responsibility or liability for any
errors or inaccuracies that may appear in this documentation.
Riverbed Technology
680 Folsom Street
San Francisco, CA 94107 Part Number
www.riverbed.com 712-00007-23
Contents
Welcome............................................................................................................................................13
About this guide....................................................................................................................13
Audience.........................................................................................................................13
Document conventions....................................................................................................14
Documentation and release notes.........................................................................................14
Contacting Riverbed..............................................................................................................14
1 - Overview of the Management Console..........................................................................................17
Prerequisites.........................................................................................................................17
Hardware and software dependencies............................................................................18
SCC compatibility............................................................................................................18
Ethernet network compatibility.......................................................................................18
SNMP-based management compatibility..............................................................................19
Using the Management Console............................................................................................19
Connecting to the Management Console.........................................................................19
The Dashboard................................................................................................................20
Navigating in the Management Console..........................................................................21
Getting help....................................................................................................................22
Next steps.............................................................................................................................23
2 - Modifying Host and Network Interface Settings...........................................................................25
Modifying general host settings............................................................................................25
Viewing the test result.....................................................................................................29
Modifying base interfaces.....................................................................................................29
IPv6 support....................................................................................................................29
Modifying in-path interfaces.................................................................................................37
Configuring a Management In- P a t h i n t e r f a c e ................................................................... 43
3 - Configuring In-Path Rules............................................................................................................47
In-path rules overview...........................................................................................................47
Creating in-path rules for packet-mode optimization......................................................48
Default in-path rules.............................................................................................................50
SteelHead Management Console User’s Guide 3
Contents
Configuring in-path rules.......................................................................................................50
4 - Configuring Optimization Features...............................................................................................67
Configuring general service settings......................................................................................68
Enabling basic deployment options.................................................................................68
Enabling failover.............................................................................................................68
Configuring general service settings...............................................................................70
Enabling peering and configuring peering rules.....................................................................76
About regular and enhanced automatic discovery...........................................................76
Configuring peering.........................................................................................................78
Configuring NAT IP address mapping.....................................................................................85
Configuring discovery service................................................................................................86
Configuring the RiOS data store.............................................................................................87
Encrypting the RiOS data store .......................................................................................87
Synchronizing peer RiOS data stores...............................................................................89
Clearing the RiOS data store............................................................................................90
Improving SteelHead Mobile performance......................................................................91
Receiving a notification when the RiOS data store wraps................................................92
Improving performance.........................................................................................................93
Selecting a RiOS data store segment replacement policy................................................93
Optimizing the RiOS data store for high-throughput environments..................................94
Configuring CPU settings.................................................................................................96
Configuring the SteelHead Cloud Accelerator........................................................................97
Prerequisites...................................................................................................................97
Activating SaaS applications...........................................................................................99
Prerequisites...................................................................................................................99
Configuring CIFS prepopulation...........................................................................................100
Editing a prepopulation share.......................................................................................103
Performing CIFS prepopulation share operations..........................................................106
Viewing CIFS prepopulation share logs..........................................................................107
Configuring TCP, satellite optimization, and high-speed TCP ...............................................107
Optimizing TCP and satellite WANs................................................................................107
High-speed TCP optimization........................................................................................122
Configuring service ports.....................................................................................................122
Configuring domain labels...................................................................................................124
When to use..................................................................................................................124
Dependencies...............................................................................................................125
Creating a domain label.................................................................................................126
Modifying domains in a domain label............................................................................127
Configuring host labels........................................................................................................128
When to use..................................................................................................................129
Configuring a host label.................................................................................................130
Resolving hostnames....................................................................................................131
Viewing the hostname resolution summary...................................................................131
4 SteelHead Management Console User’s Guide
Contents
Modifying hostnames or subnets in a host label............................................................132
Configuring port labels........................................................................................................132
Creating a port label......................................................................................................133
Modifying ports in a port label.......................................................................................134
Configuring CIFS optimization.............................................................................................135
CIFS enhancements by version......................................................................................135
Optimizing CIFS SMB1...................................................................................................136
Optimizing SMB2/3.......................................................................................................141
Configuring SMB signing...............................................................................................146
Encrypting SMB3..........................................................................................................155
Viewing SMB traffic on the Current Connections report.................................................155
Configuring HTTP optimization............................................................................................156
About HTTP optimization...............................................................................................156
Configuring HTTP optimization feature settings............................................................157
Configuring Oracle Forms optimization................................................................................169
Determining the deployment mode...............................................................................170
Enabling Oracle Forms optimization..............................................................................170
Configuring MAPI optimization............................................................................................173
Optimizing MAPI Exchange in out-of-path deployments................................................179
Deploying SteelHeads with Exchange Servers behind load balancers...........................179
Configuring NFS optimization..............................................................................................180
Configuring Lotus Notes optimization..................................................................................185
Encryption Optimization Servers table..........................................................................188
Unoptimized IP Address table.......................................................................................188
Configuring Citrix optimization............................................................................................189
Citrix enhancements by RiOS version............................................................................189
Citrix version support....................................................................................................189
Configuring FCIP optimization.............................................................................................196
Viewing FCIP connections.............................................................................................198
FCIP rules (VMAX-to-VMAX traffic only).........................................................................199
Configuring SRDF optimization............................................................................................201
Viewing SRDF connections............................................................................................203
Setting a custom data reduction level for an RDF group................................................203
Creating SRDF rules (VMAX-to-VMAX traffic only)..........................................................205
Configuring SnapMirror optimization...................................................................................207
How a SteelHead optimizes SnapMirror traffic..............................................................207
Windows domain authentication.........................................................................................212
Configuring domain authentication automatically.........................................................214
Easy domain authentication configuration....................................................................215
Configuring domain authentication for delegation.........................................................219
Status and logging........................................................................................................224
Configuring domain authentication manually................................................................225
Delegation (deprecated)................................................................................................225
Autodelegation mode (deprecated)...............................................................................228
Configuring replication users (Kerberos).......................................................................230
SteelHead Management Console User’s Guide 5
Contents
Granting replication user privileges on the DC...............................................................233
Verifying the domain functional level.............................................................................234
Configuring PRP on the DC............................................................................................234
5 - Configuring Hybrid Networking, QoS, and Path Selection...........................................................237
Where do I start?.................................................................................................................237
Best practices for QoS configuration.............................................................................238
Best practices for path selection configuration.............................................................239
Defining a hybrid network topology.....................................................................................240
Topology properties.......................................................................................................240
Defining a network........................................................................................................241
Defining a site...............................................................................................................243
Defining uplinks............................................................................................................245
Defining Applications..........................................................................................................248
Applying QoS policies..........................................................................................................252
QoS overview.................................................................................................................252
QoS CX xx55 and xx70 series recommendations............................................................255
Bypassing LAN traffic....................................................................................................257
Configuring QoS...................................................................................................................261
Overview.......................................................................................................................261
Viewing and editing the default QoS classes.................................................................265
Adding QoS profiles.......................................................................................................269
Adding and editing QoS rules.........................................................................................270
Enabling MX-TCP queue policies...................................................................................274
Modifying QoS profiles..................................................................................................275
Classifying and prioritizing OOB traffic using DSCP marking.........................................275
Inbound QoS........................................................................................................................276
How a SteelHead identifies and shapes inbound traffic................................................278
Path selection.....................................................................................................................279
Using paths to steer packets.........................................................................................280
Path selection use cases...............................................................................................283
Configuring path selection in a SteelHead Interceptor cluster.............................................285
6 - Enabling DNS Caching................................................................................................................289
Configuring DNS caching.....................................................................................................289
7 - Configuring Network Integration Features.................................................................................295
Configuring asymmetric routing features............................................................................295
Troubleshooting asymmetric routes..............................................................................297
Configuring connection forwarding features........................................................................299
Configuring IPSec encryption..............................................................................................302
Configuring subnet side rules..............................................................................................305
Configuring flow statistics...................................................................................................307
6 SteelHead Management Console User’s Guide
Contents
Enabling flow export.....................................................................................................307
Joining a Windows domain or workgroup.............................................................................314
Domain and Local Workgroup settings..........................................................................314
Configuring simplified routing features...............................................................................319
Configuring WCCP ...............................................................................................................321
Verifying a multiple in-path interface configuration......................................................327
Modifying WCCP group settings.....................................................................................328
Configuring hardware-assist rules.......................................................................................328
8 - Configuring SSL and a Secure Inner Channel..............................................................................331
Configuring SSL server certificates and certificate authorities............................................331
How does SSL work?.....................................................................................................331
Prerequisite tasks.........................................................................................................332
Configuring SSL main settings.............................................................................................337
Configuring SSL server certificates...............................................................................339
Preventing the export of SSL server certificates and private keys.................................342
Configuring SSL certificate authorities..........................................................................343
Modifying SSL server certificate settings......................................................................344
Configuring CRL management.............................................................................................348
Managing CDPs.............................................................................................................350
Configuring secure peers.....................................................................................................352
Secure inner channel overview......................................................................................352
Enabling secure peers...................................................................................................353
Configuring peer trust...................................................................................................356
Configuring advanced and SSL cipher settings....................................................................363
Setting advanced SSL options.......................................................................................363
Configuring SSL cipher settings....................................................................................369
Performing Bulk imports and exports............................................................................372
9 - Managing SteelHeads.................................................................................................................375
Starting and stopping the optimization service...................................................................375
Configuring scheduled jobs ................................................................................................376
Upgrading your software.....................................................................................................378
Rebooting and shutting down the SteelHead.......................................................................380
Managing licenses and model upgrades..............................................................................380
Flexible licensing overview............................................................................................381
Installing a license........................................................................................................383
Upgrading an appliance model......................................................................................385
Removing a license........................................................................................................386
Viewing permissions............................................................................................................387
Managing configuration files...............................................................................................388
Configuring general security settings..................................................................................390
SteelHead Management Console User’s Guide 7
Contents
Managing user permissions ................................................................................................392
Accounts.......................................................................................................................392
Managing password policy..................................................................................................397
Selecting a password policy..........................................................................................397
Setting RADIUS servers.......................................................................................................401
Configuring TACACS+ access...............................................................................................403
Unlocking the secure vault..................................................................................................405
Configuring a management ACL...........................................................................................407
ACL management rules..................................................................................................409
Configuring web settings ....................................................................................................411
Managing web SSL certificates.....................................................................................413
Enabling REST API access ..................................................................................................415
10 - Configuring System Administrator Settings.............................................................................419
Configuring alarm settings..................................................................................................419
Setting announcements......................................................................................................432
Configuring email settings ..................................................................................................432
Configuring log settings.......................................................................................................435
Filtering logs by application or process.........................................................................438
Configuring the date and time.............................................................................................440
Current NTP server status.............................................................................................442
NTP authentication.......................................................................................................443
NTP servers...................................................................................................................443
Configuring monitored ports................................................................................................445
Configuring SNMP settings..................................................................................................447
Configuring SNMPv3 .....................................................................................................450
SNMP authentication and access control......................................................................452
11 - Viewing Reports and Logs.........................................................................................................459
Overview..............................................................................................................................460
Navigating the report layout..........................................................................................461
Viewing Current Connection reports....................................................................................464
What this report tells you..............................................................................................464
Viewing Connection History reports.....................................................................................490
What this report tells you..............................................................................................491
About report graphs......................................................................................................491
About report data..........................................................................................................491
Viewing Connection Forwarding reports..............................................................................492
What this report tells you..............................................................................................493
About report graphs......................................................................................................493
About report data..........................................................................................................493
8 SteelHead Management Console User’s Guide
Contents
Viewing Outbound QoS reports............................................................................................495
What this report tells you..............................................................................................495
About report graphs......................................................................................................495
About report data..........................................................................................................495
Viewing Inbound QoS reports...............................................................................................497
What this report tells you..............................................................................................498
About report graphs......................................................................................................498
About report data..........................................................................................................498
Viewing Secure Transport reports........................................................................................499
What this report tells you..............................................................................................500
Viewing Top Talkers reports.................................................................................................502
What this report tells you..............................................................................................502
About report data..........................................................................................................502
Viewing Traffic Summary reports.........................................................................................504
What this report tells you..............................................................................................505
About report data..........................................................................................................505
Viewing WAN Throughput reports........................................................................................508
What this report tells you..............................................................................................509
About report graphs......................................................................................................509
About report data..........................................................................................................509
Viewing Application Statistics reports.................................................................................511
What this report tells you..............................................................................................512
About report graphs......................................................................................................512
About report data..........................................................................................................512
Viewing Application Visibility reports..................................................................................514
What this report tells you..............................................................................................515
About report graphs......................................................................................................515
About report data..........................................................................................................515
Viewing Interface Counter reports.......................................................................................517
What this report tells you..............................................................................................518
Viewing TCP Statistics reports.............................................................................................519
What this report tells you..............................................................................................520
Viewing Optimized Throughput reports................................................................................520
What this report tells you..............................................................................................521
About report graphs......................................................................................................522
About report data..........................................................................................................522
Viewing Bandwidth Optimization reports.............................................................................525
What this report tells you..............................................................................................526
About report graphs......................................................................................................526
About report data..........................................................................................................526
Viewing Peer reports...........................................................................................................529
What this report tells you..............................................................................................530
Viewing CIFS Prepopulation Share Log reports....................................................................531
Viewing HTTP reports..........................................................................................................534
SteelHead Management Console User’s Guide 9
Contents
What this report tells you..............................................................................................534
About report graphs......................................................................................................534
About report data..........................................................................................................534
Viewing Live Video Stream Splitting reports........................................................................535
What this report tells you..............................................................................................536
About report graphs......................................................................................................536
About report data..........................................................................................................536
Viewing NFS reports............................................................................................................537
What this report tells you..............................................................................................538
About report graphs......................................................................................................538
About report data..........................................................................................................538
Viewing SRDF reports..........................................................................................................539
What this report tells you..............................................................................................540
About report graphs......................................................................................................540
About report data..........................................................................................................540
Viewing SnapMirror reports.................................................................................................542
What this report tells you..............................................................................................543
About report graphs......................................................................................................543
About report data..........................................................................................................543
Viewing SSL reports............................................................................................................546
What this report tells you..............................................................................................546
About report graphs......................................................................................................546
About report data..........................................................................................................546
Viewing SharePoint reports.................................................................................................547
What this report tells you..............................................................................................548
About report graphs......................................................................................................548
About report data..........................................................................................................548
Viewing Data Store Status reports.......................................................................................549
What this report tells you..............................................................................................550
Viewing Data Store SDR-Adaptive reports...........................................................................551
What this report tells you..............................................................................................551
Viewing Data Store Disk Load reports..................................................................................553
What this report tells you..............................................................................................553
Viewing DNS Cache Hit reports............................................................................................554
What this report tells you..............................................................................................554
About report graphs......................................................................................................555
About report data..........................................................................................................555
Viewing DNS Cache Utilization reports ...............................................................................556
What this report tells you..............................................................................................556
About report graphs......................................................................................................556
About report data..........................................................................................................556
Viewing Alarm Status reports..............................................................................................557
What this report tells you..............................................................................................572
Viewing CPU Utilization reports...........................................................................................572
What this report tells you..............................................................................................572
10 SteelHead Management Console User’s Guide
Description:RiOS 6.0 and later support 10gR2, which comes with Oracle Environments with GigE-based (RF port) originated SRDF traffic between VMAX arrays must isolate DIF headers within Example—Adding an FCIP rule to isolate DIF headers on the FCIP tunnel carrying the VMAX-to-VMAX. SRDF traffic.
