Part 1:steelhead SaaS
- SteelHead SaaS uses Akamai ' s Srip overlay network.
- Sure Route IP (srip) is a Akamai overlay network that allows optimized Netwrok traffic across the Internet.
- Srip continuously maps Internet to calculate shortest path.
- Cloud Steelheads is hosted in Akamai POPs.
- Akamai Edge Server that allows access to the SaaS provider is called Srip Gateway.
SteelHead SaaS Network Architecture
Direct Branch VS back hauled Deployment
Direct Branch Mode-steelhead in Branch sends SaaS traffic directly to Akamai Edge servers on the Internet.
Back hauled Mode-saas traffic from Branch are frist back hauled to a datacenter SteelHead.
Enabling Direct Branch/back Haul Mode
Check "Enable Cloud acceleration Redirectoin" on the clould Portal to use Directly Branch Deployment mode.
Check "Enable Cloud acceleration Redirection" OFF in the Clould Portal to use the back Haul mode.
Riverbed Cloud Portal (https://cloudportal.riverbed.com)
Hosted on the Amazon Web Services and used to control SteelHead SaaS service.
Used to create proxy certificates.
Allow user to control:
-which SteelHead appliances is authorized to connect to the service
-which SaaS application should be optimized.
SteelHead SaaS Proxy Certificates
SteelHead SaaS uses unique Proxy certificates generated by Akamai, emulate the real certificate of the SaaS provider.
A Proxy Certificate is needed for each SaaS hostname. (ie. *.salesforce.com/*.sharepoint.com)
You can request and generate these SaaS Proxy certificates from the Riverbed Cloud Portal.
The Proxy Certificate is these presendted by the Akamai Cloud SH to the end user.
Proxy certificates can be signed by customer's internal CA or by Akamai's CA.
Secure Peering
SSL licenses
Need to enable ' Trust Enterprise SteelHead peering certificates ' from RB Cloud portal.
Troubleshooting SteelHead SaaS
Make sure firewalls allow traffic for UDP ports 9545 to and from the SteelHead In-path IP.
Make sure NTP on the SteelHead are enabled with the correct time.
Make sure SteelHead are configured with valid DNS entries.
Make sure there are a Proxy Certificate for each SaaS Hostnaem.
WAN Optimizatoin-saas && Cloud