manualshive.com logo in svg

Riverbed Steelhead 1050 Series, Installation And Configuration Manual

Share
Download
Riverbed Steelhead 1050 Series Installation And Configuration Manual Download Page 71

Steelhead Appliance Installation and Configuration Guide

   

   71

        

Disabling SMB Signing

Installing and Configuring the Steelhead Appliance

Disabling SMB Signing

The CIFS protocol, used by Windows operating systems for file and print sharing, is based on SMB protocol. 
To prevent security assaults that might modify transmissions, the SMB protocol supports signing all 
transmitted SMB packets. By default, Domain Controllers that also act as file servers have signing enabled. 

SMB signing is a performance intensive operation for clients and servers. Hence this feature is not turned 
on all the time. This feature is negotiated between the client and the server.

SMB signing prevents the Steelhead appliance from applying full optimization on CIFS connections and 
significantly reduces the performance gain from a Steelhead deployment. As many customers take 
additional security precautions (such as firewalls, internal-only reachable servers, and so forth), SMB 
signing adds little additional security, at a significant performance cost (even without deployed Steelhead 
appliances). 

Note:

For detailed information about the performance impact of SMB signing, see the Microsoft support site. SMB 
signing was enabled on Windows 2000, Service Pack 3, Critical fix Q329170.

Identifying Poor CIFS Performance

You can identify poor CIFS performance by the examining the Steelhead appliance log files in the 
Management Console. 

For example, on the client-side Steelhead appliance:

Jan 22 00:01:11 dfcfe1 sport[3940]: [smbcfe.WARN] 728 {10.0.0.14:1605 10.0.0.4:445} Cifs 

parser shutting down due to error=SMB_SHUTDOWN_ERR_SEC_SIG_ENABLED. Security signatures are 

enabled on the server. Disabling latency optimization, only bandwidth will be optimized.

For example, on the server-side Steelhead appliance:

Jan 22 00:04:49 dfcfe1 sport[3940]: [smbcfe.WARN] 733 {10.0.100.86:4688 10.0.0.4:445} Received 

cifs shutdown request from SFE: error=SMB_SHUTDOWN_ERR_SEC_SIG_ENABLED

You can disable SMB signing using one of the following approaches:

„

 

“Disabling SMB Signing Using the Secure-CIFS Feature,” 

next

„

“Disabling SMB Signing Using Active Directory” on page 73

Important:

Riverbed recommends you disable SMB signing using the Security Signatures feature. If you still 

experience problems, disable SMB signing using the procedures described in 

“Disabling SMB Signing 

Using Active Directory” on page 73

.

Disabling SMB Signing Using the Secure-CIFS Feature

The RiOS Secure-CIFS feature automatically disables SMB signing.

Important:

By default, the Secure-CIFS feature is enabled, thus the Steelhead appliance disables SMB signing by default.

Summary of Contents for Steelhead 1050 Series

Page 1: ...Steelhead Appliance Installation and Configuration Guide Version 5 5 4 July 2009...

Page 2: ...8 2000 Copyright 1996 1998 2000 The Regents of the University of California All rights reserved OpenSSH 1983 1990 1992 1993 1995 1993 The Regents of the University of California All rights reserved pa...

Page 3: ...d Documentation and the Support Knowledge Base 10 Related Reading 10 Safety Guidelines 11 Contacting Riverbed 11 Internet 11 Technical Support 11 Professional Services 11 Documentation 12 Chapter 1 Ov...

Page 4: ...igabit Ethernet PCI E Bypass Card 40 Two Port SX Fiber Gigabit Ethernet PCI E Bypass Card 40 Four Port SX Fiber Gigabit Ethernet PCI E Bypass Card 41 Two Port LX Fiber Gigabit Ethernet PCI E Bypass Ca...

Page 5: ...ifying Your Configuration 65 Configuring Out of Path Steelhead Appliances 66 Before You Begin 66 Connecting the Steelhead Appliance to Your Network 69 Configuring the Client Side Appliance 69 Disablin...

Page 6: ...vi Steelhead Appliance Installation and Configuration Guide Contents...

Page 7: ...0 Safety Guidelines on page 11 Contacting Riverbed on page 11 About This Guide The Steelhead Appliance Installation and Configuration Guide describes how to install and configure the Steelhead applian...

Page 8: ...appear in bold typeface Courier Information displayed on your terminal screen and information that you are instructed to enter appears in Courier font Within syntax descriptions values that you speci...

Page 9: ...otiates speed and duplex mode for all data rates and supports full duplex mode and flow control IEEE 802 3 2002 The Steelhead appliance with a Gigabit Ethernet card supports Jumbo Frames on in path an...

Page 10: ...contains important information about this release of the Steelhead appliance Riverbed Documentation and the Support Knowledge Base For a complete list and the most current version of Riverbed document...

Page 11: ...ce Guide Before you install operate or service the Riverbed products you must be familiar with the safety information Refer to the Safety and Compliance Guide if you do not clearly understand the safe...

Page 12: ...ction Contacting Riverbed Documentation We continually strive to improve the quality and usability of our documentation We appreciate any suggestions you may have about our online documentation or pri...

Page 13: ...Ports on page 35 Bypass Card Status Lights on page 39 Overview of the Steelhead Appliance The causes for slow throughput in WANs are well known high delay round trip time or latency limited bandwidth...

Page 14: ...liances These techniques ensure that efficient retransmission methods such as TCP selective acknowledgements are used negotiate optimal TCP window sizes to minimize the impact of latency on throughput...

Page 15: ...ally discovers the first Steelhead appliance in the path The difference is only seen in environments where there are three or more Steelhead appliances in the network path for connections to be optimi...

Page 16: ...the Accept peering rule action If enhanced auto discovery is enabled the Steelhead appliance only becomes the optimization peer if it is the last Steelhead appliance in the path to the server For deta...

Page 17: ...ass mode the traffic passes through uninterrupted Traffic that was optimized might be interrupted depending on the behavior of the application layer protocols When connections are restored they succee...

Page 18: ...nterface Reference Manual and the Network Interface Card Installation Guide Note The desktop Series 250 and 550 support fail to block mode Note The desktop Models 50 100 200 and 300 do not support fai...

Page 19: ...FS performance even when the CIFS traffic is signed by the server In previous releases of RiOS signed CIFS traffic would receive Data and Transport Streamlining optimizations but no CIFS Application S...

Page 20: ...This change only affects the 1U xx20 platforms which previously ran 32 bit code and with v5 5 and later now run 64 bit code With RiOS v5 5 all of the 1U xx20s 520 1020 1520 2020 2520 use a 64 bit imag...

Page 21: ...Overview of the Steelhead Appliance All subsequent v4 1 x and v5 0 x releases allow for a normal upgrade to v5 5 Upgrading RiOS Software Follow these steps to upgrade your RiOS software These instruct...

Page 22: ...h device Do not press Ctrl C unplug or otherwise shut down the system during this first boot There is no indication displayed during the system boot that the recovery flash device is being configured...

Page 23: ...2 550 Desktop 66 5 W 541 A 66 5 227 BTU 160 GB 80 GB RSP Partition 55 GB 1 65 x 7 1 x 12 in 4 2 x 18 0 x 30 5 cm 4 12 lb 2 15 kg 100 240 V 50 60 Hz Single 100 W Internal 2 2 2 1050 1U L M H 138 151 W...

Page 24: ...0 60 Hz 12 VDC 5 A 60 W Power Adaptor Single 60 W 200 55 31 5 W 0 5 A 0 5 107 BTU 60 GB 35 GB 1 75 x 8 75 x 6 in 4 4 x 22 2 x 15 2 cm 7 5 lb 3 4 kg 100 240 V 50 60 Hz 12 VDC 5 A 60 W Power Adaptor Sin...

Page 25: ...1 spare 500 GB 5 2 x 17 7 x 25 5 in 13 2 x 45 x 64 7 cm 92 lb 42 kg 100 240 V 50 60 Hz Triple 760 W 5520 3U 435 425 W 3 7 A 0 97 1450 BTU 6 x 250 GB SATA 1 spare 700 GB 5 2 x 17 7 x 25 5 in 13 2 x 45...

Page 26: ...1 x 42 7 x 40 9 cm 17 lb 7 7 kg 100 240 V 50 60 Hz Single 250 W 1010 1U 250 W 8A 4 A 2 27 A 110 V 1 76A 853 BTU 1 x 200 GB 80 GB 1 7 x 16 8 x 16 1 in 4 31 x 42 7 x 40 9 cm 17 lb 7 7 kg 100 240 V 50 60...

Page 27: ...below Model 3000 3010 3510 5000 and 5010 Output Power 460 W Voltage 90 264 VAC Full Range Frequency 47 63Hz Input Current 8 0 4 0A for 115 230 VAC Inrush Current 60A 80A Max for 115 230 VAC per power...

Page 28: ...10 000 ft 2020 10 35 C 50 95 F 40 65 C 40 149 F 20 80 non condensing 5 95 non condensing Up to 10 000 ft 2050 10 40 C 50 95 F 40 65 C 40 149 F 20 80 non condensing 5 95 non condensing Up to 10 000 ft...

Page 29: ...s light and port locations Figure 1 2 Front Panel Figure 1 3 Back Pane The following table summarizes the system LEDs SYSTEM Healthy Blue Degraded Yellow Critical Red System Boot Yellow HDD ACT HDD Ac...

Page 30: ...locations Figure 1 4 Front Panel Figure 1 5 Back Panel The following table summarizes the system LEDs SYSTEM LEDs Healthy Blue Degraded Yellow Critical Red System Boot Yellow NETWORK STATUS LEDs Fron...

Page 31: ...nking Green Unit is halted but the power supplies are still connected to AC power Solid Orange AC power is not connected to this power supply but the unit is still powered on due to the other power su...

Page 32: ...Figure 1 7 Back Panel SYSTEM LEDs Healthy Blue Degraded Yellow Critical Red System Boot Yellow NETWORK STATUS LEDs Link Solid Blue Activity Blinking Blue BYP BLK Bypass or Block Disconnect Mode Normal...

Page 33: ...Green Healthy power supply with AC power connected Blinking Green Unit is halted but the power supplies are still connected to AC power Solid Orange AC power is not connected to this power supply but...

Page 34: ...owing figure illustrates the Model 500 510 1000 1010 2001 and 2010 Figure 1 10 Front Panel Figure 1 11 Back Panel LED Button Color Condition Description Power Green ON System On WAN Green ON Linked Am...

Page 35: ...w of the Steelhead Appliance Model 3000 3010 5000 and 5010 The following figure illustrates the Model 3000 3010 5000 and 5010 Figure 1 12 Front Panel Figure 1 13 Back Panel Series xx20 Rev A and Rev B...

Page 36: ...hts and Ports Model 520 1020 1520 and 2020 Rev A The following figure illustrates the Model 520 1020 1520 and 2020 Rev A Figure 1 14 Front Panel Figure 1 15 Back Panel Model 520 1020 1520 and 2020 Rev...

Page 37: ...6120 LED Indicator Description Blue amber system status indicator The blue system status indicator lights up during normal system operation To stop the indicator from blinking press the system status...

Page 38: ...dition Description Power Green ON System On OFF System Off Hard Disk Drive Amber FLASHING Hard Disk Drive Activity OFF No Activity Network Green ON Linked FLASHING LAN Activity OFF Disconnected Overhe...

Page 39: ...Port SX Fiber Gigabit Ethernet PCI E Bypass Card on page 41 Two Port LX Fiber Gigabit Ethernet PCI E Bypass Card on page 41 Four Port LX Fiber Gigabit Ethernet PCI E Bypass Card on page 42 Bypass Card...

Page 40: ...rt Copper Gigabit Ethernet PCI E Bypass card status and LED lights Two Port SX Fiber Gigabit Ethernet PCI E Bypass Card The following section describes the Two Port SX Fiber Gigabit Ethernet PCI E Byp...

Page 41: ...Port SX Fiber Gigabit Ethernet PCI E Bypass card status and LED lights Two Port LX Fiber Gigabit Ethernet PCI E Bypass Card The following section describes the Two Port LX Fiber Gigabit Ethernet PCI...

Page 42: ...tus lights for the bypass cards supported on Series xx00 xx10 and xx20 platforms It includes the following sections Bypass Card Manufacturing Numbers Series xx00 xx10 and xx20 next Two Port Copper Fas...

Page 43: ...lights on the right correspond to the WAN link Description Old Manufacturing Part New Manufacturing Part Orderable Part Two Port Copper Fast Ethernet Bypass Card CMP 00005 150 00001 Only on existing...

Page 44: ...path_ipaddr b broadcast_ip_addr For example where the netmask is 24 ping c 1 I 10 11 128 8 b 10 11 128 255 This ping command creates a loop for testing the Steelhead appliance in isolation Two Port Co...

Page 45: ...abit Ethernet Bypass Card B The following section describes the Two Port Copper Gigabit Ethernet Bypass Two Port Copper Gig E Bypass Card B 150 00002 status lights Figure 1 27 Two Port Copper Gigabit...

Page 46: ...sole and the CLI are a combination of the slot number and the port pairs lan slot _ pair wan slot _ pair For example if a four port bypass card is located in slot 0 of your system the interface names...

Page 47: ...our port bypass card is located in slot 0 of your appliance the interface names are lan0_0 wan0_0 lan0_1 and wan0_1 respectively Alternatively if the bypass card is located in slot 1 of your appliance...

Page 48: ...SX Fiber Gig E Bypass card 150 00010 status lights Figure 1 32 Four Port SX Fiber Gig E Bypass Card The Bypass LED is ON Green if the Four Port Copper Gig E Bypass card is in bypass mode it is OFF if...

Page 49: ...on page 71 Important Please read and follow the safety guidelines described in the Safety and Compliance Guide Failure to follow these safety guidelines can result in damage to the equipment Choosing...

Page 50: ...N traffic can pass through or be redirected to the Steelhead appliance For detailed information about your deployment options and best practices for deploying Steelhead appliances see the Steelhead Ap...

Page 51: ...ath In an out of path deployment the Steelhead appliance is not in the direct path between the client and the server In an out of path deployment the Steelhead appliance acts as a proxy This type of d...

Page 52: ...Steelhead appliance is completely assembled with all the equipment parts in place and securely fastened Before you install the Steelhead appliance make sure your site meets the following requirements...

Page 53: ...o complete the initial configuration of the Steelhead appliance Be prepared to provide values for the parameters listed in the following checklist Note The Steelhead appliance automatically negotiates...

Page 54: ...tion Guide Port Description Console Connects the serial cable to a terminal device You establish a serial connection to a terminal emulation program for console access to the configuration wizard and...

Page 55: ...ote If your model has multiple power supplies you must plug in all the power cords or you will hear an alarm Important The Model 50 100 200 or 300 is designed for the desktop If you install the Model...

Page 56: ...ol Note If you are using the Steelhead appliance with a terminal server the terminal server must use hardware flow control for the port connected to the Steelhead appliance Tip Riverbed recommends you...

Page 57: ...alf duplex This duplex mismatch passes traffic but it causes late collisions and results in degraded optimization To achieve maximum optimization set your network devices to 100 and full To avoid dupl...

Page 58: ...nter yes at the system prompt For example Do you want to use the configuration wizard for initial configuration yes 3 Complete the configuration wizard steps on the client side and the server side Ste...

Page 59: ...nterface Make sure this value matches the settings on your router or switch The default value is auto Step 12 Set the primary interface duplex auto auto Step 13 Would you like to activate the in path...

Page 60: ...17 Set the in path LAN interface speed auto 18 Set the in path LAN interface duplex auto 19 Set the in path WAN interface speed auto 20 Set the in path WAN interface duplex auto To change an answer e...

Page 61: ...ch Cross over cable WAN port on the appliance to the WAN router To connect to your network 1 Plug the straight through cable into the Primary port of the Steelhead appliance and the LAN switch This ca...

Page 62: ...s to verify that you have properly connected the Steelhead appliance To verify your connections 1 Verify that you can connect to the CLI using one of the following devices An ASCII terminal or emulato...

Page 63: ...Steelhead Appliance Installation and Configuration Guide 63 Configuring In Path Steelhead Appliances Installing and Configuring the Steelhead Appliance Figure 2 10 Resolving IP Connectivity...

Page 64: ...zard Note Cookies and Javascript must be enabled in your Web browser To connect to the Management Console 1 Enter the URL for the Management Console in the location box of your Web browser protocol ho...

Page 65: ...aces you must make sure that the Steelhead appliance negotiated the speed and duplex at the rate your devices expect For example ensure settings are auto on the LAN and WAN and 100 FULL on the LAN and...

Page 66: ...optimization might be degraded The configuration wizard automatically starts when you log into the Steelhead CLI for the first time For detailed information about the configuration wizard and how to r...

Page 67: ...server 10 0 0 2 Step 7 Domain name Enter the domain name for the network where the Steelhead appliance is to reside If you set a domain name you can enter host names in the system without the domain...

Page 68: ...system enter the following command at the system prompt amnesiac exit Step 12 Set the primary interface duplex Enter the duplex mode on the primary interface type a value at the system prompt Make sur...

Page 69: ...ration you configure the client side Steelhead appliance in the same way as an in path configuration For optimization to occur you must define a fixed target rule on the client side Steelhead applianc...

Page 70: ...out of path deployment and you want to optimize MAPI Exchange you must specify the MAPI end point port 135 the Steelhead appliance port used for Exchange traffic 7830 and the Steelhead appliance port...

Page 71: ...enabled on Windows 2000 Service Pack 3 Critical fix Q329170 Identifying Poor CIFS Performance You can identify poor CIFS performance by the examining the Steelhead appliance log files in the Managemen...

Page 72: ...ng factors If the client side machine has Required signing enabling the Secure CIFS feature prevents the client from connecting to the server If the server side machine has Required signing the client...

Page 73: ...Secure CIFS feature does not disable SMB signing you must revise the default SMB registry parameters SMB signing is controlled by the following registry parameters enablesecuritysignature SSEn requir...

Page 74: ...f SMB signing is set to required do not disable it on the server For the best performance it should be enabled on the clients disabled on file servers and enabled on domain controllers Number Paramete...

Page 75: ...r servers that you want to optimize Tip You can also open a command prompt and enter gpupdate exe Force which forces the group policy you just modified to become active without rebooting You can verif...

Page 76: ...ling SMB Signing 3 Click the Group Policy tab 4 Click Default Domain Controllers Policy and select Edit 5 Click Default Domain Controllers Policy Computer Configuration Windows Settings Security Setti...

Page 77: ...ck Reports to display the Reports Bandwidth Optimization page 3 Under Network click Current Connections to display the Reports Network Current Connections page 4 Check for protocol errors Protocol err...

Page 78: ...78 Steelhead Appliance Installation and Configuration Guide Installing and Configuring the Steelhead Appliance Disabling SMB Signing...

Page 79: ...ent Guide Common Problems The problems described in this section are common problems encountered by customers who have contacted Riverbed Technical Support for assistance Riverbed recommends that you...

Page 80: ...device deployed prior to the Steelhead appliance Manually configure the same speed for your router switch the Steelhead appliance primary interface the Steelhead appliance LAN interface the Steelhead...

Page 81: ...but applications are not 2x you might be experiencing op lock issues This is often due to an old anti virus For example McAfee 4 5 on the client or an anti virus is competing with the application for...

Page 82: ...r example at the system prompt enter the CLI command in path enable In path client out of path support If necessary disable in path client out of path support For example at the system prompt enter th...

Page 83: ...get rules that points to the remote Steelhead appliance port 7800 or you change the configuration on the firewall LAN and WAN bandwidth and reliability Check client and server duplex issues or VoIP tr...

Page 84: ...port at https support riverbed com because it is possible the appliance has a defective power supply that needs to be replaced The Steelhead appliance blocks traffic when going into bypass mode If a S...

Page 85: ...mode 6 Enter 1 to select the boot parameters and then enter E to enter edit mode 7 A partial line of text is displayed 8 Append single to the end of the partial line of text that is displayed IMPORTA...

Page 86: ...lem occurs in single user mode contact Riverbed Technical Support at https support riverbed com The Steelhead appliance fails to boot Ensure that The Steelhead appliance is properly plugged in The pow...

Page 87: ...activated For example at the system prompt enter the show licenses CLI command For questions about licenses contact Riverbed Technical Support at https support riverbed com The power light on a Steelh...

Page 88: ...other cases run the CLI command show raid diagram and contact Riverbed Technical Support at https support riverbed com 3020 3520 5520 6020 6120 Interceptor 9200 Loud periodic beep Indicates a RAID iss...

Page 89: ...Directory ADS Active Directory Services AES Advanced Encryption Standard APT Advanced Packaging Tool AR Asymmetric Routing ARP Address Resolution Protocol BDP Bandwidth Delay Product BW Bandwidth CA...

Page 90: ...DHCP Dynamic Host Configuration Protocol DNS Domain Name Service DR Data Replication DSA Digital Signature Algorithm DSCP Differentiated Services Code Point ECC Error Correcting Code ERP Enterprise Re...

Page 91: ...Gateway Protocol IOS Cisco Internetwork Operating System IKE Internet Key Exchange IP Internet Protocol IPMI Intelligent Platform Management Interface IPSec Internet Protocol Security Protocol ISL In...

Page 92: ...Translate NFS Network File System NIS Network Information Services NSPI Name Service Provider Interface NTLM Windows NT LAN Manager NTP Network Time Protocol OSI Open System Interconnection OSPF Open...

Page 93: ...rds SDR Scalable Data Referencing SEL System Event Log SFQ Stochastic Fairness Queuing SMB Server Message Block SMI Structure of Management Information SMTP Simple Mail Transfer Protocol SNMP Simple N...

Page 94: ...Service U Unit UDP User Diagram Protocol UNC Universal Naming Convention URL Uniform Resource Locator UTC Universal Time Code VGA Video Graphics Array VLAN Virtual Local Area Network VoIP Voice over...

Page 95: ...twork segments that use the same communications protocol Bridges operate at the data link layer Layer 2 of the OSI reference model In general a bridge filters forwards or floods an incoming frame base...

Page 96: ...y is required for optimization to occur Ethernet The most widely used Local Area Network LAN access method Fat Client A client computer which provides large size applications independently of the cent...

Page 97: ...tion is made between two elements systems or devices so that they can communicate with one another Internet The collection of networks tied together to provide a global network that use the TCP IP sui...

Page 98: ...class of the address and the subnet field should be contiguous with the network portion Neural Network A modeling technique based on the observed behavior of biological neurons and used to mimic the...

Page 99: ...most expedient route traffic load line costs speed bad lines etc Routers work at Layer 3 in the protocol stack whereas bridges and switches work at Layer 2 SDR Scalable Data Referencing Process that...

Page 100: ...gured LAN or broadcast domain Instead of going to the wiring closet to move a cable to a different LAN network administrators can remotely configure a port on an 802 1Q compliant switch to belong to a...

Page 101: ...rview of 71 SMB signing viewing current settings for 72 troubleshooting 81 Client side appliance configuring 69 CMC overview of 14 Common problems 79 Configuration information required 53 configuratio...

Page 102: ...ss through rules overview of 15 Peering rules overview of 16 Physical in path deployment diagram of 50 Physical in path overview of 50 Ports definitions of 54 Power light 84 87 Preparing your site 52...

Page 103: ...A CMP 00053 illustration of 44 Two Port Gig E Bypass card B CMP 00028 illustration of 45 V Virtual in path deployments overview of 50 W WAN and LAN connections troubleshooting 80 WAN port connecting 6...

Page 104: ...104 Steelhead Appliance Installation and Configuration Guide Index...

Reviews:

No comments

Brands by name

Popular brands

Load more brands