1 2 Previous Next


18 Posts

When there is a problem with your Steelhead appliance or you suspect a network problem related to it, you can call the TAC. The TAC is 24x7 and lots of people do each day, it's often the fastest path towards determining what goes wrong.


But what if you are in a secure environment? Or you don't want to wait the extra time before the case gets assigned to a TAC engineer? Or just want to be able to do the troubleshooting yourself? Or at least be able to understand what they are looking at and talking about?


A group of Riverbed TAC engineers have worked on an internal troubleshooting document to kick start new TAC engineers. It describes the design of the Steelhead appliance, the working of the optimization service and the setup of optimized TCP sessions, installation and operation related issues, various latency optimization related issues, on how to use the various CLI tools to troubleshoot and how you can deal with the contents of the system dump.


A public version of this document has now been made available for Riverbed customers, you can download it at http://rvbd.ly/1p5MMgu. Download your copy today and enjoy having the knowledge on the Steelhead appliances which power your network!


Index of the book:

Abstract / Preface
Chapter 1. Introduction to WAN Optimization
Chapter 2. The Riverbed Approach to WAN Optimization
Chapter 3. The Command Line and Tools
Chapter 4. Installation Related Issues
Chapter 5. Operation Related Issues
Chapter 6. System Dump
Chapter 7. Different Network Troubleshooting Scenarios
Chapter 8. Latency Optimization
Chapter 9. Logging
Chapter 10. Further Help and Support
Appendix A. Jargon
Appendix B. Troubleshooting workflow for network performance related issues

Riverbed University is excited to announce the availability of two new Steelhead RiOS 8.x advanced implementation instructor-led courses that are offered by Riverbed Professional Services.

WAN310 Optimizing Enterprise Applications and Protocols
WAN350 Implementing Enterprise Optimization Architectures

Each of these new courses builds upon the pre-requisite WAN200 Optimization Essentials course and have been engineered to meet the demand from Riverbed customers and partners to learn about the new features and implementation best practices for RiOS products in complex enterprise environments.


What You Need to Know


Effective December 13, 2013, Riverbed Professional Services will no longer offer the 4-day Steelhead Advanced Deployment & Troubleshooting (“SADT”) class. For students interested in taking this class, all of the course material has been updated and integrated into the 5-day WAN350 Implementing Enterprise Optimization Architectures course that will be offered starting in December.

The WAN310 Optimizing Enterprise Applications and Protocols course will be offered starting in late Q1 and will appear on the training schedule by February.


WAN310 Optimizing Enterprise Applications and Protocols (50 Training Credits)

View Course Outline

This 5-day solution-focused class offers an in-depth experience to the Riverbed® Optimization System (RiOS®) with hands-on configuration of applications and protocols using the Steelhead Appliance and Central Management Console. This class provides common and advanced scenarios for layer 7 application acceleration of video, e-mail, HTTP, terminal service environments, and storage replication protocols, as well as describing the use of the Virtual Services Platform. The class also provides details on optimizing UDP and IPV6 traffic and ways to securely encrypt all types of optimized data.

This course is specifically designed for Riverbed customers and resellers/partners involved in the administration of application servers, Active Directory, and of deployment of the Riverbed Steelhead product family in enterprise environments.


WAN350 Implementing Enterprise Optimization Architectures (50 Training Credits)

View Course Outline

This 5-day solution-focused class offers an in-depth experience to the Riverbed Optimization System (RiOS®) with hands-on installation and configuration experience using the Steelhead Appliance and Virtual Steelhead with Central Management Console deployment integration. This class provides common and advanced scenarios with QoS and both serial and parallel Steelhead clusters as well as virtual In-path lab-intensive deployments in PBR, WCCP and Interceptor infrastructure solutions.

This course is specifically designed for Riverbed customers and resellers/partners involved in the design or deployment of the Riverbed Steelhead product family in more complex enterprise environments.


How To Buy


You may register and pay for a class online with a credit card by selecting the class from the course schedule at http://www.riverbed.com/services-training/#Training.

You can also buy training credits by purchase order, please contact your Riverbed partner or sales representative.

Training Credits, 1 Credit = $100 USD

Riverbed University training credits provide an easy and convenient method to purchase high-quality Riverbed training courses. Credits are a simple way to purchase training that may be applicable to your team at a later date.

Credits are redeemable within six months by any employee within an organization for any Riverbed University classroom or instructor-led online (ILO) general training course. By purchasing bulk training credits, organizations minimize the number of purchases and ensure teams can attend training as needs arise (new releases, new employees, etc.).

Customer SKU – (50) SVC-TRA-CRCUST01-C
Partner NFR SKU – (50) SVC-TRA-CRPTNR01-P




If you have any questions, please email university@riverbed.com.

The Riverbed Professional Services Sales Team is happy to help with quoting and scoping.
Americas - ps-sales-americas@riverbed.com
EMEA - ps-sales-emea@riverbed.com
APJ - ps-sales-apj@riverbed.com

Microsoft Office 365 optionally includes the right to install Microsoft Office 365 ProPlus, a full-featured version of Microsoft Office, on up to five devices per user. This version has several modifications suited to an online service offering, for example, licensing and activation occur automatically over the Internet. In addition, Microsoft has designed Office 365 ProPlus with Click-to-Run installation technology. Click-to-Run streams the setup so you can start using Office before installation is finished and you can install this version of Office side-by-side with previous versions


Installing Office 365 ProPlus from the online Office 365 Portal is very convenient, but as with all cloud services, there are trade-offs. When you install Office from the Internet there may be latency or bandwidth concerns. In addition, in-house ITcannot customize or control Office 365 ProPlus installations from the Office 365 portal.


To avoid overconsumption of Internet bandwidth and allow control over deployments, Microsoft recommends that you install Office 365 ProPlus from a local share. Over 1 GB of information traverses the network for each installation, which can strain WAN connections between branch offices and corporate data centers.


This performance brief shows how WAN optimization technology provided by Riverbed® Steelhead® appliances significantly reduces and potentially eliminates bandwidth concerns when installing Office 365 ProPlus over a WAN.

Deploying a virtual SMC (Steelhead Mobile Controller) is quick and simple. Here, I provide screen shots for a step-by-step look at the process. At the time of this writing, the latest version of SMC software is 4.0.


To begin, you will need to download the latest virtual edition of SMC from the Riverbed Support site. The latest virtual edition will not necessarily be the latest and greatest. In this example, I will install vSMC v3.1.3d (latest on the Support site) and upgrade it to version 4.0. You will need an ESX host and vCenter or vSphere to deploy the .OVA package. I am using VSP resources on a Steelhead EX-760 as my ESX host.


From vSphere or vCenter, deploy the CMC .OVA file as you would with any .OVA:




Verify the template contents and select Next.



Customize the virtual machine name or keep the default.



Since this VM is for lab purposes, I will select "Thin" provisioning.



Make sure the interfaces are assigned properly. Primary should be mapped to rvbd_pri and Aux should be mapped to rvbd_hpn. You may have to switch these from their default assignments. If you cannot access the SMC virtual machine after deployment, check these assignments.



Verify the configuration and begin the deployment.



Deployment should take just a few minutes.



After deployment, power ON the virtual SMC machine.



Open a console window to observe the boot process.



When the machine is finished booting, enter the default credentials of admin / password. The configuration wizard will then start - select "yes" to use the wizard. There are 8 steps to the wizard. Note that this process is the same for both virtual and hardware-based SMC appliances.




Upon completion of the wizard, you may now be able to browse to the virtual SMC in order to upgrade to the latest SMC release. Depending on the SMC version deployed, the location of the upgrade feature could be different than what I show here. For versions prior to SMC v4, click "Setup" on the top menu bar, then "Upgrade Software" on the left-hand selection pane.



I will be upgrading from 3.1.3d to 4.0 using a local file on my laptop.



When the new software is copied to the virtual appliance, it will be selected as the target upon the next reboot.



When upgrading to SMC v4, you will notice the enhanced UI. It now closely resembles the UI of other Riverbed products such as Riverbed Steelheads.




At this point you can add any required licenses.

Deploying a virtual CMC (Central Management Controller) is quick and simple. Here, I provide screen shots for a step-by-step look at the process. At the time of this writing, the latest version of CMC software is 8.0.


To begin, you will need to download the latest virtual edition of CMC from the Riverbed Support site. The latest virtual edition will not necessarily be the latest and greatest. In this example, I will install vCMC v6.5.3 (latest on the Support site) and upgrade it to version 8.0. You will need an ESX host and vCenter or vSphere to deploy the .OVA package. I am using VSP resources on a Steelhead EX-760 as my ESX host.


From vSphere or vCenter, deploy the CMC .OVA file as you would with any .OVA:




Verify the template details. Note, you can change disk provisioning in a future step.



Keep the default name or create your own.



I will change the disk provisioning to "Thin" since this is for a lab.



You may need to switch the interfaces. Make sure that "mgmt" is paired with rvbd_pri and "Aux" is paired with rvbd_hpn. If you cannot access the controller after the installation, check these assignments.



When ready to deploy, select Finish.



The virtual CMC will begin to deploy. This will take just a few minutes to complete.



From vCenter / vSphere, power ON the CMC virtual machine.




Open a console session while the virtual machine is starting.



After the virtual machine boots, enter the default credentials of admin / password. The configuration wizard will then begin - answer "yes" if you want to use the wizard. Note: this process is the same whether you are installing a virtual or hardware-based CMC.



There are 8 steps to the wizard.



Once the wizard completes, you can use a browser to access the CMC.



At this point, be sure to upgrade the CMC to the latest available version (i.e. version 8.0 at the time of this writing).



When the upgrade is completed, a reboot is required to boot to the new version.




At this point, you can add any required licenses.


For more information, see the virtual CMC installation guide by clicking here.

Steelhead Mobile v4.0 is now available for download here.


The available platforms and deployment options for SHM 4.0:

  • SMC for VSP (model 8552 / VSMC-VSP). This installs on EX model Steelheads utilizing VSP (built-in ESXi server)
  • Virtual SMC (model 8650 / V-SMC). This virtual image installs on a supported ESXi server of your choice that meets the hardware requirements.

Note that SMC for RSP is no longer supported as it has been superseded by the SMC for VSP.


Major features in v4.0 include:

  • SMC License Clustering. Multiple instances of SMC's can now be clustered supporting up to 120,000 simultaneous Steelhead Mobile users. Up to 30 nodes per cluster supported. Both appliances and virtual controllers can be a part of the same cluster.
  • Extended Microsoft Windows application support. SHM 4.0 now includes optimization support for SMB signing, encrypted MAPI, encrypted Outlook Anywhere, HTTP traffic for SharePoint, and end-to-end Kerberos authenticated applications.
  • New Windows client UI. A redesigned UI for provisioning large-scale deployments. Features include updated graphical time-based reports for networking, diagnostics, and optimization reports. Policy configuration has been simplified with interactive graphics. Hovering over a single point on a report provides additional details (such as time stamp, LAN and WAN bytes).
  • High availability management through SMC failover across Data Center.
  • SMBv2 for CIFS latency optimization
  • OSX Mountain / Mountain Lion support for CIFS

CMC v8.0 New Features

Posted by Kim Wall Jan 8, 2013

CMC release 8.0 is now available here. The main new feature is the support of devices running Riverbed RiOS v8.0.


Note: CMC 8000 series appliances cannot be upgraded to CMC v8 and therefore are not capable of fully managing Steelheads running v8.0 and greater. The CMC 8000 series have been end of availability since April 2010. Click here for more information on hardware end of availability.


To take advantage of CMC 8.0 you must install on hardware appliance model 8150 or the CMC-VE (ESXi virtual edition). Fast facts for these models:

  • CMC 8150 base appliance comes with 50 licenses (can manage up to 50 Steelheads with the base model)
  • CMC-VE does not include any licenses in the base model. A license pack must be purchased to begin Steelhead management.
  • Both models can take additional licenses in increments of 10 (max of 500 licenses supported)


One of the major differences between the 8000 series and the 8150 series is in how licenses are managed and purchased. The 8000 series were sold with management capacity by model. For example, the CMC-8003 model managed 50 devices, the CMC-8004 managed 100 devices etc. When additional licenses were needed the CMC appliance was enabled as a different model. 


The CMC-8150 appliance is sold as a base appliance with 50 licenses and take additional license packs for growth. When purchasing upgrades to the 8150, the appropriate management packs must be purchased that match the previous model's capacity. The following chart can be used for reference:




Click here for CMC 8.0 software and release notes.

We should be able to optimize RDP traffic if compression is disabled on the RDP session itself (i.e. let Riverbed do the compression rather than the client/remote machines). Encryption level should be "low" on the RDP client as well. RDP sessions are pass-through by default (3389 is in the Interactive port label group). Be sure to either remove 3389 from the port label group or (better practice) create an optimization policy to optimize TCP 3389.


Here is a snippet of info from one of the links below:


By default, the Steelhead will pass-through the Microsoft Remote Desktop Protocol (RDP) part of the Interactive port group, and some customers report performance improvements after optimizing it. There is no RDP-aware latency optimization available in the current RiOS releases, so the gains achieved are purely through reduced data transmission through Scalable Data Referencing (SDR).

  • Optimization of RDP connections requires the sessions be unencrypted and uncompressed.
  • Compression for RDP sessions can be disabled by configuring the client.


Here are a few Riverbed knowledge base articles that may be helpful:



When creating optimization rules for RDP (TCP 3389), consider the following:



In this first of a  two part blog post about Citrix HDX I wanted to explore the impact of HDX on the Wide Area Network, part one will serve as the introduction, and in part two I will testrun some of the scenarios described in part one.

HDX came to be because Citrix was finally getting competitive pressure on its Independent Computing Architecture (ICA) protocol from Microsoft with RDP version 7 and beyond andTeradici/VMware with PCoIP. (And arguably other protocols like Quest EOP Xstream, HP RGS, RedHat SPICE, etc.)

Citrix’s reaction to these competitive pressures has been to elevate the conversation above the protocol, stating that a great user experience is more than just a protocol, thus Citrix created the HDX brand to discuss all the elements in addition to ICA that Citrix claims allow it to deliver the best user experience.

HDX Brands

HDX is not a feature or a technology — it is a brand.

Short for “High Definition user eXperience,” HDX is the umbrella term that encapsulates several different Citrix technologies. Citrix has created HDX sub-brands, these include the list below and each brand represents a variety of technologies:

  • HDX Broadcast (ICA)
    • Capabilities for providing virtual desktops and applications over any network. This is the underlying transport for many of the other HDX technologies; it includes instant mouse click feedback, keystroke latency reduction, multi-level compression, session reliability, queuing and tossing.
  • HDX MediaStream
    • Capabilities for multimedia such as sound and video, using HDX Broadcast as it’s base, including client side rendering (streaming the content to the local client device for playing via local codecs with seamless embedding into the remote session).
    • Flash redirection (Flash v2), Windows Media redirection.
  • HDX Realtime
    • Capabilities for real time communications such as voice and web cameras, using HDX Broadcast as it’s base, it includes EasyCall (VoIP integration), and bi-directional audio functionality.
  • HDX SmartAccess
    • Refers mainly to the Citrix Access Gateway (SSL VPN) and cloud gateway components for single sign-on.
  • HDX RichGraphics  (incl 3D, 3D PRO, and GDI+ remoting)
    • Capabilities in remoting high end graphics using HDX Broadcast as it’s base, uses image acceleration and progressive display for graphically intense images. (formerly known as project appollo)
  • HDX Plug-n-Play
    • Capabilities to provide connectivity for local devices and applications in a virtualized environment, including USB, multi-monitor support, smart card support, special folder redirection, universal printing, and file-type associations.
  • HDX WAN Optimization
    • Capabilities to locally cache bandwidth intensive data and graphics, locally stage streamed applications (formally known as Intellicache, relying mostly on their Branch Repeater product line).
  • HDX Adaptive Orchestration
    • Capabilities that enable seamless interaction between the HDX technology categories. The central concept is that all these components work adaptively to tune the unified HDX offering for the best possible user experience.



The goal of this post is to provide an overview of these HDX sub-brands and technologies that directly relate to the network, and WAN optimization, in order to have a clearer understanding of marketing vs. technology impact.

Not every HDX feature is available on both XenApp and XenDesktop, (and now also VDI in-a-box after the acquisition of Kaviza) the table below shows the feature matrix for both:

hdx table

HDX and the network

As stated before most of the HDX technologies are either existing ICA components or rely on ICA (HDX Broadcast) as a remoting protocol. As such we should be able to (WAN) optimize most of the content within HDX one way or another.

HDX MediaStream

HDX MediaStream is used to optimize the delivery of multimedia content, it interacts with the Citrix Receiver (ICA Client) to determine the optimal rendering location (see overview picture below) for Windows Media and Flash content.

Within HDX MediaStream the process of obtaining the multimedia content and displaying the multimedia content are referenced by the terms fetching and rendering respectively.

Within HDX MediaStream, fetching the content is the process of obtaining or downloading the multimedia content from a location external (Internet, Intranet, fileserver (for WMV only)) to the virtual desktop. Rendering utilizes resources on the machine to decompress and display the content within the virtual desktop. In a Citrix virtual desktop that is being accessed via Citrix Receiver, rendering of content can executed by either the client or the hypervisor depending on the policies and environmental resources available.


Adaptive display (server side rendering) provides the ability to fetch and render multimedia content on the virtual machine running in the datacenter and send the rendered content over ICA to the client device. This translates to more bandwidth needed on the network than client side rendering. Howerver in certain scenarios client side rendering can use more bandwidth than server side rendering, it is after all, adaptive.

HDX MediaStream Windows Media Redirection (client side rendering) provides the ability to fetch Windows Media content (inclusive of WMV, DivX, MPEG, etc.) on the server and render the content within the virtual desktop by utilizing the resources on the client hosting Citrix Receiver (Windows or Linux). When Windows Media Redirection is enabled via Citrix policy, Windows video content is sent to the client through an ICA Virtual Channel in its native, compressed format for optimal performance. The processing capability of the client is then utilized to deliver smooth video playback while offloading the server to maximize server scalability. Since the data is sent in its native compressed format this should result in less bandwidth needed on the network than server side rendering.

HDX MediaStream Flash Redirection  (client side rendering) provides the ability to harness the bandwidth and processing capability of the client to fetch and render Flash content. By utilizing Internet Explorer API hooks, Citrix Receiver is able to securely capture the content request within the virtual desktop and render the Flash data stream directly on the client machine. Added benefits include increased server hypervisor scalability as the servers are no longer responsible for processing and delivering Flash multimedia to the client.

This usually decreases the wan bandwidth requirements by 2 to 4 times compared to Adaptive Display (server side rendering).

HDX MediaStream network considerations

In some cases, Window Media Redirection (client-side rendering of the video) can used significantly more bandwidth than Adaptive Display (server-side rendering of the video).

In the case of low bit rate videos, Adaptive Display may utilize more bandwidth than the native bitrate of the Windows Media content. This extra usage of bandwidth actually occurs since full screen updates are being sent across the connection rather than the actual raw video content.

Packet loss over the WAN connection is the most restricting aspect of an enhanced end-user experience for HDX MediaStream.

Citrix Consulting Solutions recommends Windows Media Redirection (client-side rendering) for WAN connections with a packet loss less than 0.5%.

Windows Media Redirection requires enough available bandwidth to accommodate the video bit rate. This can be controlled using SmartRendering thresholds. SmartRendering controls when the video reverts back to server side rendering because the bandwidth is not available, Citrix recommends setting the threshold to 8Mbps.

WAN optimization should provide the most benefits when the video is rendered on the client since the data stream for the compressed Windows Media content is similar between client devices, once the video has been viewed by one person in the branch, very little bandwidth is consumed when other workers view the same video.

HDX RichGraphics 3D Pro

HDX 3D Pro can be used to deliver any application that is compatible with the supported host operating systems, but is particularly suitable for use with DirectX and OpenGL-driven applications, and with rich media such as video.

The computer hosting the application can be either a physical machine or a XenServer VM with Multi-GPU Passthrough. The Multi-GPU Passthrough feature is available with Citrix XenServer 6.0

For CPU-based compression, including lossless compression, HDX 3D Pro supports any display adapter on the host computer that is compatible with the application that you are delivering. To use GPU-based deep compression, HDX 3D Pro requires that the computer hosting the application is equipped with a NVIDIA CUDA-enabled GPU and NVIDIA CUDA 2.1 or later display drivers installed. For optimum performance, Citrix recommends using a GPU with at least 128 parallel CUDA cores for single-monitor access.

To access desktops or applications delivered with XenDesktop and HDX 3D Pro, users must install Citrix Receiver. GPU-based deep compression is only available with the latest versions of Citrix Receiver for Windows and Citrix Receiver for Linux.

HDX 3D Pro supports all monitor resolutions that are supported by the GPU on the host computer. However, for optimum performance with the minimum recommended user device and GPU specifications, Citrix recommends maximum monitor resolutions for users’ devices of 1920 x 1200 pixels for LAN connections and 1280 x 1024 pixels for WAN connections.

Users’ devices do not need a dedicated GPU to access desktops or applications delivered with HDX 3D Pro.

HDX 3D Pro includes an image quality configuration tool that enables users to adjust in real time the balance between image quality and responsiveness to optimize their use of the available bandwidth.

HDX RichGraphics 3D Pro network considerations

HDX 3D PRO has significant bandwidth requirements depending on the encoding used (NVIDA CUDA encoding, CPU encoding, and Lossless.)


When supported NVIDIA chipsets are utilized, HDX 3D Pro offers the ability to compress the ICA session in a video stream. This significantly reduces bandwidth and CPU usage on both ends by utilizing the NVIDA CUDA-based deep compression. If a NVIDIA GPU is not present to provide compression, the server CPU can be utilized to compress the ICA stream. This method, however, does introduce a significant impact on CPU utilization. The highest quality method for delivering a 3D capable desktop is by using the Lossless option. As the Lossless title states, no compression of the ICA stream occurs allowing for pixel perfect images to be delivered to the end point. This option is available for delivering medical imaging software that cannot have degraded image quality. This level of high quality imaging does come with the price of very high bandwidth requirements.

HDX RichGraphics GDI and GDI+ remoting

GDI (Graphics Device Interface) and GDI+ remoting allows applications (like Microsoft office, wordpad, etc.) to be remoted to the client using native graphics commands instead of bitmaps. By using native graphics commands, it saves on server side CPU, saves network bandwidth and eliminates visual artifacts as it doesn’t need to be compressed using image compression.

General network factors for Remoting protocols (including RDP/RemoteFX, ICA, PCoIP, Quest EoP,…)

  • Bandwidth – the protocols mostly take all they can get, 2 Mbps* is required for a decent user experience. (see planning bandwidth requirements below)
  • Latency – at 50ms things start getting tough (sometimes even at 20ms)
  • Packet loss – should stay under 1%


Planning bandwidth requirements for HDX (XenDesktop example)

Citrix publishes the numbers below in a medium (user load) user environment, this gives some indication as to what to expect in terms of network sizing.

  • MS Office-based                                    43Kbps
  • Internet                                                  85 Kbps
  • Printing (5MB Word doc)                          555-593 Kbps
  • Flash video (server rendered)                   174 Kbps
  • Standard WMV video (client rendered)      464 Kbps
  • HD WMV video (client rendered)              1812 Kbps


These are estimates. If a user watches a WMV HD video with a bit rate of 6.5 Mbps, that user will require a network link with at least that much bandwidth. In addition to the WMV video, the link must also be able to support the other user activities happening at the same time.

Also, if multiple users are expected to be accessing the same type of content (videos, web pages, documents, etc.), integrating WAN Optimization into the architecture can drastically reduce the amount of bandwidth consumed. However, the amount of benefit is based on the level of repetition between users.

Note: Riverbed Steelhead can optimize ICA/HDX traffic extremely well, we even support the newer multi-stream ica protocol. In part 2 of this blog I will demonstrate the effectiveness of Steelhead on HDX traffic and talk about our Citrix specific optimizations like our very effective Citrix QoS, Riverbed Steelheads also have the ability to decode the ICA Priority Packet Tagging that identifies the virtual channel from which each Citrix ICA packet originated.  As part of this capability, Riverbed specifically developed a packet-order queuing discipline that respects the ordering of ICA packets within a flow, even when different packets from a given flow are classified by Citrix into different ICA virtual channels.  This allows the Steelhead to deliver very granular Quality of Service (QoS) enforcement based on the virtual channel in which the ICA data is transmitted.  Most importantly, this feature prevents any possibility of out-of-order packet delivery as a result of Riverbed’s QoS enforcement; out-of-order packet delivery would cause significant degradation in performance and responsiveness for the Citrix ICA user.  Riverbed’s packet-order queuing capability is patent-pending, and not available from any other WAN optimization vendor.

Real world impact can be seen in the picture below of a customer saving 14GB of ICA traffic over a transatlantic link every month.citrixtraff

RiOS 8 - New Features

Posted by Kim Wall Jan 2, 2013

Here are the main (new) features that ship with RiOS v8.0.


  1. CIFS support on MAC OSX Lion / Mountain Lion
    1. Support for SMB v1 signing settings for MAC OSX Lion (10.7) and Mountain Lion (10.8)
  2. New UI Reports
    1. Time series reports have a new design that is interactive, and easy to navigate. The statistics presented in the improved report format are readily accessible and all updates to the report window appear in real time.
  3. QoS DPI: 600+ Apps
    1. Riverbed Application Flow Engine can recognize applications by using port-based classification, application signature matching, protocol dissection, future flow registration, behavioral classification, and others that may hop ports or may otherwise be hard to detect. The application flow engine in RiOS 8.0 can now identify and classify over 600 common Enterprise applications. The engine still allows for custom application definitions making it possible to identify thousands of applications.
  4. QoS: PCoIP
    1. PCoIP is a display compression technology used by VDI solutions such as VMWare View. Riverbed QoS for PCoIP in RiOS v8.0 delivers bandwidth control and latency prioritization for virtual channels within a PCoIP stream, enabling the fine-tuning of traffic including voice, video, and display rendering.
  5. 10Gig performance improvements
    1. An enhancement in RiOS provides up to a 50% performance boost in end to end throughput for 10GE based deployments.
  6. Account control, authenticated NTP, TACACS+
    1. RiOS 8.0 includes enhanced security features including a password manager that offers stronger protection against unauthorized access. Secure communications between Steelheads and NTP servers protect Steelheads from unauthorized NTP servers. With RiOS 8.0, enterprises now have additional deployment options with the addition of access to TACACS+ servers running on IPv6 networks.

RiOS 8.0 release notes can be found here.

Recently, Exinda, a private vendor of WAN optimization products focusing primarily on delivering network visibility and quality of service (QoS), announced that it has won Red Herring's 2012 Top 100 Global award. The honor underscores that the category is growing and big enough to sustain an ecosystem of diverse players.


Red Herring’s assessment puts criteria, such as financial performance, technology innovation, management quality, strategy, and market penetration into their equation. We can’t really chime in on anything apart from Exinda’s “technology innovation,” so why not take a look under the hood: besides, if an online magazine can do it, so can we.


First, a quick primer on WAN performance.


Poor WAN performance is not only a result of network congestion and insufficient bandwidth, but is also caused by the combination of high network latency and chatty protocol behavior exhibited by many applications. When taking place over a LAN, these chatty conversations have no noticeable impact on performance because the transmission latency in a LAN is near zero. However, over a wide-area link with latency in the dozens of milliseconds, these multiple round-trips potentially become the primary barrier to achieving adequate performance.


To accelerate WAN environments, WAN optimization devices must have layer-7 application-specific optimization capabilities. Without it, applications that exhibit chatty protocol behavior will experience very slow performance when accessing data over the WAN, regardless of the amount of compression and data elimination achieved by the WAN optimization device. Layer-7 capabilities are also important to address encryption or special data encoding that many applications perform on their data. Without this capability, compression and data deduplication mechanisms designed to eliminate redundant data are ineffective.


Exinda’s ability to address latency, protocol chattiness, and data encoding issues is limited to just to a few protocols and some specific use cases.


To address chatty application protocol behavior, Steelhead appliances provide protocol-specific optimizations for CIFS, NFS, Microsoft Exchange, Lotus Notes, MS-SQL, HTTP, and HTTPS. By using knowledge of inefficient behavior in each of these protocols, Steelhead is able to reduce the number of round-trips in client-server operations. Customers get the ability to address protocol inefficiencies for the widest range of different application protocols, thereby delivering LAN-like performance over the WAN for the greatest number of different applications.


Exinda has added the ability to decrypt SSL traffic; nevertheless they have not added any accompanying ability to address latency and protocol chattiness-related performance issues that commonly occur when HTTP is carried over SSL. In contrast, Steelhead appliances can not only “look inside” HTTPS encrypted traffic and deliver disk-based data reduction, but also provide relief from latency and protocol chattiness issues through sophisticated HTTP-specific layer-7 acceleration mechanisms.


Furthermore, many applications such as Citrix ICA, Exchange, Lotus Notes, and Oracle 11i and 12 (including both Sun JRE and Oracle Jinitiator clients) perform an application-specific encoding and/or compression of the data. Here again, Exinda’s compression technology delivers poor results because the data is either already compressed or scrambled through the application’s proprietary data encoding format. But this is not an issue for Steelhead appliances, which are able to address the encoding and/or compression of data performed by the application. For each of these applications (Citrix ICA, Exchange, Lotus Notes, and Oracle E-Business Suite), Steelhead is able to undo the compression and/or encoding mechanism so that SDR deduplication algorithms can be applied directly on the original clear-text format of the data.


Exinda claims they will handle MAPI based on generic compression and TCP improvement. But without any MAPI-specific latency optimization, improvments will be extremely limited. Worse, because Exchange uses a proprietary encryption scheme that is not understood by Exinda, Exinda must ask customers to explicitly turn off both native compression and encryption on their Microsoft servers if they want to achieve meaningful optimization.


A realistic assessment is that Exinda does not support optimizing Exchange as deployed according to Microsoft recommended best practices. In contrast, Steelhead can support the optimization of encrypted Exchange traffic, even with end-to-end Kerberos authentication. Steelhead is also the only solution that offers true protocol-specific latency optimization of Outlook Anywhere (RPC over SSL).


Similarly, Exinda claims that it supports CIFS acceleration. However, the company is unable to support full acceleration of CIFS traffic when it is signed. Unlike Exinda, Riverbed’s CIFS optimization works even when the client has signing set to ‘Required’ – a setting that is mandated by US Federal specifications and other security-focused customers.


The following table provides a comparison of available application-specific optimization capabilities:

Screen Shot 2012-12-10 at 5.09.32 PM.png

Exinda faces continued challenges in the future in keeping up with Riverbed and other large competitors, and it appears to lack the engineering resources needed to introduce and update layer-7 application-specific features and capabilities. Unlike what Exinda claims, end-user quality of experience is either good or bad. It can't be "good enough." Riverbed is committed to excellent end-user experience by fully mitigating all the constraints of the WAN.

(Technical analysis by Frank Lyonnet, Technical Leader, Office of the CTO)

Where is my cloud?

Posted by Filip Verloy Dec 1, 2012

Pixies anyone?


When you use applications on your PC at work in most cases (depending on when you read this) the server component of those applications will be sitting inside your company’s datacenter. A small but growing number of users don’t get all applications from inside their own datacenters but use externally hosted ones in the public cloud. Those applications are delivered as a service across the Internet to your PC, hence Software as a Service or SaaS.


The difference of course being that your IT department tightly controls what happens inside your datacenter and that it is likely to be very close to you as the user of the application, if not, your IT department can alleviate the distance problem (latency makes applications slow) by using WAN optimization.


Recently Google published a video that gives a peek inside one of their datacenters.



Notice something about those servers? They don’t belong to your company do they? And I’m betting you don’t live near that particular datacenter either.


So not having any say about what is installed at the Google datacenter and having lot’s of distance (latency) between your PC and the server powering your application can be a performance nightmare. Latency makes or breaks a SaaS application.

Microsoft also has this rather nice video about their cloud services, it even starts by asking “where is the Microsoft Cloud?”



Obsessed with performance Riverbed has figured out how to accelerate these SaaS applications so you don’t kill the productivity of the average business user who has to use the application every day.



Riverbed, in partnership with Akamai, is delivering SaaS acceleration via our Steelhead Cloud Accelerator (CSA) solution.

We use the Akamai network to find an Akamai server as close as possible to the datacenter powering your SaaS application and spin up a Cloud Steelhead system to provide symmetrical WAN acceleration.



Since you need to traverse the Internet when finding your way to the datacenter hosting your SaaS application there is a good possibility of not having the most efficient route from your PC to the server powering your app. Hence we also use Akamai SureRoute which triplicates the first packet going out to the datacenter and then chooses the path with the fastest round trip response so you not only have a steelhead very close to the datacenter, you now also have the fastest path across the Internet.


The video below shows the actual results of using this technology at Interop 2012 in New York.



So how do you go about enabling this technology? For my next post I’ll walk you through it step by step.

Riverbed has recently released version 2 of the EX platform software, this includes RiOS 8 and Virtual Services Platform v2. VSPv2 runs VMware ESXi 5 as it’s hypervisor layer and as such can be managed by VMware vCenter.


In this post I’ll first cover how to install EX 2 on your existing Riverbed Steelheads and then we’ll look at managing the hypervisor with VMware vCenter.


First thing you need is the new EX 2 firmware which can be downloaded from our support website.



Install the new firmware just like any regular update and reboot the appliance.



After the appliance has rebooted you will notice a new menu option under Configure, called Virtualization. Here you can install the VSP platform and also migrate any legacy VSPv1 packages you have installed.



Before you install ESXi, it is recommended you select the disk layout you need, this will allocate the internal disks on your Steelhead EX platform to your required setup (i.e. will you use the appliance only for Granite, only for VSP, or for a mix of both) by going to the Virtual Services Platform page.



After you have made your selection you can go ahead and launch the ESXi installation wizard.



As you can see the ESXi installation wizard uses a familiar colour scheme to VMware engineers.



The Wizard is pretty self explanatory.
Start by giving ESXi a management IP, this can be placed on either or both our Primary and AUX interface.



Enter the ESXi credentials in order to manage ESXi using vCenter. (or standalone).



If you want you can enter VNC credentials so you can have access to the ESXi console.



After verifying your settings click next to install and configure ESXi.



After the installation has finished you can manage the VSP platform by going to Configure, Virtualization, Virtual Services Platform.



Here you can see the resources currently allocated to the vSphere hypervisor, notice that at the moment we allocate 1 socket (with 2 cores – on the EX760 appliance) to the hypervisor, this is important for VMware licensing, should you choose to do so, if not you can keep running the free version (called embedded license) of the hypervisor by managing each EX appliance separately.



Connect to your vCenter server using the vSphere Client (or Webclient) and add the Steelhead appliance (using the ESXi management address) to vCenter.



At this point you can choose to add a license.


If you change the license, this is reflected on the management console (web interface) of the Steelhead appliance.



After adding the Steelhead appliance to vCenter you can manage it like any other vSphere server.



So there you have it, Steelhead EX version 2, managed by VMware vCenter 5.1.
Happy consolidating!

Riverbed has a joint SaaS optimization solution with Akamai called Steelhead Cloud Accelerator. In this blog post I will show you how to use this technology to accelerate your salesforce (people and the application).

The picture below is a diagram of the lab environment I’ll be using for this setup.



The lab uses a WAN Simulator so we can simulate a cross-atlantic link towards Salesforce.com. For this simulation I have set the link to 200ms latency and 512Kbps.



For the Steelhead Cloud Functionality you need a specific firmware image, available to our customers on http://support.riverbed.com,  you can recognize this by the -sca at the end of the version number (right hand corner in the screenshot below).



Once you are using the firmware you get an additional option under Configure –> Optimization, called Cloud Accelerator. (see screenshot above).


Here you can register the Steelhead in our cloud portal (which is running as a public cloud service itself, running on Amazon Web Services). You can also enable one or more of our currently supported SaaS applications (Google Apps, Salesforce.com, and Office 365).



When you register the appliance on the Riverbed Cloud Portal you need to grant the appliance cloud service to enable it.



Once the appliance is granted service, the status on the Steelhead itself will change to “service ready”



So let’s first look at the unoptimized version of our SaaS application. As you can see in the screenshot below I have disabled the Steelhead optimization service so all connections towards Salesforce.com will be pass-through. You can also see the latency is 214ms on average and the bandwidth is 512Kbps.



I logged into Salesforce.com and am attempting to download a 24MB PowerPoint presentation, as you can see in the screenshot below this is estimated to take about 7 minutes to complete. Time for another nice unproductive cup of coffee…



If we now enable the optimization service on the Steelhead it will automatically detect that we are connecting to Salesforce.com and in conjunction with Akamai spin up a cloud Steelhead on the closest Akamai Edge Server next to the Salesforce.com datacenter I am currently using.


Looking at the current connections on the Steelhead you can see that my connections to Salesforce.com are now being symmetrically optimized by the Steelhead in the Lab and the Cloud Steelhead on the Akamai-ES.



Note the little lightning bolt in the notes section signifying that Cloud Acceleration is on.


Let’s attempt to download the presentation again.



Yeah, I think you could call that faster…


But that is not all, because we are using the same proven Steelhead technology including byte-level deduplication I can edit the PowerPoint file and upload it back to salesforce.com with a minimum of data transfer across the cloud.



I edited the first slide by changing the title and subtitle and will upload the changed file to my SaaS application, notice that the filename itself is also changed.



Looking at the current connections on the Steelhead you can see I am uploading the file at the same breakneck speed since I only need to transfer the changed bytes.




So there you have it, Salesforce.com at lightning speeds!


NOTE: I have not mentioned the SSL based configuration needed to allow us to optimize https based SaaS applications (as all of them are), I will cover this in a later post.