Steelhead Central Management Console User’s Guide

Version 6.0 June 2010

© 2003-2010 Riverbed Technology, Incorporated. All rights reserved. Riverbed Technology, Riverbed, Steelhead, RiOS, Interceptor and the Riverbed logo are trademarks or registered trademarks of Riverbed Technology, Inc. All other trademarks used or mentioned herein belong to their respective owners. Linux is a trademark of Linus Torvalds in the United States and in other countries. VMware is a trademark of VMware, Incorporated. Oracle and JInitiator are trademarks or registered trademarks of Oracle Corporation. Microsoft, Windows, Vista, Outlook, and Internet Explorer are trademarks or registered trademarks of Microsoft Corporation. UNIX is a registered trademark in the United States and in other countries, exclusively licensed through X/Open Company, Ltd. Parts of this product are derived from the following software: Apache © 2000-2003. The Apache Software Foundation. All rights reserved. Busybox © 1999-2005 Eric Andersen ethtool © 1994, 1995-8, 1999, 2001, 2002 Free Software Foundation, Inc. Less © 1984-2002 Mark Nudelman Libevent © 2000-2002 Niels Provos. All rights reserved. LibGD, Version 2.0 licensed by Boutell.Com, Inc. Libtecla © 2000, 2001 by Martin C. Shepherd. All rights reserved. Linux Kernel © Linus Torvalds login 2.11 © 1993 The Regents of the University of California. All rights reserved. md5, md5.cc © 1995 University of Southern California, © 1991-2, RSA Data Security, Inc. my_getopt.{c,h} © 1997, 2000, 2001, 2002, Benjamin Sittler. All rights reserved. NET-SNMP © Copyright 1989, 1991, 1992 by Carnegie Mellon University. All rights reserved. Derivative Work - 1996, 1998-2000 Copyright 1996, 1998-2000 The Regents of the University of California. All rights reserved. OpenSSH © 1983, 1990, 1992, 1993, 1995, 1993 The Regents of the University of California. All rights reserved. pam © 2002-2004 Tall Maple Systems, Inc. All rights reserved. pam-radius © 1989, 1991 Free Software Foundation, Inc. pam-tacplus © 1997-2001 by Pawel Krawczyk sscep © 2003 Jarkko Turkulainen. All rights reserved. ssmtp © GNU General Public License syslogd © 2002-2005 Tall Maple Systems, Inc. All rights reserved. Vixie-Cron © 1988, 1990, 1993, 1994 by Paul Vixie. All rights reserved. Zile © 1997-2001 Sandro Sigalam © 2003 Reuben Thomas. All rights reserved. This product includes software developed by the University of California, Berkeley and its contributors. This product is derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm. For detailed copyright and license agreements or modified source code (where required), see the Riverbed Support site at https://support.riverbed.com. Certain libraries were used in the development of this software, licensed under GNU Lesser General Public License, Version 2.1, February 1999. For a list of libraries, see the Riverbed Support at https://support.riverbed.com. You must log in to the support site to request modified source code. Other product names, brand names, marks, and symbols are registered trademarks or trademarks of their respective owners. The content of this manual is furnished on a RESTRICTED basis and is subject to change without notice and should not be construed as a commitment by Riverbed Technology, Incorporated. Use, duplication, or disclosure by the U.S. Government is subject to restrictions set forth in Subparagraphs (c) (1) and (2) of the Commercial Computer Software Restricted Rights at 48 CFR 52.227-19, as applicable. Riverbed Technology, Incorporated assumes no responsibility or liability for any errors or inaccuracies that may appear in this book.

Riverbed Technology
199 Fremont Street San Francisco, CA 94105 Phone: 415.247.8800 Fax: 415.247.8801 Web: http://www.riverbed.com

Part Number 712-00009-08

Contents

Preface........................................................................................................................................................ 9 About This Guide ..........................................................................................................................................9 Types of Users .........................................................................................................................................9 Document Conventions .......................................................................................................................10 Hardware and Software Dependencies....................................................................................................11 Ethernet Network Compatibility...............................................................................................................11 SNMP-Based Management Compatibility...............................................................................................11 CMC Compatibility .....................................................................................................................................12 Additional Resources ..................................................................................................................................12 Online Notes..........................................................................................................................................13 Riverbed Documentation ....................................................................................................................13 Online Documentation.........................................................................................................................13 Riverbed Knowledge Base ..................................................................................................................13 Contacting Riverbed....................................................................................................................................13 Internet ...................................................................................................................................................13 Riverbed Technical Support ................................................................................................................13 Professional Services ............................................................................................................................14 Documentation......................................................................................................................................14 Chapter 1 - Overview of the CMC ............................................................................................................15 Overview of the CMC .................................................................................................................................15 Centralized Configuration with Groups and Policies.....................................................................16 Inheriting or Overriding Policy Settings from a Parent Group .....................................................16 Fetching Configurations ......................................................................................................................17 Upgrading from Previous Versions of the CMC .....................................................................................17 Group Membership ..............................................................................................................................17 Profiles to Policies.................................................................................................................................17 Policy Association.................................................................................................................................18 General Appliance Configuration......................................................................................................18 Migration Procedures...........................................................................................................................19 Steelhead Appliance Auto-Registration ...................................................................................................21

Steelhead Central Management Console User’s Guide

iii

Contents

CMC Command-Line Interface .................................................................................................................23 Connecting to the CMC ..............................................................................................................................23 The Home Page.....................................................................................................................................26 Navigating in the CMC...............................................................................................................................28 Saving Your Configuration .................................................................................................................30 Printing Pages and Reports.................................................................................................................30 Getting Help .................................................................................................................................................30 Displaying Online Help.......................................................................................................................30 Logging Out ..........................................................................................................................................30 Chapter 2 - Configuring the CMC............................................................................................................31 Configuring Network Settings...................................................................................................................32 Configuring Host Settings...................................................................................................................32 Configuring Settings for the Network Interfaces.............................................................................36 Configuring System Settings......................................................................................................................39 Creating Announcements....................................................................................................................39 Setting Alarm Parameters ...................................................................................................................40 Configuring Monitored Ports .............................................................................................................42 Setting SNMP Basic Parameters and Trap Receivers ......................................................................43 Setting SNMP v3 Parameters ..............................................................................................................45 Setting SNMP ACLs Parameters ........................................................................................................47 Setting Up Email Notifications ...........................................................................................................50 Configuring Logging ...........................................................................................................................53 Configuring Security Settings ....................................................................................................................56 Configuring General Security Settings..............................................................................................57 Configuring CMC Security Settings ..................................................................................................58 Managing User Permissions ...............................................................................................................61 Configuring RADIUS Server Authentication...................................................................................68 Configuring TACACS+ Server Authentication................................................................................70 Unlocking the Secure Vault .................................................................................................................72 Configuring Management ACL..........................................................................................................73 Configuring Web Settings ...................................................................................................................74 Maintaining Your System ...........................................................................................................................75 Working with External CMC Backups ..............................................................................................76 Viewing Daily Maintenance Window Settings ................................................................................81 Displaying Job Status ...........................................................................................................................82 Managing Licenses ...............................................................................................................................84 Upgrading Your Software ...................................................................................................................85 Rebooting and Shutting Down the CMC ..........................................................................................86 Changing the Administrative Password ..................................................................................................87 Managing Configuration Files ...................................................................................................................88 Chapter 3 - Managing Appliance Groups ...............................................................................................91 Managing Appliances and Appliance Groups ........................................................................................91 Using the Trust Appliances by Key Feature .....................................................................................93

iv

Steelhead Central Management Console User’s Guide

Contents

Creating a New Appliance Group .....................................................................................................94 Registering New Appliances ..............................................................................................................95 Editing Appliance Configurations .....................................................................................................96 Managing or Viewing Appliance Host Settings...............................................................................99 Managing or Viewing Appliance Base Interfaces Settings...........................................................100 Managing or Viewing Appliance In-Path Interface Settings........................................................102 Managing or Viewing Appliance SSL Settings ..............................................................................105 Working with Policies ...............................................................................................................................130 Understanding Policies and Policy Usage ......................................................................................130 Creating Policy Settings.....................................................................................................................133 Editing Policy Settings .......................................................................................................................134 Assigning Policies...............................................................................................................................136 Viewing and Managing System Operation History .............................................................................137 Managing Appliance Backup/Restore ...................................................................................................139 Performing Backups on an Appliance.............................................................................................139 Restoring a Backup Configuration to an Appliance......................................................................140 Removing Backup Configurations...................................................................................................141 Configuring Upgrades ..............................................................................................................................142 Configuring RSP Appliances ...................................................................................................................144 Configuring RSP Image Library ..............................................................................................................146 Configuring RSP Package Library...........................................................................................................147 Chapter 4 - Displaying and Customizing Reports ...............................................................................149 Displaying Managed Steelheads Reports and Logs .............................................................................149 Viewing Optimized Throughput Reports.......................................................................................150 Viewing Bandwidth Optimization Reports ....................................................................................153 Viewing Data Reduction Reports .....................................................................................................155 Viewing Traffic Summary Reports ...................................................................................................158 Viewing Connection History Reports..............................................................................................160 Viewing Connection Forwarding Reports ......................................................................................163 Viewing Connection Pooling Reports .............................................................................................164 Viewing HTTP Stats (Steelhead v5+) Reports ................................................................................166 Viewing HTTP Stats (Steelhead v4) Reports ..................................................................................170 Viewing SSL Servers Reports............................................................................................................172 Viewing NFS Reports.........................................................................................................................175 Viewing Data Store SDR-Adaptive Reports ...................................................................................177 Viewing Data Store Cost Reports .....................................................................................................179 Viewing Data Store Disk Load Reports...........................................................................................181 Viewing Data Store Hit Rate Reports ..............................................................................................182 Viewing Data Store IO Reports.........................................................................................................184 Viewing Data Store Read Efficiency Reports..................................................................................187 Viewing DNS Cache Hits Reports....................................................................................................189 Viewing DNS Cache Utilization Reports ........................................................................................190 Viewing QoS Stats Dropped Reports...............................................................................................192 Viewing QoS Stats Sent Reports .......................................................................................................194 Displaying Steelhead Diagnostics Reports ............................................................................................197

Steelhead Central Management Console User’s Guide

v

Contents

Viewing CPU Utilization Reports ....................................................................................................198 Viewing Memory Paging Reports ....................................................................................................199 Viewing Appliance Details Reports .................................................................................................200 Viewing Health Check Details Reports ...........................................................................................203 Downloading Group Logs Reports..................................................................................................203 Viewing Expiring Certificates Reports ............................................................................................204 Viewing Data Store Status Reports ..................................................................................................205 Displaying CMC Diagnostics Reports ....................................................................................................205 Viewing the Alarm Status Report ....................................................................................................206 Viewing CPU Utilization Report ......................................................................................................208 Viewing Memory Paging Report......................................................................................................208 Viewing User Logs Report ................................................................................................................209 Downloading User Logs Report.......................................................................................................211 Viewing System Logs Reports ..........................................................................................................212 Downloading System Log Files Reports .........................................................................................213 Viewing the System Dumps List Report .........................................................................................213 Viewing Process Dump List Reports ...............................................................................................214 Viewing the TCP Dumps List Reports.............................................................................................214 Exporting Performance Statistics Reports..............................................................................................217 Appendix A - Policy Parameters and Settings .....................................................................................221 Viewing Policy Configurations................................................................................................................221 Optimization Policy Settings....................................................................................................................224 General Service Settings ....................................................................................................................224 In-Path Rules .......................................................................................................................................226 Peering Rules.......................................................................................................................................233 Service Ports ........................................................................................................................................235 Data Store.............................................................................................................................................236 Performance.........................................................................................................................................238 Protocols CIFS .....................................................................................................................................240 Protocols CIFS Prepopulation...........................................................................................................243 Protocols HTTP ...................................................................................................................................244 Protocols Oracle Forms......................................................................................................................247 Protocols MAPI ...................................................................................................................................249 Protocols MS-SQL...............................................................................................................................251 Protocols NFS ......................................................................................................................................252 Protocols Lotus Notes ........................................................................................................................254 Protocols Citrix ICA ...........................................................................................................................254 Windows Domain Auth.....................................................................................................................255 SSL Main Settings ...............................................................................................................................255 SSL Peering..........................................................................................................................................257 Certificate Authorities........................................................................................................................260 SSL Advanced Settings ......................................................................................................................260 Secure Peering (IPSEC) ......................................................................................................................262 System Settings Policies ............................................................................................................................264 Announcements ..................................................................................................................................264 Alarms ..................................................................................................................................................265

vi

Steelhead Central Management Console User’s Guide

...........................................................................................................................................................298 User Permissions .........................................................................................................................................................................................................................279 Simplified Routing ...........................................298 General Security Settings.........................................................................................................................................................................................................284 Connection Forwarding.......................................................................................................................................................................................................................................................................................................................277 WCCP ..................................................................................................................294 Port Labels ..........316 Acronyms and Abbreviations.................304 Branch Services Settings .........................273 Logging .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................308 Appendix B ...............Riverbed System Ports ....CMC Management Information Base (MIB) ............................................................................................................................................................................................................................................................................................................309 Commonly Excluded Ports .....327 Steelhead Central Management Console User’s Guide vii ..................................................................................................310 Secure Ports Forwarded by the Steelhead Appliance .............271 SNMP ACLs ......................................................................................................................................................303 Web Settings ...........................................................................................................................................315 Accessing MIB Files..................................................................................................................................................321 Index ................................269 SNMP Basic ....................................................271 Email..........................................................................................................................................................................................305 RSP Slots .......................270 SNMP v3 ....................300 TACACS+ ..............................................310 Interactive Ports Forwarded by the Steelhead Appliance ................................................................................................................................................................................................................................................................................................................................................284 Asymmetric Routing ....315 SNMP Traps.......................................285 Flow Export .........................................................................................................................................................................................311 Appendix C ...........................................................................................................................................................................288 QoS Marking ............................................................................................................................................................................................................................................................299 RADIUS......................................277 Host Settings................273 Networking Policy Settings................................................304 Caching DNS ....................................................................................................................................................298 Security Policy Settings.....................................................309 Default Ports...............286 QoS Classification........................................................302 Management ACL ......................................................................................................................................................................................................................................................................................................Contents Monitored Ports ...........................................................................................................307 RSP Dataflow ..................................................

Contents viii Steelhead Central Management Console User’s Guide .

and NFS. HTTP. For details. Types of Users This guide is written for storage and network administrators familiar with administering and managing WANs using common network protocols such as TCP. see the Riverbed CommandLine Interface Reference Manual. Steelhead Central Management Console User’s Guide 9 .Preface Welcome to the Steelhead Central Management Console User’s Guide. FTP. CIFS. It includes the following sections: “About This Guide.” next “Hardware and Software Dependencies” on page 11 “Ethernet Network Compatibility” on page 11 “SNMP-Based Management Compatibility” on page 11 “CMC Compatibility” on page 12 “Additional Resources” on page 12 “Contacting Riverbed” on page 13 About This Guide The Steelhead Central Management Console User’s Guide describes how to configure and manage the Steelhead Central Management Console (CMC). additional reading. This guide assumes you are familiar with connecting and using CLI. Read this preface for an overview of the information provided in this guide and the documentation conventions used throughout. and contact information. hardware and software dependencies.

Preface About This Guide Document Conventions This manual uses the following standard set of typographical conventions to introduce new terms. new terms and emphasized words appear in italic typeface.0. Convention italics boldface Courier Meaning Within text. For example: {delete <filename> | upload <filename>} | The pipe symbol represents a choice to select one keyword or variable to the left or right of the symbol. CLI commands and GUI controls appear in bold typeface. illustrate screen displays. For example: ntp peer <addr> [version <number>] {} Required keywords or variables appear in braces. and so forth.) For example: {delete <filename> | upload <filename>} 10 Steelhead Central Management Console User’s Guide . Within text. For example: login as: admin Riverbed Steelhead Last login: Wed Jan 20 13:02:09 2010 from 10. describe command syntax.1 amnesiac > enable amnesiac # configure terminal <> Values that you specify appear in angle brackets. (The keyword or variable can be either optional or required.1. Code examples appear in Courier font. For example: interface <ipaddress> [] Optional keywords or variables appear in brackets.

3 – 2002). and 3418). It does not support the Cisco InterSwitch Link (ISL) protocol. 3. SNMP-Based Management Compatibility The Steelhead appliance supports a proprietary Riverbed MIB accessible through SNMP.x. Note: If you want to encrypt your communication.2002) Gigabit Ethernet over Copper 1000 Base-T and Fiber 1000 Base-SX (LC connector) (IEEE 802. although some MIB items might only be accessible through SNMPv3 and SNMPv2.) In-path Steelhead appliance ports are 10/100/1000 Base-TX or Gigabit Ethernet 1000Base-T/SX (IEEE 802.2002) The Primary port in the Steelhead appliance is 10 Base-T/100. Ethernet Network Compatibility The Steelhead appliance supports the following types of Ethernet networks: Ethernet Logical Link Control (LLC) (IEEE 802. Windows Server 2008 R2) are not supported on the Models 250. SNMPv2c (RFCs 1901.2002). 550 and the 1U xx20s because these models do not incorporate Virtual Technology (VT) support.1Q . 200 is Fast Ethernet only.2003).3 . 2578. 1157. (The Primary port on the Model 100. SNMPv1 (RFCs 1155.3 – 2002) (depending on your order). CMC Hardware Requirements A 19 inch (483 mm) two or four-post rack. Any computer that supports a Web browser with a color image display. and 1215).Hardware and Software Dependencies Preface Hardware and Software Dependencies The following table summarizes the hardware and software requirements for the CMC. Note: JavaScript and cookies must be enabled in your browser. Steelhead Central Management Console User’s Guide 11 .x and 7. 1212. The Steelhead appliance supports VLAN Tagging (IEEE 802. 3417. Base-TX/1000. 2579. 2580. and Base-T/SX Mbps (IEEE 802. you must have a Secure Sockets Layer (SSL) capable browser.3 -2002). The Steelhead appliance with a Gigabit Ethernet card supports Jumbo Frames on in-path and primary ports.3 .3 .2 . All copper interfaces are auto-sensing for speed and duplex (IEEE 802. Software and Operating System Requirements The CMC has been tested with Mozilla Firefox version 2. 3416. Important: 64-bit guest VMs (such as. and SNMPv3 are supported.x.2002) Fast Ethernet 100 Base-TX (IEEE 802. The Steelhead appliance auto-negotiates speed and duplex mode for all data rates and supports full duplex mode and flow control (IEEE 802.x and Microsoft Internet Explorer version 6.

x CMC v5. CMC Compatibility The Steelhead appliance has been tested with the following Central Management Console (CMC) versions: Steelhead Appliance RiOS Version v6.3 and later.x v5.3b CMC v5. Not supported Additional Resources This section describes resources that supplement the information in this guide. It includes the following sections: “Online Notes.3b Parity.5 Steelhead appliance features.Preface CMC Compatibility SNMP support allows the CMC to be integrated into network management systems such as Hewlett Packard OpenView Network Node Manager. Not supported Not supported Not supported v6. manages only v5.4 and later. Parity Not supported Not supported v5. RiOS v6. Manages all Steelhead appliance v6.x v6.1.4 and later features. Parity.0.5.5.0.0.x features.x features.1.0 features.5.x CMC v4.x CMC v5.x v5. manages all Steelhead appliance v5. and other SNMP-based network management tools. BMC Patrol.0.x features may be supported in subsequent point releases of CMC v6.0.5.x Manages all Steelhead appliance v6.x Recommended CMC Version CMC v6.0.0.0.1. CMC v5.5.” next “Riverbed Documentation” on page 13 “Online Documentation” on page 13 “Riverbed Knowledge Base” on page 13 12 Steelhead Central Management Console User’s Guide . Manages all Steelhead appliance v5.5.

Riverbed Knowledge Base The Riverbed Knowledge Base is a database of known issues. log in to the Riverbed Technical Support Web site located at https://support. You can browse titles or search for key words and strings.com.com or call 1-888-RVBD-TAC (1-888-782-3822) in the United States and Canada or +1 415 247 7381 outside the United States. how-to documents. To contact Riverbed Technical Support. This file also provides documentation information not covered in the manuals or that has been modified since publication. and workarounds. To access the Riverbed Knowledge Base.riverbed.com. please open a trouble ticket at https://support. log in to the Riverbed Technical Support site located at https:// support.riverbed. Online File <product>_<version_number>.com. using.com. system requirements.riverbed. Please examine this file before you begin the installation and configuration process. Online Documentation The Riverbed documentation set is periodically updated with new information. and common error messages. It is available on the Riverbed Technical Support site at https://support. Riverbed Technical Support If you have problems installing. To access the most current version of Riverbed documentation and other technical information.riverbed.com. Steelhead Central Management Console User’s Guide 13 . or replacing Riverbed products contact Riverbed Technical Support or your channel partner who provides support. Internet You can find out about Riverbed products through our Web site at https://support. Riverbed Documentation For a complete list of Riverbed documentation. consult the Riverbed Technical Support site located at https://support. known problems.Contacting Riverbed Preface Online Notes The following online file supplements the information in this manual.txt Purpose Describes the product release and identifies fixed problems. Contacting Riverbed This section describes how to contact departments within Riverbed.riverbed.riverbed. It contains important information about this release of the CMC.

Riverbed has staff of professionals who can help you with installation assistance. and custom coded solutions. Send documentation comments to techpubs@riverbed. To contact Riverbed Professional Services go to http://www. Riverbed product training and consultation are available for any size deployment. We appreciate any suggestions you might have about our online documentation or printed materials.com. provisioning. 14 Steelhead Central Management Console User’s Guide .riverbed.com.com or email proserve@riverbed.com. Documentation We continually strive to improve the quality and usability of our documentation. For details.Preface Contacting Riverbed Professional Services Using Professional Services from Riverbed or an authorized Riverbed partner can make your deployment even more of a success. project management. network redesign. consolidation project design. please go to the Riverbed Professional Services Web site at or contact them directly at proserve@riverbed. custom designs.

The CMC enables you to automatically configure new Steelhead appliances or to send configuration settings to appliances in remote offices. restart.The CMC enables you to start. The CMC utilizes policies and groups to facilitate centralized configuration and reporting. It includes the following sections: “Overview of the CMC. Steelhead Central Management Console User’s Guide 15 .” next “Upgrading from Previous Versions of the CMC” on page 17 “Steelhead Appliance Auto-Registration” on page 21 “CMC Command-Line Interface” on page 23 “Connecting to the CMC” on page 23 “Navigating in the CMC” on page 28 “Getting Help” on page 30 This chapter assumes you have installed and performed the initial configuration of the CMC. and reboot remote Steelhead appliances. see the Steelhead Central Management Console Installation Guide.CHAPTER 1 Overview of the CMC This chapter provides an overview of the CMC. You can also schedule jobs to send software upgrades and configuration changes to remote appliances or to collect logs from remote Steelhead appliances.The CMC provides both high-level status and detailed statistics of the performance of Steelhead appliances and enables you to configure event notification for managed Steelhead appliances. Monitoring . For details. Overview of the CMC The CMC facilitates the administration tasks for the Riverbed system: Configuration . stop. Management .

whose in-path rules feature set specifies only three rules.Use security policies to manage appliances in which security is a key component. For details. in-path rules. announcements. and SSL settings. the policy you apply can also be configured to inherit or override specific feature-set values from the nearest parent group. For details. see “Security Policy” on page 94. announcements. System Settings Policy . The following policy types are available: Optimization Policy . For details. Policies are sets of common configuration options that can be shared among different Steelhead appliances independently or via group membership. any policies assigned to the Global group provide the default values for all groups and Steelhead appliances. For flexibility. Similarly. to all subsequent groups and appliances.Use optimization policies to manage optimization features such as the data store. or parent. email notification settings. log settings. Each policy type is made up of particular RiOS features. Security Policy . but any policies assigned to the global group can be inherited by all groups and appliances.Use networking policies to manage networking features such as asymmetric routing. in which case they override the values that would otherwise be inherited from a parent. DNS settings. By default. Each group or Steelhead appliance can be assigned one of each type of policy. Groups are comprised of Steelhead appliances or sub-groups of Steelhead appliances. see “Policy Types” on page 131. For example: A group uses optimization policy accG. system settings policies contain feature sets for common system administration settings such as alarm settings. For details. all groups and Steelhead appliances are contained in the root default Global group. and user permissions. QoS settings. host settings. and others. specific feature sets in individual policies can be enabled. You can also assign different policies directly to groups and appliances. An appliance in that group uses optimization policy accA. in addition to many others. while security policies contain feature sets for encryption. Inheriting or Overriding Policy Settings from a Parent Group Policies are comprised of feature sets whose values can be inherited from the parent group. see “Security Policy” on page 94. whose in-path rules feature set specifies four rules. 16 Steelhead Central Management Console User’s Guide . Because the Global group serves as the root group. email notifications. among others. no policies are assigned to the Global group. For example.Use system settings policies to organize and manage system setting features such as alarms. and others. authentication methods. Note: For details on policy types and their feature sets. see “Networking Policy” on page 94. see “Optimization Policy” on page 94.Overview of the CMC Overview of the CMC Centralized Configuration with Groups and Policies The CMC utilizes appliance policies and appliance groups to facilitate centralized configuration and reporting of remote Steelhead appliances. Networking Policy .

For details on fetching. Each type of policy contains settings for different features. Steelhead Central Management Console User’s Guide 17 . Note: For a more detailed example of how policy feature sets are configured and applied. These can then be applied to other appliances. This section includes the following sections: “Group Membership. Profiles to Policies With v5. This facilitates visualization of configurations and makes configuration management easier. which can be saved as newly generated policies. upgrade rules have been implemented to transition from the old mechanisms to the new.0. With these changes.0. there is no way to upgrade a CMC configuration to perfectly match the configuration you had before. a Steelhead appliance could belong to multiple groups. the CMC uses policies to associate feature sets with groups of Steelhead appliances. This feature gave you the flexibility to create groups based on geographic locations or model number. There are the following types of policies: optimization. system. A group can be a member of another group. After v5.Upgrading from Previous Versions of the CMC Overview of the CMC By de-selecting the Enable Page option for in-path rules in the accA policy definition.0 or later.0 or later. see “Fetch Appliance Configuration” on page 113. You can create one or more of these policies and assign one of each type to a group or Steelhead appliance.” next “Profiles to Policies” on page 17 “Policy Association” on page 18 “General Appliance Configuration” on page 18 “Migration Procedures” on page 19 Group Membership Before v5. each Steelhead appliance can only belong to one group. see “How Policies and Inheritance Work” on page 131. there have been major changes in the structuring of groups and the association of configurations to groups and appliances. you ensure that the appliance uses the accG In-Path Rules settings. and network. Upgrading from Previous Versions of the CMC With v5. you can fetch that configuration. Fetching Configurations If a remote Steelhead appliance has been independently configured. security. and so forth. In some of the cases. The groups could be used for configuration or reporting.

you were able to associate multiple common profiles with a group and multiple profiles with a Steelhead appliance. However. appliances can only belong to one group. 18 Steelhead Central Management Console User’s Guide . Each policy is named after the appliance from whose configuration it is generated. 2. see “Migration Procedures” on page 19. When multiple profiles are associated with a group. The associated profiles are pushed out when an auto-configuration or full configuration push is performed. a similar process for upgrading common profiles to policies is followed: 1. the CMC looks at each profile.Appliance group affiliation is retained as much as possible.0 or later. After the group profiles are applied. For details. converts each CLI command into corresponding configuration settings. if the profile Foo has in-path settings and IPSEC configured. they are not automatically applied to appliances. In-Path Interfaces. are saved as settings in four appliance pages (Host Settings. In v5. and SSL). the CMC creates an optimization policy Foo with the in-path configuration settings and a security policy Foo with the IPSEC configuration settings. If there is a conflicting configuration. With v5. Assignment . Group Organization . they are applied in alphabetical order. If there are no configuration settings for a particular type of policy. However. host settings. Watch for name collusion with policies created from configurations fetched from the appliance. the appliance is assigned to one of the preserved groups alphabetically. Policy Association In previous versions. multiple policies of the same type cannot be associated with a group or appliance. Appliance-specific configurations. When upgrading to v5. then a policy is not created.Overview of the CMC Upgrading from Previous Versions of the CMC To upgrade profiles to policies. routing information. General Appliance Configuration Appliance-specific profiles currently contain some non-appliance-specific configurations such as DNS. the profiles associated with the appliance itself are applied in order. This step must be performed after the upgrade. For example. If an appliance belongs to more than one group.5.0 CMC or later. Profiles are automatically converted to policies. encryption (IPSEC). and proxies. You must set up the appliance hierarchy correctly to make use of the inheritance feature. such as CLI commands. the last profile wins.Non-appliance-specific configurations are saved as policies. Base Interfaces. and separates the configuration out into the different policy types. Configuration . specified settings of the policy configuration can selectively override the policies of its ancestors. 3.Policies are created for the non-appliance-specific configuration aforementioned.

7. and it reboots. Obtain the new image from Riverbed Technical Support and save it to a local directory. Note: After upgrading. you are logged out of the system. 5. select the From Local File option and specify the image you saved in Step 1. 2. After the new image installs. After you click Reboot. reboot the CMC: – – – Click Configure to expand the Configure menu. 3. Steelhead Central Management Console User’s Guide 19 . 6. Click Reboot.5 or later. Choose Maintenance > Software Upgrade in the left menu to display the Configure > Maintenance > Software Upgrade page.Upgrading from Previous Versions of the CMC Overview of the CMC Migration Procedures This section describes a generic process for migrating to v5. 4. This section describes the following procedures: “Upgrading the CMC Software Version. Riverbed recommends that you consult with Riverbed Professional Services before beginning the migration process. Click Install Upgrade. Under Install Upgrade.” next “Registering the Steelhead Appliances” on page 20 “Organizing Steelhead Appliances into Groups” on page 20 “Creating New Policies from Steelhead Configurations” on page 20 “Modifying Policies to Appliances and Appliance Groups” on page 21 “Assigning Policies to Appliances and Appliance Groups” on page 21 “Pushing Policy Configuration to Remote Appliances” on page 21 Upgrading the CMC Software Version You can upgrade your software version in the Configure > Maintenance > Software Upgrade page. Choose Maintenance > Reboot/Shutdown to display the Configure > Maintenance > Reboot/ Shutdown page. you should clear the cache of your browser to ensure that the CMC displays correctly. Because configurations vary greatly. To upgrade the software 1. Click Configure to expand the Configure menu. Log in to the current CMC.

It might take a few moments for all the Steelhead appliances to appear. For details on organizing appliances into groups. v5. 5. 6. but can be distinguished by their policy types. Repeat the preceding steps for each appliance. which can be managed and applied to appliances and appliance groups. you can set the values of feature sets directly or copy them from existing policy configurations Policies can also be made from scratch or based on other existing policies. Scroll down to the Utilities panel. For details on manually registering additional Steelhead appliances. As a result. Organizing Steelhead Appliances into Groups You organize Steelhead appliances into groups in the Manage > Appliances page. Choose Manage > Appliances to display the Appliances page. To create new policies from existing Steelhead configurations 1. For details on how policies work. Click the name of the appliance in the Groups and Managed Appliances column to display settings. 4. When you create policies. The fetched configuration can now be applied to appliances and appliance groups as policies. 3. 20 Steelhead Central Management Console User’s Guide . All Steelhead appliances registered in the CMC prior to the upgrade are automatically registered after the upgrade. For details on applying policies.Overview of the CMC Upgrading from Previous Versions of the CMC Registering the Steelhead Appliances You can register the Steelhead appliances in the Manage > Appliances page. type the complete name of the policy. In the Name to use for Fetched Policies field. if an appliance previously belonged to multiple groups. The upgrade process retains your existing groups. Click Fetch. All policies generated from the selected appliance have the same name. Creating New Policies from Steelhead Configurations You can create policies by fetching configurations from Steelhead appliances in the Manage > Appliances page. see “Registering New Appliances” on page 95. see “Fetching Configurations” on page 17.0 or later restricts appliances to only one group membership. see “Moving Groups and Appliances” on page 116. Fetched configurations are automatically saved as policies. However. see “Understanding Policies and Policy Usage” on page 130. 2. the upgrade process selects one of the groups alphabetically.

see “Auto Configure” on page 98. Note: After an Steelhead appliance is registered. you must configure your DNS server to map to the hostname riverbedcmc and the IP address of the CMC. you can set auto-configuration to automatically push the current configuration when the Steelhead appliance connects. In order for auto-registration with the default hostname to work. Unless the password value is modified in the Manage Appliances page.Steelhead Appliance Auto-Registration Overview of the CMC Modifying Policies to Appliances and Appliance Groups You modify policies by fetching configurations from Steelhead appliances in the Manage > Policies page. The steps you take to register Steelhead appliances with the CMC depend on the order in which you install the products. For details. Steelhead appliances are designed to send a registration request periodically to the CMC—either to an IP address or hostname you specify when you run the Steelhead appliance installation wizard. After assigning policies to appliances and appliance groups. see “Assigning Policies” on page 136. For details on assigning policies. For details. the Steelhead appliances do not send passwords to the CMC. see “Managing Appliances and Appliance Groups” on page 91. or to a default CMC hostname. Note: During auto-registration. Steelhead Central Management Console User’s Guide 21 . you must push the configuration to the affected appliances and appliance groups. see “Pushing Policies to Appliances and Appliance Groups” on page 118. see the following sections: “Editing Policy Settings” on page 134 Appendix A. Pushing Policy Configuration to Remote Appliances You push configurations to appliances and appliance groups in the Manage > Appliances page. the CMC assumes the password is password. For details on pushing configurations to appliances. Steelhead Appliance Auto-Registration Steelhead appliances must be registered with the CMC so that you can monitor and manage them with the CMC. “Policy Parameters and Settings” on page 221 Assigning Policies to Appliances and Appliance Groups You assign policies to appliances and appliance groups in the Manage > Appliances page. For details on modifying policies.

the user name and password of the account through which the configuration must be performed (defaults are admin and password). For details. the Steelhead appliances in your system appear in the Manage > Appliances page. 6. For details. Appliances you have not assigned to groups are members of the default group Global. the appliance is registered with the CMC. Create and assign policies. and the CMC begins collecting performance metrics for the Steelhead appliance. Registration entries specify: the serial number of the appliance. Appliances you have not assigned to groups are members of the default group Global. Create groups and assign appliances to the groups. Set up a DNS server to map to the hostname riverbedcmc and the IP address for the CMC. Set up a DNS server to map to the hostname riverbedcmc and the IP address for the CMC. For details. add additional CLI commands (if any). Set up a DHCP server to assign IP addresses in your network. Install the remote Steelhead appliances. 3. see “Creating Policy Settings” on page 133 and “Assigning Policies” on page 136. Set up a DHCP server to assign IP addresses in your network. Create groups and assign appliances to the groups. Connect the remote Steelhead appliance primary network interface to the network and power it on. see “Auto Configure” on page 98. 5. Use the CMC to create the policy and group configuration objects you use to manage the Steelhead appliances in your system: Create and assign policies. see “Creating Policy Settings” on page 133 and “Assigning Policies” on page 136. It might take as long as an hour for all Steelhead appliances to appear in the Manage > Appliances page. If you install the Steelhead appliances before you install the CMC 1. For details. When the Steelhead appliance contacts the CMC. Install the CMC. Enable auto-configuration for each appliance in the group.Overview of the CMC Steelhead Appliance Auto-Registration If you install the CMC before you connect the Steelhead appliances 1. 4. Use the CMC to complete the registration entries for remote appliances. When you view the CMC. the CMC sends the configuration to the remote Steelhead appliance. 3. 6. an initial group assignment (optional). 5. 22 Steelhead Central Management Console User’s Guide . Review the appliance configuration. The default group Global has the auto-configuration feature enabled. 4. 2. 2. see “Managing Appliances and Appliance Groups” on page 91. Install the CMC.

– Steelhead Central Management Console User’s Guide 23 . This is a self-signed certificate used to provide encrypted Web connections to the CMC. see “Managing Appliances and Appliance Groups” on page 91. you can specify the DNS name. and administrator password that you assigned during the initial setup of the CMC. see the Steelhead Central Management Console Installation Guide. Enter the URL for the CMC in the location box of your browser: protocol://host. When you connect using HTTPS. For details.domain – protocol is http or https.CMC Command-Line Interface Overview of the CMC 7. If your DNS server maps the IP address to a name. complete the registration entries for the remote appliances by specifying: the user name and password of the account through which the configuration must be performed only if you are not using the defaults: admin and password. If necessary. host is the IP address or hostname you assigned the CMC during initial configuration. To connect to the CMC 1. It is re-created when the appliance hostname is changed and when the certificate has expired. For details. For details. domain. The secure HTTPS uses the SSL protocol to ensure a secure environment. you are prompted to inspect and verify the SSL certificate. Connecting to the CMC To connect to the CMC you must know the host. see the Riverbed Command-Line Interface Reference Manual. The secure vault does not protect the self-signed certificate used with HTTPS connections. CMC Command-Line Interface The CMC has a subset of CLI commands available for configuring the system. Note: The CMC CLI cannot be used to configure remote Steelhead appliances. an initial group assignment (optional). It can only be used to configure the CMC.

In the Username text box. type the password you assigned in the configuration wizard of the CMC. or a login from a RADIUS. 3. In the Password text box. see “Configuring Security Settings” on page 56. 24 Steelhead Central Management Console User’s Guide . Figure 1-1. type the user login: admin. The CMC is shipped with the default password: password. monitor. or a TACACS+ database.Overview of the CMC Connecting to the CMC – domain is the full domain name for the CMC. Users with monitor (monitor) privileges can view CMC reports. For details on RADIUS and TACACS+ configuration. The CMC Login page appears. Login Page 2. The default login is admin. Users with administrator privileges can configure and administer the CMC.

Click Log In to log in and display the Home page. Figure 1-2. Steelhead Central Management Console User’s Guide 25 . Home Page Tip: Click the appliance IP address to display the Manage > Appliances page.Connecting to the CMC Overview of the CMC 4.

according to the following calculation: (Data In – Data Out) and (Data In)*100. • Disconnected . 26 Steelhead Central Management Console User’s Guide .Overview of the CMC Connecting to the CMC The Home Page The Home page displays the following information for the CMC.Number of appliances appliance optimizing but have an issue. • Optimized Bandwidth Capacity Increase .Displays the 95th percentile for data activity.Number of appliances currently optimizing. • Total Bandwidth Capacity Increase . and Steelhead appliances. For example.Displays the bytes sent and received (depending on direction) over the LAN ports (depending on direction).Displays the date and time of the peak data activity. and direction specified in the Web Preferences page. Optimized LAN Throughput. • 95th Percentile WAN/LAN Throughput . • LAN Data . • Degraded .Displays the bytes sent and received (depending on direction) over the WAN ports.Displays the total decrease of data transmitted over the WAN. This report displays the following: • WAN Data .Displays the average amount of data transmitted.Number of appliances currently not connected. Bandwidth Optimization. This panel displays bandwidth optimization and optimized LAN throughput reports based on the group.Displays Specifies the increase in the amount of data transmitted over the WAN. restart may be required. appliance groups.Displays the increase in the amount of data transmitted over the WAN. This report displays the following: • Peak WAN/LAN Throughput . Summary for <group> This panel summarizes the number and status of the managed appliances of the specified group. according to the following calculation: 1 and (1-Reduction Rate). • Average LAN Throughput . The 95th percentile is calculated by taking the peak of the lower 95% of inbound and outbound throughput samples. Field CMC Status Statistics for <group> over <period> / <direction> Description System Uptime. • Total Data Reduction % . period. Displays the time since the last reboot of the system. • Healthy .

Datastore Use .Displays the total half-opened connections.Displays the total active connections. Model .Displays the total established connections.Displays the total optimized connections.Displays the percentage of data reduction for the appliance.Displays the model number of the appliance. Status . Established Connections . Optimized Connections . Established Connections . Description Address .Displays the total active connections.Displays the peak data transmitted for the appliance.Displays the total half-opened connections.Displays the percentage of data reduction for the appliance. Optimized Connections . Version . Datastore Use . Steelhead Central Management Console User’s Guide 27 .Displays the total data store use. Reduction .Displays the total active connections. Half-Opened Connections . Peak Throughput . Groups Display Note: This table may be sorted by any of the column headers.Displays the model number of the appliance.Displays the peak data transmitted for the appliance.Displays the current status of the appliance. Half-Opened Connections . Total Connections . Datastore Use . Total Connections .Displays the software version running on the appliance. Address . Address . Established Connections .Displays the hostname or IP address of the appliance. Version . Model .Displays the percent of data store usage.Displays the current status of the appliance. Half-Opened Connections . Reduction .Displays the hostname or IP address of the appliance. Status .Displays the total established connections. Reduction .Displays the software version running on the appliance.Displays the hostname or IP address of the appliance. Optimized Connections . Total Connections .Displays the total data store use.Displays the total optimized connections. Appliances Needing Attention Note: This table may be sorted by any of the column headers.Displays the total established connections. Version . Peak Throughput . Datastore Use .Displays the software version running on the appliance.Displays the percentage of data reduction for the appliance.Connecting to the CMC Overview of the CMC Field Appliances Note: This table may be sorted by any of the column headers. Status .Displays the total optimized connections.Displays the model number of the appliance.Displays the peak data transmitted for the appliance. Peak Throughput .Displays the current status of the appliance.Displays the total half-opened connections.Displays the total data store use. Model .

Click the item in the menu bar to display the submenus. Cascading Menus 28 Steelhead Central Management Console User’s Guide . click Bandwidth Optimization to display the Bandwidth Optimization page. Statistics Options . Appliance. see “Configuring CMC Security Settings” on page 58. To go to a page. Description Home Page Options . The menu item that is currently active is differentiated by a different tone of color. The following figure illustrates cascading menus in the CMC. Note: You can access the Management Console of any registered Steelhead appliance by clicking on the appliance address under Appliances. 2.Displays the statistics options. Navigating in the CMC You go to the tools and reports available to you in the CMC using cascading menus. click Reports to display the submenus Steelhead. For example. slide your mouse down to the submenu item you want to display and click the menu name. Diagnostic. under Reports > Managed Steelheads. and Export submenus. To display cascading menus 1.Displays the home page options. For example.Overview of the CMC Navigating in the CMC Field Settings Note: This table may be sorted by any of the column headers. Figure 1-3. For details on automatic sign in from the CMC.

Security. and perform actions on appliances such as CLI pushes. see “Viewing and Managing System Operation History” on page 137. filter information. Policies. and reboot or shutdown the appliance from this menu. System Settings. For details. Configure general security parameters. announcements. and Web settings from this menu. Networking. see “Getting Help” on page 30. see “Managing Configuration Files” on page 88. see “Configuring RSP Appliances” on page 144. Configurations. and user permissions from this menu. For details. and password changes. delete. data reduction. SSL servers. see “Configuring Upgrades” on page 142. For details. see “Displaying CMC Diagnostics Reports” on page 205. Manage Appliances. For details. links to product documentation. revision type. For details. TACACS+. date and time) and network interfaces (primary interface and routing). For details. schedule jobs. and the secure vault from this menu. appliance details such as the model. system settings. Export. Manage configuration backups from this menu. and security policies for groups of appliances from this menu. system dumps. and user permissions from this menu. You can create new policies and assign specific features to a particular policy. system snapshots. see “Displaying Managed Steelheads Reports and Logs” on page 149. starting and stopping services. Operation History. see “Maintaining Your System” on page 75. hosts. and restore configurations for a specified appliance. Steelhead Central Management Console User’s Guide 29 . Appliance Backup/Restore. Create and manage optimization. edit appliance information. data store hit rate. RSP. For details. Create and display optimization reports such as bandwidth. and reloads from this menu. Reports Managed Steelheads. Manage the software image library and configure automatic upgrades. see “Working with Policies” on page 130. email settings. backup configurations. network.Navigating in the CMC Overview of the CMC The following table summarizes the cascading menus. For details. see “Exporting Performance Statistics Reports” on page 217. Manage Steelhead appliances from this menu. SNMP settings. Maintenance. alarms status. see “Managing Appliance Backup/ Restore” on page 139. see “Configuring Network Settings” on page 32. log settings. HTTP statistics. and traffic summary reports from this menu. see “Configuring Security Settings” on page 56. and software version. For details. TCP dumps. upgrade software. serial number. system snapshots. TCP dumps. Start and stop system services. Configure alarm settings. CMC Diagnostics. Configure Upgrades. For details. Export reports from this menu. and appliance MIB files from this menu. Modify administrator user password. For details. Display and download Steelhead diagnostic reports such as user and system logs. alarms status. Display and download CMC diagnostic reports such as user and system logs. Manage configuration files for the system from this menu. Steelheads Diagnostics. software upgrades. Support Display online help. For details. You can create groups of appliances. monitored ports. contact information for Riverbed Technical Support. For details. see “Managing Appliances and Appliance Groups” on page 91. My Account. For details. Configure host settings (hostname. shutdowns. RADIUS. proxies. For details. You can view. reboots. Menu Home Configure Submenus Displays the Home page. View the history of operations such as upgrades. DNS servers. fetches. Manage the RSP appliance. system dumps. add appliances to a group. throughput. For details. see “Configuring System Settings” on page 39. see “Displaying Steelhead Diagnostics Reports” on page 197.

For the most up-to-date documentation for the Steelhead appliance. For details. Printing Pages and Reports You can print CMC pages and reports using the print option on your Web browser.riverbed.Display links and contact information for Riverbed Technical Support. Logging Out In the menu bar. serial number. see the Riverbed Technical Support Web site at https://support. 3. Go to the item you want to view using the left-pane table of contents.Display online help and links to documentation on the Riverbed support site. Click the Book icon for Browser-based online help to display the online help book for the appliance. To print pages and reports Choose File > Print in your Web browser to open the Print dialog box. You can also display an online help book for the CMC. 2. and the software version number currently installed on the appliance.Display Riverbed and appliance MIB files in text format. Getting Help The Support tab provides you with the following options: Online Help . Click Support in the menu bar to display the Support page. MIB Files . Technical Support . The help for the page appears in a new browser window. To display the online help book 1. Displaying Online Help The CMC provides page level help for the appliance. hardware revision type.Display appliance information such as the model number. 30 Steelhead Central Management Console User’s Guide . To display online help in the CMC Click the question mark icon next to the page heading. Appliance Details . click Logout to end your session.com. see “Managing Configuration Files” on page 88 files.Overview of the CMC Getting Help Saving Your Configuration The Save icon on the menu bar saves the configurations.

CHAPTER 2 Configuring the CMC This chapter describes how to modify CMC settings. It includes the following sections: “Configuring Network Settings. Steelhead Central Management Console User’s Guide 31 . manage configurations. and stop and start the CMC.” next “Configuring System Settings” on page 39 “Configuring Security Settings” on page 56 “Maintaining Your System” on page 75 “Changing the Administrative Password” on page 87 “Managing Configuration Files” on page 88 This chapter assumes you have installed and performed the initial configuration of the CMC. see the Steelhead Central Management Console Installation Guide. For details. upgrade software.

Riverbed recommends that you configure NTP time synchronization. It includes the following sections: “Configuring Host Settings. Hosts .Modify the hostname only if your deployment requires it. you set required network host settings for the CMC.Configuring the CMC Configuring Network Settings Configuring Network Settings The following section describes how to configure network settings in the CMC.If you do not use DNS resolution.Configure proxy addresses for Web or FTP proxy access to the CMC. Proxies .” next “Configuring Settings for the Network Interfaces” on page 36 Configuring Host Settings You can view and modify general host settings in the Host Settings page. 32 Steelhead Central Management Console User’s Guide . DNS Settings . When you initially run the installation wizard. Date and Time .Riverbed recommends that you use DNS resolution. you can add additional hosts to the system. or if the host does not have a DNS entry. You can configure or modify the following settings: Name .

Choose Configure > Networking > Host Settings to display the Host Settings page.Configuring Network Settings Configuring the CMC To modify general host settings 1. Host Settings Page Steelhead Central Management Console User’s Guide 33 . Figure 2-1.

If you specify domains the system automatically finds the appropriate domain for each of the hosts that you specify in the system. complete the configuration as described in the following table. Optionally. 2. Click Save to save your settings permanently. Specify an ordered list of domain names. Control Primary DNS Server IP Address Secondary DNS Server IP Address Tertiary DNS Server IP Address DNS Domain List Description Specify the IP address for the primary name server. Specify the IP address for the host. Under Hosts. Click Apply to apply the settings to the current configuration. 2. 34 Steelhead Central Management Console User’s Guide . Optionally. complete the configuration as described in the following table. Click Save to save your settings permanently. 3. Click the check box next to the name and click Remove Selected. To add a new host 1. specify the IP address for the secondary name server. Under DNS Settings. specify the IP address for the tertiary name server. complete the configuration as described in the following table. Applies your changes to the running configuration.Configuring the CMC Configuring Network Settings To change the hostname 1. Specify a hostname. To specify DNS settings 1. Control Add a New Host IP Address Hostname Add Remove Selected Description Displays the controls for adding a new host. Click Save to save your settings permanently. Control Hostname Apply Description Modify the hostname. Under Name. 2. if necessary. Adds the host.

Important: After you apply your settings. Note: If you change the time zone. Click to enable the connection to the NTP server. When you have verified appropriate changes. Steelhead Central Management Console User’s Guide 35 . Version. Click Apply to apply the settings to the current configuration. 3. see “Managing Configuration Files” on page 88. Specify the time in the following format: HH:MM:SS Time Zone. complete the configuration as described in the following table. 2. Remove Selected. Under Proxies. Under Date and Time. Control Use NTP Time Synchronization Description Add a New NTP Server. Click the check box next to the name and click Remove Selected. Click to display the controls to add a server. For details on saving configurations. Click Save to save your settings permanently. Specify the hostname or IP address for the NTP server. Select the NTP server version from the drop-down list: 3 or 4 Enabled. Set Time Manually Date.Configuring Network Settings Configuring the CMC To add a proxy 1. Click Apply to apply the settings to the current configuration. you can verify whether changes have had the desired effect by reviewing related reports. Click Save to save your settings permanently. log messages retain the old time zone until you reboot the system. 3. 2. Host Name or IP Address. complete the configuration as described in the following table. Select the time zone from the drop-down list. Adds the NTP server to the table list. Specify the port for the Web/FTP proxy. Specify the date in the following format: YYYY/MM/DD Time. you can write the active configuration that is stored in memory to the active configuration file (or Save As any filename you choose). The default is US/Pacific. Add. Control Web/FTP Proxy IP Address Port Description Specify the IP address for the Web/FTP proxy. To configure the date and time 1.

Network Interfaces Page 36 Steelhead Central Management Console User’s Guide . You connect to the primary interface to use the Web UI or the CLI. The primary interface is the appliance management interface. To configure network interface settings 1. On the appliance. the primary interface is the port you connect to the LAN switch.Configuring the CMC Configuring Network Settings Configuring Settings for the Network Interfaces You can view and modify settings for the Primary and Auxiliary interfaces in the Network Interfaces page. Figure 2-2. Choose Configure > Networking > Network Interfaces to display the Network Interfaces page.

Configuring Network Settings Configuring the CMC 2. Steelhead Central Management Console User’s Guide 37 . Specify this option to set the appliance to automatically obtain the IP address. Specify an IP address. Control Obtain IP Address Automatically Description Specify this option to automatically obtain the IP address from a DHCP server. Under Auxiliary Interface. Select Auto. Speed Duplex Select a speed from the drop-down list. If they do not match. Specify this option if you do not use a DHCP server to set the IP address. Specify a subnet mask. A DHCP server must be available so that the system can request the IP address from it. • Primary Gateway IP. Speed Select the speed from the drop-down list. Full. because the switch and the router are not set with the same duplex settings. Important: The primary and auxiliary interfaces cannot share the same network subnet. • Subnet Mask. The default value is Auto. be sure to set them manually. The MTU is the largest physical packet size. that a network can send. You cannot use the auxiliary port for out-of-path Steelhead appliances. Specify IP Address Manually Specify this option if you do not use a DHCP server to set the IP address. MTU Specify the MTU value. 3. The auxiliary and in-path interfaces cannot share the same subnet. complete the configuration as described in the following table. you might have a large number of errors on the interface when it is in bypass mode. The default value is Auto. The default value is 1500. Specify IP Address Manually Specify the following settings: • IP Address. measured in bytes. Specify a subnet mask. If your network routers or switches do not automatically negotiate the speed and duplex. Specify an IP address. complete the configuration as described in the following table. The default value is Auto. The speed and duplex must match (LAN and WAN) in an in-path configuration. Specify the primary gateway IP address. Under Primary Interface. Control Enable Aux Interface Obtain IP Address Automatically Description Enables an auxiliary interface. Important: The primary and in-path interfaces can share the same subnet. The primary and auxiliary interfaces cannot share the same network subnet. The primary gateway must be in the same network as the primary interface. • Subnet Mask. You must set the primary gateway for in-path configurations. or Half from the drop-down list. Specify the following settings: • IP Address.

Under Main Routing Table. Specify the destination IP address for the out-of-path appliance or network management device. The default value is 1500. that a network can send. Adds the route to the table list. Specify the IP address for the gateway. The speed and duplex must match (LAN and WAN) in an in-path configuration. MTU Specify the MTU value. The default value is Auto. The MTU is the largest physical packet size. If your network routers or switches do not automatically negotiate the speed and duplex. 5. Click Apply to apply the settings to the current configuration. be sure to set them on the device manually. Click Save to save your changes permanently. 6. Click the check box next to the name and click Remove Selected. 38 Steelhead Central Management Console User’s Guide . you can configure a static routing for out-of-path deployments or if your device management network requires static routes. Control Add a New Route Destination IP Address Subnet Mask Gateway IP Address Add Remove Selected Description Adds a route. measured in bytes. To avoid a speed and duplex mismatch. configure your LAN external pair to match the WAN external pair. . You can add or remove routes from the table list. 4. Full or Half from the drop-down list. 7. Specify the subnet mask. Click Save to save your changes permanently.Configuring the CMC Configuring Network Settings Control Duplex Description Select Auto.

Configuring System Settings Configuring the CMC Configuring System Settings This section describes how to configure settings to manage the system. It includes the following sections: “Creating Announcements.” next “Setting Alarm Parameters” on page 40 “Configuring Monitored Ports” on page 42 “Setting SNMP Basic Parameters and Trap Receivers” on page 43 “Setting SNMP v3 Parameters” on page 45 “Setting SNMP ACLs Parameters” on page 47 “Setting SNMP v3 Parameters” on page 45 “Setting SNMP ACLs Parameters” on page 47 “Setting Up Email Notifications” on page 50 “Configuring Logging” on page 53 Creating Announcements You can create or modify a login message or a message of the day in the Announcements page. The message of the day appears on the Home page and when you first log in to the CLI. Choose Configure > System Settings > Announcements to display the Announcements page. To set an announcement 1. Announcements Page Steelhead Central Management Console User’s Guide 39 . The login message appears in the CMC Login page. Figure 2-3.

3. Click Save to save your settings permanently. it is activated. To set alarm parameters 1. Setting Alarm Parameters You modify default parameters for CMC alarms for the CMC in the Alarms page. Enabling this feature is optional. Figure 2-4. Alarms Page 40 Steelhead Central Management Console User’s Guide . Use the controls to complete the configuration as described in the following table. Choose Configure > System Settings > Alarms to display the Alarms page. After an alarm is triggered. 4. Click Apply to apply the settings to the current configuration. Type a message in the text box to appear on the Home page. it is reset when it reaches the lowest or reset threshold. it is not triggered again until it has fallen below the reset threshold.Configuring the CMC Configuring System Settings 2. When an alarm reaches the rising threshold. Control Login Message MOTD Description Type a message in the text box to appear on the Login page.

it is reset. Steelhead Central Management Console User’s Guide 41 . When an alarm reaches the rising threshold. it is not triggered again until it has fallen below the reset threshold. Use the controls to complete the configuration as described in the following table. The default value is 70º C. Note: This alarm setting appears only on appliance versions of the CMC. Temperature Specify this option to trigger an alarm when the CPU temperature exceeds the rising threshold. This alarm is enabled by default. • Reset Threshold .Specify a whole number to specify a percent of CPU utilization. Note: This alarm setting appears only on appliance versions of the CMC. This alarm is enabled by default. After an alarm is triggered. Note: This alarm setting appears only on appliance versions of the CMC. the default reset threshold temperature is 67º C. see “Managing User Permissions” on page 61. • Reset Threshold . When the CPU returns to the reset threshold. This includes high rates of corrected errors and any uncorrected errors. After an alarm is triggered. If 100 pages are swapped every couple of hours. it is reset. The alarm also appears on the Reports > Diagnostics > Alarm Status page. contact Riverbed Technical Support. When an alarm reaches the lowest or reset threshold. with a rising threshold of 90% and a reset threshold of 70%.Specify a whole number to specify a percent of CPU utilization. it is activated. Specify this option to trigger an alarm if extended memory paging activity is detected. Secure Vault Specify this option to trigger an alarm when the secure vault is locked. For details. it is not triggered again until it has fallen below the reset threshold. Click the link to display the Secure Vault page and unlock the vault. Network Interface Link Errors Fan Error Specify this option to trigger an alarm if network interface link errors are detected. You can unlock the vault with a password. If thousands of pages are swapped every few minutes. When the alarm is triggered. The default value is 67º C. The default value for the rising threshold temperature is 70º C. System Disk Full Specify this option to trigger an alarm if the system disk becomes full. When an alarm reaches the rising threshold.Specify the reset threshold (º C). Set the following: • Rising Threshold . Control CPU Utilization Description Specify this option to trigger an alarm if the average and peak threshold for the CPU utilization is exceeded. the rising alarm is cleared. it provides a link to the Secure Vault page. This alarm is enabled by default. Memory Error Extended Memory Paging Activity Specify this option to trigger an alarm if ECC memory errors are detected. • Rising Threshold . when it reaches the lowest or reset threshold. Specify this option to trigger an alarm if sensors detect a problem with the fans. it is activated.Specify the rising threshold (º C).Configuring System Settings Configuring the CMC 2. the appliance is functioning properly.

Discovered ports. Click Apply to apply the settings to the current configuration. you must add the port with a new label. To configure monitored ports 1. Make sure the description that you specify helps you identify the type of traffic on the port. Click Save to save your settings permanently. If a discovered port does not have a label. To change the unknown label to a name representing the port. Monitored Ports Page 42 Steelhead Central Management Console User’s Guide . For details. Configuring Monitored Ports You set the TCP ports that you want to monitor in the Monitored Ports page. 4. traffic is monitored on ports 21 (FTP). are added to the Traffic Summary report. 443 (SSL). 139 (CIFS:NetBIOS). then an unknown label is added to the discovered port. see “Viewing Traffic Summary Reports” on page 158. and 10566 (SnapMirror). All statistics for this new port are preserved from the time the port was discovered. along with a label (if one exists). 8777 (RCV). Specify this option to trigger an alarm when an automatic external backup occurs.Configuring the CMC Configuring System Settings Control Expiring SSL Certificates External Backups Description Specify this option to trigger an alarm when any certificate is expired or within sixty days of expiring. Figure 2-5. The CMC automatically discovers all of the ports in the system that have traffic. By default. The ports that you specify appear in the Traffic Summary report. 3. 1433 (SQL:TDS). Choose Configure > System Settings > Monitored Ports to display the Monitored Ports page. 80 (HTTP). 445 (CIFS:TCP). 1352 (Lotus Notes). 7830 (MAPI).

For details on SNMP traps sent to configured servers. Applies your settings to the running configuration. click on the port and complete the configuration as described in the following table. SNMP trap receivers are not confirmed. Cancels your actions. Specify the port to be monitored. Control Port Description Apply Changes Cancel Description Specify a description of the type of traffic on the port. To modify a monitored port. complete the configuration as described in the following table. Traps are messages sent by an SNMP agent that indicate the occurrence of an event. Setting SNMP Basic Parameters and Trap Receivers You configure SNMP basic contact and trap receiver settings to allow events to be reported to an SNMP agent in the SNMP Basic page. Specify a description of the type of traffic on the port. By default. Displays the controls for adding a port. To add a new monitored port. see “SNMP Traps” on page 316. 4. Control Add Port Port Number Port Description Add Remove Selected Description Displays the controls to add a new port. Steelhead Central Management Console User’s Guide 43 .Configuring System Settings Configuring the CMC 2. 3. Click the check box next to the name and click Remove Selected. Click Save to save your settings permanently.

Choose Configure > System Settings > SNMP Basic to display the SNMP Basic page.Configuring the CMC Configuring System Settings To set SNMP Basic parameters 1. 44 Steelhead Central Management Console User’s Guide . Specify a password-like string to identify the read-only community. Control Enable SNMP Traps System Contact System Location Read-Only Community String Description Enables SNMP traps. . Figure 2-6. Specify the physical location of the SNMP system. For example: public. SNMP Basic Page 2. Specify the user name for the SNMP contact. This community string overrides any VACM settings. Under SNMP Server Settings. complete the configuration as described in the following table.

or v3 (User-based Security Model) to select the SNMP version. Choose Configure > System Settings > SNMP v3 to display the SNMP v3 page. complete the configuration as described in the following table. Traps are messages sent by an SNMP agent that indicate the occurrence of an event. and a password and security level. v2c. To add a new trap receiver. To set SNMP v3 parameters 1. Control Add a New Trap Receiver Receiver IP Address Destination Port Receiver Type Community Description Displays the controls to add a new trap receiver. Click the check box next to the name and click Remove Selected. Click Apply to apply your changes to the running configuration. For v1 or v2 trap receivers. Specify the destination IP address for the SNMP trap. Click v1. 5. Enables the trap receiver. SNMP v3 Page Steelhead Central Management Console User’s Guide 45 . Click Run to run the trap test. Setting SNMP v3 Parameters You configure SNMP v3 contact settings to allow events to be reported to an SNMP agent in the SNMP v3 page. Click Save to save your settings permanently. Specify the destination port.Configuring System Settings Configuring the CMC 3. public or private v3 trap receivers need a remote user with an authentication protocol. for example. Figure 2-7. Adds a new trap receiver to the list. specify the SNMP community name. Enable Receiver Add Remove Selected Run a trap test 4.

click either Supply a Password or Supply a Key to use while authenticating users. Specify the user name. To add a new trap receiver. Select a authentication method from the drop-down list: • MD5 . Authentication Password Password Confirm Optionally. SHA is considered to be the successor to MD5. • SHA .Configuring the CMC Configuring System Settings 2. Confirm the password. Specify a password.Specifies the Message-Digest 5 algorithm. complete the configuration as described in the following table. a set of related cryptographic hash functions. The password must have a minimum of eight characters. a widely-used cryptographic hash function with a 128-bit hash value. This is the default value.Specifies the Secure Hash Algorithm. 46 Steelhead Central Management Console User’s Guide . Control Add a New User User Name Authentication Protocol Description Displays the controls to add a user.

4. Steelhead Central Management Console User’s Guide 47 . Setting SNMP ACLs Parameters You configure SNMP ACLs contact settings to allow events to be reported to an SNMP agent in the SNMP ACLs page.Configuring System Settings Configuring the CMC 3. Traps are messages sent by an SNMP agent that indicate the occurrence of an event. Click Apply to apply your changes to the running configuration. Click Save to save your settings permanently.

Figure 2-8.Configuring the CMC Configuring System Settings To set SNMP ACLs parameters 1. SNMP ACLs Page 48 Steelhead Central Management Console User’s Guide . Choose Configure > System Settings > SNMP ACLs to display the SNMP ACLs page.

Under Security Names. Use a combination of uppercase. By default. If this is not desired.system. complete the configuration as described in the following table.1. lowercase. for example. • v3 (usm) displays another drop-down menu. Control Add a New Group Group Name Security Model and Name Pairs Description Displays the controls to add a new group. click the + button.2. Control Add a New View View Name Includes Description Displays the controls to add a new view. Under Views. complete the configuration as described in the following table. .products.Configuring System Settings Configuring the CMC 2. the view excludes all OIDs. You can specify an OID number or use its string form. 3.1. Click the + button and select a security model from the drop-down list: • v1 or v2c displays another drop-down menu.mo del Steelhead Central Management Console User’s Guide 49 . Specify a group name. it takes precedence over this community name and allows users to access the entire MIB tree from any source host. Click the check box next to the name and click Remove Selected. select a security name.steelhead.3. Under Groups. Specify a descriptive view name to facilitate administration. complete the configuration as described in the following table.1. delete the read-only community string Source IP Address and Mask Bits Add Remove Selected Specify the host IP address and mask bits to which you permit access using the security name and community string Adds the security name.rbt. 4.6.1. Add Remove Selected Adds the group name and security model and name pairs Click the check box next to the name and click Remove Selected. Community String Specify the password-like community string to control access. Specify a name to identify a requestor (allowed to issue gets and sets). Note: Traps for v1 and v2c are independent of the security name. for example.internet. and numerical characters to reduce the chance of unauthorized access to the appliance. separated by commas. The security name may make changes to the View Based Access Control Model (VACM) security name configuration.private.dod.org. You can specify .iso.iso or any subtree or subtree branch. select a user. Specify the Object Identifiers (OIDs) to include in the view.enterprises. Note: If you specify a read-only community string (located on the SNMP Basic page under SNMP Server Settings). Control Add a New Security Name Security Name Description Displays the controls to add a security name. . To add another Security Model and Name pair.

50 Steelhead Central Management Console User’s Guide . Note: A security level applies to a group. By default email addresses are not specified for event and failure notification. By default. separated by commas.Configuring the CMC Configuring System Settings Control Excludes Add Remove Selected Description Specify the OIDs to exclude in the view. Select one of the following from the drop-down list: • No Auth. 6. Click the check box next to the name and click Remove Selected. the view excludes all OIDs. Select a group name from the drop-down list. Click the check box next to the name and click Remove Selected. Does not authenticate packets and does not use privacy. not to an individual user. Under Access Policies. Click Save to save your settings permanently. This is the default setting. 5. • Auth. complete the configuration as described in the following table. Setting Up Email Notifications You can set email notification parameters for events and failures in the Email page. Read View Add Remove Selected Select a view from the drop-down list. Click Apply to apply your changes to the running configuration. Authenticates packets but does not use privacy. Determines whether a single atomic message exchange is authenticated. Control Add a New Access Policy Group Name Security Level Description Displays the controls to add a new access policy. Adds the view. 7. Adds the configurations.

Click the check box to enable event aggregation and specify the Aggregation Duration (minutes). This setting aggregates events into a single notification for the specified duration. Separate addresses by spaces. select any of the following options: • Include Events from Managed Appliances. You must have external DNS and external access for SMTP traffic for this feature to function.Configuring System Settings Configuring the CMC To set event and failure email notification 1. Control SMTP Server Description Specify the SMTP server. Optionally. Click the check box to include events from Steelhead appliances managed by the CMC appliance. Figure 2-9. Choose Configure > System Settings > Email to display the Email page. or vertical bars. SMTP Port Report Events via Email Specify the port number for the SMTP server. Specify this option to report events through email. Under Email Notifications. semicolons. Steelhead Central Management Console User’s Guide 51 . • Enable Event Aggregation. commas. Specify a list of email addresses to receive the notification messages. Important: Make sure you provide a valid SMTP server to ensure that the users you specify receive email notifications for events and failures. Email Page 2. complete the configuration as described in the following table.

or vertical bars. semicolons.Configuring the CMC Configuring System Settings Control Report Failures via Email Description Specify this option to report failures through email. Click Apply to apply the settings to the current configuration. 52 Steelhead Central Management Console User’s Guide . Important: This option does not automatically report a disk drive failure. 4. Separate addresses by spaces. please contact Riverbed Technical Support at support@riverbed. semicolons. Riverbed recommends that you activate this feature so that problems are promptly corrected.com. Click Save to save your settings permanently. Report Failures to Technical Support 3. Specify this option to report serious failures such as system crashes to Riverbed Technical Support. Specify the email addresses to which to send notification messages. Separate addresses by spaces. In the event of a disk drive failure. commas. or vertical bars. commas. Specify a list of email addresses to receive the notification messages.

Logging Page 2. To rotate logs.Configuring System Settings Configuring the CMC Configuring Logging You set up local and remote logging in the Logging page. To set up logging 1. Figure 2-10. Choose Configure > System Settings > Logging to display the Logging page. click Rotate Logs. Steelhead Central Management Console User’s Guide 53 .

Configuring the CMC

Configuring System Settings

3. Under Logging Configuration, complete the configuration as described in the following table.

Control Minimum Severity

Description Select the minimum severity level for the system log messages. The log contains all messages with this severity level or higher. Select one of the following levels from the drop-down list: • Emergency. Emergency, the system is unusable. • Alert. Action must be taken immediately. • Critical. Conditions that affect the functionality of the Steelhead appliance. • Error. Conditions that probably affect the functionality of the Steelhead appliance. • Warning. Conditions that could affect the functionality of the Steelhead appliance, such authentication failures. • Notice. Normal but significant conditions, such as a configuration change. • Info. Informational messages that provide general information about system operations. Note: This control applies to the system log only. It does not apply to the user log.

Maximum Number of Log Files Lines Per Log Page Rotate Based On

Specify the maximum number of logs to store. The default value is 10. Specify the number of lines per log page. The default value is 100. Specify one of the following rotation options: • Time. Select Day, Week, or Month from the drop-down list. • Disk Space. Specify how much disk space, in megabytes, the log uses before it rotates. The default value is 16 MB.

4. Click Apply to apply the settings to the current configuration. 5. To add a new log server, complete the configuration as described in the following table.
Control Add a New Log Server Server IP Minimum Severity Description Displays the controls for configuring new log servers. Specify the server IP address. Select the minimum severity level for the log messages. The log contains all messages with this severity level or higher. Select one of the following levels from the drop-down list: • Emergency. Emergency, the system is unusable. • Alert. Action must be taken immediately. • Critical. Conditions that affect the functionality of the Steelhead appliance. • Error. Conditions that probably affect the functionality of the Steelhead appliance. • Warning. Conditions that could affect the functionality of the Steelhead appliance, such authentication failures. • Notice. Normal but significant conditions, such as a configuration change. • Info. Informational messages that provide general information about system operations. Add Remove Selected Adds the server to the list. Click the check box next to the name and click Remove Selected.

54

Steelhead Central Management Console User’s Guide

Configuring System Settings

Configuring the CMC

6. Click Rotate Logs to rotate the actions. 7. Under Per-Process Logging, complete the configuration as described in the following table.
Control Add a New Process Logging Filter Process Description Displays the controls for adding a process level logging filter. Select a process to include in the log from the drop-down list: • rbmd - Central Management Server. • cli - Command Line Interface. • mgmtd - Device control and management, which directs the entire device management system. It handles message passing between various management daemons, managing system configuration and general application of system configuration on the hardware underneath through the hald. • hald - Hardware Abstraction Daemon, which handles access to the hardware. • pm - Process Manager, which handles launching of internal system daemons and keeps them up and running. • sched - Process Scheduler, which handles one-time scheduled events. • statsd - Statistics Collector, which handles queries and storage of system statistics. • wdt - Watchdog Timer, the motherboard watchdog daemon. • webasd - Web Application Process, which handles the Web user interface. Minimum Severity Select the minimum severity level for the log messages. The log contains all messages with this severity level or higher. Select one of the following levels from the drop-down list: • Emergency - Emergency, the system is unusable. • Alert - Action must be taken immediately. • Critical - Conditions that affect the functionality of the Steelhead appliance. • Error - Conditions that probably affect the functionality of the Steelhead appliance. • Warning - Conditions that could affect the functionality of the Steelhead appliance, such authentication failures. • Notice - Normal but significant conditions, such as a configuration change. • Info - Informational messages that provide general information about system operations. Add Remove Selected Adds the filter to the list. The process now logs at the selected severity and higher level. Click the check box next to the name and click Remove Selected to remove the filter.

8. Click Apply to apply your changes to the running configuration. 9. Click Save to save your settings permanently.

Steelhead Central Management Console User’s Guide

55

Configuring the CMC

Configuring Security Settings

Configuring Security Settings
The following section describes how to configure security settings in the CMC. It includes the following sections: “Configuring General Security Settings,” next “Configuring CMC Security Settings” on page 58 “Managing User Permissions” on page 61 “Configuring RADIUS Server Authentication” on page 68 “Configuring TACACS+ Server Authentication” on page 70 “Unlocking the Secure Vault” on page 72 “Configuring Management ACL” on page 73 “Configuring Web Settings” on page 74

56

Steelhead Central Management Console User’s Guide

Configuring Security Settings

Configuring the CMC

Configuring General Security Settings
You can prioritize local, RADIUS, and TACACS+ authentication methods for the system and set the authorization policy and default user for RADIUS and TACACS+ authorization systems in the General Security Settings page.

Important: Make sure to put the authentication methods in the order in which you want authentication to occur. If authorization fails on the first method, the next method is attempted, and so forth, until all the methods have been attempted.

Tip: To set TACACS+ authorization levels (admin or read-only) to allow certain members of a group to log in, add the following attribute to users on the TACACS+ server:
service = rbt-exec { local-user-name = "monitor" }

where you replace monitor with admin for write access.

For details on setting up RADIUS and TACACS+ servers, see the Steelhead Appliance Deployment Guide. To set general security settings 1. Choose Configure > Security > General Security Settings to display the General Security Settings page.
Figure 2-11. General Security Settings Page

2. Under Authentication Methods, complete the configuration as described in the following table.

Control Authentication Methods For RADIUS/ TACACS+, fallback only when servers are unavailable

Description Specifies an authentication method from the drop-down list. The methods are listed in the order in which they occur. If authorization fails on the first method, the next method is attempted, and so forth, until all the methods have been attempted. When checked, indicates fallback to a RADIUS or TACACS+ server only when all of the other servers have not responded. This is the default setting. When this feature is disabled, the Steelhead appliance does not fall back to the RADIUS or TACACS+ servers. If it exhausts the other servers and does not get a response, it returns a server failure. Applies your settings to the running configuration.

Apply

Steelhead Central Management Console User’s Guide

57

Configuring the CMC

Configuring Security Settings

3. Under Authentication Map, complete the configuration as described in the following table.

Control Authentication Map Policy

Description Appears only for some Authentication Methods. Optionally, select one of the following policies from the drop-down list: • Remote First. Check the remote server first for an authentication policy, and only check locally if the remote server does not have one set. This is the default behavior. • Remote Only. Only checks the remote server. • Local Only. Only checks the local server. All remote users are mapped to the user specified. Any vendor attributes received by an authentication server are ignored. Default User. Optionally, select Admin or Monitor from the drop-down list to define the default authentication policy.

Apply

Applies your settings to the running configuration.

4. Click Save to save your settings permanently.

Configuring CMC Security Settings
You can configure CMC Security Settings in the CMC Security page. CMC Security enables strict key verification to prevent rogue appliances from accessing the network with a forged IP address (also known as spoofing). Riverbed strongly recommends enabling this feature if appliance configurations contain sensitive data.

58

Steelhead Central Management Console User’s Guide

Configuring Security Settings

Configuring the CMC

To set CMC security 1. Choose Configure > Security > CMC Security to display the CMC Security page.
Figure 2-12. CMC Security Page

2. Under Web Auto Sign On, use the controls to complete the configuration as described in the following table.

Steelhead Central Management Console User’s Guide

59

Control Always use http Always use https Use https if enabled. Appliance Connection. Control File Password Import Description Specify the source file by typing in the filename or using Browse to specify the file. Under Appliance Connection. and SSL settings to the current configuration. Optionally. otherwise http Description Select this option to always generate the appliance URL using the HTTP protocol. Click Save to save the settings permanently. see “Editing Appliance Panel” on page 97. For details on registered owner configuration. Optionally. see “Editing Appliance Panel” on page 97. Click to complete the import from the specified file. These settings control how the URLs are generated for the appliances shown on the Home page. under Bulk SSL Import. the CMC will not connect with Steelhead appliances whose correct SSH public keys are not known by the CMC. If you select this option. the CMC login must match the login configured for the appliance’s registered user. For details on accessing appliance Management Consoles. Note: The registered user must have administrative privileges. 6. 7. Strict key verification prevents the CMC from inadvertently connecting with rogue Steelhead appliances. see “Using the Trust Appliances by Key Feature” on page 93. For details on registered owner configuration.Configuring the CMC Configuring Security Settings This setting controls the login information used when the Management Console for an individual Steelhead appliance is accessed directly from the Home page of the CMC. 60 Steelhead Central Management Console User’s Guide . To create a key for a specific appliance. 3. under SSL. The CMC requires users to enter the Steelhead’s SSH public key before allowing communication. 5. For this option to function properly. Specify a valid password. When logged in as the appliance registered user Select this option to log in when the Management Console opens using the same user name used to log in to the CMC. select the check box to enable Strict Key Verification. use the controls to complete the configuration as described in the following table. Select this option to generate the appliance URL automatically based on whether the appliance is SSL-enabled (HTTPS) or not (HTTP). use the controls described in the following table to import a SSL configuration from a local file. Select this option to automatically log in as the registered user for the appliance when the Management Console opens. Control Never Always Description Select this option to require the current user to log in when the Management Console opens. Click Apply to apply the changes to the Web Auto Sign On. see “The Home Page” on page 26. Select this option to always generate the appliance URL using the HTTPS protocol. 4.

With read and write privileges. A monitor user cannot make configuration changes or change their own password.With read privileges. including access to group configurations to the user. restart and reboot CMC services. add and delete users. Read/Write . under Bulk SSL Export. user Joe cannot view or change the settings for these features. and create and view performance and system reports. and finally. Role-Based Accounts You can also create users. For example. you might have user Jane who can make configuration changes to QoS. you can view current configuration settings but you cannot change them. Click to complete the export. This section describes the following: “Capability-Based Accounts. and define role-based users in the User Permissions page. For example. Optionally.With deny privileges. use the controls described in the following table to export a SSL configuration to a local file. PFS.” next “Role-Based Accounts” on page 61 “Roles and Permissions” on page 63 “Permissions Specific to CMC Configuration” on page 66 “Permissions Required for Policy Administration” on page 66 Capability-Based Accounts The system has two accounts based on what actions the user can take: Admin . and SSL whereas user John can only view these configuration settings. you cannot view settings or make configuration changes for a feature.Configuring Security Settings Configuring the CMC 8. Managing User Permissions You can change the administrator or monitor passwords. and assign configuration roles. Confirm the password. Control Include Server Certificates and Private Keys Password Password Confirm Export Description Select this option to include server certificates and private keys. Steelhead Central Management Console User’s Guide 61 . as an administrator you can set and modify configuration settings. you can view settings and make configuration changes for a feature.A monitor user can view reports. Read-only .The administrator user has full privileges. A user role determines whether the user has permission to: Deny . assign passwords to the user. Specify a valid password. Monitor .

Confirm the new administrator password.Configuring the CMC Configuring Security Settings Available menu items reflect the privileges of the user. When a user clicks a dimmed link. Type a password in the text box. Click to enable or clear to disable the administrator or monitor account. Enable Account. For example. Control admin/monitor Description Click the magnifying glass to change the administrator or monitor password. User Permissions Page 2. Enables password protection. complete the configuration as described in the following table. Password. The password must have a minimum of six characters. Figure 2-13. any menu items that a user does not have permission to use are dimmed. Choose Configure > Security > User Permissions to display the User Permissions page. Password Confirm. the User Permissions page appears. 62 Steelhead Central Management Console User’s Guide . Use a Password. Under Capability-Based Accounts. To set the administrator or monitor password 1.

including RADIUS and TACACS authentication settings and secure vault password.With deny privileges the user cannot view settings or make configuration changes for a feature.Configuring Security Settings Configuring the CMC 3. The password must have a minimum of 6 characters. Roles and Permissions CMC General Settings Network Settings Security Settings CMC External Backup Diagnostics Reports Description Grants access to CMC-specific settings including alarms. For details on available roles and permissions. Under Role-Based Accounts. Grant the user one of the following privileges using the radio buttons: • Deny . Modifies the CMC hostname and IP settings. Type the new password.With read privileges the user can view current configuration settings for the feature but cannot change them. Click Save to save your settings permanently. Remove Selected Check the box next to the name and click Remove Selected to remove it from the list. and log settings. Enables the new role-based account. • Read-Only . Configures the CMC security settings. Roles are comprised of groups of settings. Roles and Permissions The following tables describes the available roles and permissions that can be set for a user.With write privileges the user can view settings and make configuration changes for a feature. email notifications. Retype the new password. complete the configuration as described in the following table. Specify a name for the role-based account. This is the default. SNMP. With write access permission the user can change the configuration for these roles. Control Add a New User Account Name Enable Account Use a Password Password Password Confirm Roles and Permissions Description Displays the controls for creating new role based-accounts. Select this box and specify a password in the Enter Password text box to require a user password. Add Click to add your settings to the system. see “Roles and Permissions” on page 63. Steelhead Central Management Console User’s Guide 63 . The new user appears in the User table at the bottom of the page. Creates or deletes configuration backups of the CMC. Changes how graphs and statistics are displayed in the CMC. • Read/Write . Customizes the CMC system diagnostic logs. 4.

file extensions to prefetch. Steelhead General Settings Network Settings QoS Optimization Service In-Path Rules Configures per source IP connection limit and the maximum connection pooling size. including DNS cache settings. Click to enable privileges for using CLI scripts in configurations. Configures host and network interface settings. Configures TCP traffic for optimization and how to optimize traffic by setting in-path rules. Checks and clears the status of current and past push. and ability to set up HTTP optimization for a specific server subnet. Upgrades an appliance managed by a CMC.Configuring the CMC Configuring Security Settings Roles and Permissions Appliance Management File Transfer Policy Push Appliance Upgrade Operation Status Steelhead Backup CLI Command Scripts Groups Global <group name> Description Downloads logs off managed appliances. see the Steelhead Appliance Deployment Guide. Configures MS-SQL optimization. Configures Lotus Notes acceleration. Oracle Forms Optimization MAPI Optimization SQL Optimization NFS Optimization Notes Optimization SSL Optimization Replication Optimization Proxy File Service (PFS) 64 Steelhead Central Management Console User’s Guide . There are no roles for individual appliances. In order for users to edit an appliance. Users are granted access to appliances and groups on a per-group basis. Enforces QoS policies. For details on WAN visibility. Configures replication optimization. fetch and backup operations on the CMC. insert cookie. Click to enable access to all groups and appliances within the specified group (<group name>). This setting enables the user to configure the CIFS prepopulation in optimization policies in the CMC. Permissions are governed based on the closest parent group to an appliance. users must have write permissions to the group that contains the appliance. Starts and stops the optimization service. keep-alive. Configures enhanced HTTP optimization settings: cache settings. Pushes out a policy to managed appliances. CIFS Optimization HTTP Optimization Enables CIFS optimization. Configures NFS optimization. role-based management system users cannot display any groups or appliances. Click to enable the PFS. Includes WAN visibility to preserve TCP/IP address or port information. Creates or deletes configuration backups of managed appliance. Note: By default. only groups. Optimizes MAPI and sets Exchange and NSPI ports. Optimizes Oracle E-business application content and forms applications. Configures SSL support.

including RADIUS and TACACS authentication settings and secure vault password. Security Settings Diagnostics Reports Steelhead Central Management Console User’s Guide 65 .Configuring Security Settings Configuring the CMC Roles and Permissions Riverbed Services Platform (RSP) Description Adds functionality into a virtualized environment on the client Steelhead appliance. TFTP and Radius mirroring). The functionality can include a print server. Sets system report parameters. Configures security settings. and a package that provides core networking services (DNS. see the Riverbed Command-Line Interface Reference Manual. including system and user log settings. For details. Customizes system diagnostic logs. DHCP. a streaming video server.

users must have write privileges for the roles and permissions specified. Configures the announcements. Configures the alarms. Configures the web preferences. users must have write privileges for the roles and permissions specified. Permissions Required for Policy Administration To configure the policy settings described in the Page column. Configures network interfaces. Page Host Settings Network Interfaces Announcements Alarms Monitored Ports SNMP Email Logging Web Preferences Description Configures host settings. Configures SNMP. Configures logging. Configures the monitored ports.Configuring the CMC Configuring Security Settings Permissions Specific to CMC Configuration To configure the CMC settings described in the Page column. Policy Type Optimization Page Data Store General Service Settings In-Path Rules Peering Rules CIFS HTTP Lotus Notes Oracle Forms MAPI MS-SQL NFS Performance Service Ports SSL General Settings SSL Peering 66 Steelhead Central Management Console User’s Guide . Configures the email.

Configuring Security Settings Configuring the CMC Policy Type System Settings Page Alarms Announcements Email Notification Logs Monitored Ports SNMP SSL Ciphers Networking Asymmetric Routing Caching DNS Connection Forwarding Encrypted Communication Host Settings NetFlow QoS Classes QoS Marking Port Labels Security General Security Settings RADIUS TACACS+ User Permissions Web Settings Routing Simplified Routing WCCP Steelhead Central Management Console User’s Guide 67 .

see the Steelhead Appliance Deployment Guide. 68 Steelhead Central Management Console User’s Guide . complete the configuration as described in the following table. Enabling this feature is optional. RADIUS Page 2. Choose Configure > Security > RADIUS to display the RADIUS page. Control Set a Global Default Key Global Key Description Enables a global server key for the RADIUS server. RADIUS is an access control protocol that uses a challenge and response method for authenticating users.Configuring the CMC Configuring Security Settings Configuring RADIUS Server Authentication You set up RADIUS server authentication in the RADIUS page. To set RADIUS server authentication 1. For details on setting up RADIUS and TACACS+ servers. Setting up RADIUS server authentication is optional. Specify the global server key. Under Default RADIUS Settings. Figure 2-14.

Note: If you add a new server to your network and you do not specify these settings at that time. Adds the RADIUS server to the list. Click the check box next to the name and click Remove Selected. Enables the new server. To add a new RADIUS server. Overrides the global server key for the server. Specify the server IP address. Confirm the override server key. The default value is 3. 6. 4. Timeout (seconds) Retries Enabled Add Remove Selected Specify the time-out period in seconds (1 . Click Apply to apply the settings to the current configuration. Click Save to save your settings permanently. The default value is 1. the global settings are applied automatically. Steelhead Central Management Console User’s Guide 69 . 5. Click Apply to apply the settings to the current configuration. Server Key.60). Specify the time-out period in seconds (1-60). The default value is 3. Specify the override server key. Specify the port for the server.Configuring Security Settings Configuring the CMC Control Confirm Global Key Timeout (seconds) Retries Description Confirm the global server key. Confirm Server Key. Control Add a RADIUS Server Server IP Address Authentication Port Override the Global Default Key Description Displays the controls for defining a new RADIUS server. Specify the number of times you want to allow the user to retry authentication. Valid values are 0-5. Specify the number of times you want to allow the user to retry authentication. complete the configuration as described in the following table. The default value is 1. 3.

see the Steelhead Appliance Deployment Guide. Figure 2-15. Choose Configure > Security > TACACS+ to display the TACACS+ page. TACACS+ Page 70 Steelhead Central Management Console User’s Guide . To set a TACACS+ server 1. Enabling this feature is optional. TACACS+ is an authentication protocol that allows a remote access server to forward a login password for a user to an authentication server to determine whether access is allowed to a given system.Configuring the CMC Configuring Security Settings Configuring TACACS+ Server Authentication You set up TACACS+ server authentication in the TACACS+ page. For details on configuring RADIUS and TACACS+ servers to accept login requests from the Steelhead appliance.

Adds the TACACS+ server to the list. Specify the server IP address. Specify the time-out period in seconds (1 . The default is 1. Click Save to save your settings permanently. 5. 3. complete the configuration as described in the following table. To add a TACACS+ server. 6. Control Add a TACACS+ Server Server IP Address Authentication Port Authentication Type Override the Global Default Key Server Key Confirm Server Key Timeout (seconds) Retries Enabled Add Remove Selected Description Displays the controls for defining a new TACACS+ server. The default value is 3. 4. Valid values are 0-5. Under Default TACACS+ Settings. Steelhead Central Management Console User’s Guide 71 . The default is 3. Confirms the global server key. Specify the time-out period in seconds (1-60). If you add a new server to your network and you do not specify these fields at that time.60). Click the check box next to the name and click Remove Selected. Enables the new server. Specify the override server key. Confirm the override server key. Specify the number of times you want to allow the user to retry authentication. The default value is 49. Click Apply to apply the settings to the current configuration. Specify this option to override the global server key for the server. the global settings are applied automatically. Control Set a Global Default Key Global Key Confirm Global Key Timeout (seconds) Retries Description Specify this option to enable a global server key for the server. Specify the port for the server. Click either PAP or ASCII to select the authentication type.Configuring Security Settings Configuring the CMC 2. Valid values are 0-5. as described in this table. Specify the global server key. The default is 1. complete the configuration as described in the following table. Specify the number of times you want to allow the user to retry authentication.

Initially the secure vault is keyed with a default password known only to the RiOS software. 4. These configuration settings are encrypted on the disk at all times using AES 256-bit encryption. Specify a new password for the secure vault. You can change the password. the secure vault must be unlocked. 3. but the secure vault does not automatically unlock on start up. complete the configuration as described in the following table. Under Unlock Secure Vault.Configuring the CMC Configuring Security Settings Unlocking the Secure Vault You can unlock and change the password for the secure vault in the Secure Vault page. including SSL private keys and the data store encryption key. The secure vault contains sensitive information from your CMC configuration. but the secure vault does not automatically unlock upon start up. Note: To optimize SSL connections or to use data store encryption. Figure 2-16. Control Current Password New Password Description Specify the current password. You must unlock the secure store to manage SSL configuration on the CMC and to unlock the secure stores on the Steelhead appliances. This allows the system to automatically unlock the vault during system start up. leave the text box blank. Secure Vault Page 2. This allows the system to automatically unlock the vault during system start up. Initially the secure vault is keyed with a default password known only to the RiOS software. 72 Steelhead Central Management Console User’s Guide . You can change the password. specify the password. Choose Configure > Security > Secure Vault to display the Secure Vault page. If you are changing the default password that ships with the product. Click Unlock Secure Vault. To unlock or change the password of the secure vault 1. Under Change Password.

To add a new rule. Figure 2-17. 5. complete the configuration as described in the following table. Configuring Management ACL You can modify Management ACL settings in the Management ACL page.Configuring Security Settings Configuring the CMC Control New Password Confirm Change Password Description Retype the new password for the secure vault. To modify Management ACL 1. 3. Under Management ACL Settings. Choose Configure > Security > Management ACL to display the Management ACL page. Management ACL Page 2. Changes the password to the new value. complete the configuration as described in the following table. Steelhead Central Management Console User’s Guide 73 . Applies the settings. Click Save to save your settings permanently. Control Enable Management ACL Apply Description Select this check box to enable management ACL.

then the rule is applied. describe the rule to facilitate administration. specify the source subnet of the inbound packet. This is the default action. Configuring Web Settings You can modify Management Console Web user interface settings in the Web Settings page. Log Packets Tracks denied packets in the log. Select All to specify all interfaces. 74 Steelhead Central Management Console User’s Guide . Select ICMP. Optionally. SNMP. If rule 2 matches the conditions. the system consults the next rule. SSH. If the conditions set in the rule do not match. or All from the drop-down list. if the conditions of rule 1 do not match. UDP. it is applied. select a rule number from the drop-down list. Denies access to any matching packets. rule 2 is consulted.Configuring the CMC Configuring Security Settings Control Add a New Rule Action Description Displays the controls for adding a new rule. select All. Optionally. Allow. 4. and the system moves on to the next packet. If the conditions set in the rule match. and no further rules are consulted. the rule goes to the end of the table (just above the default rule). By default. Optionally. or Telnet from the drop-down list. Service Protocol Source Network Interface Description Rule Number Optionally. Note: The default rule. For example. HTTP. which allows all remaining traffic from everywhere that has not been selected by another rule. Select one of the following rule types from the drop-down list: • Allow. the Destination Port is dimmed and unavailable. Click Add to add the rule to the list. cannot be removed and is always listed last. When specified. packet logging is enabled. TCP. Steelhead appliances evaluate rules in numerical order starting with rule 1. Optionally. HTTPS. Allows a matching packet access to the Steelhead appliance. • Deny. By default. SOAP. select an interface name from the drop-down list.

Maintaining Your System

Configuring the CMC

To modify Web settings 1. Choose Configure > Security > Web Settings to display the Web Settings page.
Figure 2-18. Web Settings Page

2. Under Web Settings, complete the configuration as described in the following table.

Control Default Web Login ID Web Inactivity Timeout Allow Session Timeouts on AutoRefreshing Pages

Description Specify the user name that appears on the authentication page. The default value is admin. Specify the number of idle minutes before time-out. The default value is 15. A value of 0 disables time-out. By default, session time-out is enabled, which stops the automatic updating of the report pages when the session times out. Clear this box to disable the session time-out, remain logged-in indefinitely, and automatically refresh the report pages. Important: Disabling this feature poses a security risk.

3. Click Apply to apply the settings to the current configuration. 4. Click Save to save your settings permanently.

Maintaining Your System
This section describes how to view job status, upgrade your software, and how to shut down and reboot the system. It includes the following sections: “Working with External CMC Backups,” next “Viewing Daily Maintenance Window Settings” on page 81 “Displaying Job Status” on page 82 “Managing Licenses” on page 84 “Upgrading Your Software” on page 85 “Rebooting and Shutting Down the CMC” on page 86

Steelhead Central Management Console User’s Guide

75

Configuring the CMC

Maintaining Your System

Working with External CMC Backups
You can configure the backup of CMC configurations and Steelhead appliance statistics to an external location in the External CMC Backups page. The following types of data are backed up: Steelhead appliance configuration information (policies, host settings, etc.) as configured by the CMC. Steelhead appliance statistics (host settings, base interfaces, etc.) as reported by the CMC. CMC configuration information (networking, system settings, security settings, etc.). This type of backup is distinct from appliance backups, which serve an archival purpose for a specific appliance. For details, see “Managing Appliance Backup/Restore” on page 139. This section describes the following procedures: “Configuring External CMC Backups,” next “Performing Back Up Restore” on page 80

Configuring External CMC Backups
You can configure the external backups in the External CMC Backups page.

76

Steelhead Central Management Console User’s Guide

Maintaining Your System

Configuring the CMC

To configure external backups 1. Choose Configure > Maintenance > External CMC Backups to display the External CMC Backups page.
Figure 2-19. External CMC Backups Page

Steelhead Central Management Console User’s Guide

77

Configuring the CMC

Maintaining Your System

2. Under Backup Server, specify the external location for the backup by completing the configuration as described in the following table.
the

Control Protocol

Description Select from drop-down list the file server protocol for the backup server for storing or retrieving the backup: CIFS, NFS, or SSH. Note: If you select an mount point and the same directory location is subsequently exposed on CIFS, the backup may fail.

Host Name or IP Address Remote Path

Specify the hostname or IP address for the backup server. Specify the directory path on the backup server for the backup file. Note: The directory must already exist on the backup server.

CIFS Domain

(CIFS only) Specify the CIFS domain.

Tip: If the username corresponds to a local account (as opposed to a domain account), this field should contain the NETBIOS name of the backup server.

User Name Password Password Confirm CIFS Security Mode

(CIFS only) Specify a valid user name for CIFS access. (CIFS only) Supply a valid password for CIFS access. Confirm the password for CIFS access. Select from the drop-down NTLM or NTLMv2..

Tip: Windows 2K is not supported with NTLMv2.

3. Under Backup Limits, specify the backup time, disk space, and maximum number of configurations, as described in the following table.
Control Statistics Backup Time Limit Description Specify the maximum amount in time (minutes) for the back up process to take. Specify 0 for no limit. Note: If you set this value for less than sixty minutes, the initial backup may not be complete. However, after several backups, the process will catch up with itself and require less time than subsequent backups. Backup Disk Space Limit Specify the amount of disk space (MB) allowed for backups. Specify 0 for no limit. Note: When the specified amount is exceeded, the oldest statistics are deleted in turn (FIFO). Maximum Configurations Retained The maximum number of backups allowed on the backup server. Specify 0 for no limit. Note: When the specified number is exceeded, the oldest statistics are deleted in turn (FIFO).

78

Steelhead Central Management Console User’s Guide

Maintaining Your System

Configuring the CMC

4. Under Scheduling, set the options to enable backing up of configurations and statistics data, as described in the following table.
Control Enable Configuration Backup Scheduling Description Enables the back up of appliance configuration data. Complete the following settings: • Configuration Backup Initial Date/Time - Specify the start date and time using the following format: YYYY/MM/DD HH:MM:SS • Configuration Backup Interval - Specify the interval in days between backups. Enable Statistics Backup Scheduling Enables the backup of appliance statistic data. Complete the following settings: • Statistics Backup Initial Date/Time - Specify the start date and time using the following format: YYYY/MM/DD HH:MM:SS • Statistics Backup Interval - Specify the interval in days between backups.

5. Click Apply to apply the settings to the current configuration. 6. Click Save to save your settings permanently.

Steelhead Central Management Console User’s Guide

79

Configuring the CMC

Maintaining Your System

Performing Back Up Restore
You can perform back up operations (i.e., creating, restoring, deleting) in the Backup Operations panel in the External CMC Backups page. To perform backup restore 1. Choose Configure > Maintenance > External CMC Backups to display the External CMC Backups page and scroll to the bottom.
Figure 2-20. Configure > Maintenance > External CMC Backups Page

The Backup Operations panel displays the history of backup and restore operations for both configuration and statistic data, as shown in the following table.
Operation Type Configuration Backup Status Configuration Restore Status Statistics Backup Status Statistics Restore Status Description Displays the status and timestamp of the most recent configuration backup. Indicates whether a configuration backup restore is currently in process. Displays the status and timestamp of the most recent configuration backup. Indicates whether a statistics backup restore is currently in process. Status Details An operation can have the following status: • success, <timestamp> • running <time duration>, <percentage complete> • failed <timestamp> • failed <timestamp>, last success: <timestamp> Note: A status of idle indicates that there is no backup or restore history. The system does not retain a record of backup and restore statuses from prior to system startup (including reboots).

80

Steelhead Central Management Console User’s Guide

Maintaining Your System Configuring the CMC 2. Control Start Time End Time Apply Description Enter the Start Time. Depending on the operation you select. an additional field dynamically displays: • Remove backup Name . Steelhead Central Management Console User’s Guide 81 . 3.Select the desired timestamped configuration backup from the drop-down list. Operation Perform Configuration Backup Restore Configuration Backup Description Performs a backup of the current appliance configurations. Restores the specified configuration backup. as described in the following table. 4. Maintenance Window Page 2. When this option is selected. Figure 2-21. Select the operation to be performed from the Backup Operation drop-down list. additional fields dynamically display: • Restore Back Name • Restore Secure Vault • Vault Password • Restore Primary and Aux network interfaces Remove Configuration Backup Removes the specified configuration backup. To view daily maintenance window settings 1. When this option is selected. Complete the configuration as described in the following table. Restores the latest statistics backup. Use the following format: HH:MM:SS. Click Start to begin to selected operation. Click Apply to save your settings. Use the following format: HH:MM:SS. Viewing Daily Maintenance Window Settings You can view daily maintenance window settings in the Maintenance Window page. Choose Configure > Maintenance > Maintenance Window to display the Maintenance Window page. additional fields will display. Enter the End Time. Perform Statistics Backup Restore Statistics Backup Performs a backup of the current appliance statistics.

Configuring the CMC Maintaining Your System Displaying Job Status You can view completed. Choose Configure > Maintenance > Scheduled Jobs to display the Scheduled Jobs page. you must use the CLI. as well as jobs that were not completed because of an error in the Scheduled Jobs page. which runs the job once. Runs the job. Specify a comment. see the Riverbed Command-Line Interface Reference Manual. Cancels the job. 82 Steelhead Central Management Console User’s Guide . for all other jobs. Applies the changes to the current configuration. For details on scheduling jobs using the CLI. pending. Optionally. inactive jobs. click the check box next to the entry and click Remove Selected Jobs. Specify the date on which the job runs. Click the Job ID number to display details about the job. 3. Control Name Comment Interval (seconds) Executes On Enable/Disable Job Apply Changes Cancel This Job Execute Now Remove Selected Jobs Description Specify a name for the job. Enables the job. The only jobs you can schedule using the CMC are software upgrades and configuration pushes. Click the check box next to the name and click Remove Selected Jobs. The default value is 0. Scheduled Jobs Page 2. 4. Jobs are CLI commands that execute at a time you specify. Specify how often the job runs. To display job status 1. To cancel a job or to remove a completed job from the list. under Details for Job <#>. Figure 2-22. complete the configuration as described in the following table.

Steelhead Central Management Console User’s Guide 83 . Click Save to save your settings permanently.Maintaining Your System Configuring the CMC 5.

Figure 2-23. Control Add a New License Licenses Text Box Description Displays the controls to add a new license. For details on hardware specifications that require hardware upgrades. Copy and paste the license key provided by Riverbed Technical Support or Sales into the text box. 84 Steelhead Central Management Console User’s Guide . see the Steelhead Management Console User’s Guide. To install a license 1. or Enter. For more details. Click Save to save your settings permanently. see the Upgrade and Maintenance Guide. Choose Configure > Maintenance > Licenses to display the Licenses page. Add Adds the license.Configuring the CMC Maintaining Your System Managing Licenses You can install licenses and update or remove expired licenses on the CMC appliance in the Licenses page. Tab. Tip: Separate multiple license keys with a space. 3. complete the configuration as described in the following table. Under Licenses. Licenses Page 2.

click Switch to Backup Version under Software Upgrade. Steelhead Central Management Console User’s Guide 85 . Choose Configure > Maintenance > Licenses to display the Licenses page. Select the license you want to delete. Figure 2-24. Choose Configure > Maintenance > Software Upgrade to display the Software Upgrade page. To upgrade or revert software versions 1. Software Upgrade Page 2. Click Remove Selected. To revert to a backed up version. 2. 3. Click Save to save your settings permanently. Upgrading Your Software You can upgrade or revert to a backup version of the software in the Software Upgrade page. 4.Maintaining Your System Configuring the CMC Removing a License Riverbed recommends that you keep old licenses in case you want to downgrade to an earlier software version. To remove a license 1.

you must manually turn on the appliance. If you specify a URL in the URL text box. After you click Reboot. Cancels your changes. Choose Configure > Maintenance > Reboot/Shutdown to display the Reboot/Shutdown page. Click Reboot. complete the configuration as described in the following table. Click Shutdown to shut down the system. 86 Steelhead Central Management Console User’s Guide . Under Install Upgrade. the image is uploaded. From Local File Click this option and type the path or click Browse to navigate to the local file directory. Schedule Upgrade for Later Schedules the upgrade process. you are logged out of the system and it is rebooted. HH:MM:SS Install Upgrade Cancel Installs the software upgrade on your system. the image is uploaded immediately.Configuring the CMC Maintaining Your System 3. Reboot the CMC. Use the following formats: YYYY/MM/DD. If you specify a file to upload in the Local File text box. Reboot/Shutdown Page 2. 3. installed. Rebooting the CMC does not affect the optimization of the Steelhead appliances. however the image is installed and the system is rebooted at the time you specify. To restart the system. Figure 2-25. and the system is rebooted at the time you specify. Control From URL Description Click this option and type the URL. To reboot or shut down the system 1. 4. Specify the date and time to run the upgrade: • Date and Time. the system is turned off. After you click Shutdown. Rebooting and Shutting Down the CMC You can reboot or shut down the system in the Reboot/Shutdown page.

Click Apply to apply the settings to the current configuration. Under Password. To change the admin password 1. Click Save to save your settings permanently. complete the configuration as described in the following table. You must be logged in as the admin user to change the administrator password. Confirm the new password. Figure 2-26. Choose Configure > My Account to display the My Account page. 4. Steelhead Central Management Console User’s Guide 87 . My Account Page 2.Changing the Administrative Password Configuring the CMC Changing the Administrative Password You can change the admin password in the My Account page. Control Change Password New Password Confirm New Password Description Select this option to change the password. 3. Specify a new password.

They take effect after you restart the RiOS services to which the configuration was pushed. saved configuration. For details on restarting the Steelhead service. To manage configurations 1. or Restarting Appliances and Appliance Groups” on page 123. When you save your configuration settings. Stopping. but the values are not written to disk and saved permanently. For example. Each time you save your configuration settings. activate. Important: Some configuration settings require that you to restart the Steelhead service for the settings to take effect. the values are written to disk and saved permanently. and import configurations in the Configurations page. When you apply your settings in the CMC. the values are applied to the active running configuration. running configuration and a written. Each CMC has an active.Configuring the CMC Managing Configuration Files Managing Configuration Files You can save. they are written to the current running configuration. and a backup is created. see “Starting. Configurations Page 88 Steelhead Central Management Console User’s Guide . Figure 2-27. if the running configuration is myconfig and you save it.bak and myconfig is overwritten with the current configuration settings. myconfig is backed up to myconfig. The Configuration Manager is a utility that enables you to save configurations as backups or to activate configuration backups. Choose Configure > Configurations to display the Configurations page.

and alarm settings. or Restarting Appliances and Appliance Groups” on page 123. Reverts your settings to the running configuration. Save Current Configuration Specify a new filename to save settings that have been applied to the running configuration as a new file. Steelhead Central Management Console User’s Guide 89 . Adds the configuration. statistics. Save. and then click Save. For details. Stopping. Remove Selected Click the check box next to the name and click Remove Selected. Specify the administrator password for the remote CMC. protocols. Click to save settings that have been applied to the running configuration. select another configuration from the drop-down list under Change Active Configuration. SNMP. CLI and Web. Click to display the running configuration settings in a new browser window. and click Activate. Copies only the following common settings: in-path and out-of-path interface. The imported configuration appears in the Configuration list but does not become the active configuration until you click Activate. SNMP (contact and location). To import a configuration from another appliance. Under Current Configuration: <name>. 4. click Import a New Configuration and complete the configuration as described in the following table. Control IP/Hostname Remote Admin Password Remote Config Name New Config Name Import Shared Data Only Description Specify the IP address or host name of the CMC from which you want to import the configuration. Control Current Configuration: <configuration name> Description View Running Configuration. The system does not automatically copy the following settings: failover. 3. Add Tip: Click the configuration name to display the configuration settings in a new browser window. Specify the name of the configuration you want to import from the remote CMC. NTP.Managing Configuration Files Configuring the CMC 2. see “Starting. This value is enabled by default. Important: You must restart the Steelhead service for a new configuration to take effect. Revert. complete the configuration as described in the following table. and network settings. Specify a new. local configuration name. log. To change the currently active configuration.

Configuring the CMC Managing Configuration Files 90 Steelhead Central Management Console User’s Guide .

Appliances Page Steelhead Central Management Console User’s Guide 91 .CHAPTER 3 Managing Appliance Groups This chapter describes how to use the CMC to manage Steelhead appliance configurations using polices and groups. Figure 3-1.” next “Working with Policies” on page 130 “Viewing and Managing System Operation History” on page 137 “Managing Appliance Backup/Restore” on page 139 “Configuring Upgrades” on page 142 “Configuring RSP Appliances” on page 144 “Configuring RSP Image Library” on page 146 “Configuring RSP Package Library” on page 147 Managing Appliances and Appliance Groups You manage appliances in the Appliances page. The Appliances page displays a table of the currently registered Steelhead appliances and the groups into which they are organized. It includes the following sections: “Managing Appliances and Appliance Groups.

Displays the name of the branch services policy for the group.For details. 92 Steelhead Central Management Console User’s Guide . see “Moving Groups and Appliances” on page 116. see “Filtering the Display of Appliances and Appliance Groups” on page 117. see “Managing or Viewing Appliance Base Interfaces Settings” on page 100. Register a new appliance . see “Managing or Viewing Appliance Host Settings” on page 99.For details. Specifies that a Steelhead appliance is branch managed. see “Editing Appliance Configurations” on page 96. Manage hostname settings on remote appliances .For details.Managing Appliance Groups Managing Appliances and Appliance Groups The table includes the following columns: Control Groups and Managed Appliances Connection Branch Managed Auto Configure Push Required Description Lists the Steelhead appliance by group membership. see “Registering New Appliances” on page 95. Create appliance groups .For details. Manage SSL settings on remote appliances . see “Creating a New Appliance Group” on page 94. Perform operations on appliances or appliance groups . Remove groups and appliances from the CMC . You can open and close groups to show or hide the member groups and appliances.For details.For details. Specifies that the configuration shared by this Steelhead appliance has changed on the CMC and a push configuration is required to restore synchronization. Edit appliance configurations .For details. You cannot manage this Steelhead appliance from the CMC. Manage in-path interface settings on remote appliances . Displays the hardware model information for listed Steelhead appliances.” next. see “Managing or Viewing Appliance SSL Settings” on page 105.For details.For details. see “Using the Trust Appliances by Key Feature. Specifies that a Steelhead appliance is set for auto-configure and updates automatically each time it connects. see “Performing Operations on Appliance Groups” on page 118.For details. Optimization Policy System Settings Policy Networking Policy Security Policy Branch Services Policy Model You can perform the following tasks in the Appliances page: Use keys to trust detected appliances . Displays the name of the optimization policy assigned to the group. see “Managing or Viewing Appliance In-Path Interface Settings” on page 102. Filter your display of appliance groups . Displays the name of the system settings policy assigned to for the group.For details. Displays the name of the networking policy assigned to for the group. Move groups and appliances from one group to another . Displays the name of the security policy assigned to for the group. see “Removing Groups and Appliances” on page 114.For details. Manage base interfaces on remote appliances . Specifies the status of the connection between the CMC and the Steelhead appliance.

see “Managing or Viewing Appliance SSL Settings” on page 105. Figure 3-2. Note: If you enable the Strict Key Verification feature. Paste in the keys for the appliances to be automatically trusted. you must create keys for all Steelhead appliances for them to connect to the CMC. For details on Strict Key Verification. Steelhead Central Management Console User’s Guide 93 .Managing Appliances and Appliance Groups Managing Appliance Groups Using the Trust Appliances by Key Feature You can enable the CMC to trust detected Steelhead appliances based on an appliance-specific security keys in the Appliances page. Choose Manage > Appliances to display the Appliances page. Trust Appliances by Key Field 3. This feature requires generating a key for the Steelhead appliance. For details. Scroll to the bottom of the page and toggle open the Trust Appliances by Key field. and click Trust. see “Configuring CMC Security Settings” on page 58. To use the Trust Appliances by Key feature 1. 2.

The default value is None. Select the optimization policy for the group from the drop-down list. The default value is None. The default value is None. Control Name Parent Group Optimization Policy System Settings Policy Networking Policy Security Policy Branch Services Policy Description Specify the name for the group. Select the networking policy for the group from the drop-down list. Choose Manage > Appliances to display the Appliances page. Select the security policy for the group from the drop-down list. 2. at the group level you can apply policies. The default value is None. Figure 3-3. Select the branch services policy from the drop-down list.Managing Appliance Groups Managing Appliances and Appliance Groups Creating a New Appliance Group You can create a new appliance group in the Appliances page. set passwords. To create a new group. To create a new group 1. The default parent is Global. push configurations. Complete the configuration as described in the following table. For example. Appliances Page 3. Note: There is a maximum number of 256 groups that can be added. An appliance group enables you to more effectively organize and manage Steelhead appliances. and so forth. Select the system settings policy for the group from the drop-down list. Select the parent group for the group from the drop-down list. The default value is None. 94 Steelhead Central Management Console User’s Guide . click New Group.

Control Serial Number Host Name or IP Address Description Specify the serial number for the appliance. enabling you to perform configuration tasks for the appliance on the CMC. Registering New Appliances You can register new appliances in the Appliances page. The CMC also collects statistical. Choose Manage > Appliances to display the Appliances page. 4. To add a new appliance to a group. To add a new appliance to a group 1. 2. health. click New Appliance. Figure 3-4. Adds the group to your list of managed Steelhead appliances and groups. Appliances Page 3. and connection history information from registered Steelhead appliances.Managing Appliances and Appliance Groups Managing Appliance Groups Control Comment Add Description Specify a comment to help you identify the group. Click Save to save the settings permanently. Steelhead Central Management Console User’s Guide 95 . Complete the configuration as described in the following table. Optionally. specify the IP address or hostname for the remote appliance. Registering a Steelhead appliance creates a connection between the CMC and the Steelhead appliance.

Adds the new appliance. Select the optimization policy for the appliance from the drop-down list. Editing Appliance Configurations You can modify Steelhead appliance-specific configuration settings directly in the Appliances page. Disable Automatic Upgrades Auto Configure Add 4. The default value is None. Select the check box to prevent any remote action from being performed on the specified appliance. Click Save to save the settings permanently.Managing Appliance Groups Managing Appliances and Appliance Groups Control User Name Password Confirm Password Optimization Policy System Settings Policy Networking Policy Security Policy Branch Services Policy Comment Group Branch Managed Description Specify the administrator user name for the remote appliances. Specify the corresponding password. Specify a descriptive comment to help you identify the group. The default value is None. Select the check box to prevent automatic upgrades from being performed on the specified appliance. For details. Select the security policy for the appliance from the drop-down list. Select from the drop-down list the group to which the new appliance belongs. The default value is None. It includes the following sections: “Editing Appliance Panel. Select the check box to enable auto configure (used only when policies are ready). The default value is Global. 96 Steelhead Central Management Console User’s Guide .” next “Editing Appliance Pages Panels” on page 98 Note: Changes are not applied to the appliance configuration until you have pushed the configuration to the appliance. Confirm the corresponding password. The default value is None. see “Pushing Policies to Appliances and Appliance Groups” on page 118. Select the networking policy for the appliance from the drop-down list. Select the system settings policy for the appliance from the drop-down list. you would not be able to push configurations to this appliance from the CMC. Select the branch services policy from the drop-down list. The default value is None. For example.

Managing Appliances and Appliance Groups Managing Appliance Groups Editing Appliance Panel You can edit appliance details in the Appliances page. Select the optimization policy from the drop-down list. Specify the corresponding password. Select the networking policy from the drop-down list. To edit an appliance configuration 1. Select the security policy selected from the drop-down list. Confirm the password. The default value is None. The default value is None. 3. Control Host Name or IP Address User Name Password Confirm Password Optimization Policy System Settings Policy Networking Policy Security Policy Description Specify the IP address or hostname for the remote appliance. Click the name of the appliance you want to edit to display the Edit Appliance panel. Figure 3-5. Steelhead Central Management Console User’s Guide 97 . Click the Edit Appliance tab to display the Edit Appliance panel. Choose Manage > Appliances to display the Appliances page. Select the system settings policy from the drop-down list. The default value is None. The default value is None. Specify the administrator user name for the remote appliances. Modify the configuration as described in the following table. 2. Edit Appliance Panel 4.

Select to prevent configurations from being pushed to this appliance from the CMC.Managing Appliance Groups Managing Appliances and Appliance Groups Control Branch Services Policy Comment Group Branch Managed Disable Automatic Upgrades Auto Configure Description Select the branch services policy from the drop-down list.For details. Select the parent group from the drop-down list. In-Path Interfaces . Click the name of the appliance you want to edit to display the Edit Appliance panel.” next. Licenses . Editing Appliance Pages Panels You can edit appliance pages panels in the Appliances page.For details. This setting is automatically disabled after the push.For details. To edit appliance page configurations 1. Specify a descriptive comment to help you identify the group. Trusted Select to add the trusted entity to the trusted peers list. see “Managing or Viewing Appliance In-Path Interface Settings” on page 102. Click the Appliance Pages tab to display the Appliance Configuration Pages panel. 98 Steelhead Central Management Console User’s Guide . see “Managing or Viewing Appliance Host Settings. SSL . Select to prevent automatic upgrades as set in the Configure Upgrades page. From the CMC. Note: This feature is only available when the Steelhead appliance is trusted. 2. see “Pushing Policies to Appliances and Appliance Groups” on page 118. Apply Applies the settings to the selected appliance configuration.For details. see “Managing or Viewing Appliance SSL Settings” on page 105. Note: The settings are not applied to the selected appliance until you push the configuration to it. you can modify the following pages for a selected appliance: Host Settings . see “Configuring Upgrades” on page 142. The default value is None. For details. Base Interfaces . Select to automatically push the current configuration (as defined by the policies applied in this page to the appliance or appliance group) to the current Steelhead appliance the next time it connects to the CMC. Note: This feature is only available when the Steelhead appliance is disconnected. The default value is Global. 3. see “Managing or Viewing Licenses Settings” on page 111. For details. Choose Manage > Appliances to display the Appliances page. Note: Changes are not applied to the appliance configuration until you have pushed the configuration to the appliance. see “Managing or Viewing Appliance Base Interfaces Settings” on page 100.For details. Click Save to save the settings permanently. 5.

Managing Appliances and Appliance Groups Managing Appliance Groups 4. Click Apply to apply your changes to the running configuration. Click the Appliance Pages tab to display the Appliance Configuration Pages panel. Under Appliance Configuration Pages. 2. 6. click Host Settings to display the Editing Appliance Configuration: <Appliance ID>. Host Settings page. see: “Managing or Viewing Appliance Host Settings. For detailed procedures on each configuration page. click the name of the page whose settings you want to modify. Figure 3-7. Under Name. 3. Choose Manage > Appliances to display the Appliances page. type or modify the Hostname value. Steelhead Central Management Console User’s Guide 99 . Under Appliance Configuration Pages. Appliance Configuration Pages 5. To modify host settings for the selected appliance 1. Click the name of the appliance you want to edit to display the Edit Appliance panel. Figure 3-6. Host Settings page. 4.” next “Managing or Viewing Appliance Base Interfaces Settings” on page 100 “Managing or Viewing Appliance In-Path Interface Settings” on page 102 “Managing or Viewing Appliance SSL Settings” on page 105 “Managing or Viewing Licenses Settings” on page 111 Managing or Viewing Appliance Host Settings You can edit host settings in the Editing Appliance Configuration: <Appliance ID>. Host Settings Page 5.

Click the Appliance Pages tab to display the Appliance Configuration panel. click Base Interfaces to display the Editing Appliance Configuration: <Appliance ID>. 3. Under Appliance Configuration Pages. 4. Base Interfaces page. Choose Manage > Appliances to display the Appliances page. To modify base interfaces settings for the selected appliance 1. Base Interfaces Page 100 Steelhead Central Management Console User’s Guide . Click the name of the appliance you want to edit to display the Edit Appliance panel. Figure 3-8. 2. Base Interfaces page.Managing Appliance Groups Managing Appliances and Appliance Groups Managing or Viewing Appliance Base Interfaces Settings You can edit base interface settings in the Editing Appliance Configuration: <Appliance ID>.

Specify an IP address. MTU Specify the MTU value. The primary and auxiliary interfaces cannot share the same network subnet. If your network routers or switches do not automatically negotiate the speed and duplex. Specify an IP address. Specify a subnet mask. 6. The auxiliary and in-path interfaces cannot share the same subnet. Select Auto. Specify the primary gateway IP address. Important: The primary and in-path interfaces can share the same subnet. 7. The default value is Auto. A DHCP server must be available so that the system can request the IP address from it. If they do not match. Speed Select the speed from the drop-down list. The default value is Auto. • Subnet Mask. Specify the following settings: • IP Address. The default value is 1500. Full. Specify this option to set the appliance to automatically obtain the IP address. Under Auxiliary Interface. The MTU is the largest physical packet size. Control Enable Aux Interface Obtain IP Address Automatically Description Enables an auxiliary interface. Click Apply to apply your changes to the running configuration. You cannot use the auxiliary port for out-of-path Steelhead appliances. Important: The primary and auxiliary interfaces cannot share the same network subnet. Specify IP Address Manually Specify the following settings: • IP Address. • Primary Gateway IP. Under Primary Interface. Specify this option if you do not use a DHCP server to set the IP address. • Subnet Mask. You must set the primary gateway for in-path configurations.Managing Appliances and Appliance Groups Managing Appliance Groups 5. that a network can send. measured in bytes. Specify IP Address Manually Specify this option if you do not use a DHCP server to set the IP address. or Half from the drop-down list. The default value is Auto. Speed Duplex Select a speed from the drop-down list. Specify a subnet mask. The primary gateway must be in the same network as the primary interface. be sure to set them manually. you might have a large number of errors on the interface when it is in bypass mode. The speed and duplex must match (LAN and WAN) in an in-path configuration. Control Obtain IP Address Automatically Description Specify this option to automatically obtain the IP address from a DHCP server. modify the configurations as described in the following table. Steelhead Central Management Console User’s Guide 101 . because the switch and the router are not set with the same duplex settings. modify the configuration as described in the following table.

Managing Appliance Groups Managing Appliances and Appliance Groups Control Duplex Description Select Auto. Click the check box next to the name and click Remove Selected. 102 Steelhead Central Management Console User’s Guide . complete the configuration as described in the following table. Click Apply to apply your changes to the running configuration. The gateway must be in the same network as the primary or auxiliary interface you are configuring. Control Add a New Route Destination IP Address Subnet Mask Gateway IP Address Add Remove Selected Description Displays the controls for adding a new route. 8. To modify in-path interface settings for the selected appliance 1. measured in bytes. Managing or Viewing Appliance In-Path Interface Settings You can edit in-path interface settings in the Editing Appliance Configuration: <Appliance ID>. The speed and duplex must match (LAN and WAN) in an in-path configuration. Under Main Routing Table. 3. MTU Specify the MTU value. configure your LAN external pair to match the WAN external pair. Click Save to save your settings permanently. Choose Manage > Appliances to display the Appliances page. Specify the subnet mask. Specify the destination IP address for the out-of-path appliance or network management device. . Adds the route to the table list. If your network routers or switches do not automatically negotiate the speed and duplex. Click the Appliance Pages tab to display the Appliance Configuration Pages panel. be sure to set them on the device manually. 10. Full or Half from the drop-down list. Click the name of the appliance you want to edit to display the Edit Appliance panel. 2. To avoid a speed and duplex mismatch. The MTU is the largest physical packet size. that a network can send. 9. Specify the IP address for the gateway. The default value is 1500. In-Path Interfaces page. The default value is Auto.

click In-Path Interfaces to display the Editing Appliance Configuration: <Appliance ID>. When you select an interface. In-Path Interfaces page. In-Path Interfaces Page 5. the configuration properties display. Editing In-Path Interfaces Page Steelhead Central Management Console User’s Guide 103 .Managing Appliances and Appliance Groups Managing Appliance Groups 4. Select the interface you wish to edit. Figure 3-9. Under Appliance Configuration Pages. Figure 3-10.

it automatically continues to pass traffic through your network). Specify an IP address. To avoid a speed and duplex mismatch. Check your router configuration and set it to match the Steelhead appliance WAN and LAN settings. check for speed and duplex error messages (crc or frame errors) in the System Log page of the Management Console. If your network routers or switches do not automatically negotiate the speed and duplex. configure your LAN external pair to match the WAN external pair. • After you finish configuring the Steelhead appliance.) Important: The primary and in-path interfaces can share the same subnet. The speed and duplex must match (LAN and WAN) in an in-path configuration. Specify IP Address Manually Specify the following settings if you do not use a DHCP server to set the IP address: • IP Address. the router that is the default gateway for the appliance must not have the ACL configured to drop packets from the remote hosts as its source. Select Auto. To avoid a speed and duplex mismatch. The following guidelines can help you avoid speed and duplex mismatches when configuring the Steelhead appliance: • Routers are often configured with fixed speed and duplex settings. Duplex. Modify the configuration as described in the following table. or 10 from the drop-down list. Select Auto. (A DHCP server must be available so that the Steelhead appliance can request the IP address from it. configure your LAN external pair to match the WAN external pair. Specify the subnet mask. the link defaults to half-duplex. 100. Specify the IP address for the in-path gateway. The default value is Auto. • If there is a serious problem with the Steelhead appliance and it goes into bypass mode (that is. The default value is Auto. if one end of the link is set at half or full-duplex and the other end of the link is configured to auto negotiate (auto). Important: If there is a routed network on the LAN-side of the in-path appliance. regardless of the duplex setting on the non-auto-negotiated end. Control Obtain IP Address Automatically Description Specify this option to automatically obtain the IP address from a DHCP server. Full. LAN Speed and Duplex WAN Speed and Duplex Speed. or Half from the drop-down list. If you have a router (or a Layer-3 switch) on the LAN side of your network. • In-Path Gateway IP. 104 Steelhead Central Management Console User’s Guide . The primary and auxiliary interfaces cannot share the same network subnet. Make sure your switch has the correct setting. but it causes interface errors and results in degraded optimization.Managing Appliance Groups Managing Appliances and Appliance Groups 6. be sure to set them on the device manually. 1000. This IP address is the in-path main interface. • Subnet Mask. Important: Speed and duplex mismatches can easily occur in a network. The in-path appliance uses IP masquerading to appear as the remote server. specify this device as the in-path gateway. For example. This duplex mismatch passes traffic. a speed and duplex mismatch might occur when you reboot the Steelhead appliance.

measured in bytes. that a network can send. it uses its own VLAN until it is able to determine that information. all packets originating from the Steelhead appliance are tagged with that identification number. Steelhead Central Management Console User’s Guide 105 . Use the default value of 0 to leave the interface untagged.1. Note: You must also define in-path rules to apply to your VLANs. 7. you would specify tag 200. Note: When the Steelhead appliance communicates with a client or a server it uses the same VLAN tag as the client or the server. The following procedures are described in this sections: “Accessing SSL Settings for a Specific Appliance.” next “Displaying Certificate PEM” on page 106 “Replacing the SSL Certificate” on page 108 “Exporting Certificate” on page 110 “Generating Certificate” on page 110 Accessing SSL Settings for a Specific Appliance All SSL settings for a specific appliance can be modified or viewed from the Appliance Pages panel. When you specify the VLAN Tag ID for the in-path interface. Click Save to save your settings permanently. 8. Specify the VLAN tag that the appliance uses to communicate with other Steelhead appliances in your network. this field specifies a numeric ID. The VLAN Tag ID might be the same value or a different value than the VLAN tag used on the client. Click the name of the appliance you want to edit to display the Edit Appliance panel. 3.Managing Appliances and Appliance Groups Managing Appliance Groups Control MTU (Bytes) VLAN Tag ID Description Specify the MTU value. Click the Appliance Pages tab. If the Steelhead appliance cannot determine which VLAN the client or server is in. if the in-path interface is 192.168. Click Apply to apply your changes to the running configuration. Managing or Viewing Appliance SSL Settings You can edit the SSL settings for a specific appliance in the Appliances page. The MTU is the largest physical packet size. 2. For example.1 in VLAN 200. To access the SSL settings for a specific application 1. The default value is 1500. Choose Manage > Appliances to display the Appliances page. If you have enabled VLAN tagging. A zero (0) value specifies non-tagged (or native) VLAN.

SSL page. Figure 3-11. SSL page. Under Appliance Configuration Pages. Choose Manage > Appliances to display the Appliances page. To view peering certificate details 1.Managing Appliance Groups Managing Appliances and Appliance Groups 4.” next “Replacing the SSL Certificate” on page 108 “Exporting Certificate” on page 110 “Generating Certificate” on page 110 Displaying Certificate PEM You can display the certificate PEM for the selected appliance in the Editing Appliance Configuration: <Appliance ID>. 106 Steelhead Central Management Console User’s Guide . click SSL to display the Editing Appliance Configuration: <Appliance ID>. SSL page. see: “Displaying Certificate PEM. 2. 3. Under Appliance Configuration Pages. Click the Appliance Pages tab. Click the name of the appliance you want to edit to display the Edit Appliance panel. click SSL to display the Editing Appliance Configuration: <Appliance ID>. SSL Page 5. 4. For detailed procedures on each configuration page.

Click the Display Certificate PEM panel to display the contents. Display Certificate PEM Panel Steelhead Central Management Console User’s Guide 107 . Figure 3-12.Managing Appliances and Appliance Groups Managing Appliance Groups 5.

5. Click the Appliance Pages tab. Figure 3-13. SSL page. 4.Managing Appliance Groups Managing Appliances and Appliance Groups Replacing the SSL Certificate You can replace SSL certificates for the selected appliance in the Editing Appliance Configuration: <Appliance ID>. To replace the SSL certificate 1. Replace Certificate Panel 108 Steelhead Central Management Console User’s Guide . Click the name of the appliance you want to edit to display the Edit Appliance panel. 2. 3. click SSL to display the Editing Appliance Configuration: <Appliance ID>. SSL page. Choose Manage > Appliances to display the Appliances page. Under Appliance Configuration Pages. Click the Replace Certificate panel to display the contents.

Managing Appliances and Appliance Groups Managing Appliance Groups 6. Local File. State. Organization Name. Specify the hostname of the peer. Locality. Paste the certificate text content of the file into the text box. Click Save to save the settings permanently. Validity Period (Days). Country. Paste the text content of the file into the text box. Control Import Existing Private Key and CA-Signed Public Certificate (One File in PEM or PKCS12 formats) Description Click this option if the existing private key and CA-signed certificate are located in one file. 7. the company). The default value is 730. The page displays a Private Key and CA-Signed Public Certificate control for browsing to the key and certificate. Click Set to set your settings. The default value is 1024. Specify how many days the certificate is valid. 8. Specify the state. Browse to the local file. Text. Specify the city. Note: The private key is required. Decryption Password. The page displays a Private Key and CA-Signed Public Certificate control for browsing to the key and certificate files or a text box for copying and pasting the key and certificate. Generate New Private Key and Self-Signed Public Certificate Click this option to generate a new private key and self-signed public certificate. Certificate Text. if necessary. Sets the peer. Organization Unit Name. Import Existing Private Key and CA-Signed Public Certificate (Two Files in PEM or DER formats) Click this option if the existing private key and CA-signed certificate are located in two files. Specify the organization name (for example. Specify the email address of the contact person. Note: Importing the private key is optional. Specify the country (2-letter code only). Cipher Bits. or a text box for copying and pasting the key and certificate. Specify the decryption password. Local File. Use the controls to complete the configuration as described in the following table. Steelhead Central Management Console User’s Guide 109 . Set. the section or department). Specify the organization unit name (for example. Browse to the local file. Common Name. Email Address. Select the key length from the drop-down list.

Click the Appliance Pages tab. Type and confirm the password. To export the SSL certificate 1. 8. Click the name of the appliance you want to edit to display the Edit Appliance panel.Managing Appliance Groups Managing Appliances and Appliance Groups Exporting Certificate You can export the SSL certificate from the selected appliance in the Editing Appliance Configuration page. 3. Click Export. 2. 4. Generating Certificate You can generate the certificate for the selected appliance in the Editing Appliance Configuration page. 2. 4. To generate the certificate 1. Under Appliance Configuration Pages. SSL page. Choose Manage > Appliances to display the Appliances page. 5. Choose Manage > Appliances to display the Appliances page. Export Certificate Panel 6. Click the Export Certificate panel to display the contents. click SSL to display the Editing Appliance Configuration: <Appliance ID>. 3. 110 Steelhead Central Management Console User’s Guide . Click the name of the appliance you want to edit to display the Edit Appliance panel. Select the Include Private Key check box. Click the Appliance Pages tab. click SSL to display the Editing Appliance Configuration: <Appliance ID>. 7. SSL page. Figure 3-14. Under Appliance Configuration Pages.

Managing Appliances and Appliance Groups

Managing Appliance Groups

5. Click the Generate Certificate panel to display the contents.
Figure 3-15. Generate Certificate Panel

Use the controls to complete the configuration as described in the following table.
Control Common Name Organization Name Organization Unit Name Locality State Country Email Address Generate CSR Description Specify the common name (hostname). Specify the organization name (for example, the company). Specify the organization unit name (for example, the section or department). Specify the city. Specify the state. Specify the country (2-letter code only). Specify the email address of the contact person. Generates the Certificate Signing Request.

Managing or Viewing Licenses Settings
This section describes how to view a license. It includes the following sections: “Viewing Licenses,” next For details, see the Steelhead Management Console User’s Guide.

Viewing Licenses
To view licenses 1. Choose Manage > Appliances to display the Appliances page. 2. Click the name of the appliance you want to edit to display the Edit Appliance panel. 3. Click the Appliance Pages tab.

Steelhead Central Management Console User’s Guide

111

Managing Appliance Groups

Managing Appliances and Appliance Groups

4. Under Appliance Configuration Pages, click Licenses to display the Editing Appliance Configuration <Appliance ID>, Licenses page.
Figure 3-16. Edit Appliance Configuration <appliance>, Licenses Page

5. Use the controls to complete the configuration as described in the following table.
Controls Add a New License Text box Add Descriptions Displays the controls for adding a new license. Enter or paste the license into the text area. Adds the new license.

Running Appliance Utilities
You can run appliance utilities (reconnecting and fetching configurations) in the Appliances page. To run appliance utilities 1. Choose Manage > Appliances to display the Appliances page. 2. Click the name of the appliance you want to edit to display the Edit Appliance panel.

112

Steelhead Central Management Console User’s Guide

Managing Appliances and Appliance Groups

Managing Appliance Groups

3. Click Appliance Utilities to display the Editing Appliance Configuration <appliance>, Utilities panel.
Figure 3-17. Edit Appliances Utility Panel

4. Complete the configuration as in the following table.
Control Fetch Appliance Configuration Description Name to use for Fetched Policies. Specify a text string to name the fetched policies. The fetch policies are listed in the Policies page. Fetch. Click to fetch the current configuration from the selected appliance. The fetched configuration is contained in policies (optimization, system, networking, and security) that can be applied to other groups and appliances. The fetch process also updates the host settings, base interfaces, in-path settings, and SSL settings. For details, see “Editing Appliance Configurations” on page 96. Note: You can view the status of the fetch in the Manage > Operation History page. Update Appliance Serial Number Reconnect Update. Click to update the current configuration. Reconnect. Click to reconnect the CMC to the current appliance. Note: Reconnecting does not affect policy configurations. Backup, Restore, or Migrate State For detailed information, see “Managing Appliance Backup/Restore” on page 139.

After clicking either Reconnect or Fetch, the Edit Appliance <serial number> panel closes.

Viewing Policies Inherited by the Appliance
You can view the policies that are inherited by the appliance in the Appliances page. To view policies inherited by an appliance 1. Choose Manage > Appliances to display the Appliances page. 2. Click the name of the appliance you want to view to display the Edit Appliance panel.

Steelhead Central Management Console User’s Guide

113

Managing Appliance Groups

Managing Appliances and Appliance Groups

3. Click the Inherited Policies panel. The Page column lists the policy feature and the Policy column displays the feature source.
Figure 3-18. Inherited Policies Page

Note: The Inherited Policies panel on this page lists the policies and feature sets that are inherited by the appliance. For details on policies and policy inheritance, see “Understanding Policies and Policy Usage” on page 130

Removing Groups and Appliances
You can remove groups and appliances in the Appliances page. To remove an appliance or a group 1. Choose Manage > Appliances to display the Appliances page.
Figure 3-19. Appliances Page

2. Select the check boxes next to the appliances or groups you want to remove.

114

Steelhead Central Management Console User’s Guide

Managing Appliances and Appliance Groups

Managing Appliance Groups

3. Click Remove Selected. When you remove a group, the child appliances in the group automatically move to the nearest available grandparent, such as the Global group. 4. Click Save to save the settings permanently.

Steelhead Central Management Console User’s Guide

115

Managing Appliance Groups

Managing Appliances and Appliance Groups

Moving Groups and Appliances
You can move groups and appliances from one parent group to another in the Appliances page. To move groups and appliances 1. Choose Manage > Appliances to display the Appliances page.
Figure 3-20. Appliances Page

2. Select the check boxes next to the appliances or groups you want to move to another group. 3. Click Move Selected. Arrows display next to all available groups where the selected items can be moved. 4. Click the arrow next to the group where you want to move the selected items. 5. Click Save to save the settings permanently.

116

Steelhead Central Management Console User’s Guide

Figure 3-21. Choose Manage > Appliances to display the Appliances page. only appliances and groups with that string in their identifiers display in the list. Filter Table 3. Click the Filter tab to display the filter controls. Steelhead Central Management Console User’s Guide 117 . Click Apply Filter to display only the appliances that match the filtered criteria. For example. You can filter by the following string values: – – – – – – – – – – – Group Name Address or Serial Number Model Number Software Version Connection State Health Status Optimization Policy System Settings Policy Networking Policy Security Policy Branch Services Policy 4. Type an expression into the desired fields to filter the display of appliances. 2. if you specify A16. To filter the display managed appliances 1.Managing Appliances and Appliance Groups Managing Appliance Groups Filtering the Display of Appliances and Appliance Groups You can filter the display of managed appliances in the Appliances page.

Stopping. For details. see “Running Appliance Utilities” on page 112. appliance page configurations are also populated when you fetch policies from an appliance. Any changes made to policies on the CMC do not take effect on Steelhead appliances until the new configurations are pushed to the Steelhead appliance. When the vault on an appliance is locked. For details. Reboot .Change the password for the Secure Vault on selected appliances and appliance groups.Unlock the Secure Vault on selected appliances and appliance groups. see “Editing Appliance Configurations” on page 96. Note: Any time you push CMC configurations (in the form of policies) to selected appliances or appliance groups. see “Setting the Password on Appliances and Appliance Groups” on page 126.Managing Appliance Groups Managing Appliances and Appliance Groups Performing Operations on Appliance Groups You can perform the following operations on selected appliances and appliance groups in the Appliances page: Push Policies . 2. For details.Reboot selected appliances and appliance groups. see “Unlocking the Secure Vault” on page 127.Set the password for administrator and monitor users on selected appliances and appliance groups. For details. you might be unable to push some configuration settings. Choose Manage > Appliances to display the Appliances page. or Restarting Appliances and Appliance Groups” on page 123. see “Rebooting Appliances and Appliance Groups” on page 124. appliance page configurations are also pushed. Pushing Policies to Appliances and Appliance Groups You can push CMC configurations (in the form of policies) to selected appliances or appliance groups in the Appliances page. Click Appliance Operations tab to display the operation options. Shutdown . For details on fetching configurations from appliances.Upgrade the software images on selected appliances and appliance groups. Start/Stop Services . see “Changing the Secure Vault Password” on page 128. For details. Similarly. For details on appliance page configurations. Send CLI Commands . Unlock Secure Vault .Send a set of CLI commands to the selected appliances and groups. see “Pushing Policies to Appliances and Appliance Groups” on page 118.Start and stop the system service on selected appliances and appliance groups. Upgrade Software . see “Starting. To push a configuration to an appliance or an appliance group 1. For details. For details. For details. see “Shutting Down Appliances and Appliance Groups” on page 125.Shutdown the system on selected appliances and appliance groups.Push configurations to selected appliances and appliance groups. Set Password . Change Secure Vault Password . 118 Steelhead Central Management Console User’s Guide . see “Sending CLI Commands to Appliances and Appliance Groups” on page 129. see “Upgrading Appliances and Appliance Groups” on page 120. For details.

the push occurs the next time the appliance connects.Managing Appliances and Appliance Groups Managing Appliance Groups 3. The results of this operation can be viewed in the Operation History page. Click Save to save the settings permanently. Specify the date and time using the following formats: YYYY/MM/DD. see “Viewing and Managing System Operation History” on page 137. Under Push Policies. HH:MM:SS If this option is not selected. complete the configuration as described in the following table. Steelhead Central Management Console User’s Guide 119 . Control Restart Service If Required Schedule Deferred Push Description Click to restart the targeted services after the push. Figure 3-22. 5. if required based on the type of configuration changes. Appliances Page 4. For details. Select Push Policies from the operation drop-down list. Push Click the check box next to the name of the appliance and appliance groups you want to change and click Push to push the configuration to the selected appliances or appliance groups.

To upgrade appliances or appliance groups 1. Click Appliance Operations tab to display the operation options. see “Configuring Upgrades” on page 142. 2.Managing Appliance Groups Managing Appliances and Appliance Groups Upgrading Appliances and Appliance Groups You can upgrade the software image on selected appliances or groups in the Appliances page. Software images can be obtained from a URL or the image library. which is managed on the Configure Upgrades page. Choose Manage > Appliances to display the Appliances page. 120 Steelhead Central Management Console User’s Guide . For details.

Managing Appliances and Appliance Groups Managing Appliance Groups 3. Figure 3-23. Appliances Page Steelhead Central Management Console User’s Guide 121 . Select Upgrade Software from the operation drop-down list.

x Steelhead appliances).0 or higher. Note: To install a 64-bit image on a supported Steelhead currently running a 32bit image. 122 Steelhead Central Management Console User’s Guide . the upgraded appliances do not automatically upgrade when rebooted. Control Image Source Description This panel provides the same set of options for 32-bit appliances and 64-bit appliances. Use the following the formats: YYYY/MM/DD.Does not reboot the selected appliances or appliance groups in conjunction with the upgrade. To complete the upgrade process. reboot the appliances using the Reboot operation with the Switch to Backup Partition option. When the upgrade is performed. Upgrade Options Select one of the following options: • Upgrade Now . 5.Specify this option to specify an image currently in the Image Library.5. the Steelhead must first be upgraded to at least 4.1. HH:MM:SS Reboot Options Select one of the following options: • Do not reboot after upgrade . The results of this operation can be viewed in the Operation History page. For details.Optionally. • Schedule a reboot after upgrade .Reboots the selected appliances or appliance groups to the upgraded version at the specified date and time (YYYY/MM/DD. and for transitioning to 64-bit. Under the appropriate set. select and configure one of the following options: • From the Library . When this option is selected.Specify the URL source for the software image. • Reboot immediately after upgrade .5c (for 5. which obtains the image from the URL directly (as opposed to from the CMC). .1.Upgrades the image immediately • Schedule Upgrade . see “Rebooting Appliances and Appliance Groups” on page 124. HH:MM:SS).x Steelhead appliances) or 5. see “Viewing and Managing System Operation History” on page 137. • From a URL .Reboots the selected appliances or appliance groups immediately after upgrade. specify this option to schedule the upgrade for a specific date and time. Complete the configuration as described in the following table.Managing Appliance Groups Managing Appliances and Appliance Groups 4. Select the image from the Image drop-down list. Upgrade Click the check box next to the name of the appliance and appliance groups you want to change and click Upgrade to install the software image on the selected appliances or appliance groups.0.7c (for 4.0. For details. the CMC sends the URL to the Steelhead appliance. Click Save to save the settings permanently. Only after this upgrade can the Steelhead can be further upgraded to 64-bit 5.

Complete the configuration as described in the following table. and restart selected appliances and appliance groups in the Appliances page. or Restart from the drop-down list. Specify the date and time. The results of this operation can be viewed in the Operation History page. Choose Manage > Appliances to display the Appliances page. stop. stop. Click Save to save the settings permanently. HH:MM:SS Click Apply to apply your changes to the selected appliances or appliance groups. Control Service Action Clean Data Store Schedule Deferred Service Action Apply Description Select Start. Specify this option to clean the data store. Use the following formats: YYYY/MM/DD.Managing Appliances and Appliance Groups Managing Appliance Groups Starting. Stop. Figure 3-24. To start. Select Start/Stop Services from the operation drop-down list. 2. see “Viewing and Managing System Operation History” on page 137. Click Appliance Operations tab to display the operation options. 3. Appliances Page 4. Stopping. or restart an appliance or an appliance group 1. For details. 5. or Restarting Appliances and Appliance Groups You can start. Steelhead Central Management Console User’s Guide 123 .

124 Steelhead Central Management Console User’s Guide . see “Viewing and Managing System Operation History” on page 137. For details. Note: This step is required to complete an upgrade that was configured with the Do not reboot after upgrade option. The results of this operation can be viewed in the Operation History page. Select Reboot from the operation drop-down list. Choose Manage > Appliances to display the Appliances page.Managing Appliance Groups Managing Appliances and Appliance Groups Rebooting Appliances and Appliance Groups You can reboot selected appliances and appliance groups in the Appliances page. 2. Click Reboot to reboot the selected appliances or appliance groups. Appliances Page 4. see “Upgrading Appliances and Appliance Groups” on page 120 Schedule Deferred Reboot Specify the date and time for scheduled reboot. Use the following formats: YYYY/MM/DD. HH:MM:SS 5. Figure 3-25. 3. Complete the configuration as described in the following table. Control Switch to the Backup Partition Description Select this option to have the selected appliances upgrade to loaded versions when they reboot. To reboot an appliance or an appliance group 1. For details. Click Appliance Operations tab to display the operation options.

3. Steelhead Central Management Console User’s Guide 125 . Control Clean Data Store Schedule Deferred Shutdown Shutdown Description Specify to clean the data store. Complete the configuration as described in the following table. For details. Choose Manage > Appliances to display the Appliances page. 2. 5. Appliances Page 4. see “Viewing and Managing System Operation History” on page 137. HH:MM:SS Select the check box next to the name of the appliance and appliance groups you want to shut down and click Shutdown. Click Appliance Operations tab to display the operation options. Figure 3-26. Specify the date and time. Click Save to save the settings permanently. Select Shutdown from the operation drop-down list. The results of this operation can be viewed in the Operation History page. Use the following formats: YYYY/MM/DD.Managing Appliances and Appliance Groups Managing Appliance Groups Shutting Down Appliances and Appliance Groups You can shut down selected appliances and appliance groups in the Appliances page. To shut down an appliance or an appliance group 1.

Click Set Password to set the specified password. 5. Note: The CMC sets the password for the user the CMC is using to connect with the Steelhead appliance. see “Viewing and Managing System Operation History” on page 137. 126 Steelhead Central Management Console User’s Guide . Control User Password Confirm Password Set Password Description Type Admin or Monitor in the text box. Select Set Password from the operation drop-down list. Click Appliance Operations tab to display the operation options. The results of this operation can be viewed in the Operation History page. Complete the configuration as described in the following table. The CMC automatically updates the password that is used by the CMC to connect with the Steelhead appliance. Choose Manage > Appliances to display the Appliances page.Managing Appliance Groups Managing Appliances and Appliance Groups Setting the Password on Appliances and Appliance Groups You can set the password on selected appliances and appliance groups in the Appliances page. Figure 3-27. Click Save to save the settings permanently. Appliances Page 4. 3. 2. Confirm the password. To set the password on an appliance or an appliance group 1. For details. Specify the password.

Managing Appliances and Appliance Groups Managing Appliance Groups Unlocking the Secure Vault You can unlock the Secure Vault on selected appliances and appliance groups in the Appliances page. Steelhead Central Management Console User’s Guide 127 . see “Viewing and Managing System Operation History” on page 137. 2. Click Appliance Operations tab to display the operation options. Choose Manage > Appliances to display the Appliances page. To unlock the secure vault on an appliance or an appliance group 1. The results of this operation can be viewed in the Operation History page. Select Unlock Secure Vault from the operation drop-down list. When the vault on an appliance is locked. Appliances Page 4. Enter the password and click Unlock Vault to unlock the secure vault on the selected appliances and appliance groups. Figure 3-28. 3. For details. you might be unable to push some configuration settings.

The results of this operation can be viewed in the Operation History page. Note: The CMC must already know the current Secure Vault password. For details. 2. 128 Steelhead Central Management Console User’s Guide . Select Change Secure Vault Password from the operation drop-down list. To change the secure vault password on an appliance or an appliance group 1. 3. Enter and confirm the new vault password. Choose Manage > Appliances to display the Appliances page. Figure 3-29. which is set on the SSL configuration page of each appliance. Click Appliance Operations tab to display the operation options. see “Viewing and Managing System Operation History” on page 137. Click Change Password to change the vault password. 5. Appliances Page 4.Managing Appliance Groups Managing Appliances and Appliance Groups Changing the Secure Vault Password You can change the password for the Secure Vault on selected appliances and appliance groups in the Appliances page. This operation automatically updates the CMC’s stored copy of each selected appliance’s password.

Select Send CLI Commands from the operation drop-down list. Choose Manage > Appliances to display the Appliances page.Managing Appliances and Appliance Groups Managing Appliance Groups Sending CLI Commands to Appliances and Appliance Groups You can send CLI commands to selected appliances and appliance groups in the Appliances page. Figure 3-30. To send CLI commands to an appliance or an appliance group 1. Click Appliance Operations tab to display the operation options. 2. Appliances Page Steelhead Central Management Console User’s Guide 129 . 3.

Complete the configuration as described in the following table.” next “Creating Policy Settings” on page 133 “Editing Policy Settings” on page 134 “Assigning Policies” on page 136 Understanding Policies and Policy Usage This section describes policies and policy usage. Control Text field Description Paste or type in the set of CLI commands. Use the following formats: YYYY/MM/DD. For details. It includes the following sections: “How Policies and Inheritance Work. 5. Note: Each command must be on a separate line. Working with Policies This section describes how to configure and apply policies that facilitate centralized management and configuration of Steelhead appliances.” next “Policy Types” on page 131 130 Steelhead Central Management Console User’s Guide . The results of this operation can be viewed in the Operation History page. Schedule Deferred Command Execution Send Select this option to schedule a deferred command and specify the date and time. Click Save to save the settings permanently. It includes the following sections: “Understanding Policies and Policy Usage. see “Viewing and Managing System Operation History” on page 137. HH:MM:SS Click Send to send the commands.Managing Appliance Groups Working with Policies 4.

The configuration settings can be inherited by all members of the group. To modify these configurations. Only one of each kind of policy type can be applied to a group or an appliance. you can apply different policies at the group or Steelhead appliance level. you can configure policies to inherit some feature-set values from the parent group but override others. Steelhead Central Management Console User’s Guide 131 . For greater flexibility. The green triangles represents policy feature sets at the child level that inherit the parent settings. For details. Policy Types Each policy type is made up of particular RiOS features.Working with Policies Managing Appliance Groups How Policies and Inheritance Work A policy is a collection of configuration settings that can be applied to Steelhead appliances or groups of Steelhead appliances. see “Inheriting or Overriding Policy Settings from a Parent Group” on page 16. Example A Parent policy parameters: Child policy parameters: Resulting policy config: S1 S1 S1 S2 S2 S2 S3 S3 S3 S4 S4 S4 Example B S1 S1 S1 S2 S2 S2 S3 S3 S3 S4 S4 S4 Example C S1 S1 S1 S2 S2 S2 S3 S3 S3 S4 S4 S4 The resulting policy configuration is a combination of feature sets inherited from the parent and feature sets from the policy are applied to the child Steelhead appliance or group. The red squares represents policy feature sets at the child level that override the parent settings. All groups and Steelhead appliances are contained within the Global group. The diagram below shows how policy settings flow from the parent group to child groups and Steelhead appliances: The blue circles represents policy feature sets at the parent level. As a result. all policy configurations from the Global group are inherited by all child groups and Steelhead appliances.

see the Steelhead Management Console User’s Guide. Security policies include the following feature sets: • General Security Settings • User Permissions • RADIUS • TACACS+ • Management ACL • Web Settings Branch Services Policy Use branch services policies to manage the following feature sets: • Caching DNS • RSP Slots • RSP Dataflow For details on RiOS feature sets.Managing Appliance Groups Working with Policies The following table summarizes the available policies and their respective feature sets. Optimization policies include the following feature sets: • General Service Settings • In-Path Rules • Peering Rules • Service Ports • Data Store • Performance • Protocols CIFS • Protocols CIFS Prepopulation • Protocols HTTP • Protocols Oracle Forms • Protocols MAPI System Settings Policy Use system settings policies to organize and manage the following feature sets: • Announcements • Alarms • Monitored Ports • SNMP Basic Networking Policy • SNMP v3 • SNMP ACLs • Email • Logging • Protocols MS-SQL • Protocols NFS • Protocols Lotus Notes • Protocols Citrix ICA • Windows Domain Auth • SSL Main Settings • SSL Peering • Certificate Authorities • SSL Advanced Settings • Secure Peering (IPSEC) Use networking policies to manage the following networking feature sets: • Host Settings • WCCP • Simplified Routing • Asymmetric Routing • Connection Forwarding • Flow Export • QoS Classification • QoS Marking • Port Labels Security Policy Use security policies to manage appliances in which security is a key component. Type Optimization Policy Description Use optimization policies to organize appliances in which optimization is a key component. 132 Steelhead Central Management Console User’s Guide .

Complete the configuration as described in the following table.Configures networking features. click Create New Policy. Figure 3-31. • Security . CLI Commands Remove Selected Policies Optionally. Steelhead Central Management Console User’s Guide 133 .Configures branch services features. Choose Manage > Policies to display the Policies page. To create a new policy 1. Select one of the following policy types from the drop-down list: • Optimization . Select a policy from the drop-down list. You can then modify individual settings in the new policy. Control Policy Name Type Description Specify the name for the policy. paste or type in commands (one command per line) to be pushed to an appliance using this policy.Configures optimization features. • Networking . • Branch Services . Use this feature to duplicate identical feature sets of an existing policy. For a detailed description of policy types. The default value is None. To create a new policy. Click the check box next to the name of the policy and click Remove Selected Policies. see “Policy Types” on page 131. Description Copy Contents From Policy Specify a description to help you identify the policy. • System Settings .Configures security features.Working with Policies Managing Appliance Groups Creating Policy Settings You can create new policies in the Policies page.Configures system settings features. Polices Page 3. 2.

Figure 3-32. Note: If you delete or rename a policy. To edit an existing policy 1. you cannot create another policy with the same name until you save the configuration changes. For details. After creating a new policy. The feature sets displayed depend on the type of policy. Editing Policy Settings You can edit existing policies in the Policies page. You can configure each parameter individually or you can configure the policy to inherit the value from the parent policy. Choose Manage > Policies to display the Policies page. 2. as described in “Editing Policy Settings” on page 134. Click Add to add the new policy to the system. see “Understanding Policies and Policy Usage” on page 130. you can modify the feature-set values. Sample Polices Page 134 Steelhead Central Management Console User’s Guide . Each type of policy is comprised of a distinct set of parameters.Managing Appliance Groups Working with Policies 4. Click the name of the policy in the list to display the feature sets for that policy.

8. For details on all policy feature sets and their parameters. the policy will not be pushed. Select the Enable Page check box next to the feature set page name to override the inheritance of values from the policies applied to the parent group. For example. 7. “Policy Parameters and Settings. 4. This page includes drop-down lists that enable you to navigate between policies and their feature set pages. if the current page is In-Path Rules. Note: This copies only the settings for the current page. Note: If no pages are checked. see Appendix A. Click Save to save the settings permanently. Figure 3-33. see “Creating Policy Settings” on page 133. Selecting Policy Pages 5. Click Apply to apply your settings. select the policy containing the values you want to duplicate from the Copy Contents From Policy drop-down list. The page displays the settings for the selected feature set. and click Copy. only In-Path Rule settings are copied. Click the feature set name in the Page column to change the settings of a specific feature set. Modify the feature sets as desired. To copy the specified feature set values from another policy.Working with Policies Managing Appliance Groups 3.” 6. To duplicate entire policy feature sets. Steelhead Central Management Console User’s Guide 135 .

Select the system settings policy from the drop-down list. Select the branch services policy from the drop-down list. To assign a policy to a group 1. 136 Steelhead Central Management Console User’s Guide . The default value is None. The default value is None. Select the networking policy from the drop-down list. as described in the following table. Figure 3-34. Click the name of the group you want to display the settings for each type of policy.Managing Appliance Groups Working with Policies Assigning Policies You assign policies to groups and appliances in the Appliances page. Policies are optional for groups and appliances. Appliances Page 3. Select the security policy from the drop-down list. Use the controls to complete the configuration. 2. The default value is None. Enter a comment. Choose Manage > Appliances to display the Appliances page. Setting Optimization Policy System Settings Policy Networking Policy Security Policy Branch Services Policy Comment Description Select the optimization policy from the drop-down list. You can apply only one of each type of policy to a group or appliance. The default value is None. The default value is None.

Choose Manage > Operation History to display the Operation History page. To view and manage operation history 1. and the status of the operation in the Operation History page. The Operation History page also displays operation details including the serial number of the appliance. Click Save to save the new settings permanently. 5. You can open each operation in the history to view operation details including the serial number of the appliance. Note: Users can only view the operation history of appliances and appliance groups for which they have permission. For details. Figure 3-35. click Cancel to cancel your settings. Note: After you have assigned the policies. type. Viewing and Managing System Operation History You can view the operation history for the system including the ID. time-stamp. you must push the configuration to the specified group. Operation History Page Steelhead Central Management Console User’s Guide 137 . current status of the operation for the appliance.Viewing and Managing System Operation History Managing Appliance Groups 4. and messages associated with the operation. and messages associated with the operation. see “Pushing Policies to Appliances and Appliance Groups” on page 118. Click Apply to apply your settings. current status of the operation for the appliance.

serial number using as a sub-string. the history displays no operations before the date and time specified. use the controls described in the following table. and messages associated with the operation. the history displays no operations after the date and time specified. under History Management. Control Operation Type Operation Status Description Select one or more operation types as filter criteria.Specifies that the listed operation is incomplete. (Click Cancel to close operation details. complete the configuration as described in the following table. or regular expression as filter criteria. Control Clear History Description Indicates to clear the history based on one of the following options • Clear All History . operations with that status are included. click the Date/Time value to display the appliances. • Pending . Type in as filter criteria the earliest date (YYYY/MM/DD) and time (HH:MM:SS). To filter the contents of the operation history. Optionally. Select one or more operation statuses as filter criteria: • Success . Under Operations. For example. Appliance Type in an appliance address.Specifies that the listed operation failed.Specify date (YYYY/MM/DD) and time (HH:MM:SS).Specify to clear all history.Specifies that the listed operation succeeded.Specifies that the listed operation is currently pending. if you type in ABC. • Incomplete . When selected. detailed status. • Clear History Older Than . when unselected they are excluded. Timestamp Upper Bound Type in as filter criteria the latest date (YYYY/MM/DD) and time (HH:MM:SS). For example. the filter would highlight operations that involved appliances with ABC in the appliance address or serial number. For example. Timestamp Lower Bound Apply Filter 3. 138 Steelhead Central Management Console User’s Guide . Clear Click to clear history based on the above options. • Failed . Filters the contents of the table in the Operations panel immediately below the Filter panel.Managing Appliance Groups Viewing and Managing System Operation History 2.) 4.

at 3 a. This section describes how to perform a manual backup and how to set the time for the daily automatic backup. Steelhead Central Management Console User’s Guide 139 . delete. the restore point does not include SSL settings configured in the SSL page.” next “Restoring a Backup Configuration to an Appliance” on page 140 “Removing Backup Configurations” on page 141 Note: Typically.DD CONFIG_NAME. where CONFIG_NAME is the name of the active configuration on the Steelhead appliance. you can use the controls on the Appliance Backup/Restore page to create backups or reset the appliance to a backup restore point. Riverbed recommends that you restore an appliance to health by resending its configuration policies.Managing Appliance Backup/Restore Managing Appliance Groups Managing Appliance Backup/Restore You can view. every day.m. with the filename YYYY. you do not need to use backups. see “Performing Backups on an Appliance” on page 139. Performing Backups on an Appliance You back up Steelhead appliance configurations in the Appliance Backups and RMA page. as described in “Managing or Viewing Appliance SSL Settings” on page 105. Alternatively. For details on changing the default time for daily backups. you can use the following procedure to restore the system to the backup restore point. The CMC collects backups automatically. However. This section describes the following: “Performing Backups on an Appliance.MM. If using policies for restoration is not possible. and restore configurations of a remote Steelhead appliances in the Appliance Backup/ Restore page.

use the controls as described in the following table. Appliance Backup/Restore Page This page lists the backups that have been previously saved for the appliance selected in the Source Appliance drop-down list. Figure 3-36. Select the source appliance from the drop-down to display the Backup Operation information. Click Save to save the settings permanently. 140 Steelhead Central Management Console User’s Guide . Click Apply to apply the settings to the current configuration. To restore configuration settings 1. 4. To create a manual backup. This feature also displays the CLI configuration for the selected Steelhead appliance backup. Restoring a Backup Configuration to an Appliance You restore appliance configurations to a Steelhead appliance in the Appliance Backup/Restore page. Choose Manage > Appliance Backup/Restore to display the Appliance Backup/Restore page. 2. Choose Manage > Appliance Backup/Restore to display the Appliance Backup/Restore page. Control Source Appliance Description Select the appliance for backup from the drop-down list.Managing Appliance Groups Managing Appliance Backup/Restore To perform a backup on an appliance 1. 2. 3.

Under Restore Operation. select the target appliance. select one of the backups to be restored. Click Migrate.Managing Appliance Backup/Restore Managing Appliance Groups 3. enter the name for the backup. Restore Operation Section 4. 5. All other daily automatic backups are automatically deleted after thirty days. Steelhead Central Management Console User’s Guide 141 . To remove configuration backups 1. However. 3. A panel displays the backup details and controls for restoring the backup. User-generated backups must be removed manually. Migrate Operation Section 6. the automatic daily backups are automatically deleted as follows: The first automatic daily backup of the month is automatically deleted after three years. Removing Backup Configurations You can remove configuration backups in the Appliance Backup/Restore page. 2. Figure 3-37. Click the check box next to the backup name and click Remove Selected Backups to remove the configuration backups from the list. 7. Select the appliance from the Source Appliance drop-down list to display the configuration backups for the specified appliance. Under Migrate Operation. Click Apply to save your settings. Choose Manage > Appliance Backup/Restore to display the Appliance Backup/Restore page. they are not deleted automatically. Under Backup Operations. Figure 3-38.

5c or higher.5 or later: 1U / xx00 1U / xx10 Current Supported Models Running 32-bit RiOS version . Connected Steelhead appliances upgrade the next time they connect. Note: The upgrade process is only completed when the targeted Steelhead appliances connect to the CMC.The following xx50models. regardless of current RiOS version.x. Other models (and also depending on the version of RiOS) require a transitional 32-bit upgrade before a final upgrade to 64-bit. can be upgraded only to another 32-bit software image.To upgrade to a 64-bit software image. 142 Steelhead Central Management Console User’s Guide . 32-bit only models .1. Depending on the version of RiOS.0. a Steelhead appliance must be running RiOS v5. many existing models of the Steelhead appliance can be directly upgraded from 32-bit to 64-bit. with the exception of xx20 models that are running v4.The following models are no longer supported for upgrading to RiOS v5. You can also manage Steelhead software images and enable automatic upgrades on this page. The following constraints apply: Unsupported models .Managing Appliance Groups Configuring Upgrades Configuring Upgrades You configure upgrade settings in the Configure Upgrades page.

Control Add Image Image Name Description Click to display additional controls for adding images to the CMC image library. Steelhead Central Management Console User’s Guide 143 . the CMC obtains the image.Specify the URL source for the software image. The image is uploaded immediately. • Upload from a Local File . Configure Upgrades Page 2. Under Manage the Image Library. When the upgrade is performed. Choose Manage > Configure Upgrades to display the Configure Upgrades page.Specify the path for the software image or click Browse to go to a local file directory. Figure 3-39. select and configure one of the following options: • Download from a URL .Configuring Upgrades Managing Appliance Groups To configure upgrades 1. . manage Steelhead software images by using the controls described in the following table. Click the check box next to the image and click Remove Image. To obtain the image. Add Image Remove Image Adds the specified image to the CMC image library. Type a name for the image.

5.Managing Appliance Groups Configuring RSP Appliances 3. In the Timeout for upgrades field. Choose Manage > RSP > RSP Appliances to display the RSP Appliances page. Note: The contents of the drop-list are limited to the 32-bit software images already in the image library. The default value is 15. For example. only five appliances will be upgraded at a time. all 32-bit Steelhead appliances are automatically upgraded to the specified 32-bit or transition image the next time they connect to the CMC. specify Do not auto-upgrade to prevent auto-upgrade. Figure 3-40. Optionally. Note: The contents of the drop-list are limited to the 64-bit software images already in the image library. To configure RSP appliances 1. The default value is 10800. specify Do not auto-upgrade to prevent auto-upgrade. 64-bit Steelhead Image Select from the drop-down list the 64-bit image to which all 64-bit Steelhead appliances are to be upgraded. Configuring RSP Appliances You configure RSP appliances settings in the RSP Appliances page. specify the seconds. and this values is set to 5. use the following controls to automate upgrades. specify the number of appliances to be concurrently upgraded. RSP Appliances Page 144 Steelhead Central Management Console User’s Guide . Transition Image Select from the drop-down list the 32-bit transition image to which all applicable 32-bit Steelhead appliances are to be upgraded in preparation for subsequent 64-bit upgrade. Note: The contents of the drop-list are limited to the 32-bit software images already in the image library. Select from the drop-down list the 32-bit image to which all 32-bit Steelhead appliances are to be upgraded. For example. 6. Control Enable Automatic Steelhead Upgrades 32-bit Steelhead Image Description Enables automated upgrades and activates the rest of the controls in this panel. Click Apply to apply the settings to the running configuration. 4. In the Maximum Concurrent Upgrades field. if your network has twenty-five appliances. Optionally. Under Configure Automatic Upgrades.

Install Click Install to continue with your settings. Select option to schedule an operation. Click RSP Service to display the RSP Service Operation options. Figure 3-41. RSP Service Operation Options 3. Date and Time. Use the following format: YYYY/MM/ DD HH:MM:SS. Select the image from the drop-down list. Complete the configuration as described in the following table. Select the image from the drop-down list.Configuring RSP Appliances Managing Appliance Groups 2. Control RSP Service Operation 32-bit RSP Image 64-bit RSP Image Schedule operation Description Select Install RSP Service or Manage RSP Service from the drop-down list. Steelhead Central Management Console User’s Guide 145 .

Add Image Options 3. Select this option and type the URL to the image. Choose Manage > RSP > RSP Image Library to display the RSP Image Library page. 4. Complete the configuration as described in the following table. To remove an entry. Click this option and type the path or click Browse to navigate to the local file directory. RSP Image Library Page 2. Figure 3-42. Figure 3-43. To configure RSP image library 1. 146 Steelhead Central Management Console User’s Guide . click the check box next to the name and click Remove Selected Images. Click Add Image to display the Add Image options. Control File Name From URL From Local File (for images less than 2GB in size) Add Image Description Type a descriptive name for the image.Managing Appliance Groups Configuring RSP Image Library Configuring RSP Image Library You configure RSP image library settings in the RSP Image Library page. Downloads the image to your system.

To configure RSP package library 1. Complete the configuration as described in the following table. Figure 3-44. Steelhead Central Management Console User’s Guide 147 . Click Browse to navigate to the file. Control File Name From URL From Local File (for packages less than 2GB in size) Add Package Description Enter the file name. Click Add Packages to add the package. Add Package Page 3. Choose Manage > RSP > RSP Package Library to display the RSP Package Library page.Configuring RSP Package Library Managing Appliance Groups Configuring RSP Package Library You configure RSP image library settings in the RSP Package Library page. Click Add Package to display the options. Enter the URL. 2.

Managing Appliance Groups Configuring RSP Package Library 148 Steelhead Central Management Console User’s Guide .

This chapter includes the following sections: “Displaying Managed Steelheads Reports and Logs. download remote appliance logs. and display and customize CMC reports.” next “Viewing Bandwidth Optimization Reports” on page 153 “Viewing Data Reduction Reports” on page 155 “Viewing Traffic Summary Reports” on page 158 “Viewing Connection History Reports” on page 160 “Viewing Connection Forwarding Reports” on page 163 “Viewing Connection Pooling Reports” on page 164 “Viewing HTTP Stats (Steelhead v5+) Reports” on page 166 “Viewing HTTP Stats (Steelhead v4) Reports” on page 170 “Viewing SSL Servers Reports” on page 172 “Viewing NFS Reports” on page 175 “Viewing Data Store SDR-Adaptive Reports” on page 177 “Viewing Data Store Cost Reports” on page 179 “Viewing Data Store Disk Load Reports” on page 181 “Viewing Data Store Hit Rate Reports” on page 182 Steelhead Central Management Console User’s Guide 149 .” next “Displaying Steelhead Diagnostics Reports” on page 197 “Displaying CMC Diagnostics Reports” on page 205 “Exporting Performance Statistics Reports” on page 217 Displaying Managed Steelheads Reports and Logs This section describes how to create managed Steelhead reports and logs.CHAPTER 4 Displaying and Customizing Reports This chapter describes how to display and customize remote Steelhead appliance reports. It includes the following sections: “Viewing Optimized Throughput Reports.

The 95th percentile is calculated by taking the peak of the lower 95% of inbound and outbound throughput samples.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs “Viewing Data Store IO Reports” on page 184 “Viewing Data Store Read Efficiency Reports” on page 187 “Viewing DNS Cache Hits Reports” on page 189 “Viewing DNS Cache Utilization Reports” on page 190 “Viewing QoS Stats Dropped Reports” on page 192 “Viewing QoS Stats Sent Reports” on page 194 “Displaying Steelhead Diagnostics Reports” on page 197 Note: Reports are based on data gathered from registered remote Steelhead appliances by the CMC every five minutes. The 95th percentile is calculated by taking the peak of the lower 95% of inbound and outbound throughput samples. Average LAN Throughput Peak WAN Throughput 95th Percentile WAN Throughput At <time> on <date> Average WAN Throughput What This Report Tells You The Optimized Throughput report answers the following questions: What was the average throughput? What was the peak throughput? At what time did the peak throughput occur? 150 Steelhead Central Management Console User’s Guide . Viewing Optimized Throughput Reports The Optimized Throughput report summarizes the throughput or total data transmitted for the application and time period specified. The Optimized Throughput report includes Optimized LAN and WAN Link Throughput graphs which include the following statistics that describe data activity for the application and the time period you specify. Displays the date and time of the peak data activity. Displays the 95th percentile for data activity. Field Peak LAN Throughput At <time> on <date> 95th Percentile LAN Throughput Description Displays the date and time of the peak data activity. Displays the average amount of data transmitted. Displays the average amount of data transmitted. Displays the 95th percentile for data activity.

However. connection counts. For example. Steelhead Central Management Console User’s Guide 151 . according to the interval you select. the bandwidth and connection data during the period of lost connectivity might be skewed. the percent) that is the average value for the time period selected. it sends an aggregate data point for the last day. If you need to analyze data on the remote Steelhead appliance for the missing period. Three triangles near the top margin of the graph point to the value on the x-axis (the time) at which the peak occurred. you can view this in the Management Console for the individual remote appliance. The right margin of the graph points to the value on the y-axis (for example. and the like. Pie chart graphs represent the aggregate for the time period selected. Pie chart graphs do not indicate peaks or averages. the x-axis (or tick mark) plots time. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. when the remote appliance re-establishes connectivity. such as gigabytes of bandwidth. report for periods longer than Last Day do reflect bandwidth and connection data accurately. The y-axis plots the metric of interest. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. percent (%) of data reduction. However.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports About Report Graphs In bar-graph and line-graph reports. About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. Thus. due to performance and disk space considerations. if a remote appliance loses connectivity with the CMC for six hours. data representation in reports for periods longer than an hour are interpolated from aggregate data points.

Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs To view the Optimized Throughput report 1. Choose Reports > Managed Steelheads > Optimized Throughput to display the Optimized Throughput page. Figure 4-1. Throughput Page 152 Steelhead Central Management Console User’s Guide .

Select the application from the drop-down list. Use the following format: YYYY/MM/DD HH:MM:SS. Control Period Description Select Last Hour. application. You can create reports according to the time period of your choice. Displays the total decrease of data transmitted over the WAN. Group Select a group from the drop-down list.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports 2. or Custom from the drop-down list. The default value is Global or Custom. Viewing Bandwidth Optimization Reports The Bandwidth Optimization report summarizes the overall inbound and outbound bandwidth improvements for your network. Select Off. and type of traffic. 10 Minutes. 5 Minutes. Use the controls to customize the report as described in the following table. or 15 Minutes from the drop-down list. The Bandwidth Optimization report includes the following table of statistics that describe bandwidth activity for the time period you specify. WAN-to-LAN. Last Day. Traffic Application Refresh Select Bi-directional. 3. Last Month. For Custom. Field WAN Data LAN Data Total Data Reduction % Description Displays the bytes sent and received (depending on direction) over the WAN ports. enter the Start Time and End Time and click Go. Displays the increase in the amount of data transmitted over the WAN. or LAN-to-WAN from the drop-down list. Displays the bytes sent and received (depending on direction) over the LAN ports. Click Go to display the report with the new settings. Last Week. The default value is All. You can also select [Custom] to display a drop-down list from which you can select one or more individual appliances to include in the report. according to the following calculation: (Data In – Data Out)/(Data In) Peak Data Reduction Occurred At <time> on <date> Optimized Bandwidth Capacity Increase Displays the date and time that the peak data reduction occurred. according to the following calculation: 1/(1-Reduction Rate) What this Report Tells You The Bandwidth Optimization report answers the following questions: How much bandwidth optimization has occurred? What was the average and peak amount of data sent? What was the overall increase in the amount of data that can be transmitted using the Steelhead appliance? Steelhead Central Management Console User’s Guide 153 .

percent (%) of data reduction. according to the interval you select. data representation in reports for periods longer than an hour are interpolated from aggregate data points. such as gigabytes of bandwidth. Pie chart graphs represent the aggregate for the time period selected. due to performance and disk space considerations. Figure 4-2. Pie chart graphs do not indicate peaks or averages. and the like. the percent) that is the average value for the time period selected. the x-axis (or tick mark) plots time. Three triangles near the top margin of the graph point to the value on the x-axis (the time) at which the peak occurred. To view a Bandwidth Optimization report 1. About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs About Report Graphs In bar-graph and line-graph reports. Bandwidth Optimization Page 154 Steelhead Central Management Console User’s Guide . The right margin of the graph points to the value on the y-axis (for example. The y-axis plots the metric of interest. However. Choose Reports > Managed Steelheads > Bandwidth Optimization to display the Bandwidth Optimization page. connection counts.

Use the controls to customize the report as described in the following table. 10 Minutes. The default value is All. The default value is Global or Custom. Select Off. NetBIOS and TCP. Viewing Data Reduction Reports The Data Reduction report summarizes the percent reduction of data transmitted by an application such as FTP. report for periods longer than Last Day do reflect bandwidth and connection data accurately. Group Traffic Application Refresh Select the group from the drop-down list. Select Bi-Directional. Last Month. enter the Start Time and End Time and click Go. or LAN-to-WAN from the drop-down list. Last Week.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports 2. WAN-to-LAN. HTTP. Select the application from the drop-down list. For Custom. Click Go to display the report with the new settings. it sends an aggregate data point for the last day. Tip: To print the report. traffic in CIFS. Field Peak Data Reduction At <time> on <date> Optimized Bandwidth Capacity Increase Description Displays the date and time that the peak data reduction occurred. Thus. or Custom from the drop-down list. 5 Minutes. the bandwidth and connection data during the period of lost connectivity might be skewed. Last Day. or 15 Minutes from the drop-down list. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. The Data Reduction report includes the following table of statistics that describe data reduction for the application and the time period you specify. Use the following format: YYYY/MM/DD HH:MM:SS. 3. Control Period Description Select Last Hour. For example. according to the following calculation: 1/(1-Reduction Rate) What This Report Tells You The Data Reduction report answers the following questions: What was the total reduction in the amount of data that can be transmitted for each application? What was the peak reduction in the amount of data transmitted for each application? What was the total increase of data transmitted for the application and time period specified? Steelhead Central Management Console User’s Guide 155 . and MAPI. If you need to analyze data on the remote Steelhead appliance for the missing period. Specifies the increase in the amount of data transmitted over the WAN. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. However. choose File > Print in your Web browser to open the Print dialog box. when the remote appliance re-establishes connectivity. if a remote appliance loses connectivity with the CMC for six hours. you can view this in the Management Console for the individual remote appliance.

connection counts. Pie chart graphs do not indicate peaks or averages. Choose Reports > Managed Steelheads > Data Reduction to display the Data Reduction page. the x-axis (or tick mark) plots time. such as gigabytes of bandwidth. the percent) that is the average value for the time period selected. Figure 4-3. Three triangles near the top margin of the graph point to the value on the x-axis (the time) at which the peak occurred. About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. Data Reduction Page 156 Steelhead Central Management Console User’s Guide . percent (%) of data reduction. the bandwidth and connection data during the period of lost connectivity might be skewed. The y-axis plots the metric of interest. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. data representation in reports for periods longer than an hour are interpolated from aggregate data points. due to performance and disk space considerations. you can view this in the Management Console for the individual remote appliance. Thus. when the remote appliance re-establishes connectivity.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs About Report Graphs In bar-graph and line-graph reports. it sends an aggregate data point for the last day. according to the interval you select. Pie chart graphs represent the aggregate for the time period selected. For example. To view the Data Reduction report 1. and the like. The right margin of the graph points to the value on the y-axis (for example. However. However. If you need to analyze data on the remote Steelhead appliance for the missing period. if a remote appliance loses connectivity with the CMC for six hours. report for periods longer than Last Day do reflect bandwidth and connection data accurately.

Last Month. Control Period Description Select Last Hour. 10 Minutes. 3. 5 Minutes.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports 2. Select Off. The default value is All or Custom. or 15 Minutes from the drop-down list. Select the application from the drop-down list. Select Bi-Directional. or LAN-to-WAN from the drop-down list. Group Traffic Application Refresh Select the appliance group from the drop-down list. Last Week. For Custom. Click Go to apply the changes to the report display. Steelhead Central Management Console User’s Guide 157 . Last Day. Use the following format: YYYY/MM/ DD HH:MM:SS. The default value is Global. enter the Start Time and End Time. or Custom from the drop-down list. Use the controls to customize the report as described in the following table. WAN-to-LAN.

158 Steelhead Central Management Console User’s Guide .Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs Viewing Traffic Summary Reports The Traffic Summary report provides a percentage breakdown of the amount of traffic going through the system by the port and type of traffic. percent (%) of data reduction. Control Port Reduction LAN Data WAN Data Traffic % Description Displays the TCP/IP port number and application for each row of statistics. Displays the percentage of the total traffic each port represents. The right margin of the graph points to the value on the y-axis (for example. see “Service Ports” on page 235. Displays the amount of data reduction. connection counts. Displays the amount of traffic on the LAN. All statistics for this new port label are preserved from the time the port was discovered. you must add the port with a new label. For details on adding ports to be monitored. For details on setting ports to be monitored. such as gigabytes of bandwidth. Pie chart graphs do not indicate peaks or averages. Note: The Traffic Summary report displays a maximum of 16 colors for ports. Three triangles near the top margin of the graph point to the value on the x-axis (the time) at which the peak occurred. The discovered port along with a label (if one exists) is added to the report. What this Report Tells You The Traffic Summary report provides the following table of statistics that describe data activity for the application and the time period you specify. Displays the amount of traffic on the WAN. If you have more than 16 ports. the colors in the report wrap from the beginning. according to the interval you select. If a label does not exist then an unknown label is added to the discovered port. the x-axis (or tick mark) plots time. About Report Graphs In bar-graph and line-graph reports. see “Service Ports” on page 235. the percent) that is the average value for the time period selected. If you want to change the unknown label to a name representing the port. The y-axis plots the metric of interest. and the like. The Steelhead appliance automatically discovers all the ports in the system that have traffic. Pie chart graphs represent the aggregate for the time period selected.

enter the Start Time and End Time. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. Control Period Description Select Last Hour. report for periods longer than Last Day do reflect bandwidth and connection data accurately. it sends an aggregate data point for the last day. The default value is Optimized. due to performance and disk space considerations. or Custom from the drop-down list. Traffic Summary Page 2. For Custom. the bandwidth and connection data during the period of lost connectivity might be skewed. Select Optimized. However. If you need to analyze data on the remote Steelhead appliance for the missing period. Last Day. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. For example. However. Use the following format: YYYY/MM/ DD HH:MM:SS. you can view this in the Management Console for the individual remote appliance. Thus. Group Type Select the appliance group from the drop-down list. if a remote appliance loses connectivity with the CMC for six hours.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. Last Week. Use the controls to customize the report as described in the following table. Choose Reports > Managed Steelheads > Traffic Summary to display the Traffic Summary page. To view the Traffic Summary report 1. data representation in reports for periods longer than an hour are interpolated from aggregate data points. when the remote appliance re-establishes connectivity. or Both from the drop-down list. Last Month. Figure 4-4. Pass Through. Steelhead Central Management Console User’s Guide 159 .

(Half closed connections might remain if the client or server does not close their connections cleanly. halfopened. and half-closed connections for the time period specified. Pass Through Connections . Displays the total number of forwarded connections. The Connection History report contains the following graphs: Optimized vs.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs Control Traffic Refresh Description Select Bi-Directional. Packet Type Total Optimized Total Optimized (Active) Total Pass Through Forwarded Total Optimized (Established) Total Optimized (Half Opened) Description Displays the total active connections optimized. Set the refresh rate for the report display: • To refresh the report every 5 minutes. or LAN-to-WAN from the drop-down list. A half-opened connection is a TCP connection which has not been fully established. at any time. Click Go to apply the changes to the report display. These connections are counted toward the connection count limit on the Steelhead appliance. Optimized Connections . The Connection History report contains the following table of statistics that summarize connection activity. • To refresh the report every 10 minutes. established. consider a more appropriately sized Steelhead appliance. • To refresh the report every 15 minutes. Displays the total half-opened active connections. click Off. If you are experiencing a large number of half-opened connections. select 15 minutes.This graph displays the total number of optimized. unoptimized. select 5 minutes. Viewing Connection History Reports The Connection History report summarizes the optimized traffic for the time period specified. 3.This graph displays the total number of optimized and passed-through connections for the time period specified. WAN-to-LAN. Half-closed connections are connections which the Steelhead appliance has intercepted and optimized but are in the process of becoming inactive. Displays the total connections passed through. Displays the total number of optimized connections with traffic in the last 60 seconds.) If you are experiencing a large number of half-closed connections. Half-opened connections count toward the connection count limit on the Steelhead appliance because. select 10 minutes. 160 Steelhead Central Management Console User’s Guide . Total Optimized (Half Closed) Displays the total half-closed active connections. • To turn refresh off. Displays the total established active connections. they might become a fully-opened connection. consider a more appropriately sized Steelhead appliance.

percent (%) of data reduction. the x-axis (or tick mark) plots time. according to the interval you select. Thus. the percent) that is the average value for the time period selected. Steelhead Central Management Console User’s Guide 161 . Peak Time. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. if a remote appliance loses connectivity with the CMC for six hours. Single Appliance Peak. About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. For example. Timestamp for when the peak number was reached. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. and the like. What This Report Tells You The Connection History report answers the following questions: How many connections were optimized? How many connections were passed through. it sends an aggregate data point for the last day. unoptimized? How many connections were half-opened? How many connections were half-closed? About Report Graphs In bar-graph and line-graph reports. report for periods longer than Last Day do reflect bandwidth and connection data accurately. such as gigabytes of bandwidth. you can view this in the Management Console for the individual remote appliance. Pie chart graphs represent the aggregate for the time period selected. If you need to analyze data on the remote Steelhead appliance for the missing period. Three triangles near the top margin of the graph point to the value on the x-axis (the time) at which the peak occurred. The y-axis plots the metric of interest. when the remote appliance re-establishes connectivity. the bandwidth and connection data during the period of lost connectivity might be skewed. However. Per Appliance Average.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports The connection counts for the specified time period are displayed in the following columns: Group Average. However. Displays the average of the sum for all of the appliances in the group. Displays the per appliance average for all of the appliances in the group. Pie chart graphs do not indicate peaks or averages. connection counts. due to performance and disk space considerations. The right margin of the graph points to the value on the y-axis (for example. data representation in reports for periods longer than an hour are interpolated from aggregate data points. Peak number of connections for a single appliance in the group.

Use the following format: YYYY/MM/DD HH:MM:SS. Last Day.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs To view the Connection History report 1. Control Period Description Select Last Hour. 162 Steelhead Central Management Console User’s Guide . or Custom from the dropdown list. Figure 4-5. Choose Reports > Managed Steelheads > Connection History to display the Connection History page. . For Custom. enter the Start Time and End Time and click Redraw. Connection History Page 2. Use the controls to customize the report as described in the following table. Last Week. Last Month.

The y-axis plots the metric of interest. What This Report Tells You The Connection Forwarding report answers the following questions: How many bytes were transferred between a Steelhead appliance and a specified neighbor? How many packets were transferred between a Steelhead appliance and a specified neighbor? About Report Graphs In bar-graph and line-graph reports. percent (%) of data reduction. Click Go to apply the changes to the report display. the x-axis (or tick mark) plots time. 5 Minutes. Three triangles near the top margin of the graph point to the value on the x-axis (the time) at which the peak occurred. If you need to analyze data on the remote Steelhead appliance for the missing period. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. Thus. About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. such as GBs of bandwidth. 10 Minutes. it sends an aggregate data point for the last day. the bandwidth and connection data during the period of lost connectivity might be skewed. data representation in reports for periods longer than an hour are interpolated from aggregate data points. due to performance and disk space considerations. Steelhead Central Management Console User’s Guide 163 . Refresh Select Off.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports Control Group Description Specify the appliance group whose connection history you want to view. report for periods longer than Last Day do reflect bandwidth and connection data accurately. For example. according to the interval you select. or 15 Minutes from the drop-down list. Note: The refresh rate does not affect polling. when the remote appliance re-establishes connectivity. and the like. However. if a remote appliance loses connectivity with the CMC for six hours. connection counts. Polling occurs every 5 minutes. you can view this in the Management Console for the individual remote appliance. The default value is Global. Viewing Connection Forwarding Reports The Connection Forwarding report summarizes the number of bytes or packets transferred between the Steelhead appliance and a specified neighbor. However. 3.

5 Minutes.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs To view the Connection Forwarding report 1. Select Off. The default value is Global. Statistic Refresh Select either Byte Counts or Packet Counts from the drop-down list. Connection Forwarding Page 2. or 15 Minutes from the drop-down list. For Custom. 10 Minutes. Last Day. Note: The refresh rate does not affect polling. Control Period Description Select Last Hour. enter the Start Time and End Time and click Redraw. . Last Month. Polling occurs every 5 minutes. Viewing Connection Pooling Reports The Connection Pooling report summarizes the current connection pool of connections to peer appliances. Last Week. 164 Steelhead Central Management Console User’s Guide . Use the controls to customize the report as described in the following table. or Custom from the dropdown list. Choose Reports > Managed Steelheads > Connection Forwarding to display the Connection Forwarding page. 3. Click Go to apply the changes to the report display. Group Specify the appliance group whose connection history you want to view. Use the following format: YYYY/MM/DD HH:MM:SS. Figure 4-6.

For example. Steelhead Central Management Console User’s Guide 165 . Specifies the total number of successful connections and connections that are serviced by already existing inner channel connections. The right margin of the graph points to the value on the y-axis (for example. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. it sends an aggregate data point for the last day. and the like. Pie chart graphs do not indicate peaks or averages. Control Total Requests Total Hits Peak Hits At <time> on <date> Description Specifies the total number of requests for connections to peer appliances. Three triangles near the top margin of the graph point to the value on the x-axis (the time) at which the peak occurred. However. Pie chart graphs represent the aggregate for the time period selected. when the remote appliance re-establishes connectivity. according to the interval you select. If you need to analyze data on the remote Steelhead appliance for the missing period. connection counts. The y-axis plots the metric of interest. However. About Report Graphs In bar-graph and line-graph reports. Thus. you can view this in the Management Console for the individual remote appliance.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports What This Report Tells You The Connection Pooling report provides the following table of statistics that describe data activity for the application and the time period you specify. data representation in reports for periods longer than an hour are interpolated from aggregate data points. About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. the x-axis (or tick mark) plots time. the bandwidth and connection data during the period of lost connectivity might be skewed. due to performance and disk space considerations. if a remote appliance loses connectivity with the CMC for six hours. the percent) that is the average value for the time period selected. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. such as GBs of bandwidth. Specifies the date and time of the peak number of successful connections and connections that are serviced by already existing inner channel connections. percent (%) of data reduction. report for periods longer than Last Day do reflect bandwidth and connection data accurately.

the graph appears incomplete. Note: The refresh rate does not affect polling. Use the controls to customize the report as described in the following table. Last Month. Choose Reports > Managed Steelheads > Connection Pooling to display the Connection Pooling page. Last Day. Control Period Description Select Last Hour.x and those running v5. Figure 4-7.x and higher.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs To view the Connection Pooling report 1. Use the following format: YYYY/MM/DD HH:MM:SS. 166 Steelhead Central Management Console User’s Guide . Last Week. If an appliance has been upgraded during the requested reporting period. Note: Separate HTTP statistic reports are provided for appliances running v4. Click Go to apply the changes to the report display. Group Specify the appliance group whose connection history you want to view. Polling occurs every 5 minutes. Viewing HTTP Stats (Steelhead v5+) Reports The HTTP Stats (Steelhead v5+) report summarizes HTTP optimization statistics for the time period specified. Refresh Select Refresh to refresh the list. For Custom. . or Custom from the dropdown list. enter the Start Time and End Time and click Redraw. The default value is Global. Connection Pooling Page 2. 3.

which displays the following statistics that summarize HTTP data activity. Parse and Prefetch. Displays the number of URL learning hits. Displays the percentage of objects that were successfully prefetched. and Metadata Response. Displays the percentage of prefetch table hits. Displays the number of prefetch table hits. Displays the total number of HTTP object hits. Displays the percentage of URL learning hits. Displays the number of HTTP objects requested. Displays the number of embedded objects that were successfully prefetched. Steelhead Central Management Console User’s Guide 167 .Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports The HTTP Stats (Steelhead v5+) report contains the HTTP (%) Hits graph. Displays the total number of prefetch misses. Field Total Hit % Parse and Prefetch Hit % URL Learning Hit % Object Prefetch Table Hit % Objects Requested Total Objects Hit Parse and Prefetch Hits URL Learning Hits Object Prefetch Table Hit Misses Description Displays the total percentage of HTTP objects requested by all three schemes: URL Learning.

Three triangles near the top margin of the graph point to the value on the x-axis (the time) at which the peak occurred. if a remote appliance loses connectivity with the CMC for six hours. However. Pie chart graphs do not indicate peaks or averages. Pie chart graphs represent the aggregate for the time period selected. If you need to analyze data on the remote Steelhead appliance for the missing period. such as gigabytes of bandwidth. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. data representation in reports for periods longer than an hour are interpolated from aggregate data points. the bandwidth and connection data during the period of lost connectivity might be skewed. percent (%) of data reduction. when the remote appliance re-establishes connectivity. connection counts. However. For example. according to the interval you select. Thus. About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. you can view this in the Management Console for the individual remote appliance. The right margin of the graph points to the value on the y-axis (for example.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs What This Report Tells You The HTTP Stats (Steelhead v5+) report answers the following questions: What was the overall percent increase in HTTP data transmitted over the WAN? How many HTTP objects were requested? How many HTTP objects were successfully obtained and transmitted over the WAN? How many metadata responses and prefetch hits occurred per HTTP object? About Report Graphs In bar-graph and line-graph reports. due to performance and disk space considerations. the x-axis (or tick mark) plots time. 168 Steelhead Central Management Console User’s Guide . data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. The y-axis plots the metric of interest. and the like. report for periods longer than Last Day do reflect bandwidth and connection data accurately. it sends an aggregate data point for the last day. the percent) that is the average value for the time period selected.

Use the controls to customize the report. Control Period Description Select Last Hour. Last Week. For Custom. HTTP Stats (Steelhead v5+) Page 2. Figure 4-8. Last Month or Custom from the drop-down list. as described in the following table.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports To view the HTTP Stats (Steelhead v5+) report 1. Use the following format: YYYY/MM/DD HH:MM:SS. enter the Start Time and End Time and click Go. Steelhead Central Management Console User’s Guide 169 . Refresh Select Off. 5 Minutes. or 15 Minutes from the drop-down list. Choose Reports > Managed Steelheads > HTTP Stats (Steelhead v5+) to display the HTTP Stats (Steelhead v5+) page. 10 Minutes. The default value is Global. Group Specify the appliance group whose connection history you want to view. Last Day.

which displays the following statistics that summarize HTTP data activity. such as GB of bandwidth. Displays the number of HTTP objects requested. Note: Separate HTTP statistic reports are provided for appliances running 4. If an appliance has been upgraded during the requested reporting period. according to the interval you select.x and those running 5.x and higher. the percent) that is the average value for the time period selected. Displays the total number of prefetch hits. percent (%) of data reduction. the graph appears incomplete. Pie chart graphs do not indicate peaks or averages. connection counts. 170 Steelhead Central Management Console User’s Guide . Pie chart graphs represent the aggregate for the time period selected. and the like. A diamond icon above the top margin of the graph points to the value on the x-axis (the time) at which the peak occurred. The y-axis plots the metric of interest.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs Viewing HTTP Stats (Steelhead v4) Reports The HTTP Stats (Steelhead v4) report summarize HTTP optimization statistics for the time period specified. A diamond icon outside the right margin of the graph points to the value on the y-axis (for example. Displays the total number of prefetch misses. What This Report Tells You The HTTP Stats (Steelhead v4) reports answer the following questions: How many HTTP pages were requested? How many HTTP pages were optimized? What was the overall percent increase in HTTP data transmitted over the WAN? How many HTTP objects were requested? How many HTTP objects were successfully obtained and transmitted over the WAN? About Report Graphs In bar-graph and line-graph reports. the x-axis (or tick mark) plots time. Field Prefetch Cache Hit % Prefetch Hits Prefetch Misses Objects Requested Description Displays the total percentage of the prefetch cache hit. The HTTP Stats (Steelhead v4) report contains the HTTP (%) Hits graph.

data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. For example. To display the HTTP Stats (Steelhead v4) reports 1. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. data representation in reports for periods longer than an hour are interpolated from aggregate data points. Figure 4-9. it sends an aggregate data point for the last day. due to performance and disk space considerations. Thus. you can view this in the Steelhead Management Console for the individual remote appliance. If you need to analyze data on the remote Steelhead appliance for the missing period. report for periods longer than Last Day do reflect bandwidth and connection data accurately. However. if a remote appliance loses connectivity with the CMC for six hours. HTTP Stats (Steelhead v4) Page Steelhead Central Management Console User’s Guide 171 . the bandwidth and connection data during the period of lost connectivity might be skewed.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. However. when the remote appliance re-establishes connectivity. Choose Reports > Managed Steelheads > HTTP Stats (Steelhead v4) to display the HTTP Stats (Steelhead v4) page.

Displays the number of failed SSL connections. Last Week. Field Average Connection Rate Peak Connection Rate At <time> on <date> Description Displays the average connection rate for SSL connections. select 5 minutes.Summarizes the average number of successfully completed SSL connections in one second. For Custom. SSL Connection Rate (Connections Per Second) .Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs 2. The default value is Global. The SSL Connection Rate graph includes the following table of statistics that describe data activity for the application and the time period you specify. Field Number of Established Sessions Number of Requests Number of Failed Connections Description Displays the number of established SSL connections. The SSL Servers report contains the following graphs: SSL Connection Requests (Connections) . enter the Start Time and End Time and click Go. The Connection Requests graph includes the following table of statistics that describe data activity for the application and the time period you specify . as described in the following table. Displays the number of SSL requests. Refresh Set the refresh rate for the report display: • To refresh the report every 5 minutes. 172 Steelhead Central Management Console User’s Guide . Use the controls to customize the report. Use the following format: YYYY/MM/DD HH:MM:SS. Viewing SSL Servers Reports The SSL Servers report summarizes the SSL server connection requests and connection rate for the time period specified. select 10 minutes. The SSL connection rate is also called SSL TPS (SSL Transactions per Second). Last Day. • To refresh the report every 10 minutes.Summarizes the connection requests for the time period specified. select 15 minutes. Last Month or Custom from the dropdown list. Group Specify the appliance group whose connection history you want to view. • To turn refresh off. Control Period Description Select Last Hour. click Off. • To refresh the report every 15 minutes. Displays the peak connection rate for SSL connections for the date and time.

For example. connection counts. If you need to analyze data on the remote Steelhead appliance for the missing period. Steelhead Central Management Console User’s Guide 173 . due to performance and disk space considerations. percent (%) of data reduction. However. the percent) that is the average value for the time period selected. However. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. report for periods longer than Last Day do reflect bandwidth and connection data accurately. such as gigabytes of bandwidth. The right margin of the graph points to the value on the y-axis (for example. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. when the remote appliance re-establishes connectivity. Pie chart graphs do not indicate peaks or averages. The y-axis plots the metric of interest. Pie chart graphs represent the aggregate for the time period selected.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports What This Report Tells You The SSL Servers report answers the following questions: What is the number of established SSL connections? What is the number of SSL requests during specified period of time? What is the number of failed connections during a specified period of time? What is the number of concurrent connections open at the current time? About Report Graphs In bar-graph and line-graph reports. data representation in reports for periods longer than an hour are interpolated from aggregate data points. the x-axis (or tick mark) plots time. Thus. the bandwidth and connection data during the period of lost connectivity might be skewed. it sends an aggregate data point for the last day. you can view this in the Management Console for the individual remote appliance. About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. if a remote appliance loses connectivity with the CMC for six hours. Three triangles near the top margin of the graph point to the value on the x-axis (the time) at which the peak occurred. according to the interval you select. and the like.

SSL Servers Page 174 Steelhead Central Management Console User’s Guide .Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs To view the SSL Servers report 1. Figure 4-10. Choose Reports > Managed Steelheads > SSL Servers to display the SSL Servers page.

click Off. according to the interval you select. connection counts. For Custom. the x-axis (or tick mark) plots time. select 15 minutes. Steelhead Central Management Console User’s Guide 175 . Specifies the delayed calls which were responded to locally but not immediately (for example. and the like. select 5 minutes. • To turn refresh off. Total Reduction % Peak Reduction % At <time> on <date> Capacity Increase Specifies the increase in the number of NFS calls that can be transmitted over the WAN. such as GBs of bandwidth.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports 2. • To refresh the report every 10 minutes. you might see an 85% reduction in NFS data (see the Data Reduction or the Traffic Summary report) and a 55% reduction in the number of NFS calls over the WAN (NFS Statistics report). reads which were delayed while a read ahead was occurring and were responded to from the data in the read ahead). What This Report Tells You The NFS report answers the following questions: How many delayed calls occurred for NFS activity? What is the reduction in the number of NFS calls that went to the server? What was the overall decrease in NFS calls transmitted over the WAN? About Report Graphs In bar-graph and line-graph reports. Use the following format: YYYY/MM/DD HH:MM:SS. Last Week. Specifies the percentage of reduction for the date and time. percent (%) of data reduction. The NFS report contains the following graph: Field Local Responses Remote Responses Total Delayed Description Specifies the number of NFS calls that were responded to locally. Viewing NFS Reports The NFS report summarizes NFS optimization statistics for the time period specified. or Custom from the drop-down list. • To refresh the report every 15 minutes. Specifies the number of NFS calls that were responded to remotely (that is. Group Specify the appliance group whose connection history you want to view. Refresh Set the refresh rate for the report display: • To refresh the report every 5 minutes. type the Start Time and End Time and click Go. The default value is Global. calls that traversed the WAN to the NFS server). Last Month. Control Period Description Select Last Hour. Use the controls to customize the report as described in the following table. Last Day. select 10 minutes. The y-axis plots the metric of interest. For example. Specifies the percentage decrease of NFS calls over the WAN.

The right margin of the graph points to the value on the y-axis (for example. it sends an aggregate data point for the last day. data representation in reports for periods longer than an hour are interpolated from aggregate data points. Figure 4-11. About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. However. To view the NFS report 1. For example. Choose Reports > Managed Steelheads > NFS to display the NFS page.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs Three triangles near the top margin of the graph point to the value on the x-axis (the time) at which the peak occurred. due to performance and disk space considerations. If you need to analyze data on the remote Steelhead appliance for the missing period. you can view this in the Management Console for the individual remote appliance. Thus. report for periods longer than Last Day do reflect bandwidth and connection data accurately. However. the percent) that is the average value for the time period selected. NFS Page 176 Steelhead Central Management Console User’s Guide . if a remote appliance loses connectivity with the CMC for six hours. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. the bandwidth and connection data during the period of lost connectivity might be skewed. when the remote appliance re-establishes connectivity.

. Group Specify the appliance group whose connection history you want to view. Remote. Polling occurs every 5 minutes. Specifies the number of maximum compression due to inpath rule for the date and time. Specifies the number of minimum compression due to inpath rule for the date and time. 10 Minutes. Use the following format: YYYY/MM/DD HH:MM:SS. in bytes. or Custom from the dropdown list. compared to the total SDR traffic (SDR-adaptive mode). or Delayed from the drop-down list. Field Maximum Compression Due To Disk Pressure at <time> on <date> Minimum Compression Due To Disk Pressure at <time> on <date> Average Compression Due To Disk Pressure Maximum Compression Due To In-Path Rule at <time> on <date> Minimum Compression Due To In-Path Rule at <time> on <date> Average Compression Due To In-Path Rule Maximum In-Memory SDR Due To Disk Pressure at <time> on <date> Description Specifies the number of maximum compression due to disk pressure for the date and time.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports 2. What This Report Tells You The Data Store SDR-Adaptive report provides the following table of statistics that describe the data activity for the application and the time period you specify. Last Month. Viewing Data Store SDR-Adaptive Reports The Data Store SDR-Adaptive report summarizes: How much adaptive compression is occurring in the data store using legacy mode. Response Select All. The default value is Global. enter the Start Time and End Time and click Redraw. which is adapted to in-memory-only (or transient). Steelhead Central Management Console User’s Guide 177 . Use the controls to customize the report as described in the following table. Specifies the number of maximum in-memory SDR due to disk pressure for the date and time.The report combines both the percentage due to local and remote adaptive compression (as signalled by the peers). Refresh Select Off. The default value is All. Control Period Description Select Last Hour. 5 Minutes. Specifies the number of average compression due to inpath rule for the date and time. 3. or 15 Minutes from the drop-down list. The percentage of the traffic. Local. Specifies the number of average compression due to disk pressure for the date and time. Note: The refresh rate does not affect polling. Last Day. Last Week. Click Go to apply the changes to the report display. For Custom. Specifies the number of minimum compression due to disk pressure for the date and time.

report for periods longer than Last Day do reflect bandwidth and connection data accurately. data representation in reports for periods longer than an hour are interpolated from aggregate data points. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. when the remote appliance re-establishes connectivity. Thus. If you need to analyze data on the remote Steelhead appliance for the missing period. due to performance and disk space considerations. About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. it sends an aggregate data point for the last day. However. However.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs Field Minimum In-Memory SDR Due To Disk Pressure at <time> on <date> Average In-Memory SDR Due To Disk Pressure Maximum In-Memory SDR Due To In-Path Rule at <time> on <date> Minimum In-Memory SDR Due To In-Path Rule at <time> on <date> Average In-Memory SDR Due To In-Path Rule Description Specifies the number of minimum in-memory SDR due to disk pressure for the date and time. if a remote appliance loses connectivity with the CMC for six hours. Specifies the number of maximum in-memory SDR due to in-path rule for the date and time. For example. Specifies the number of average in-memory SDR due to disk pressure for the date and time. the bandwidth and connection data during the period of lost connectivity might be skewed. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. you can view this in the Management Console for the individual remote appliance. 178 Steelhead Central Management Console User’s Guide . Specifies the number of average in-memory SDR due to inpath rule for the date and time. Specifies the number of minimum in-memory SDR due to in-path rule for the date and time.

Use the controls to customize the report as described in the following table. Use the following format: YYYY/MM/DD HH:MM:SS. Refresh Select Off. Control Period Description Select Last Hour.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports To view the Connection Forwarding report 1. For Custom. Last Day. Note: The refresh rate does not affect polling. 10 Minutes. . 3. Group Specify the appliance group whose connection history you want to view. Polling occurs every 5 minutes. or 15 Minutes from the drop-down list. enter the Start Time and End Time and click Redraw. or Custom from the dropdown list. Choose Reports > Managed Steelheads > Data Store SDR-Adaptive to display the Data Store SDRAdaptive page. Last Month. Last Week. Click Go to apply the changes to the report display. Viewing Data Store Cost Reports The Data Store Cost report summarizes the relative cost of doing data store operations. 5 Minutes. Figure 4-12. Steelhead Central Management Console User’s Guide 179 . The default value is Global. Data Store SDR-Adaptive Page 2.

However. However. About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. If you need to analyze data on the remote Steelhead appliance for the missing period. What This Report Tells You The Data Store Cost report provides the following table of statistics that describe the data activity for the application and the time period you specify. Figure 4-13. report for periods longer than Last Day do reflect bandwidth and connection data accurately. when the remote appliance re-establishes connectivity. it sends an aggregate data point for the last day. Data Store Cost Page 180 Steelhead Central Management Console User’s Guide . To view the Data Store Cost report 1.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs The Data Store Cost report includes a throughput graph which displays the following statistic that describes data store segment throughput for the date and the time period you specify. due to performance and disk space considerations. if a remote appliance loses connectivity with the CMC for six hours. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. the bandwidth and connection data during the period of lost connectivity might be skewed. For example. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. data representation in reports for periods longer than an hour are interpolated from aggregate data points. you can view this in the Management Console for the individual remote appliance. Field Maximum Cost at <time> on <date> Description Specifies the number of maximum cost for the date and time. Thus. Choose Reports > Managed Steelheads > Data Store Cost to display the Data Store Cost page.

Consider any value under 100 as healthy. About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. Polling occurs every 5 minutes. Viewing Data Store Disk Load Reports The Data Store Disk Load report summarizes the data store disk load due to SDR-only as related to the benchmarked capacity of the data store. Use the controls to customize the report as described in the following table. Last Week. you can view this in the Management Console for the individual remote appliance. data representation in reports for periods longer than an hour are interpolated from aggregate data points. 5 Minutes. Specifies the number of maximum disk load for the date and time. . Group Specify the appliance group whose connection history you want to view. enter the Start Time and End Time and click Redraw. due to performance and disk space considerations. Field Maximum Disk Load at <time> on <date> Average Disk Load Minimum Disk Load at <time> on <date> Description Specifies the number of maximum disk load for the date and time. if a remote appliance loses connectivity with the CMC for six hours. 3. However. or 15 Minutes from the drop-down list.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports 2. Steelhead Central Management Console User’s Guide 181 . Use the following format: YYYY/MM/DD HH:MM:SS. However. or Custom from the dropdown list. If you need to analyze data on the remote Steelhead appliance for the missing period. the bandwidth and connection data during the period of lost connectivity might be skewed. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. contact Riverbed Professional Services for guidance on reconfiguring the data store to alleviate disk pressure. Last Day. Thus. when the remote appliance re-establishes connectivity. it sends an aggregate data point for the last day. report for periods longer than Last Day do reflect bandwidth and connection data accurately. For example. What This Report Tells You The Data Store Disk Load report provides the following table of statistics that describe the data activity for the application and the time period you specify. Any value higher than 100 might indicate disk pressure. Refresh Select Off. 10 Minutes. For Custom. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. Note: The refresh rate does not affect polling. Control Period Description Select Last Hour. Last Month. Click Go to apply the changes to the report display. The default value is Global. Specifies the average disk load. When a value is consistently higher than 100.

3. Control Period Description Select Last Hour. Figure 4-14. 5 Minutes. or 15 Minutes from the drop-down list. The default value is Global. . Last Month. or Custom from the dropdown list. Click Go to apply the changes to the report display. Last Day. 182 Steelhead Central Management Console User’s Guide . Data Store Disk Load Page 2. When a hit occurs. Use the following format: YYYY/MM/DD HH:MM:SS. Group Specify the appliance group whose connection history you want to view. Use the controls to customize the report as described in the following table.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs To view the Data Store Disk Load report 1. Choose Reports > Managed Steelheads > Data Store Disk Load to display the Data Store Disk Load page. Note: The refresh rate does not affect polling. Viewing Data Store Hit Rate Reports The Data Store Hit Rate report summarizes how many times the data-store disk and memory have seen a data segment. For Custom. Refresh Select Off. enter the Start Time and End Time and click Redraw. A hit is a data segment that has been seen before by the data store in the system. the system sends the reference to the data segment rather than the actual data over the WAN. 10 Minutes. Last Week. Polling occurs every 5 minutes.

However. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. However. Total Misses Maximum Hits at <time> on <date> Maximum Misses at <time> on <date> About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. if LZ compression is enabled Specifies the number of maximum hits for the date and time. If a hit has occurred.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports What This Report Tells You The Data Store Hit Rate report provides the following table of statistics that describe the data activity for the application and the time period you specify. report for periods longer than Last Day do reflect bandwidth and connection data accurately. For example. you can view this in the Management Console for the individual remote appliance. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. the system sends the reference to the data rather than the actual data over the WAN. Steelhead Central Management Console User’s Guide 183 . If you need to analyze data on the remote Steelhead appliance for the missing period. Field Total Hits Description Specifies the total number of hits against the data store. A hit is a data segment that has been seen before by the data store in the system. Thus. if a remote appliance loses connectivity with the CMC for six hours. it sends an aggregate data point for the last day. when the remote appliance re-establishes connectivity. Specifies the number of maximum misses for the date and time. A miss is an unmatched data segment—the data store has not seen the data segment before and must send all the data across the WAN. due to performance and disk space considerations. Specifies the number of misses that occurred. The data is LZ compressed. data representation in reports for periods longer than an hour are interpolated from aggregate data points. the bandwidth and connection data during the period of lost connectivity might be skewed.

Plots the read cluster sizes for the time period you specify. or 15 Minutes from the drop-down list. Refresh Select Off. Control Period Description Select Last Hour. where a low value indicates the most random I/O and larger values indicate more sequential I/O. Polling occurs every 5 minutes. . Data Store Cluster Average Writes. Plots the write cluster sizes for the time period you specify 184 Steelhead Central Management Console User’s Guide .Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs To view the Data Store Hit Rate report 1. It measures how many random reads and writes are occurring. Choose Reports > Managed Steelheads > Data Store Hit Rate to display the Data Store Hit Rate page. For Custom. Click Go to apply the changes to the report display. Last Week. The default value is Global. 10 Minutes. enter the Start Time and End Time and click Redraw. Group Specify the appliance group whose connection history you want to view. What This Report Tells You This report displays the following graphs: Data Store Cluster Average Reads. Figure 4-15. Note: The refresh rate does not affect polling. Data Store Hit Rate Page 2. Last Day. Use the controls to customize the report as described in the following table. 5 Minutes. Last Month. Viewing Data Store IO Reports The Data Store I/O report summarizes how the data store disk I/O is performing for the time period specified. or Custom from the dropdown list. Use the following format: YYYY/MM/DD HH:MM:SS. 3.

you can view this in the Management Console for the individual remote appliance. For example. report for periods longer than Last Day do reflect bandwidth and connection data accurately. If you need to analyze data on the remote Steelhead appliance for the missing period. However. Plots the page reads for the time period you specify. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. it sends an aggregate data point for the last day. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. Steelhead Central Management Console User’s Guide 185 .Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports Data Store Page Reads. Data Store Page Writes. data representation in reports for periods longer than an hour are interpolated from aggregate data points. Thus. Plots the page writes for the time period you specify. the bandwidth and connection data during the period of lost connectivity might be skewed. when the remote appliance re-establishes connectivity. if a remote appliance loses connectivity with the CMC for six hours. About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. However. due to performance and disk space considerations.

Choose Reports > Managed Steelheads > Data Store IO to display the Data Store IO page.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs To view the Data Store IO report 1. Data Store IO Page 186 Steelhead Central Management Console User’s Guide . Figure 4-16.

3. Last Week. For Custom. . data representation in reports for periods longer than an hour are interpolated from aggregate data points. However. This graph indicates how efficiently the data store is using a page after a disk read operation About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. you can view this in the Management Console for the individual remote appliance. if a remote appliance loses connectivity with the CMC for six hours. Last Day. 5 Minutes. Use the following format: YYYY/MM/DD HH:MM:SS. If you need to analyze data on the remote Steelhead appliance for the missing period. Note: The refresh rate does not affect polling. Appliance Refresh Select an appliance from the drop-down list. Polling occurs every 5 minutes. Last Month. due to performance and disk space considerations.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports 2. Select Off. Click Go to apply the changes to the report display. 10 Minutes. Control Period Description Select Last Hour. enter the Start Time and End Time and click Redraw. when the remote appliance re-establishes connectivity. However. Use the controls to customize the report as described in the following table. For example. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. Viewing Data Store Read Efficiency Reports The Data Store Read Efficiency report summarizes how efficiently the data store disk is performing for the time period specified. Thus. it sends an aggregate data point for the last day. the bandwidth and connection data during the period of lost connectivity might be skewed. or 15 Minutes from the drop-down list. The Data Store Read Efficiency report includes a graph which displays a percentage breakdown of how much of each segment page has data in it for the time period you specify. report for periods longer than Last Day do reflect bandwidth and connection data accurately. or Custom from the dropdown list. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. Steelhead Central Management Console User’s Guide 187 .

Note: The refresh rate does not affect polling. Select Off. 3. Use the controls to customize the report as described in the following table. 10 Minutes.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs To view the Data Store Read Efficiency report 1. Click Go to apply the changes to the report display. Control Period Description Select Last Hour. Figure 4-17. Last Month. or Custom from the dropdown list. or 15 Minutes from the drop-down list. 5 Minutes. Polling occurs every 5 minutes. . For Custom. Choose Reports > Managed Steelheads > Data Store Read Efficiency to display the Data Store Read Efficiency page. Data Store Read Efficiency Page 2. 188 Steelhead Central Management Console User’s Guide . Appliances Refresh Select an appliance from the drop-down list. Use the following format: YYYY/MM/DD HH:MM:SS. Last Day. Last Week. enter the Start Time and End Time and click Redraw.

3. Use the controls to customize the report as described in the following table. or Custom from the dropdown list. For Custom. 10 Minutes. Last Month. Use the following format: YYYY/MM/DD HH:MM:SS. Polling occurs every 5 minutes. Figure 4-18. The default value is Global. Choose Reports > Managed Steelheads > DNS Cache Hits to display the DNS Cache Hits page. Last Week. Click Go to apply the changes to the report display. Steelhead Central Management Console User’s Guide 189 . . Last Day. or 15 Minutes from the drop-down list. Note: The refresh rate does not affect polling. To view DNS cache hits report 1. 5 Minutes. Refresh Select Off.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports Viewing DNS Cache Hits Reports The DNS Cache Hits report provides a DNS cache hits graph for the time period specified. Group Specify the appliance group whose cache hits you want to view. enter the Start Time and End Time and click Redraw. DNS Cache Hits Page 2. Control Period Description Select Last Hour.

Polling occurs every 5 minutes. Figure 4-19. 190 Steelhead Central Management Console User’s Guide . Group Specify the appliance group whose cache hits you want to view. Refresh Select Off. Last Day. 10 Minutes. For Custom.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs Viewing DNS Cache Utilization Reports The DNS Cache Utilization report provides a DNS cache utilization graph for the time period specified. DNS Cache Utilization Page 2. Note: The refresh rate does not affect polling. The default value is Global. To view DNS cache utilization report 1. enter the Start Time and End Time and click Redraw. Use the controls to customize the report as described in the following table. . Choose Reports > Managed Steelheads > DNS Cache Utilization to display the DNS Cache Utilization page. Control Period Description Select Last Hour. Last Month. 5 Minutes. or Custom from the dropdown list. or 15 Minutes from the drop-down list. Last Week. Use the following format: YYYY/MM/DD HH:MM:SS.

Click Go to apply the changes to the report display. Steelhead Central Management Console User’s Guide 191 .Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports 3.

192 Steelhead Central Management Console User’s Guide . The y-axis plots the metric of interest. However. Field Peak All Throughput At <time> on <date> Description Specify the date and time of the peak QoS throughput of the specified classes. according to the interval you select. the bandwidth and connection data during the period of lost connectivity might be skewed. percent (%) of data reduction. About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. Pie chart graphs represent the aggregate for the time period selected. if a remote appliance loses connectivity with the CMC for six hours. For example. Pie chart graphs do not indicate peaks or averages.Displays the total number of bits dropped after QoS enforcement parameters have been set for the time period specified. report for periods longer than Last Day do reflect bandwidth and connection data accurately. If you need to analyze data on the remote Steelhead appliance for the missing period. connection counts. you can view this in the Management Console for the individual remote appliance. QoS Enforced/Dropped . Thus. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. However. due to performance and disk space considerations. the percent) that is the average value for the time period selected. data representation in reports for periods longer than an hour are interpolated from aggregate data points.Displays the total number of bits dropped before enforcement of the QoS parameters for the time period specified. when the remote appliance re-establishes connectivity. What This Report Tells You The QoS Stats Dropped report answers the following questions: How many bits transmitted over the WAN for the QoS class? How many data packets were dropped for the QoS class? When did the peak data transmission occur for the QoS class? About Report Graphs In bar-graph and line-graph reports. The QoS Stats Dropped report contains the following table of statistics that summarize QoS activity. and the like. The right margin of the graph points to the value on the y-axis (for example.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs Viewing QoS Stats Dropped Reports The QoS Stats Dropped report contains the following graphs: QoS Pre-Enforcement . it sends an aggregate data point for the last day. such as gigabytes of bandwidth. Three triangles near the top margin of the graph point to the value on the x-axis (the time) at which the peak occurred. the x-axis (or tick mark) plots time.

Select All or Custom from the drop-down list and click the arrows to add or delete them from the list. Control Period Description Select Last Hour. Choose Reports > Managed Steelheads > QoS Stats Dropped to display the QoS Stats Dropped page. QoS Stats Dropped Page 2. Appliance Classes Statistic Select from the drop-down list the appliance for which you want to display statistics. Last Week. 3. Use the following format: YYYY/MM/DD HH:MM:SS. Select Bit Counts or Packet Counts from the drop-down list. Last Month. Last Day. enter the Start Time and End Time and click Go.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports To view the QoS Stats Dropped report 1. You can display a maximum of 8 classes. Use the controls to customize the report as described in the following table. For Custom. or Custom from the drop-down list. Figure 4-20. Click Go to apply the changes to the report display. Steelhead Central Management Console User’s Guide 193 .

Field Peak All Throughput At <time> on <date> Description Displays the date and time of the peak QoS throughput of the specified classes. The QoS Stats Sent report contains the following table of statistics that summarize QoS activity during peak pre-enforcement and peak post-enforcement time periods. What This Report Tells You The QoS Stats Sent report answers the following questions: How many bits were transmitted over the WAN for the QoS class? How many data packets were sent for the QoS class? When did the peak data transmission occur for the QoS class? 194 Steelhead Central Management Console User’s Guide .Displays the total number of bits sent before enforcement of the QoS parameters for the time period specified.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs Viewing QoS Stats Sent Reports The QoS Stats Sent report summarizes the number of bytes and packets transmitted for the QoS class or an aggregate of all classes for the time period specified. The QoS Stats Sent report contains the following graphs: QoS Pre-Enforcement . QoS Enforced/Sent .Displays the total number of bits sent after QoS enforcement parameters have been set for the time period specified.

it sends an aggregate data point for the last day. connection counts. and the like. report for periods longer than Last Day do reflect bandwidth and connection data accurately. However.Displaying Managed Steelheads Reports and Logs Displaying and Customizing Reports About Report Graphs In bar-graph and line-graph reports. the percent) that is the average value for the time period selected. The right margin of the graph points to the value on the y-axis (for example. the bandwidth and connection data during the period of lost connectivity might be skewed. However. Steelhead Central Management Console User’s Guide 195 . If you need to analyze data on the remote Steelhead appliance for the missing period. About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. percent (%) of data reduction. Thus. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. according to the interval you select. the x-axis (or tick mark) plots time. you can view this in the Management Console for the individual remote appliance. Three triangles near the top margin of the graph point to the value on the x-axis (the time) at which the peak occurred. Pie chart graphs do not indicate peaks or averages. The y-axis plots the metric of interest. Pie chart graphs represent the aggregate for the time period selected. data representation in reports for periods longer than an hour are interpolated from aggregate data points. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. such as GB of bandwidth. when the remote appliance re-establishes connectivity. For example. if a remote appliance loses connectivity with the CMC for six hours. due to performance and disk space considerations.

Last Month. Appliance Classes Statistic Select an appliance from the drop-down list. For Custom. Use the controls to customize the report as described in the following table. 3. Use the following format: YYYY/MM/ DD HH:MM:SS. You can display a maximum of 8 classes. 196 Steelhead Central Management Console User’s Guide . Choose Reports > Managed Steelheads > QoS Stats Sent to display the QoS Stats Sent page. Select All or Custom from the drop-down list and click the arrows to add or delete them from the list. QoS Stats Sent Page 2. Click Go to apply the changes to the report display. or Custom from the drop-down list. Control Period Description Select Last Hour. Last Week. Figure 4-21. Select Bit Counts or Packet Counts from the drop-down list.Displaying and Customizing Reports Displaying Managed Steelheads Reports and Logs To view the QoS Stats Sent report 1. Last Day. enter the Start Time and End Time.

Displaying Steelhead Diagnostics Reports Displaying and Customizing Reports Displaying Steelhead Diagnostics Reports This section describes how to display Steelhead diagnostic reports and logs.” next “Viewing Memory Paging Reports” on page 199 “Viewing Appliance Details Reports” on page 200 “Viewing Health Check Details Reports” on page 203 “Downloading Group Logs Reports” on page 203 “Viewing Expiring Certificates Reports” on page 204 “Viewing Data Store Status Reports” on page 205 Steelhead Central Management Console User’s Guide 197 . It includes the following sections: “Viewing CPU Utilization Reports.

CMC CPU usage should not exceed 90%. The right margin of the graph points to the value on the y-axis (for example. Pie chart graphs do not indicate peaks or averages. The y-axis plots the metric of interest. What this Report Tells You The CPU Utilization report answers the following questions: How much of the CPU is being used? What is the average and peak percentage of the CPU being used? About Report Graphs In bar-graph and line-graph reports.Displaying and Customizing Reports Displaying Steelhead Diagnostics Reports Viewing CPU Utilization Reports The CPU Utilization report summarizes the percentage of the CPU used on the CMC machine within the time period specified. the percent) that is the average value for the time period selected. To view the CPU Utilization report 1. connection counts. a CMC operates on approximately 30-40% CPU capacity during non-peak hours and approximately 60-70% capacity during peak hours. Figure 4-22. Typically. according to the interval you select. such as gigabytes of bandwidth. and the like. Three triangles near the top margin of the graph point to the value on the x-axis (the time) at which the peak occurred. percent (%) of data reduction. CPU Utilization Page 198 Steelhead Central Management Console User’s Guide . Choose Reports > Steelhead Diagnostics > CPU Utilization to display the CPU Utilization page. the x-axis (or tick mark) plots time. Pie chart graphs represent the aggregate for the time period selected.

select 10 seconds. Field Total Pages Swapped Out Description Displays the total number of pages swapped. The y-axis plots the metric of interest. Control Period Description Select Last Minute. the x-axis (or tick mark) plots time. enter the Start Time and End Time and click Go. Last Day. Steelhead Central Management Console User’s Guide 199 .riverbed. • To turn refresh off.com. Last Month. utilized by the CMC in the time period specified. according to the interval you select. For Custom. If thousands of pages are swapped every few minutes. 5 Minutes. click Off. Specifies the number of maximum pages swapped out for the date and time. Use the following format: YYYY/MM/DD HH:MM:SS Appliance Refresh Select an appliance from the drop-down list. 3.riverbed. If thousands of pages are swapped every few minutes. If 100 pages are swapped approximately every two hours the CMC is functioning properly. Last Hour. Last Week. • To refresh the report every 60 seconds. percent (%) of data reduction. Average Pages Swapped Out Maximum Pages Swapped out at <time> on <date> What this Report Tells You The Memory Paging report answers the following questions: How much memory is being used? What is the average and peak amount of memory pages swapped? About Report Graphs In bar-graph and line-graph reports. or Custom from the drop-down list. per second.Displaying Steelhead Diagnostics Reports Displaying and Customizing Reports 2. Use the controls to customize the report as described in the following table. The Memory Paging report includes the following table of statistics that describe memory paging activity for the time period you specify. Click Go to apply the changes to the report display. connection counts. contact Riverbed Technical Support at https://support. If 100 pages are swapped every couple of hours the CMC is functioning properly. Select a refresh rate from the drop-down list: • To refresh the report every 10 seconds. such as gigabytes of bandwidth. select 60 seconds. contact Riverbed Technical Support at https://support. Viewing Memory Paging Reports The Memory Paging report provides the total number of memory pages. • To refresh the report every 30 seconds. Displays the average number of pages swapped. select 30 seconds. and the like.com.

Choose Reports > Steelhead Diagnostics > Memory Paging to display the Memory Paging page. Pie chart graphs represent the aggregate for the time period selected. Viewing Appliance Details Reports The Appliance Details report displays details about the connected appliances such as status. Last Week. the percent) that is the average value for the time period selected. Pie chart graphs do not indicate peaks or averages. 3. Appliance Refresh Select an appliance from the drop-down list.Displaying and Customizing Reports Displaying Steelhead Diagnostics Reports Three triangles near the top margin of the graph point to the value on the x-axis (the time) at which the peak occurred. Use the following format: YYYY/MM/DD HH:MM:SS. 200 Steelhead Central Management Console User’s Guide . Figure 4-23. Control Period Description Select Last Hour. Click Go to apply the changes to the report display. select 10 minutes. or Custom from the drop-down list. select 30 minutes. • To refresh the report every 60 minutes. enter the Start Time and End Time and click Go. Last Day. click Off. • To refresh the report every 30 minutes. The right margin of the graph points to the value on the y-axis (for example. Memory Paging Page 2. connection counts. and peers. Use the controls to customize the report as described in the following table. select 60 minutes. For Custom. To view the Memory Paging report 1. performance. Set the refresh rate for the report display: • To refresh the report every 10 minutes. • To turn refresh off. Last Month.

at any time. Connection Counts Established. Displays the total decrease of data transmitted over the WAN. Datastore Usage. If you are experiencing a large number of half-opened connections. Displays the appliance configuration. Critical. name. Peak Throughput. Displays the peak data transmitted. Displays the total half-opened active connections. and links to the appliance logs. software version details. version. Displays the total half-closed active connections. you might consider a more appropriately sized appliance. Half Closed. and license information for peer appliances. Peers Config System Detail Displays the IP address. you might consider a more appropriately sized appliance. Half Opened. A half-opened connection is a TCP connection in which the connection has not been fully established. Field Status Description Provides high level status for the appliance: Healthy. View Appliance Config. Reduction. unoptimized when the connection limit has been reached. Performance Steelhead Central Management Console User’s Guide 201 . These connections are counted toward the connection count limit on the appliance. Displays the system detail. Displays the total connections passed through. Displays the percent of data store usage. (Half closed connections might remain if the client or server does not close their connections cleanly. Pass-Through. model. Warning. Displays the total established active connections. Also provides hardware model number.Displaying Steelhead Diagnostics Reports Displaying and Customizing Reports The Appliance Details report provides the following statistics for an appliance. they might become a fully opened connection. Half-closed connections are connections which the appliance has intercepted and optimized but are in the process of becoming inactive. Half-opened connections count toward the connection count limit on the appliance because. Total. Displays the sum of the counts described above.) If you are experiencing a large number of half-closed connections.

Choose Reports > Steelhead Diagnostics > Appliance Details to display the Appliance Details page. Appliance Details Page 202 Steelhead Central Management Console User’s Guide . Figure 4-24. 2.Displaying and Customizing Reports Displaying Steelhead Diagnostics Reports To view appliance details report 1. Select the appliance you want to view from the drop-down list to display the information.

Figure 4-26. What This Report Tells You The Health Check details report provides the following health checks for an appliance. Sends a test probe to a specified peer. Download Logs Page 2. select either the Appliance or Group radio button. Figure 4-25. Tests if a specified IP address and optional port are connected. Steelhead Central Management Console User’s Guide 203 . Tests if LAN and WAN ports are correctly facing their respective networks. Field Gateway Test Cable Swap Test Duplex Test Peer Reachability Test IP-Port Reachability Test Description Pings each configured gateway. To download log files report 1. Select the appliance you want to view from the drop-down list to display the Health Check Details page. Choose Reports > Steelhead Diagnostics > Health Check to display the Health Check page. Under Download Logs.Displaying Steelhead Diagnostics Reports Displaying and Customizing Reports Viewing Health Check Details Reports The Health Check report displays details about the health of the appliances. To view health check details report 1. Choose Reports > Steelhead Diagnostics > Download Logs to open the Download Logs page. 2. Tests a given interface for correct duplex settings. Health Check Page Downloading Group Logs Reports You can download log files from either an appliance or an appliance group in the Download Logs page.

Figure 4-27. Select the intended appliance or appliance group from the drop-down list. Viewing Expiring Certificates Reports The Expiring Certificates report displays the SSL certificates that have expired or will expire within sixty days. What this Report Tells You The Expiring Certificates report answers the following questions: What certificates are expired or within sixty days of expiring? Where are the certificates applied? What is the certificate location? To view the Expiring Certificates report Choose Reports > Steelhead Diagnostics > Expiring Certificates to display the Expiring Certificates page. 4. The logs are now available as a tar file. The report displays certificate location. Click Download.Displaying and Customizing Reports Displaying Steelhead Diagnostics Reports 3. and the certificate name. Expiring Certificates Page 204 Steelhead Central Management Console User’s Guide . policy or appliance to which it is applied.

Select an appliance from the drop-down list. due to performance and disk space considerations.” next “Viewing CPU Utilization Report” on page 208 “Viewing Memory Paging Report” on page 208 “Viewing User Logs Report” on page 209 Steelhead Central Management Console User’s Guide 205 . However. 3. Click Go to apply the changes to the report display. To view the Data Store Status report 1. Data Store Status Page 2. if a remote appliance loses connectivity with the CMC for six hours. Thus. data for the missing six hours appears to be 0 in reports for periods of Last Day or Custom intervals smaller than one day. when the remote appliance re-establishes connectivity. Displaying CMC Diagnostics Reports This section describes how to display CMC diagnostics reports and logs. For example. However. data representation in reports for periods longer than an hour are interpolated from aggregate data points. report for periods longer than Last Day do reflect bandwidth and connection data accurately. Choose Reports > Steelhead Diagnostics > Data Store Status to display the Data Store Status page.Displaying CMC Diagnostics Reports Displaying and Customizing Reports Viewing Data Store Status Reports The Data Store Status report summarizes the current status and state of the data store synchronization process. Note: Be aware that if the CMC and remote appliances lose connectivity with each other. the bandwidth and connection data during the period of lost connectivity might be skewed. you can view this in the Management Console for the individual remote appliance. What This Report Tells You The Data Store Status report answers the following questions: Is the synchronization connection active? Is the Steelhead appliance in the Catch-up or Keep-up phase of data store synchronization? What percentage of the data store is unused? About Report Data The Riverbed system polls bandwidth and connection metrics every five minutes and can report on performance for periods as long as one year. It includes the following sections: “Viewing the Alarm Status Report. Figure 4-28. it sends an aggregate data point for the last day. If you need to analyze data on the remote Steelhead appliance for the missing period.

click Clear the IPMI alarm now. Alarm CPU Utilization Description Whether the system has reached the CPU threshold for any of the CPUs in the CMC. Whether the system has detected a problem with the fans. Whether the system has encountered a memory error. External Backups Fan Error Whether the automatic backup has succeeded. If rebooting does not solve the problem. Licensing Link State Memory Error Memory Paging Indicates whether your licenses are current. For details. contact Riverbed Technical Support at https:// support. reboot the CMC. the CPU utilization might become high and result in a CPU alarm. This CPU alarm should not be cause for concern. and alarm status. email. IPMI Indicates there has been a physical security intrusion triggering an Intelligent Platform Management Interface (IPMI) error. The following events trigger the IPMI alarm: • chassis intrusion (physical opening and closing of the appliance case) • memory errors (correctable or uncorrectable ECC memory errors) • hard drive faults or predictive failures • power supply status or predictive failure The option to reset the alarm appears only after the service triggers the IPMI alarm. 206 Steelhead Central Management Console User’s Guide . Contact Riverbed Technical Support at http://www. For details on replacing fans. check your settings.Displaying and Customizing Reports Displaying CMC Diagnostics Reports “Downloading User Logs Report” on page 211 “Viewing System Logs Reports” on page 212 “Downloading System Log Files Reports” on page 213 “Viewing the System Dumps List Report” on page 213 “Viewing Process Dump List Reports” on page 214 “Viewing the TCP Dumps List Reports” on page 214 Viewing the Alarm Status Report The Alarm Status report provides the status for the CMC alarms and includes the following alarm information.riverbed. To reset the alarm. If your alarm thresholds are correct. If the system has reached the CPU threshold. You are notified via SNMP traps. see the Upgrade and Maintenance Guide. Note: If more than 100 MB of data is moved through a CMC while performing PFS synchronization. see “Alarms” on page 265. Fans in 3U systems can be replaced. then reboot the CMC.com. If thousands of pages are swapped every few minutes. Note: This alarm setting appears only on appliance versions of the CMC. Whether the system has reached the memory paging threshold. see “Rebooting Appliances and Appliance Groups” on page 124.com and file a trouble ticket to order a replacement fan. For details.riverbed. For details. If 100 pages are swapped approximately every two hours the CMC is functioning properly. see “Rebooting Appliances and Appliance Groups” on page 124. Whether the system has detected a link that is down.

Whether the system partitions (not the data store) are almost full. as opposed to a power supply slot with no power supply cord inserted. When the vault is locked. Note: This alarm setting appears only on appliance versions of the CMC. Alarm Status Page Steelhead Central Management Console User’s Guide 207 . Temperature Whether the CPU temperature has exceeded the critical threshold. /var which is used to hold logs. Indicates that the system has detected an error while trying to create a snapshot. Note: This alarm setting appears only on appliance versions of the CMC. Figure 4-29. TCP dumps. and so forth. SSL traffic is not optimized and you cannot encrypt the data store SSL Certificates System Disk Full Indicates an SSL certificate has failed to re-enroll automatically within the Simple Certificate Enrollment Protocol (SCEP) polling interval. system dumps. The default value for the rising threshold temperature is 70º C. Please contact Riverbed Technical Support to correct the issue. What This Report Tells You The Alarm Status report answers the following question: What is the current status of the CMC? To view the Alarm Status report Choose Reports > CMC Diagnostics > Alarm Status to display the Alarm Status page. For example.Displaying CMC Diagnostics Reports Displaying and Customizing Reports Alarm Power Supply Process Dump Staging Directory Inaccessible Secure Vault Description Indicates an inserted power supply cord does not have power. Indicates the secure vault is locked or an error has occurred while initializing the secure vault. statistics. the default reset threshold temperature is 67º C.

The y-axis plots the metric of interest. It includes the following table of statistics that describe memory paging activity for the time period you specify. Three triangles near the top margin of the graph point to the value on the x-axis (the time) at which the peak occurred. Viewing Memory Paging Report The Memory Paging report provides the total number of memory pages. the percent) that is the average value for the time period selected. Use the following format: YYYY/MM/DD HH:MM:SS Refresh Select a refresh rate from the drop-down list: • To refresh the report every 10 seconds. 2. enter the Start Time and End Time and click Go. and the like. select 10 seconds. 208 Steelhead Central Management Console User’s Guide . select 30 seconds. Last Hour. connection counts. Use the controls to customize the reports as described in the following table. • To turn refresh off. For Custom. Choose Reports > CMC Diagnostics > CPU Utilization to display the CPU Utilization page. Control Period Description Select Last Minute. The right margin of the graph points to the value on the y-axis (for example. the x-axis (or tick mark) plots time. Pie chart graphs represent the aggregate for the time period selected. percent (%) of data reduction.Displaying and Customizing Reports Displaying CMC Diagnostics Reports Viewing CPU Utilization Report The CPU Utilization report summarizes the percentage of the CPU used within the time period specified. Pie chart graphs do not indicate peaks or averages. Last Month. or Custom from the drop-down list. To view the CPU Utilization report 1. Last Week. such as GBs of bandwidth. per second. What This Report Tells You The CPU Utilization report answers the following questions: How much of the CPU is being used? What is the average and peak percentage of the CPU being used? About Report Graphs In bar-graph and line-graph reports. • To refresh the report every 30 seconds. Go Displays the report. click Off. 5 Minutes. utilized in the time period specified. select 60 seconds. • To refresh the report every 60 seconds. according to the interval you select. Last Day.

click Off. • To refresh the report every 30 seconds. For Custom. Steelhead Central Management Console User’s Guide 209 . Go Displays the report. Memory Paging Page 2. select 60 seconds.Displaying CMC Diagnostics Reports Displaying and Customizing Reports To view the memory paging report 1. Use the controls to customize the reports as described in the following table. Figure 4-30. View users logs to monitor user activity. select 10 seconds. or Custom from the drop-down list. 5 Minutes. • To refresh the report every 60 seconds. Use the following format: YYYY/MM/DD HH:MM:SS Refresh Select a refresh rate from the drop-down list: • To refresh the report every 10 seconds. Last Week. Last Day. • To turn refresh off. Control Period Description Select Last Minute. Choose Reports > CMC Diagnostics > Memory Paging to display the Memory Paging page. select 30 seconds. Last Month. The most recent log events are listed first. Viewing User Logs Report You can view user logs in the View User Logs page. Last Hour. enter the Start Time and End Time and click Go.

User Logs Page 210 Steelhead Central Management Console User’s Guide . Figure 4-31.Displaying and Customizing Reports Displaying CMC Diagnostics Reports To view user logs 1. Choose Reports > CMC Diagnostics > User Logs to display the User Logs page.

Use the controls to customize the report as described in the following table.Displaying CMC Diagnostics Reports Displaying and Customizing Reports 2. Click Go to apply the changes to the report display. 3. Click Rotate Logs to archive the current log to a numbered archived log file and then clear the log so that it is empty again.Specify the date and time (MM/DD HH:MM) of the pages you want to display.Specify the number of pages you want to display. • Time . Specify the number of lines you want to display on the page. Figure 4-32. • Error or higher .Displays Warning level logs or higher. • Info or higher . Filter Select one of the following options from the drop-down list: • <Regular Expression> . User Logs Download Page 2.Displays Error level logs or higher. Steelhead Central Management Console User’s Guide 211 . Choose Reports > CMC Diagnostics > User Logs Download to display the User Logs Download page. Downloading User Logs Report You can download user logs in the User Logs Download page. • Notice or higher .Displays Notice level logs or higher. Control Show Lines per page Jump to Description Select Current Log or one of the archived logs from the drop-down list. You can download both compressed and uncompressed logs.Specifies a regular expression on which to filter the log. Click the name of the log to save the log to disk.Displays Info level logs or higher. • Warning or higher . 3. Select one of the following options from the drop-down list: • Page . To download user logs 1.

Specify the time for the log you want to display. • Error or higher .Displays the Error level logs or higher. The most recent log events are listed first.Displaying and Customizing Reports Displaying CMC Diagnostics Reports Viewing System Logs Reports You can view system logs reports in the System Logs page.Displays the Info level logs or higher.Displays the Warning level logs or higher. 212 Steelhead Central Management Console User’s Guide . Use the controls to customize the report as described in the following table. • Warning or higher .Displays the Notice level logs or higher. • Time . To view system logs 1. Figure 4-33. Click Go to apply the changes to the report display. • Notice or higher . Filter Select one of the following options from the drop-down list: • <Regular Expression> . Choose Reports > CMC Diagnostics > System Logs to display the System Logs page. View system logs to monitor system activity and to troubleshoot problems. • Info or higher . Specify the number of lines you want to display on the page.Specify a regular expression on which to filter the log. Control Show Lines per page Jump to Description Select Current Log or one of the archived logs from the drop-down list. System Logs Page 2.Specify the number of pages you want to display. 3. Select one of the following options from the drop-down list: • Page .

Choose Reports > CMC Diagnostics > System Dumps to display the System Dumps page. System dump files can help you diagnose problems in the system. System Dumps Page Steelhead Central Management Console User’s Guide 213 . You can download both compressed and uncompressed logs. To view system dump files 1. 3. Figure 4-35. Click Rotate Logs to archive the current log to a numbered archived log file and then clear the log so that it is empty again. Viewing the System Dumps List Report You can display and download system dumps reports in the System Dumps page. Click the name of the log to save the log to disk. To download system logs 1. Choose Reports > CMC Diagnostics > System Logs Download to display the System Logs Download page. Figure 4-34. What This Report Tells You A system dump contains a copy of the kernel data on the system.Displaying CMC Diagnostics Reports Displaying and Customizing Reports Downloading System Log Files Reports You can download system logs reports in the System Logs Download page. System Logs Download Page 2. Download system logs to monitor system activity and to troubleshoot problems.

Viewing the TCP Dumps List Reports You can display and download TCP dumps reports in the TCP Dumps page. 3. Select Include statistics check box and click Generate System Dump to generate a new system dump. What This Report Tells You A process dump is a saved copy of memory including the contents of all memory. click the check box next to the name and click Remove Selected. 214 Steelhead Central Management Console User’s Guide . hardware registers. click the check box next to the name and click Remove Selected. 3. Click the filename to open a file or save the file to disk. Choose Reports > CMC Diagnostics > Process Dumps to display the Process Dumps page.Displaying and Customizing Reports Displaying CMC Diagnostics Reports 2. Figure 4-36. Viewing Process Dump List Reports You can display and download process dump reports in the Process Dumps page. What This Report Tells You TCP dump files contain summary information for every Internet packet received or transmitted on the interface. Process dump files can help you diagnose problems in the system. To remove an entry. Tip: To remove an entry. bytes. Click the filename to open a file or save the file to disk. TCP dump files can help you diagnose problems in the system. It is periodically taken to restore the system in the event of failure. and status indicators. Process Dumps Page 2. To view system dump files 1.

2.Displaying CMC Diagnostics Reports Displaying and Customizing Reports To view TCP data you must run the tcpdump tool using the Riverbed CLI. TCP Dumps Page Steelhead Central Management Console User’s Guide 215 . For details. To view TCP dump files 1. Figure 4-37. see the Riverbed Command-Line Interface Reference Manual. Click Add a New TCP Dump to display the information. Choose Reports > CMC Diagnostics > TCP Dumps to display the TCP Dumps page.

Source IP(s) Source Port(s) Destination IP(s) Destination Port(s) 216 Steelhead Central Management Console User’s Guide . Control Add a New TCP Dump Capture Interfaces Description Displays the controls for creating a TCP trace dump. Specify 0 for a full packet capture (recommended for CIFS. Optionally. You must specify a capture interface. The default value is 100. and timestamp is in the YYYY-MM-DD-HH-MM-SS format. Captures the TCP trace dump on the selected interface. Note: The . specify the capture filename case_number where number is your Riverbed Support case number. The default value is 1518. Specify the source IP addresses. primary. Enabling this setting filters the trace dump by capturing only VLAN-tagged packets. wan0_0).Displaying and Customizing Reports Displaying CMC Diagnostics Reports 3. Separate multiple ports with a comma. lan0_0. The default filename uses the following format: hostname_interface_timestamp. Separate multiple IP addresses with a comma. The default setting is all ports. If this trace dump relates to an open Riverbed Support case. specify the maximum number of packets allowed to queue up while awaiting processing by the TCP trace dump. and SSL traces). Leave this value blank to initiate a continuous trace. the oldest file is overwritten.cap file extension is not included with the filename when it appears in the capture queue. Captures only VLAN-tagged packets within a trace dump for a trunk port (802. This setting applies to physical interfaces only because logical interfaces (inpath0_0. Specify the destination IP addresses. or aux. Specify how many TCP trace dump files to rotate. Optionally. Specify the destination ports. Separate multiple ports with a comma. in seconds. interface is the name of the interface selected for the trace (for example. Specify the name of the capture file.1Q).cap Where hostname is the hostname of the Steelhead appliance. Separate multiple IP addresses with a comma. The default value is 154. Complete the configuration as described in the following table. The default setting is all IP addresses. mgmt0_0) do not recognize VLAN headers. When a continuous trace reaches the maximum space allocation of 100 MB. The default setting is all ports. Specify the maximum capture file size in MBs. Specify the source ports. The recommended maximum capture file size is 1024 MBs (1 GB). The default setting is all IP addresses. You can select All. case_12345. Click only one interface per trace dump. specify the snap length value for the trace dump. MAPI. The default setting is none. The default value is 30. Capture Name Capture Duration (Seconds) Maximum Capture Size (MB) Buffer Size Snap Length Number of Files to Rotate Capture VLAN Packets Specify how long the capture runs. for example. The default value is 5.

x. and the version of the CMC the file was exported from. the time the export occurred. Specify a date to initiate the trace dump in the following format: YYYY/MM/DD Specify a time to initiate the trace dump in the following format: HH:MM:SS Add Adds the TCP trace dump to the capture queue.y.b) Schedule Dump Start Date and Time Schedules the trace dump to run at a later date and time. The CSV file contains commented lines (comments beginning with the # character) at the beginning of the file.a. Tip: To remove an entry. These comments report what host generated the file. the columns that follow contain the data.a. Steelhead Central Management Console User’s Guide 217 .a and host b.y. The CSV format allows you to easily import the statistics into spreadsheets and databases.x.x.x and host y.Exporting Performance Statistics Reports Displaying and Customizing Reports Control Custom Flags Description Specify custom flags to capture unidirectional traces.x.x To capture all traffic between a pair of hosts host x.x and host y.x. The statistical values are provided in columns: the first column is the date and time of the statistic sample. You can export performance statistics in CSV format in the Export report.y To capture traffic between two hosts and the inner channels between two Steelhead appliances: (host x.y.y) or (host a.y.x. the report that was generated. time boundaries.b. click the check box next to the name and click Remove Selected. You can open the CSV file in any text editor. Exporting Performance Statistics Reports The following section describes how to export appliance information and statistics reports. for example: To capture all traffic to or from a single host host x.b.

Type an email address or a URL. Select one of the following options: – – Email. • Format. depending on the option selected above. URL from the drop-down list. Enter the complete email address for the recipient. Complete the configuration as described in the following table. Control Export Destination and Format Description Complete the following options for exporting appliance statistics: • Export To. 2. Choose Reports > Export to display the Export page. Choose Reports > Export to display the Export page. To export statistics 1. 218 Steelhead Central Management Console User’s Guide . Figure 4-38.Displaying and Customizing Reports Exporting Performance Statistics Reports To export appliance information 1. Use the format [scp|ftp]://username:password@host/path/filename • Email Addresses. Select HTML or CSV format. Export Page 3. Select the Export Appliance Information radio button to export the appliance information.

Select the Export Statistics radio button to export the appliance statistics.Exporting Performance Statistics Reports Displaying and Customizing Reports 2. Reports > Export Page Steelhead Central Management Console User’s Guide 219 . Figure 4-39.

Weekly. Export Exports your data based on your settings. Daily. • Traffic Summary. Granularity determines how many statistic data points are used when the data is exported. • Email Addresses. Passthrough. • Connection History. Select export frequency from the drop-down list (Once Only. • Throughput. Select one of the following options from the drop-down list: – – – – Execution Maximum. Frequency. LAN-to-WAN). • Data Reduction. WAN-to-LAN. For CSV export. Time. • Format. Low. Control Export Destination and Format Description Complete the following options for exporting appliance statistics: • Export To. For graphs (which appear when you choose HTML as the format) sometimes a lower granularity reduces the jerkiness and gives a smoother and easier to understand graph. • Schedule Export. or Both). Specify the time using the HH:MM:SS format. Specify Ports and select Traffic Direction (Bi-Directional. LAN-to-WAN). Select Email or URL from the drop-down list. Click the check boxe(s) to select appliances to be included in the export. Select HTML or CSV format. Specify the time period in days (between 1 and 60). Groups Appliances Statistics Click the check boxe(s) to select group(s) to be included in the export. Specify Ports and select Traffic Direction. Medium. Specify a data point every hour. depending on the option selected above. Period and Granularity Specify one of the following options: • Most recent period. Specify a data point every 5 minutes. Select Traffic Type from the drop-down menu (Optimized. WAN-to-LAN. 220 Steelhead Central Management Console User’s Guide . Specify a data point every week. Click the check boxe(s) to include any of the following statistic types in the report: • Bandwidth Optimization. Exports data based on the following settings: – – – Date. Higher granularity is more accurate. Specify Ports and select Traffic Direction (Bi-Directional. Exports data when you click Export. High. Complete the configuration as described in the following table. Specify a data point every day. • Granularity.Displaying and Customizing Reports Exporting Performance Statistics Reports 3. Specify one of the following options: • Export Now. Click to include connection history in the export. Monthly). it reduces the amount of exported data. Type an email address or a URL. Specify the date using the YYYY/MM/DD format.

see the Steelhead Management Console User’s Guide. Choose Manage > Policies to display the Policies page. and security policies. For details. network. It includes the following sections: “Viewing Policy Configurations. These are described in the system administration section of this guide. This appendix does not summarize the settings for System Settings Policies. 2. For details on RiOS feature sets. Viewing Policy Configurations This section describes how to view policy configurations and quickly navigate among policy feature sets.” next “Optimization Policy Settings” on page 224 “System Settings Policies” on page 264 “Networking Policy Settings” on page 277 “Security Policy Settings” on page 298 “Branch Services Settings” on page 304 This appendix assumes you are familiar with configuring and managing Steelhead appliances. system. Steelhead Central Management Console User’s Guide 221 . see “Configuring System Settings” on page 39. To view policy configurations 1.APPENDIX A Policy Parameters and Settings This appendix describes how to configure feature sets contained in optimization. It does not include detailed overviews of the individual feature sets associated with the policies. Click the name of the policy in the Policy Name column.

paste or type in commands (one command per line) to be pushed to an appliance using this policy. Setting Description CLI Commands Rename Policy Enable Page Description Specify a description to help you identify the policy. Select the check box to enable the feature set. For details. Optionally. Sample Policy Editing Panel In this panel. 222 Steelhead Central Management Console User’s Guide . see “Understanding Policies and Policy Usage” on page 130.Policy Parameters and Settings Viewing Policy Configurations The Editing <policy type> <policy name> panel displays. Figure 4-40. you can modify the settings described in the following table. Unselected feature sets are ignored by the policy and the default value is used when pushed to appliances. The lower part of the panel lists the feature sets specific to the policy type and whether or not they are set to be inherited. Apply Applies the modifications to the running configuration. click and type a new name for the policy. Optionally.

Note: Because different policy types have different feature sets. Sample Editing Policy Page 4. Click Apply to apply the settings to the running configuration. feature set> page. Security. only In-Path Rule settings are copied. Note: This copies only the settings for the current page. 5. For example.Viewing Policy Configurations Policy Parameters and Settings 3. To duplicate entire policy feature sets. Page Select the policy feature set to be accessed. see “Creating Policy Settings” on page 133. and System. Modify the settings. Figure 4-41. Note: The policies are categorized by type: Networking. click the name of the feature set In the Page column to display the Editing <policy name. To go to other policies and feature sets. Steelhead Central Management Console User’s Guide 223 . To copy the specified feature set values from another policy. Optimization. if the current page is In-Path Rules. 7. Control Editing <Policy Type> Policy Description Select the policy name from the drop-down list. To access policy feature sets. use the controls at the top of the page as described in the following table. select the policy containing the values you want to duplicate from the Copy Contents From Policy drop-down list and click Copy. the contents of this drop-down list are determined by the policy selected in the Editing <Policy Type> Policy drop-down list. 6.

It includes the following sections: “General Service Settings. Enables out-of-path support. 224 Steelhead Central Management Console User’s Guide . For details on how to create a new policy. Control In-Path Settings Out-of-Path Settings Description Enables in-path support. General Service Settings You can review general service settings in the General Service Settings page. For details.Policy Parameters and Settings Optimization Policy Settings Optimization Policy Settings The following section describes Optimization Policy feature set.” next “In-Path Rules” on page 226 “Peering Rules” on page 233 “Service Ports” on page 235 “Data Store” on page 236 “Performance” on page 238 “Protocols CIFS” on page 240 “Protocols CIFS Prepopulation” on page 243 “Protocols HTTP” on page 244 “Protocols Oracle Forms” on page 247 “Protocols MAPI” on page 249 “Protocols MS-SQL” on page 251 “Protocols NFS” on page 252 “Protocols Lotus Notes” on page 254 “Protocols Citrix ICA” on page 254 “Windows Domain Auth” on page 255 “SSL Main Settings” on page 255 “SSL Peering” on page 257 “Certificate Authorities” on page 260 “SSL Advanced Settings” on page 260 “Secure Peering (IPSEC)” on page 262 The following procedures assume you have already created an Optimization Policy. see “Creating Policy Settings” on page 133. see the Steelhead Management Console User’s Guide.

If you have a client connecting to valid hosts or ports at a very high rate. some of its connections might be passed through even though all of the connections are valid. Connection pooling is useful for protocols which create a large number of shortlived TCP connections. When the pool reaches its maximum size. Maximum Connection Pooling Size. A value of 0 specifies no connection pool. increase the pool size.Optimization Policy Settings Policy Parameters and Settings Control Connection Settings Description Per-Source IP Connection Limit. the client and the Steelhead appliance do not have to wait for a three-way TCP handshake to finish across the WAN. Applies your settings. Restricts half-opened connections on a source IP address initiating connections (that is. Connection pooling enhances network performance by reusing active connections instead of creating a new connection for every request. the new connection is created and added to the pool. This feature does not prevent a source IP address from connecting to valid hosts at a normal rate. Specify the maximum number of TCP connections in a connection pool. the client machine). the pool manager checks the pool for unused connections and returns one if available. The appliance counts the number of half opened connections for a source IP address (connections that check if a server connection can be established before accepting the client connection). If all connections currently in the pool are busy and the maximum pool size has not been reached. Set this feature to block a source IP address that is opening multiple connections to invalid hosts or ports simultaneously (for example. If the report indicates an unacceptably low ratio of pool hits per total connection requests. up to the maximum pool size. To optimize such protocols. a virus or a port scanner). Thus. a source IP address could have more established connections than the limit. Important: You must restart the Steelhead appliance after changing this setting. Tip: Viewing the Connection Pooling report can help determine whether to modify the default setting. Thus. When a client requests a new connection to a previously visited server. If the count is above the limit. a connection pool manager maintains a pool of idle TCP connections. new connections from the source IP address are passed through unoptimized. Steelhead Central Management Console User’s Guide 225 . such as HTTP. all new connection requests are queued until a connection in the pool becomes available or the connection attempt times out. Failover Settings Apply Enables failover support. The default value is 20. The default value is 4096.

Defining in-path rules modifies this default setting. port labels. and the system moves on to the next packet. If rule 2 matches the conditions. Auto-Discover Note: The default rule. Use the following format: XXX. optionally. rule 2 is consulted. list rules in the following order: 1. • Pass-Through .Skips the auto-discovery process and uses a specified remote Steelhead appliance as an optimization peer. it is applied. and no further rules are consulted. configure additional ones. then the rule is applied. ports. • Fixed-Target .Drops the SYN packets silently.Allows the SYN packet to pass through the Steelhead appliance unoptimized. In general. which optimizes all remaining traffic that has not been selected by another rule. which ports and backup Steelhead appliances). Traffic is also passed through when the Steelhead appliance is in bypass mode. the system consults the next rule. Source Subnet Specify the subnet IP address and netmask for the source network. cannot be removed and is always listed last. end. auto-discover is applied to all IP addresses and ports that are not secure. For details on in-path rules. in the In-Path Rules page. and out-of-path Steelhead appliances to use.Uses the auto-discovery process to determine if a remote Steelhead appliance is able to optimize the connection attempting to be created by this SYN packet. or a rule number from the drop-down list. or default Riverbed ports.0. Auto-Discover. and add rules to specify the network of servers. sends a message back to its source.0. No optimization is performed on the TCP connection initiated by this SYN packet.XXX/XX Or.) • Discard . interactive. see the Steelhead Management Console User’s Guide. For example. Control Add a New In-Path Rule Type Description Displays the controls for adding a new rule. and remove them.Policy Parameters and Settings Optimization Policy Settings In-Path Rules You can review in-path rules. The Steelhead appliance filters out traffic that matches the discard rules. Using an active reset process rather than a silent discard allows the connection initiator to know that its connection is disallowed. You define pass-through rules to exclude subnets from optimization.Drops the SYN packets. Fixed-target 5. (1 of 7) 226 Steelhead Central Management Console User’s Guide . • Deny .XXX. Discard 3. You must specify at least one remote target Steelhead appliance to optimize (and. Select one of the following rule types from the drop-down list: • Auto-Discover . If the conditions set in the rule match. Steelhead appliances evaluate rules in numerical order starting with rule 1. By default. if the conditions of rule 1 do not match. (Pass through of traffic might occur because of in-path rules or because the connection was established before the Steelhead appliance was put in place or before the Steelhead service was enabled. This process is similar to how routers and firewalls drop disallowed packets: the connection-initiating device has no knowledge of the fact that its packets were dropped until the connection times out. Deny 2. you can specify all or 0.XXX. Position Select start. If the conditions set in the rule do not match. Pass-through 4.0/0 as the wildcard for all traffic. and resets the TCP connection being attempted.

Use the following format: XXX.0. All specifies the rule applies to all VLANs.If the Oracle Forms. VLAN Tag ID Select the VLAN identification number from the drop-down list to set the VLAN tag identification number.XXX. SSL.XXX/XX Or. Port . Untagged specifies the rule applies to non-tagged connections.Enables preoptimization processing for Oracle Forms. rules apply to all VLAN values unless you specify a particular VLAN ID.Specify the destination port number. for example. port 443. • SSL . • Oracle Forms over SSL . This is the default setting. Preoptimization Policy Select a traffic type from the drop-down list: • None .Specify the backup destination port number for a fixed-target rule. You must also set the Latency Optimization Policy to HTTP. port label.Enables preoptimization processing for both the Oracle Forms and SSL encrypted traffic through SSL secure ports on the client-side Steelhead appliance.XXX.Optimization Policy Settings Policy Parameters and Settings Control Destination Subnet Description Specify the subnet IP address and netmask for the destination network. Port . Port . By default. Target Appliance IP Address Specify the target appliance address for a fixed-target rule. Pass-through traffic maintains any pre-existing VLAN tagging between the LAN and WAN interfaces.1q. (2 of 7) Steelhead Central Management Console User’s Guide 227 . select none. Note: If the server is running over a standard secure port.0. or all. Backup Appliance IP Address Specify the backup appliance address for a fixed-target rule. the Oracle Forms over SSL in-path rule needs to be before the default secure port pass-through rule in the in-path rule list. configure in-path rules to apply to all VLANs or to a specific VLAN. RiOS supports VLAN v802. • Oracle Forms . To configure VLAN tagging.0/0 as the wildcard for all traffic. or Oracle Forms over SSL preoptimization policy is turned on and you want to turn it off for a port.Enables preoptimization processing for SSL encrypted traffic through SSL secure ports on the client-side Steelhead appliance. you can specify all or 0.Specify the target port number for a fixed-target rule.

which prevents the Steelhead appliance from reading and writing to and from the disk. define an inpath rule with the destination port 7830 and set its optimization policy. while setting the QoS for port 20 on the server-side Steelhead appliance effects active FTP. To configure optimization policies for the FTP data channel.Perform all latency optimizations (HTTP is activated for ports 80 and 8080).Perform LZ compression and SDR. you must set the Latency Optimization Policy to HTTP. do not perform SDR. if you have selected Auto-Discover or Fixed Target. • None . Tip: Setting the Latency Optimization Policy to None excludes HTTP latency optimizations. Enabling this option can yield high LAN-side throughput because it eliminates all disk latency. do not perform LZ compression. To configure optimization policies for the MAPI data channel.Do not activate latency optimization on connections matching this rule. (3 of 7) 228 Steelhead Central Management Console User’s Guide .Policy Parameters and Settings Optimization Policy Settings Control Optimization Policy Description Optionally.Performs data reduction entirely in memory. Setting QoS for port 20 on the client-side Steelhead appliance effects passive FTP. • Compression-Only .Perform SDR.Do not perform SDR or LZ compression. • None .0. For Oracle Forms over SSL encrypted traffic. Both Steelhead appliances must be running RiOS v6. you can configure the following types of optimization policies: • Normal . • SDR-M .Perform LZ compression. • HTTP .Activate HTTP optimization on connections matching this rule. Latency Optimization Policy Select one of the following policies from the drop-down list: • Normal . define an in-path rule with the destination port 20 and set its optimization policy. This is the default setting. • SDR-Only .

while minimizing the amount of idle time that the data sits in the buffer.Always use the Nagle algorithm. and SDR performance. If data is received from a partial frame packet or a packet with the TCP PUSH flag set.Optimization Policy Settings Policy Parameters and Settings Control Neural Framing Mode Description Optionally. • TCP Hints . Neural framing enables the system to select the optimal packet framing boundaries for SDR. compression. you can select a neural framing mode for the in-path rule. • Dynamic . Neural framing creates a set of heuristics to intelligently determine the optimal moment to flush TCP buffers. define an in-path rule with the destination port 20 and set its optimization policy. For different types of traffic. (4 of 7) Steelhead Central Management Console User’s Guide 229 . To configure neural framing for a MAPI data channel. the encoder encodes the data instead of immediately coalescing it. if you have selected Auto-Discover or Fixed Target. You can specify the following neural framing settings: • Never . define an in-path rule with the destination port 7830 and set its optimization policy. the system discerns the optimum algorithm for a particular type of traffic and switches to the best algorithm based on traffic characteristic changes. To configure neural framing for an FTP data channel. All data is passed to the codec which attempts to coalesce consume calls (if needed) to achieve better fingerprinting. Neural heuristics are computed in this mode but are not used. All the data is immediately encoded without waiting for timers to fire or application buffers to fill past a specified threshold.Never use the Nagle algorithm.Dynamically adjust the Nagle parameters. one algorithm might be better than others. • Always . A timer (6 ms) backs up the codec and causes leftover data to be consumed. In this option. The system continuously evaluates these heuristics and uses the optimal heuristic to maximize the amount of buffered data transmitted in each flush.This is the default setting which is based on the TCP hints. Neural heuristics are computed in this mode but are not used. The considerations include: latency added to the connection. Neural heuristics are computed in this mode but are not used.

Therefore.10. and very challenging remote environments.10. the service automatically kicks off connections with matching source and destination addresses and ports on different VLANs.10. it overrides this setting. For example.10. rather than risk interruption with kickoff.11.Policy Parameters and Settings Optimization Policy Settings Control Auto Kickoff Description Enables kickoff. Src 10. It is suitable for certain long-lived connections. When you enable kick off using an in-path rule. it does not consider a VLAN tag ID when determining whether to kick off the connection. once as source to destination and the other as destination to source to find an in-path rule. which appears on the Configure > Optimization > General Service Settings page. the following in-path rule will kick off connections from 10.10/24 Auto Kickoff enabled The first matching in-path rule will be considered during the kickoff check for a pre-existing connection. In most deployments. Note: If no data is being transferred between the client and server the connection is not reset immediately. you do not want to set automatic kickoff globally because it disrupts all existing connections.11. it sends an RST packet to the client and server maintaining the connection to try to close it. Generally. (5 of 7) 230 Steelhead Central Management Console User’s Guide . • For all existing connections that match an in-path rule and the rule has kickoff enabled. For example. auto kickoff per in-path rule is disabled. It resets the next time the client or server tries to send a message.10/24 and 10. The service applies the first matching in-path rule for an existing connection that matches the source and destination IP and port. connections that pre-exist when the optimization service is started are reestablished and optimized. Important: Specifying automatic kickoff per in-path rule enables kickoff even when you disable the global kickoff feature. RiOS v6. Consequently.10/24 to 10. When global kickoff is enabled. • For a single pass-through or optimized connection on the Current Connections report.11. then that pre-existing connection will be reset. when the application is idle. If you enable kickoff. Note: This feature pertains only to auto-discover and fixed-target rule types and is dimmed and unavailable for the other rule types.10/24 to 10. it may take a while for the connection to reset. which resets pre-existing connections to force them to go through the connection creation process again. If the first matching in-path rule has kickoff enabled. such as data replication. The source and destination of a pre-existing connection cannot be determined because the Steelhead appliance did not see the initial TCP handshake whereas an in-path rule specifies the source and destination IP address to which the rule should be applied.12. By default.10/24 Dst 10.12.10/24. You set the global kickoff feature using the Reset Existing Client Connections on Start Up feature.12.1 provides three ways to enable kickoff: • Globally for all existing connections on the Configure > Optimization > General Service Settings page. one connection at a time. Hence this connection for this IP address pair is matched twice. connections are short lived and kickoff is not necessary. in a remote branch-office with a T1 and a 35 ms round-trip time. you would want connections to migrate to optimization gracefully.10. it sets an internal flag to prevent any further kickoffs until the optimization service is once again restarted. once the Steelhead detects packet flow that matches the IP and port specified in the rule.10. Next.

However. If your WAN router is following traffic classification rules written in terms of client and network addresses. It also preserves VLAN tags. port transparency enables your routers to use existing rules to classify the traffic without any changes.0 or later offers three types of WAN visibility: correct addressing.0 or later). For details. • Full Transparency . This is the default setting. If both port transparency and full address transparency are acceptable solutions. which pertains to how packets traversing the WAN are addressed. if you must see your client or server IP addresses across the WAN. The server-side Steelhead appliance must also support WAN visibility (RiOS v5. full transparency is your only configuration option.Optimization Policy Settings Policy Parameters and Settings Control WAN Visibility Mode Description Enables WAN visibility. nor does it provide client port visibility. Correct addressing uses Steelhead appliance IP addresses and port numbers in the TCP/IP packet header fields for optimized traffic in both directions across the WAN. It does not provide client and server IP address visibility. (6 of 7) Steelhead Central Management Console User’s Guide 231 . RiOS v5. Note: Port transparency only provides server port visibility. Traffic is optimized while these TCP/IP header fields appear to be unchanged. port transparency is preferable. • Port Transparency . Routers and network monitoring devices deployed in the WAN segment between the communicating Steelhead appliances can view these preserved fields. Use port transparency if you want to manage and enforce QoS policies that are based on destination ports. Traffic is optimized while the server port number in the TCP/IP header field appears to be unchanged. enabling full address transparency might yield unexpected results. Important: Enabling full address transparency requires symmetrical traffic flows between the client and server. For details. Port transparency does not require dedicated port configurations on your Steelhead appliances.Full address transparency preserves your client and server IP addresses and port numbers in the TCP/IP header fields for optimized traffic in both directions across the WAN.Port address transparency preserves your server port numbers in the TCP/IP header fields for optimized traffic in both directions across the WAN. Port transparency avoids potential networking risks that are inherent to enabling full address transparency. and full address transparency.Turns WAN visibility off. see the Steelhead Appliance Deployment Guide. up to and including loss of connectivity. see the Steelhead Appliance Deployment Guide. Routers and network monitoring devices deployed in the WAN segment between the communicating Steelhead appliances can view these preserved fields. If any asymmetry exists on the network. You configure WAN visibility on the client-side Steelhead appliance (where the connection is initiated). port transparency. Select one of the following modes from the drop-down list: • Correct Addressing . Port transparency enables network analyzers deployed within the WAN (between the Steelhead appliances) to monitor network activity and to capture statistics for reporting by inspecting traffic according to its original TCP port number.

but the connection is not transparent. stores information. see the Steelhead Appliance Deployment Guide.0. 232 Steelhead Central Management Console User’s Guide . providing some WAN visibility without enabling a WAN Visibility Mode. The reset clears the probe connection created by the Steelhead appliance and allows for the full transparent inner connection to traverse the firewall. you can re-order your rules. • WAN visibility works with auto-discover in-path rules only. • You can configure a Steelhead appliance for WAN visibility even if the server-side Steelhead appliance does not support it. In the In-Path Rules table. the rule moves to the new position. Click the check box next to the name and click Remove Selected Rules. If your system uses a stateful firewall. use the drop-down lists in the Rule column. Click the arrow next to the desired rule position. cannot be removed and is always listed last. It does not work with fixed-target rules or server-side out-of-path Steelhead appliance configurations. Notes: • For details on configuring WAN visibility and its implications. The Management Console redisplays the In-Path Rules table and applies your modifications to the running configuration. The forward reset is necessary because the probe connection and inner connection use the same IP addresses and ports and both map to the same firewall connection. • You can enable full transparency for servers in a specific IP address range and you can enable port transparency on a specific server. Description Add Describe the rule to facilitate administration.Policy Parameters and Settings Optimization Policy Settings Control WAN Visibility Mode (continued) Description RiOS v6. This ensures the firewall does not block inner transparent connections because of information stored in the probe connection. For details. • To turn full transparency on globally by default. heaviest users of WAN bandwidth. select Full. and then validates subsequent packets against this information.Enables full address and port transparency and also sends a forward reset between receiving the probe response and sending the transparent inner channel SYN. which is stored in memory.0 includes an option for using Full Transparency with a stateful firewall. the following option is available: • Full Transparency w/Reset . Moves the selected rules. see the Steelhead Appliance Deployment Guide. Adds the rule to the list. • The Top Talkers report displays statistics on the most active. A stateful firewall examines packet headers. create an in-path autodiscover rule. which optimizes all remaining traffic that has not been selected by another rule. and RBT-Proto rules. (7 of 7) Remove Selected Rules Move Selected Rules Tip: If necessary. Both the client-side and server-side Steelhead appliances must be running RiOS v6. and place it above the default in-path rule and after the Secure. Tip: The default rule. Interactive.

this option is disabled and it is unavailable on Steelhead appliance models that do not support it.000 peers on high-end server-side Steelhead appliances (models 5520. and finally D and optimization takes place in each. see the Steelhead Appliance Deployment Guide. and 6120) to accommodate large Steelhead client deployments. click the down arrow in the Number column next to the rule and choose remove. Important: Before enabling this feature you should have a thorough understanding of performance and scaling issues. the Steelhead appliance automatically finds D. B. By default. then C. With automatic peering the Steelhead appliance automatically finds the furthest Steelhead appliance along the connection path of the TCP connection and optimization occurs there. For example. The data store maintains the peers in groups of 1. After enabling this option you must clear the data store and stop and restart the service. Steelhead Central Management Console User’s Guide 233 . automatic peering is enabled. Tip: To delete a rule from the Peering Rules table. 6020. C. see the Steelhead Appliance Deployment Guide. the Steelhead appliance finds the first remote Steelhead appliance along the connection path of the TCP connection and optimization occurs there.024 in the global peer table. Automatic peering is disabled by default.5 without first clearing the data store. D). For example.000 peers.Optimization Policy Settings Policy Parameters and Settings Peering Rules You configure peering rules for the selected optimization policy in the Peering Rules page. the Steelhead appliance uses regular auto-discovery. C. if you had a deployment with four Steelhead appliances (A. you need to compare it with a serial cluster deployment. When deciding whether to use extended peer table support. D) where D represents the appliance that is furthest from A. 6050. Riverbed recommends enabling the extended peer table if you have more than 4. B. With regular auto-discovery. By default. Enable Extended Peer Table Enables support for up to 20. in a deployment with four Steelhead appliances (A. see the Steelhead Management Console User’s Guide. you cannot install a RiOS software version earlier than v5. For a detailed information about deployments that require automatic peering. If you do not enable automatic peering. where D represents the appliance that is furthest from A. Tip: The default rule cannot be removed and is always listed last. For more information on serial clusters. This simplifies configuration and makes your deployment more scalable. Control Enable Automatic Peering Description Enables enhanced automatic peering. For details on automatic peering. the Steelhead appliance automatically finds B. Important: After enabling extended peer table support.

If the conditions set in the rule match.0/0 as the wildcard for all traffic.0. it is applied. the peer Steelhead appliance) for the optimized connection.XXX/XX Destination Subnet Specify an IP address/mask pattern for the traffic destination.0. Accepts peering requests that match the source-destination-port pattern. Allows built-in functionality to determine the response for peering requests (performs the best peering possible). Select one of the following rule types from the drop-down list: • Auto.0. If the receiving Steelhead appliance is not using automatic auto-discovery.XXX. The Rule Type of a matching rule determines which action the Steelhead appliance takes on the connection. For details on saving configurations.0/0 as the wildcard for all traffic. or you can specify all or 0. see “User Permissions” on page 299. or a rule number from the drop-down list. The receiving Steelhead appliance does not respond to the probing Steelhead appliance. If rule 2 matches the conditions. For example. rule 2 is consulted.XXX. When you have verified appropriate changes. Select start.XXX. end. port label.XXX/XX Port Peer IP Address Specify the destination port number. and no further rules are consulted. Allows pass-through peering requests that match the source and destination port pattern. you can verify whether changes have had the intended effect by reviewing related reports. • Passthrough. Use the following format: XXX. Control Rule Type Description Determines which action the Steelhead appliance takes on the connection. The receiving Steelhead appliance responds to the probing Steelhead appliance and becomes the remote-side Steelhead appliance (that is. or all. this has the same effect as the Accept peering rule action. Specify the IP addresses of the probing Steelhead appliance. you can write the active configuration that is stored in memory to the active configuration file (or Save As any filename you choose). then the rule is applied and the system moves on to the next rule. To add a new peering rule use the configurations described in the following table. Use the following format: XXX. and allows the SYN+probe packet to continue through the network Insert Rule At Determines the order in which the system evaluates the rule. the Steelhead appliance only becomes the optimization peer if it is the last Steelhead appliance in the path to the server.0. 234 Steelhead Central Management Console User’s Guide . The system evaluates rules in numerical order starting with rule 1. If automatic auto-discovery is enabled. if the conditions of rule 1 do not match.Policy Parameters and Settings Optimization Policy Settings Important: After the CMC has applied your settings. Source Subnet Specify an IP address/mask for the traffic source.XXX. or you can specify all or 0. • Accept.

and the destination IP and port do not appear on the bypassed servers list. see the Steelhead Management Console User’s Guide. Description Add Specify a description to help you identify the peering relationship. The peering rule determines that the connection is SSL-capable if the destination port is 443 (irrespective of the destination port value on the rule). The Steelhead appliance passes the connection through unoptimized without affecting connection counts. This flag is typically set on a server-side Steelhead appliance. For details on the service ports. Steelhead Central Management Console User’s Guide 235 . The Steelhead appliance accepts the condition and. The Service Ports page contains the following groups of settings: “Service Port Settings. The peering rule determines that the connection is SSL-incapable if the destination IP and port appear in the bypassed servers list. optimizes SSL. Select one of the following options from the drop-down list to determine how to process attempts to create secure SSL connections: • No Check. The service adds a server to the bypassed servers list when there is no SSL certificate for the server or for any other SSL handshake failure. Adds a peering rule to the list. The default service ports are 7800 and 7810. The peering rule does not determine whether the server Steelhead appliance is present for the particular destination IP address and port combination. The default service ports are 7800 and 7810. Control Service Ports Default Port Description Specify ports in a comma-separated list. Note: Riverbed recommends that you use in-path rules to optimize SSL connections on non-443 destination port configurations. you can display and modify service port settings for an optimization policy. • Capable. • Incapable. assuming all other proper configurations and that the peering rule is the best match for the incoming connection. which specifies a criteria for matching an incoming connection with one of the rules in the peering rules table.” next “Service Ports” on page 236 Service Port Settings In this panel. Service Ports You can configure service port settings for the selected optimization policy in the Service Ports page.Optimization Policy Settings Policy Parameters and Settings Control SSL Capability Description Enables an SSL Capability flag. Select the default service port from the drop-down list.

• AES_256. as described in the following table. Important: You must clear the data store and reboot the Steelhead service on the Steelhead appliance after turning on. For details. The Data Store page contains the following groups of settings: “General Settings. changing.” next “Data Replication Setting” on page 237 “Disk Layout Setting” on page 238 General Settings In this panel. you can specify data store encryption for an optimization policy. Click the check box next to the name and click Remove Selected. • AES_128. Control Data Store Encryption Type Description Select one of the following encryption types from the drop-down list. Adds the port numbers. Turns off data encryption.Policy Parameters and Settings Optimization Policy Settings Service Ports In this panel. 236 Steelhead Central Management Console User’s Guide . Control Add a New Service Port Mapping Destination Port Service Port Add Remove Selected Description Displays the controls to add a new mapping. Data Store You can display and modify data store settings for the selected optimization policy on the Data Store page. see “Rebooting Appliances and Appliance Groups” on page 124. as described in the following table. Encrypts data using the AES cryptographic key length of 192 bits. Specify a destination port number. • AES_192. reselect your previous encryption type and reboot the service. After you clear the data store. Encrypts data using the AES cryptographic key length of 128 bits. The Steelhead appliance uses the previous encryption type and encrypted data store. • None. Specify a port number. If you do not want to clear the data store. Encrypts data using the AES cryptographic key length of 256 bits. the data cannot be recovered. The encryption types are listed from the least to the most secure. you can manage service port mappings for an optimization policy. or turning off the encryption type.

• Monitors both read and write disk I/O response and.0. Important: Use caution with this setting. When used between two different Steelhead appliance models. 6050 .0. After enabling SDR-M on both the client-side and the server-side Steelhead appliances. Upgrade notes: If you have enabled SDR-Adaptive prior to upgrading to RiOS v6. SDR-Adaptive Legacy. This is typically the preferred configuration mode for SAN replication environments. based on statistical trends. Maximizes LAN-side throughput dynamically under different data work loads. Setting Default Description This setting is enabled by default and works for most implementations. the smaller model limits the performance. Steelhead Central Management Console User’s Guide 237 . particularly when you are optimizing CIFS or NFS with prepopulation. This Margin Segment Elimination (MSE) process provides network-based disk defragmentation. • Writes large page clusters. • Reduces random disk seeks and improves disk throughput by discarding very small data margin segments that are no longer necessary. SDR-M is most efficient when used between two identical high-end Steelhead appliance models.Optimization Policy Settings Policy Parameters and Settings Data Replication Setting In this panel. • Monitors the disk write I/O response time to provide more throughput. Advanced. Important: You cannot use peer data store synchronization with SDR-M. you can specify the data replication options for an optimization policy. restart both Steelheads to avoid performance degradation. the default setting is SDR-Adaptive Legacy.6050. The default setting: • Provides the most data reduction. Includes the default settings and also: • Balances writes and reads. which prevents the Steelhead appliance from reading and writing to and from the disk. If you did not change the SDR-Adaptive setting prior to upgrading to RiOS 6. the default setting is SDR-Adaptive Advanced. Please contact Riverbed Technical Support for more information. Enabling this option can yield high LAN-side throughput because it eliminates all disk latency. for example. SDR-M Performs data reduction entirely in memory. can employ a blend of disk-based and non-disk-based data reduction techniques to enable sustained throughput during periods of high disk-intensive workloads. This switching mechanism is governed with a throughput and bandwidth reduction goal using the available WAN bandwidth. as described in the following table.

select buffer settings for the optimization policy performance feature set as described in the following table. The default value is 81920. you can verify whether changes have had the intended effect by reviewing the Throughput report. see “Displaying Steelhead Diagnostics Reports” on page 197. Control Description Enable HighSpeed TCP Use Default Steelhead TCP Optimization Enables HighSpeed TCP settings. Enables default Steelhead TCP optimization.Policy Parameters and Settings Optimization Policy Settings Disk Layout Setting In this panel. Specifies a replacement algorithm that replaces the least recently used data in the data store. which improves hit rates when the data in the data store are not equally used. For details on viewing reports. 238 Steelhead Central Management Console User’s Guide . see the Steelhead Management Console User’s Guide. Control FIFO Riverbed LRU Description Specifies a replacement algorithm that replaces data in the order that they are received (first in. Choose Reports > Optimization > Throughput. Control LAN Send Buffer Size LAN Receive Buffer Size Description Specify the send buffer size used to send data out of the LAN. For details on Performance optimization. Buffer Settings In this panel. enable or disable TCP optimization. This is the default setting. Specify the receive buffer size used to receive data from the LAN. The Performance page contains the following groups of settings: “TCP Optimization” on page 238 “Buffer Settings” on page 238 “Data Store” on page 239 “Adaptive Data Streamlining Modes” on page 239 “CPU Settings” on page 239 TCP Optimization In this panel. as described in the following table. first out). Performance You can configure service performance policy settings for the selected optimization policy in the Performance page. you can select the disk layout setting as described in the following table. settings. Important: After changing the data store data replication settings. The default value is 32768.

specify the data streamlining mode as described in the following table. This is very useful for very high-speed applications. Setting Compression Level Description Specifies the relative trade-off of data compression for LAN throughput speed. Mode Default SDR-Adaptive Description Specifies the default streamlining mode. This feature uses both SDR and LZ. select the CPU settings for the optimization policy as described in the following table. Adaptive Data Streamlining Modes In this panel. Specify the receive buffer size used to receive data from the WAN. uses more CPU) from the drop-down list. The default value is 262140.Optimization Policy Settings Policy Parameters and Settings Control WAN Default Send Buffer Size WAN Default Receive Buffer Size Description Specify the send buffer size used to send data out of the WAN. Specifies the SDR-adaptive streamlining mode. Riverbed recommends setting the compression level to 1 in high-throughput environments such as data center to data center replication. First In First Out. Specifies the SDR-M streamlining mode. a lower number provides faster throughput and slightly less data reduction. Generally. SDR-M CPU Settings In this panel. • Riverbed LRU. specify the segment replacement policy as described in the following table Control Data Store Segment Replacement Policy Description Select one of the following options: • FIFO. CPU. The default value is 1. Used to dynamically use the resources (disk. uses less CPU) through 9 (maximum compression. memory) as best possible while providing maximum performance in the system. Riverbed proprietary LRU. but prevents the Steelhead appliance from going to disk to read or write segments and performs reductions entirely in memory. Data Store In this panel. Steelhead Central Management Console User’s Guide 239 . The default value is 262140. Select a data store compression value of 1 (minimum compression.

By default. 240 Steelhead Central Management Console User’s Guide . The CIFS page contains the following groups of settings: “Settings. thereby maximizing throughput by keeping all CPUs busy. Most applications operate safely with write optimization because CIFS allows you to explicitly specify write-through on each write operation. Improves end-to-end throughput over the LAN by maximizing the WAN throughput. this setting is disabled.” next “Overlapping Open Optimization (Advanced)” on page 242 “SMB Settings” on page 243 Settings In this panel. This is the default setting. this setting is disabled. you can select the CIFS options for an optimization policy. By default. Core balancing is useful when handling a small number of high-throughput connections (approximately 25 or less). If you disable write optimization. Disable Write Optimization Disables write optimization. The Steelhead appliance does not acknowledge the file close until the file is safely written. Disable write optimization only if you have applications that assume and require write-through in the network. Multi-Core Balancing Pt Protocols CIFS You can display and modify CIFS optimization feature settings for the selected optimization policy in the CIFS page. If you do not disable write-through. if you have an application that does not support explicit write-through operations. Enables multi-core balancing which ensures better distribution of workload across all CPUs. but you might experience a slight decrease in overall optimization. the Steelhead appliance still provides optimization for CIFS reads and for other protocols. you must disable it in the Steelhead appliance. the Steelhead appliance acknowledges writes before they are fully committed to disk.Policy Parameters and Settings Optimization Policy Settings Setting Adaptive Compression Description Detects LZ data compression performance for a connection dynamically and turns it off (sets the compression level to 0) momentarily if it is not achieving optimal results. you disable latency optimization to troubleshoot problems with the system. Typically. Important: Latency optimization must be enabled (or disabled) on both Steelhead appliances. as described in the following table. Control Enable Latency Optimization Description Enables latency optimization. to speed up the write operation. However. Only clear this check box if you want to disable latency optimization.

x Enable SMB Signing feature. Because many enterprises already take additional security precautions (such as firewalls. Enable SMBv1 Backward Compatibility Steelhead Central Management Console User’s Guide 241 . This feature enables SMBv1 for Vista-to-Vista and Vista-Windows Server 2008 CIFS connections instead of SMBv2 (similar to Vista-to-pre-Vista CIFS connections). While the Steelhead appliances are fully compatible with the SMBv2 included in Vista. • If the server-side machine has Required signing. and so forth). Important: If your deployment requires SMB signing.Optimization Policy Settings Policy Parameters and Settings Control Optimize Connections with Security Signatures (that do not require signing) Description Prevents Windows SMB signing. see the Steelhead Appliance Installation and Configuration Guide. they deliver the best performance using SMBv1. it does not have a negative effect under normal network conditions. it is activated only when there are sub-optimal conditions on the server-side causing a backlog of write messages. consider the following factors: • If the client-side machine has Required signing. SMB signing adds little additional security. you can optimize signed CIFS messages using the RiOS v5. Before you enable this feature. Domain controllers default to Required. at a significant performance cost (even without Steelhead appliances). internal-only reachable servers. Steelhead appliances perform only SDR optimization without improving CIFS latency. For detailed information about SMB signing and the performance cost associated with it. Important: You must restart the client Steelhead service after enabling the SMBv1 Backward Compatibility Mode. This is the default setting. SMB signing prevents the Steelhead appliance from applying full optimization on CIFS connections and significantly reduces the performance gain from a Steelhead deployment. Select to perform latency and SDR optimizations on SMB traffic on the client-side Steelhead appliance. Enable Dynamic Write Throttling Enables CIFS dynamic throttling mechanism which replaces the current static buffer scheme. This feature automatically stops Windows SMB signing. enabling this feature prevents the client from connecting to the server. If you enable CIFS dynamic throttling. the client and the server connect but you cannot perform full latency optimization with the Steelhead appliance. Improves SMB optimization for Windows Vista users.5. Without this feature.

This feature enhances the Enable Overlapping Open Optimization feature by identifying and obtaining locks on read write access at the application level. Enable Print Optimization Improves centralized print traffic performance. the Steelhead appliance does not perform application level latency optimizations but still performs SDR and compression on the data as well as TCP optimizations. Note: This feature does not improve optimization for a Windows Vista client printing over a Windows 2008 server.Policy Parameters and Settings Optimization Policy Settings Control Enable Applock Optimization Description Enables CIFS latency optimizations to improve read and write performance for Microsoft Word and Excel documents when multiple users have the file open. Note: If a remote user opens a file that is optimized using the overlapping opens feature and a second user opens the same file. Specify a list of extensions you do not want to include. when locks are granted). Vista (client).5 or later. The client-side Steelhead appliance must be running RiOS v5. For example. this setting is disabled. you can enable overlapping open optimization for an optimization policy. Enable this setting on the client-side Steelhead appliance. The overlapping open optimization feature handles locks at the file level.x or later Steelhead appliance or if it does not go through a Steelhead appliance (for example. Both the client and server-side Steelhead appliance must be running RiOS v6. you should specify any file extensions that Enable Applock Optimization is being used for. Control Enable Overlapping Open Optimization Description Enables overlapping opens to obtain better performance with applications that perform multiple opens on the same file (for example. 242 Steelhead Central Management Console User’s Guide . Note: Enable the applock optimization feature on the client-side Steelhead appliance. If this occurs. By default. Click Apply to apply your settings. and Windows 2008 (server). you should disable overlapping opens for those applications. By default. CAD applications).x. Use the radio buttons to set either an include list or exclude list of file types subject to overlapping opens optimization Optimize only the following extensions (comma separated) Optimize all except the following extensions (comma separated) Apply Specify a list of extensions you want to include in overlapping opens optimization. Overlapping Open Optimization (Advanced) In this panel. certain applications that are sent over the LAN). By default. Windows 2003 (server). This option supports Windows XP (client). when the print server is located in the data center and the printer is located in the branch office. they might receive an error if the file fails to go through a v3. enabling this option speeds the transfer of a print job spooled across the WAN to the server and back again to the printer. for example. this setting is disabled.0. as described in the following table. When an oplock is not available. because this client and server pair uses a different print protocol. this setting is disabled. With overlapping opens enabled the Steelhead appliance optimizes data where exclusive access is available (in other words. Enabling this option requires an optimization service restart.

CIFS prepopulation enables you to warm Steelhead appliances with data from a CIFS share. Control Enable SMB Signing Description Enables CIFS traffic optimization in transparent mode by providing bandwidth optimizations (SDR and LZ). and CIFS latency optimizations even when the CIFS messages are signed. a message tells you that the Steelhead appliance must join a domain before it can support SMB signing. Sets date (YYYY/MM/DD) and time (HH:MM:SS) for synchronizing the Steelhead appliance with the server. Steelhead Central Management Console User’s Guide 243 . delegation mode is enabled by default. • Delegation Mode. Days. Confirm the password. Displays the controls for adding a new prepopulation CIFS share. Enables SMB signed packets with transparent authentication. Click to enable the following synchronization options: • Sync Schedule Date. this setting is disabled. • Sync Interval. Click to enable the Steelhead appliance to listen for updates on the listed CIFS shares. SMB Mode Select one of the following SMB signing modes from the drop-down list: • Transparent Mode. Specify the path to the CIFS share. however. Specify the account number on the CIFS share. you configure the settings as described in the following table. Set the password for accessing the CIFS share. This is the default setting in RiOS v6. or Disabled from the drop-down list. By default. Control Enable Prepopulation Enable Transparent Prepopulation Support Add a New Prepopulation Share Remote Path Account Password Password Confirm Synchronization Enable Description Click to prepopulate the Steelhead appliance with data from the listed CIFS shares. Note: If you switch between transparent and delegation modes you must restart the optimization service. Apply Click Apply to apply your settings. Use this mode if you have previously enabled SMB Signing with RiOS v5.5 and have since upgraded to v6. Hours.x. You must enable this feature on the serverside Steelhead appliance. Set number and select Minutes. Note: If you enable this feature without first joining a Windows Domain. Transparent mode eliminates the need to define delegation trust. Protocols CIFS Prepopulation You can display and modify CIFS prepopulation feature settings for the selected optimization policy in the CIFS Prepopulation page. Enables SMB signed packets with delegate user authentication.0. Time.Optimization Policy Settings Policy Parameters and Settings SMB Settings In this panel.0.5. if you enabled SMB signing in RiOS v5. TCP optimizations.

separated by commas. any qualified If-Modified-Since (IMS) request or regular request from the client receives an HTTP 304 response. and .gif. During this lifetime. The HTTP page contains the following groups of settings: “Settings.css object extensions. Minimum Object Prefetch Table Time Maximum Object Prefetch Table Time Specify this option to set the maximum number of seconds the objects are stored in the local object prefetch table. By default the Steelhead appliance stores . as described in the following table.400 seconds. which prefetches and stores objects embedded in Web pages to improve HTTP traffic performance. separated by commas. any qualified If-Modified-Since (IMS) request or regular request from the client receives an HTTP 304 response.jpg. include a comment that describes the share configuration.jpg. Adds the new CIFS share configuration to the policy definition. By default.Policy Parameters and Settings Optimization Policy Settings Control Comment Add Remove Selected Description Optionally. Note: These extensions are only for objects stored in the object prefetch table and do not affect other prefetch types. Control Enable HTTP Optimization Description Enables HTTP acceleration. . see the Steelhead Management Console User’s Guide. Specify this option to set the minimum number of seconds the objects are stored in the local object prefetch table. During this lifetime. This setting specifies the maximum lifetime of the stored object. Note: These extensions are only for URL Learning and do not affect other prefetch types. indicating that the resource for the requested object has not changed since stored. and .js. you can set general HTTP settings for an optimization policy. HTTP optimization is enabled. The default is 60 seconds. .css object extensions. Click the check box next to the name of the CIFS share configuration and click Remove Selected. . This setting specifies the minimum lifetime of the stored object. . 244 Steelhead Central Management Console User’s Guide .” next “HTML Tags to Prefetch” on page 245 “Server Subnet Setting” on page 246 Settings In this panel.png. The default is 86.js.png.gif. Object Prefetch Table Extensions Specify the object extensions to store. indicating that the resource for the requested object has not changed since stored. Protocols HTTP For details on HTTP optimization. . Extensions to Prefetch Specify object extensions to prefetch. By default the Steelhead appliance prefetches . .

Specify the tag attribute.Optimization Policy Settings Policy Parameters and Settings HTML Tags to Prefetch In this panel. you can verify whether changes have had the desired effect by reviewing related reports. see “Managing Configuration Files” on page 88. After you apply your settings. Control Add a Prefetch Tag Tag Name Attribute Add Description Displays the controls to add an HTML tag. Adds the tag. For details on saving configurations. When you have verified appropriate changes. you can specify HTML tags for prefetching for an optimization policy. Specify the tag name. Note: These tags are for Parse and Prefetch only and do not affect other prefetch types. you can write the active configuration that is stored in memory to the active configuration file (or Save As any filename you choose). as described in the following table. Steelhead Central Management Console User’s Guide 245 .

246 Steelhead Central Management Console User’s Guide . the client Steelhead appliance inserts one so that it can track requests from the same client. By default. you can force the use of cookies using the Add Cookie option and force the use of persistent connections using the Insert Keep Alive option.XXX. Enabling this option improves the performance of the Steelhead appliance data reduction algorithms. An accept-encoding directive compresses content rather than using raw HTML. the Steelhead appliance serves the request from the prefetched results.0 (with no keepalives). If the application does not use cookies. this setting is disabled. Your system must support cookies and persistent connections to benefit from URL Learning.1 applications using the Connection Close method. Description Displays the controls for adding a server subnet. By default. If an HTTP application does not use cookies. Specify an IP address and mask pattern for the server subnet on which to set up the HTTP optimization scheme.Policy Parameters and Settings Optimization Policy Settings Server Subnet Setting In this panel. Adds a cookie to HTTP applications that do not already have one. or is using HTTP v1. which parses the base HTML page received from the server and prefetches any embedded objects to the client-side Steelhead appliance. style sheets. Control Add a Server Subnet Server Subnet Basic Tuning Strip Compression Removes the accept-encoding lines from the HTTP compression header. Uses the same TCP connection to send and receive multiple HTTP requests and responses. Use the format: XXX. you can manage HTTP server subnet configurations for an optimization policy. HTTP applications frequently use cookies to keep track of sessions. Parse and Prefetch Enables Parse and Prefetch. The Steelhead appliance uses cookies to distinguish one user session from another. you can insert one using the Insert Cookie option. By default. eliminating the round-trip delay to the server. or any Java scripts associated with the base page and located on the same host as the base URL. URL Learning works best with non-dynamic content that does not contain session-specific information. If your system has cookies turned off and depends on URL rewriting for HTTP state management. as opposed to opening a new one for every single request and response. URL Learning is enabled by default. Specify this option when using the URL Learning or Parse and Prefetch features with HTTP v1.XXX/XX Insert Cookie Insert Keep Alive Prefetch Schemes URL Learning Enables URL Learning. Parse and Prefetch requires cookies.XXX. The server must support keepalive. which learns associations between a base URL request and a follow-on request. When the browser requests an embedded object. This option fetches the URLs embedded in style sheets or any JavaScript associated with the base page and located on the same host as the base URL. The prefetched objects contained in the base HTML page can be images. This option complements URL Learning by handling dynamically generated pages and URLs that include state information. strip compression is enabled. as described in the following table. this setting is disabled.0 or HTTP v1. Stores information about which URLs have been requested and which URLs have generated a 200 OK response from the server.

Riverbed recommends enabling Strip Auth Header along with this option. forces NTLM. This option is most effective when the Web server is configured to use perconnection NTLM authentication or per-object Kerberos authentication. This option is most effective when the Web server is configured to use perconnection NTLM authentication. Riverbed recommends enabling Strip Auth Header along with this option. enabling this option might cause additional delay. enabling this option might cause authentication failure. use the drop-down lists to modify configuration settings as described above. Add Adds the subnet. Steelhead Central Management Console User’s Guide 247 . This works around Internet Explorer behavior that re-authorizes connections that have previously been authorized. in the table row for the configuration. Strip Auth Header Removes all credentials from the request on an already authenticated connection. static images. Important: If the Web server is configured to use per-object Kerberos authentication or per-connection NTLM authentication. cutting back on round trips across the WAN.Optimization Policy Settings Policy Parameters and Settings Control Object Prefetch Table Description Enables the Object Prefetch Table. which stores HTTP object prefetches from HTTP GET requests for cascading style sheets. Kerberos is less efficient over the WAN because the client must contact the Domain Controller to answer the server authentication challenge and tends to be employed on a per-object basis. as long as the connection belongs to a session whose base connection is already authenticated. Tip: To modify subnet configuration properties. the client-side Steelhead appliance responds to these IMS checks and HTTP requests. Authentication Tuning Reuse Auth Allows an unauthenticated connection to serve prefetched objects. Protocols Oracle Forms You can configure Oracle Forms support for the selected optimization policy in the Oracle Forms page. Important: If the Web server is configured to use per-connection Kerberos authentication. Force NTLM In the case of negotiated Kerberos and NTLM authentication. When the browser performs If-Modified-Since (IMS) checks for cached content or sends regular HTTP requests. and Java scripts in the Object Prefetch Table. Gratuitous 401 Prevents a WAN round trip by issuing the first 401 containing the realm choices from the client-side Steelhead appliance. This option is most effective when the Web server is configured to use perconnection NTLM or Kerberos authentication.

0.11. also known as socket mode. you must restart the Steelhead service. Enable HTTP Mode Note: If you change the Oracle Forms setting. All internal messaging between the forms server and the Java client is encapsulated in HTTP packets.native mode.Policy Parameters and Settings Optimization Policy Settings For details on the Oracle Forms feature.HTTP mode Preoptimization Policy Optimization Policy Latency Optimization Policy Neural Framing Mode Apply Oracle Forms or Oracle Forms over SSL Normal Normal Always Applies your settings to the running configuration. The rule must have the following properties. see “Starting. In RiOS v6. Stopping. 10. for example. You must also click the Enable Oracle Forms Optimization check box to enable HTTP mode. Oracle Forms native mode optimization is enabled by default. Property Type Destination Subnet/Port Value Auto-discover or Fixed-target Specify the server IP address (for example. or Restarting Appliances and Appliance Groups” on page 123.41. using the default forms server 8000 . 248 Steelhead Central Management Console User’s Guide . If you have not already done so. if your network users do not use Oracle applications. HTTP mode is enabled by default. Enables Oracle Forms optimization in HTTP mode. and a port number: 9000 . add an in-path rule for Oracle Forms traffic. Disable this option only to turn off Oracle Forms optimization. Control Enable Oracle Forms Optimization Description Enables Oracle Forms optimization in native mode.14/32). see the Steelhead Management Console User’s Guide. For details.

if you are experiencing problems with Outlook clients connecting with Exchange. Steelhead Central Management Console User’s Guide 249 . For details on the MAPI optimization. you do not need to modify the default value. If you have changed the MEISI port in your Exchange Server environment. low levels. NSPI optimization is disabled. Enable MAPI Exchange 2007 Acceleration Enables native MAPI 2007 acceleration. 7830. Enabling this option helps keep connection counts at sustained. in-path rules that specify the following ports on the clientside Steelhead appliance: the Microsoft end-point mapper port: 135.microsoft. see the Microsoft Exchange Information Store Interface at: https://support. Typically. Enables MAPI 2003 acceleration. Enable this feature to perform latency optimization for the connection when using the Exchange 2000 Server or when the client is not using Cached Exchange mode. you must define fixed-target. thereby increasing optimization. Note: For out-of-path deployments. this option is enabled. you can disable MAPI latency acceleration (while continuing to optimize with SDR for MAPI).com/kb/270836/en-us Enable MAPI NSPI Enables MAPI Name Service Provider Interface (NSPI) optimization. see the Steelhead Management Console User’s Guide. By default. MAPI optimization is enabled. change port 7830 to the static port number you have configured in your Exchange environment. Sharing calendars between Outlook 2007 and Exchange 2007 increases the number of connections (anywhere from 1 to 2 extra connections per each user sharing calendars).Optimization Policy Settings Policy Parameters and Settings Protocols MAPI You can display and modify MAPI optimization settings for the selected optimization policy on the MAPI page. For further information about changing (MEISI) ports. NSPI is the address book subcomponent of the Exchange protocol. This feature increases optimization of traffic between Exchange 2003 and Outlook 2003. For example. NSPI Port Enable MAPI Exchange 2003 Acceleration Specify the NSPI port. By default. the Steelhead appliance port for Exchange Directory NSPI traffic: 7840. By default. The connections are persistent and remain even when users are not actively checking other user’s calendars. Control Enable MAPI Optimization Description Enables MAPI optimization. If you have Outlook 2007 and Exchange 2003 or 2007 in your environment. this option increases optimization of traffic between Exchange and Outlook 2007. The default value is 7840. Exchange Port Specify the MAPI Exchange port for optimization. to optimize MAPI Exchange 2003. this option is enabled. the Steelhead appliance port for Exchange traffic: 7830. you disable MAPI optimization to troubleshoot problems with the system. Typically. Only clear this check box to disable MAPI optimization. By default.

In RiOS v6. Both the server-side and client-side Steelhead appliances must be running RiOS v6. a delegation account might already be in place for CIFS SMB Signing. By default. Note: Both the server-side and client-side Steelhead appliances must be running RiOS v5. Note: CIFS SMB Signing and Encrypted MAPI optimization share the delegate user account. Make sure that both Enable MAPI Exchange 2003 Acceleration and Enable MAPI Exchange 20073 Acceleration are enabled.0. Restart the service on all Steelhead appliances that have this option enabled. choose Configure > Optimization > Windows Domain Authentication. this option is disabled. Transparent mode supports all Windows servers.x or later. this setting is enabled with encrypted MAPI optimization. 5. To configure delegation mode. wherein users are joined to a different domain from the filer being accessed. In RiOS v6. MAPI Exchange 2007 acceleration remains in effect for unencrypted connections. The basic steps to enable encrypted optimization are: 1. Delegation mode requires additional configuration. Both options are enabled by default. Note: When this option is enabled and Enable MAPI Exchange 2007 Acceleration is disabled on either Steelhead appliance.Policy Parameters and Settings Optimization Policy Settings Control Enable Encrypted Optimization Description Enables encrypted MAPI RPC traffic optimization between Outlook and Exchange.5. 250 Steelhead Central Management Console User’s Guide .1.1. Delegation Mode Provides encrypted MAPI optimization using the Kerberos delegation facility. Use the default Transparent mode for all other clients. 4. Verify that Outlook is encrypting traffic. delegation mode includes support for trusted domains. Transparent Mode Provides encrypted MAPI with transparent NTLM authentication. including Windows 2008 R2 (assuming they are not in domains with NTLM disabled). Transparent mode does not support Windows 7 clients or Windows 2008 R2 domains with NTLM disabled. Select this mode if you are encrypting MAPI traffic for Windows 7 or earlier client versions. If you enable delegation mode for both features. Enable this option on all Steelhead appliances involved in optimizing MAPI encrypted traffic. the delegate user account must have delegation privileges for both features as well. 6. wherein users are joined to a different domain from the filer being accessed.1. Go to Configure > Networking > Windows Domain and join the server-side Steelhead appliance to the same Windows Domain that the Exchange server belongs to and operates as a member server. If you are upgrading from RiOS v6. 3. Windows 7 MAPI clients must use Delegation mode. 2. By default. Windows 7 clients must use Delegation mode. transparent mode includes support for trusted domains.

This feature is enabled by default.Optimization Policy Settings Policy Parameters and Settings Control Enable Transparent Prepopulation Description Enables MAPI transparent prepopulation. MS-SQL Prefetch Fetch-Next Enables prefetching requests to request the next row in MS Project. The remote Steelhead appliance uses these virtual connections to pull mail data from the Exchange server over the WAN link. the virtual MAPI connections are triggered. When a user logs in to their MAPI client. the virtual MAPI connection is terminated. Control Enable MS-SQL Optimization Description Increases optimization for Microsoft Project. The default value varies by model. Specify the number of hours after which to time-out virtual MAPI connections. If you are interested in enabling the MS-SQL feature for other database applications. Poll Interval (minutes) Sets the number of minutes you want the appliance to check the Exchange server for newly-arrived email for each of its virtual connections. Time-out prevents a build up of stale or unused virtual connections over time. The default value is 20. The default value is 96. You must configure the maximum connections on both the client and serverside of the network. For details on the MS-SQL feature. Steelhead Central Management Console User’s Guide 251 . Transparent prepopulation creates virtual MAPI connections to the Exchange server for Outlook clients that are offline. The server-side Steelhead appliance prefetches sequential row results and the client-side Steelhead appliance caches them. Transparent prepopulation provides a mechanism for sustaining Microsoft Exchange MAPI connections between the client and server even after the Outlook client has shut down. When the remote Steelhead appliance detects that an Outlook client has shut down. When this threshold is reached. This allows mail data to be delivered between the Exchange server and the client-side Steelhead appliance while the Outlook client is offline or inactive. When a user logs into their Outlook client. Max Connections Specify the maximum number of virtual MAPI connections to the Exchange server for Outlook clients that have shut down. see the Steelhead Management Console User’s Guide. Setting the maximum connections limits the aggregate load on all Exchange servers through the configured Steelhead appliance. the mail data is already prepopulated on the client-side Steelhead appliance. but you must define SQL rules to obtain maximum optimization. for example. on a 5520 the default is 3750. The MS-SQL feature also optimizes other database applications. The time-out is enforced on a per-connection basis. the mail has already been seen by the client-side Steelhead appliance and is retrieved with LAN-like performance. This accelerates the first access of the client’s e-mail. Time Out (hours) Protocols MS-SQL You can configure MS-SQL support in the MS-SQL page. Enable this feature to allow email data to be delivered between the Exchange server and the client-side Steelhead appliance while the Outlook client is offline. contact Riverbed Professional Services.

Specify a comma-separated list of port numbers for MS-SQL servers. see the Steelhead Management Console User’s Guide. For details on the NFS optimization. When triggered.” next “Override NFS Protocol Settings” on page 253 Settings In this panel. NFS v2 and v4 Alarms 252 Steelhead Central Management Console User’s Guide . The default value is 30. Enables alarm notification when NFS v2 and NFS v4 traffic is detected. 1433 is optimized. Control Enable NFS Optimization Description Enables NFS optimization. as described in the following table. Protocols NFS You can display and modify NFS optimization settings for the selected optimization policy on the NFS page.Policy Parameters and Settings Optimization Policy Settings Control Max Number of PreAcknowledgements MS-SQL Ports Description Specify the number of requests to pre-acknowledge before waiting for a server response to be returned. you can display and modify NFS protocol settings for an optimization policy. By default. this feature is enabled. The NFS page contains the following groups of settings: “Settings. the alarm provides a link to this page and a button to reset the alarm. if you specify other ports they are optimized instead. You enable NFS optimization where NFS performance over the WAN is impacted by a high-latency environment. By default.

Complete the configuration as above. The default server policy is used to configure any connection to a server which does not have a policy. Tip: To modify server properties. Control Add a New NFS Server Server Name Server IP Addresses Add Remove Selected Description Displays the controls to add an NFS server configuration. Specify the IP addresses of the servers. Specifies a policy that provides data consistency rather than performance. Adds the configuration to the NFS Servers list. Specifies a custom policy for the NFS server. as described in the following table. separated by commas. Specifies that the clients can read the data from the NFS server or volume but cannot make changes. Specify the name of the server. All of the data can be accessed from any client. Override NFS Protocol Settings In this panel. The default volume policy is used to configure a volume that does not have a policy. Specifies a custom policy for the NFS volume. including LAN-based NFS clients (which do not go through the Steelhead appliances) and clients using other file protocols such as CIFS. All of the data can be accessed from any client. Specifies that the clients can read the data from the NFS server or volume but cannot make changes. • Custom. This is the default configuration. Specifies a policy that provides data consistency rather than performance. Steelhead Central Management Console User’s Guide 253 . This option severely restricts the optimization that can be applied without introducing consistency problems. in the table row for the server. This is the default configuration.Optimization Policy Settings Policy Parameters and Settings Control Default Server Policy Description Select one of the following server policies for NFS servers: • Global Read-Write. • Read-only. • Custom. This option severely restricts the optimization that can be applied without introducing consistency problems. and click Add Server. Click the check box next to the name and click Remove Selected. • Read-only. you can manage NFS server configurations for an optimization policy. click the NFS Server Name to display controls you can use to modify server properties. Default Volume Policy Select one of the following volume policies for NFS volumes: • Global Read-Write. including LAN-based NFS clients (which do not go through the Steelhead appliances) and clients using other file protocols such as CIFS.

Specify the Lotus Notes port for optimization. see the Steelhead Management Console User’s Guide. including LAN-based NFS clients (which do not go through the Steelhead appliances) and clients using other file protocols such as CIFS. This is the default configuration. you can edit override NFS server configurations for an optimization policy. 254 Steelhead Central Management Console User’s Guide .Policy Parameters and Settings Optimization Policy Settings Editing Override NFS Protocol Settings In this panel. as described in the following table. • Custom. Specifies that the clients can read the data from the NFS server or volume but cannot make changes. This option severely restricts the optimizations that can be applied without introducing consistency problems. This is the default configuration. Specifies that the clients can read the data from the NFS server or volume but cannot make changes. For more detail. Specifies a policy that provides a trade-off of performance for data consistency. separated by commas. Specifies a custom policy for the NFS volume. • Custom. All of the data can be accessed from any client. Specifies a policy that provides a trade-off of performance for data consistency. Default Volume Click the check box to enable the current volume as default. Specifies a custom policy for the NFS server. Protocols Citrix ICA You can display and modify Citrix ICA optimization settings for the selected optimization policy on the Protocols Citrix ICA page. Lotus Notes optimization is disabled. and click Add Server. This option severely restricts the optimizations that can be applied without introducing consistency problems. By default. Control Enable Lotus Notes Optimization Lotus Notes Port Description Enables Lotus Notes optimization. Control Server IP Addresses Default Server Policy Description Specify the IP address of the servers. Protocols Lotus Notes You can display and modify Lotus Notes optimization settings for the selected optimization policy on the Lotus Notes page. • Read-only. • Read-only. Select one of the following server policies: • Global Read-Write. including LAN-based NFS clients (which do not go through the Steelhead appliances) and clients using other file protocols like CIFS. All of the data can be accessed from any client. Default Volume Policy Select one of the following volume policies: • Global Read-Write.

Steelhead Central Management Console User’s Guide 255 . In this panel. For more detail. Control Add a New User Active Directory Domain Name Username Password Password Confirm Description Displays the controls to add a new user. Citrix ICA optimization is disabled.Optimization Policy Settings Policy Parameters and Settings Control Enable Citrix ICA Optimization ICA Port Session Reliability (CGP) Port Description Enables Citrix ICA optimization. you can edit server rules as described in the following table. In this panel. Click Apply to apply your settings to the running configuration. Apply Applies your settings. By default. Confirm the password. SSL Main Settings You can display and modify SSL Main optimization settings for the selected optimization policy on the SSL Main Settings page. Specify the active directory domain name. Auto Delegation Mode Select this option for auto delegation. CGP uses the session reliability port to keep the session window open even if there is an interruption on the network connection to the server. • Allow delegated authentication to all servers except the following (Delegate-All-Except). By default. see the Steelhead Management Console User’s Guide. Apply Windows Domain Auth You can display and modify Windows domain auth optimization settings for the selected optimization policy on the Windows Domain Auth page. For more detail. • Allow delegated authentication to all servers except the following (Delegate-All-Except). Specify the port on the Presentation Server for inbound traffic. • Allow delegated authentication to these servers (Delegate-Only). Specify the port number for Common Gateway Protocol (CGP) connections. Specify the user name. Control Manual Delegation Mode Description Select this option for manual delegation. you can delegate account configuration as described in the following table. see the Steelhead Management Console User’s Guide. this setting is 2598. The default port is 1494. Specify the password.

You can choose to enable SSL optimization only on certain sessions (based on source and destination addresses. Local File. internal.nbttech.nbttech. which accelerates applications that use SSL to encrypt traffic.com. Browse to the local file.com. all three server configurations may use the same certificate name *. Specify the decryption password. on the server-side Steelhead appliance. The page expands displaying Private Key and CA-Signed Public Certificate controls for browsing to the key and certificate files or text boxes for copying and pasting the keys and certificates. and ports).nbttech. Specify a name for the proxy certificate (required when generating a certificate. The private key is required regardless of whether you are adding or updating.nbttech. Specify the decryption password.com. leave blank when importing a certificate). Decryption Password. By default. if necessary. Click this option to generate a new private key and self-signed public certificate. Cipher. Specify the city. *. Add a New SSL Certificate Name Import Existing Private Key and CA-Signed Public Certificate (One File in PEM or PKCS12 formats) Import Single File Local File. you can use wildcards in the name. Browse to the local file. Click this option if the existing private key and CA-signed certificate are located in one file. Imports the key and certificate. and marketingweb. The page expands displaying Private Key and CA-Signed Public Certificate controls for browsing to the key and certificate files or a text box for copying and pasting the key and certificate. Organization Name Organization Unit Name Locality 256 Steelhead Central Management Console User’s Guide . for example.com. Displays the controls to add a new server certificate. Browse to the local file. the section or department). the company). Server List Import Existing Private Key and CA-Signed Public Certificate (Two Files in PEM or DER formats) Enter the server list in the text box. Text. Cipher Bits. Paste the contents of the file Decryption Password. To facilitate configuration.Policy Parameters and Settings Optimization Policy Settings Control Enable SSL Optimization Description Enables SSL optimization. Specify the organization unit name (for example. if necessary. Paste the contents of the file. If you have three origin servers using different certificates such as webmail. Specify the organization name (for example. subnets. Select the key length from the drop-down list.com.nbttech. Enter the server list in the text box. or on no SSL sessions at all. Click this option if the existing private key and CA-signed certificate are located in two files. Key Text. An SSL session that is not optimized simply passes through the Steelhead appliance unmodified. Imports the key and certificate. this option is disabled. Import Private Key Import Public Certificate Server List Generate New Private Key and Self-Signed Public Certificate Private Key Local File. Common Name Specify the common name of a certificate. or on all SSL sessions. Select the key length from the drop-down list.

Enter the server list in the text box. For details on SSL.Optimization Policy Settings Policy Parameters and Settings Control State Country Email Address Validity Period Server List Add Description Specify the state. Specify the country Specify the email address of the contact person. Specify how many days the certificate is valid.” next “Trusted Peer Certificates” on page 259 “Mobile Trust” on page 259 “Trusted Peers” on page 259 Steelhead Central Management Console User’s Guide 257 . SSL Peering You configure SSL peers for the selected optimization policy in the SSL Peering page. see the Steelhead Management Console User’s Guide. Adds the server certificate. The SSL Peering page contains the following groups of settings: “SSL Secure Peering Settings.

it will not optimize the connection when a secure channel is unavailable.x or earlier and a server-side Steelhead running RiOS v6. as doing so specifies that you strictly do not want traffic optimized between non-secure Steelhead.5.0. • SSL and Secure Protocols. you can manage SSL secure peering for an optimization policy. Enabling this option requires an optimization service restart. pass-through traffic is not. Enabling this option requires an optimization service restart. This option applies only to non-SSL traffic and is unavailable when you select SSL Only as the traffic type. When this setting is disabled on the server-side Steelhead and All is selected as the traffic type. Fallback to No Encryption Specifies that the Steelhead appliance optimizes but does not encrypt the connection when it is unable to negotiate a secure. Clear the check box to pass through connections that do not have a secure encrypted inner channel connection with the peer. and encrypted MAPI. Use caution when disabling this setting. The peer client-side Steelhead appliance and the server side Steelhead appliance authenticate each other and then encrypt and optimize all traffic. consider a configuration with a client-side Steelhead running RiOS v5. The peer client-side Steelhead appliance and the server-side Steelhead appliance authenticate each other and then encrypt and optimize all SSL traffic. configurations with this setting disabled risk the possibility of dropped connections. Control Traffic Type Description Select one of the following traffic types from the drop-down list: • SSL Only. This is the default setting. encrypted inner channel connection with the peer. 258 Steelhead Central Management Console User’s Guide . Important: Riverbed strongly recommends enabling this setting on both the client-side and the server-side Steelhead appliances. for example. SMBsigned. Only the optimized traffic is secure. For example. • All. This is the default setting. The peer client-side Steelhead appliance and the server-side Steelhead appliance authenticate each other and then encrypt and optimize all traffic traveling over the following secure protocols: SSL.0 and the other Steelhead is running an earlier RiOS version. HTTPS traffic on port 443. as described in the following table. especially in mixed deployments where one Steelhead appliance is running RiOS v6. Consequently. Enabling this option requires an optimization service restart.Policy Parameters and Settings Optimization Policy Settings SSL Secure Peering Settings In this panel. SMBsigning and MAPI encryption must be enabled. and might drop it. When you select this traffic type.

Paste the content of the certificate text file into the text box. Optionally. Browse to the local file. Adds the trusted entity (or peer) to the trusted peers list. Control Trust Selected Peers Trust All Peers Update Description Specify this option to trust only SSL-capable or disconnected appliances. you can choose trust options for an optimization policy. as described in the following table. Control Add a New Trusted Entity Trust Existing CA Trust New Certificate Optional Local Name Local File Cert Text Add Remove Selected Description Displays the controls for adding trusted entities. Mobile Trust In this panel. Browse to the local file. Click the check box next to the name and click Remove Selected. you can manage mobile trust for an optimization policy. The Steelhead appliance supports RSA and DSA for peering trust entities. Optionally. specify a local name for the entity (for example. Adds a new CA or peer certificate. as described in the following table. Paste the content of the certificate text file into the text box. Updates the policy to reflect the new settings. Control Add a New Mobile Entity Optional Local Name Local File Cert Text Add Description Displays the controls for adding a trusted Steelhead Mobile Controller entity. Select an existing CA from the drop-down list. Trusted Peers In this panel. the fully qualified domain name). Adds the trusted entity (or peer) to the trusted peers list. Steelhead Central Management Console User’s Guide 259 . Specify this option trust all peers. you can manage trusted entities for an optimization policy.Optimization Policy Settings Policy Parameters and Settings Trusted Peer Certificates In this panel. specify a local name for the entity (for example. the fully qualified domain name).

By default. this option is disabled. It updates the chain containing the intermediate certificates and the root certificate in the client context. For details on SSL.Policy Parameters and Settings Optimization Policy Settings Certificate Authorities In this panel. 260 Steelhead Central Management Console User’s Guide . Control Enable SSL Server Certificate Chain Discovery Description Synchronizes the chain certificate configuration on the server-side Steelhead appliance with the chain certificate configuration on the back-end server. Specify the local name. The SSL Advanced Settings page contains the following groups of settings: “Chain Discovery. Control Add a New Certificate Authority Description Optional Local Name. Add Adds the certificate authority SSL Advanced Settings You configure SSL advanced settings for the selected optimization policy in the SSL Advanced Settings page. Enable this option when you replace an existing chain certificate on the back-end server with a new chain to ensure that the certificate chain remains in sync on both the server-side Steelhead appliance and the back-end server. you can choose chain discovery settings for an optimization policy. you can choose certificate authorities for an optimization policy. The synchronization occurs after a handshake fails between the client-side and server-side Steelhead appliance. Cert Text. Browse to the local certificate authority file. Local File.” next “Steelhead Mobile Security Mode” on page 261 “Client Side Session Reuse” on page 261 “Peer Ciphers” on page 261 “Client Ciphers” on page 262 “Server Ciphers” on page 262 Chain Discovery In this panel. Note: This option never replaces the server certificate. Paste the certificate authority into the text box and click Add. see the Steelhead Management Console User’s Guide.

Enabling this option requires an optimization service restart. Click to allow Steelhead Mobile Clients to run in any SSL mode. Client Side Session Reuse In this panel. Select the cipher type for communicating with peers from the drop-down list. if used. You must specify at least one cipher for peers. Peer Ciphers In this panel. The default cipher setting is DEFAULT which represents a variety of high strength ciphers that allow for compatibility with many browsers and servers Insert Cipher At Hint Add Show Effective Overall Cipher List Select start. or the cipher number from the drop-down list. Steelhead Central Management Console User’s Guide 261 . The range is 6 minutes to 24 hours. The Hint text box displays information about the cipher. end. Control Enable Distributed SSL Termination Description Enable on a client-side Steelhead appliance to reuse the original session when the client reconnects to an SSL server. The default cipher. Both the client-side and server-side Steelheads must be configured to optimize SSL traffic. you can choose peer ciphers settings for an optimization policy. Displays the effective overall cipher list. you can choose Steelhead Mobile Security settings for an optimization policy. Reusing the session provides two benefits: it lessens the CPU load because it eliminates expensive asymmetric key operations and it shortens the key negotiation process by avoiding WAN roundtrips to the server. must be rule number 1. and servers for SSL to function properly. By default. Adds the cipher to the list. Control High Security Mode Mixed Security Mode Description Click to enforce the advanced SSL protocol on the Steelhead Mobile Clients for increased security (v5. clients. this option is disabled. you can choose client side session reuse settings for an optimization policy.5. Apply Applies the settings.Optimization Policy Settings Policy Parameters and Settings Steelhead Mobile Security Mode In this panel. The default value is 10 hours. Control Add a New Peer Cipher Cipher Description Displays the controls for adding a new peer cipher. Timeout Specify the amount of time the client can reuse a session with an SSL server after the initial connection ends.x or later).

Control Add a New Server Cipher Cipher Description Displays the controls for adding a new server cipher. The default cipher. The default cipher. The default cipher setting is DEFAULT which represents a variety of high strength ciphers that are compatible with many browsers and servers. Select the cipher type for communicating with clients from the drop-down list. must be rule number 1. clients. you can choose client cipher settings for an optimization policy. Adds the cipher to the list. The Secure Peering (IPSEC) page contains the following groups of settings: “General Settings. if used. and servers for SSL to function properly. if used. Insert Cipher At Hint Add Show Effective Overall Cipher List Select start. Displays the effective overall cipher list. Insert Cipher At Hint Add Show Effective Overall Cipher List Server Ciphers In this panel. The Hint text box displays information about the cipher. see the Steelhead Management Console User’s Guide. and servers for SSL to function properly. or a cipher number from the drop-down list. The default cipher setting is DEFAULT which represents a variety of high strength ciphers that allow for compatibility with many browsers and servers.” next “Secure Peers” on page 264 262 Steelhead Central Management Console User’s Guide . or a cipher number from the drop-down list.You must specify at least one cipher for peers.Policy Parameters and Settings Optimization Policy Settings Client Ciphers In this panel. Adds the cipher to the list. Secure Peering (IPSEC) You configure secure peering for the selected optimization policy in the Secure Peering (IPSEC) page. end. must be rule number 1. Select start. clients. For details on secure peering. The Hint text box displays information about the cipher. Select the cipher type for communicating with servers from the drop-down list. Control Add a New Client Cipher Cipher Description Displays the controls for adding a new client cipher. you can choose server cipher settings for an optimization policy. Displays the effective overall cipher list. You must specify at least one cipher for peers. end.

select an algorithm from the method 2 drop-down list to create a secondary policy for negotiating the authentication method to use between peers. you can choose general settings for an optimization policy. SHA-1 is considered to be the successor to MD5. When a Steelhead appliance has the valid Enhanced Cryptography License Key installed and an IPSec encryption level is set to 3DES or AES. Enables additional security by renegotiating keys at specified intervals. Appears when a valid Enhanced Cryptography License Key is installed on the appliance. The default value is 240 minutes. Provides the highest security. this option is enabled. Optionally. By default. but is both slower and less secure than AES. select an algorithm from the method 2. Note: Peer Steelhead appliances must both have a valid Enhanced Cryptography License Key installed to use 3DES. • 3DES. By default. 3. Appears when a valid Enhanced Cryptography License Key is installed on the appliance. this option is disabled. SHA-1. the peer Steelhead appliances use the secondary policy to negotiate authentication Time Between Key Renegotiations Specify the number of minutes between quick-mode renegotiation of keys using the Internet Key Exchange (IKE) protocol. Specifies the Secure Hash Algorithm. IKE uses public key cryptography to provide the secure transmission of a secret key to a recipient so that the encrypted data can be decrypted at the other end. a widely-used cryptographic hash function with a 128-bit hash value. Authentication Policy Select one of the following authentication methods from the drop-down list: MD5. Select one of the following encryption methods from the drop-down list: • DES. If one key is compromised. the appliances uses the highest encryption level set on the appliance without the key. 4. a set of related cryptographic hash functions. and a peer Steelhead appliance does not have a valid Enhanced Cryptography License Key installed. This standard is supported for environments where AES has not been approved. • AES256. DES is the default value. Does not apply an encryption policy. or AES256. Specifies the Message-Digest 5 algorithm. AES. Control Enable Authentication and Encryption Enable Prefetch Forward Secrecy Description Enables authentication between Steelhead appliance. This is the default value. Encrypts data using the Advanced Encryption Standard (AES) cryptographic key length of 256 bits. Encryption Policy Steelhead Central Management Console User’s Guide 263 . or 5 drop-down lists to create a prioritized list of encryption policies for negotiating between peers. • NULL. subsequent keys are secure because they are not derived from previous keys. Specifies the null encryption algorithm. • None. Optionally. Appears when a valid Enhanced Cryptography License Key is installed. Encrypts data using the Triple Digital Encryption Standard with a 168-bit key length. All the Steelhead appliances in a network for which you want to use IPsec must have the same shared secret.Optimization Policy Settings Policy Parameters and Settings General Settings In this panel. Encrypts data using the Data Encryption Standard algorithm. Enter the Shared Secret Specify the shared secret. • AES. Encrypts data using the Advanced Encryption Standard (AES) cryptographic key length of 128 bits. If the first authentication policy negotiation fails.

It includes the following sections: “Announcements.” next “Alarms” on page 265 “Monitored Ports” on page 269 “SNMP Basic” on page 270 “SNMP v3” on page 271 “SNMP ACLs” on page 271 “Email” on page 273 “Logging” on page 273 Announcements You can change announcement settings for the selected system settings policy in the Announcements page. If a connection has not been established between the two Steelhead appliances that are configured to use IPsec security. Applies the changes to the current configuration. Control Add a New Secure Peer Peer IP Address Add Description Displays the controls to add a new secure peer. Specify the IP address for the peer Steelhead appliance (in-path interface) for which you want to make a secure connection. Note: Adding a peer causes a short service disruption (3-4 seconds) to the peer that is configured to use IPsec security. Type a message in the text box to appear on the Home page. 264 Steelhead Central Management Console User’s Guide . System Settings Policies The following section describes the System Settings Policy feature set.Policy Parameters and Settings System Settings Policies Control Confirm the Shared Secret Apply Description Confirm the shared secret. the peers list does not display the peer Steelhead appliance status as mature. you can choose secure peers for an optimization policy. Secure Peers In this panel. Adds the peer specified in the Peer IP Address text box. Applies your configurations. Control Login Message MOTD Apply Description Type a message in the text box to appear on the Login page.

Steelhead Central Management Console User’s Guide 265 .System Settings Policies Policy Parameters and Settings Alarms You can change alarm settings for the selected system settings policy in the Alarms page.

this alarm is disabled. Enables the memory paging alarm. When an alarm reaches the lowest or reset threshold. it is activated. After an alarm is triggered. When an alarm reaches the rising threshold. this alarm is enabled. the rising alarm is cleared.Policy Parameters and Settings System Settings Policies For details on alarms. Reset Threshold. this alarm is enabled. By default. Specify the rising threshold. the system is functioning properly. If thousands of pages are swapped every few minutes. Temperature Enables an alarm when the CPU temperature exceeds the rising threshold. The default value is 67º. The default value is 90%. it is activated. If 100 pages are swapped every couple of hours. contact Riverbed Technical Support at https://support. By default. The default value is 80º. By default. an alarm is only triggered if in-path support is enabled for that WAN/LAN pair.com. After an alarm is triggered. Specify the number of days before the data store is replaced. When an alarm reaches the rising threshold. Network Interface Link Errors Enables an alarm and sends an email notification when a link goes down. When the CPU returns to the reset threshold. the default reset threshold temperature is 67º C. Rising Threshold. By default. Specify the reset threshold (º C). System Details Report Enables an alarm if a system component has encountered a problem. Enables an alarm when an appliance memory error is detected. with a rising threshold of 90% and a reset threshold of 70%. System Disk Full Enables an alarm when a system disk full condition is detected. this alarm is enabled. Data Store Wrap Frequency Enables an alarm if data in the data store is replaced with new data before the time period specified. it is reset. For WAN/LAN interfaces. it is reset. Make sure the speed and duplex settings on your system match the settings on your switch and router. By default. Control CPU Utilization Description Enables an alarm if the average and peak threshold for the CPU utilization is exceeded. it is activated. 266 Steelhead Central Management Console User’s Guide . When an alarm reaches the rising threshold. Threshold. see “Setting Alarm Parameters” on page 40. when it reaches the lowest or reset threshold. Network Interface Duplex Errors Enables an alarm if the system has encountered a large number of packet errors in your network.riverbed. Reset Threshold. it is not triggered again until it has fallen below the reset threshold. Rising Threshold. The default value is 1 day. After an alarm is triggered. this alarm is enabled. By default. it is reset. Fan Error Memory Error Extended Memory Paging Activity Enables an alarm when an appliance fan error is detected. The default value for the rising threshold temperature is 80º C. The default value is 70%. Specify the reset threshold. this alarm is enabled. it is not triggered again until it has fallen below the reset threshold. it is not triggered again until it has fallen below the reset threshold. Specify the rising threshold (º C). When an alarm reaches the lowest or reset threshold.

When the vault is locked. Certificate Revocation List Enables an alarm when a Certificate Revocation List (CRL) verification on the server certificate fails. SSL traffic is not optimized and you cannot encrypt the data store. A CRL prevents the use of digital certificates and signatures that have been compromised. SSL Peering Certificate SCEP Automatic Reenrollment Enables an alarm when the Steelhead appliance requests a Simple Certificate Enrollment Protocol (SCEP) server to dynamically re-enroll an SSL peering certificate and the request fails. Secure Vault Enables an alarm when an error is detected while initializing the secure vault. this alarm is enabled. click Change Password. this alarm is enabled. this alarm is enabled. By default. You can clear and disable the alarm with the following CLI command: no stats alarm crl_error enable For more information. By default. To clear the alarm using a non-default password. When the alarm indicates the password needs to be rekeyed. this alarm is enabled. Asymmetric Routes Enables an alarm if asymmetric routing is detected. including the reasons for their revocation and the names of the issuing certificate signing authorities. By default. you can use the default password or reset the password as follows: To clear the alarm using the default password. see the Riverbed Command-Line Interface Reference Manual. You can unlock the vault with a password. By default. The Steelhead appliance uses SCEP to dynamically re-enroll a peering certificate to be signed by a certificate authority. By default. an entry is placed in the asymmetric routing table and any subsequent connections from that IP-address pair are passed through unoptimized. see the Riverbed Command-Line Interface Reference Manual. click the link to display the Configure > Security > Secure Vault page and click Unlock Secure Vault. This alarm provides links to the Secure Vault page and also appears on the Reports > Diagnostics > Alarm Status page. A CRL includes any digital certificates that have been invalidated before their expiration date. Further connections between these hosts are not optimized until that particular asymmetric routing cache entry times out. this alarm is enabled. By default. You can clear the alarm without waiting for the next automatic re-enrollment to succeed with the following CLI command: protocol ssl peering auto-reenroll last-result clear-alarm For more information.System Settings Policies Policy Parameters and Settings Control Software Version Mismatch Description Enables an alarm if there is a mismatch between software versions in the Riverbed system. type a new password and click Unlock. Expiring SSL Certificates Enables an alarm if an SSL certificate is due to expire within 60 days or an expired SSL certificate is detected. The certificate authorities that issue the original certificates create and maintain the CRLs. The alarm clears automatically when the next automatic re-enrollment succeeds. this alarm is enabled. Steelhead Central Management Console User’s Guide 267 . To unlock the vault.

if a Steelhead appliance has three neighbors. Similarly. Similarly. the alarm clears only when all three neighbors are no longer in error. Connection Forwarding Connection Failure Enables an alarm when the connection cannot be established with a connection forwarding neighbor. 268 Steelhead Central Management Console User’s Guide . if a Steelhead appliance has three neighbors. the alarm clears only when all three neighbors are no longer in error. By default. if a Steelhead appliance has three neighbors. if a Steelhead appliance has three neighbors. The alarm triggers after the number of keep-alive packets that are lost exceeds the keep-alive count. Similarly.Policy Parameters and Settings System Settings Policies Control Connection Forwarding Ack Timeout Description Enables an alarm when the connection has been lost because requests have not been acknowledged by a connection forwarding neighbor within the set time-out threshold. By default. You can change the number of packets that must be lost before the alarm triggers and the interval between keep-alive packets with the following CLI commands: show in-path neighbor in-path neighbor keepalive count <count> in-path neighbor keepalive interval <seconds> For more information. This alarm includes all connection forwarding neighbors. By default. For example. the alarm triggers even if any one of the neighbors are in error. see the Riverbed Command-Line Interface Reference Manual. This alarm includes all connection forwarding neighbors. By default. this alarm is enabled. Connection Forwarding Lost Due To End of Stream Enables an alarm when the connection is lost since the end of stream was received from the connection forwarding neighbor. This alarm includes all connection forwarding neighbors. the alarm triggers even if any one of the neighbors are in error. this alarm is enabled. You can change the time-out period with the following CLI command: in-path neighbor ack-timer-intvl <milliseconds> For more information. this alarm is enabled. see the Riverbed Command-Line Interface Reference Manual. the alarm clears only when all three neighbors are no longer in error. This alarm includes all connection forwarding neighbors. Similarly. the alarm clears only when all three neighbors are no longer in error. For example. indicating that the connection has been lost. the alarm triggers even if any one of the neighbors are in error. For example. the alarm triggers even if any one of the neighbors are in error. Connection Forwarding Lost Connection Error Enables an alarm when the connection has been lost with the connection forwarding neighbor due to a communication error. For example. This alarm clears automatically the next time all neighbors receive an ACK from this neighbor and the latency of that acknowledgment is less than the set threshold. this alarm is enabled and the time-out period is 1. if a Steelhead appliance has three neighbors. The alarm clears automatically when all neighbors of the Steelhead appliance are responding to keep-alive messages within the time-out interval. the alarm triggers even if any one of the neighbors are in error. Connection Forwarding Keep Alive Timeout Enables an alarm when the connection forwarding neighbor has not responded to a keepalive message within the specified time-out interval. Similarly. the alarm clears only when all three neighbors are no longer in error.000 milliseconds (1 second). This alarm includes all connection forwarding neighbors. For example. By default. this alarm is enabled. The default keep-alive count is 3 packets and the default keep-alive interval is 1 second.

this alarm is enabled and the latency threshold is 100 milliseconds. Control Add Port Port Number Port Description Description Displays the controls to add a new port.) Enables an alarm if an RSP license is due to expire within seven days. the alarm triggers even if any one of the neighbors are in error. if a Steelhead appliance has three neighbors. For example. this alarm is enabled. Similarly. This alarm includes all connection forwarding neighbors. Steelhead Central Management Console User’s Guide 269 . The neighbor latency is the time difference between when the request was sent and the ACK was received. if a Steelhead appliance has three neighbors. this alarm is enabled and the default time-out period is 10. Monitored Ports You can specify monitored port for the selected system settings policy in the Monitored Ports page. RSP General Alarm (Appears when RSP is installed. You can change the time-out interval with the following CLI command: in-path neighbor read-timeout <milliseconds> For more information.) Enables an alarm for general RSP problems including: • no available memory for RSP • an incompatible RSP image is installed • Virtual Machines are enabled but not currently powered on • a watchdog activates for any slot that has a watchdog configured. For example. see the Riverbed Command-Line Interface Reference Manual. the alarm clears only when all three neighbors are no longer in error. Specify a description of the type of traffic on the port. Specify the port to be monitored. This alarm includes all connection forwarding neighbors. Connection Forwarding Read Information Timeout Enables an alarm when the Steelhead appliance has timed-out while waiting for an initialization message from the connection forwarding neighbor.) Enables an alarm when an RSP license has expired. the alarm triggers even if any one of the neighbors are in error. By default.System Settings Policies Policy Parameters and Settings Control Connection Forwarding Latency Exceeded Description Enables an alarm when the amount of latency between connection forwarding neighbors has exceeded the specified threshold.000 milliseconds (10 seconds). By default. RSP License is Close to Expiration (Appears when RSP is installed. RSP License is Expired (Appears when RSP is installed. this alarm is enabled. Similarly. By default. see the Riverbed Command-Line Interface Reference Manual. this alarm is enabled. the alarm clears only when all three neighbors are no longer in error. By default. set with the following CLI commands: stats alarm cf_latency_exceeded rising clear-threshold <threshold> stats alarm cf_latency exceeded rising error-threshold <threshold> For more information. By default. The alarm clears automatically when the latency falls below the specified threshold.

Specify the destination port. For details on SNMP traps sent to configured servers. Click the check box next to the name and click Remove Selected. you can manage SNMP trap receivers as described in the following table. or v3 from the drop-down list to specify the SNMP software version. Specify the IP address for the SNMP trap. Enables the new trap receiver. For example: Read-only. Specify a string to identify the read-only community. Specify the user name for the SNMP contact. Select v1. Specify the physical location of the router. as described in the following table. Destination Port Receiver Type Community Enable Receiver Add Remove Selected 270 Steelhead Central Management Console User’s Guide . Adding a New Trap Receiver In this panel. v2c. see “Setting SNMP Basic Parameters and Trap Receivers” on page 43.” next “Adding a New Trap Receiver” on page 270 SNMP Server Settings In this panel.Policy Parameters and Settings System Settings Policies Control Add Remove Selected Description Displays the controls for adding a port. Adds the new configuration to the Trap Receiver list. SNMP Basic The SNMP page contains the following groups of settings: “SNMP Server Settings. Control Add New Trap Receiver Receiver IP Address Description Displays the controls for configuring new trap receivers. you can enable the reporting of events to an SNMP agent. Click the check box next to the name and click Remove Selected. Specify the SNMP community name. Control Enable SNMP Traps System Contact System Location Read-Only Community Name Description Specify this option to enable SNMP traps.

Adds the user. The password must have a minimum of eight characters. Select a authentication method from the drop-down list: • MD5. and numerical characters to reduce the chance of unauthorized access to the Steelhead appliance. Specify a password. Note: Traps for v1 and v2c are independent of the security name. a set of related cryptographic hash functions. The security name may make changes to the View Based Access Control Model (VACM) security name configuration. SHA-1 is considered to be the successor to MD5. lowercase. Use a combination of uppercase.” next “Groups” on page 272 “Views” on page 272 “Access Policies” on page 272 Security Names In this panel. Steelhead Central Management Console User’s Guide 271 . Specify a name to identify a requestor (allowed to issue gets and sets). Community String Specify the password-like community string to control access. delete the read-only community string. If this is not desired.System Settings Policies Policy Parameters and Settings SNMP v3 You can change SNMP v3 settings policy in the SNMP v3 page. Authentication Password Password Confirm Add Optionally. Note: If you specify a read-only community string (located on the SNMP Basic page under SNMP Server Settings). Confirm the password. Control Add a New Security Name Security Name Description Displays the controls to add a security name. Specifies the Message-Digest 5 algorithm. Specifies the Secure Hash Algorithm. Control Add a New User User Name Authentication Protocol Description Displays the controls to add a new user. you can change security name settings policy in the SNMP ACLs page. it takes precedence over this community name and allows users to access the entire MIB tree from any source host. • SHA-1. a widely-used cryptographic hash function with a 128-bit hash value. Specify the user name. click either Supply a Password or Supply a Key to use while authenticating users. This is the default value. SNMP ACLs The SNMP ACLs page contains the following groups of settings: “Security Names.

By default. Add Adds the group name and security model and name pairs.private. separated by commas. for example. Specify a descriptive view name to facilitate administration. select a security name.products. . Views In this panel. • usm displays another drop-down menu. You can specify an OID number or use its string form. for example. Select a group name from the drop-down list.1.org. you can change view settings policy in the SNMP ACLs page. Click the + button and select a security model from the drop-down list: • v1 or v2c displays another drop-down menu.enterprises.1.2.iso. You can specify .1. Adds the security name. select a user.3.6.dod. Control Add a New Access Policy Group Name Description Displays the controls to add a new access policy. Groups In this panel. separated by commas.steelhead. you can change group settings policy in the SNMP ACLs page.system. the view excludes all OIDs. Specify the Object Identifiers (OIDs) to include in the view. . To add another Security Model and Name pair. Control Add a New Group Group Name Security Model and Name Pairs Description Displays the controls to add a new group.1.iso or any subtree or subtree branch.internet. Adds the view Access Policies In this panel.model Excludes Add Specify the OIDs to exclude in the view. click the + button. 272 Steelhead Central Management Console User’s Guide . Control Add a New View View Name Includes Description Displays the controls to add a new view. the view excludes all OIDs. Specify a group name. you can change access settings policy in the SNMP ACLs page.rbt. By default.Policy Parameters and Settings System Settings Policies Control Source IP Address and Mask Add Description Specify the host IP address and mask bits to which you permit access using the security name and community string.

Control SMTP Server Description Specify the SMTP server.System Settings Policies Policy Parameters and Settings Control Security Level Description Determines whether a single atomic message exchange is authenticated. Logging You can configure remote logging servers. or vertical bars. or vertical bars. semicolons. semicolons. commas. Separate addresses by spaces. and log viewing preferences for the selected system settings policy in the Logging page. log rotation and filtering. Specify the email addresses to which to send notification messages. commas.” next “Adding a New Log Server” on page 275 “Adding a New Process Logging Filter” on page 276 Steelhead Central Management Console User’s Guide 273 . not to an individual user. Does not authenticate packets and does not use privacy. Read View Add Select a view from the drop-down list. • Auth. Adds the policy to the policy list. In the event of a disk drive failure. or vertical bars. Specify a list of email addresses to receive the notification messages. This is the default setting. A security level applies to a group. Specify this option to report serious failures such as system crashes to Riverbed Technical Support. You must have external DNS and external access for SMTP traffic for this feature to function. semicolons. Specify this option to report events through email. Separate addresses by spaces. Specify a list of email addresses to receive the notification messages. Separate addresses by spaces. Important: Make sure you provide a valid SMTP server to ensure that the users you specify receive email notifications for events and failures. The Logging page contains the following groups of settings: “Logging Configuration. Riverbed recommends that you activate this feature so that problems are promptly corrected.com. SMTP Port Report Events via Email Report Failures via Email Report Failures to Technical Support Specify the port number for the SMTP server. Email You can change email notification settings for the selected system settings policy in the Email page. please contact Riverbed Technical Support at support@riverbed. Select one of the following from the drop-down list: • No Auth. Authenticates packets but does not use privacy. Specify this option to report failures through email. Important: This option does not automatically report a disk drive failure. commas.

Conditions that affect the functionality of the Steelhead appliance. The default value is 16 MB. Specify the number of lines per log page. Normal but significant conditions. The log contains all messages with this severity level or higher. Note: This control applies to the system log only. Control Minimum Severity Description Select the minimum severity level for the system log messages. Informational messages that provide general information about system operations. as described in the following table. Action must be taken immediately. Select one of the following levels from the drop-down list: • Emergency. • Critical. The default value is 10. Specify how much disk space. • Notice. • Warning. Select Day. Week.Policy Parameters and Settings System Settings Policies Logging Configuration In this panel. 274 Steelhead Central Management Console User’s Guide . or Month from the drop-down list. such authentication failures. • Disk Space. Conditions that probably affect the functionality of the Steelhead appliance. such as a configuration change. Conditions that could affect the functionality of the Steelhead appliance. the system is unusable. in megabytes. • Alert. • Error. Maximum Number of Log Files Lines Per Log Page Rotate Based On Specify the maximum number of logs to store. the log uses before it rotates. you can configure logging settings for the system policy. It does not apply to the user log. Emergency. • Info. The default value is 100. Specify one of the following rotation options: • Time.

Specify the server IP address. you can manage log servers for the system policy. Conditions that could affect the functionality of the Steelhead appliance. • Alert. Emergency. Add Remove Selected Adds the server to the list. Steelhead Central Management Console User’s Guide 275 . Informational messages that provide general information about system operations. Conditions that probably affect the functionality of the Steelhead appliance. • Critical. Conditions that affect the functionality of the Steelhead appliance. Select one of the following levels from the drop-down list: • Emergency. • Notice. such authentication failures. Click the check box next to the name and click Remove Selected. Control Add a New Log Server Server IP Minimum Severity Description Displays the controls for configuring new log servers. the system is unusable. Normal but significant conditions.System Settings Policies Policy Parameters and Settings Adding a New Log Server In this panel. as described in the following table. The log contains all messages with this severity level or higher. • Error. such as a configuration change. Select the minimum severity level for the log messages. • Info. • Warning. Action must be taken immediately.

Action must be taken immediately. Control Add a New Process Logging Filter Process Description Displays the controls to add a new process logging filter.Statistics Collector • wdt .Central Management Client Daemon • cli.RSP VMware Interface • rspd . • Notice.Device Control and Management • http .Web Application Process Minimum Severity Select one of the following from the drop-down list: • Emergency.Process Manager • sched . Conditions that could affect the functionality of the Steelhead appliance.RSP Watchdog • statsd . the system is unusable. Normal but significant conditions.Lotus Notes Optimization • mapi . • Warning.Watchdog Timer • webasd .Central Management Client • rgpd . Select one of the following from the drop-down list: • cifs . • Alert. you can add and manage process logging filters for the system policy. • Critical.CIFS Optimization • rgp .Hardware Abstraction Daemon • notes . Emergency. Conditions that probably affect the functionality of the Steelhead appliance.Policy Parameters and Settings System Settings Policies Adding a New Process Logging Filter In this panel.Command Line Interface • mgmtd . such as a configuration change. Informational messages that provide general information about system operations.NFS Optimization • pm.HTTP Optimization • hald . • Error.MAPI Optimization • nfs . • Info. such authentication failures.Process Scheduler • virt_wrapped . Conditions that affect the functionality of the Steelhead appliance. as described in the following table. Click the check box next to the name and click Remove Selected. 276 Steelhead Central Management Console User’s Guide . Add Remove Selected Applies your configurations.

” next “Hosts” on page 278 “Proxies” on page 278 “Date and Time” on page 278 DNS Settings In this panel. Host Settings You can view and modify general host settings for the selected networking policy in the Host Settings page. Optionally.Networking Policy Settings Policy Parameters and Settings Networking Policy Settings The following section describes the Networking Policy feature set. It includes the following sections: “Host Settings. see “Creating Policy Settings” on page 133. Optionally. specify the IP address for the tertiary name server.” next “WCCP” on page 279 “Simplified Routing” on page 284 “Asymmetric Routing” on page 284 “Connection Forwarding” on page 285 “Flow Export” on page 286 “QoS Classification” on page 288 “QoS Marking” on page 294 “Port Labels” on page 298 The following procedures assume you have already created a Networking Policy. Control Primary DNS Server IP Address Secondary DNS Server IP Address Tertiary DNS Server IP Address DNS Domain List Description Specify the IP address for the primary name server. specify the IP address for the secondary name server. Steelhead Central Management Console User’s Guide 277 . For details on how to create a new policy. as described in the following table. If you specify domains the system automatically finds the appropriate domain for each of the hosts that you specify in the system. you can manage DNS settings for a networking policy. Specify an ordered list of domain names. The Host Settings page contains the following groups of settings: “DNS Settings.

The default value is GMT. Complete the configuration as above. 278 Steelhead Central Management Console User’s Guide . Specify the IP address for the NTP server. as described in the following table. Date and Time In this panel. Specify a hostname. Control Use NTP Time Synchronization Add a New NTP Server Hostname or IP Address Version Enabled Time Zone Add Remove Selected Description Check this box to use NTP time synchronization Click to display control for configuring a new NTP server. Control Web/FTP Proxy IP Address Port Description Specify the IP address for the Web/FTP proxy. Enable or disable the connection to the NTP server. Tip: To modify the host-IP mapping. you can manage host names and addresses for a networking policy. Specify the port for the Web/FTP proxy. as described in the following table. in the table row for the mapping. Adds the host. Proxies In this panel. Select the NTP server version from the drop-down list: 3 or 4. Click the check box next to the name and click Remove Selected. Adds the NTP server to the table list. Control Add a New Host IP Address Hostname Add Remove Selected Description Displays the controls for adding a new host. Select a time zone from the drop-down list. Click the check box next to the name and click Remove Selected. you can set a proxy address for a networking policy. Specify the IP address for the host. click the hostname to display controls you can use to modify the mapping. you can NTP servers for the host setting of a networking policy.Policy Parameters and Settings Networking Policy Settings Hosts In this panel.

Networking Policy Settings Policy Parameters and Settings Tip: To modify server properties. Control Enable WCCP v2 Support Multicast TTL Description Enables WCCP v2 support on all groups added to the Service Group list. click the server name to display controls you can use to modify the properties. see the Steelhead Management Console User’s Guide. Steelhead Central Management Console User’s Guide 279 . For details on WCCP. The default value is 1. you can enable WCCP service groups. WCCP You can enable WCCP service groups for the selected networking policy in the WCCP page. in the table row for the server. Specify the TTL boundary for the WCCP protocol packets. The WCCP page contains the following groups of settings: “WCCP Service Groups. Complete the configuration as above.” next “Adding a New Service Group” on page 280 WCCP Service Groups In this panel.

If a connection matches multiple service groups on a router. as described in the following table. the router can still send traffic to the other active links for optimization. Riverbed recommends that you use WCCP service groups 61 and 62. More than one Steelhead appliance in-path interface can participate in the same service group. Priority 280 Steelhead Central Management Console User’s Guide . Specify a number from 0 to 255 to identify the service group on the router. Note: The service group number is not sent across the WAN. Select a Steelhead appliance interface to participate in a WCCP service group. If multiple Steelhead appliances are used in the topology.0 and earlier allows a single Steelhead interface). The priority value must be consistent across all Steelhead appliances within a particular service group. This password must be the same password that is on the router. Control Add a New Service Group Interface Description Displays the controls for adding a new service group. the router chooses the service group with the highest priority. A value of 0 specifies the standard HTTP service group.Policy Parameters and Settings Networking Policy Settings Adding a New Service Group In this panel. Note: The service group ID is local to the site where WCCP is used. The default value is 200. they must be configured as neighbors. assign a password to the Steelhead appliance interface. Specify the WCCP priority for traffic redirection. Password/Confirm Password Optionally.1 allows multiple Steelhead interfaces to participate in WCCP on one or more routers for redundancy (RiOS v6. RiOS v6. Service Group ID Enables WCCP v2 support on all groups added to the Service Group list. WCCP requires that all routers in a service group have the same password. The range is 0-255. see the Steelhead Appliance Deployment Guide. you can manage WCCP service groups. You must include an interface with the service group ID. If one of the links goes down. Passwords are limited to 8 characters. For WCCP configuration examples.

Steelhead Central Management Console User’s Guide 281 . or ICMP connections a Steelhead appliance supports determines its weight. Failover Support To enable single in-path failover support with WCCP groups. the heavier the weight of that model. since it is generally undesirable for a Steelhead with two WCCP inpath interfaces to receive twice the proportion of traffic. The one with the weight 100 receives 1/3 of the traffic and each of the other's inpath interfaces receives 1/3 of the traffic. but another one has a non-zero weight. each of the in-path weights is divided by the number of that Steelhead's interfaces participating in the service group. If all the Steelhead appliances have a weight 0. If one Steelhead appliance has a weight 0. The default value corresponds to the number of TCP connections your Steelhead appliance supports. the total weight will still equal 300 (100 + 200/2 + 200/2). define the service group weight to be 0 on the backup Steelhead appliance. RiOS distributes traffic to Steelhead A and Steelhead B in the ratio of 1:2 as long as at least one interface is up on both Steelhead appliances. its weight transfers over to the weight 0 interface of the same service group. if there are two Steelhead appliances in a service group and one has a weight of 100 and the other has a weight of 200. the traffic is redirected equally among them. if there are two Steelhead appliances in a service group and one has a single interface with weight 100 and the other has two interfaces each with weight 200. For details on using the weight parameter to balance traffic loads and provide failover support in WCCP. However. For example. see the Steelhead Appliance Deployment Guide. if an interface with a non-zero weight fails. the one with the weight 100 receives 1/3 of the traffic and the other receives 2/3 of the traffic.1 you can modify the weight for each in-path interface to manually tune the proportion of traffic a Steelhead interface receives. UDP. When you configure Steelhead A with weight 100 from both inpath0_0 and inpath0_1 and Steelhead B with weight 200 from both inpath0_0 and inpath0_1. for Steelhead appliances with multiple in-paths connected. the Steelhead appliance with weight 0 does not receive any redirected traffic. which is useful for traffic load balancing and failover support. The more connections a Steelhead appliance model supports. In RiOS v6. For example.Networking Policy Settings Policy Parameters and Settings Control Weight Description Specify the percentage of connections that are redirected to a particular Steelhead appliance interface. In a service group. For example.1 is to use the same weight on all interfaces from a given Steelhead appliance for a given service group. The ratio of traffic redirected to a Steelhead interface is equal to its weight divided by the sum of the weights of all the Steelhead interfaces in the same service group. A higher weight redirects more traffic to that Steelhead interface. The range is 0-65535. The best way to achieve multiple in-path failover support with WCCP groups in RiOS v6. The number of TCP. suppose you have Steelhead A and Steelhead B with two in-path interfaces each.

This can cause fragmentation and imposes a performance penalty on the router and switch. • L2 . GRE is used. This is the default value. Select one of the following encapsulation schemes from the drop-down list: • Either . However.Generic Routing Encapsulation. if Layer-2 is not supported.Layer-2 redirection. This performance penalty can be too great for production deployments. not all combinations of Cisco hardware and IOS revisions support the L2 method. the L2 method requires the absence of L3 hops between the router or switch and the Steelhead appliance. Also. 282 Steelhead Central Management Console User’s Guide . especially during the GRE packet de-encapsulation process. The L2 method is generally preferred from a performance standpoint because it requires fewer resources from the router or switch than the GRE does.Use Layer-2 first. • GRE . The L2 method modifies only the destination Ethernet address.Policy Parameters and Settings Networking Policy Settings Control Encapsulation Scheme Description Specifies the method for transmitting packets between a router or a switch and a Steelhead appliance interface. The GRE encapsulation method appends a GRE header to a packet before it is forwarded.

The assignment scheme also determines whether the Steelhead interface or the router processes the first traffic packet. However. When the router does not support Hash. Mask assignment in RiOS v6. see the Steelhead Appliance Deployment Guide. which Steelhead appliance in a service group optimizes a given new connection) on bits pulled out. it again receives all of the traffic. This is the default setting.2 and later supports load-balancing across multiple active Steelhead appliances. 4000.Redirects traffic based on a hashing scheme and the Weight of the Steelhead interface. or masked. using less CPU cycles and resulting in better performance. resulting in slightly lower performance. Select one of the following schemes from the drop-down list: • Either . Important: If you use mask assignment you must ensure that packets on every connection and in both directions (client-to-server and server-to-client). it is often desirable to send all users in subnet range to the same Steelhead. Riverbed recommends Hash assignment for most Steelhead appliances if the router supports it.0. source port. are redirected to the same Steelhead appliance. you can change the IP mask by clicking the service group ID and changing the service group settings and flags.1 supports load-balancing across multiple active Steelhead appliance interfaces in the same service group. the Steelhead appliance with the next lowest in-path IP address receives all of the traffic.0. This scheme bases load-balancing decisions (for example. destination IP address. significantly reducing the load on the redirecting router. • Hash . and 4500-series. from the IP address and the TCP port packet header fields. However. or destination port. If the Steelhead appliance with the lowest in-path IP address fails. Router IP Address(es) Specify a multicast group IP address or a unicast router IP address. Steelhead Central Management Console User’s Guide 283 . For details.1 and earlier is limited to one Steelhead appliance per service group.Uses Hash assignment unless the router does not support it. Mask assignment processes the first packet in the router hardware. This scheme uses the CPU to process the first packet of each connection. This scheme provides high availability. see the Steelhead Appliance Deployment Guide. Mask assignment in RiOS v5.Networking Policy Settings Policy Parameters and Settings Control Assignment Scheme Description Determines which Steelhead interface in a WCCP service group the router or switch selects to redirect traffic to for each connection. You can specify up to 32 routers. providing load balancing and failover support. The Cisco switches that do not support Hash assignment are the 3750. it uses Mask. The optimal assignment scheme achieves both load balancing and failover support. Using mask provides a basic ability to leverage a branch subnet and Steelhead to the same Steelhead in a WCCP cluster. The Steelhead appliance with the lowest inpath IP address receives all the traffic. which is applicable in most situations. When the Steelhead appliance with the lowest inpath IP address recovers. For details and best practices for using assignment schemes. Your hashing scheme can be a combination of the source IP address. this method generally achieves better load distribution. among others. You can have multiple Steelhead appliances in a service group but only the Steelhead appliance with the lowest in-path IP address receives all the traffic. • Mask . In multiple Steelhead environments.Redirects traffic operations to the Steelhead appliances. The default mask scheme uses an IP address mask of 0x1741. Mask assignment in RiOS v5.

Collect mappings for destination. • Destination and Source. and inner MAC data. Click the check box next to the name and click Remove Selected Groups. source. 284 Steelhead Central Management Console User’s Guide . Do not collect mappings. see theSteelhead Management Console User’s Guide Control Collect Mappings From Description Select one of the following options from the drop-down list: • None. Also collect data for connections that are un-natted (that is. For details on asymmetric routing. This is the default setting. Use this option in connection forwarding deployments. • All. Riverbed recommends that you use this option to maximize the effects of simplified routing. connections that are not translated using NAT). Collect mappings from destination and source MAC data. Simplified Routing You can enable simplified routing for the selected networking policy in the Simplified Routing page. Collects destination MAC data. see the Steelhead Management Console User’s Guide. Asymmetric Routing You enable asymmetric route detection for the selected optimization policy in the Asymmetric Routing page. • Destination Only. Use this option in connection forwarding deployments.Policy Parameters and Settings Networking Policy Settings Control Add Remove Selected Groups Description Adds the service group. For details on simplified routing.

Networking Policy Settings

Policy Parameters and Settings

You can also use the Steelhead CLI to detect and analyze asymmetric routes. For details, see the Riverbed Command-Line Interface Reference Manual or the Steelhead Appliance Deployment Guide.

Control Enable Asymmetric Routing Detection Enable Asymmetric Routing Pass-Through

Description Detects asymmetric routes in your network. Enables pass-through traffic if asymmetric routing is detected. If asymmetric routing is detected, the pair of IP addresses, defined by the client and server addresses of this connection, is cached on the Steelhead appliance. Further connections between these hosts are passed through unoptimized until that particular asymmetric routing cache entry times out. Detecting and caching asymmetric routes does not optimize these packets. If you want to optimize asymmetric routed packets you must make sure that the packets going to the WAN always go through a Steelhead appliance either by using a multi-port Steelhead appliance, connection forwarding, or using external ways to redirect packets, such as WCCP or PBR. For detailed information, see the Steelhead Appliance Deployment Guide.

Remove Selected

Click the check box next to the name and click Remove Selected.

Connection Forwarding
You configure connection forwarding for a network with multiple paths from the server in the Connection Forwarding page. For details on connection forwarding, see the Steelhead Management Console User’s Guide. The Connection Forwarding page contains the following groups of settings: “Connection Forwarding Settings,” next “Adding a New Neighbor” on page 286

Connection Forwarding Settings
In this panel, you can enable connection forwarding for a networking policy, as described in the following table.
Control Enable Connection Forwarding Description When checked, this option enables connection forwarding by default on all neighbors added to the peer list. The default port for connection forwarding is 7850. Specify the port number to use as the default for the neighbor Steelhead appliance in-path port. The default value is 7850. Specify the number of seconds to use as the default interval for ping commands between neighbor Steelhead appliance. Specify the number of tries to use as the default number of failed ping attempts before an appliance terminates a connection with a neighbor. The default value is 3.

Port Keep-Alive Interval Keep-Alive Count

Steelhead Central Management Console User’s Guide

285

Policy Parameters and Settings

Networking Policy Settings

Control In-Path Neighbor Failure Multiple Interface Support

Description Allows neighbor failure so connections may be handled by another Steelhead appliance. Select this option to enable communication between the CMC and the Steelhead appliance on multiple interfaces, ensuring continued connection in the event one interface fails.

Adding a New Neighbor
In this panel, you can manage connection forwarding neighbors for a networking policy, as described in the following table.
Control Add a New Neighbor Hostname In-Path IP Address Description Click to display the controls to add a new neighbor. Specify a name. Specify the in-path IP address for the neighbor Steelhead appliance. When you define a neighbor, you must specify the appliance in-path IP address, not the primary IP address. Specify the in-path port for the neighbor Steelhead appliance. The default value is 7850. Adds a neighbor Steelhead appliance to the neighbor list. Click the check box next to the name and click Remove Selected.

Port Additional IP Addresses Remove Selected

Flow Export
You configure flow export for a network from the server in the Flow Export page. For details on flow export, see the Steelhead Management Console User’s Guide. The Flow Export page contains the following groups of settings: “Flow Export and Top Talker Settings,” next “Enable Interfaces” on page 287 “Adding a New Flow Collector” on page 287

286

Steelhead Central Management Console User’s Guide

Networking Policy Settings

Policy Parameters and Settings

Flow Export and Top Talker Settings
In this panel, you can manage flow export, as described in the following table.
Control Enable Flow Export Enable Top Talkers Description Enables flow export support. By default, this setting is disabled. Click to continuously collect statistics for the most active traffic flows. A traffic flow consists of data sent and received from a single source IP address and port number to a single destination IP address and port number over the same protocol. The most active, heaviest users of WAN bandwidth are called the Top Talkers. A flow collector identifies the top consumers of the available WAN capacity (the top 50 by default) and displays them in the Top Talkers report. Collecting statistics on the Top Talkers provides visibility into WAN traffic without applying an in-path rule to enable a WAN visibility mode. You can analyze the Top Talkers for accounting, security, troubleshooting, and capacity planning purposes. You can also export the complete list in CSV format. The collector gathers statistics on the Top Talkers based on the proportion of WAN bandwidth consumed by the top hosts, applications, and host and application pair conversations. The statistics track pass-through or optimized traffic, or both. Data includes TCP or UDP traffic, or both (configurable on the Top Talkers report page). You must enable Flow Export before you enable Top Talkers. A NetFlow collector is not required for this feature. Enabling Top Talkers automatically sets the Active Flow Timeout to 60 seconds. Optionally, click a time period to adjust the collection interval: • 24-hour Report Period (Higher Granularity). For a five-minute granularity (the default setting). • 48-hour Report Period (Lower Granularity). For a ten-minute granularity. Disable Top Talkers Apply Click to stop collecting statistics on the most active or inactive users of WAN bandwidth. Click Apply to apply your settings.

Enable Interfaces
In this panel, you can enable interfaces for a networking policy. Select the interfaces to include when adding a new Flow collector.

Adding a New Flow Collector
In this panel, you can add and manage flow collector for a networking policy, as described in the following table.
Control Add a New Flow Collector Collector IP Address Port Description Displays the controls to add a Flow collector. Specify the IP address for the Flow collector. Specify the UDP port the Flow collector is listening on. The default value is 2055.

Steelhead Central Management Console User’s Guide

287

Policy Parameters and Settings

Networking Policy Settings

Control Version

Description Select one of the following versions from the drop-down list: • CascadeFlow. Use with Cascade v8.4 or later. • CascadeFlow-compatible. Use with Cascade v8.34 or earlier. • NetFlow v5. Enables ingress flow records. • Netflow v9. Enables both ingress and egress flow records. For details on the Netflow v9 templates, flow record field descriptions, and Riverbed-specific fields, see the Steelhead Appliance Deployment Guide. CascadeFlow and CascadeFlowcompatible are enhanced versions of flow export to Riverbed Cascade.

Packet Source Interface

Select the interface to use as the source IP address of the flow packets (Primary or Aux) from the drop-down list. NetFlow records sent from the Steelhead appliance appear to be sent from the IP address of the selected interface Causes the TCP/IP addresses and ports reported for optimized flows to contain the original client and server IP addresses and not those of the Steelhead appliance. The default setting displays the IP addresses of the original client and server without the IP address of the Steelhead appliance. This setting is unavailable with NetFlowv9, because the optimized flows are always sent out with both the original client server IP addresses and the IP addresses used by the Steelhead appliance.

LAN Address

Capture Interface primary

Specify the traffic type to export to the flow collector. Select one of the following types from the drop-down list: • All. Exports both optimized and non optimized traffic. • Optimized. Exports optimized traffic. • Optimized-lan. Exports optimized LAN traffic when WCCP is enabled. • Optimized-wan. Exports optimized WAN traffic when WCCP is enabled. • Passthrough. Exports pass-through traffic. • None. Disables traffic flow export. The default value is All for LAN and WAN interfaces, for all four collectors. The default value for the other interfaces (Primary, rios_lan, and rios_wan) is None.

Enable Filter

(CascadeFlow and NetFlow v9 only) Click to filter flow reports by IP/subnets or IP:ports included in the Filter list. When disabled, reports include all IP/ subnets. (CascadeFlow and NetFlow v9 only) Specify the IP/subnet or IP:port to include in the report, one entry per line, up to 25 filters maximum. Adds the settings. Click the check box next to the name and click Remove Selected.

Filter Add Remove Selected

QoS Classification
You configure QoS classes for the selected networking policy in the QoS Classification page. For details on QoS (flat and hierarchical), see the Steelhead Management Console User’s Guide.

288

Steelhead Central Management Console User’s Guide

Networking Policy Settings

Policy Parameters and Settings

The QoS Classification page contains the following groups of settings: “General QoS Settings,” next “Adding a New QoS Class” on page 290 “Adding a New QoS Rule” on page 293

General QoS Settings
In this panel, you can enable and set QoS classification and enforcement, as described in the following table.
Control Enable QoS Classification and Enforcement Description Enables QoS classification. Traffic is not classified until at least one WAN interface is enabled. Note: Complete the basic steps before enabling this option, as your changes take effect immediately. To disable QoS, clear this check box and restart the optimization service. Mode Click to enable a QoS structure: • Flat mode creates all classes at the same level. • Hierarchical mode creates a tree structure that can contain children of class parents. Use this feature to segregate traffic based on flow source or destination and apply different shaping rules to each child. Use a hierarchical structure to effectively manage and support remote sites with different bandwidth characteristics. Note: Selecting a QoS mode does not enable QoS traffic classification. The Enable QoS Classification and Enforcement check box must be selected before traffic optimization begins. Network Interfaces Specify a WAN interface <XXXX-X> to enable and then specify its bandwidth link rate (kbps). The link rate is the bottleneck WAN bandwidth, not the interface speed out of the WAN interface into the router or switch. For example, if your Steelhead appliance connects to a router with a 100 Mbps link, do not specify this value—specify the actual WAN bandwidth (for example, T1, T3). Important: Different WAN interfaces can have different WAN bandwidths; you must enter the bandwidth link rate correctly for QoS to function properly.

Steelhead Central Management Console User’s Guide

289

Policy Parameters and Settings

Networking Policy Settings

Adding a New QoS Class
In this panel, you can manage QoS classes, as described in the following table.

Control Add a New QoS Class Class Name Latency Priority

Description Displays the controls for adding a class. Specify a name for the QoS class. The latency priority indicates how delay-sensitive a traffic class is to the QoS scheduler. Select the latency priority for the class from the drop-down list (highest priority to lowest): • Real-Time. Specifies real-time traffic class. Traffic that is your highest priority should be given this value; for example, VoIP, video conferencing. • Interactive. Specifies an interactive traffic class. For example, Citrix, RDP, telnet and ssh. • Business Critical. Specifies the business critical traffic class. For example, Thick Client Applications, ERPs, and CRMs. • Normal Priority. Specifies a normal priority traffic class. For example, Internet browsing, file sharing, and email. • Low Priority. Specifies a low priority traffic class. For example, FTP, backup, replication, other high-throughput data transfers, and recreational applications such as audio file sharing. These are minimum priority guarantees; if better service is available, it is provided. For example, if a class is specified as low priority and the higher priority classes are not active, then the low priority class receives the highest possible available priority for the current traffic conditions. This parameter controls the priority of the class relative to the other classes. Important: The latency priority describes only the delay sensitivity of a class, not how much bandwidth it is allocated, nor how important the traffic is compared to other classes. Therefore, it is common to configure low latency priority for high-throughput, non-packet delay sensitive applications like FTP, backup, and replication.

Guaranteed Bandwidth

Specify the minimum amount of bandwidth (as a percentage) to guarantee to a traffic class when there is bandwidth contention. All of the classes combined cannot exceed 100%. During contention for bandwidth, the class is guaranteed the amount of bandwidth specified. The class receives more bandwidth if there is unused bandwidth remaining. In hierarchical mode, excess bandwidth is allocated based on the relative ratios of guaranteed bandwidth. The total minimum guaranteed bandwidth of all QoS classes must be less than or equal to 100% of the parent class. A default class is automatically created with guaranteed bandwidth of .01%. Traffic that does not match any of the rules is put into the default class. Riverbed recommends that you change the guaranteed bandwidth of the default class to the appropriate value. The guaranteed bandwidth calculated based on this percentage should be no less than 1 kbps.

290

Steelhead Central Management Console User’s Guide

Connection Limit Optionally. It is not supported in out-of-path or virtual-in-path configurations. Specify the weight for the class. Classes with a larger weight are allocated more of the excess bandwidth than classes with a lower link share weight. specify the maximum number of optimized connections for the class. The link share weight determines how the excess bandwidth is allocated among sibling classes. the link share weight is the same proportion as the guaranteed bandwidth of the class. a parent class connection limit does not affect its child. Each child class optimized connection is limited by the connection limit specified for their class. Connection Limit does not apply to the packet-order queue or Citrix ICA traffic. When the limit is reached. and the connection limit for A is set to 5. all the link shares are equal.Networking Policy Settings Policy Parameters and Settings Control Link Share Weight Description Applies to flat mode only. The limit is applied even if there is excess bandwidth available. The Link Share Weight does not apply to MX-TCP queues. while the connection limit for B is set to 10. all new connections are passed through unoptimized. Connection limit is supported only in in-path configurations. Connection Limit is supported only in in-path configurations. You cannot specify a Link Share Weight in H-QoS. In hierarchical mode. Upper Bandwidth Specify the maximum allowed bandwidth (as a percentage) a class receives as a percentage of the parent class guaranteed bandwidth. Steelhead Central Management Console User’s Guide 291 . Upper Bandwidth does not apply to MX-TCP queues. For example. if B is a child of A. the connection limit for B is 10. Link share does not depend on the minimum guaranteed bandwidth. It is not supported in out-of-path or virtual-in-path configurations. By default. In H-QoS.

Transmits all flows in the order that they are received (first in. Packet-order protection allows only one packet from each flow into the HFSC traffic shaper at a time. Determines Steelhead appliance behavior when the number of packets in a QoS class outbound queue exceeds the configured queue length. When SFQ is used. Bursty sources can cause long delays in delivering time-sensitive application traffic and potentially to network control and signaling messages.Policy Parameters and Settings Networking Policy Settings Control Queue Description Optionally. If no QoS mechanism (either parent classes on the Steelhead appliance. among the present traffic flows. The backlog for each flow stores the packets from the flow in order until the packet inside the HFSC infrastructure is dequeued for delivery to the network interface. • Packet-order. Another usage of MX-TCP is to achieve high throughput over highbandwidth. packets are dropped from within the queue in a round-robin fashion. Shared Fair Queueing (SFQ) is the default queue for all classes. and the outbound rate is made to match the minimum guaranteed bandwidth configured on the QoS class. select one of the following queue methods for the leaf class from the drop-down list (the queue does not apply to the inner class) : • SFQ. first out). preventing bursty flows from starving other flows within the QoS class. Improperly tuned router buffers cause TCP to perceive congestion in the network. For example. The normal TCP behavior of reducing the outbound sending rate when detecting congestion or packet loss is disabled. The link share weight parameter has no effect on a QoS class configured with MX-TCP. SFQ ensures that each flow within the QoS class receives a fair share of output bandwidth relative to each other. Has very different use cases than the other queue parameters. You must also specify the Citrix server IP address or server port number to locate Citrix traffic. The upper limit parameter has no effect on a QoS class configured with MX-TCP. the TCP congestion control mechanism for that traffic is altered on the Steelhead appliance. especially when intermediate routers do not have properly tuned interface buffers. Select this queue with the Citrix QoS classes for best performance. Upper limit. MXTCP also has secondary effects that you need to understand before configuring: – When optimized traffic is mapped into a QoS class with the MX-TCP queuing parameter. MX-TCP is commonly used for ensuring high throughput on satellite connections where a lower-layer-loss recovery technique is not in use. 292 Steelhead Central Management Console User’s Guide . high-latency links. the following parameters for that class are also affected: Link share weight. because the Steelhead appliance does not identify Citrix traffic automatically. • FIFO. • MXTCP. or another QoS mechanism in the WAN or WAN infrastructure) is in use to protect other traffic. The Steelhead appliance always tries to transmit traffic at the specified rate. This packet order priority protection works for both TCP and UDP streams. When MX-TCP is configured as the queue parameter for a QoS class. resulting in unnecessarily dropped packets. – – Important: Use caution when specifying MX-TCP. The outbound rate for the optimized traffic in the configured QoS class immediately increases to the specified bandwidth. You can use MX-TCP to achieve high-throughput rates even when the physical medium carrying the traffic has high loss rates. even when the network can support high-throughput rates. and does not decrease in the presence of network congestion. that other traffic might be impacted by MX-TCP not backing off to fairly share bandwidth. Protects the TCP stream order by keeping track of flows that are currently inside the packet-shaping infrastructure.

or a rule number from the drop-down list. If rule 2 matches the conditions. Select All.XXX. Optionally. as described in the following table. Tip: Rules support port labels for source and destination ports. then the rule is applied. Specify the IP address for the source network. Add Remove Selected Adding a New QoS Rule In this panel. When a child class is not bound to any rules in the QoS rules table.XXX. the system consults the next rule. To remove a parent class. and the system moves on to the next packet. Class Name Source Subnet Port Select a class name from the drop-down list. select a DSCP level from the drop-down list. If the conditions set in the rule do not match.XXX. For example.Networking Policy Settings Policy Parameters and Settings Control Class Parent Description Appears only when a QoS hierarchy is enabled. and no further rules are consulted. Optionally. The default value is All. Destination Subnet Port Specify the IP address for the destination network. the specified rule sends the packet to this class. Inserts a QoS rule for a QoS class. Steelhead appliances evaluate rules in numerical order starting with rule 1. Steelhead Central Management Console User’s Guide 293 . specify the VLAN tag for the rule. it is applied.XXX/XX Specify the port or port label for the source subnet. TCP. Tip: Rules support port labels for source and destination ports. Control Add a New QoS Rule Insert Rule At Description Displays the controls to add a QoS rule. if the parent class has a business critical latency priority. Protocol Traffic Type DSCP VLAN Select All. the check box for the parent class is unavailable. or Pass-Through from the drop-down list. Specify the parent for a child class. Use the following format: XXX. Click the check box next to the name and click Remove Selected.XXX. The system applies the QoS rules to optimized and pass-through (egress only) traffic. end. If the conditions set in the rule match. you can manage QoS rules. deleting a parent deletes the children as well. Optimized. rule 2 is consulted. delete all rules for the corresponding child classes first. When a parent class has rules or children. and its child has a real-time latency priority. Adds the QoS class. the child inherits the business critical priority from its parent. Use the following format: XXX. UDP. The default value is All. The class inherits the parent’s definitions. or GRE from the drop-down list. For example.XXX/XX Specify the port or port label for the destination subnet. Select start. if the conditions of rule 1 do not match. If the rule matches. and uses a real-time priority only with respect to its siblings.

see the Steelhead Management Console User’s Guide. The QoS Marking page contains the following groups of settings: “QoS DSCP Monitor Settings. to view and edit additional policy settings. Select 3 . Each rule that specifies an ICA priority must also identify Citrix traffic using IP address(es) and/or port number(s). Select a priority from the list. Click the arrow next to the desired rule position.Low for Citrix traffic without application priority. select the policy from the Editing <policy type> Policy drop-down list. Tip: Optionally.Policy Parameters and Settings Networking Policy Settings Control Application Protocols Description Select either None or Citrix ICA from the drop-down list. QoS Marking You set QoS marking for the selected networking policy in the QoS Marking page.” next “Adding a New Optimized QoS Map” on page 296 “Adding a New Pass through QoS Map” on page 297 294 Steelhead Central Management Console User’s Guide . select 0 . Add Remove QoS Rules Move QoS Rules Adds a rule to the QoS rule list.High for interactive traffic such as screen updates and mouse movements. Removes the selected rules. Selecting Citrix ICA expands the control to include the ICA Priority drop-down list. The rule moves to the new position. To view and edit additional policy feature sets. Check the box next to the name and click Move QoS Rules. select a feature set from the Page drop-down list. For example. The QoS class for Citrix must use the packet-order queue. For details on QoS marking. Note: You must create a QoS class for Citrix traffic before selecting Citrix ICA.

Change this value when you expect the DSCP value to change during the duration of the connection and you want to use the most recent value. the connection setup packets (SYN/SYN-ACK/ACK) are not marked. For example. The DSCP value in packets received from the server is used in packets sent from the server-side Steelhead appliance to the client-side Steelhead appliance. TOS Monitor Repeat Specify how often the client-side Steelhead appliance rechecks the DSCP value of the traffic. you can set DSCP monitor settings for a networking policy. the Steelhead appliance checks the DSCP value received in the last packet for that connection and uses that value to mark packets on the next hop. Steelhead Central Management Console User’s Guide 295 . as soon as the server sends data back. Control TOS Monitor Interval Description Specify how many TCP bytes the client Steelhead appliance receives on the upstream connection before sending packets that reflect the same DSCP value. the DSCP value is sent for packets in the reverse direction. after the TCP connection has received 3000 bytes of data. set the repeat interval to -1. because the server-side Steelhead appliance sends data to the server only after it receives data from the client-side Steelhead appliance. but the next packets are marked. The default value is 3000. This way. If you set the interval to 1. The default value is 1. If you want to check indefinitely.Networking Policy Settings Policy Parameters and Settings QoS DSCP Monitor Settings In this panel. This also applies to packets sent from a server-side Steelhead appliance to the server.

For the MAPI data channel. A port label is a label that you assign to a set of ports so that you can reduce the number of configuration rules in your system. In RiOS 6. RiOS versions prior to 5. Notes: • Optimized traffic is marked in both directions.XXX. Reflect specifies that the DSCP level or IP ToS value found on pass-through traffic is unchanged when it passes through the Steelhead appliance.XXX.Policy Parameters and Settings Networking Policy Settings Adding a New Optimized QoS Map In this panel. RiOS versions 5. the DSCP field in a QoS classification rule matches the DSCP value before DSCP marking rules are applied. DSCP Optionally.7 and 5. port label.XXX. Use the following format: XXX. but pass-through traffic is marked only on the egress traffic. the Steelhead appliance overrides the existing DSCP level and the value that you defined is applied.2: For the FTP data channel.XXX. A port label is a label that you assign to a set of ports so that you can reduce the number of configuration rules in your system.0. Destination Subnet Destination Port Specify the IP address for the destination subnet. the Steelhead appliance uses the existing DSCP level for the connection between the Steelhead appliances.2 do not support the creation of QoS maps based on the source port for optimized traffic. or all.0.0. For the FTP data channel.5 and earlier.5. Important: If your connections already have a DSCP level and you do not define one on the client-side Steelhead appliance.0.7 and 5. specify a description to identify the rule. Control Add a New Optimized QoS Map Source Subnet Source Port Description Displays the controls to add an optimized QoS map. Use the following format: XXX. select a DSCP level (0-63) or Reflect (the default setting) from the drop-down list. you can manage optimized QoS maps. it matches the post-marking DSCP value. specify source port 20 and the corresponding DSCP level on the Steelhead appliance closest to the FTP server (assuming the FTP server initiates the data channel on port 20). For the MAPI data channel.2: For the FTP data channel. Specify the IP address for the source network. Setting QoS for port 20 on the server-side Steelhead appliance affects passive FTP. 296 Steelhead Central Management Console User’s Guide . or all. as described in the following table.XXX/XX Specify the destination port number. specify port 7830 and the corresponding DSCP level. Reorders the selected maps in the list. The method you use to configure QoS for active FTP depends on the RiOS version. that is. because RiOS versions prior to 5. Description Add Remove QoS Maps Move QoS Maps Optionally. configure a QoS map on the server-side Steelhead appliance to match the destination port 20.5. If you define a DSCP level on the client-side Steelhead appliance. specify port 7830 and the corresponding DSCP level. • In RiOS 5.7 and 5.XXX/XX Specify the source port number. port label. specify destination port 20 and the corresponding DSCP level. Adds the rule to the optimized QoS map list. Removes the selected map configurations. Setting QoS for port 20 on the serverside Steelhead appliance affects active FTP. the DSCP field in a QoS classification rule matches the DSCP value after DSCP marking rules are applied.5.

You cannot optimize a pass-through FTP data channel connection.XXX/XX Specify the destination port number. you can manage pass through QoS maps. but pass-through traffic is marked only on the egress traffic. Destination Subnet Destination Port Specify the IP address for the destination subnet. port label. specify a description to help you identify the map. Use the following format: XXX. Specify the IP address for the source network. Reorders the selected maps in the list. Important: If your connections already have a DSCP level and you do not define one in the Management Console. Reflect specifies that the DSCP level or IP ToS value found on pass-through traffic is unchanged when it passes through the Steelhead appliance. For the MAPI data channel. Removes the selected map configurations. the Steelhead appliance overrides the existing DSCP level and the value that you defined is applied.XXX. A port label is a label that you assign to a set of ports so that you can reduce the number of configuration rules in your system. A port label is a label that you assign to a set of ports so that you can reduce the number of configuration rules in your system. Note: Optimized traffic is marked in both directions. Control Add a New Passthrough QoS Map Source Subnet Source Port Description Displays the controls to add a pass-through QoS map. Description Add Remove QoS Maps Move QoS Maps Optionally. port label. the Steelhead appliance uses the existing DSCP level for the connection between the Steelhead appliances.XXX. specify port 7830 and the corresponding DSCP level. or all. If you define a DSCP level in the Management Console. specify port 7830 and the corresponding DSCP level. For the MAPI data channel. Steelhead Central Management Console User’s Guide 297 . as described in the following table.XXX.XXX. or all. select a DSCP level (0-63) or Reflect (the default setting) from the drop-down list. Adds the map to the passthrough QoS map list. You cannot optimize a pass-through FTP data channel connection.Networking Policy Settings Policy Parameters and Settings Adding a New Pass through QoS Map In this panel. DSCP Optionally. Use the following format: XXX.XXX/XX Specify the source port number.

298 Steelhead Central Management Console User’s Guide .). • The fields in the various rule pages of the Management Console that take a physical port number also take a port label. or the hyphen ( . General Security Settings You can prioritize local. For details on the port labels. • To avoid confusion.Policy Parameters and Settings Security Policy Settings Port Labels You create port labels for the selected networking policy in the Port Labels page. and TACACS+ authentication methods for the system and set the authorization policy and default user for RADIUS and TACACS+ authorization systems in the General Settings page. • Port label changes (that is. do not use a number for a port label. adding and removing ports inside a label) are applied immediately by the rules that use the port labels that you have modified. Click the check box next to the name and click Remove Selected. such as QoS and peering rules. Control Add a New Port Label Name Description Displays the controls to add a new port label. see “Creating Policy Settings” on page 133. Security Policy Settings The following section describes the Security Policy feature set. see the Steelhead Management Console User’s Guide.” next “User Permissions” on page 299 “RADIUS” on page 300 “TACACS+” on page 302 “Management ACL” on page 303 “Web Settings” on page 304 The following procedures assume you have already created a Security Policy. RADIUS. There cannot be spaces in port labels. Specify the label name. • Port labels that are used in in-path and other rules. cannot be deleted. The following rules apply: • Port labels are not case sensitive and can be any string consisting of letters. Ports Remove Selected Add Specify a comma-separated list of ports. For details on how to create a new policy. It includes the following sections: “General Security Settings. Adds the port label. the underscore ( _ ).

Password Confirm. Password. you can manage capability accounts for the security policy. Type a password in the text box. you can manage role-based accounts for the security policy. Click to enable or clear to disable the administrator or monitor account. see the Steelhead Appliance Deployment Guide. Enable Account. see the Steelhead Management Console User’s Guide. Type the new password again for confirmation. Control Add a New User Account Name Enable Account Use a Password Description Click to display the controls for creating a new role-based account.” next “Adding a New User” on page 299 Capability-Based Accounts In this panel. as described in the following table. Important: A role-based account cannot modify another role-based or capability-based account. Type a password in the text box. Configures host and network interface settings. For details on user permissions. including DNS cache settings. Specify a name for the role-based account. see “Managing User Permissions” on page 61. Enables password protection. as described in the following table. User Permissions You can change the administrator or monitor passwords and define role-based users for the selected security policy in the User Permissions page. General Settings Network Settings Configures per source IP connection limit and the maximum connection pooling size. Control admin/monitor Description Click the magnifying glass to change the administrator or monitor password.Security Policy Settings Policy Parameters and Settings For details on general security settings. • Password Confirm. The User Permissions page contains the following groups of settings: “Capability-Based Accounts. Click the check box to enable the new role-based account. Steelhead Central Management Console User’s Guide 299 . The password must have a minimum of six characters. Click the check box to enable password protection and type the following: • Password. Use a Password. Adding a New User In this panel. The password must have a minimum of six characters. Confirm the new administrator password. For details on setting up RADIUS and TACACS+ servers.

Policy Parameters and Settings Security Policy Settings Control QoS Optimization Service In-Path Rules Description Enforces QoS policies. Enables CIFS optimization settings (including SMB-Signing) and Overlapping Open optimization. Configures security settings. or a package that provides core networking services (for example. For details on the RADIUS feature. see the Steelhead Management Console User’s Guide 300 Steelhead Central Management Console User’s Guide . but does not include TCP dumps. Configures NFS optimization. DNS and DHCP). Configures MS-SQL optimization. insert cookie. including system and user log settings. Configures SSL support and the secure inner channel. This role includes permission to install VMware tools and add subnet side rules. Customizes system diagnostic logs. Oracle Forms Optimization MAPI Optimization SQL Optimization NFS Optimization Notes Optimization Citrix ICA Optimization SSL Optimization Proxy File Service Riverbed Services Platform (RSP) Security Settings Basic Diagnostics Diagnostics Reports Add Remove Selected Users RADIUS You set up RADIUS server authentication for the selected security policy in the RADIUS page. Configures alarms. Customizes system diagnostic logs. performance features. Parse and Prefetch. Configures TCP traffic for optimization and how to optimize traffic by setting in-path rules. For detailed information about WAN visibility. Sets system report parameters. Configures enhanced HTTP optimization settings: URL learning. Adds functionality into a virtualized environment on the client Steelhead appliance. High-Speed TCP CIFS Optimization HTTP Optimization Specifies high-speed TCP settings: LAN send and receive buffer size and WAN send and receive buffer size. Optimizes MAPI. and TCP optimization. Click the check box next to the name and click Remove Selected. Configures Lotus Notes optimization. For detailed information. and sets Exchange and NSPI ports. Object Prefetch Table. including RADIUS and TACACS authentication settings and the secure vault password. keep-alive. This role includes WAN visibility to preserve TCP/IP address or port information. Configure Citrix ICA optimization. see the RiOS Services Platform Installation Guide. file extensions to prefetch. Optimizes Oracle E-business application content and forms applications. The functionality can include third-party packages such as a firewall security package. a streaming video server. Enables the PFS. and the ability to set up HTTP optimization for a specific server subnet. see the Steelhead Appliance Deployment Guide. Adds your settings to the system.

Server Key. The default value is 1.Security Policy Settings Policy Parameters and Settings The RADIUS page contains the following groups of settings: “Default RADIUS Settings. you can add and manage RADIUS authentication servers. Click the check box next to the name and click Remove Selected. you can enable and define RADIUS authentication for the security policy. The default value is 1. Enables the new server. the global settings are applied automatically. as described in the following table. Specify the number of times you want to allow the user to retry authentication. Timeout (seconds) Retries Enabled Add Remove Selected Specify the time-out period in seconds (1 .60). Confirm the override server key. Specify the time-out period in seconds (1-60). Adds the RADIUS server to the list. RADIUS Servers In this panel.” next “RADIUS Servers” on page 301 Default RADIUS Settings In this panel. Note: If you add a new server to your network and you do not specify these fields at that time. Confirm the global server key. Overrides the global server key for the server. Specify the server IP address. Specify the number of times you want to allow the user to retry authentication. Specify the port for the server. Specify the override server key. as described in the following table. Valid values are 0-5. Steelhead Central Management Console User’s Guide 301 . Control Add a RADIUS Server Server IP Address Authentication Port Override the Global Default Key Description Displays the controls for defining a new RADIUS server. The default value is 3. Specify the global server key. Control Set a Global Default Key Global Key Confirm Global Key Timeout (seconds) Retries Description Enables a global server key for the RADIUS server. Confirm Server Key. The default value is 3.

as described in the following table. Valid values are 0-5. Specify the number of times you want to allow the user to retry authentication. The default value is 49. Enables the new server. Specify this option to override the global server key for the server.Policy Parameters and Settings Security Policy Settings TACACS+ You set up TACACS+ server authentication for the selected security policy in the TACACS+ page. Adds the TACACS+ server to the list. Control Set a Global Default Key Global Key Confirm Global Key Timeout (seconds) Retries Description Specify this option to enable a global server key for the server. Click either PAP or ASCII to select the authentication type. Control Add a TACACS+ Server Server IP Address Authentication Port Authentication Type Override the Global Default Key Server Key Confirm Server Key Timeout (seconds) Retries Enabled Add Remove Selected Description Displays the controls for defining a new TACACS+ server. TACACS+ Servers In this panel. Confirms the global server key. Specify the time-out period in seconds (1-60). The default is 3. Specify the override server key.60). 302 Steelhead Central Management Console User’s Guide . Click the check box next to the name and click Remove Selected. Valid values are 0-5. as described in this table. Specify the number of times you want to allow the user to retry authentication. you can enable and define TACACS+ authentication for the security policy. see the Steelhead Management Console User’s Guide. Specify the global server key. Specify the port for the server. For details on TACACS+. The TACACS+ page contains the following groups of settings: “Default TACACS+ Settings. The default is 1. Specify the server IP address. The default is 1. Specify the time-out period in seconds (1 . Confirm the override server key. The default value is 3. you can add and manage TACACS+ authentication servers. as described in the following table.” next “TACACS+ Servers” on page 302 Default TACACS+ Settings In this panel.

You set a rule to allow or deny access to a matching inbound IP packet. Source Network Interface Description Steelhead Central Management Console User’s Guide 303 . HTTP. SSH. TCP. Optionally. When set to All or ICMP. ICMP or a specify a protocol number (1. This is the default action. or Telnet. Denies access to any matching packets. In this panel. describe the rule to facilitate administration. When you add a rule on a Steelhead appliance. • Deny. and the source specifies a remote host. specify the source network of the inbound packet. SNMP. Service Protocol Select All. For details on management ACL. When specified. the destination specifies the Steelhead appliance itself. 17). Select one of the following rule types from the drop-down list: • Allow. Optionally. Adding a New Rule In this panel. the Service and Destination Ports are dimmed and unavailable.) Optionally. see the Steelhead Management Console User’s Guide. UDP. HTTPS.” next “Adding a New Rule” on page 303 Management ACL Settings The management ACL contains rules that define a match condition for an inbound IP packet. The default value is All. 6. you can choose: Control Enable Management ACL Description Secures access to a Steelhead appliance using a management ACL. select All.Security Policy Settings Policy Parameters and Settings Management ACL You configure management ACL for the selected security policy in the Management ACL page. The Management ACL page contains the following groups of settings: “Management ACL Settings. (Appears only when Service is set to Specify Protocol. you can choose the following: Control Add a New Rule Action Description Displays the controls for adding a new rule. SOAP. Optionally. Allows a matching packet access to the Steelhead appliance. the Destination Port is dimmed and unavailable. Select All to specify all interfaces. select an interface name from the drop-down list.

A value of 0 disables time-out. log rotation and filtering. then the rule is applied.” next “RSP Slots” on page 307 “RSP Dataflow” on page 308 304 Steelhead Central Management Console User’s Guide . Note: The default rule. session time-out is enabled. Web Settings You can configure remote logging servers. the system consults the next rule. Adds the rule to the list. and automatically refresh the report pages. rule 2 is consulted. select a rule number from the drop-down list. it is applied. and the system moves on to the next packet. remain logged-in indefinitely. By default. and log viewing preferences for the selected security policy in the Web Settings page Control Default Web Login ID Web Inactivity Timeout Allow Session Timeouts on AutoRefreshing Pages Description Specify the user name that appears on the authentication page. which stops the automatic updating of the report pages when the session times out. If the conditions set in the rule match. If rule 2 matches the conditions. Specify the number of idle minutes before time-out. cannot be removed and is always listed last. Log Packets Add Remove Selected Move Selected Tracks denied packets in the log. and no further rules are consulted. which allows all remaining traffic from everywhere that has not been selected by another rule.Policy Parameters and Settings Branch Services Settings Control Rule Number Description Optionally. Steelhead appliances evaluate rules in numerical order starting with rule 1. packet logging is enabled. By default. if the conditions of rule 1 do not match. If the conditions set in the rule do not match. By default. the rule goes to the end of the table (just above the default rule). Moves the selected rules. The default value is admin. the rule moves to the new position. Important: Disabling this feature poses a security risk. Click the check box next to the name and click Remove Selected. Clear this box to disable the session time-out. Click the arrow next to the desired rule position. For example. Allow. Branch Services Settings The following section describes Branch Services feature set. It includes the following sections: “Caching DNS. The default value is 15.

By default. does not respond. The default value is 1048576. then stores the address information locally in the Steelhead appliance. Name Server IP Address Position Add Steelhead Central Management Console User’s Guide 305 . you can enable and define the general services. Control Enable Caching DNS Description Enabled. Enabled. Disabled. unless you specify another name server. Disabled. DNS Cache Size (bytes) Primary Interface Responding to DNS Requests Specifies the cache size. Enables the name server to listen for name resolution requests on the auxiliary interface. Stops the name server from using the auxiliary interface. the DNS cache is disabled. DNS Forwarding Name Servers In this panel.Branch Services Settings Policy Parameters and Settings Caching DNS You configure DNS caching in the Branch Services page. the Steelhead appliance uses failover to these if one name server is not responding. Stops the Steelhead appliance from acting as the DNS name server. Enables the name server to listen for name resolution requests on the primary interface. see the Steelhead Management Console User’s Guide. By default. Apply Applies the settings to the current configuration. Disabled.” next “DNS Forwarding Name Servers” on page 305 “Advanced Cache” on page 306 “Advanced Name Servers” on page 307 General Services In this panel. Control Add a New DNS Server Name Description Displays the controls to add a DNS name server to which the Steelhead appliance forwards requests to cache responses. You can add multiple name servers to use. the Steelhead appliance queries each remaining forwarder in sequence until it receives an answer or until it exhausts the list. By default. For details on DNS caching. If the first name server. Forwards name resolution requests to a DNS name server. the requests go to the root name server. Adds the name server. Specify an IP address for the name server. The range is from 524288 to 2097152. you can add a new DNS forwarding name servers. The Branch Services page contains the following groups of settings: “General Services. the Steelhead appliance only forwards requests to the Internet root name servers when you enable caching DNS without specifying any name servers to forward requests to. in bytes. Specify the order in which the name servers are queried (when using more than one). Stops the name server from using the primary interface Aux Interface Responding to DNS Requests Enabled. or forwarder.

this setting is disabled. Typically there is no need to adjust this setting. The default value is 0. The valid range is from two seconds to thirty days (2.592.592. Specify the maximum number of seconds the name server stores the address information. the service responds to all subsequent requests with a TTL of 60 seconds regardless of how much time elapses. This is useful to keep local services available when the WAN is disconnected. even if the server returns a smaller TTL value. however nothing is actually cached until you select the General Setting Enable Caching DNS.000 seconds). entries do not automatically expire from the cache. At the time the cache is frozen. Control Caching of Forwarded Responses Maximum Cache Time (seconds) Description Enables the cache. which specifies that the Steelhead appliance still caches negative responses. the service responds with a TTL of 300 seconds minus however much time has lapsed since the cache freeze.000 seconds). Neg DNS Minimum Cache Time (seconds) Specify the TTL for a negative entry. When a negative entry is in the cache. suppose this value is set to 60 seconds. The minimum is 2 seconds and the maximum is thirty days (2. The default value is 0.com. The cache is enabled by default. it does not place a lower bound on what the TTL value for the entry can be. The default value is 10. Neg DNS Maximum Cache Time (seconds) Specify the maximum number of seconds that an unresolved negative address is cached. A negative entry occurs when a DNS request fails and the address remains unresolved. Minimum Cache Time (seconds) Specify the minimum number of seconds that the name server stores the address entries.800 seconds. when this value is set to 300 seconds and the client queries aksdfjh. For example. The default setting is one week (604.800 seconds). Note: Changes to this setting affect new address information and do not change responses already in the cache. For subsequent client requests for riverbed. Note: When the cache is frozen and full.com. but the DNS cache stores the entry as having a TTL of 300 seconds. the appliance does not request it again until the cache expires. you can edit the advanced cache. When the cache is frozen. The maximum value is the current value of Maximum Cache Time. By default. The default value is 10. Note: Changes to this setting affect new responses and do not change any responses already in the cache. which is always this value or above. After 240 seconds have elapsed.Policy Parameters and Settings Branch Services Settings Advanced Cache In this panel. Minimum TTL of a Frozen Entry (seconds) Specify the minimum TTL in seconds that a response from a frozen cache has when sent to a branch office client. the maximum cache time is reached. the DNS service returns a negative answer with a TTL of 100 seconds. They are still returned in response to DNS queries. or the cache is cleared. Freeze Cache 306 Steelhead Central Management Console User’s Guide . Freezes the cache contents. until the cache is unfrozen. You can adjust this setting to reflect how long the cached addresses remain up-to-date and valid.com has a TTL of 300 seconds. entries can still be pushed out of the cache by newer entries. For example. the cache entry for riverbed.

Specify how many requests a name server can ignore before the appliance considers it unresponsive. you can specify that the Steelhead appliance try the root name server. The default value is 120. the appliance considers them back up again. you must disable this option. The appliance also sends a single query to name servers that are down using this time period. in seconds. Control For Unresponsive Name Servers Forwarder Down After (seconds) Description Detects when one of the name servers is not responding and send requests to a responsive name server instead Specify how many seconds can pass without a response from a name server until the appliance considers it unresponsive. that the appliance forwards the name resolution requests to name servers that are responding instead of name servers that are down. see the Steelhead Management Console User’s Guide. Specify the time limit. the appliance determines that it is down. The default value is 30. When the list is exhausted and the request is still unresolved. Forwards the request to a root name server when all other name servers have not responded to a request. This is the default setting. The default value is 300. Forwarder Down After (requests) Retry Forwarder After (seconds) Fallback to Root Name Servers RSP Slots You configure RSP slots in the RSP Slots page. the Steelhead appliance only forwards a request to the forwarding name servers listed above. it does not forward the request to a root name server and returns a server failure. might cache that response. This prolongs the period of time until service comes back up after name servers are down. When the name server does not respond to this many requests and does not respond within the specified amount of time. When the fallback to root name servers option is disabled.Branch Services Settings Policy Parameters and Settings Advanced Name Servers In this panel. the appliance determines that it is down. and return it to clients until it expires. For details on RSP Slots. a request is allowed to go to a forwarder considered down about every 300 seconds until it responds to one. they can resolve hostnames that external name servers like the Internet DNS root servers cannot. the root name servers might inform the Steelhead appliance that a host visible only to internal name servers does not exist. Apply Applies the changes. It then queries each remaining forwarder in sequence until it receives an answer or it exhausts the list. When the list is exhausted and the request is still unresolved. Note: The slot names and installed packages should match the configuration of the Steelheads that are affected by this policy Steelhead Central Management Console User’s Guide 307 . If they respond. you can edit advanced name servers. Otherwise. It then queries each remaining forwarder in sequence until it receives an answer or it exhausts the list. When the name server receives a request but does not respond within this time and does not respond after the specified number of failed requests. If it exhausts these name servers and does not get a response. if the name servers all fail. The single query occurs at intervals of this value – if the value is set to 300. Note: If the name servers used by the Steelhead appliance are internal name servers. either this option must be enabled or a server must be present. you can specify that the Steelhead appliance try the root name server. that is.

you can edit RSP dataflow settings. the VNI moves to the new position. Select one of the following from the drop-down list. Moves the selected VNIs. • start. A packet coming from the Steelhead appliance WAN interface goes to this VNI first. Select an in-path interface from the drop-down list. A lower number locates the VNI closer to the LAN. 308 Steelhead Central Management Console User’s Guide . see the Steelhead Management Console User’s Guide In this panel. Click the arrow next to the desired VNI position. Click the check box next to the name and click Remove Selected VNIs. Control Add a VNI Interface Data Flow Position Description Displays the controls to add a VNI. Locates the VNI next to the LAN. A packet coming from theSteelhead appliance LAN interface goes to this VNI first.Policy Parameters and Settings Branch Services Settings RSP Dataflow You configure RSP dataflow in the RSP Dataflow page. Specifies the VNI order number. Locates the VNI next to the WAN. A higher number locates the VNI closer to the WAN Add Remove Selected VNIs Move Selected VNIs Adds the VNI to the data flow. For details on RSP dataflow. • end. • order number.

Network Address Translation (NAT) port. Interceptor appliance. Steelhead Mobile. It includes the following sections: “Default Ports. Connection forwarding (neighbor) port. it is not necessary to configure company firewalls to support Steelhead specific ports. port 22 must be passed through for the firewall to function properly. ports 7800 and 7810. Default Ports 7744 7800 7801 7810 7820 7850 7860 7870 Description Data store synchronization port. Note: Because optimization between Steelhead appliances typically takes place over a secure WAN. Out-of-path server port. In-path port for appliance to appliance connections. Failover port for redundant appliances.” next “Commonly Excluded Ports” on page 310 “Interactive Ports Forwarded by the Steelhead Appliance” on page 310 “Secure Ports Forwarded by the Steelhead Appliance” on page 311 Default Ports The following table summarizes Steelhead appliance default ports with the port label: RBT-Proto. For the CMC. Also. Steelhead Central Management Console User’s Guide 309 . If there are one or more firewalls between two Steelhead appliances.APPENDIX B Riverbed System Ports This appendix provides a reference to ports used by the system. SYN and SYN/ACK packets with the TCP option 76 must be passed through firewalls for auto-discovery to function properly. must be passed through firewall devices located between the pair of Steelhead appliances.

If you have multiple ports that you want to exclude. The following table lists the interactive ports that are automatically forwarded by the Steelhead appliance. create a port label and list the ports. 1720-1727. Telnet. and shell). 3230-3253. TCP ECHO. TS/Remote Desktop SIP 310 Steelhead Central Management Console User’s Guide . 5060 2000 Interactive Ports Forwarded by the Steelhead Appliance A default in-path rule with the port label Interactive is automatically created in your system. Port 7 23 37 107 179 513 514 1494 1718-1720 2000-2003 2427 2598 2727 3389 5060 Description TCP ECHO Telnet UDP/Time Remote Telnet Service Border Gateway Protocol Remote Login Shell Citrix h323gatedisc Cisco SCCp Media Gateway Control Protocol Gateway Citrix Media Gateway Control Protocol Call Agent MS WBT Server. Tip: If you do not want to automatically forward these ports. simply delete the Interactive rule in the Management Console. remote logging. Application PolyComm (video conferencing) Cisco IPTel Ports 1503. This in-path rule automatically passes through traffic on interactive ports (for example.Riverbed System Ports Commonly Excluded Ports Commonly Excluded Ports This section summarizes the ports that are commonly excluded from optimization in the Steelhead appliance.

ssh. and smtps). Tip: If you do not want to automatically forward these ports. simply delete the Secure rule in the Management Console.Secure Ports Forwarded by the Steelhead Appliance Riverbed System Ports Port 5631 5900-5903 6000 Description PC Anywhere VNC X11 Secure Ports Forwarded by the Steelhead Appliance A default in-path rule with the port label Secure is automatically created in your system. https. This in-path rule automatically passes through traffic on commonly secure ports (for example. data. The following table lists the common secure ports that are automatically forwarded by the Steelhead appliance. Type ssh tacacs https smtps nntps imap4-ssl sshell ldaps ftps-data ftps telnets imaps pop3s l2tp pptp tftps Port 22/tcp 49/tcp 443/tcp 465/tcp 563/tcp 585/tcp 614/tcp 636/tcp 989/tcp 990/tcp 992/tcp 993/tcp 995/tcp 1701/tcp 1723/tcp 3713/tcp Description SSH Remote Login Protocol TACACS+ http protocol over TLS/SSL # SMTP over SSL (TLS) nntp protocol over TLS/SSL (was snntp) IMAP4+SSL (use 993 instead) SSLshell ldap protocol over TLS/SSL (was sldap) ftp protocol. over TLS/SSL telnet protocol over TLS/SSL imap4 protocol over TLS/SSL pop3 protocol over TLS/SSL (was spop3) l2tp pptp TFTP over TLS Steelhead Central Management Console User’s Guide 311 . control. over TLS/SSL ftp protocol.

COM LinkTest SSL asap/tls tcp port TopFlow SSL Simple Distributed Objects over TLS 312 Steelhead Central Management Console User’s Guide . Type nsiiops ddm-ssl corba-iiop-ssl ieee-mms-ssl ircs njenet-ssl ssm-cssps ssm-els giop-ssl ttc-ssl groove syncserverssl dicom-tls realsecure orbix-loc-ssl orbix-cfg-ssl cops-tls csvr-sslproxy xnm-ssl msft-gc-ssl networklenss xtrms jt400-ssl seclayer-tls vt-ssl jboss-iiop-ssl ibm-diradm-ssl can-nds-ssl can-ferret-ssl linktest-s asap-tcp-tls topflow-ssl sdo-tls Port 261/tcp 448/tcp 684/tcp 695/tcp 994/tcp 2252/tcp 2478/tcp 2479/tcp 2482/tcp 2484/tcp 2492 2679/tcp 2762/tcp 2998/tcp 3077/tcp 3078/tcp 3183/tcp 3191/tcp 3220/tcp 3269/tcp 3410/tcp 3424/tcp 3471/tcp 3496/tcp 3509/tcp 3529/tcp 3539/tcp 3660/tcp 3661/tcp 3747/tcp 3864/tcp 3885/tcp 3896/tcp Description IIOP Name Service over TLS/SSL DDM-Remote DB Access Using Secure Sockets CORBA IIOP SSL IEEE-MMS-SSL irc protocol over TLS/SSL NJENET using SSL SecurSight Authentication Server (SSL) SecurSight Event Logging Server (SSL) Oracle GIOP SSL Oracle TTC SSL GROOVE Sync Server SSL DICOM TLS Real Secure Orbix 2000 Locator SSL Orbix 2000 Locator SSL COPS/TLS ConServR SSL Proxy XML NM over SSL Microsoft Global Catalog with LDAP/SSL NetworkLens SSL Event xTrade over TLS/SSL jt400-ssl securitylayer over tls Virtual Token SSL Port JBoss IIOP/SSL IBM Directory Server SSL Candle Directory Services using SSL Candle Directory Services using SSL LXPRO.Riverbed System Ports Secure Ports Forwarded by the Steelhead Appliance The following table contains the uncommon ports automatically forwarded by the Steelhead appliance.

Secure Ports Forwarded by the Steelhead Appliance Riverbed System Ports Type sdo-ssh iss-mgmt-ssl suucp wsm-server-ssl sip-tls imqtunnels davsrcs intrepid-ssl rets-ssl Port 3897/tcp 3995/tcp 4031/tcp 5007/tcp 5061/tcp 7674/tcp 9802/tcp 11751/tcp 12109/tcp Description Simple Distributed Objects over SSH ISS Management Svcs SSL UUCP over SSL wsm server ssl SIP-TLS iMQ SSL tunnel WebDAV Source TLS/SSL Intrepid SSL RETS over SSL Steelhead Central Management Console User’s Guide 313 .

Riverbed System Ports Secure Ports Forwarded by the Steelhead Appliance 314 Steelhead Central Management Console User’s Guide .

find the appropriate command option to load the RBT-mib.internet. peers. If the utility sees a new node.” next “SNMP Traps” on page 316 Accessing MIB Files The following guidelines describe how to download and access the MIB: You can download the MIB file from the CMC Support page. Some utilities might expect a file type other than a text file. change the file type to the one expected. it might look under mib-2.txt file.rbt as the root. use . If this occurs. You can load the MIB file into any MIB browser utility.enterprises. This Appendix provides the following references: “Accessing MIB Files. and provides network statistics for seamless integration into network management systems such as Hewlett Packard OpenView Network Node Manager. for NET-SNMP browsers: snmwalk -m all Steelhead Central Management Console User’s Guide 315 . For details on configuring and using these network monitoring tools.dod.iso. and other SNMP browser tools. PRTG.private.APPENDIX C CMC Management Information Base (MIB) This appendix describes the appliance Management Information Base (MIB). If this occurs. The MIB monitors device status.enterprises. For example. Some command-line browsers might not load all MIB files by default.org. such as enterprises. Some utilities assume that the root is mib-2 by default. If this occurs. consult the vendor documentation.

procExit (enterprises. Riverbed Technical Support might need this information to determine the cause of the crash. This is for notification purposes only.2.1. The variable sent with the notification indicates which process exited.cmc. Sustained CPU load can be symptomatic of more serious issues. A process has unexpectedly exited and been restarted by the system. The trap contains the name of the process. A log in to the Management Console by user admin sends this trap as well. If none exist.cmc. A user on the system has entered a configuration mode from either the CLI or Management Console.2.rbt.4.products. Description A process has crashed and subsequently been restarted by the system.com).products. 17163.cmc. No other action is required as the alarm clears on its own. The system is running low on memory and has begun swapping memory pages to disk. 17163. Average CPU utilization has exceeded an acceptable threshold.2. No other action is necessary as the alarm clears on its own.5) A user has entered configuration mode.rbt. No other action is required on the appliance as the crashed process is automatically restarted. The following table summarizes the SNMP traps sent out from the system to configured trap receivers. no other action is necessary.rbt. Please review the release notes for known issues related to this process exit. 17163. confModeEnter (enterprises. please generate a debug sysdump and send it to Riverbed Technical Support (support@riverbed. please contact Riverbed Technical Support (support@riverbed.2) A procExit trap signifies that a process managed by PM has exited unexpectedly. The trap contains the name of the process that crashed.4) The system has been paging excessively (thrashing).rbt. A system snapshot associated with this crash has been created on the appliance and is accessible via the CLI or the Management Console.1. it can be because the system is undersized. The variable sent with the notification indicates which process crashed. Trap procCrash (enterprises. 316 Steelhead Central Management Console User’s Guide . No other action is required on the appliance as the crashed process is automatically restarted.products.4.1.1. The process might have exited on its own or due to other process failures on the appliance. If CPU utilization spikes are frequent.2. If a service alarm is fired indicating that the service has halted.4.4.cmc.1.1) Text A procCrash trap signifies that a process managed by PM has crashed and left a core file.CMC Management Information Base (MIB) SNMP Traps SNMP Traps Alarms fire for their event only. This event can be triggered during a software upgrade while the optimization service is still running but there can be other causes which should be monitored or diagnosed. 17163.products.2.rbt.3) The average CPU utilization in the past minute has gone above the acceptable threshold. 17163. pagingActivity (enterprises. A one-time spike in CPU is normal but extended high CPU utilization should be reported to Riverbed Technical Support (support@riverbed.cmc.4.com) to determine the cause of this event. no alarm is fired when the service returns to normal operation.products. but not left a core file. Consult the CPU Utilization report to gauge how long the system has been loaded and also monitor the amount of traffic currently going through the appliance.com). cpuUtil (enterprises. Should this event be triggered at any other time.

4.1.1. 17163.9) ipmi (enterprises. A appHealthNotif trap signifies that an appliance managed by the CMC has changed health state.1.4. the display address. configChange (enterprises.1. A log out of the Management Console by user admin sends this trap as well.products. A fan has failed on this appliance (not supported on all models). A appHealthNotif trap signifies that an appliance managed by the CMC has changed health state. This is for notification purposes only.2.4.4.1. the display address.2.4.products.products. 17163.4.products. The system temperature has reached a critical stage.cmc.rbt. The system temperature has exceeded the threshold.1. 17163. The external backup or restore has failed.products.2.14) appHealthNotif (enterprises. A memory error has been detected on the appliance (not supported on all models).1.4. An IPMI event has been detected on the appliance.2. A power supply on the appliance has failed (not supported on all models). The variables sent with the notification indicates the serial number of the appliance.10) A power supply on the appliance has failed (not supported on all models).1.cmc.1.rbt.13) extBackupFailed (enterprises. 17163.12) temperatureCritical (enterprises. Please check the details in the alarm report on the Web UI (not supported on all models). The variables sent with the notification indicates the serial number of the appliance.4. A memory error has been detected on the appliance (not supported on all models).2.rbt.rbt.cmc. 17163.cmc.15) A change has been made to the system’s configuration.1.7) fanError (enterprises.cmc.2.2.cmc.4. 17163.rbt. The system temperature has exceeded the threshold.rbt.cmc.2. A fan has failed on this appliance (not supported on all models). The external backup or restore has failed.6) Text A user has exited configuration mode. An IPMI event has been detected on the appliance.2. 17163.4. A change has been made to the system’s configuration.1. Steelhead Central Management Console User’s Guide 317 .products.products. The system temperature has reached a critical stage.8) memoryError (enterprises.rbt. and the health state that it is in.products. 17163. 17163.products.cmc.1. no other action is necessary.products.SNMP Traps CMC Management Information Base (MIB) Trap confModeExit (enterprises.1. 17163.cmc. Description A user on the system has exited configuration mode from either the CLI or Management Console.11) temperatureWarning (enterprises.rbt.rbt.1.rbt. and the health state that it is in. Please check the details in the alarm report on the Web UI (not supported on all models).2. powerSupplyError (enterprises.1.cmc.

and the time of the backup. the display address.2. A appBackupSuccess trap signifies that an appliance managed by the CMC has successfully completed a backup.1.rbt. Steelhead could not autoconnect due to license depletion.cmc.1. 17163.1. The service has detected some SSL certificates used for Network Administration Access to the Steelhead appliance that are close to their expiration dates. Some SSL certificates may be expiring.4. The variables sent with the notification indicates the appliance serial number.rbt.4. Network interface link errors.2.CMC Management Information Base (MIB) SNMP Traps Trap appConnNotif (enterprises.rbt. The variables sent with the notification indicates the appliance serial number.cmc.2. the display address. and the time of the backup.1. Licensing status has changed.2. SH could not autoconnect due to license depletion. System disk full.products.cmc.2. A appBackupFailure trap signifies that an appliance managed by the CMC has failed a backup.1.products. and the time of the backup. and the new connection status it is in.cmc.4.1.1. the display address. 17163. Network interface link errors.4. The variables sent with the notification indicates the appliance serial number. 17163.1. Description A appConnNotif trap signifies that an appliance managed by the CMC has changed connection state.cmc.21) certsExpiring (enterprises. appBackupSuccess (enterprises. 17163.products. The variables sent with the notification indicates the serial number of the appliance. appBackupFailure (enterprises.1.509 certificates are updated.products. 17163.1.18) A appBackupFailure trap signifies that an appliance managed by the CMC has failed a backup.2.17) A appBackupSuccess trap signifies that an appliance managed by the CMC has successfully completed a backup.cmc.rbt.2. 17163.products.1. the display address. 17163.20) licenseFailureRegimeChange (enterprises.1.products.products.2. 318 Steelhead Central Management Console User’s Guide . underprovisionedVM (enterprises.4.1.2.products. 17163.cmc. The variables sent with the notification indicates the serial number of the appliance.cmc.4. The variables sent with the notification indicates the appliance serial number.4. the display address.1.rbt.24) VM has too little storage or CPU. and the new connection status it is in. System disk is full. VM has too little storage or CPU.1. and the time of the backup.22) fsMntBytes (enterprises.23) linkState (enterprises. 17163.1.rbt.4.cmc.19) autoconnectFailed (enterprises. The alarm clears when the x.1.16) Text A appConnNotif trap signifies that an appliance managed by the CMC has changed connection state. Licensing status has changed.products.rbt. the display address.4.rbt.1.rbt.

17163.1. SSL certificates no longer expiring.rbt.1.1003) pagingActivityClear (enterprises.4.cmc.cmc. VM storage and memory are now adequate. 17163.4.2.1014) underprovisionedVMClear (enterprises.cmc.1.products.4. After the error is corrected. 3020. The external backup or restore failure has been addressed.1008) memoryErrorClear (enterprises.l.1010) temperatureNormal (enterprises. A memory error has been rectified on the appliance (not supported on all models).rbt.cmc.1.cmc. or drive reseating.1. a RAID rebuild.products.1.2.1.products. 17163.2.1009) ipmiClear (enterprises. An IPMI event has been rectified on the appliance (not supported on all models). An IPMI event has been rectified on the appliance (not supported on all models). A memory error has been rectified on the appliance (not supported on all models).rbt. Contact Riverbed Support for assistance with installing a new drive.cmc. System disk no longer full. Consult the CLI or Management Console to determine the location of the failed drive. 17163.rbt. 17163.4.1004) powerSupplyErrorClear (enterprises. The system has stopped paging excessively (thrashing). The system temperature is back within the threshold. 17163. 5520. All power supplies are now functioning normally (not supported on all models).rbt.cmc.cmc.1. Note: Applicable to models 3010.1. 17163. Description A drive has failed in a RAID array. System disk no longer full. 3510.1. 3520.cmc.rbt.products. the alarm clears automatically.1.products.products.cmc.4.25) Text An error has been generated by the RAID array.4.1. The average CPU utilization has fallen back within the acceptable threshold. cpuUtilClear (enterprises.cmc.4. 17163.1023) The average CPU utilization has fallen back within the acceptable threshold.1. The external backup or restore failure has been addressed. 6020.cmc.1.products.4. Steelhead Central Management Console User’s Guide 319 .rbt.1007) fanErrorClear (enterprises.2.products.4. VM storage and memory are now adequate.2.4.products.2.products. SSL certificates no longer expiring.2.products.2.2. The system temperature is back within the threshold. All system fans are not functioning normally (not supported on all models). 17163. The system temperature is no longer in a critical stage.1.1013) extBackupFailedClear (enterprises.2.1.4.1019) certsExpiringClear (enterprises.4.2. 17163. 17163.rbt. 5010.rbt. 17163.cmc.2. The system has stopped paging excessively (thrashing).products.1012) temperatureNonCritical (enterprises.rbt. The appliance continues to optimize during this event. The system temperature is no longer in a critical stage.1.2.products. All power supplies are now functioning normally (not supported on all models). 17163.1. All system fans are not functioning normally (not supported on all models).rbt.1022) fsMntBytesClear (enterprises. and 6120 only.1.rbt.rbt.4.SNMP Traps CMC Management Information Base (MIB) Trap raidError (enterprises.

1025) Text Interface has regained link.1.CMC Management Information Base (MIB) SNMP Traps Trap linkStateClear (enterprises. 17163.1.rbt. 17163.1.rbt. 320 Steelhead Central Management Console User’s Guide . The RAID is working.cmc. Description Interface has regained link.1024) raidErrorClear (enterprises.1.products.cmc. RAID ok now.2.4.2.products.4.

Computed Historical Data.Acronyms and Abbreviations AAA. Bandwidth. Acknowledgment Code ACS. ARP. Central Management Console. and Accounting. Computer Aided Design. CLI. Address Resolution Protocol. Central Processing Unit. Authorization. CA. CDP. Command-Line Interface. CHD. Active Directory Services. AES. CAD. Advanced Packaging Tool AR. Asymmetric Routing. Common Internet File System. Certificate Authority. AD. (Cisco) Access Control Server. Bandwidth-Delay Product. BW. Cisco Discovery Protocol. Active Directory. CIFS. Advanced Encryption Standard. CPU. Authentication. ACK. CMC. Steelhead Central Management Console User’s Guide 321 . Access Control List. BDP. ADS. ACL. APT.

DES. DES. DR. ECC. DSCP. Comma-Separated Value. Greenwich Mean Time. File Transfer Protocol. Data Encryption Standard DHCP. Domain Controller. 322 Steelhead Central Management Console User’s Guide . CSV. Error-Correcting Code. DER. Demilitarized zone. Domain Name Service. Deployment ID. HFSC. GMT. Distinguished Encoding Rules. Digital Signature Algorithm. FIPS. Graphical User Interface. Enterprise Resource Planning. DNS. DID. Data Replication DSA. Differentiated Services Code Point.Acronyms and Abbreviations CRM. Generic Routing Encapsulation. FIFO. Fiber Distributed Data Interface. ERP. Federal Information Processing Standards FSID. Customer Relationship Management. Dynamic Host Configuration Protocol. DC. ESD. FTP. Electrostatic Discharge. GUI. Hierarchical Fair Service Curve. DMZ. FDDI. Gigabytes. GRE. First in First Out. Certificate Signing Request. CSR. Data Encryption Standard. GB. File System ID.

Layer-4.Acronyms and Abbreviations HSRP. High-Speed Transmission Control Protocol. Internet Protocol. L4. Identification number. MDI. Internet Control Message Protocol. IOS. InterSwitch Link. IGP. MAC. HTTPS. LAN. IPMI. MDI-X. Medium Dependent Interface-Crossover. Light-Emitting Diode. (Cisco) Internetwork Operating System. Local Area Network. Intelligent Platform Management Interface. IPSec. Internet Protocol Security protocol. LRU. L2. MIB. Independent Computing Architecture. Least Recently Used LZ. Management Information Base. ID. Media Access Control. HSTCP. Internet Engineering Task Force. HyperText Transport Protocol. IP. MAPI. HTTP. IKE. Steelhead Central Management Console User’s Guide 323 . Messaging Application Protocol Interface. MOTD. Message of the Day. Also known as Cisco InterSwitch Link Protocol. MEISI. Microsoft Exchange Information Store Interface. Hot Standby Routing Protocol. ICMP. LED. HyperText Transport Protocol Secure. ISL. Interior Gateway Protocol. IETF. Layer-2. Lempel-Ziv. Internet Key Exchange. ICA.

PBR. Paessler Router Traffic Grapher. Power Supply Unit. Open System Interconnection. MS SMS. NTLM. Proxy File Service. NAT.Acronyms and Abbreviations MS GPO. MSFC. Microsoft Structured Query Language. Microsoft Group Policy Object. MX-TCP. Microsoft Systems Management Server. 324 Steelhead Central Management Console User’s Guide . PCI. Multilayer Switch Feature Card. Network Attached Storage. MSI Package. Maximum Transmission Unit. Open Shortest Path First. Network File System. NIS. Windows NT LAN Manager NTP. PSU. QoS. NSPI. Quality of Service. Microsoft Installer Package. Network Information Services. Privacy Enhanced Mail. Password Authentication Protocol. PAP. Policy-Based Routing. Max-Speed TCP. PEM. RADIUS. MTU. OSPF. OSI. Peripheral Component Interconnect. Remote Authentication Dial-In User Service. Public Key Cryptography Standard #12. Network Time Protocol. Redundant Array of Independent Disks. PKCS12. Name Service Provider Interface. PFS. NFS. Network Address Translate. PRTG. MS-SQL. NAS. RAID.

TCP. Synchronize. U. TTL. Simple Network Management Protocol. SFQ. ToS. SSL. SMTP. System Event Log. Transaction Prediction. Type of Service. Riverbed Copy Utility. SEL. TACACS+. Transmission Control Protocol. Unit. RSP. Time to Live. RPC. Stochastic Fairness Queuing. TP. Security Association. SMB. SMI. TCP/IP. Transaction Acceleration. Structured Query Language. ROFS. RiOS Services Platform SA. SDR. SSH. UDP. Synchronize/Acknowledgement. SNMP. Secure Shell. Steelhead Central Management Console User’s Guide 325 . Remote Procedure Call RSA. SYN. User Diagram Protocol. Secure Sockets Layer. Transmission Control Protocol/Internet Protocol. Terminal Access Controller Access Control System. SYN/ACK. Simple Mail Transfer Protocol. Structure of Management Information. Scalable Data Referencing. TA. SQL.Acronyms and Abbreviations RCU. Server Message Block. Read-Only File System. Rivest-Shamir-Adleman encryption method by RSA Security.

WAN. Uniform Resource Locator. Voice over IP. 326 Steelhead Central Management Console User’s Guide . VLAN. VGA. UTC. VoIP. VWE. Universal Naming Convention. Video Graphics Array. WCCP.Acronyms and Abbreviations UNC. Virtual Window Expansion. URL. Wide Area Network. Web Cache Communication Protocol. Universal Time Code. Virtual Local Area Network.

Index A Accounts adding a new user 63 capability-based 61 privileges 61 role-based 61 Adaptive Compression setting for data store 240 Add a New TCP Dump 216 Administrator setting password 61. modifying 105 Appliance Operations overview 118 push configuration 118 reboot 124 Send CLI commands 129 Set Password 126. 111. 112 appliance information 95. 99. 106. 127. 127. 113 editing 114. setting 40 Alarms page 40 Announcements Announcements page 39 setting on Home page 39 Announcements page 39 Appliance SSL settings. 111. 112 editing view of 117 fetching configuration from 17. viewing details 200 deleting from console 114 editing 97. 106. 125 Start/Stop service 123 Upgrade 120 Appliances adding to a group 95 backups 139 configurations. 100. 128 Shutdown action 125 Start/Stop service action 123 Upgrade action 120 view filtering 117 Applock optimization 242 Assignment scheme 283 Asymmetric routing auto-detection 284 Authentication RADIUS authentication method 57 Steelhead Central Management Console User’s Guide 327 . 108. 98. editing 96 connecting 23 connections. 102. 100. 116 groups 94 Push action 118 Reboot action 124 Send CLI commands 129 Set Password action 126. 108. 105. 110. 98. 110. 102. 128 Shutdown 86. 113 moving 114 navigating 28 overview of 15 registering 21 sending CLI commands to 129 setting password 126 shutting down 125 starting/stopping/restarting 123 upgrading software from console 120 viewing 117 Appliances page appliance details 97. 105. 99. 299 Alarm Status Memory Error 206 Alarm status admission control 206 fan error 206 link state 206 memory paging 206 system disk full 207 temperature 207 Alarms Alarms page 40 secure vault 41 thresholds.

viewing 160 resetting per in-path rule 230 Connection forwarding 285 in networking policies 285. 273 Documentation. managing 139 fetching 17. overview of 226 Auto-discover. overview of 226 Disk drive failure email notification 52. disabling 241 CIFS optimizations 242 CIFS prepopulation in optimization policies 243 CIFS protocol Overlapping Open Optimization (Advanced) setting 242 Cipher setting. contacting 14 DSCP enforcing 294 E Email notification in system settings policies 273 setting 50 Email page 51 Encapsulation scheme 282 Encrypted MAPI traffic 250 Encryption data store 236 Enhanced automatic peering 233 Enterprise MIB accessing 315 Ethernet network compatibility 11 Event notification setting 50 328 Index . expiring reports 204 CIFS disabling write optimization 240 dynamic throttling 241 optimization 240 SMB signing. for data store encryption 236 Class name in QoS 290 Class parent in H-QoS 293 CLI commands overview of 23 sending to appliances and groups 129 CMC compatibility 12 Compression level for data store 239 Configuration backups. 237 data replication settings 237 disk layout settings 238 Margin Segment Elimination 237 turning off encryption 236 Deny in-path rules. 113 pushing to appliances 118 saving 30 configuration backing up 76 Configurations page 88 Connection forwarding. 286 Connection History reports 160 Console fetching appliance configuration 113 network parameters setting 39 reconnecting to an appliance 113 security 59 Console Security page 59 Correct addressing 231 CPU utilization alarm status 206 report 198 CSV file. neighbor table settings 286 history. exporting statistics to 217 D Data Reduction report 155 Data store adaptive compression 240 compression level 239 core balancing 240 data reduction 228.Index setting general security 57 TACACS+ authentication method 57 Authentication methods local 57 Authentication tuning with HTTP 247 Auto-detection of asymmetric routing. in-path rule 226 Automatic peering 233 B backing up configuration 76 statistics 76 Backups configuration 139 reverting to 85 Balance data store CPU cores 240 Bandwidth Optimization report 153 C Capability-based accounts 61 user permissions 299 Cascading menus displaying and using 28 summary of 29 Certificates. overview of 226 Deny privileges 61 Discard in-path rules. about 284 Auto-discover rules.

Index Excel 242 Extended peering 233 External Backups page 76 F Failure notification setting 50 Fan error alarm status 206 Fetching configurations 17. 113 FIFO queue in QoS 292 Filtering appliances view 117 groups view 117 Fixed-target rules 226 Flexible licensing 84 Force NTLM 247 FTP channels. 33 Proxies (Networking Policy) 278 Host Settings page 32. optimizing 251 Steelhead Central Management Console User’s Guide 329 . setting 39 MOTD. 276 Lotus Notes protocols in optimization policies 254 Lotus Notes acceleration 64. 226 pass-through 226 type 226 VLAN identification number 227 Interactive ports list of 310 K Keep-alive for HTTP optimization 246 Kickoff reset existing connections that match an in-path rule 230 L Licenses managing 84 Licenses page 84 Link share weight 291 Link state alarm status 206 Local logging setting 53 Logging in Login page 24 Logging page 53 Login page 24 Logout 30 Logs adding a new log server 275 logging configuration 274. setting 39 MIB file accessing 315 SNMP traps sent 316 Microsoft Office 242 Microsoft Project. in QoS 290 H Hash assignment 283 High availability 283 Home page 25 announcement. 170 HTTP Mode. for Oracle Forms 248 HTTP protocol HTML Tags to Pre-fetch settings (Optimization Policy) 245 Server Subnet Setting (Optimization Policy) 246 settings (Optimization Policy) 244 I Inheritance of policy feature sets 131 In-path setting optimization policies for FTP channels 228 In-path rules auto-discover 226 fixed-target 226 in optimization policies 224. setting 39 Host settings Date and Time Settings (Networking Policy) 278 DNS settings (Networking Policy) 277 Host Settings (Networking Policy) 278 Host Settings page 32. setting optimization policies for 228 Full Transparency 231 G General Security Settings page 57 Gratuitous 401 247 Groups adding appliances to 95 creating new 94 deleting from RiOS 114 editing view of 117 moving 114 Guaranteed bandwidth. 66 M Managing configuration backups 139 policies 130 MAPI protocols in optimization policies 249 Mask assignment 283 Memory Error alarm status 206 Memory Paging alarm status 206 reports 199 Message of the day (MOTD). 33 HTTP Statistics report 166.

45. 61 Alarms page 40 Announcements page 39 Appliances page 97. 299 Monitored ports setting 42 Monitored Ports page 42 MOTD (Message of the Day). 101. optimization policies 247 Overview of asymmetric routing auto-detection 284 port labels 298 P Packet-order queue 292 Pages 24. setting 249 O Object Prefetches configuring for HTTP optimization 244 Online documentation 13 Online help 30 Online notes 13 Optimization CIFS 242 disabling CIFS SMB signing for 241 Encrypted MAPI traffic 250 print jobs 242 Optimization Policies Settings CIFS Prepopulation 243 described 132 feature sets 132 in-path rules 224. 299 setting on appliances and groups 126 Peering extended 233 Peering rules overlapping optimization settings 242 settings 240 Peers per Steelhead appliance 233 Performance optimization policies 238 Performance. 98. 33 Licenses page 84 Logging page 53 Monitored Ports page 42 My Account page 87 Network Interfaces page 36 RADIUS page 68 Reboot/Shutdown 86 Reboot/Shutdown page 86 Scheduled Jobs 82 Secure Vault page 72 SNMP page 44. 105 Multi-core balancing in data store 240 MX-TCP queue in QoS 292 My Account page 87 N Navigation 28 Network Interfaces page 36 Network parameters. 299 setting for monitor 61. 99. optimization policies 238 PFS permission to configure 300 Policies assigning 136 assigning to a group 136 creating new 133 editing 134 330 Index . 254 setting (Optimization Policy) 252 NSPI port. 102. 111. setting 39 Networking Policy settings described 132 feature sets 132 QoS Classes 290 NFS protocols in optimization policies 252 NFS protocol Override NFS Protocol (Optimization Policy) 253. 108. 106. 100. 110. setting 37. 102. in-path rule 227 Oracle Forms. 226 Lotus Notes 254 MAPI 249 NFS 252 Oracle Forms 247 Performance 238 Oracle Forms disabling 248 optimization policies 247 Oracle Forms traffic. 105. 112 Configurations page 88 Console Security page 59 Email page 51 External Backups 76 General Security Settings page 57 Home page 25 Host Settings page 32. 38.Index Monitor setting password 61. setting 39 MS-SQL ports 252 MTU value. 48 Software Upgrade page 85 TACACS+ page 70 Web Settings page 75 Welcome page 26 Password setting for admin 61.

194 QoS classes General QoS Settings (Networking Policy) 289 in networking policies 290 QoS rules 293 setting rules for 294 QoS marking optimized (Networking Policy settings) 296 passthrough (Networking Policy settings) 297 QoS DSCP monitor settings (Networking Policy settings) 295 QoS policies. displaying and downloading 214 Professional services. 68. 170 Memory Paging 199 printing 30 QoS Statistics 192. 101 Print optimization 242 Printing pages and reports 30 Privileges deny 61 read 61 write 61 Process dumps. auto-detection of 284 enabling simplified 284 RSP permission to configure 300 S Scheduled Jobs page 82 SDR Adaptive setting for data store 237 SDR-M 237 Secure vault alarm 41. setting 57. 298 default settings 301 server settings 301 RBT-Proto common ports used by the system 309 Read privileges 61 Reboot/Shutdown 86 Release notes 13 Reports Appliance Details 200 Bandwidth Optimization 153 Connection History 160 CPU Utilization 198 Data Reduction 155 Expiring Certificates 204 Export Performance Statistics 217 HTTP Statistics 166. port transparency 231 Queue FIFO 292 MXTCP 292 packet-order 292 SFQ 292 R RADIUS authentication method. overview of 298 monitored ports 42 ports setting 248 secure automatically forwarded 311 secure. 267 unlocking and changing the password 72 Secure Vault page 72 Steelhead Central Management Console User’s Guide 331 . 194 SSL Servers 172 Throughput 150 Traffic Summary 158 Reset existing client connections matching an in-path rule 230 Reuse Auth 247 Reverting to a backup version 85 Role based accounts user permissions 299 Role-based accounts 61 Role-based user permissions 61 User Permissions page 61 Routing asymmetric.Index inheritance 131 networking policy 132 optimization policy 132 overview 130 security policy 132 system settings policy 132 types 131 Port Transparency 231 Ports commonly excluded 310 default listening 309 interactive ports forwarded 310 labels. RADIUS page 68 authentication method. automatically forwarded 311 Preoptimization policy preoptimization policy 248 SSL 227 Primary gateway IP address 37. contacting 14 Proxies host settings in networking policies 278 Q QoS class name 290 FIFO queue 292 latency priority 290 MX-TCP queue 292 service ports for multiple mappings 235 SFQ queue 292 Statistics report 192.

Index Security setting for console 59 Security policies described 132 feature sets 132 Security signatures. setting 57. 70. 48 trap receiver. 45. 45. 101 SSL modifying for appliance 105 peer ciphers 259 SSL Servers report 172 statistics backing up 76 Strip Auth Header 247 Strip compression 246 System logging out 30 System disk full alarm status 207 System Settings Policy settings described 132 email notification 273 feature sets 132 T TACACS+ authentication method. displaying 214 Temperature alarm status 207 Throughput report 150 Traffic Summary report 158 Transparent addressing 231 Traps. 298 default settings 302 server settings 302 TACACS+ page 70 TCP Dump 216 TCP dumps. 236 SFQ queue in QoS 292 Shutting down 86 SMB signing disabling 241 Snapshots. summary of sent 316 SNMP compatibility 11 Software Upgrade page 85 Speed and duplex avoiding a mismatch 37. setting 43. 47 traps. summary of SNMP traps sent 316 U Upgrading license 84 software on appliances 120 Upper bandwidth 291 User permissions capability-based accounts 299 role based accounts 299 role-based 299 User Permissions page 61 Users adding new 63 permissions 61 User Permissions page 62 V Vista SMB support 241 VLAN identification number 227 preserving tags 231 W WAN visibility modes 231 WCCP groups (Networking Policy settings) 280 multiple Steelhead interfaces 280 service groups 279 service groups (Networking Policy settings) 279 Web settings Web Settings page 75 Web Settings page 75 Welcome page 26 Windows Vista SMB support 241 Write privileges 61 332 Index . displaying and downloading 214 SNMP SNMP page 44. disabling 241 Server Message Block (SMB) optimization 241 Service ports setting service ports 235 Service ports settings 235. adding 270 trap receivers.

Sign up to vote on this title
UsefulNot useful