WAN Optimizatoin - SaaS && Cloud

標籤：

Part 1: SteelHead SaaS

• SteelHead SaaS uses Akamai‘s SRIP overlay network.
• Sure Route IP(SRIP) is an Akamai overlay network that allows optimized netwrok traffic across the Internet.
• SRIP continuously maps Internet to calculate shortest path.
• Cloud SteelHeads are hosted in Akamai POPs.
• Akamai Edge Server that allows access to SaaS provider is called SRIP Gateway.

 

SteelHead SaaS Network Architecture

 

 

Direct Branch VS Back Hauled Deployment

Direct Branch Mode - SteelHead in branch sends SaaS traffic directly to Akamai Edge server on Internet.

Back Hauled Mode - SaaS traffic from Branch is frist back hauled to a datacenter SteelHead. 

 

 

Enabling Direct Branch/Back Haul Mode

Check "Enable Cloud Acceleration Redirectoin" ON clould Portal to use Directly Branch Deployment mode.

Check "Enable Cloud Acceleration Redirection" OFF in clould Portal to use Back Haul mode.

 

Riverbed Cloud Portal(https://cloudportal.riverbed.com)

Hosted on Amazon Web Services and used to control SteelHead SaaS service.

Used to create proxy certificates.

Allow user to control:

 - which SteelHead appliances are authorized to connect to the service

 - which SaaS application should be optimized.

 

SteelHead SaaS Proxy Certificates

SteelHead SaaS uses unique Proxy certificates generated by Akamai that emulate the real certificate of the SaaS provider.

A Proxy Certificate is needed for each SaaS hostname.(ie. *.salesforce.com / *.sharepoint.com)

You can request and generate these SaaS Proxy Certificates from the Riverbed Cloud Portal.

The Proxy Certificate is these presendted by the Akamai Cloud SH to the end user.

Proxy Certificates can be signed by customer‘s internal CA or by Akamai‘s CA.

 

Secure Peering

SSL licenses

Need to enable "Trust Enterprise SteelHead Peering Certificates" from RB cloud portal.

 

Troubleshooting SteelHead SaaS

Make sure firewalls allow traffic for UDP port 9545 to and from the SteelHead In-Path IP.

Make sure NTP on the SteelHead is enabled with the correct time.

Make sure SteelHead is configured with valid DNS entries.

Make sure there is a Proxy Certificate for each SaaS hostnaem.

 

WAN Optimizatoin - SaaS && Cloud