SteelHead SD Overview
This chapter provides an overview of the SteelHead SD architecture, new features, hardware and software requirements, licensing, and upgrading from SteelHead SD 1.0 or 2.0 to SteelConnect 2.12. It includes these sections:
This guide describes how to install a manufactured SteelHead SD appliance. It doesn’t describe how to upgrade an existing SteelHead CX570, CX770, or CX3070 appliance to a SteelHead SD appliance. For details on upgrading SteelHead to SteelHead SD, see the SteelHead SD In-Field Upgrade Guide.
This guide doesn’t provide detailed information about configuring and managing SD-WAN or WAN optimization features. For detailed information, see the SteelConnect Manager User Guide, SteelHead SD User Guide, and the SteelHead User Guide.
Introducing SteelHead SD
SteelHead SD combines SD-WAN and cloud networking capabilities (powered by SteelConnect) with Riverbed WAN optimization (powered by RiOS) into a single appliance. SteelHead SD seamlessly integrates advanced SD-WAN functionality with industry-leading WAN optimization, security, and visibility services all in one streamlined appliance. SteelHead SD WAN optimization reduces bandwidth utilization and accelerates application delivery and performance, while providing SteelConnect integration in the SteelOS environment.
SteelHead SD provides you with the ability to quickly provision branch sites and deploy applications remotely. At the same time, applications are optimized to ensure performance and reduce latency with zero touch provisioning.
Typically, SteelHead SD appliances and the SteelConnect SDI-2030 gateway are located in the branch office in conjunction with SteelConnect SDI-5030 gateways at the data center. The SteelConnect SDI-2030 gateway can also be deployed inline as a 1-GbE data center gateway with active-active HA. The SteelConnect SDI-2030 gateway can also serve as a very large branch office appliance with high throughput requirements. The SteelConnect SDI-2030 gateway doesn’t support WAN optimization capabilities.
SteelHead SD advanced routing and high-availability (HA) features are supported on the SteelHead SD 570-SD, 770-SD, and 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the branch. For details, see the SteelHead SD User Guide and the SteelConnect Manager User Guide.
SteelHead SD deployment
SteelHead SD supports these configurations:
•SD-WAN and WAN optimization - In this configuration, WAN optimization runs as a service on top of SD-WAN. The SteelCentral Controller for SteelHead (SCC) or the SteelHead Management Console handles management and configuration of the WAN optimization features. Also, SteelHead CLI-based management is supported for WAN optimization settings. You connect to the Management Console via the primary port, which also uses DHCP to acquire its IP address. For details about configuring WAN optimization features, see the SteelCentral Controller for SteelHead User Guide and the SteelHead User Guide.
•SD-WAN only - In this configuration, WAN optimization isn’t required. SCM handles the management and configuration of SD-WAN features. SCM connectivity requires one of the WAN ports that are used as uplink ports. Only the SD-WAN service can be enabled or disabled via SCM. The SD-WAN service upgrades are managed via SCM. SCM pushes the new software version according to the schedule that you set up. For details about configuring SD-WAN features, see the SteelConnect Manager User Guide and the SteelHead SD User Guide.
SteelHead SD software architecture
SteelHead SD is based on the SteelOS infrastructure. It separates the control and data planes with internal virtual machine (VM) chaining, which provides management-plane autorecovery.
SteelHead SD platform architecture
SteelHead SD provides a flexible service platform, consisting of:
•Routing virtual machine (RVM) - The RVM is the control plane for all the underlay routing. All configuration from SCM (protocol, interface route maps, and policies) form the Routing Information Base (RIB) and the Forwarding Information Base (FIB), which is sent to the RVM. After the final FIB is formed, it is sent to the service core in the service virtual machine (SVM). SteelHead SD provides a clear separation between the data plane and the control plane.
•Service virtual machine (SVM) - The SVM is the core data plane of the appliance, which provides service chained network functions. These VMs include services such as QoS shaping, QoS marking, traffic filtering, path selection, encryption, application identification, and so forth. This architecture allows for extensible plug-and-play services that can be enabled, disabled, or reused in the packet flow chain, which in turn provides faster recovery and minimal disruption. For SteelHead SD, each packet goes through its own set of service functions (LAN ingress, LAN egress, WAN ingress, WAN egress).
•Virtual SteelHead (VSH) - The VSH manages WAN optimization services. WAN optimization is service chained into the data path and requires subscription-based licensing. Only one in-path interface is defined on SCM. This single in-path interface represents the VSH that is service chained into the SVM. It doesn’t matter what zone you put the VSH in; any packets coming into any zone are sent to the VSH. Because the VSH is separated from the routing plane, it provides WAN optimization functionality for VLANs.
•Controller virtual machine (CVM) - The CVM controls and orchestrates the entire system. It’s basically the control plane for SD-WAN and routing functions. It obtains all the configuration information from the SVM and RVM. The CVM manages appliance start up, licenses, initial configuration, and interface addressing. For details on CVM recovery from failures, see the SteelConnect Manager User Guide.
SteelHead SD port mapping between the VMs and physical ports
The SVM and RVM connect to all ports on the SteelHead SD appliance except for the primary port. The primary port (PRI) is connected directly to the VSH. The CVM is connected to the auxiliary (AUX) port and the WAN uplinks only. All the data and control packets are handled by the SVM and RVM.
The SteelHead SD AUX, LAN (LAN0_0, LAN0_1 or on the CX3070 LAN3_0, LAN3_1), and WAN (WAN0_0, WAN0_1 or on the CX3070 WAN3_0, WAN3_1) ports are connected to the SVM and RVM. Basically, there is a Layer 3 edge router on all of these ports.
The AUX and WAN ports are configured as uplinks on SCM. The AUX port can be used as an additional WAN uplink. The AUX port is also the dedicated port for SteelHead SD high-availability deployments. You can also configure a LAN-side standby uplink in case the AUX port goes down. For details, see the SteelHead SD User Guide.
Port mapping between VMs and physical ports
New features in SteelConnect 2.12
SteelConnect 2.12 includes these new features:
SaaS accelerator
SteelHeads and SteelHead Mobile clients can accelerate SaaS traffic by working with SteelConnect. Using SCM, you can configure SaaS applications for acceleration, and then register SteelHeads or Mobile Controllers with SCM to accelerate their SaaS traffic. SCM 2.12 supports acceleration of these applications: Box, Microsoft Office 365 (including Exchange, SharePoint, Office WebApps, and Authentication and Identify Services), Salesforce, ServiceNow, and Veeva.
Services hubs
The services multihub feature has been enhanced to support up to three shared services hubs. A shared services hub can be a regional data center or an AWS/Azure cloud site that hosts services and applications. Leaf sites connect to a services hub using point-to-point AutoVPN tunnels enabling users at these leaf sites to access services hosted at the services hub locations. Shared services hubs support bidirectional connectivity between services hubs and leaf sites. Shared services hubs have these restrictions:
–Unlike regular hubs, shared services hubs do not support transit functions or leaf-to-leaf connectivity.
–Shared services hubs are supported on SDI-1030, SDI-2030, and SDI-5030 gateways; SDI-VGW virtual gateways, AWS Cloud gateways; and Azure Cloud gateways. (You cannot configure an SDI-130 or SDI-330 gateway or a SteelHead SD appliance as a hub device.)
Zscaler and Cloudi-Fi enhancements
SteelConnect 2.12 includes these Zscaler and Cloudi-Fi enhancements:
•Faster ZEN outage detection and quicker failover to backup ZEN nodes using enhanced monitoring of Zscaler tunnels. If the primary IPsec VPN tunnel or an intermediate connection goes down, all traffic is rerouted through the backup IPsec tunnel to a secondary ZEN in approximately 15 to 60 seconds, depending on the configuration and cause of failure.
•Internet Key Exchange (IKE) v2 support for enhanced security over all overlay tunnels including tunnels to Zscaler ZEN nodes.
•REST API integration that provides quicker Zscaler integration from SCM using the Zscaler partner APIs. Zscaler REST API integration delivers the ability to import ZEN nodes within SCM (Zscaler only).
Multisite administrator RBAC
Multisite administrator role-based access control (RBAC) enables you to create multiple administrator roles to manage a subset of sites within the organization. Site tags comprised of one or more sites are created and associated with an administrator role. A common use case for this feature enables enterprises to create administrators that are responsible for sites in a certain geographic region. Administrators manage sites and all SteelConnect constructs (that is, appliances, uplinks, zones, routes, rules, and features) for the sites within the scope of the site tags defined by region and associated with that administrator role. Multisite administrator RBAC isn’t supported on SDI-5030 gateways.
Troubleshooting enhancements
•Improved tunnel details and status in SCM with better clarity. Support for extensions to tunnel visibility and overlay tunnel status. Tunnel reports have been unified:
–Dashboard (duplex tunnel map view)
–Health Check > Overlay Routes (by Site)
–Health Check > Tunnel Health (by Tunnel)
–Health Check > Proxy Tunnels (by Tunnel)
•System log improvements, including new log messages, log messages that are intuitive and understandable, and a central location for logs. In addition, the logs now list interface names, IP addresses, and time stamps. A subset of the system logs can be exported to the remote system log server to conserve space.
•New CLI framework, including:
–show commands to aid in debugging issues and provide appliance information, including show connections, show tunnels, and show flows.
–a show path command that displays the potential paths for a given destination prefix. It also shows the current connections on the appliance using the paths. The show path tool is also available in SCM.
–a configuration network command for static IP network uplinks for situations when DHCP is not an option. (The appliance must be offline from SCM. This command is only supported when connected via telnet.)
–a configuration core command for the core hostname when the appliance is offline from SCM.
–a troubleshoot command that provides for enhanced day zero troubleshooting that includes all interfaces reachable through the SCM. This command provides connectivity information about the core or SCM on all physical ports on the appliance. You can export the output as log files via a USB drive, create log files with a specific name, and list all log files.
–support for system dumps. By default, when you request a system dump, it is uploaded to riverbed.support.com. You can also specify an external server for uploads in SCM under the Organization > System Dump tab.
–support for the tcpdump utility.
•support package enhancements so that you can gather the data needed when an issue is encountered, including cluster details.
Cold standby uplink support
In SteelConnect 2.12, you can enable an uplink to act as a backup uplink that assumes the active role if no other uplinks are available. The local and remote backup uplink tunnels are not probed unless their corresponding active uplinks are down. The local and remote backup uplinks for overlay or underlay data traffic are not used unless their corresponding active uplinks are down. The cold standby uplink is supported on SDI-130, SDI-330, SDI-1030, and SDI-2030 gateways; the SDI-VGW virtual gateway; and the SteelHead SD 570-SD, 770-SD, and 3070-SD appliances. (The SDI-5030 data center uplinks are always active by design.)
Local IPFIX NetFlow export
With SteelConnect 2.12, IP Flow Information Export (IPFIX) NetFlow records can be directly exported to NetProfiler or any third-party flow collectors. IPFIX NetFlow exports use standard UDP protocol format. NetFlow exports are supported on both LAN and WAN interfaces and reports both overlay and underlay traffic on the interface. In addition, you can configure NetFlow exports and SNMP integration on a collector for advanced visibility. IPFIX NetFlow export is supported on SDI-130, SDI-330, SDI-1030, and SDI-2030 gateways; the SDI-VGW virtual gateway; and the SteelHead SD 570-SD, 770-SD, and 3070-SD appliances.
Underlay and routing enhancements on SteelHead SD appliances
SteelConnect 2.12 provides these underlay and routing enhancements on SteelHead SD 570-SD, 770-SD, and 3070-SD appliances, and the SDI-2030 gateway located at the branch):
•OSPF routing - With SteelConnect 2.12, you can distinguish between static and overlay routes for OSPF. This distinction enables you to configure redistribution policies separately for each type of route. For overlay OSPF routes, you can associate a site with the route redistribution policy which enables you to redistribute it based on the sites from which they were reported.
•Loop prevention in subnet autodiscovery - You can enable discovery of subnets based on the tag/community lists present in the route to prevent loops. All routes matching the tag/community lists are reported as local subnets of the configured site. Tag and community lists can be configured in inclusion or exclusion lists.
•Soft reset for BGP parameters - Soft refresh enables route updates without tearing down existing peering sessions. A soft reset uses stored update information to allow you to apply new BGP policy without disrupting the network.
•User-defined route maps for increased flexibility - Support for user-defined route maps enables you to create route maps that include all available match and set criteria options.
•Increased BGP route preference support - You can now set BGP local preference, Multi-Exit Discriminator (MED) options, the origin type in route maps, metric distance, and next-hop self.
•Differentiation between static and overlay BGP routes - You can differentiate between static and overlay routes when you configure the Overlay to BGP option. The policies applied on redistribution of other routes are also applicable on overlay routes.
•Routing table search - Ability to search the routing tables for an appliance by serial number or for appliances by site name.
Static routing on SDI gateways and SteelHead SD appliances
With SteelConnect 2.12, you can configure static routing on SDI gateways in addition to SteelHead SD appliances. Static routes support IPv4 destination networks. You can also configure the distance metric which prioritizes the routing protocol when two routes have the same route destination.
Improved DHCP options on SteelHead SD appliances
The zone DHCP tab enables you to configure LAN clients with DNS servers located on internet (outside of the intranet) on guest zones. The zone DHCP tab also allows you to configure LAN clients with Preboot Execution Environment (PXE) boot using the Trivial File Transfer Protocol (TFTP), a Session Initiation Protocol (SIP) server, or an HTTP proxy.
LAN-side internet breakout on SteelHead SD appliances
The LAN-side internet breakout capability enables redirection of backhauled internet traffic to break out from the LAN-side of the gateway. Previous releases only allowed internet breakout over the WAN uplinks.
Active-active HA improvements on SteelHead SD appliances
SteelConnect 2.12 provides these high-availability (HA) enhancements:
•You can configure a LAN link as a backup HA link in case the AUX port is disconnected. If the AUX link goes down, you can use LAN-side connectivity to run the HA heartbeat, configure replication, and perform additional synchronization functions to avoid a split-brain HA condition.
•There is a new configuration option to specify the SteelHead SD appliance as the master appliance.
•Support is now available for SteelHead SD mixed-mode HA, where one SteelHead SD appliance is licensed as SD-WAN-only and the peer SteelHead SD appliance is licensed for SD-WAN and WAN optimization.
Routing features by model
Feature | SteelHead-SD 570-SD, 770-SD, 3070-SD | SDI-2030 | SDI-130 | SDI-330 | SDI-1030 | SDI-5030 | SDI-VGW |
eBGP | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
iBGP | Yes | Yes | No | No | No | No | No |
OSPF single area | Yes | Yes | Yes | Yes | Yes | No | No |
OSPF multi-area ABR | Yes | Yes | No | No | No | No | No |
ASBR | Yes | Yes | Yes* (Underlay routing inter-working solution) | Yes* (Underlay routing inter-working solution) | Yes* (Underlay routing inter-working solution) | No | Yes* (Underlay routing inter-working solution) |
Route retraction | Yes | Yes | No | No | No | Yes | No |
Default route originate | OSPF/BGP | OSPF/BGP LAN and WAN | OSPF-only LAN | OSPF-only LAN | OSPF-only LAN | BGP only | OSPF-only LAN |
Overlay route injection in LAN | Yes | Yes | No | No | No | Yes | No |
Local subnet discovery | Yes | Yes | No | No | No | Yes | No |
Static routes | Yes | Yes (LAN and WAN) | Yes | Yes | Yes | Yes | Yes |
VLAN support (LAN side) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
*SCM 2.9 and later support an underlay routing interworking solution that bridges BGP and OSPF. For details, see the SteelConnect Manager User Guide.
Hardware and software requirements
Riverbed component | Hardware and software requirements |
SteelHead SD appliance | The SteelHead SD 570-SD and 770-SD appliances are desktop models. The SteelHead SD 3070-SD appliance requires a 19-inch
(483 mm) four-post rack. For details, see the Rack Installation Guide. |
SteelHead Management Console | The SteelHead Management Console has been tested with all versions of Chrome, Mozilla Firefox Extended Support Release version 38, and Microsoft Internet Explorer 11. You use the SteelHead Management Console to manage WAN optimization features on vSH instances. JavaScript and cookies must be enabled in your web browser. |
SteelConnect and SteelConnect Manager (SCM) | SteelHead SD requires SteelConnect 2.11 or later. SCM supports the latest version of the Chrome browser. SCM requires a minimum screen resolution of 1280 x 720 pixels. We recommend a maximum of 1600 pixels for optimal viewing. |
SteelCentral Controller for SteelHead (SCC) | We recommend that SCC 9.9 is installed. |
Firewall requirements
The SteelHead SD 570-SD, 770-SD, and 3070-SD appliances, and SDI-2030 gateways located at the branch support stateful application-based firewalls at the network edge. For details on SteelConnect firewall and security features, see the SD-WAN Deployment Guide.
All communication is sourced from the site out to the SteelConnect management service. There’s no need to set up elaborate firewall or forwarding rules to establish the dynamic full-mesh VPN or to gain connectivity to the cloud. After you register an appliance, it receives its assigned configuration automatically. For details on SteelConnect firewall requirements, see the SteelConnect Manager User Guide.
Make sure the firewall ports 80 and 443 are open so that software installation and SCM operations aren’t blocked. For details on SteelConnect default ports, see the SteelConnect Connection Ports.
Ethernet network compatibility
The SteelHead SD appliance supports these Ethernet networking standards.
Ethernet standard | IEEE standard |
Ethernet Logical Link Control (LLC) | IEEE 802.2 - 1998 |
Fast Ethernet 100BASE-TX | IEEE 802.3 - 2008 |
Gigabit Ethernet over Copper 1000BASE-T (All copper interfaces are autosensing for speed and duplex.) | IEEE 802.3 - 2008 |
Gigabit Ethernet over Fiber 1000BASE-SX (LC connector) | IEEE 802.3 - 2008 |
Gigabit Ethernet over Fiber 1000BASE-LX | IEEE 802.3 - 2008 |
Gigabit Ethernet over Fiber 10GBASE-LR Single Mode | IEEE 802.3 - 2008 |
Gigabit Ethernet over 10GBASE-SR Multimode | IEEE 802.3 - 2008 |
SNMP-based management compatibility
SteelConnect provides support for SNMPv1 and v2c polling, and event logging is supported on the SteelConnect SDI-130, SDI-330, SDI-1030, SDI-5030, and SDI-VGW virtual gateways. SNMPv1, v2c, and v3 are supported in SCM (and only visible by a realm administrator).
SNMP reporting is supported on SteelHead SD SD-570, SD-770, and SD-3070 appliances, and SteelConnect SDI-2030 gateway located at the branch. For details, see the SteelConnect Manager User Guide.
The virtual SteelHead supports proprietary MIBs accessible through SNMP, SNMPv1, SNMPv2c, and SNMPv3, although some MIB items might only be accessible through SNMPv2 and SNMPv3. For details on the WAN optimization service MIB, see the SteelHead User Guide.
NIC support
Network interface card (NICs) are supported on the SteelHead SD 3070-SD appliances for nonbypass traffic. SteelHead SD 570-SD and 770-SD appliances do not support NICs.
For SteelHead SD 3070-SD appliances, bypass NICs aren’t required for SteelConnect gateway deployments because LAN traffic requires network address translation (NAT) before it reaches the service provider network.
You can install these NICs in the SteelHead SD 3070-SD for nonbypass traffic.
NICs | Size (*) | Manufacturing part # | Orderable part # |
Two-Port 10-GbE Fiber SFP+ | HHHL | 410-00036-02 | NIC-1-010G-2SFPP |
Four-Port 10-GbE Fiber SFP+ | HHHL | 410-00108-01 | NIC-1-010G-4SFPP |
*HHHL = Half Height, Half Length
For details on NICs, see the Network and Storage Card Installation Guide.
Licensing
SteelConnect 2.12 requires a WAN optimization subscription license if you want to use the WAN service. The WAN optimization subscription license is an optional purchase.
SteelConnect SD-WAN service licensing
The SteelConnect SD-WAN service requires a gateway management subscription license that is managed by SCM. You must obtain this license before you begin the installation process.
After purchasing SteelHead SD, you will receive these emails:
•An email with the license token and SteelConnect serial number. You redeem the token in SCM where all hardware nodes and license keys are added to your organization. Each token is redeemable only once.
•An email that contains the URL for connecting to SCM and the default login and password: admin and pppp. This email is requested by the sales team and sent by the Riverbed Cloud Operations team.
If you don’t receive these emails, contact your sales representative or Riverbed Support at
https://support.riverbed.com.
To redeem the SD-WAN service token
1. Open the email you received from Riverbed and copy the token.
2. Connect to SCM.
3. Choose Organization > Licenses.
4. Click Redeem Token and paste the token into the text box.
5. Click Submit.
If automatic licensing fails, go to the Riverbed Licensing Portal at https://licensing.riverbed.com/ and follow the instructions for retrieving your licenses. The licensing portal requires a unique product ID such as a serial number, a license request key (activation code), or a token, depending on the product. Online instructions guide you through the process.
SteelHead WAN optimization service licensing
The SteelHead WAN optimization service requires an MSPEC license. Once you connect SteelHead SD to the network, the system automatically contacts the Riverbed Licensing Portal to retrieve and install license keys for the WAN optimization service.
If automatic licensing fails, go to the Riverbed Licensing Portal at https://licensing.riverbed.com/ and follow the instructions for retrieving your licenses. The licensing portal requires a unique product ID such as a serial number, a license request key (activation code), or a token, depending on the product. Online instructions guide you through the process.
Upgrading SteelHead SD
This section describes how to upgrade SteelHead SD. It includes these topics:
Upgrading from SteelHead SD 2.0 to SteelConnect 2.12
SteelHead SD features require the virtual SteelHead (vSH) image, which is contained within the SteelConnect 2.12 image. All SteelHead SD 2.0 customers will be automatically upgraded to SteelConnect 2.12. SteelConnect automatically upgrades to 2.12 according to the schedule and restrictions you have set in SteelConnect Manager (SCM). For details on scheduling updates in SCM, see the SteelConnect Manager User Guide.
If you need to upgrade the SteelHead appliances in your deployment, see the SteelCentral Controller for SteelHead Installation Guide and the SteelHead Installation and Configuration Guide.
Upgrading from SteelHead SD 1.0 to SteelConnect 2.12
SteelHead SD features require the virtual SteelHead (vSH) image, which is contained within the SteelConnect 2.12 image. All SteelHead SD 1.0 and 2.0 customers will be automatically upgraded to SteelConnect 2.12. SteelConnect automatically upgrades to 2.12 according to the schedule and restrictions you have set in SteelConnect Manager (SCM). For details on scheduling updates in SCM, see the SteelConnect Manager User Guide.
Before proceeding with the SteelConnect 2.12 upgrade process:
•SteelHead SD 1.0 supported an active-passive HA scheme. Because SteelConnect 2.12 supports active-active HA, you can’t upgrade your SteelHead SD 1.0 HA seamlessly to SteelConnect 2.12 HA. You must first manually unpair your master and backup appliances in SCM, upgrade to SteelConnect 2.12, and reconfigure HA in SCM. For details, see the SteelHead SD User Guide.
•You must back up your SteelHead WAN optimization configuration prior to upgrading to SteelConnect 2.12. Secure vault contents (that is, certificates and keys) are not saved during the upgrade process; you must reinstall any SSL or proxy certificates. You can use the backup and restore functions on the SCC or the SteelHead Management Console to save and reapply the SteelHead configuration settings.
–To back up your system and SteelHead appliances from the SCC, choose Manage > Operations: Backup/Restore to back up your configuration. For details, see the SteelCentral Controller for SteelHead User Guide.
–To save your SteelHead configurations from the SteelHead Management Console, choose Administration > System Settings to save and copy your configuration to a local machine. For details, see “Managing configuration files” in the SteelHead User Guide.
•To upgrade to SteelConnect 2.12, you must have internet connectivity for the SteelHead and the SteelConnect virtual gateway. With internet connectivity, both SteelHead perpetual and SteelConnect virtual gateway subscription licenses will be applied as part of the SteelHead SD 2.12 upgrade process.
•SteelConnect 2.12 supports a single in-path interface for WAN optimization. SteelHead SD is a Layer 3 (L3) gateway, and multiple LAN ports are mapped to a single in-path interface—multiple in-path interfaces are unnecessary on SteelHead SD appliances. To simplify in-path configuration and for ease-of-use, after upgrading to SteelConnect 2.12 you will see only a single in-path interface in the SteelHead Management Console or the SCC. If you have multiple in-path interfaces configured for WAN optimization, you must make in-path configuration changes to account for this change.
•The SteelConnect gateway bypass feature supported on SteelHead SD 1.0 is no longer supported on SteelConnect 2.12. If at any point the status of the virtual SteelHead instance shows a failure condition (for example, a reboot or a crash), the system stops sending traffic that was destined for the virtual SteelHead. Instead, it bypasses the SteelHead thereby ensuring the traffic is not black-holed. You can compare this behavior with a physical SteelHead entering bypass mode.
•You might need to recable SteelHead SD appliances in HA deployments when you upgrade to SteelConnect 2.12. The AUX port is mandatory for back-to-back connectivity for SteelConnect 2.12 HA deployments.
•If you need to upgrade the SteelHead appliances in your deployment, see the SteelCentral Controller for SteelHead Installation Guide and the SteelHead Installation and Configuration Guide.
Preparing your site for installation
Before you begin, make sure your shipment contains all the items listed on the packing slip. If it doesn’t, contact your sales representative.
Your site must meet these requirements:
•It is a standard electronic environment where the ambient temperature doesn’t exceed 104°F
(40°C) and the relative humidity doesn’t exceed 80% (noncondensing).
•Ethernet connections are available within the standard Ethernet limit.
•There is space on a standard four-post 19-inch Telco-type rack. For details about installing the SteelHead in a rack, see the Rack Installation Guide or the printed instructions that were shipped with the system. (If your rack requires special mounting screws, contact your rack manufacturer.)
•A clean power source is available, dedicated to computer devices and other electronic equipment.
The appliance is completely assembled, with all the equipment parts in place and securely fastened. The appliance is ready for installation with no further assembly required.
Before you begin
•Any interim firewalls must be configured to allow traffic on ports 80 and 443 so that the software installation and SCM operations aren’t blocked. (Also any additional firewall configurations must allow traffic to and from the SteelHead appliance that is being upgraded.)
•We highly recommend that your network provides a DHCP service so the appliance can establish a connection automatically.