Riverbed Tech Event 2014 Wan Optimization. Copyright 2014 Data Systems, todos os direitos reservados.

Riverbed Tech Event 2014 Wan Optimization

Agenda 09:00 Check-in 09:30 Apresentação Riverbed Wan Optimization 11:00 Coffee-Break 11:30 Riverbed Wan Optimization (continuação) 13:00 - Almoço 14:30 Riverbed Wan Optimization Hands On 16:30 Coffee-Break Copyright 2013 DataSystems, todos os direitos reservados. 2

RiOS: Overcoming the Bottlenecks 3

RiOS: Underlying Framework 4

RiOS: Scalable Data Reference (SDR)

RiOS: Data Streamlining Files & Data Data Request Reconstructed Files & Data WAN DATA CENTER BRANCH OFFICE Requests go directly from the client to the server Steelhead auto-intercepts response, and segments data De-dupes data so only new bytes compressed & sent over the WAN 16-Byte references represent megabytes of warm data Remote Steelhead reconstructs data and delivers it to the client Works bi-directionally, cross-protocol and across applications 6

RiOS: Transport Streamlining overcomes TCP Limitations The net effect is a 60-98% reduction in TCP round trips WAN DATA CENTER BRANCH OFFICE Make TCP payload bigger Data 16KB Repack payload to with references 100KB+ From 100KB+ to Virtual 1MB+ References New data 7

Application Streamlining overcomes Application Protocol Limitations Request Optimized WAN Transfer WAN DATA CENTER BRANCH OFFICE Steelhead completes transaction locally Steelhead completes transaction locally The net effect is 65-98% reduction in WAN round trips 8

RiOS Auto-Discovery 9

Steelhead Transparency modes 10

In-Path Rules: Connection Interception 11

Peering Rules: Adding a Peering Rule 12

Deployment Options 13

Server-side Out-of-Path Deployment (SSOOP) 14

Hybrid Deployment 15

Connection Forwarding in Parallel Deployments 16

Configuring Connection Forwarding 17

In-path First Connection Packet Flow 18

Enhanced Auto-Discovery Simplifies deployments for complex environments Automatically finds and optimizes between most distant Steelhead pair Eliminates the need for manual peering rules Requires no additional configuration Supports unlimited Steelheads in transit between C-SH and S-SH Improves performance finds optimal Steelhead pairing for maximum optimization DATA CENTER BRANCH OFFICE 19

Satellite Cleans TCP Field Options 20

Optimize only for Wan 21

Optimize San Francisco New York 22

Active-Active sync for business critical WAN optimization Customers believe Steelhead appliances are critical infrastructure Downtime is not an option High availability with datastore synchronization o Both Steelheads can optimize connections o Both Steelheads share the same segstore data o Supports both serial and parallel clustering (1:1 mode) DATA CENTER X sync Same warm performance BRANCH OFFICE 23

In-path Redundancy using Master/Backup Failover 24

Data Store Synchronization 25

Secure Vault 26

Segstore Encryption 27

Physical and Logical Interfaces 28

Steelhead Desktop Chassis 29

Steelhead 1U Rack Chassis 30

Steelhead NICs 31

Steelhead Initial Configuration 32

Post Install 33

Steelhead Health Check 34

Troubleshooting Duplex Mismatch 35

Troubleshooting Firewall Filtering 36

Packet Ricochet 37

Packet Ricochet 38

Packet Ricochet 39

Packet Ricochet 40

Asymmetric Routing 41

Troubleshooting Asymmetric Routing 42

Information Dumps 43

Steelhead in Window s Domains 44

Configure Steelhead for Window s Domains 45

File System Protocol Errors 46

File System Protocol Errors 47

Exchange Configuration 48

MAPI & CIFS Prepopulation 49

SSL Configuration 50

SSL Server Certificate Configuration 51

SSL Peering Trust Configuration 52

SSL Acceleration Request Optimized WAN transfer over SSL BRANCH OFFICE WAN DATA CENTER SSL Auto-discovery Temporary Session Key SSL session setup SSL Certificates and private keys copied to server-side Steelhead appliance (no certificate faking in branch offices) Steelheads use their own identity Certs to establish secure connection On secure data request, client connection is intercepted by sever-side Steelhead Server-side SH establishes SSL connection with origin server and client Temporary session key/client session is migrated to client-side Steelhead Transfers accelerated via RiOS; End-to-End SSL encryption maintained; Optionally, Steelhead-to-Steelhead IPSec can secure Raw data in motion Legend SSL Certificate Temporary Session Key Secured connection Encrypted Data Store feature protects Data at rest - AES 128, 192, 256-bit 53

Enhanced HTTP/HTTPS App Streamlining: how it works Intelligent learning mechanism more effective than any other method Optimized WAN Transfer Page request WAN DATA CENTER BRANCH OFFICE 1. Request is seen by client-side Steelhead 2. Client-side Steelhead has knowledge of the objects on the page 3. Client-side Steelhead forwards requests of all page objects in parallel 4. RiOS streamlining optimizes WAN transfer 5. Steelhead appliance learns about the objects/pages if it didn t know them before

What does QoS Do? 55

When is QoS Useful? 56

QoS Enforcement On Steelheads 57

Citrix Optimization 58

Steelhead System Alerts 59

Steelhead email Alerts 60

IPsec 61

Interceptor Steelhead Aware Load-Balancer 62

Interceptor Rules 63

Steelhead Mobile Deployment & Operation Steelhead Mobile Controller Mobile Users WAN or Home Users Internet VPN Steelhead Appliance DMZ DATA CENTER 1. Steelhead Mobile Controller deployed in the data center 2. Client establishes a WAN/VPN connection as they usually do Small Branch Offices 3. Once connected, Steelhead Mobile first gets policy and license from the Controller 4. Steelhead Mobile then connects to the Steelhead appliance & begins accelerating data transfers 64

Steelhead Mobile Controllers 65

Steelhead Mobile Client Configuration 66

Steelhead Mobile Considerations 67

Location Awareness Overview 68

Location Awareness Overview 69

Branch Warming Process Overview 70

Branch Warming Process Overview 71

CMC Overview 72

CMC Features 73

Automatic Registration and Configuration 74

Touchless Steelhead Deployment With CMC 75

Optimizing Office365 with SCA 76

SCA and Certificates 77

Contactos Data Systems Nuno Carvalho Fausto Martins n.carvalho@datasystems.pt f.martins@datasystems.pt Tiago Vaz t.vaz@datasystems.pt Márcio Isidro m.isidro@datasystems.pt Departamento Técnico suporte@datasystems.pt Departamento de marketing Marketing@datasystems.pt Departamento comercial comercial@datasystems.pt Website Siga-nos nas comunidades online Obrigado. 78