Remote Access at Warp Speed
Although Riverbed is best known for its site-to-site WAN acceleration appliances, it hasn't forgotten teleworkers, road warriors, and small branch offices. Steelhead Mobile is Riverbed's software client for accelerating individual remote connections to the data center over the WAN or Internet. Instead of having to deploy a Steelhead appliance for even the smallest branch office, IT can simply push the Steelhead Mobile client to users' desktops and laptops, and they can take advantage of Riverbed's best-of-class acceleration and optimization wherever they might be -- or roam.
The newly released Riverbed Steelhead Mobile 3.1 fills in a number of features that were missing in previous versions. The ability to accelerate HTTPS, Exchange 2010 (encrypted MAPI), and Citrix XenApp and XenDesktop traffic streams, and support for Server Message Block (SMB) signing for secure Windows file sharing are now built in. Best of all, in addition to 32-bit Windows editions, Steelhead Mobile now runs on Windows 7 64-bit and Mac OS X Leopard (10.5) and Snow Leopard (10.6). Overall, performance on Windows and Mac OS X proved on a par with the physical appliance, with FTP traffic lagging ever so slightly behind all other traffic types.
[ Also on InfoWorld: The best free tools combine firewall friendliness with easy remote access and an amazing array of handy features. See "InfoWorld review: Free remote access tools for Windows and Mac." ]
Like a Steelhead appliance at the branch office, the Steelhead Mobile client works with a Steelhead at the opposite end of the link to reduce application protocol chattiness and deduplicate the data traveling over the network. In addition to at least one Steelhead appliance in the data center, a Steelhead Mobile deployment requires a Steelhead Mobile Controller, which serves as the management and reporting system for the clients.
I tested Steelhead Mobile using both a Windows XP Pro PC and a MacBook Pro as my endpoints and a Steelhead 2050 as my data center appliance. Instead of installing another appliance for the Steelhead Mobile Controller, I simply deployed the Steelhead Mobile Controller Virtual Edition on my Steelhead 2050 using the Riverbed Services Platform, a built-in virtualization platform based on VMware. I simulated various WAN speeds and conditions using a Shunra Storm VE appliance and my test automation relied on Macro Scheduler from MJT Net.
Fast CIFS file copies, slower by FTP
Regardless of the link speed and conditions, Steelhead Mobile matched performance with the physical appliance for most traffic. This is because Steelhead Mobile's core is based on the code found in the physical Steelhead appliance. For example, a single large file copy using CIFS over a T1 with 500 ms of latency (simulating a satellite link) took 1 hour, 44 minutes, and 16 seconds to complete without optimization. With Steelhead Mobile enabled, the same copy only took 3 minutes, 17 seconds -- a 31x improvement. Subsequent "hot" passes averaged a mere 37 seconds. Performance was the same on Windows XP and Mac OS X. Both Steelhead Mobile clients performed just as expected.
Regardless of the WAN link speed, I saw similar reductions in transfer times whether the test was a bunch of small files, a series of open and save operations in Excel, or MAPI traffic from an Exchange server. Even HTTP and HTTPS traffic benefited from Steelhead Mobile's optimization and acceleration engine. The new HTTP and HTTPS prefetch and chatter reduction proved quite effective at improving the overall Web experience.
Not all FTP traffic is equal, and I did notice an issue when testing FTP performance. There are two types of FTP communication: Active and Passive. Active FTP is where the client initializes the communication to the server and the server connects back to the client to complete the data transfer (outbound-inbound). Passive FTP is where the client initiates the communication and establishes the communication lane to the server (outbound-outbound). Passive FTP sessions benefit from Steelhead Mobile's optimization, but Active FTP sessions do not -- even though the Mobile Controller shows the connection as optimized.
This is due to the architecture of the Steelhead Mobile client. Whereas a Steelhead appliance will optimize connections that are initiated from either side of the WAN, the Steelhead Mobile client optimizes only the connections it initiates. Mobile is smart enough not to block the FTP server's inbound connection -- Active FTP sessions do work -- but neither latency nor bandwidth requirements are reduced. Passive FTP sessions are not affected because all communication is from the client to the server. When using Passive FTP, I did see performance gains, but they're relatively modest -- an 8x improvement in the case of a single large file -- compared to CIFS file copies. Even on "hot" passes, CIFS traffic outpaced FTP response.
Speedy Citrix XenApp and XenDesktop and secure Windows SMB
Also new in Steelhead Mobile 3.1 is native support for Citrix XenApp and XenDesktop traffic. For both Citrix terminal services and virtual desktop infrastructure (VDI) farms, Mobile now helps improve client response time over the WAN and reduce overall bandwidth needs. Mobile also automatically provides QoS for all Citrix traffic, resulting in more consistent and reduced response times. Configuration is limited to choosing the port for your XenApp traffic; there isn't anything else to worry about.
As noted earlier, Steelhead Mobile 3.1 now runs on Mac OS X, and it works like a champ. Along with speeding up WAN connections for the Mac itself, Mobile extends its optimization and acceleration benefits to hosted guest operating systems running on virtualization layers such as VMware Fusion and Parallels Desktop. This means that any virtual machine hosted by the Mac will get the Steelhead treatment and take part in better overall WAN performance. The same goes for virtualization on Windows, for that matter. As long as Steelhead Mobile fits into the computer's network stack -- Mac or Windows -- it can optimize any traffic that passes through it.
The Steelhead Mobile Controller displays the traffic passing between Steelhead Mobile clients and the data center. Here, it is easy to see that most CIFS traffic was redundant, providing a 99 percent reduction of data on the WAN.
By default, Windows Server 2008 domain controllers have SMB signing enabled to encrypt Server Message Block (Windows network protocol) packets as they move between client and server. By encrypting the packets, SMB signing provides a means of authenticating the end-to-end traffic, preventing man-in-the-middle attacks. With the version 3.1 release, Steelhead Mobile can handle these packets by participating in the Active Directory domain. Now Mobile is able to optimize any CIFS traffic it sees, not just unencrypted traffic. Finally, Mobile can now optimize encrypted MAPI traffic between clients and Microsoft Exchange 2007 and Exchange 2010 servers, too.
Riverbed Steelhead Mobile 3.1 plugs important gaps left open from previous releases. Performance keeps pace with its hardware-based cousin and the feature set is maturing nicely, with better SSL support, Citrix optimizations, and support for Windows SMB signing and encrypted MAPI. The Mac OS X client is the icing on the cake -- and best of all, it just works.
This article, "Remote access at warp speed," was originally published at InfoWorld.com. Follow the latest developments in networking at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.
Read more about networking in InfoWorld's Networking Channel.