1 2 3 Previous Next


31 Posts

Microsoft Office 365 optionally includes the right to install Microsoft Office 365 ProPlus, a full-featured version of Microsoft Office, on up to five devices per user. This version has several modifications suited to an online service offering, for example, licensing and activation occur automatically over the Internet. In addition, Microsoft has designed Office 365 ProPlus with Click-to-Run installation technology. Click-to-Run streams the setup so you can start using Office before installation is finished and you can install this version of Office side-by-side with previous versions


Installing Office 365 ProPlus from the online Office 365 Portal is very convenient, but as with all cloud services, there are trade-offs. When you install Office from the Internet there may be latency or bandwidth concerns. In addition, in-house ITcannot customize or control Office 365 ProPlus installations from the Office 365 portal.


To avoid overconsumption of Internet bandwidth and allow control over deployments, Microsoft recommends that you install Office 365 ProPlus from a local share. Over 1 GB of information traverses the network for each installation, which can strain WAN connections between branch offices and corporate data centers.


This performance brief shows how WAN optimization technology provided by Riverbed® Steelhead® appliances significantly reduces and potentially eliminates bandwidth concerns when installing Office 365 ProPlus over a WAN.

Deploying a virtual SMC (Steelhead Mobile Controller) is quick and simple. Here, I provide screen shots for a step-by-step look at the process. At the time of this writing, the latest version of SMC software is 4.0.


To begin, you will need to download the latest virtual edition of SMC from the Riverbed Support site. The latest virtual edition will not necessarily be the latest and greatest. In this example, I will install vSMC v3.1.3d (latest on the Support site) and upgrade it to version 4.0. You will need an ESX host and vCenter or vSphere to deploy the .OVA package. I am using VSP resources on a Steelhead EX-760 as my ESX host.


From vSphere or vCenter, deploy the CMC .OVA file as you would with any .OVA:




Verify the template contents and select Next.



Customize the virtual machine name or keep the default.



Since this VM is for lab purposes, I will select "Thin" provisioning.



Make sure the interfaces are assigned properly. Primary should be mapped to rvbd_pri and Aux should be mapped to rvbd_hpn. You may have to switch these from their default assignments. If you cannot access the SMC virtual machine after deployment, check these assignments.



Verify the configuration and begin the deployment.



Deployment should take just a few minutes.



After deployment, power ON the virtual SMC machine.



Open a console window to observe the boot process.



When the machine is finished booting, enter the default credentials of admin / password. The configuration wizard will then start - select "yes" to use the wizard. There are 8 steps to the wizard. Note that this process is the same for both virtual and hardware-based SMC appliances.




Upon completion of the wizard, you may now be able to browse to the virtual SMC in order to upgrade to the latest SMC release. Depending on the SMC version deployed, the location of the upgrade feature could be different than what I show here. For versions prior to SMC v4, click "Setup" on the top menu bar, then "Upgrade Software" on the left-hand selection pane.



I will be upgrading from 3.1.3d to 4.0 using a local file on my laptop.



When the new software is copied to the virtual appliance, it will be selected as the target upon the next reboot.



When upgrading to SMC v4, you will notice the enhanced UI. It now closely resembles the UI of other Riverbed products such as Riverbed Steelheads.




At this point you can add any required licenses.

Deploying a virtual CMC (Central Management Controller) is quick and simple. Here, I provide screen shots for a step-by-step look at the process. At the time of this writing, the latest version of CMC software is 8.0.


To begin, you will need to download the latest virtual edition of CMC from the Riverbed Support site. The latest virtual edition will not necessarily be the latest and greatest. In this example, I will install vCMC v6.5.3 (latest on the Support site) and upgrade it to version 8.0. You will need an ESX host and vCenter or vSphere to deploy the .OVA package. I am using VSP resources on a Steelhead EX-760 as my ESX host.


From vSphere or vCenter, deploy the CMC .OVA file as you would with any .OVA:




Verify the template details. Note, you can change disk provisioning in a future step.



Keep the default name or create your own.



I will change the disk provisioning to "Thin" since this is for a lab.



You may need to switch the interfaces. Make sure that "mgmt" is paired with rvbd_pri and "Aux" is paired with rvbd_hpn. If you cannot access the controller after the installation, check these assignments.



When ready to deploy, select Finish.



The virtual CMC will begin to deploy. This will take just a few minutes to complete.



From vCenter / vSphere, power ON the CMC virtual machine.




Open a console session while the virtual machine is starting.



After the virtual machine boots, enter the default credentials of admin / password. The configuration wizard will then begin - answer "yes" if you want to use the wizard. Note: this process is the same whether you are installing a virtual or hardware-based CMC.



There are 8 steps to the wizard.



Once the wizard completes, you can use a browser to access the CMC.



At this point, be sure to upgrade the CMC to the latest available version (i.e. version 8.0 at the time of this writing).



When the upgrade is completed, a reboot is required to boot to the new version.




At this point, you can add any required licenses.


For more information, see the virtual CMC installation guide by clicking here.

Steelhead Mobile v4.0 is now available for download here.


The available platforms and deployment options for SHM 4.0:

  • SMC for VSP (model 8552 / VSMC-VSP). This installs on EX model Steelheads utilizing VSP (built-in ESXi server)
  • Virtual SMC (model 8650 / V-SMC). This virtual image installs on a supported ESXi server of your choice that meets the hardware requirements.

Note that SMC for RSP is no longer supported as it has been superseded by the SMC for VSP.


Major features in v4.0 include:

  • SMC License Clustering. Multiple instances of SMC's can now be clustered supporting up to 120,000 simultaneous Steelhead Mobile users. Up to 30 nodes per cluster supported. Both appliances and virtual controllers can be a part of the same cluster.
  • Extended Microsoft Windows application support. SHM 4.0 now includes optimization support for SMB signing, encrypted MAPI, encrypted Outlook Anywhere, HTTP traffic for SharePoint, and end-to-end Kerberos authenticated applications.
  • New Windows client UI. A redesigned UI for provisioning large-scale deployments. Features include updated graphical time-based reports for networking, diagnostics, and optimization reports. Policy configuration has been simplified with interactive graphics. Hovering over a single point on a report provides additional details (such as time stamp, LAN and WAN bytes).
  • High availability management through SMC failover across Data Center.
  • SMBv2 for CIFS latency optimization
  • OSX Mountain / Mountain Lion support for CIFS

CMC v8.0 New Features

Posted by Kim Wall Jan 8, 2013

CMC release 8.0 is now available here. The main new feature is the support of devices running Riverbed RiOS v8.0.


Note: CMC 8000 series appliances cannot be upgraded to CMC v8 and therefore are not capable of fully managing Steelheads running v8.0 and greater. The CMC 8000 series have been end of availability since April 2010. Click here for more information on hardware end of availability.


To take advantage of CMC 8.0 you must install on hardware appliance model 8150 or the CMC-VE (ESXi virtual edition). Fast facts for these models:

  • CMC 8150 base appliance comes with 50 licenses (can manage up to 50 Steelheads with the base model)
  • CMC-VE does not include any licenses in the base model. A license pack must be purchased to begin Steelhead management.
  • Both models can take additional licenses in increments of 10 (max of 500 licenses supported)


One of the major differences between the 8000 series and the 8150 series is in how licenses are managed and purchased. The 8000 series were sold with management capacity by model. For example, the CMC-8003 model managed 50 devices, the CMC-8004 managed 100 devices etc. When additional licenses were needed the CMC appliance was enabled as a different model. 


The CMC-8150 appliance is sold as a base appliance with 50 licenses and take additional license packs for growth. When purchasing upgrades to the 8150, the appropriate management packs must be purchased that match the previous model's capacity. The following chart can be used for reference:




Click here for CMC 8.0 software and release notes.

We should be able to optimize RDP traffic if compression is disabled on the RDP session itself (i.e. let Riverbed do the compression rather than the client/remote machines). Encryption level should be "low" on the RDP client as well. RDP sessions are pass-through by default (3389 is in the Interactive port label group). Be sure to either remove 3389 from the port label group or (better practice) create an optimization policy to optimize TCP 3389.


Here is a snippet of info from one of the links below:


By default, the Steelhead will pass-through the Microsoft Remote Desktop Protocol (RDP) part of the Interactive port group, and some customers report performance improvements after optimizing it. There is no RDP-aware latency optimization available in the current RiOS releases, so the gains achieved are purely through reduced data transmission through Scalable Data Referencing (SDR).

  • Optimization of RDP connections requires the sessions be unencrypted and uncompressed.
  • Compression for RDP sessions can be disabled by configuring the client.


Here are a few Riverbed knowledge base articles that may be helpful:



When creating optimization rules for RDP (TCP 3389), consider the following:



In this first of a  two part blog post about Citrix HDX I wanted to explore the impact of HDX on the Wide Area Network, part one will serve as the introduction, and in part two I will testrun some of the scenarios described in part one.

HDX came to be because Citrix was finally getting competitive pressure on its Independent Computing Architecture (ICA) protocol from Microsoft with RDP version 7 and beyond andTeradici/VMware with PCoIP. (And arguably other protocols like Quest EOP Xstream, HP RGS, RedHat SPICE, etc.)

Citrix’s reaction to these competitive pressures has been to elevate the conversation above the protocol, stating that a great user experience is more than just a protocol, thus Citrix created the HDX brand to discuss all the elements in addition to ICA that Citrix claims allow it to deliver the best user experience.

HDX Brands

HDX is not a feature or a technology — it is a brand.

Short for “High Definition user eXperience,” HDX is the umbrella term that encapsulates several different Citrix technologies. Citrix has created HDX sub-brands, these include the list below and each brand represents a variety of technologies:

  • HDX Broadcast (ICA)
    • Capabilities for providing virtual desktops and applications over any network. This is the underlying transport for many of the other HDX technologies; it includes instant mouse click feedback, keystroke latency reduction, multi-level compression, session reliability, queuing and tossing.
  • HDX MediaStream
    • Capabilities for multimedia such as sound and video, using HDX Broadcast as it’s base, including client side rendering (streaming the content to the local client device for playing via local codecs with seamless embedding into the remote session).
    • Flash redirection (Flash v2), Windows Media redirection.
  • HDX Realtime
    • Capabilities for real time communications such as voice and web cameras, using HDX Broadcast as it’s base, it includes EasyCall (VoIP integration), and bi-directional audio functionality.
  • HDX SmartAccess
    • Refers mainly to the Citrix Access Gateway (SSL VPN) and cloud gateway components for single sign-on.
  • HDX RichGraphics  (incl 3D, 3D PRO, and GDI+ remoting)
    • Capabilities in remoting high end graphics using HDX Broadcast as it’s base, uses image acceleration and progressive display for graphically intense images. (formerly known as project appollo)
  • HDX Plug-n-Play
    • Capabilities to provide connectivity for local devices and applications in a virtualized environment, including USB, multi-monitor support, smart card support, special folder redirection, universal printing, and file-type associations.
  • HDX WAN Optimization
    • Capabilities to locally cache bandwidth intensive data and graphics, locally stage streamed applications (formally known as Intellicache, relying mostly on their Branch Repeater product line).
  • HDX Adaptive Orchestration
    • Capabilities that enable seamless interaction between the HDX technology categories. The central concept is that all these components work adaptively to tune the unified HDX offering for the best possible user experience.



The goal of this post is to provide an overview of these HDX sub-brands and technologies that directly relate to the network, and WAN optimization, in order to have a clearer understanding of marketing vs. technology impact.

Not every HDX feature is available on both XenApp and XenDesktop, (and now also VDI in-a-box after the acquisition of Kaviza) the table below shows the feature matrix for both:

hdx table

HDX and the network

As stated before most of the HDX technologies are either existing ICA components or rely on ICA (HDX Broadcast) as a remoting protocol. As such we should be able to (WAN) optimize most of the content within HDX one way or another.

HDX MediaStream

HDX MediaStream is used to optimize the delivery of multimedia content, it interacts with the Citrix Receiver (ICA Client) to determine the optimal rendering location (see overview picture below) for Windows Media and Flash content.

Within HDX MediaStream the process of obtaining the multimedia content and displaying the multimedia content are referenced by the terms fetching and rendering respectively.

Within HDX MediaStream, fetching the content is the process of obtaining or downloading the multimedia content from a location external (Internet, Intranet, fileserver (for WMV only)) to the virtual desktop. Rendering utilizes resources on the machine to decompress and display the content within the virtual desktop. In a Citrix virtual desktop that is being accessed via Citrix Receiver, rendering of content can executed by either the client or the hypervisor depending on the policies and environmental resources available.


Adaptive display (server side rendering) provides the ability to fetch and render multimedia content on the virtual machine running in the datacenter and send the rendered content over ICA to the client device. This translates to more bandwidth needed on the network than client side rendering. Howerver in certain scenarios client side rendering can use more bandwidth than server side rendering, it is after all, adaptive.

HDX MediaStream Windows Media Redirection (client side rendering) provides the ability to fetch Windows Media content (inclusive of WMV, DivX, MPEG, etc.) on the server and render the content within the virtual desktop by utilizing the resources on the client hosting Citrix Receiver (Windows or Linux). When Windows Media Redirection is enabled via Citrix policy, Windows video content is sent to the client through an ICA Virtual Channel in its native, compressed format for optimal performance. The processing capability of the client is then utilized to deliver smooth video playback while offloading the server to maximize server scalability. Since the data is sent in its native compressed format this should result in less bandwidth needed on the network than server side rendering.

HDX MediaStream Flash Redirection  (client side rendering) provides the ability to harness the bandwidth and processing capability of the client to fetch and render Flash content. By utilizing Internet Explorer API hooks, Citrix Receiver is able to securely capture the content request within the virtual desktop and render the Flash data stream directly on the client machine. Added benefits include increased server hypervisor scalability as the servers are no longer responsible for processing and delivering Flash multimedia to the client.

This usually decreases the wan bandwidth requirements by 2 to 4 times compared to Adaptive Display (server side rendering).

HDX MediaStream network considerations

In some cases, Window Media Redirection (client-side rendering of the video) can used significantly more bandwidth than Adaptive Display (server-side rendering of the video).

In the case of low bit rate videos, Adaptive Display may utilize more bandwidth than the native bitrate of the Windows Media content. This extra usage of bandwidth actually occurs since full screen updates are being sent across the connection rather than the actual raw video content.

Packet loss over the WAN connection is the most restricting aspect of an enhanced end-user experience for HDX MediaStream.

Citrix Consulting Solutions recommends Windows Media Redirection (client-side rendering) for WAN connections with a packet loss less than 0.5%.

Windows Media Redirection requires enough available bandwidth to accommodate the video bit rate. This can be controlled using SmartRendering thresholds. SmartRendering controls when the video reverts back to server side rendering because the bandwidth is not available, Citrix recommends setting the threshold to 8Mbps.

WAN optimization should provide the most benefits when the video is rendered on the client since the data stream for the compressed Windows Media content is similar between client devices, once the video has been viewed by one person in the branch, very little bandwidth is consumed when other workers view the same video.

HDX RichGraphics 3D Pro

HDX 3D Pro can be used to deliver any application that is compatible with the supported host operating systems, but is particularly suitable for use with DirectX and OpenGL-driven applications, and with rich media such as video.

The computer hosting the application can be either a physical machine or a XenServer VM with Multi-GPU Passthrough. The Multi-GPU Passthrough feature is available with Citrix XenServer 6.0

For CPU-based compression, including lossless compression, HDX 3D Pro supports any display adapter on the host computer that is compatible with the application that you are delivering. To use GPU-based deep compression, HDX 3D Pro requires that the computer hosting the application is equipped with a NVIDIA CUDA-enabled GPU and NVIDIA CUDA 2.1 or later display drivers installed. For optimum performance, Citrix recommends using a GPU with at least 128 parallel CUDA cores for single-monitor access.

To access desktops or applications delivered with XenDesktop and HDX 3D Pro, users must install Citrix Receiver. GPU-based deep compression is only available with the latest versions of Citrix Receiver for Windows and Citrix Receiver for Linux.

HDX 3D Pro supports all monitor resolutions that are supported by the GPU on the host computer. However, for optimum performance with the minimum recommended user device and GPU specifications, Citrix recommends maximum monitor resolutions for users’ devices of 1920 x 1200 pixels for LAN connections and 1280 x 1024 pixels for WAN connections.

Users’ devices do not need a dedicated GPU to access desktops or applications delivered with HDX 3D Pro.

HDX 3D Pro includes an image quality configuration tool that enables users to adjust in real time the balance between image quality and responsiveness to optimize their use of the available bandwidth.

HDX RichGraphics 3D Pro network considerations

HDX 3D PRO has significant bandwidth requirements depending on the encoding used (NVIDA CUDA encoding, CPU encoding, and Lossless.)


When supported NVIDIA chipsets are utilized, HDX 3D Pro offers the ability to compress the ICA session in a video stream. This significantly reduces bandwidth and CPU usage on both ends by utilizing the NVIDA CUDA-based deep compression. If a NVIDIA GPU is not present to provide compression, the server CPU can be utilized to compress the ICA stream. This method, however, does introduce a significant impact on CPU utilization. The highest quality method for delivering a 3D capable desktop is by using the Lossless option. As the Lossless title states, no compression of the ICA stream occurs allowing for pixel perfect images to be delivered to the end point. This option is available for delivering medical imaging software that cannot have degraded image quality. This level of high quality imaging does come with the price of very high bandwidth requirements.

HDX RichGraphics GDI and GDI+ remoting

GDI (Graphics Device Interface) and GDI+ remoting allows applications (like Microsoft office, wordpad, etc.) to be remoted to the client using native graphics commands instead of bitmaps. By using native graphics commands, it saves on server side CPU, saves network bandwidth and eliminates visual artifacts as it doesn’t need to be compressed using image compression.

General network factors for Remoting protocols (including RDP/RemoteFX, ICA, PCoIP, Quest EoP,…)

  • Bandwidth – the protocols mostly take all they can get, 2 Mbps* is required for a decent user experience. (see planning bandwidth requirements below)
  • Latency – at 50ms things start getting tough (sometimes even at 20ms)
  • Packet loss – should stay under 1%


Planning bandwidth requirements for HDX (XenDesktop example)

Citrix publishes the numbers below in a medium (user load) user environment, this gives some indication as to what to expect in terms of network sizing.

  • MS Office-based                                    43Kbps
  • Internet                                                  85 Kbps
  • Printing (5MB Word doc)                          555-593 Kbps
  • Flash video (server rendered)                   174 Kbps
  • Standard WMV video (client rendered)      464 Kbps
  • HD WMV video (client rendered)              1812 Kbps


These are estimates. If a user watches a WMV HD video with a bit rate of 6.5 Mbps, that user will require a network link with at least that much bandwidth. In addition to the WMV video, the link must also be able to support the other user activities happening at the same time.

Also, if multiple users are expected to be accessing the same type of content (videos, web pages, documents, etc.), integrating WAN Optimization into the architecture can drastically reduce the amount of bandwidth consumed. However, the amount of benefit is based on the level of repetition between users.

Note: Riverbed Steelhead can optimize ICA/HDX traffic extremely well, we even support the newer multi-stream ica protocol. In part 2 of this blog I will demonstrate the effectiveness of Steelhead on HDX traffic and talk about our Citrix specific optimizations like our very effective Citrix QoS, Riverbed Steelheads also have the ability to decode the ICA Priority Packet Tagging that identifies the virtual channel from which each Citrix ICA packet originated.  As part of this capability, Riverbed specifically developed a packet-order queuing discipline that respects the ordering of ICA packets within a flow, even when different packets from a given flow are classified by Citrix into different ICA virtual channels.  This allows the Steelhead to deliver very granular Quality of Service (QoS) enforcement based on the virtual channel in which the ICA data is transmitted.  Most importantly, this feature prevents any possibility of out-of-order packet delivery as a result of Riverbed’s QoS enforcement; out-of-order packet delivery would cause significant degradation in performance and responsiveness for the Citrix ICA user.  Riverbed’s packet-order queuing capability is patent-pending, and not available from any other WAN optimization vendor.

Real world impact can be seen in the picture below of a customer saving 14GB of ICA traffic over a transatlantic link every month.citrixtraff

RiOS 8 - New Features

Posted by Kim Wall Jan 2, 2013

Here are the main (new) features that ship with RiOS v8.0.


  1. CIFS support on MAC OSX Lion / Mountain Lion
    1. Support for SMB v1 signing settings for MAC OSX Lion (10.7) and Mountain Lion (10.8)
  2. New UI Reports
    1. Time series reports have a new design that is interactive, and easy to navigate. The statistics presented in the improved report format are readily accessible and all updates to the report window appear in real time.
  3. QoS DPI: 600+ Apps
    1. Riverbed Application Flow Engine can recognize applications by using port-based classification, application signature matching, protocol dissection, future flow registration, behavioral classification, and others that may hop ports or may otherwise be hard to detect. The application flow engine in RiOS 8.0 can now identify and classify over 600 common Enterprise applications. The engine still allows for custom application definitions making it possible to identify thousands of applications.
  4. QoS: PCoIP
    1. PCoIP is a display compression technology used by VDI solutions such as VMWare View. Riverbed QoS for PCoIP in RiOS v8.0 delivers bandwidth control and latency prioritization for virtual channels within a PCoIP stream, enabling the fine-tuning of traffic including voice, video, and display rendering.
  5. 10Gig performance improvements
    1. An enhancement in RiOS provides up to a 50% performance boost in end to end throughput for 10GE based deployments.
  6. Account control, authenticated NTP, TACACS+
    1. RiOS 8.0 includes enhanced security features including a password manager that offers stronger protection against unauthorized access. Secure communications between Steelheads and NTP servers protect Steelheads from unauthorized NTP servers. With RiOS 8.0, enterprises now have additional deployment options with the addition of access to TACACS+ servers running on IPv6 networks.

RiOS 8.0 release notes can be found here.

Recently, Exinda, a private vendor of WAN optimization products focusing primarily on delivering network visibility and quality of service (QoS), announced that it has won Red Herring's 2012 Top 100 Global award. The honor underscores that the category is growing and big enough to sustain an ecosystem of diverse players.


Red Herring’s assessment puts criteria, such as financial performance, technology innovation, management quality, strategy, and market penetration into their equation. We can’t really chime in on anything apart from Exinda’s “technology innovation,” so why not take a look under the hood: besides, if an online magazine can do it, so can we.


First, a quick primer on WAN performance.


Poor WAN performance is not only a result of network congestion and insufficient bandwidth, but is also caused by the combination of high network latency and chatty protocol behavior exhibited by many applications. When taking place over a LAN, these chatty conversations have no noticeable impact on performance because the transmission latency in a LAN is near zero. However, over a wide-area link with latency in the dozens of milliseconds, these multiple round-trips potentially become the primary barrier to achieving adequate performance.


To accelerate WAN environments, WAN optimization devices must have layer-7 application-specific optimization capabilities. Without it, applications that exhibit chatty protocol behavior will experience very slow performance when accessing data over the WAN, regardless of the amount of compression and data elimination achieved by the WAN optimization device. Layer-7 capabilities are also important to address encryption or special data encoding that many applications perform on their data. Without this capability, compression and data deduplication mechanisms designed to eliminate redundant data are ineffective.


Exinda’s ability to address latency, protocol chattiness, and data encoding issues is limited to just to a few protocols and some specific use cases.


To address chatty application protocol behavior, Steelhead appliances provide protocol-specific optimizations for CIFS, NFS, Microsoft Exchange, Lotus Notes, MS-SQL, HTTP, and HTTPS. By using knowledge of inefficient behavior in each of these protocols, Steelhead is able to reduce the number of round-trips in client-server operations. Customers get the ability to address protocol inefficiencies for the widest range of different application protocols, thereby delivering LAN-like performance over the WAN for the greatest number of different applications.


Exinda has added the ability to decrypt SSL traffic; nevertheless they have not added any accompanying ability to address latency and protocol chattiness-related performance issues that commonly occur when HTTP is carried over SSL. In contrast, Steelhead appliances can not only “look inside” HTTPS encrypted traffic and deliver disk-based data reduction, but also provide relief from latency and protocol chattiness issues through sophisticated HTTP-specific layer-7 acceleration mechanisms.


Furthermore, many applications such as Citrix ICA, Exchange, Lotus Notes, and Oracle 11i and 12 (including both Sun JRE and Oracle Jinitiator clients) perform an application-specific encoding and/or compression of the data. Here again, Exinda’s compression technology delivers poor results because the data is either already compressed or scrambled through the application’s proprietary data encoding format. But this is not an issue for Steelhead appliances, which are able to address the encoding and/or compression of data performed by the application. For each of these applications (Citrix ICA, Exchange, Lotus Notes, and Oracle E-Business Suite), Steelhead is able to undo the compression and/or encoding mechanism so that SDR deduplication algorithms can be applied directly on the original clear-text format of the data.


Exinda claims they will handle MAPI based on generic compression and TCP improvement. But without any MAPI-specific latency optimization, improvments will be extremely limited. Worse, because Exchange uses a proprietary encryption scheme that is not understood by Exinda, Exinda must ask customers to explicitly turn off both native compression and encryption on their Microsoft servers if they want to achieve meaningful optimization.


A realistic assessment is that Exinda does not support optimizing Exchange as deployed according to Microsoft recommended best practices. In contrast, Steelhead can support the optimization of encrypted Exchange traffic, even with end-to-end Kerberos authentication. Steelhead is also the only solution that offers true protocol-specific latency optimization of Outlook Anywhere (RPC over SSL).


Similarly, Exinda claims that it supports CIFS acceleration. However, the company is unable to support full acceleration of CIFS traffic when it is signed. Unlike Exinda, Riverbed’s CIFS optimization works even when the client has signing set to ‘Required’ – a setting that is mandated by US Federal specifications and other security-focused customers.


The following table provides a comparison of available application-specific optimization capabilities:

Screen Shot 2012-12-10 at 5.09.32 PM.png

Exinda faces continued challenges in the future in keeping up with Riverbed and other large competitors, and it appears to lack the engineering resources needed to introduce and update layer-7 application-specific features and capabilities. Unlike what Exinda claims, end-user quality of experience is either good or bad. It can't be "good enough." Riverbed is committed to excellent end-user experience by fully mitigating all the constraints of the WAN.

(Technical analysis by Frank Lyonnet, Technical Leader, Office of the CTO)

Where is my cloud?

Posted by Filip Verloy Dec 1, 2012

Pixies anyone?


When you use applications on your PC at work in most cases (depending on when you read this) the server component of those applications will be sitting inside your company’s datacenter. A small but growing number of users don’t get all applications from inside their own datacenters but use externally hosted ones in the public cloud. Those applications are delivered as a service across the Internet to your PC, hence Software as a Service or SaaS.


The difference of course being that your IT department tightly controls what happens inside your datacenter and that it is likely to be very close to you as the user of the application, if not, your IT department can alleviate the distance problem (latency makes applications slow) by using WAN optimization.


Recently Google published a video that gives a peek inside one of their datacenters.



Notice something about those servers? They don’t belong to your company do they? And I’m betting you don’t live near that particular datacenter either.


So not having any say about what is installed at the Google datacenter and having lot’s of distance (latency) between your PC and the server powering your application can be a performance nightmare. Latency makes or breaks a SaaS application.

Microsoft also has this rather nice video about their cloud services, it even starts by asking “where is the Microsoft Cloud?”



Obsessed with performance Riverbed has figured out how to accelerate these SaaS applications so you don’t kill the productivity of the average business user who has to use the application every day.



Riverbed, in partnership with Akamai, is delivering SaaS acceleration via our Steelhead Cloud Accelerator (CSA) solution.

We use the Akamai network to find an Akamai server as close as possible to the datacenter powering your SaaS application and spin up a Cloud Steelhead system to provide symmetrical WAN acceleration.



Since you need to traverse the Internet when finding your way to the datacenter hosting your SaaS application there is a good possibility of not having the most efficient route from your PC to the server powering your app. Hence we also use Akamai SureRoute which triplicates the first packet going out to the datacenter and then chooses the path with the fastest round trip response so you not only have a steelhead very close to the datacenter, you now also have the fastest path across the Internet.


The video below shows the actual results of using this technology at Interop 2012 in New York.



So how do you go about enabling this technology? For my next post I’ll walk you through it step by step.

Riverbed has recently released version 2 of the EX platform software, this includes RiOS 8 and Virtual Services Platform v2. VSPv2 runs VMware ESXi 5 as it’s hypervisor layer and as such can be managed by VMware vCenter.


In this post I’ll first cover how to install EX 2 on your existing Riverbed Steelheads and then we’ll look at managing the hypervisor with VMware vCenter.


First thing you need is the new EX 2 firmware which can be downloaded from our support website.



Install the new firmware just like any regular update and reboot the appliance.



After the appliance has rebooted you will notice a new menu option under Configure, called Virtualization. Here you can install the VSP platform and also migrate any legacy VSPv1 packages you have installed.



Before you install ESXi, it is recommended you select the disk layout you need, this will allocate the internal disks on your Steelhead EX platform to your required setup (i.e. will you use the appliance only for Granite, only for VSP, or for a mix of both) by going to the Virtual Services Platform page.



After you have made your selection you can go ahead and launch the ESXi installation wizard.



As you can see the ESXi installation wizard uses a familiar colour scheme to VMware engineers.



The Wizard is pretty self explanatory.
Start by giving ESXi a management IP, this can be placed on either or both our Primary and AUX interface.



Enter the ESXi credentials in order to manage ESXi using vCenter. (or standalone).



If you want you can enter VNC credentials so you can have access to the ESXi console.



After verifying your settings click next to install and configure ESXi.



After the installation has finished you can manage the VSP platform by going to Configure, Virtualization, Virtual Services Platform.



Here you can see the resources currently allocated to the vSphere hypervisor, notice that at the moment we allocate 1 socket (with 2 cores – on the EX760 appliance) to the hypervisor, this is important for VMware licensing, should you choose to do so, if not you can keep running the free version (called embedded license) of the hypervisor by managing each EX appliance separately.



Connect to your vCenter server using the vSphere Client (or Webclient) and add the Steelhead appliance (using the ESXi management address) to vCenter.



At this point you can choose to add a license.


If you change the license, this is reflected on the management console (web interface) of the Steelhead appliance.



After adding the Steelhead appliance to vCenter you can manage it like any other vSphere server.



So there you have it, Steelhead EX version 2, managed by VMware vCenter 5.1.
Happy consolidating!

Riverbed has a joint SaaS optimization solution with Akamai called Steelhead Cloud Accelerator. In this blog post I will show you how to use this technology to accelerate your salesforce (people and the application).

The picture below is a diagram of the lab environment I’ll be using for this setup.



The lab uses a WAN Simulator so we can simulate a cross-atlantic link towards Salesforce.com. For this simulation I have set the link to 200ms latency and 512Kbps.



For the Steelhead Cloud Functionality you need a specific firmware image, available to our customers on http://support.riverbed.com,  you can recognize this by the -sca at the end of the version number (right hand corner in the screenshot below).



Once you are using the firmware you get an additional option under Configure –> Optimization, called Cloud Accelerator. (see screenshot above).


Here you can register the Steelhead in our cloud portal (which is running as a public cloud service itself, running on Amazon Web Services). You can also enable one or more of our currently supported SaaS applications (Google Apps, Salesforce.com, and Office 365).



When you register the appliance on the Riverbed Cloud Portal you need to grant the appliance cloud service to enable it.



Once the appliance is granted service, the status on the Steelhead itself will change to “service ready”



So let’s first look at the unoptimized version of our SaaS application. As you can see in the screenshot below I have disabled the Steelhead optimization service so all connections towards Salesforce.com will be pass-through. You can also see the latency is 214ms on average and the bandwidth is 512Kbps.



I logged into Salesforce.com and am attempting to download a 24MB PowerPoint presentation, as you can see in the screenshot below this is estimated to take about 7 minutes to complete. Time for another nice unproductive cup of coffee…



If we now enable the optimization service on the Steelhead it will automatically detect that we are connecting to Salesforce.com and in conjunction with Akamai spin up a cloud Steelhead on the closest Akamai Edge Server next to the Salesforce.com datacenter I am currently using.


Looking at the current connections on the Steelhead you can see that my connections to Salesforce.com are now being symmetrically optimized by the Steelhead in the Lab and the Cloud Steelhead on the Akamai-ES.



Note the little lightning bolt in the notes section signifying that Cloud Acceleration is on.


Let’s attempt to download the presentation again.



Yeah, I think you could call that faster…


But that is not all, because we are using the same proven Steelhead technology including byte-level deduplication I can edit the PowerPoint file and upload it back to salesforce.com with a minimum of data transfer across the cloud.



I edited the first slide by changing the title and subtitle and will upload the changed file to my SaaS application, notice that the filename itself is also changed.



Looking at the current connections on the Steelhead you can see I am uploading the file at the same breakneck speed since I only need to transfer the changed bytes.




So there you have it, Salesforce.com at lightning speeds!


NOTE: I have not mentioned the SSL based configuration needed to allow us to optimize https based SaaS applications (as all of them are), I will cover this in a later post.

originally posted on October 3, 2012

Today at Interop NY, Riverbed announced the integration of VMware vSphere with the Steelhead EX and also separately announced enhancements to RiOS, now version 8.0, Steelhead Mobile, now version 4.0 and the introduction of the Steelhead CX 5055/7055 model appliances.

Below is a podcast, an intro video, and some slides summarizing the announcement today.




Also check out our presentation on slideshare!


(view original post)

Written by M. Kelly on December 5, 2011


In the spirit of giving during this Holiday season, Riverbed is pleased to announce RiOS 7.0, the next major release of the intelligent software brain running inside Riverbed’s market leading Steelhead WAN optimization appliances.

The release of RiOS 7 comes at the end of a fantastic 2011 for Riverbed, one in which the company’s flagship Steelhead product continued to gain momentum in the more-than-one-billion-dollar WAN Optimization market.  According to the most recent market share data from Gartner, Steelhead now boasts a commanding 51.7% market share, more than twice the next closest competitor.  For the first time, customers are selecting Steelhead more often than all other competitive alternatives combined.

RiOS 7 is a major step forward for Riverbed, though it has presented a bit of a challenge for our marketing team.  Why?  Generally major releases of RiOS can be characterized by primary themes.  For example, RiOS 6.5 was all about Quality of Service (QoS).  RiOS 6.0 was all about VDI and Citrix ICA optimization.

RiOS 7 is different in that it is comprised of several high-profile, yet equally valuable features and capabilities. Therefore, we’ve elected to use the wide range of features of RiOS 7.0 as its launch theme: A Little Something for Everyone.

New Features Optimize Applications Customers Care About Most

VIDEO - Let’s start with an industry first for video optimization.  RiOS 7 features native live stream splitting support for Microsoft Silverlight and Adobe Flash, no other vendor in the world supports both.  This will allow the increasing number of companies adopting video to optimize live video streaming over a global network, enabling single streams to travel across the wide area network to regional offices where multiple users can view the live stream from regional branch Steelheads sitting at the edge of the network.

With RiOS 7, Riverbed is broadening its protocol optimizations to include UDP optimization.  Often used by voice, video and disaster recovery applications, UDP represents a stable, if not growing,  percentage of overall Internet traffic.  With UDP optimization, Riverbed allows organizations to de-duplicate traffic flowing across UDP.  When combined with traditional TCP optimization, Riverbed delivers the most complete WAN optimization offering on the market.


IPv6 – RiOS 7 enables organizations to optimize traffic over IPv6. While the move to IPv6 has been slower than many first projected, organizations know IPv6 is coming.  For a growing number of organizations, IPv6 is a reality today.

VDI – Virtual Desktop Infrastructure (VDI) environments have long been an area of focus for Riverbed because of the inherent performance challenges that result when separating users from their data over a network.  Today, Riverbed optimizes traffic in Citrix, VMware View and Microsoft Remote FX environments.  New in RiOS 7, Riverbed is adding acceleration and optimization capabilities known as Client Drive Mapping.  With this feature, as users plug thumb drives representing their desktop into thin client devices, Riverbed can accelerate all round trips between the thin client devices and associated centralized destinations.

PRE-POPULATION - Riverbed is enhancing pre-population capabilities over both HTTP and CIFS.  Now, IT professionals can pre-populate a video or file from a centralized location out to distributed locations world-wide, eliminating surges in traffic when content is requested company-wide.  For example, HR professionals can push an entire library of enrollment forms or compliance videos out to regional locations prior to asking employees to sign up for a new program or comply with new regulations.

INTEGRATION - Integration is a key component of the RiOS 7 release.  Both Cascade Shark and well as Skipware are now natively embedded in Steelhead with RiOS 7.  Cascade Shark on-demand packet capture delivers greater visibility into traffic flowing across corporate networks, while Skipware gives organizations native Satellite optimization capabilities right on the Steelhead appliance.

SECURITY – RiOS 7 optimizes Encrypted Lotus Notes traffic, in addition to Microsoft Online Services traffic, delivering increased performance for messaging and collaboration solutions including Exchange Online, SharePoint Online and Office Live.  End-to-End Kerberos authentication support has also been added in RiOS 7.

I hope you get a chance to enjoy the “gift” that RiOS 7 is this Holiday season.  We’re quite proud of this release, and look forward to many more in the future.

(Read the original blog post)

Filter Blog

By date:
By tag: