SteelHead SD Overview
This chapter provides an overview of the SteelHead SD architecture, new features, hardware and software requirements, licensing, upgrading from SteelHead SD 1.0 to 2.0. It includes these sections:
This guide describes how to install a manufactured SteelHead SD appliance. It doesn’t describe how to upgrade an existing SteelHead CX570, CX770, or CX3070 appliance to a SteelHead SD appliance. For details on upgrading SteelHead to SteelHead SD, see the SteelHead SD In-Field Upgrade Guide.
This guide doesn’t provide detailed information about configuring and managing SD-WAN or WAN optimization features. For detailed information, see the SteelConnect Manager User Guide, SteelHead SD User Guide, and the SteelHead User Guide.
Introducing SteelHead SD
SteelHead SD combines SD-WAN and cloud networking capabilities (powered by SteelConnect) with Riverbed WAN optimization (powered by RiOS) into a single appliance. SteelHead SD seamlessly integrates advanced SD-WAN functionality with industry-leading WAN optimization, security, and visibility services all in one streamlined appliance. SteelHead SD WAN optimization reduces bandwidth utilization and accelerates application delivery and performance, while providing SteelConnect integration in the SteelOS environment.
SteelHead SD provides you with the ability to quickly provision branch sites and deploy applications remotely. At the same time, applications are optimized to ensure performance and reduce latency with zero touch provisioning.
Typically, SteelHead SD appliances and the SteelConnect SDI-2030 gateway are located in the branch office in conjunction with SteelConnect SDI-5030 gateways at the data center. The SteelConnect SDI-2030 gateway can also be deployed inline as a 1-Gbps data center gateway with active-active HA. The SteelConnect SDI-2030 gateway can also serve as a very large branch office box with high throughput requirements. The SteelConnect SDI-2030 gateway doesn’t support WAN optimization capabilities.
SteelHead SD 2.0 advanced routing and high availability (HA) features are supported on the SteelHead SD 570-SD, 770-SD, and 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the branch. For details, see the SteelHead SD User Guide and the SteelConnect Manager User Guide.
SteelHead SD deployment
SteelHead SD supports these configurations:
•SD-WAN and WAN optimization - In this configuration, WAN optimization runs as a service on top of SD-WAN. The SteelCentral Controller for SteelHead (SCC) or the SteelHead Management Console handles management and configuration of the WAN optimization features. Also, SteelHead CLI-based management is supported for WAN optimization settings. You connect to the Management Console via the primary port, which also uses DHCP to acquire its IP address. For details about configuring WAN optimization features, see the SteelCentral Controller for SteelHead User Guide and the SteelHead User Guide.
•SD-WAN only - In this configuration, WAN optimization isn’t required. SCM handles the management and configuration of SD-WAN features. SCM connectivity requires one of the WAN ports that are used as uplink ports. Only the SD-WAN service can be enabled or disabled via SCM. The SD-WAN service upgrades are managed via SCM. SCM pushes the new software version according to the schedule that you set up. For details about configuring SD-WAN features, see the SteelConnect Manager User Guide and the SteelHead SD User Guide.
SteelHead SD software architecture
SteelHead SD is based on the SteelOS infrastructure. It separates the control and data planes with internal virtual machine (VM) chaining, which provides management-plane autorecovery.
SteelHead SD platform architecture
SteelHead SD provides a flexible service platform, consisting of:
•Routing virtual machine (RVM) - The RVM is the control plane for all the underlay routing. All configuration from SCM (protocol, interface route maps, and policies) form the Routing Information Base (RIB) and the Forwarding Information Base (FIB), which is sent to the RVM. After the final FIB is formed, it is sent to the service core in the service virtual machine (SVM). SteelHead SD provides a clear separation between the data plane and the control plane.
•Service virtual machine (SVM) - The SVM is the core data plane of the appliance, which provides service chained network functions. These VMs include services such as QoS shaping, QoS marking, traffic filtering, path selection, encryption, application identification, and so forth. This architecture allows for extensible plug-and-play services that can be enabled, disabled, or reused in the packet flow chain, which in turn provides faster recovery and minimal disruption. For SteelHead SD, each packet goes through its own set of service functions (LAN ingress, LAN egress, WAN ingress, WAN egress).
•Virtual SteelHead (VSH) - The VSH manages WAN optimization services. WAN optimization is service chained into the data path and requires subscription-based licensing. Only one in-path interface is defined on SCM. This single in-path interface represents the VSH that is service chained into the SVM. It doesn’t matter what zone you put the VSH in; any packets coming into any zone are sent to the VSH. Because the VSH is separated from the routing plane, it provides WAN optimization functionality for VLANs.
•Controller virtual machine (CVM) - The CVM controls and orchestrates the entire system. It’s basically the control plane for SD-WAN and routing functions. It obtains all the configuration information from the SVM and RVM. The CVM manages appliance start up, licenses, initial configuration, and interface addressing. For details on CVM recovery from failures, see the SteelConnect Manager User Guide.
SteelHead SD port mapping between the VMs and physical ports
The SVM and RVM connect to all ports on the SteelHead SD appliance except for the primary port. The primary port (PRI) is connected directly to the VSH. The CVM is connected to the auxiliary (AUX) port and the WAN uplinks only. All the data and control packets are handled by the SVM and RVM.
The SteelHead SD AUX, LAN (LAN0_0, LAN0_1 or on the CX3070 LAN3_0, LAN3_1), and WAN (WAN0_0, WAN0_1 or on the CX3070 WAN3_0, WAN3_1) ports are connected to the SVM and RVM. Basically, there is a Layer 3 edge router on all of these ports.
The AUX and WAN ports are configured as uplinks on SCM. The AUX port can be used as an additional WAN uplink. The AUX port is also the dedicated port for SteelHead SD high-availability deployments.
Port mapping between VMs and physical ports
New features in SteelHead SD 2.0
SteelHead SD 2.0 features are supported on SteelHead SD 570-SD, 770-SD, and 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the branch. SteelHead SD 2.0 provides these features:
•OSPF/ABR enterprise-class routing - Open Shortest Path First (OSPF) is one of the most popular dynamic routing protocols used as an interior gateway protocol (IGP) in enterprise environments. SteelHead SD 2.0 and the SteelConnect SDI-2030 gateway support single and multi-area OSPF capabilities. Area border router (ABR) is also supported for route distribution and advertisements across a multiarea OSPF network. These advanced OSPF capabilities enable quick and seamless integration with OSPF on the LAN side of enterprise networks.
•eBGP and iBGP support - SteelHead SD 2.0 supports External Border Gateway Protocol (eBGP) and Internal Border Gateway Protocol (eBGP). eBGP is typically used in MPLS environments as an exterior gateway protocol (EGP) dynamic routing protocol. With eBGP support on SteelHead SD appliances and the SteelConnect SDI-2030 gateway, the system is able to learn and advertise routes onto the MPLS underlay network. This feature enables easy integration into the service provider’s MPLS networks without the need for complex and tedious static route configurations. SteelHead SD 2.0 also supports iBGP for interior routing within the branch office or the data center.
•ASBR support - Autonomous system boundary router (ASBR) support enables distribution of routes between different autonomous systems (AS). With full ASBR support, SteelHead SD 2.0 can distribute routes between OSPF on the LAN-side and BGP on WAN-side of your network. As part of this capability, SteelHead SD 2.0 supports route filtering and policy maps that enable you to control which routes can or cannot be distributed. The eBGP and ASBR features enable you to replace customer edge (CE) routers in branch offices.
•Topology discovery for LAN subnets - This feature enables distribution of routes from the LAN side of the network into the overlay network. Thus the SD-WAN fabric is aware of all dynamically learned routes on the LAN side of the remote sites. The topology discovery for the LAN subnets feature renders an intelligent overlay fabric for your network, avoiding tedious route configurations.
•LAN-side VLAN 802.1q support - Multiple VLANs are very common in Layer 2 (L2) network environments on the LAN side. With this feature, multiple VLANs are supported on the same LAN port (that is, trunk-port functionality). VLANs are used for segmenting networks at L2 and provide basic security for network traffic by limiting broadcast domains and network flooding.
•1:1 active-active mode HA - With 1:1 active-active HA you can deploy a pair of SteelHead SD appliances or SteelConnect SDI-2030 gateways with failover protection against LAN failures, appliance software and hardware failures, and WAN uplink failures. A key feature in active-active mode is both WAN uplinks are active, which improves overall HA failover performance. Enterprise networks have stringent network reliability requirements and 1:1 HA is a mandatory requirement for ensuring 24/7 business continuity.
•Troubleshooting and visibility: Health Check, Insights, Syslog, and SNMP - Health Check is the existing device and network health monitoring tool in SCM. Insights is a flow-based monitoring tool that provides insight into end-to-end deployments with visibility into users, applications, sites, uplinks, and networks. SteelHead SD appliances and SteelConnect SDI-2030 gateways can be monitored using Health Check and are integrated into the Insights reporting tool. They also provide SNMP-based management for easy integration into external operations support systems (OSS) and network management systems (NMS). Syslog support provides advanced logging capabilities to external servers for advanced troubleshooting and visibility.
•Advanced deployment support: split data center, direct alternate path for mesh environments - These deployments were introduced in the SteelConnect 2.10 release. With SteelHead SD 2.0/SteelConnect 2.11, these features are available on SteelHead SD 570-SD, 770-SD, 3070-SD appliances and the SteelConnect SDI-2030 gateway. Collectively these advanced deployment features increase ease of operational integration and network management.
•Zscaler security support - The Zscaler cloud security solution is supported on SteelHead SD 570-SD, 770-SD, and 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the branch. SteelHead SD appliances and SteelConnect SDI-2030 gateways also provide Zscaler support for HA deployments.
Feature changes from SteelHead SD 1.0 to SteelHead SD 2.0
This table summarizes the feature changes for SteelHead SD 2.0.
SteelHead SD 1.0 feature | Feature after upgrading to SteelHead SD 2.0 |
SteelHead-side configuration settings are not preserved when you upgrade to SteelHead SD 2.0/SteelConnect 2.11. | Use the SteelCentral Controller for SteelHead (SCC) backup and restore functions to save and reapply SteelHead-side configuration settings. For details, see the Knowledge Base article, S32688. |
Multiple in-path interfaces for WAN optimization are not supported on SteelHead SD 2.0. | SteelHead SD 2.0 does not support multiple in-path interfaces. SteelHead SD 2.0 supports a single in-path interface for WAN optimization. SteelHead SD is a Layer 3 gateway and multiple LAN ports are mapped to a single in-path interface. Multiple in-path interfaces are unnecessary on SteelHead SD appliances. To simplify in-path configuration and for ease-of-use, after upgrading to SteelHead SD 2.0 you will see only a single in-path interface in the SteelHead Management Console or the SCC. If you have multiple in-path interfaces configured for WAN optimization, you must make in-path configuration changes to account for this change. |
The gateway bypass feature is not supported with SteelHead SD 2.0. | The SteelConnect gateway bypass feature is no longer supported on SteelHead SD 2.0. If at any point the status of the virtual SteelHead instance shows a failure condition, for example a reboot or a crash, the system stops sending traffic that was destined for the virtual SteelHead. Instead, it bypasses the SteelHead thereby ensuring the traffic is not black-holed. You can compare this behavior with a physical SteelHead entering bypass mode. A remote-site network redesign might be required. Consult with your Riverbed sales engineer or Riverbed Professional Services at
http://www.riverbed.com/services/index.html. |
Active-passive high availability (HA) is not supported. | Previous versions of SteelHead SD supported an active-passive HA scheme. Because SteelHead SD 2.0 supports active-active HA, you can’t upgrade your SteelHead SD 1.0 HA seamlessly to SteelHead SD 2.0 HA. You must first manually unpair your master and backup appliances in SCM, upgrade to SteelConnect 2.11, and reconfigure HA in SCM. For details on configuring HA in SCM, see the SteelHead SD User Guide and SteelConnect Manager User Guide. |
SD-WAN feature restrictions for SteelHead SD 2.0
This table summarizes the SDWAN feature restrictions for SteelHead SD 2.0.
SD-WAN feature | Description |
Static uplinks on the WAN | If you have static uplinks on the WAN, a default static route is not added automatically in SteelConnect. On SCM, you must manually add static routes to reach networks that aren't present on the SteelConnect overlay network in order to send packets on those WANs. For details, see the Knowledge Base article, S32693. |
WAN AutoVPN memberships | WAN AutoVPN memberships for zones are not supported on SteelHead SD 2.0 and SteelConnect 2.11 appliances. |
Redirection of UDP traffic through the virtual SteelHead | Redirection of UDP traffic through the virtual SteelHead is not supported in SteelHead SD 2.0. You will not be able to optimize UDP traffic using the SteelHead IP blade. |
Classic VPN | Classic VPN is not supported on SteelHead SD 2.0 and SteelConnect 2.11 appliances. |
Flow distribution | Flow distribution for internet traffic across similar uplinks is not supported on SteelHead SD 570-SD, 770-SD, and 3070-SD appliances |
General SD-WAN features | The following general SD-WAN features are not supported on SteelHead SD 570-SD, 770-SD, 3070-SD, and SDI-2030 appliances: •PPPoE •LTE uplinks •USB port for tethering (initial ZTP/SCM via USB tethering) •Cloudifi •Agents tab under Sites |
LAN-side settings | The following LAN-side settings are not supported on SteelHead SD 570-SD, 770-SD, 3070-SD, and SDI-2030 appliances: •Multiple physical ports in a single zone. •Spanning tree on LAN side. •Multiple physical ports in a zone. •Native VLANs. •zones Import configuration at the Site level. •xLAN option under Site configuration. |
Path preference/path selection restrictions | When WAN optimization is enabled and the application target of a traffic rule is set to SSL, SteelConnect does not correctly classify SSL traffic and the traffic will not travel across the SteelHead optimized path. For details, see the Knowledge Base article, S32180. |
Traffic path rule restrictions | When the SteelHead is located out-of-path, application-based path preference rules are not honored for deployments using WAN optimization with fixed target in-path rule to the SteelHead. You have these configuration options: •Convert your deployment to an in-path or virtual in-path and adjust SteelHead SD WAN optimization in-path rules to remove the fixed target setting. •Adjust the SteelHead SD WAN optimization in-path rules to pass-through and disable WAN optimization for application types you want to have follow the path preference rules. |
Static uplinks on the WAN | If you have static uplinks on the WAN, a default static route is not added automatically in SteelConnect. On SCM, you must manually add static routes to reach networks that aren't present on the SteelConnect overlay network in order to send packets on those WANs. For details, see the Knowledge Base article, S32693. |
Source NAT on underlay traffic | Source NAT on underlay traffic is not supported on SteelHead SD 570-SD, 770-SD, 3070-SD, and SDI-203 appliances. SteelHead SD appliances do not perform source NATing on underlay traffic exiting via the Internet uplink if it is destined for a private address, regardless of the configured outbound NAT setting. This is a change from the previous behavior for SteelHead SD 1.0 appliances, if NAT was enabled for an uplink, NAT was performed for all traffic exiting via the Internet uplink. For details on configuring NAT, see the SteelConnect Manager User Guide. |
RADIUS/Authentication server under Sites configuration in SCM | RADIUS/Authentication server under Sites configuration in SCM is not supported on SteelHead SD 570-SD, 770-SD, 3070-SD, and SDI-2030 appliances. Consult with your Riverbed sales engineer or Riverbed Professional Services at http://www.riverbed.com/services/index.html. |
SteelHead SD and SteelConnect feature compatibility by model
Feature | SteelHead SD 570-SD, 770-SD, 3070-SD | SDI-2030 | SDI-130 | SDI-330 | SDI-1030 | SDI-5030 | Virtual GW | Cloud GW |
eBGP | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
iBGP | Yes | Yes | No | No | No | No | No | No |
OSPF single area | Yes | Yes | Yes | Yes | Yes | No | No | — |
OSPF multi-area ABR | Yes | Yes | No | No | No | No | No | — |
ASBR | Yes | Yes | Yes* (Underlay routing inter-working solution) | Yes* (Underlay routing inter-working solution) | Yes* (Underlay routing inter-working solution) | No | Yes* (Underlay routing inter-working solution) | No |
Route retraction | Yes | Yes | No | No | No | Yes | No | No |
Default route originate | OSPF/BGP | OSPF/BGP LAN and WAN | OSPF-only LAN | OSPF-only LAN | OSPF only LAN | BGP only | OSPF-only LAN | No |
Overlay route injection in LAN | Yes | Yes | No | No | No | Yes | No | No |
Local subnet discovery | Yes | Yes | No | No | No | Yes | No | No |
Static routes | Yes | Yes (LAN and WAN) | Yes (3rd-party routes) | Yes (3rd-party routes) | Yes (3rd-party routes) | Yes | Yes (3rd-party routes) | Yes (3rd-party routes) |
VLAN support (LAN side) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | — |
1:1 Active-Active High Availability | Yes | Yes | No (Active-Passive HA) | No (Active-Passive HA) | No (Active-Passive HA) | No (HA cluster) | No (Active-Passive HA) | No (Active-Passive HA AWS) |
Brownfield transit for internet-only branch | Yes (As an edge device only) | Yes | Yes (As an edge device only) | Yes (As an edge device only) | Yes | Yes | Yes (As an edge device only) | Yes (As an edge device only) |
Native VLAN support | No | No | Yes | Yes | No | No | Yes | — |
*SCM 2.9 and later support an underlay routing interworking solution that bridges BGP and OSPF. For details, see the SteelConnect Manager User Guide.
Hardware and software requirements
Riverbed component | Hardware and software requirements |
SteelHead SD appliance | The SteelHead SD 570-SD and 770-SD appliances are desktop models. The SteelHead SD 3070-SD appliance requires a 19-inch
(483 mm) four-post rack. For details, see the Rack Installation Guide. |
SteelHead SD Management Console | The Management Console has been tested with all versions of Chrome, Mozilla Firefox Extended Support Release version 38, and Microsoft Internet Explorer 11. JavaScript and cookies must be enabled in your web browser. |
SteelConnect and SteelConnect Manager (SCM) | SteelHead SD requires SteelConnect 2.11or later. SCM supports the latest version of the Chrome browser. SCM requires a minimum screen resolution of 1280 x 720 pixels. We recommend a maximum of 1600 pixels for optimal viewing. |
SteelCentral Controller for SteelHead (SCC) | We recommend you have SCC 9.7.1 installed. |
Firewall requirements
The SteelHead SD 570-SD, 770-SD, 3070-SD, and SDI-2030 support stateful application-based firewalls at the network edge. For details on SteelConnect firewall and security features, see the SteelConnect SD-WAN Deployment Guide.
All communication is sourced from the site out to the SteelConnect management service. There’s no need to set up elaborate firewall or forwarding rules to establish the dynamic full-mesh VPN or to gain connectivity to the cloud. After you register an appliance, it receives its assigned configuration automatically. For details on SteelConnect firewall requirements, see the SteelConnect Manager User Guide.
Make sure the firewall ports 80 and 443 are open so that software installation and SCM operations aren’t blocked. For details on SteelConnect default ports, see the
SteelConnect Connection Ports. Ethernet network compatibility
The SteelHead SD appliance supports these Ethernet networking standards.
Ethernet standard | IEEE standard |
Ethernet Logical Link Control (LLC) | IEEE 802.2 - 1998 |
Fast Ethernet 100BASE-TX | IEEE 802.3 - 2008 |
Gigabit Ethernet over Copper 1000BASE-T (All copper interfaces are autosensing for speed and duplex.) | IEEE 802.3 - 2008 |
Gigabit Ethernet over Fiber 1000BASE-SX (LC connector) | IEEE 802.3 - 2008 |
Gigabit Ethernet over Fiber 1000BASE-LX | IEEE 802.3 - 2008 |
Gigabit Ethernet over Fiber 10GBASE-LR Single Mode | IEEE 802.3 - 2008 |
Gigabit Ethernet over 10GBASE-SR Multimode | IEEE 802.3 - 2008 |
SNMP-based management compatibility
SteelConnect SD-WAN service supports proprietary MIBs accessible through SNMPv2 and SNMPv3. For detailed information about the SD-WAN service MIB, see the SteelConnect Manager User Guide.
The SteelHead WAN optimization supports proprietary MIBs accessible through SNMP, SNMPv1, SNMPv2c, and SNMPv3, although some MIB items might only be accessible through SNMPv2 and SNMPv3. For detailed information about the WAN optimization service MIB, see the SteelHead User Guide.
For detailed information on SteelConnect SNMP support, see the SteelConnect Manager User Guide and the SteelHead SD User Guide.
NIC support
Network interface card (NICs) are supported on the SteelHead SD 3070-SD appliances for nonbypass traffic. SteelHead SD 570-SD and 770-SD appliances do not support NICs.
For SteelHead SD 3070-SD appliances, bypass NICs aren’t required for SteelConnect gateway deployments since LAN traffic requires network address translation (NAT) before it reaches the service provider network.
You can install these NICs in the SteelHead SD 3070-SD for nonbypass traffic.
NICs | Size (*) | Manufacturing part # | Orderable part # |
Two-Port 10-GbE Fiber SFP+ | HHHL | 410-00036-02 | NIC-1-010G-2SFPP |
Four-Port 10-GbE Fiber SFP+ | HHHL | 410-00108-01 | NIC-1-010G-4SFPP |
*HHHL = Half Height, Half Length
For details on NICs, see the Network and Storage Card Installation Guide.
Licensing
SteelHead SD 2.0 requires a WAN optimization subscription license if you want to use the WAN service. The WAN optimization subscription license is an optional purchase. (Existing SteelHead SD 1.0 customers are not required to purchase a WAN optimization subscription license.)
SteelConnect SD-WAN service licensing
The SteelConnect SD-WAN service requires a gateway management subscription license that is managed by SCM. You must obtain this license before you begin the installation process.
After purchasing SteelHead SD, you will receive these emails:
•An email with the license token and SteelConnect serial number. You redeem the token in SCM where all hardware nodes and license keys are added to your organization. Each token is redeemable only once.
•An email that contains the URL for connecting to SCM and the default login and password: admin and pppp. This email is requested by the sales team and sent by the Riverbed Cloud Operations team.
If you don’t receive these emails, contact your sales representative or Riverbed Support at
https://support.riverbed.com.
To redeem the SD-WAN service token
1. Open the email you received from Riverbed and copy the token.
2. Connect to SCM.
3. Choose Organization > Licenses.
4. Click Redeem Token and paste the token into the text box.
5. Click Submit.
If automatic licensing fails, go to the Riverbed Licensing Portal at https://licensing.riverbed.com/ and follow the instructions for retrieving your licenses. The licensing portal requires a unique product ID such as a serial number, a license request key (activation code), or a token, depending on the product. Online instructions guide you through the process.
SteelHead WAN optimization service licensing
The SteelHead WAN optimization service requires an MSPEC license. Once you connect SteelHead SD to the network, the system automatically contacts the Riverbed Licensing Portal to retrieve and install license keys for the WAN optimization service.
If automatic licensing fails, go to the Riverbed Licensing Portal at https://licensing.riverbed.com/ and follow the instructions for retrieving your licenses. The licensing portal requires a unique product ID such as a serial number, a license request key (activation code), or a token, depending on the product. Online instructions guide you through the process.
Upgrading from SteelHead SD 1.0 to 2.0
All SteelHead SD 1.0 customers will be automatically upgraded to SteelHead SD 2.0 and SteelConnect 2.11. SteelConnect automatically upgrades to 2.11 according to the schedule and restrictions you have set in SteelConnect Manager (SCM). For details on scheduling updates in SCM, see the SteelConnect Manager User Guide.
Before proceeding with the SteelHead SD 2.0 upgrade process:
•Previous versions of SteelHead SD supported an active-passive HA scheme. Because SteelHead SD 2.0 supports active-active HA, you can’t upgrade your SteelHead SD 1.0 HA seamlessly to SteelHead SD 2.0 HA. You must first manually unpair your master and backup appliances in SCM, upgrade to SteelConnect 2.11, and reconfigure HA in SCM. For details, see the SteelHead SD User Guide.
•You must back up your SteelHead WAN optimization configuration prior to upgrading to SteelHead SD 2.0. Secure vault contents (that is, certificates and keys) are not saved during the upgrade process; you must reinstall any SSL or proxy certificates. You can use the backup and restore functions on the SCC or the SteelHead Management Console to save and reapply the SteelHead configuration settings.
–To back up your system and SteelHead appliances from the SCC, choose Manage > Operations: Backup/Restore to back up your configuration. For details, see the SteelCentral Controller for SteelHead User Guide.
–To save your SteelHead configurations from the SteelHead Management Console, choose Administration > System Settings to save and copy your configuration to a local machine. For details, see “Managing configuration files,” in the SteelHead User Guide.
•To upgrade to SteelHead SD 2.0, you must have internet connectivity for the SteelHead and the SteelConnect virtual gateway. With internet connectivity, both SteelHead perpetual and SteelConnect virtual gateway subscription licenses will be applied as part of the SteelHead SD 2.0 upgrade process.
•SteelHead SD 2.0 supports a single in-path interface for WAN optimization. SteelHead SD is a Layer 3 (L3) gateway, and multiple LAN ports are mapped to a single in-path interface—multiple in-path interfaces are unnecessary on SteelHead SD appliances. To simplify in-path configuration and for ease-of-use, after upgrading to SteelHead SD 2.0 you will see only a single in-path interface in the SteelHead Management Console or the SCC. If you have multiple in-path interfaces configured for WAN optimization, you must make in-path configuration changes to account for this change.
•The SteelConnect gateway bypass feature supported on SteelHead SD 1.0 is no longer supported on SteelHead SD 2.0. If at any point the status of the virtual SteelHead instance shows a failure condition, for example a reboot or a crash, the system stops sending traffic that was destined for the virtual SteelHead. Instead, it bypasses the SteelHead thereby ensuring the traffic is not black-holed. You can compare this behavior with a physical SteelHead entering bypass mode.
•You might need to recable SteelHead SD appliances in HA deployments when you upgrade to SteelHead SD 2.0. The AUX port is mandatory for back-to-back connectivity for SteelHead SD 2.0 HA deployments.
To upgrade SteelHead appliances using the SCC
1. Choose Manage > Upgrades: Upgrade Appliances to display the Upgrade Appliances page.
2. Click Launch a new upgrade job to display the Welcome page.
3. Click Select your appliances to display the Select your appliances to upgrade page.
4. Complete the configuration as described in this table.
Setting | Description |
Choose product type | Select the product type from the drop-down list. |
Choose target version | Select the target version from the drop-down list. |
View ineligible appliances | Click to view the ineligible appliances for the upgrade job. |
Filter | Select Show All from the drop-down list to view all appliances eligible for upgrade. You can filter appliances by current version, group, hostname, IP address, model, and serial number. •Show Selected Appliances - Select an appliance to view and select this option from the drop-down list to view appliance details. Click Return to Eligible Appliances to return to the list. |
Select/Unselect all | Select the check box to either select or unselect all the appliances. |
5. Click Configure Settings to display the Settings page and complete the configuration as described in this table.
Setting | Description |
Notes for this upgrade job | Optionally, specify any notes for the new upgrade job. |
Upgrade Time | •Upgrade Now - Select this option to start the upgrade now. •Schedule the upgrade - Select this option to schedule the upgrade. •UTC time - Specify the UTC date and time in this format: yyyy/mm/dd hh:mm:ss •Local time - Specify the local date and time in this format: yyyy/mm/dd hh:mm:ss |
Reboot Options | •Reboot immediately after installing the image - Select this option to reboot the appliance immediately after installing the image. •Schedule the reboot after installing the image - Select this option to schedule the reboot. •UTC time -Specify the UTC date and time in this format: yyyy/mm/dd hh:mm:ss •Local time - Specify the local date and time in this format: yyyy/mm/dd hh:mm:ss •Don’t reboot - Select this option to not reboot the appliance. |
6. Click Summary to display the Summary page that lists your upgrade settings.
7. Click Upgrade to launch the software upgrade.
For detailed procedures, see the SteelCentral Controller for SteelHead User Guide.
To upgrade the software using the SteelHead Management Console.
1. Connect to the SteelHead Management Console.
2. Choose Administration > Maintenance: Software Upgrade.
3. Enter the SteelHead SD upgrade image URL in the From URL field.
4. Click Install.
The software image is downloaded and installed on the other partition with RiOS still running on the appliance. You can stop the upgrade process at this step and retain your original SteelHead image and configuration settings. The new software is only installed once you reboot the appliance.
5. Choose Administration > Maintenance > Reboot/Shutdown.
6. Click Reboot. The appliance will reboot into SteelHead SD installer to install the product image. The installation takes approximately twenty minutes.
For detailed procedures, see the SteelHead User Guide.
Preparing your site for installation
Before you begin, make sure your shipment contains all the items listed on the packing slip. If it doesn’t, contact your sales representative.
Your site must meet these requirements:
•It is a standard electronic environment where the ambient temperature doesn’t exceed 104ºF
(40ºC) and the relative humidity doesn’t exceed 80% (noncondensing).
•Ethernet connections are available within the standard Ethernet limit.
•There is space on a standard four-post 19-inch Telco-type rack. For details about installing the SteelHead in a rack, see the Rack Installation Guide or the printed instructions that were shipped with the system. (If your rack requires special mounting screws, contact your rack manufacturer.)
•A clean power source is available, dedicated to computer devices and other electronic equipment.
The appliance is completely assembled, with all the equipment parts in place and securely fastened. The appliance is ready for installation with no further assembly required.
Before you begin
•Any interim firewalls must be configured to allow traffic on ports 80 and 443 so that the software installation and SCM operations aren’t blocked. (Also any additional firewall configurations must allow traffic to and from the SteelHead appliance that is being upgraded.)
•We highly recommend that your network provides a DHCP service so the appliance can establish a connection automatically.