Configuring Optimization Features : Configuring HTTP optimization
  
Configuring HTTP optimization
This section describes how to configure HTTP optimization features. HTTP optimization works for most HTTP and HTTPS applications, including SAP, customer relationship management, enterprise resource planning, financial, document management, and intranet portals.
It includes these topics:
About HTTP optimization
Configuring HTTP optimization feature settings
About HTTP optimization
HTTP optimization has been tested on Internet Explorer 6.0 or later and Firefox 2.0 or later. HTTP optimization has been tested on Apache 1.3, Apache 2.2, Microsoft IIS 5.0, 6.0, 7.5, and 8; Microsoft SharePoint, ASP.net, and Microsoft Internet Security and Acceleration Server (ISA).

FPSE supports SharePoint Office clients 2007 and 2010, installed on Windows 7 (SP1) and Windows 8. SharePoint 2013 doesn’t support FPSE.
Basic steps
This table summarizes the basic steps for configuring HTTP optimization, followed by detailed procedures.
Task
Reference
1. Enable HTTP optimization for prefetching web objects. This is the default setting.
2. Enable Store All Allowable Objects or specify object prefetch extensions that represent prefetched objects for URL Learning. By default, the SteelHead prefetches .jpg, .gif, .js, .png, and .css objects when Store All Allowable Objects is disabled.
3. Enable per-host auto configuration to create an optimization scheme automatically based on HTTP traffic statistics gathered for a host.
4. Optionally, specify which HTML tags to prefetch for Parse and Prefetch. By default, the SteelHead prefetches base/href, body/background, img/src, link/href, and script/src HTML tags.
5. Optionally, set a static HTTP optimization scheme for a host or server subnet. For example, an optimization scheme can include a combination of the URL Learning, Parse and Prefetch, or Object Prefetch features. The default options for subnets are URL Learning, Object Prefetch Table, and Strip Compression.
RiOS supports authorization optimizations and basic tuning for server subnets. We recommend that you enable:
Strip compression—Removes the Accept-Encoding lines from the HTTP headers that contain gzip or deflate. These Accept-Encoding directives allow web browsers and servers to send and receive compressed content rather than raw HTML.
Insert cookie—Tracks repeat requests from the client.
Insert Keep Alive—Maintains persistent connections. While this feature is enabled by default, it’s often disabled, even though the web server can support it. This is especially true for Apache web servers that serve HTTPS to Microsoft Internet Explorer browsers.
6. If necessary, define in-path rules that specify when to apply HTTP optimization and whether to enable HTTP latency support for HTTPS.
7. If required, enable capturing of Office 365 User Identities to be part of the Current Connections report.
For the SteelHead to optimize HTTPS traffic (HTTP over SSL), you must configure a specific in-path rule that enables both SSL optimization and HTTP optimization.
Configuring HTTP optimization feature settings
You display and modify HTTP optimization feature settings in the Optimization > Protocols: HTTP page. For an overview of the HTTP optimization features and basic deployment considerations, see Configuring HTTP optimization.
Configuring HTTP optimization can be a complex task. There are many different options and it isn’t always easy to determine what settings are required for a particular application without extensive testing. HTTP automatic configuration creates an ideal HTTP optimization scheme based on a collection of comprehensive statistics per host. The host statistics create an application profile, used to configure HTTP automatically and assist with any troubleshooting.
You can easily change an automatically configured server subnet to override settings.
All of the HTTP optimization features operate on the client-side SteelHead. You configure HTTP optimizations only on the client-side SteelHead.
For appliances with feature-tier licensing, you can configure and enable HTTP optimization even if the feature is not licensed; however, the feature needs to be both enabled and licensed to work. If the feature is not licensed, the interface displays an alert. For more information, see Feature-tier licensing.
To display or modify HTTP optimization settings
1. Choose Optimization > Protocols: HTTP to display the HTTP Configuration page.
HTTP Configuration page
2. Under Settings, complete the configuration as described in this table.
Control
Description
Enable HTTP Optimization
Prefetches and stores objects embedded in web pages to improve HTTP traffic performance. By default, HTTP optimization is enabled.
Enable SteelFlow WTA
Collects SteelFlow WTA data that can be sent (through REST API) to a SteelCentral AppResponse appliance. SteelFlow WTA data includes HTTP time stamp and payload data for web objects optimized by the SteelHead. The SteelCentral AppResponse appliance can combine this data into page views and calculate detailed metrics for server/network busy times, HTTP request/response delays, slow pages, view rates, HTTP response codes, and so on.
Enable this control and HTTP optimization on the client-side and the server-side SteelHeads.
You must enable REST API access on each client-side SteelHead. Each client-side SteelHead needs at least one access code defined in the REST API Access page. You must copy and paste this code into the SteelCentral AppResponse Web Console.
To enable REST API access, choose Administration > Security: REST API Access.
You must enable SSL optimization on the SteelHead if any of the monitored web applications are encrypted with SSL.
To enable SSL, choose Optimization > SSL: SSL Main Settings.
To configure the communication between a SteelHead and a SteelCentral AppResponse appliance, use SteelCentral Controller for SteelHead.
The SteelCentral AppResponse appliance polls the SteelHead for WTA metrics through REST API on TCP port 443 (HTTPS). The SteelCentral AppResponse appliance must have access to the primary port IP of the client-side and the server-side SteelHead through TCP port 443.
For details, see the SteelCentral Controller for SteelHead Deployment Guide and the SteelCentral AppResponse Integration with Other Riverbed Solutions document.
Enable SaaS User Identity (Office 365)
Enables collection of statistics by user ID, which is viewable as an additional column in the Current Connections report. For more information, see Viewing Connection History reports.
The SteelHead collects user IDs only from Office 365 users that are authenticated with single sign-on (SSO) using Active Directory Federation Services (ADFS).
Additional configuration is required to enable this feature. See To enable the SaaS User Identity feature for details.
This control is disabled by default. You only need to enable this control on one SteelHead in your network. We recommend enabling it on the client-side SteelHead for Office 365 traffic and the server-side SteelHead for SMB and MoH traffic.
Starting with RiOS 9.7, user IDs for SMB encrypted, SMB signed, and MoH connections that are optimized are displayed in this field, and user IDs extracted on Office 365, SMB, and MoH connections are propagated to other connections originating from the same source IP. See 3 - Connections table for details.
Store All Allowable Objects
Optimizes all objects in the object prefetch table. By default, Store All Allowable Objects is enabled.
Store Objects With The Following Extensions
Examines the control header to determine which objects to store. When enabled, RiOS doesn’t limit the objects to those listed in Extensions to Prefetch but rather prefetches all objects that the control header indicates are storable. This control header examination is useful to store web objects encoded into names without an object extension.
Disable the Object Prefetch Table
Stores nothing.
Minimum Object Prefetch Table Time
Sets the minimum number of seconds the objects are stored in the local object prefetch table. The default is 60 seconds.
This setting specifies the minimum lifetime of the stored object. During this lifetime, any qualified If-Modified-Since (IMS) request from the client receives an HTTP 304 response, indicating that the resource for the requested object has not changed since stored.
Maximum Object Prefetch Table Time
Sets the maximum number of seconds the objects are stored in the local object prefetch table. The default is 86400 seconds.
This setting specifies the maximum lifetime of the stored object. During this lifetime, any qualified If-Modified-Since (IMS) request from the client receives an HTTP 304 response, indicating that the resource for the requested object has not changed since stored.
Extensions to Prefetch
Specifies object extensions to prefetch, separated by commas. By default, the SteelHead prefetches .jpg, .gif, .js, .png, and .css object extensions.
These extensions are only for URL Learning and Parse and Prefetch.
Enable Per-Host Auto Configuration
Creates an HTTP optimization scheme automatically by evaluating HTTP traffic statistics gathered for the host or server subnet. RiOS derives the web server hostname or server subnet from the HTTP request header and collects HTTP traffic statistics for that host or subnet. RiOS evaluates hostnames and subnets that don’t match any other rules.
Automatic configurations define the optimal combination of URL Learning, Parse and Prefetch, and Object Prefetch Table for the host or subnet. After RiOS evaluates the host or subnet, it appears on the Subnet or Host list at the bottom of the page as Auto Configured. HTTP traffic is optimized automatically.
Automatic configuration is enabled by default. If you have automatically configured hostnames and then disabled Per-Host Auto Configuration, the automatically configured hosts are removed from the list when the page refreshes. They aren’t removed from the database. When you reenable Per- Host Auto Configuration, the hosts reappear in the list with the previous configuration settings.
Enable this control on the client-side SteelHead.
You can’t remove an automatically configured hostname or subnet from the list, but you can reconfigure them, save them as a static host, and then remove them.
In RiOS 8.5 and later, the default configuration appears in the list only when automatic configuration is disabled.
To allow a static host to be automatically configured, remove it from the list.
Enable Kerberos Authentication Support
When enabled on the server-side SteelHead, optimizes HTTP connections using Kerberos authentication end-to-end between the client-side and server-side SteelHeads and the server-side SteelHead and the server. This method enables RiOS to prefetch resources when the web server employs per-request Kerberos.
In addition to enabling this control on the server-side SteelHead, you must also join the server-side SteelHead to a Windows domain and add replication users: choose Optimization > Active Directory: Auto Config > Configure Replication Account.
No additional configuration is needed on the client-side SteelHead.
3. Click Apply to apply your settings to the running configuration.
4. Click Save to Disk to save your settings permanently.
To enable the SaaS User Identity feature
Use one of the following methods to enable SaaS identity. The second method requires the Cloud Portal and the SteelHead SaaS service. If your network uses the SteelHead SaaS service, you can use either method.
Method 1
1. Enable SSL optimization on the server-side SteelHead. See Configuring SSL main settings for information.
2. Add a proxy certificate for login.microsoftonline.com on the server-side SteelHead. See Configuring SSL server certificates for information.
3. Add an in-path rule on the client-side SteelHead to optimize traffic from login.microsoftonline.com. See Configuring in-path rules for information.
Create a domain label and a host label with the in-path rule to simplify configuration. See Configuring domain labels and Configuring host labels for details.
4. Choose Optimization > Protocols: HTTP, and select the Enable SaaS User Identity (Office 365) check box.
5. Optional: To use this feature with a SteelCentral AppResponse appliance, make the following configuration changes:
From the SteelHead appliance, choose Optimization > Protocols: HTTP, and select the Enable SteelFlow WTA check box.
Add an entry inside the user session tracking manager on the SteelCentral AppResponse appliance. See the SteelCentral AppResponse User Guide for details.
Method 2 (SteelHead SaaS service required)
1. Enable Cloud Acceleration on the SteelHead. See Configuring the Legacy Cloud Accelerator for more information.
2. Activate the O365 User Identity (SAASUID) application on both the Cloud Portal and the SteelHead. See Activating SaaS applications for more information.
3. Configure the associated proxy certificates on the Cloud Portal. For more information, see the chapter about Configuring SaaS Proxy Certificates in the SteelHead SaaS User Guide (for Legacy Cloud Accelerator).
To prefetch HTML tags
1. Under HTML Tags to Prefetch, select which HTML tags to prefetch. By default, these tags are prefetched: base/href, body/background, img/src, link/href, and script/src.
HTTP Configuration page—HTML Tags to Prefetch pane
These tags are for the Parse and Prefetch feature only and don’t affect other prefetch types, such as object extensions.
2. To add a new tag, complete the configuration as described in this table.
Control
Description
Add a Prefetch Tag
Displays the controls to add an HTML tag.
Tag Name
Specify the tag name.
Attribute
Specify the tag attribute.
Add
Adds the tag.
Configuring a server subnet or host
Under Settings, you can enable URL Learning, Parse and Prefetch, and Object Prefetch Table in any combination for any host server or server subnet. You can also enable authorization optimization to tune a particular subnet dynamically, with no service restart required.
The default settings are URL Learning, Object Prefetch Table, and Strip Compression for all traffic with automatic configuration disabled. The default setting applies when HTTP optimization is enabled, regardless of whether there’s an entry in the Subnet or Host list. In the case of overlapping subnets, specific list entries override any default settings.
In RiOS 8.5 and later, the default rule is applied if any other rule (that is, the subnet rule or host-based rule) doesn’t match.
Suppose the majority of your web servers have dynamic content applications but you also have several static content application servers. You could configure your entire server subnet to disable URL Learning and enable Parse and Prefetch and Object Prefetch Table, optimizing HTTP for the majority of your web servers. Next, you could configure your static content servers to use URL Learning only, disabling Parse and Prefetch and Object Prefetch Table.
To configure an HTTP optimization scheme for a particular hostname or server subnet
1. Choose Optimization > Protocols: HTTP to display the HTTP page.
HTTP Configuration page—Server Subnet and Host Settings pane
2. On the client-side SteelHead, under Server Subnet and Host Settings, complete the configuration as described in this table.
Control
Description
Add a Subnet or Host
Displays the controls for adding a server subnet or host. The server must support keepalive.
Server Subnet or Hostname
Specify an IP address and mask pattern for the server subnet, or a hostname, on which to set up the HTTP optimization scheme.
Use this format for an individual subnet IP address and netmask:
xxx.xxx.xxx.xxx/xx (IPv4)
x:x:x::x/xxx (IPv6)
You can also specify 0.0.0.0/0 (all IPv4) or ::/0 (all IPv6) as the wildcard for either IPv4 or IPv6 traffic.
Row Filters
Static—Displays only the static subnet or hostname configurations in the subnet and hostname list. You create a static configuration manually to fine-tune HTTP optimization for a particular host or server subnet. By default, RiOS displays both automatic and static configurations.
Auto—Displays only the automatic subnet or hostname configurations in the subnet and hostname list. RiOS creates automatic configurations when you select Enable Per-Host Auto Configuration, based on an application profile. Automatic configurations define the optimal combination of URL learning, Parse and Prefetch, and Object Prefetch Table for the host or subnet. By default, RiOS displays both automatic and static configurations.
Auto (Eval)—Displays the automatic hostname configurations currently under evaluation. By default, the evaluation period is 1000 transactions.
Basic tuning
 
Strip Compression
Marks the accept-encoding lines from the HTTP compression header so they’re not returned in calls. An accept-encoding directive compresses content rather than using raw HTML. Enabling this option improves the performance of the SteelHead data reduction algorithms. By default, strip compression is enabled.
Insert Cookie
Adds a cookie to HTTP applications that don’t already have one. HTTP applications frequently use cookies to keep track of sessions. The SteelHead uses cookies to distinguish one user session from another. If an HTTP application doesn’t use cookies, the client SteelHead inserts one so that it can track requests from the same client. By default, this setting is disabled.
Insert Keep Alive
Uses the same TCP connection to send and receive multiple HTTP requests and responses, as opposed to opening a new one for every single request and response. Specify this option when using the URL Learning or Parse and Prefetch features with HTTP 1.0 or HTTP 1.1 applications using the Connection Close method. This setting is enabled by default.
Caching
 
Object Prefetch Table
Enable this control on the client-side SteelHead to store HTTP object prefetches from HTTP GET requests for cascading style sheets, static images, and Java scripts in the Object Prefetch Table. When the browser performs If-Modified-Since (IMS) checks for stored content or sends regular HTTP requests, the client-side SteelHead responds to these IMS checks and HTTP requests, cutting back on round-trips across the WAN.
Stream Splitting
Enable this control on the client-side SteelHead to split Silverlight smooth streaming, Adobe Flash HTTP dynamic streams, and Apple HTTP Live Streaming (HLS).
This control includes support for Microsoft Silverlight video and Silverlight extensions support on Internet Information Server (IIS) version 7.5 installed on Windows Server 2008 R2.
To split Adobe Flash streams, you must set up the video origin server before enabling this control. For details, see the SteelHead Deployment Guide.
Apple HLS is an HTTP-based video delivery protocol for iOS and OSX that streams video to iPads, iPhones, and Macs. HLS is part of an upgrade to QuickTime. RiOS splits both live and on-demand video streams.
Use this control to support multiple branch office users from a single real-time TCP stream. The SteelHead identifies live streaming video URL fragment requests and delays any request that is already in progress. When the client receives the response, it returns the same response to all clients requesting that URL.
As an example, when employees in branch offices simultaneously start clients (through browser plugins) that all request the same video fragment, the client-side SteelHead delays requests for that fragment because it’s already outstanding. Since many identical requests typically are made before the first request is responded to, the result is many hits to the server and many bytes across the WAN. When you enable stream splitting on the client-side SteelHead, it identifies live streaming video URL fragment requests and holds subsequent requests for that fragment because the first request for that fragment is outstanding. When the response is received, it’s delivered to all clients that requested it. Thus, only one request and response pair for a video fragment transfers over the WAN. With stream splitting, the SteelHead replicates one TCP stream for each individual client.
RiOS 9.1 and later increase the cache size by up to five times, depending on the SteelHead model, and stores the video fragments for 30 seconds to keep clients watching the same live video in sync. For details, see the SteelHead Deployment Guide - Protocols.
Stream splitting optimization doesn’t change the number of sockets that are opened to the server, but it does reduce the number of requests made to the server. Without this optimization, each fragment is requested once per client. With this optimization, each fragment is requested once.
Stream splitting is disabled by default.
Enabling this control requires that HTTP optimization is enabled on the client-side and server-side SteelHeads. The client-side SteelHead doesn’t require an optimization service restart in RiOS 9.1 or later. No other changes are necessary on the server-side SteelHead.
In addition to splitting the video stream, you can prepopulate video at branch office locations during off-peak periods and then retrieve them for later viewing. For information, see the protocol http prepop list url command in the Riverbed Command-Line Interface Reference Manual.
To view a graph of the data reduction resulting from stream splitting, choose Reports > Optimization: Live Video Stream Splitting.
Prefetch schemes
 
URL Learning
Enables URL Learning, which learns associations between a base URL request and a follow-on request. Stores information about which URLs have been requested and which URLs have generated a 200 OK response from the server. This option fetches the URLs embedded in style sheets or any JavaScript associated with the base page and located on the same host as the base URL.
For example, if a web client requests /a.php?c=0 and then requests /b.php?c=0, and another client requests a.php?c=1 and then b.php?c=1, if somebody requests a.php?c=123, RiOS determines that it might request b.php?c=123 next and thus prefetches it for the client.
URL Learning works best with nondynamic content that doesn’t contain session-specific information. URL Learning is enabled by default.
Your system must support cookies and persistent connections to benefit from URL Learning. If your system has cookies disabled and depends on URL rewriting for HTTP state management, or is using HTTP 1.0 (with no keepalives), you can force the use of cookies using the Add Cookie option and force the use of persistent connections using the Insert Keep Alive option.
Parse and Prefetch
Enables Parse and Prefetch, which parses the base HTML page received from the server and prefetches any embedded objects to the client-side SteelHead. This option complements URL Learning by handling dynamically generated pages and URLs that include state information. When the browser requests an embedded object, the SteelHead serves the request from the prefetched results, eliminating the round-trip delay to the server.
The prefetched objects contained in the base HTML page can be images, style sheets, or any Java scripts associated with the base page and located on the same host as the base URL.
Parse and Prefetch requires cookies. If the application doesn’t use cookies, you can insert one using the Insert Cookie option.
Authentication tuning
 
Reuse Auth
Allows an unauthenticated connection to serve prefetched objects, as long as the connection belongs to a session whose base connection is already authenticated.
This option is most effective when the web server is configured to use per-connection NTLM or Kerberos authentication.
Force NTLM
In the case of negotiated Kerberos and NTLM authentication, forces NTLM. Kerberos is less efficient over the WAN because the client must contact the Domain Controller to answer the server authentication challenge and tends to be employed on a per-request basis.
We recommend enabling Strip Auth Header along with this option.
Strip Auth Header
Removes all credentials from the request on an already authenticated connection. This method works around Internet Explorer behavior that reauthorizes connections that have previously been authorized.
This option is most effective when the web server is configured to use per-connection NTLM authentication.
If the web server is configured to use per-request NTLM authentication, enabling this option might cause authentication failure.
Gratuitous 401
Prevents a WAN round trip by issuing the first 401 containing the realm choices from the client-side SteelHead.
We recommend enabling Strip Auth Header along with this option.
This option is most effective when the web server is configured to use per-connection NTLM authentication or per-request Kerberos authentication.
If the web server is configured to use per-connection Kerberos authentication, enabling this option might cause additional delay.
FPSE
Enables Microsoft Front Page Server Extensions (FPSE) protocol optimization. FPSE is one of the protocols in the Front Page protocol suite. FPSE compose a set of SharePoint server-side applications that let users simultaneously collaborate on the same website and web server to enable multiuser authoring. The protocol is used for displaying site content as a file system and allows file downloading, uploading, creation, listing, and locking. FPSE uses HTTP for transport.
RiOS 8.5 and later cache and respond locally to some FPSE requests to save at least five round-trips per each request, resulting in performance improvements. SSL connections and files smaller than 5 MB can experience significant performance improvements.
FPSE supports SharePoint Office 2007/2010 clients installed on Windows XP and Windows 7 and SharePoint Server 2007/2010.
SharePoint 2013 doesn’t use the FPSE protocol when users are editing files. It uses WebDAV when users map SharePoint drives to local machines and browse directories.
FPSE is disabled by default.
Choose Reports > Networking: Current Connections to view the HTTP-SharePoint connections. To display only HTTP-SharePoint connections, click add filter in the Query area, select for application from the drop-down menu, select HTTP-SharePoint, and click Update.
WebDAV
Enables Microsoft Web Distributed Authoring and Versioning (WebDAV) protocol optimization. WebDAV is an open-standard extension to the HTTP 1.1 protocol that enables file management on remote web servers. Some of the many Microsoft components that use WebDAV include WebDAV redirector, Web Folders, and SMS/SCCM.
RiOS predicts and prefetches WebDAV responses, which saves multiple round-trips and makes browsing the SharePoint file repository more responsive.
WebDAV optimization is disabled by default.
Choose Reports > Networking: Current Connections to view the HTTP-SharePoint connections. To display only HTTP-SharePoint connections, click add filter in the Query area, select for application from the drop-down menu, select HTTP-Sharepoint, and click Update.
Add
Adds the subnet or hostname.
Apply/Apply and Make Static
Click to save the configuration. Click Apply to save the configuration for static hostnames and subnets or Apply and Make Static to save an automatically configured host as a static host.
3. Click Apply to apply your settings to the running configuration.
4. Click Save to Disk to save your settings permanently.
To modify subnet configuration properties, use the drop-down lists in the table row for the configuration.
To modify server properties, use the drop-down list in the table row for the server.