SteelHead™ Deployment Guide - Protocols : CIFS and HTTP Prepopulation : CIFS Prepopulation
  
CIFS Prepopulation
CIFS prepopulation uses a flexible scheduler to prepopulate the RiOS data store. When a client on the remote LAN requests data again, only new or modified data is sent over the WAN, which dramatically increases the rate of data transfers. Unlike with Proxy File Service (PFS), the client-side SteelHead drops the actual data files it has received, but maintains SDR data in the RiOS data store.
Because CIFS prepopulation uses the CIFS/SMB protocol, you can use a Windows machine, or any other CIFS/SMB capable NAS filer, for the file server.
In RiOS v7.0 or later, CIFS shares that require SMB signing are fully supported. Depending on the file server configuration, the authentication for SMB signing can be NTLM or Kerberos, but both methods are supported by CIFS prepopulation. To populate SMB-signed CIFS shares, you must join the SteelHead to the domain in which the shares are published or to a trusted domain.
If the file server authentication is NTLM, then you must configure NTLM Transparent mode on the server-side SteelHead. If the file server authentication is Kerberos, then you must configure the AD environment that the server-side SteelHead has joined (by creating a replication user account) and configure the server-side SteelHead to support Kerberos.
For more information, see Encrypted MAPI Optimization and Kerberos. For more information about SMB signing, see Signed SMB and Encrypted MAPI Optimization.
Figure 10‑1. Traffic Flow for CIFS Prepopulation
When you create a share using CIFS prepopulation, the SteelHead attempts to connect to the destination server on port 139. You must enable NetBIOS over TCP/IP on a Microsoft Windows machine (server or client) to accept the connection on port 139. On a Windows server, enter the following command to see if it is listening on port 139:
C:\>netstat -an | find ":139"
TCP 192.168.1.20:139 0.0.0.0:0 LISTENING
If you do not see similar output with the correct host IP, NetBIOS over TCP/IP is not enabled on the interface. You can enable it on the relevant interface from the WINS tab in the Advanced TCP/IP settings.
In RiOS v8.5 or later, you can create policies and rules for a higher level of control over which files the system transfers to warm the RiOS data store. A policy is a group of rules that select particular files to prepopulate; for example, you can create a policy that selects all PDF files larger than 300 MB created since January 1st of 2013.
To configure CIFS prepopulation and add a CIFS share using the Management Console
From the Management Console, choose Optimization > Protocols: CIFS Prepopulation.
Select Enable CIFS Prepopulation and click Apply.
Figure 10‑2. CIFS Prepopulation Page
Select Add a Prepopulation Share.
Specify the remote path where data is stored in UNC standard: for example, \\bw-sfowad1\shared.
Specify the account username. This is the login name that has a minimum of read access to the remote path.
Specify your password and confirm your password.
Add a comment about the share. Comments cannot include an ampersand (&).
Specify a time limit that the synchronization job should not exceed.
Specify a limit on the amount of data in the synchronization job.
Select either current files for synchronization or use the latest share snapshot.
If no snapshots are available, the system uses the current files.
To schedule regular prepopulation events, select Enable Scheduled Synchronization (optional).
You can schedule full synchronization or incremental synchronization. Use Full Sync for data store wrap to keep potentially evicted data warm.
If a Full Sync and an Incremental Sync occur simultaneously, the Full Sync takes precedence.
Click Add Prepopulation Share.
Click Apply.
Figure 10‑3. CIFS Prepopulation Share Information
Share synchronization begins, based on the parameters you entered.
You cannot configure CIFS shares to be guest, anonymous, or public Samba shares without a password.
You can create synchronization policies in RiOS v8.5 or later. Synchronization polices enable you to define granular synchronization using filters for inclusion and exclusion specific data types.
To configure CIFS prepopulation policies
Open an existing prepopulation share.
Select Add a Policy.
Specify the policy name and a description.
Select data types from the drop-down list to create filers for the policy:
  • File extension
  • File size
  •  
  • Access time
  • Creation time
  • Modify time.
    Figure 10‑4. CIFS Synchronization Policy Filers
    For more information about the CIFS prepopulation CLI commands and configuration, see the Riverbed Command-Line Interface Reference Manual.
    Design Considerations
    This section describes several design considerations.
    Prewarming the RiOS data store during off-hours helps to reduce WAN bandwidth consumption during peak hours. When you configure CIFS prepopulation, it tries to use all available bandwidth. If you want to control bandwidth usage with CIFS prepopulation, you can configure QoS so that only a portion of the bandwidth is used for CIFS prepopulation.
    To configure QoS to work with CIFS prepopulation
    On the server-side SteelHead, enable QoS and set the proper link speed.
    Set up a QoS class. Name it PREPOP and set an upper limit (for example, 10%).
    Set up a QoS rule for the class PREPOP with a destination of the client-side SteelHead primary IP and give it a lower priority.
    For more information about QoS, see the SteelHead Deployment Guide.
    In RiOS v7.0 or later, clients can authenticate to servers requiring signing and synchronizing transparently from a Windows 2003 server DFS share.
    NTLM authentication mode is supported in RiOS v7.0 or later. In previous RiOS versions, CIFS prepopulation could only be performed against unsigned servers and required the use of transparent prepopulation support and the Riverbed Copy Utility (RCU) on the server.
    In RiOS v7.0 or later, you can set the length of time a CIFS prepopulation command is to run. The time is reflected in seconds. You can run a test report on the client-side SteelHead to view the expected changes to be synchronized. A sample report follows:
    (config) # prepop share modify remote-path '\\fileserver\share' max-duration 1800
    #--- Set the maximum duration of a prepopulate run
    (config) # prepop share dry-run share-name '\\fileserver\share'
    #--- Generate a dry run report where they can view a report of the expected changes
    (config) # show prepop log dry-run remote-path '\\fileserver\share'
    RiOS v8.5 or later enhances CIFS prepopulation with a new policy-based system available in the CLI and the SteelHead Management Console. You can create specific policies and associate them with the CIFS prepopulation shares previously created.
    The use of policies is a function of the client-side SteelHead. When you use policies, you can synchronize files:
  • created since a given set time.
  • modified since a given time.
  • matching an expression.
  • matching a given size range.
  • accessed since a given time.
  • An example policy creation follows:
    (config) # prepop share policy share-name '\\fileserver\share' policy-name policy1
    #--- To create a policy 'policy1' using share '\\fileserver\share'
    (config) # prepop share policy share-name '\\fileserver\share' policy-name policy1 create-time time '2011/10/01 00:00:00' compare-op after
    #--- To prepopulate files created after that specific date
    (config) # prepop share policy share-name '\\fileserver\share' policy-name policy1 create-time time '2011/10/05 00:00:00' compare-op before
    #--- To prepopulate files created before the earlier specific date
    (config) # show prepop share policy share-name '\\fileserver\share' policy-name policy1
    #--- To display the specifics of the earlier mentioned policy
    (config) # prepop share policy share-name '\\fileserver\share' policy-name policy1 file-name 'A_*.pdf;*.txt' compare-op matches
    #--- To only include files with the.pdf and.txt extensions to be prepopulated
    #--- Notice the use of the wild character "*". Additional matches need to be separated by a
    #--- semi-colon.
    (config) # prepop share policy share-name '\\fileserver\share' policy-name policy1 file-name '*.dat' compare-op not-matches
    #--- To exclude files with the.dat extension to be prepopulated
    config) # prepop share policy share-name '\\fileserver\share' policy-name policy1 file-size 10M compare-op less
    #--- To prepop files less than 10meg in size
    (config) # prepop share policy share-name '\\fileserver\share' policy-name policy1 file-size 5M compare-op greater
    #--- To prepopulate files greater than 5 mb in size
    You can delete a complete policy directly or delete a specific rule within a policy with the following command.
    (config) # no prepop share policy share-name '\\fileserver\share policy-name policy1