Preview only show first 10 pages with watermark. For full document please download

Steelhead Mobile Controller Installation Guide

   EMBED


Share

Transcript

Steelhead Mobile Controller Installation Guide Version 2.0 November 2008 © 2003-2008 Riverbed Technology, Incorporated. All rights reserved. Riverbed Technology, Riverbed, Steelhead, RiOS, Interceptor and the Riverbed logo are trademarks or registered trademarks of Riverbed Technology, Inc. All other trademarks used or mentioned herein belong to their respective owners. Linux is a trademark of Linus Torvalds in the United States and in other countries. VMware is a trademark of VMware, Incorporated. Oracle and JInitiator are trademarks or registered trademarks of Oracle Corporation. Microsoft, Windows, Vista, Outlook, and Internet Explorer are trademarks or registered trademarks of Microsoft Corporation. UNIX is a registered trademark in the United States and in other countries, exclusively licensed through X/Open Company, Ltd. Parts of this product are derived from the following software: Apache © 2000-2003. The Apache Software Foundation. All rights reserved. Busybox © 1999-2005 Eric Andersen ethtool © 1994, 1995-8, 1999, 2001, 2002 Free Software F oundation, Inc Less © 1984-2002 Mark Nudelman Libevent © 2000-2002 Niels Provos. All rights reserved. LibGD, Version 2.0 licensed by Boutell.Com, Inc. Libtecla © 2000, 2001 by Martin C. Shepherd. All rights reserved. Linux Kernel © Linus Torvalds login 2.11 © 1993 The Regents of the University of California. All rights reserved. md5, md5.cc © 1995 University of Southern California, © 1991-2, RSA Data Security, Inc. my_getopt.{c,h} © 1997, 2000, 2001, 2002, Benjamin Sittler. All rights reserved. NET-SNMP © Copyright 1989, 1991, 1992 by Carnegie Mellon University. All rights reserved. Derivative Work 1996, 1998-2000 Copyright 1996, 1998-2000 The Regents of the University of California. All rights reserved. OpenSSH © 1983, 1990, 1992, 1993, 1995, 1993 The Regents of the University of California. All rights reserved. pam © 2002-2004 Tall Maple Systems, Inc. All rights reserved. pam-radius © 1989, 1991 Free Software Foundation, Inc. pam-tacplus © 1997-2001 by Pawel Krawczyk ssmtp © GNU General Public License syslogd © 2002-2005 Tall Maple Systems, Inc. All rights reserved. Vixie-Cron © 1988, 1990, 1993, 1994 by Paul Vixie. All rights reserved. Zile © 1997-2001 Sandro Sigalam © 2003 Reuben Thomas. All rights reserved. This product includes software developed by the University of California, Berkeley and its contributors. This product is derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm. For detailed copyright and license agreements or modified source code (where required), see the Riverbed Technical Support site at https://support.riverbed.com. Certain libraries were used in the development of this software, licensed under GNU Lesser General Public License, Version 2.1, February 1999. For a list of libraries, see the Riverbed Technical Support at https://support.riverbed.com. You must log in to the support site to request modified source code. Other product names, brand names, marks, and symbols are registered trademarks or trademarks of their respective owners. The content of this manual is furnished on a RESTRICTED basis and is subject to change without notice and should not be construed as a commitment by Riverbed Technology, Incorporated. Use, duplication, or disclosure by the U.S. Government is subject to restrictions set forth in Subparagraphs (c) (1) and (2) of the Commercial Computer Software Restricted Rights at 48 CFR 52.227-19, as applicable. Riverbed Technology, Incorporated assumes no responsibility or liability for any errors or inaccuracies that may appear in this book. Riverbed Technology 199 Fremont Street San Francisco, CA 94105 Phone: 415.247.8800 Fax: 415.247.8801 Web: http://www.riverbed.com Part Number 712-00100-04 Contents Contents Introduction................................................................................................................................................. 5 About This Guide ..........................................................................................................................................5 Types of Users .........................................................................................................................................5 Organization of This Guide...................................................................................................................5 Document Conventions .........................................................................................................................6 Hardware, Software, and Configuration Dependencies..........................................................................6 Firewall Requirements ..................................................................................................................................7 Additional Resources ....................................................................................................................................8 Online Notes............................................................................................................................................8 Online Documentation ..........................................................................................................................8 Related Reading ......................................................................................................................................8 Safety Guidelines ...........................................................................................................................................8 Contacting Riverbed......................................................................................................................................9 Internet .....................................................................................................................................................9 Technical Support ...................................................................................................................................9 Professional Services ..............................................................................................................................9 Documentation........................................................................................................................................9 Chapter 1 - Overview................................................................................................................................ 11 Overview of the Steelhead Mobile ............................................................................................................11 Definition of Terms...............................................................................................................................12 New Features in Version 2.0 .......................................................................................................................12 Upgrading to Version 2.0 ............................................................................................................................13 Technical Specifications ..............................................................................................................................13 System Requirements...........................................................................................................................14 Software Specifications ........................................................................................................................14 Environmental Specifications ....................................................................................................................15 Mobile Controller Status Lights and Ports...............................................................................................15 Steelhead Mobile Components...........................................................................................................15 Chapter 2 - Steelhead Mobile Deployments ...........................................................................................17 Deploying Steelhead Mobile in Environments with VPNs ...................................................................17 Deploying Steelhead Mobile in Environments with Firewalls .............................................................18 Deploying for Local and Remote Access Users.......................................................................................19 Deploying Multiple Mobile Controllers ...................................................................................................20 Steelhead Mobile Controller Installation Guide 3 Contents Basic Steps for Deploying Steelhead Mobile ...........................................................................................21 Chapter 3 - Installing Steelhead Mobile Controller................................................................................23 Checking Your Inventory............................................................................................................................23 Preparing Your Site for Installation...........................................................................................................24 Completing the Configuration Checklist .................................................................................................24 Memory Usage......................................................................................................................................25 Powering On the Mobile Controller..........................................................................................................26 Connecting to the Mobile Controller ........................................................................................................26 Configuring the Mobile Controller ...........................................................................................................27 Connecting the Mobile Controller to Your Network ..............................................................................28 Logging in to the Mobile Controller console ...........................................................................................29 Index ..........................................................................................................................................................31 4 Steelhead Mobile Controller Installation Guide Introduction Welcome to the Steelhead Mobile Controller Installation Guide. Read this introduction for hardware, software and configuration dependencies, as well as an overview of the documentation conventions used throughout this document. This introduction includes the following sections: „ “About This Guide,” next „ “Hardware, Software, and Configuration Dependencies” on page 6 „ “Firewall Requirements” on page 7 „ “Additional Resources” on page 8 „ “Safety Guidelines” on page 8 „ “Contacting Riverbed” on page 9 About This Guide The Steelhead Mobile Controller Installation Guide provides an overview of Steelhead Mobile features. It also describes how to quickly install and connect the Steelhead Mobile Controller (Mobile Controller) to your network. Types of Users This guide is written for storage and network administrators with familiarity administering and managing WANS using common network protocols such as TCP, CIFS, HTTP, FTP, NFS, and so forth. This guide also assumes that you are familiar with administering and managing a network of deployed Steelhead appliances. Organization of This Guide The Steelhead Mobile Controller Installation Guide includes the following chapters: „ “Overview,” introduces the Steelhead Mobile and describes components, deployment options, and basic steps for configuring your Steelhead Mobile deployment. „ “Steelhead Mobile Deployments,” describes how to deploy Steelhead Mobile. Steelhead Mobile Controller Installation Guide 5 Introduction “Installing Steelhead Mobile Controller,” describes how to quickly install and connect the Mobile Controller appliance to your network. „ Document Conventions This manual uses the following standard set of typographical conventions to introduce new terms, illustrate screen displays, describe command syntax, and so forth. Convention Meaning italics Within text, new terms and emphasized words appear in italic typeface. boldface Within text, commands, keywords, identifiers (names of classes, objects, constants, events, functions, program variables), environment variables, filenames, GUI controls, and other similar terms appear in bold typeface. Courier Information displayed on your terminal screen and information that you are instructed to enter appears in Courier font. <> Within syntax descriptions, values that you specify appear in angle brackets. For example: interface [] Within syntax descriptions, optional keywords or variables appear in brackets. For example: ntp peer [version ] {} Within syntax descriptions, required keywords or variables appear in braces. For example: {delete | upload } | Within syntax descriptions, the pipe symbol represents a choice to select one keyword or variable to the left or right of the symbol. (The keyword or variable can be either optional or required.) For example: {delete | upload } Hardware, Software, and Configuration Dependencies The following table summarizes the hardware, software and configuration requirements for deploying the Steelhead Mobile. Riverbed Component Hardware and Software Requirements Mobile Controller 19-inch (483 mm) two or four-post rack. Mobile Controller console Any computer that supports a Web browser with a color image display. The Mobile Controller console has been tested with Mozilla Firefox version 1.0.x, 1.5.x, 2.0.x, and Microsoft Internet Explorer version 6.x, and 7.0. Note: Javascript and cookies must be enabled in your Web browser. Note: If you want to encrypt your communication, you must have an SSL capable browser. No particular operating system is required. 6 Steelhead Mobile Controller Installation Guide Introduction Riverbed Component Hardware and Software Requirements Mobile Client Pentium III, 650 MHz, 512 MB of RAM. At least 1 GB of disk space for the data store. Important: Carefully consider the data store size for your Mobile Clients. Changing the data store size later requires emptying the data store which temporarily slows performance. Minimum Windows 2000 Professional SP4, Windows XP SP2, or Windows Vista. The client firewall must allow port 7801. If you are enforcing outbound security, you must allow the following client application components; rbtdebug.exe, rbtmon.exe, shmobile.exe, and rbtsport.exe. The Mobile Client software must be installed on an NTFS file system. Steelhead Mobile does not support installation on a FAT or FAT32 file system. Microsoft Windows administrator privileges are required to install Mobile Client software. Microsoft Windows user privileges are required to run the software. No more than one Mobile Client software installation. Multiple installations of the Mobile Client software on a single endpoint is not supported. Fast user switching is also not supported. Ensure that the VPN tunnel is not optimized. If the VPN tunnel uses TCP for transport, when you configure the acceleration policy, add a pass-through rule for the VPN port number connected to by the client. Depending on your deployment scenario, this rule might be the first rule in the list. For details about pass-through rules and acceleration policies, see the Steelhead Mobile Controller User’s Guide. VPNs that use IPSec as the transport protocol do not need a pass-through rule. This is because IPSec is its own non-TCP/IP protocol and, by default, the Steelhead appliances do not optimize it. Steelhead Appliance Version 4.0.x. Firewall Requirements This section summarizes the firewall requirements for deploying the Steelhead Mobile. „ If you deploy the Mobile Controller in the DMZ next to a VPN concentrator with firewalls on each side, the client-side network firewall must have port 7801 available. „ If firewall software is used on the client, incoming connections must be allowed port 7801. „ The server-side firewall must have ports 22, 80, 443, 7800 and 7870 open. „ To use application control, you need to allow rbtdebug.exe, rbtmon.exe, rbtsport.exe, and shmobile.exe. „ Microsoft Windows 2000 Professional Service Pack4, Microsoft. Steelhead Mobile Controller Installation Guide 7 Introduction Additional Resources This section describes resources that supplement the information in this guide. It includes the following sections: „ “Online Notes,” next „ “Online Documentation” on page 8 „ “Related Reading” on page 8 Online Notes The following online file supplements the information in this manual. It is available on the Riverbed Technical Support site at https://support.riverbed.com. Online File Purpose _.txt Describes the product release and identifies fixed problems, known problems, and workarounds. This file also provides documentation information not covered in the manuals or that has been modified since publication. Please examine this file before you begin the installation and configuration process. It contains important information about this release of Steelhead Mobile. Online Documentation The Riverbed documentation set is periodically updated with new information. To access the most current version of Riverbed documentation and other technical information, consult the Riverbed Technical Support site located at https://support.riverbed.com. Related Reading To learn more about network administration, consult the following books: „ Microsoft Windows 2000 Server Administrator’s Companion by Charlie Russell and Sharon Crawford (Microsoft Press, 2000) „ Common Internet File System (CIFS) Technical Reference by the Storage Networking Industry Association (Storage Networking Industry Association, 2002) „ TCP/IP Illustrated, Volume I, The Protocols by W. R. Stevens (Addison-Wesley, 1994) „ Internet Routing Architectures (2nd Edition) by Bassam Halabi (Cisco Press, 2000) Safety Guidelines Follow the safety precautions outlined in the Safety and Compliance Guide when installing and setting up your equipment. 8 Steelhead Mobile Controller Installation Guide Introduction Important: Failure to follow these safety guidelines can result in injury or damage to the equipment. Mishandling of the equipment voids all warranties. Please read and follow safety guidelines and installation instructions carefully. Many countries require the safety information to be presented in their national languages. If this requirement applies to your country, consult the Safety and Compliance Guide. The guide contains the safety information in your national language. Before you install, operate, or service the Riverbed products, you must be familiar with the safety information. Refer to the guide if you do not clearly understand the safety information provided in the documentation. Contacting Riverbed This section describes how to contact departments within Riverbed. Internet You can find out about Riverbed products through our Web site at http://www.riverbed.com. Technical Support If you have problems installing, using, or replacing Riverbed products contact Riverbed Technical Support. For the fastest service, please open a trouble ticket at https://support.riverbed.com or call 1-888-RVBD-TAC (1-888-782-3822) in the United States and Canada or +1 415 247 7381 outside the United States. Professional Services Riverbed has staff of professionals who can help you with the installation assistance, provisioning, network redesign, project management, custom designs, consolidation project design, and custom coded solutions. To contact Riverbed Professional Services go to http://www.riverbed.com or email [email protected]. Documentation We continually strive to improve the quality and usability of our documentation. We appreciate any suggestions you may have about our online documentation or printed materials. Send documentation comments to [email protected]. Steelhead Mobile Controller Installation Guide 9 Introduction 10 Steelhead Mobile Controller Installation Guide CHAPTER 1 Overview This chapter describes Steelhead Mobile components, the most common deployment options, and the basic steps to deploy Steelhead Mobile components. This chapter includes the following sections: „ “Overview of the Steelhead Mobile,” next „ “New Features in Version 2.0” on page 12 „ “Upgrading to Version 2.0” on page 13 „ “Technical Specifications” on page 13 „ “Environmental Specifications” on page 15 „ “Mobile Controller Status Lights and Ports” on page 15 This guide assumes that you are familiar with the installation, configuration and management of networks with deployed Steelhead appliances. For detailed information about the Steelhead appliance, see the Steelhead Appliance Installation and Configuration Guide, Steelhead Management Console User’s Guide, and the Steelhead Appliance Deployment Guide. Overview of the Steelhead Mobile The Steelhead Mobile solution enables you to optimize TCP traffic to remote users who are accessing your computer network using any type of remote access (dial-up, broadband, wireless, and so forth.). The Steelhead Mobile solution enables you to optimize traffic for the following types of users: „ Mobile Users. Mobile users are employees that connect to the WAN from various locations and also connect to the LAN locally. „ Home Users. Home users are employees who use computers that connect to the corporate network. „ Small Branch Office Users. Small branch office users are located at offices with fewer than ten employees that connect to the WAN but do not require a standard Steelhead appliance. Steelhead Mobile Controller Installation Guide 11 Overview Definition of Terms The following terms are used to describe features, attributes, and processes in the Steelhead Mobile: Term Definition Endpoint An endpoint is a client computer. For example, a PC or laptop. MSI Package An MSI package is the Microsoft Software Installer (MSI) used to install Steelhead Mobile Client software onto each of your endpoint clients. IMPORTANT: The default MSI package that ships with the Mobile Controller contains the default endpoint and acceleration policies. The default MSI package is designed to be suitable for most network environments. Typically, you can install and deploy Steelhead Mobile without modifying the default policies that ship with the product. Consider deploying Steelhead Mobile to your Mobile Clients using the default policies provided, and modify them only if necessary. Endpoint Policy An endpoint policy specifies computer-specific software settings for endpoint clients, such as the data store size and the Mobile Controller that the client will connect to. An endpoint policy is required for optimization to occur. Acceleration Policy An acceleration policy contains optimization rules for accelerating the WAN traffic for endpoint clients. An acceleration policy is required for optimization to occur. Assignment An assignment occurs when an endpoint or acceleration policy is matched to a deployment ID (DID). Deployment ID (DID) A deployment ID (DID) governs which policies and packages the Mobile Controller provides to endpoint clients. The DID enables you to assign policies to groups of endpoint clients. When you create the MSI package, you can assign a DID to it. The DID is associated with the endpoint client upon installation. The Mobile Controller subsequently uses the DID to identify the client and provide their assigned policies and updates. Demilitarized Zone (DMZ) A Demilitarized Zone (DMZ) is a computer or small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet. Typically, the DMZ contains devices accessible to Internet traffic, such as Web (HTTP) servers, FTP servers, SMTP (e-mail) servers, and DNS servers. New Features in Version 2.0 The following features are available in Version 2.0: „ Client-side tracking of peers and connections increases visibility and troubleshooting capabilities for the end user. It displays all the applications that are active on the endpoint and all of the connections generated by each Mobile Client. In addition, the Mobile Client displays a list of all available adapters and the Steelhead appliance that the Mobile Client is peering with. Troubleshooting tools such as certificate regeneration and trace routes enhance the ability to spot issues more effectively. „ Location Awareness allows to define cases where optimization and licenses usage occur. „ Oracle Forms Optimization allows Oracle Application Suite 11i traffic to be decrypted and optimized across the WAN. „ Outlook 2007 Optimization allows optimization to follow as you upgrade your network. „ SSL Optimization allows optimization of encrypted SSL traffic without compromising the security of your network. „ Steelhead Auto-Detection determines if there is a Steelhead appliance in the local network. 12 Steelhead Mobile Controller Installation Guide Overview Upgrading to Version 2.0 The following section describes how to upgrade your Steelhead Mobile Controller appliance. These instructions assume you are familiar with the Steelhead appliance, the Steelhead Mobile Controller, the CLI, and the Management Console. To upgrade to version 2.0 1. Click Setup to expand the Setup menu. 2. Click Upgrade Software to display the Software Upgrade page. 3. Use the controls to complete the upgrade, as described in the following table. Control Description Install Upgrade From URL. Specify this option and type the URL. The image is uploaded and installed immediately after clicking Install Upgrade. To activate the upgrade, you must reboot the Mobile Controller. Local File. Specify this option and type the path or click Browse to navigate to the local file directory. The image is uploaded and installed immediately after clicking Install Upgrade. To activate the upgrade, you must reboot the Mobile Controller. Schedule Upgrade for Later Schedule Upgrade for Later. Specify this option to schedule the upgrade process. Specify the date and time for the upgrade: Date. Specify the date to run the operation, following the format YYYY/MM/DD. Time. Specify the time to run the operation, following the format HH:MM:SS. Install Upgrade. Click Install Upgrade to install the new version of the software. Cancel Version Switch. Click Cancel Version Switch to cancel the upgrade process. Switch to Backup Version. To revert to the previous software version (identified on this page), click Switch to Backup Version. The process starts immediately. 4. Click Yes to reboot the Mobile Controller. For more information, see the Steelhead Mobile Controller User’s Guide. Technical Specifications The following sections summarize the physical and power specifications for the Steelhead Mobile. Steelhead Mobile Controller Installation Guide 13 Overview System Requirements The following table summarizes the system requirements. Mobile Controller Operating System Windows 2000 SP4, XP SP2 (32 bit versions only), Vista (32 bit versions only) CPU Celeron 1.5 GHz Memory 512 MB Data Store 1 GB free disk space (min. required) Steelhead appliance Required Steelhead Mobile Controller (SMC) Required Form Factor 1U (Unit) Height, Width, and Depth 1.69 x 17.6 x 21.5 in (4.27 x 44.7 x 54.61 cm) Weight 17 lbs 7.7 kg Voltage 100-240 V Frequency 50-60 Hz Current 4A-2 A Load 2.27A @110 V BTU 935 BTU (per hour max) Hard Disk 1 250 GB MTBF 98 Months RAID None Dual Power Supply None Power Requirement 250 W Power Supply Single 250 W Software Specifications The following table summarizes the software specifications. Mobile Controller Concurrent Clients Supported per Mobile Controller 2000 Concurrent Clients Supported with Mobile Controller Cluster n x 2000 VPN Compatibility Cisco, Nortel, Juniper, Microsoft, OpenVPN Wireless PC Card Compatibility Verizon, AT&T, Sprint 14 Steelhead Mobile Controller Installation Guide Overview Environmental Specifications The following table summarizes the environmental requirements for the Mobile Controller. Mobile Controller Temperature (Operating) 0º - 35º C 32° - 95º F Temperature (Storage) -20º - 70º C -4º - 158º F Relative Humidity 5% - 95% (non-condensing) Mobile Controller Status Lights and Ports The following section illustrates the status lights, ports, power switches, and so forth for the Mobile Controller. The following figures illustrate the Mobile Controller’s front and back panels. Figure 1-1. Front Panel Figure 1-2. Back Panel Steelhead Mobile Components A Steelhead Mobile deployment consists of the following components: „ Mobile Controller. The Mobile Controller acts as a gateway for remote users and is installed at a data center or at the server-side of the WAN where it is accessible to users. The Mobile Controller features a Web-based GUI, the Mobile Controller console, that you use to centrally manage endpoint clients. You can also use the Mobile Controller console for endpoint client software upgrades, licensing, reporting, and monitoring. Each Mobile Controller supports up to 2000 concurrent users. Steelhead Mobile Controller Installation Guide 15 Overview „ Mobile Client. You distribute Mobile Client software to endpoint clients (for example, PCs and laptops) using MSI packages. You create endpoint client MSI packages using the Mobile Controller console, and deploy them to your endpoint clients using the deployment tool of your choice. You can use a commercial deployment tool (for example, Microsoft SMS, Active Directory, or Altiris) to deploy MSI packages, or email the link to your remote users. For detailed information about deployment options for MSI packages, see the Steelhead Mobile Controller User’s Guide. „ Steelhead Appliance. Steelhead appliances deployed throughout the network optimize data generated and accessed by end users. For details on the Steelhead Appliance, see the Steelhead Appliance Deployment Guide and the Steelhead Management Console User’s Guide. When a user starts the Mobile Client, it accesses the specified Mobile Controller to obtain a license and a policy. After the endpoint client retrieves a license and a policy from the Mobile Controller, traffic can be optimized between the Mobile Client and the server-side Steelhead appliance. The Mobile Client performs data optimization using the same mechanisms as a client-side Steelhead appliance. The endpoint client maintains a connection with the Mobile Controller to allow new policies and updates to be downloaded from the Mobile Controller. This also enables the Mobile Controller to monitor your endpoint clients, and upload logs from your endpoint clients. The following is an example of a typical Steelhead Mobile installation. The Mobile Controller is located at the main data center. Mobile Clients communicate with the Mobile Controller for management and reporting purposes. Mobile Clients are optimized by Steelhead appliances at the data center. Figure 1-3. Typical Steelhead Mobile Deployment 16 Steelhead Mobile Controller Installation Guide CHAPTER 2 Steelhead Mobile Deployments This chapter describes deployment options that might apply to your environment. Before you begin the installation and configuration process, you need to select a network deployment. This chapter includes the following sections: „ “Deploying Steelhead Mobile in Environments with VPNs,” next „ “Deploying Steelhead Mobile in Environments with Firewalls” on page 18 „ “Deploying for Local and Remote Access Users” on page 19 „ “Deploying Multiple Mobile Controllers” on page 20 „ “Basic Steps for Deploying Steelhead Mobile” on page 21 Deploying Steelhead Mobile in Environments with VPNs When you deploy Steelhead Mobile components, you need to ensure that the VPN tunnel is not optimized. If the VPN tunnel uses TCP for transport, when you configure the acceleration policy, add a pass-through rule for the VPN port number connected to by the client. Depending on your deployment scenario, this rule might be the first rule in the list. For details about acceleration policies, see the Steelhead Mobile Controller User’s Guide. Steelhead Mobile Controller Installation Guide 17 Steelhead Mobile Deployments VPNs that use IPSec as the transport protocol do not need a pass-through rule. This is because IPSec is its own non-TCP/IP protocol and the Steelhead appliances do not optimize it. Figure 2-1. Steelhead Mobile Deployment and VPN Tunnels For detailed information about pass-through rules, see the Steelhead Mobile Controller User’s Guide. Deploying Steelhead Mobile in Environments with Firewalls If you need a solution for remote access users only, a location for the Mobile Controller might be in the DMZ next to a VPN concentrator with firewalls on each side. Users who need access to the Mobile Controller can connect to it from outside the DMZ zone. This scenario requires that the client-side network firewall have port 7801 available. This port is used internally to the client PC only and it is not seen on any network segment external to the PC. The server-side firewall must have ports 22, 80, 443, 7800 and 7870 open. If you are using application control, you need to allow rbtdebug.exe, rbtmon.exe, rbtsport.exe, and shmobile.exe. If you are not using a VPN for optimized client traffic, then both client-side and server-side network firewalls need to have ports 22, 80, 443, 7800, and 7870 open (port 7810 for out-of-path appliance deployments) with the following considerations: Note: If you are using a VPN originating on the client PC, you do not need to open any of the ports mentioned below. „ Port 22 is used to allow SSH access to the SMC from a remote site. „ Ports 80 and 443 are used to allow web access (including HTTP and HTTPS). „ Port 7800 is the default port used between the Steelhead Mobile client and the remote Steelhead appliance for all optimized TCP sessions. „ Port 7810 needs to be open on the network firewalls since the Steelhead Mobile client needs to establish optimized connections with server-side out-of-path Steelhead appliances. „ Port 7870 is used by the client to send statistics to the Mobile Controller. 18 Steelhead Mobile Controller Installation Guide Steelhead Mobile Deployments Deploying for Local and Remote Access Users In this deployment scenario, there are three types of users: „ Local branch office users that are already optimized by the local Steelhead appliance. These users do not need the Mobile Client software. „ Local branch office users who also remotely access the network. These users do need the Mobile Client software and are optimized by the server-side the Steelhead appliance. „ Remote users who always work remotely using remote access. These users need the Mobile Client software. Figure 2-2. Deploying for Local and Remote Users If Mobile Clients are connecting to a branch office that already has a Steelhead appliance, you can enable Automatic Peering on all Steelhead appliances. This allows the Mobile Client to bypass the local Steelhead appliance and optimize with the remote Steelhead appliance at the data center. For detailed information about Automatic Peering, see the Steelhead Management Console User’s Guide. If you do not want endpoint clients at the branch office to use Mobile Controller licenses, you can create an in-path rule in the Steelhead appliance so that it drops traffic to the Mobile Controller. Local branch office users who also remotely access the network have the option of either enabling or disabling Mobile Client optimization when they are at the office. This is configured using the Location Awareness and Steelhead Auto Detection settings as described in the Steelhead Mobile Controller User’s Guide. If they enable Mobile Client optimization when at the office, they bypass the local Steelhead appliance and optimize directly with the server-side Steelhead appliance. This warms the data on the Mobile Client, and they receive optimum performance when they are offsite. If they disable Mobile Client optimization when at the office, they get optimized by the local Steelhead appliance. This improves performance while at the office, but when the user travels offsite, the Mobile Client will not have warm data. Furthermore, the Mobile Client will not consume a license while it is disabled in the office. Steelhead Mobile Controller Installation Guide 19 Steelhead Mobile Deployments Deploying Multiple Mobile Controllers With more than one data center, deploying Mobile Controllers is not required. However, deploying multiple Mobile Controllers addresses several major requirements: „ Federation. Different IT teams can manage designated areas. „ Scale. A greater number of concurrently connected users can be supported (2000 per Mobile Controller). „ Redundancy. In case of a network outage, users can still access network resources. 20 Steelhead Mobile Controller Installation Guide Steelhead Mobile Deployments Important: In this deployment scenario the laptop firewall must be configured with port 7801. If the data center has a firewall in front of the Mobile Controller, it must be configured with port 7870. Figure 2-3. Deploying Multiple Mobile Controllers Basic Steps for Deploying Steelhead Mobile Steelhead Mobile is designed to be deployed to your Mobile Clients without additional configuration. Typically, you install and deploy Steelhead Mobile without modifying the default policies that ship with the product. Consider deploying Steelhead Mobile to your Mobile Clients using the default policies provided, and modifying them only if necessary. Steelhead Mobile Controller Installation Guide 21 Steelhead Mobile Deployments If your network environment requires the deployment of multiple MSI packages, create the packages you need before deploying the default package. For details, see the Steelhead Mobile Controller User’s Guide. To install using the default policies provided, simply deploy the MSI package named default. The default MSI package installs the default policies. The following section describes the basic steps for how to install and configure the Mobile Controller and how to deploy the default MSI package to the endpoint clients in your network. To deploy Steelhead Mobile 1. Complete the configuration checklist to ensure you have the necessary information before you begin the configuration process. For details, see “Completing the Configuration Checklist” on page 24. 2. Power on the Mobile Controller. For details, see “Powering On the Mobile Controller” on page 26. 3. Connect to the Mobile Controller using a terminal emulation program such as Tera Term. For details, see “Connecting to the Mobile Controller” on page 26. 4. Complete the Configuration wizard. For details, see “Configuring the Mobile Controller” on page 27. 5. Connect to the network and log in to the Mobile Controller. For details, see “Connecting the Mobile Controller to Your Network” on page 28. 6. Deploy the default MSI package to the endpoint clients in your network using the deployment tool of your choice (for example, Microsoft SMS). For details, see the Steelhead Mobile Controller User’s Guide. Note: You can create your own MSI packages, endpoint policies, and acceleration policies, or modify the default packages and policies. 7. Verify your endpoint connections in Reports - Managed Endpoints on the Mobile Controller. For details, see the Steelhead Mobile Controller User’s Guide. 22 Steelhead Mobile Controller Installation Guide CHAPTER 3 Installing Steelhead Mobile Controller This chapter describes how to install and configure the Mobile Controller. It includes the following sections: „ “Checking Your Inventory,” next „ “Preparing Your Site for Installation” on page 24 „ “Completing the Configuration Checklist” on page 24 „ “Powering On the Mobile Controller” on page 26 „ “Connecting to the Mobile Controller” on page 26 „ “Configuring the Mobile Controller” on page 27 „ “Connecting the Mobile Controller to Your Network” on page 28 „ “Logging in to the Mobile Controller console” on page 29 This guide assumes that you are familiar with installing, configuring, and managing networks with deployed Steelhead appliances. For detailed information about the Steelhead appliance, see the Steelhead Appliance Installation and Configuration Guide, the Steelhead Management Console User’s Guide, and the Steelhead Appliance Deployment Guide. Checking Your Inventory This section describes the contents of the Mobile Controller shipping carton. Check your shipment to ensure it contains the following items: „ One Mobile Controller „ One CAT-5E straight-through cable „ One RS-232 serial extension cable „ One power cable „ One mounting kit „ Documentation Set CD The Mobile Controller is completely assembled with all the equipment parts in place and securely fastened. The Mobile Controller is ready for installation with no further assembly required. Steelhead Mobile Controller Installation Guide 23 Installing Steelhead Mobile Controller If any items are damaged or missing, notify Riverbed Technical Support at http:// www.support.riverbed.com for replacement or repair. Preparing Your Site for Installation This section lists the prerequisites to installation. Ensure your site meets the following requirements: „ A standard electronic environment where the ambient temperature does not exceed 35º C (95º F) and the relative humidity does not exceed 95% (non-condensing). For detailed information, see “Environmental Specifications” on page 15. „ An Ethernet connection available within the standard Ethernet limit. „ Space on a two or four-post, 19-inch, Telco-type mounting rack. The Mobile Controller requires 1U of rack space. For details about installing the Mobile Controller to a rack, see the Rack Installation Guide or the printed instructions that were shipped with the Mobile Controller. „ A clean power source dedicated to computer devices and other electronic devices. „ A standard Phillips screwdriver to install the appliance to a rack. Completing the Configuration Checklist The following checklist lists the parameters you specify to complete the initial configuration of the Mobile Controller and to register the server-side Steelhead appliance. Note: Verify system requirements before you begin. For details, see “Hardware, Software, and Configuration Dependencies” on page 6. 24 Steelhead Mobile Controller Installation Guide Installing Steelhead Mobile Controller Be prepared to provide values for the parameters listed in the following checklist: Appliance Parameter Mobile Controller Host Name Your Value IP Address Netmask Default Gateway (the WAN gateway) Primary DNS Server (Domain Name Server IP address) Domain Name Administrator Password Appliance Parameter Mobile Client Data Store Size. At least 1 GB of disk space is required for the data store. The default value is 10 MB. Your Value Maximum Log Size. The default value is 5000 KB. Maximum Number of Log Files. The default value is 2. VPN Port Number. If you are adding a pass-through rule. Note: Values for Data Store Size, Maximum Log Size, and Maximum Number of Log Files are only needed if you choose not to use the default MSI package that ships with Steelhead Mobile. Memory Usage Ensure that there is enough memory on your client computers to run the Mobile Client software. The following table provides an example of memory usage per data store size. Your memory usage may vary. Data Store Size (GB) Memory Usage (MB) 1 81 2 100 5 112 10 161 15 171 20 228 Steelhead Mobile Controller Installation Guide 25 Installing Steelhead Mobile Controller Powering On the Mobile Controller This section describes how to connect and power on the Mobile Controller. To connect the power to the Mobile Controller 1. If your model has a master power switch, make sure it is in the off position (on the rear panel). 2. Plug the AC power cord provided in your shipment into the Mobile Controller. Figure 3-1. Connecting the Power 3. Plug the AC power cord into an uninterrupted AC outlet. 4. If your model has a master power switch, press in the master power switch (ON). 5. Press in the system power switch on the front of the Mobile Controller. 6. Check the status lights on the Mobile Controller. For detailed information, see “Mobile Controller Status Lights and Ports” on page 15. Connecting to the Mobile Controller To access the configuration wizard and the Steelhead CLI, you establish a serial connection using a terminal emulator program. To connect to the Mobile Controller 1. Plug the serial cable provided in your shipment into the Console port on the Mobile Controller. Figure 3-2. Connecting the Mobile Controller 26 Steelhead Mobile Controller Installation Guide Installing Steelhead Mobile Controller 2. Start your terminal emulation program such as Tera Term Pro or HyperTerminal. The terminal device must have the following settings: ‹ Baud rate: 9600 bps ‹ Data bits: 8 ‹ Parity: none ‹ Stop bits: 1 ‹ No flow control 3. Log in as an administrator user (admin) and enter the default password (password). For example: login as: admin Sent username "admin" password: password The Configuration wizard automatically starts after you have entered the login and default password. After you have established a connection, you configure the Mobile Controller using the configuration wizard: „ For details, see “Configuring the Mobile Controller” on page 27. 4. Check the system and disk status lights. Configuring the Mobile Controller This section describes how to complete the initial configuration of the Mobile Controller. To configure the Mobile Controller 1. After you log in to the Mobile Controller as an administrator, the system prompts you to start the configuration wizard. Enter yes at the system prompt. For example: Configuration wizard. Do you want to use the wizard for initial configuration? yes 2. Complete the configuration wizard steps as described in the following table: Tip: Press Enter to enter the default value. If you mistakenly answer no, you can start the configuration wizard by entering configuration jump-start at the system prompt. Tip: Press '?' for help. Press Ctrl-B to go back to the previous step. Wizard Prompt Description Example Step 1: Host Name? Enter the host name for the Mobile Controller. Step 1: Hostname? minna Steelhead Mobile Controller Installation Guide 27 Installing Steelhead Mobile Controller Step 2: Use DHCP? You are given the option to enable the DHCP to automatically assign an IP address to the primary interface for the Mobile Controller. Step 2: Use DHCP? no Riverbed recommends that you do not set DHCP. The default value is no. Step 3: Primary IP address? Enter the IP address for the Mobile Controller. Step 3: Primary IP address? 10.0.0.74 Step 4: Netmask? Enter the netmask for the network on which the Mobile Controller is to reside. Step 4: Netmask? 255.255.0.0 Step 5: Default gateway? Enter the default gateway for the network on which the Mobile Controller is to reside. Step 5: Default gateway? 10.0.0.1 Step 6: Primary DNS server? Enter the primary DNS server for the network on which the Mobile Controller is to reside. Step 6: Primary DNS server? 10.0.0.2 Step 7: Domain name? Enter the domain name for the network on which the Mobile Controller is to reside. Step 7: Domain name? example.com If you set a domain name, you do not need to specify the domain names when you set up remote appliances to be managed by the Mobile Controller. Step 8: Admin password? Riverbed strongly recommends that you change the default password at this time. The password must be a minimum of 6 characters. Step 8: Admin password? xxxyyy The default administrator password is password. 3. The system confirms your settings. You have entered the following information: 1. Hostname: minna 2. Use DHCP on primary interface: no 3. Primary IP address: 10.0.0.74 4. Netmask: 255.255.0.0 5. Default gateway: 10.0.0.1 6. Primary DNS server: 10.0.0.2 7. Domain name: example.com 8. Admin password: xxxyyy To change an answer, enter the step number to return to. Otherwise hit to save changes and exit. The Mobile Controller configuration wizard automatically saves your initial configuration settings. 4. To log out of the system, enter the following command at the system prompt: # exit Connecting the Mobile Controller to Your Network This section describes how to connect the Mobile Controller to your network. 28 Steelhead Mobile Controller Installation Guide Installing Steelhead Mobile Controller To connect the Mobile Controller to your network 1. Plug the straight-through cable provided in your shipment into the Primary port of the Mobile Controller and the LAN switch. This can be any port on your LAN switch that acts as a host. Figure 3-3. Connecting the Primary Port and LAN Switch 2. If your model has a front bezel, replace the bezel on the Mobile Controller. Logging in to the Mobile Controller console This section describes how to log in to the Mobile Controller using the Mobile Controller console. Use this front-end, Web-based GUI to configure and manage your Steelhead Mobile deployment. It is possible to connect to the Mobile Controller console through any supported Web browser. To connect to the Mobile Controller you must know the host, domain, and administrator password that you assigned during the initial setup of the Mobile Controller. Note: Cookies and Javascript must be enabled in your browser. To log in to the Mobile Controller console 1. Enter the URL for the Mobile Controller in the location box of your browser: protocol://host.domain protocol is http or https. HTTPS uses SSL protocol to ensure a secure environment. If you use HTTPS to connect, you are prompted to inspect and verify the SSL key. host is the host name you assigned the Mobile Controller during initial configuration. If your DNS server maps that IP address to a name, you can specify the DNS name. domain is the full domain name for the Mobile Controller. Steelhead Mobile Controller Installation Guide 29 Installing Steelhead Mobile Controller 2. The Mobile Controller console graphical appears, displaying the Login page. Figure 3-4. Login Page 3. In the Account text box, the default account admin appears. You must specify the account admin when you first log in. Note: At a later time, you can configure the monitor user name, RADIUS users, or TACACS+ users. For more information on these options, see the Steelhead Mobile Controller User’s Guide. 4. In the Password text box, type the password you assigned in the Mobile Controller configuration wizard. 5. Click Login to log in and display the Home: Welcome page. After you have logged in to the Mobile Controller, you are ready to create an MSI package to deploy to your endpoint clients. For details, see the Steelhead Mobile Controller User’s Guide. 30 Steelhead Mobile Controller Installation Guide Index A Acceleration policy 12 Appliance, connecting 29 Assignment 12 B Back panel 15 C Configuration checklist 24 Configuration dependencies 6 D Demilitarized zone 12, 18 Deploying, basic steps 21 Deployment ID 12 Deployment options 16 for local and remote access users 19 for multiple Mobile Controllers 20 in environments with firewalls 18 in environments with VPNs 17 Documentation, contacting 9 E Endpoint 12 Endpoint policy 12 Environmental specifications 15 F Firewalls, requirements for 7 Front panel 15 H Hardware dependencies 6 I Initial configuration 27 Installing, preparation 24 Installing, prerequisites 6 Inventory, checking 23 connecting to with terminal device 26 connecting to your network 26 deploying multiple 20 initial configuration 27 installing 24 ports 15 powering on 26 preparing for installation 24 status lights 15, 27 technical specifications 13 MSI package 12 N Network, connecting to your 28 O Online documentation 8 Online notes 8 P Power, connecting 26 R Related reading 8 Release notes 8 S Safety guidelines 8 Software dependencies 6 Steelhead Mobile basic steps to deploy 21 components of 15 overview of 11 T Technical specifications 13 Technical support, contacting 9 M Mobile Client RAM requirements 25 Mobile Controller Steelhead Mobile Controller Installation Guide 31 Index 32 Steelhead Mobile Controller Installation Guide