SteelHead™ Deployment Guide - Protocols : HTTP Optimization : Use Case
Use Case
While automatic configuration is typically the preferred method of configuration, you have the option of manual configuration. The following use case shows a manual configuration.
A customer has a 1.5 Mbps link with 100 ms latency between the branch office and the data center. The PCs in the remote office are running Microsoft Windows XP with Internet Explorer 7. Users in the remote offices are complaining of slow access for SAP Netweaver and Microsoft SharePoint. The SAP Netweaver server has an IP address of and the Microsoft SharePoint server has an IP address of
Because both SAP Netweaver and Microsoft SharePoint are well-known applications, the customer configured the following on the client-side SteelHead.
Figure 4‑19. Two Subnet Server Settings Showing the New Recommended SharePoint Settings
After configuring the settings above, the customer noticed a significant improvement in response time for SAP Netweaver but no changes for Microsoft SharePoint—even though the connections are optimized with good data reduction. One of the users mentioned that the Microsoft SharePoint portal required authentication, which might be the reason why Parse and Prefetch did not work. Unfortunately, the system administrator in charge of the SharePoint portal cannot be reached at this moment and you cannot check the authentication setting on the server.
Instead of checking the authentication on the server, you can capture tcpdump traces and check for the authentication scheme in use. Figure 4‑20 shows the server has Kerberos enabled and hence the client attempts to authenticate using Kerberos first.
Figure 4‑20. TCP Dump Trace Confirming Kerberos Enabled
Figure 4‑21 confirms that by scrolling through the trace, the per-request Kerberos is configured on the server.
Figure 4‑21. TCP Dump Trace Showing Per-Request Kerberos
Figure 4‑22 shows that given this information, the best option is to enable Force NTLM for the SharePoint server.
Figure 4‑22. Enable Force NTLM
Taking another trace on the client-side SteelHead confirms that the only authentication option available is NTLM. Because there is no other authentication option but NTLM, the client is forced to authenticate via NTLM and Parse and Prefetch and prefetches can once again function as before.
Figure 4‑23. Trace Stream Showing NTLM as the Only Authentication Available
In this instance, it is not necessary to enable the other features, as the entire transaction took place over a single connection. If the client uses multiple TCP connections, then it might be necessary to enable reuse auth, strip auth header, and gratuitous 401. Enabling the rest of the features does not provide any benefit in this instance, but it does not cause any problems either.