Configuring the RiOS Data Store
This section describes how to configure RiOS data store settings. It includes these topics:
You display and modify RiOS data store settings in the Optimization > Data Replication: Data Store page. This page is typically used to enable RiOS data store encryption and synchronization.
SteelHeads transparently intercept and analyze all of your WAN traffic. TCP traffic is segmented, indexed, and stored as segments of data, and the references representing that data are stored on the RiOS data store within SteelHeads on both sides of your WAN. After the data has been indexed, it is compared to data already on the disk. Segments of data that have been seen before aren’t transferred across the WAN again; instead a reference is sent in its place that can index arbitrarily large amounts of data, thereby massively reducing the amount of data that needs to be transmitted. One small reference can refer to megabytes of existing data that has been transferred over the WAN before.
Encrypting the RiOS Data Store
You enable RiOS data store encryption in the Optimization > Data Replication: Data Store page.
Encrypting the RiOS data store significantly limits the exposure of sensitive data in the event an appliance is compromised by loss, theft, or a security violation. The secure data is difficult for a third party to retrieve.
Before you encrypt the RiOS data store, you must unlock the secure vault. The secure vault stores the encryption key. For details, see
Unlocking the Secure Vault.
Note: RiOS doesn’t encrypt data store synchronization traffic.
Encryption Strengths
Encrypting the RiOS data store can have performance implications; generally, higher security means less performance. Several encryption strengths are available to provide the right amount of security while maintaining the desired performance level. When selecting an encryption type, you must evaluate the network structure, the type of data that travels over it, and how much of a performance trade-off is worth the extra security.
Encrypted RiOS Data Store Downgrade Limitations
The SteelHead can’t use an encrypted RiOS data store with an earlier RiOS version, unless the release is an update (8.0.x). For example, an encrypted RiOS data store created in 8.0.2 would work with 8.0.3, but not with 8.5.
Before downgrading to an earlier software version, you must select none as the encryption type, clear the RiOS data store, and restart the service. After you clear the RiOS data store, the data is removed from persistent storage and can’t be recovered.
If you return to a previous software version and there’s a mismatch with the encrypted RiOS data store, the status bar indicates that the RiOS data store is corrupt. You can either:
• Use the backup software version after clearing the RiOS data store and rebooting the service.
—or—
• Return to the software version in use when the RiOS data store was encrypted, and continue using it.
To encrypt the RiOS data store
1. Choose Optimization > Data Replication: Data Store to display the Data Store page.
Figure: Data Store Page
2. Under General Settings, complete the configuration as described in this table.
Control | Description |
Data Store Encryption Type | Select one of these encryption types from the drop-down list. The encryption types are listed from the least to the most secure. • None - Disables data encryption. • AES_128 - Encrypts data using the AES cryptographic key length of 128 bits. • AES_192 - Encrypts data using the AES cryptographic key length of 192 bits. • AES_256 - Encrypts data using the AES cryptographic key length of 256 bits. |
3. Click Apply to apply your settings.
4. Click Save to Disk to save your settings permanently.
Note: You must clear the RiOS data store and reboot the optimization service on the SteelHead after enabling, changing, or disabling the encryption type. After you clear the RiOS data store, the data can’t be recovered. If you don’t want to clear the RiOS data store, reselect your previous encryption type and reboot the service. The SteelHead uses the previous encryption type and encrypted RiOS data store. For details, see
Rebooting and Shutting Down the SteelHead.
Synchronizing Peer RiOS Data Stores
For deployments requiring the highest levels of redundancy and performance, RiOS supports warm standby between designated master and backup devices. RiOS data store synchronization enables pairs of local SteelHeads to synchronize their data stores with each other, even while they’re optimizing connections. RiOS data store synchronization is typically used to ensure that if a SteelHead fails, no loss of potential bandwidth savings occurs, because the data segments and references are on the other SteelHead.
You can use RiOS data store synchronization for physical in-path, virtual in-path, or out-of-path deployments. You enable synchronization on two SteelHeads, one as the synchronization master, and the other as the synchronization backup.
The traffic for RiOS data store synchronization is transferred through either the SteelHead primary or auxiliary network interfaces, not the in-path interfaces.
RiOS data store synchronization is a bidirectional operation between two SteelHeads, regardless of which deployment model you use. The SteelHead master and backup designation is only relevant in the initial configuration, when the master SteelHead RiOS data store essentially overwrites the backup SteelHead RiOS data store.
RiOS Data Store Synchronization Requirements
The synchronization master and its backup:
• must have the same hardware model.
• must be running the same version of RiOS.
• don’t have to be in the same physical location. If they’re in different physical locations, they must be connected via a fast, reliable LAN connection with minimal latency.
When you have configured the master and backup appliances, you must restart the optimization service on the backup SteelHead. The master restarts automatically.
After you have enabled and configured synchronization, the RiOS data stores are actively kept synchronized. For details about how synchronized appliances replicate data and how RiOS data store synchronization is commonly used in high-availability designs, see the SteelHead Deployment Guide.
Note: If one of the synchronized SteelHeads is under high load, some data might not be copied. For details, see the SteelHead Deployment Guide.
Note: If RiOS data store synchronization is interrupted for any reason (such as a network interruption or if one of the SteelHeads is taken out of service), the SteelHeads continue other operations without disruption. When the interruption is resolved, RiOS data store synchronization resumes without risk of data corruption.
To synchronize the RiOS data store
1. Choose one SteelHead to be the master and one to be the backup. The backup has its RiOS data store overwritten by the master RiOS data store.
2. Make sure there’s a network connection between the two SteelHeads.
3. Connect to the Management Console on the SteelHead you have chosen to be the master appliance.
4. Choose Optimization > Data Replication: Data Store to display the Data Store page.
5. Under General Settings, complete the configuration as described in this table.
Control | Description |
Enable Automated Data Store Synchronization | Enables automated RiOS data store synchronization. Data store synchronization ensures that each RiOS data store in your network has warm data for maximum optimization. All operations occur in the background and don’t disrupt operations on any of the systems. |
Current Appliance | Select Master or Backup from the drop-down list. |
Peer IP Address | Specify the IP address for the peer appliance. You must specify either the IP address for the primary or auxiliary interface (if you use the auxiliary interface in place of the primary). |
Synchronization Port | Specify the destination TCP port number used when establishing a connection to synchronize data. The default value is 7744. |
Reconnection Interval | Specify the number of seconds to wait for reconnection attempts. The default value is 30. |
6. Click Apply to apply your settings.
7. Click Save to Disk to save your settings permanently.
8. Choose Administration > Maintenance: Services to display the Services page.
9. Select Clear the Data Store and click Restart Services to restart the service on the SteelHead.
Clearing the RiOS Data Store
The appliance continues to write data references to the RiOS data store until it reaches capacity. In certain situations, you must clear the RiOS data store. For example, you must clear the RiOS data store:
• after enabling or disabling encryption or changing the encryption type.
• before downgrading to an earlier software version.
• to redeploy an active-active synchronization pair.
• after testing or evaluating the appliance.
• after receiving a “data store corruption” or “data store clean required” alarm message.
For details about clearing the RiOS data store, see
Rebooting and Shutting Down the SteelHead.
Note: After clearing the RiOS data store and restarting the optimization service or rebooting the appliance, the data transfers are cold. Performance improves with subsequent warm data transfers over the WAN.
Improving SteelHead Mobile Performance
You enable branch warming for SteelHead Mobiles in the Optimization > Data Replication: Data Store page. By default, branch warming is enabled.
Branch warming keeps track of data segments created while a SteelCentral Controller for SteelHead Mobile user is in a SteelHead-enabled branch office and sends the new data back to the SteelCentral Controller for SteelHead Mobile user’s laptop. When the user leaves the branch office, the SteelCentral Controller for SteelHead Mobile client provides warm performance.
Branch warming cooperates with and optimizes transfers for a server-side SteelHead. New data transfers between the client and server are populated in the SteelCentral Controller for SteelHead Mobile RiOS data store, the branch SteelHead RiOS data store, and the server-side SteelHead RiOS data store.
When the server downloads data, the server-side SteelHead checks if either the SteelHead Mobile or the branch SteelHead has the data in their RiOS data store. If either device already has the data segments, the server-side SteelHead sends only references to the data. The SteelHead Mobile and the branch SteelHead communicate with each other to resolve the references.
Other clients at a branch office benefit from branch warming as well, because data transferred by one client at a branch also populates the branch SteelHead RiOS data store. Performance improves with all clients at the branch because they receive warm performance for that data. For details, see the SteelHead Deployment Guide.
Requirements
These requirements must be met for branch warming to work:
• Enable latency-based location awareness and branch warming on the SteelCentral Controller for SteelHead Mobile.
• Enable branch warming on both the client-side and server-side SteelHeads.
• Both the client-side and server-side SteelHeads must be deployed in-path.
• Enable enhanced autodiscovery on both the client-side and server-side SteelHeads.
• The Mobile Controller appliance must be running RiOS 3.0 or later.
• The SteelHeads must be running RiOS 6.0 or later.
• The SteelHead Mobile must be running RiOS 3.0 or later.
Branch warming doesn’t improve performance for configurations using:
• SSL connections
• Out-of-path with fixed-target rules
• SteelHead Mobiles that communicate with multiple server-side appliances in different scenarios. For example, if a SteelHead Mobile home user peers with one server-side SteelHead after logging in through a VPN network and peers with a different server-side SteelHead after logging in from the branch office, branch warming doesn’t improve performance.
To enable branch warming
1. On both the client-side and the server-side SteelHeads, choose Optimization > Data Replication: Data Store to display the Data Store page.
Figure: Data Store Page
2. Under General Settings, select Enable Branch Warming for SteelHead Mobile Clients.
3. Click Apply to apply your settings.
4. Click Save to Disk to save your settings permanently.
Receiving a Notification When the RiOS Data Store Wraps
You enable RiOS data store wrap notifications in the Optimization > Data Replication: Data Store page. By default, data store wrap notifications are enabled.
This feature triggers an SNMP trap and sends an email when data in the RiOS data store is replaced with new data before the time period specified.
To receive a notification when the data store wraps
1. Choose Optimization > Data Replication: Data Store to display the Data Store page.
2. Under General Settings, select Enable Data Store Wrap Notifications. Optionally, specify the number of days before the data in the data store is replaced. The default value is 1 day.
3. Click Apply to apply your settings.
4. Click Save to Disk to save your settings permanently.
Related Topics