Riverbed RiOS 7.0…to upgrade or not to upgrade, that is the FAQ

By Steve Evans

Riverbed is always adding new features.  Given their position in the magic “squares”, I’d expect them to be leading innovation.  But with such frequent upgrades, dShould you upgrade your Riverbed operating system?o you upgrade or not?  The new RiOS 7.0 has some stellar features that one could very well take advantage of.  And that really is the answer.  Can you take advantage of the new features?  If not, maybe you should wait.  Riverbed maintains several “tracks” of code so you should never be compelled to upgrade to a new major version just to stay current.  Your current major version is also being kept up to date with bug fixes and minor enhancements.  The following are all currently maintained major RiOS versions: 6.5, 6.1, 6.0, 5.5, 5.0, and 4.1. 

Although I’ve had some recommend upgrading to the latest code, I prefer the more conservative route of upgrading to the latest code in the current release unless you are looking to gain access to features of a new major version.  Below is a list I compiled of the new features for 6.0, 6.1, 6.5, and 7.0 to help you decide if you would like to jump up to one of the newer versions.  If you are not interested in taking advantage of any of these new features, I recommend the latest RiOS version at your major release level.  If you would like some help deciding whether you need to upgrade, feel free to contact us and we’ll do a personalized assessment for you.

How about those engineering releases?  Are those safe?  Unlike the “Official Release” versions, the engineering releases have not yet undergone extensive Q&A testing.  However, usually they are worth considering due to the bug fixes they provide.  In my conversations with Riverbed engineers, I’m always encouraged to upgrade to the latest engineering release if it is available. Although I’ve never yet had a problem upgrading to the latest engineering release code, if you’re not currently having any problems, it’s probably best to stay on the “Official Release” version which has been extensively run through their Q&A process.  However, if you do upgrade and have an issue, don’t forget that the Riverbed allows you to easily boot back into the previous version.  

So what’s the verdict?  Upgrade or not?  The answer is “Yes!”  Decide if you need the new features of a major version, and if you do, upgrade. If not, upgrade to the latest code in your current track.  And as always, backup your configuration before an upgrade and read the release notes!

Happy Upgrading! 

New Feature Summary for RiOS versions 6.0, 6.1, 6.5, and 7.0:

RiOS 6.0:

  • Branch Warming Support - Branch warming keeps track of data segments created while a Steelhead Mobile user is in a Steelhead appliance-enabled branch office and sends the new data back to the Mobile laptop. When the user goes back on the road, they receive warm performance.
  • SSL Server IP Auto-discovery -This feature enables Steelhead appliances to automatically discover servers that map to a particular certificate, greatly increasing the usability of configuring SSL. Also, new servers added to the SSL cluster are discovered automatically without Steelhead administrator intervention.
  • SSL Distributed Termination - RiOS Version 6.0 changes how Steelhead appliances handle SSL client reuse messages to provide both scaling and latency benefits
  • Secure Peering over SSL - In RiOS Version 6.0, you have the option to use SSL to protect optimized traffic between Steelhead appliances. You can choose to use SSL to encrypt traffic between Steelhead appliances for SSL traffic only, for Secure Applications (MAPI and signed SMB traffic), or for all optimized connections. This feature provides an alternative to IPSEC for protecting Steelhead-to-Steelhead traffic.
  • Expanded WAN Visibility Mode Options – Adds a “Full Transparency with Reset” for use with stateful firewalls.  When running in Full Transparency mode, some stateful firewalls see the probe and inner connection setup sequence as a potential attack, and as a result, drop the connection. In RiOS Version 6.0, the WAN visibility mode Full Transparency with Reset enables the Steelhead appliance to send an RST (reset connection flag) between the probe and inner connection setup. This clears the state on firewalls and enables the inner connection setup to succeed. Note: Full Transparency with Reset mode is not guaranteed to work with all firewalls.
  • Health Check - A new Health Check report that provide you with the ability to perform simple checks (such as cable swap and gateway ping tests). Health checks enable you to perform basic troubleshooting tasks and provides event information.
  • Oracle Forms Support for Sun JRE and 12i - RiOS Version 6.0 support for Oracle Forms extends to include Oracle server 12i and the Sun JRE for all modes of deployment of Oracle Forms (native, HTTP and HTTPS).
  • Centralized Print Optimizations - RiOS Version 6.0 optimizes print traffic that spools across the WAN to a Windows print server in a datacenter.
  • HTTP Object Prefetch Table - Enhanced HTTP object prefetch provides the same benefits as a dual-ended object cache. HTTP object prefetch provides optimization for all Web applications (Sharepoint, SAP, and so forth).
  • SMB Signing Improvements - RiOS Version 6.0 simplifies configuration of SMB signing and provides support for multiple-domains (that is, where the client and server are in separate domains
  • Citrix Enhancements - QoS and Unwrap - RiOS Version 6.0 provides the following enhancements for Citrix ICA traffic:
    • The ability to decompress and decrypt ICA traffic and provide bandwidth optimizations to the ICA traffic.
    • Classifying different ICA virtual channels and tying it to the Steelhead QoS so that high priority real time traffic (like keystrokes and screen refreshes) from one user will not be negatively affected by lower priority high throughput traffic (like print traffic).
  • Improvements to the Riverbed Services Platform (RSP) - RSP improvements include the following features:
    •  Backup and Restore. RiOS Version 6.0 enables you to back up your RSP slots for restoration at a later time either to the same device or to replicate this configuration across multiple devices.
    • Enhanced disk support. RiOS Version 6.0 allows the you to add one or more disks to a virtual machine as well as providing the ability to grow (expand the capacity) an existing pre-allocated disk.
    • Virtual In-Path support for Optimization VNIs. RiOS Version 6.0 supports virtual in-path setups (like WCCP) for packages that use optimization VNIs (for example, a security or monitoring solution).
    • Enhanced watchdog. In RiOS Version 6.0, a package creator can provide a heartbeat that is constantly monitored to determine if a package is running.
  • Current Connections Report - The enhanced Current Connections report displays the connections that are intercepted by the Steelhead appliance, including more detail on the connections that are passed through unoptimized. The new level of detail displays whether a connection is intentionally or unintentionally being passed through and exactly what real-time condition is causing the pass-through status. The Current Connections report contains two tables: one summarizing the current connection activity and another displays information about individual connections.
  • Pass-through Connection Resets - This feature enables one to reset a selected connection from the pass-through connection report.
  • Management Access Control List (Management ACL) - Steelhead appliances are subject to the network policies defined by a corporate security policy, particularly in large networks. Using a Management ACL, you can restrict inbound IP access to a Steelhead appliance, protecting it from access by hosts that do not have permission without using a separate device (such as a router or firewall). You can specify which hosts or groups of hosts can access and manage a Steelhead appliance by IP address (and other IP parameters), simplifying the integration of Steelhead appliances into your network. You can also change the standard management ports to match your corporate standards.
  • XML/SOAP API - RiOS Version 6.0 provides a SOAP server to handle HTTP requests that conform to the SOAP specification. The API enables you to access configuration and management commands. For detailed information, see the Steelhead Appliance API Guide.
  • Improved Logging - RiOS Version 6.0 offers numerous logging improvements, including the following:
    • More detailed log messages with event severity, timestamp, appliance identifier, process or user responsibility, change in appliance status, and event description.
    • Consolidated log message that identifies the issue or event.
    • User-definable logging level for each feature. For example, an administrator can select one or more application blades and one or more processes.
    • Nested filtering enables you to easily filter logs by multiple parameters.
    • Improved log export functionality that enables you to generate a bundle that includes all logs, dumps, and configuration files.
  • Improved SNMP MIB Coverage – RiOS Version 6.0 expands MIB coverage to include the following traps:
    • User Login/Logout
    • User Entering Configuration Mode
    • New User Created
    • Device Configuration Locally Changed
    • Device Configuration Saved Locally
    • TCPDump Configured/Started
    • Power Supply Failure
  • Cascade v9 and NetFlow v9 Support - Cascade v9 and NetFlow v9 on Steelhead appliances always track both ingress and egress traffic on specified interfaces. These flow formats send enough data for a full picture of network traffic to be generated from a single Steelhead appliance without needing correlating flows from peer appliances. Cascade v9 adds Steelhead-specific data fields that include information on which Steelhead optimized the connection and the peer with which it optimized.
  • Mac CIFS clients - Mac clients can now benefit from faster WAN access to Windows file shares.
  • SNMP v3 Support - SNMPv3 provides the infrastructure for authentication and privacy via the User-based Security Model (USM), and a much richer access control using the View Based Access Control Mechanism (VACM). Using SNMPv3 is more secure than SNMP v1 or v2.
  • Adaptive Data Streamlining - RiOS Version 6.0 provides the following enhancements:
    • SDR-M optional per in-path rule. This feature enables you to configure SDR-M specific to a source, destination, subnet, and port using an in-path rule. This feature is useful in hybrid environments that include thin client traffic (such as ICA, Terminal Services, and RDP) in conjunction with regular traffic (such as MAPI, CIFS, and HTTP).
    • SDR-Adaptive. This feature enables consistently high LAN-side throughput while delivering consistent data reduction. This feature is useful in branch scale-in environments at the data center as well as providing a replication solution between data centers.

RiOS 6.1:

  • MAPI Encryption for Windows 7 - RiOS version 6.1 now supports encrypted MAPI traffic for Windows 7 clients via Kerberos constrained delegation and cross-domain trust.
  • Exchange 2010 Support - This feature includes support for Exchange 2010 server and the corresponding Outlook clients.
  • Multi-Inpath WCCP - This feature includes support for multiple interfaces on a Steelhead appliance to participate in WCCP groups on one or more routers.
  • HTTP Authorization Optimizations - HTTP optimization includes support for SharePoint 2007, along with more and improved configuration settings to tune a particular subnet dynamically, with no service restart required. Authentication settings include
    • Support for an unauthenticated connection to serve prefetched objects, as long as the connection belongs to a session whose base connection is already authenticated.
    • Ability to force NTLM authentication In the case of negotiated Kerberos and NTLM authentication.
    • Ability to remove all credentials from the request on an already authenticated connection. This works around Internet Explorer behavior that re-authorizes connections that have previously been authorized.
    • Ability to prevent a WAN round trip by issuing the first 401 containing the realm choices from the client-side Steelhead appliance.
  • SRDF/A and FCIP Storage Optimizations - RiOS version 6.1 provides two new storage module optimization features:
    • SRDF/A optimization increases the data reduction LAN-to-WAN ratio with either equal or greater data throughput in environments with SRDF traffic and delivers the data to the TCP consumer without compromising data integrity.
    • FCIP optimization increases the data reduction LAN-to-WAN ratio with either equal or greater data throughput in environments with SRDF traffic. This feature includes support for V-Max-to-VMax traffic optimization.
  • Windows 2008 R2 Support - RiOS version 6.1 supports domain security in both native and mixed modes for Windows 2008 R2. It also supports delegation for users that are in domains trusted by the server’s domain. In addition, it now automatically updates the delegate user in Active Directory with delegation rights to servers, streamlining configuration.
  • Riverbed Services Platform High Availability - A new high availability feature in RSP allows you to automatically copy specific RSP slots on a Steelhead appliance (source) to another Steelhead appliance (target). If the source Steelhead appliance ever fails, you can replace its slots with the slot functionality using the cloned slots on the target Steelhead appliance.
  • MAPI Admission Control - When the MAPI optimized connections have exceeded the admission control maximum threshold of 85%, RiOS now passes through new MAPI connection clients but continues to intercept and optimize existing MAPI connection clients.
  • Fast Directory Browsing - Provides CIFS extended directory caching to enhance directory browsing over the WAN.
  • In-Path MSP Management - Provides a way to configure a secondary MIP interface that you can reach through the physical in-path LAN and WAN interfaces. Configuring a secondary MIP interface allows management of Steelhead appliances from a private network while maintaining a logical separation of network traffic.
  • Lotus Notes Pull Replication - A new Lotus Notes pull replication feature allows the current Steelhead appliance to request information from the source Steelhead appliance. The request specifies the information that the current Steelhead appliance needs, based on its knowledge of changes already received from the source Steelhead appliance and from all other domain controllers in the domain.  When the current Steelhead appliance receives information from the source, it updates that information. The current Steelhead appliance’s next request to the source Steelhead appliance excludes the information that has already been received and applied.
  • Passthrough Automatic Kickoff - Provides a way to reset established connections per in-path rule to force them to go through the connection creation process again.
  • HP ProCurve Support - The Steelhead appliance on HP ProCurve takes IT consolidation to the next level, where the Steelhead appliance is actually integrated into the network switch. Using HP Transparent Mode technology, Riverbed seamlessly integrates with the HP zl series switches and HP ONE service modules to provide WAN acceleration inside HP ProCurve switches.

RiOS 6.5

  • QoS Enhancements
    • Simplified setup – This is a Basic QoS configuration page streamlines setup for networks that require minimal configuration of network traffic.
    • AppFlow Engine (AFE) – This allows for advanced classification and shaping of network traffic. The Steelhead inspects classification rules for information within the TCP/UDP payload. With AFE, QoS can identify applications accurately and differentiate applications that use the same port on the same server. For example, Sharepoint and Microsoft Background Intelligent Transfer Service (BITS) can use port 80 on the same server. Once an application is identified, you can place into different classes for QoS enforcement. AFE identification is similar to deep packet inspection (DPI) because it identifies applications based on patterns. This approach allows you to more accurately identify modern applications than signature-based DPI methods by being aware of the more complex ways they communicate and the dependencies between multiple flows.
    • Port label handling – This allows you to specify a port range for more efficient port handling.
    • Connection tracking for pass-through traffic – This eliminates per-packet inspection of flow oriented traffic, thereby enhancing performance.
    • Rule hierarchy – This allows you to increase the number of rules per site.
    • Site awareness – This improves performance and scalability in multi-site configurations.
  • Satellite Optimization – This feature includes adaptive-TCP optimization to better utilize bandwidth over lossy links with high latency and deliver resiliency in the face of packet loss. This release also offers improved support for SCPS interoperability.
  • IPv6 Management Support - Steelheads can now receive, process, and forward IPv6 packets. This allows them to interface with other systems and protocols in a manner similar to that of IPv4.
  • CIFS SMB2 Support - All of the currently provided CIFS SMB latency optimizations in the Steelhead are now provided for native SMBv2.
  • SMB2 Signing Support - This feature includes support for end-to-end client-server SMB2 signing.
  • Outlook Anywhere Optimization - This feature includes support for Outlook Anywhere optimization and automatic detection of RPC-over-HTTP(S) connections. In addition, you can select a new Outlook Anywhere latency optimization policy for in-path rules to activate RPC over HTTP(S) optimization on matching connections.
  • Citrix ICA - This feature uses the RC5 algorithm to encrypt the ICA protocol, securing communication sent between a MetaFrame Presentation Server and a client.
  • In-Path Interfaces Page - The Steelhead Management Console now includes an In-Path Interfaces page that includes a checkbox to enable Link State Propagation.
  • SSL Client Side Support - This feature includes support for optimizing SSL environments that use client-side SSL certificates to authenticate clients in addition to authenticating servers by the use of SSL certificates.
  • MAPI v2 Prepopulation - The Steelhead now includes support for MAPI v2 prepopulation.
  • SCEP/CRL GUI Support - You can now use the Steelhead Management Console for SCEP/CRL management in addition to the Command Line Interface (CLI).
  • Selective Optimization for SRDF - Delivers higher levels of performance, visibility and control of EMC’s SRDF enterprise SAN replication protocol. Includes the ability to track and tune optimization for SRDF on a per RDF-group basis, thereby increasing the overall optimization and performance of SRDF traffic and ultimately leading to improved Recovery Point Objectives (RPO).

RiOS 7.0

  • Acceleration of End-to-End Video Solutions - With stream splitting technology, also known as application layer multicasting, a single video stream can serve a large number of viewers in a particular location. When these new optimizations are combined with data streamlining to store on-demand videos in branch locations, QoS to prioritize bandwidth utilization, and prepositioning to proactively improve users’ video experience, Riverbed provides a robust video solution for the enterprise. These live and on-demand optimization capabilities also leverage current partnerships with leading video content management solutions providers such as Polycom, Adobe, Qumu and MediaPlatform. With these integrated solutions, organizations can not only enhance video production and content management but also delivery and distribution.
    • Optimizations for Adobe Video Solutions - Native stream splitting for Adobe Flash over HTTP allowing the effective delivery of multimedia communication and collaboration solutions to remote employees for live broadcasts as well as videos on demand.
    • Live Video Stream Splitting for Microsoft Silverlight - Organizations using Microsoft Silverlight can now use more video, effectively without increasing bandwidth capacity or negatively impacting the performance of other applications.
  • UDP Optimization – Now optimize applications that run on both TCP/IP and UDP, including replication solutions.
  • IPv6 - As IPv6 is adopted, RiOS 7.0 ensures organizations can take advantage of bandwidth optimization for UDP traffic and TCP over IPv6
  • ICA over SSL Optimization – Adds SSL to the available transport for ICA.
  • Client drive mapping - enables organizations to optimize content accessed directly from a thin client, including thumb drives.
  • On Demand Packet Capture - allows customers with Cascade Pilot to leverage Steelhead appliances in branch offices for on-demand packet capture and remote analysis.
  • Encrypted Lotus Notes – Organizations that have embraced Lotus Notes can now accelerate Encrypted Lotus Notes traffic.
  • Microsoft Online Services Optimization – Riverbed can now deliver increased performance for messaging and collaboration solutions, including Exchange Online, SharePoint Online and Office Live.
  • End-to-End Kerberos Authentication Support – Riverbed can now optimize applications that utilize the Kerberos authentication standard, which is used by Microsoft applications and platforms including Active Directory and Windows Server. 
  • Native Skipware Integration - Riverbed’s Skipware® software now integrates directly with RiOS 7.0.  Skipware is based on the proprietary commercial implementation of the Space Communications Protocol Standard (SCPS), which has become the de facto standard for US Department of Defense satellite networking environments.