Cisco WAAS Mobile Administration Guide
Software Version 3.5
April 2011
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-15416-05
Foreword
Cisco WAAS Mobile Administration Guide.
The contents of this document are protected under the copyright laws of the United States and by
international treaties. All rights in these materials are reserved. No part of this paper may be
copied, photocopied, reproduced, transmitted, translated or reduced to any electronic medium or
machine readable form, in whole or in part, without the prior written consent of the author.
Copyright © 2011 by Cisco Systems, Inc. All rights reserved. Duplication in whole or in part is
not permitted without express written permission.
Cisco Systems, Inc. utilizes third party software from various sources. Portions of this software
are copyrighted by their respective owners as indicated in the copyright notices below.
The following lists the copyright notices for:
Jquery
Copyright (c) 2008 John Resig
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
LibJpg2
This work is based in part on the work of the Independent JPEG Group.
MD5
RSA Data Security, Inc. MD5 Message-Digest Algorithm
Copyright (c) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.
License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc.
MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function.
License is also granted to make and use derivative works provided that such works are identified as "derived
from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the
derived work.
RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the
suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty
of any kind.
WebClient, WebServer, netcfgapi.cpp, miniport.c
Microsoft Public License (Ms-PL)
This license governs use of the accompanying software. If you use the software, you accept this license. If you
do not accept the license, do not use the software.
1. Definitions
The terms "reproduce," "reproduction," "derivative works," and "distribution" have the same meaning here as
under U.S. copyright law.
A "contribution" is the original software, or any additions or changes to the software.
A "contributor" is any person that distributes its contribution under this license.
"Licensed patents" are a contributor's patent claims that read directly on its contribution.
2. Grant of Rights
(A) Copyright Grant- Subject to the terms of this license, including the license conditions and limitations in
section 3, each contributor grants you a non-exclusive, worldwide, royalty-free copyright license to reproduce
its contribution, prepare derivative works of its contribution, and distribute its contribution or any derivative
works that you create.
(B) Patent Grant- Subject to the terms of this license, including the license conditions and limitations in section
Cisco WAAS Mobile Administration Guide
i
3, each contributor grants you a non-exclusive, worldwide, royalty-free license under its licensed patents to
make, have made, use, sell, offer for sale, import, and/or otherwise dispose of its contribution in the software
or derivative works of the contribution in the software.
3. Conditions and Limitations
(A) No Trademark License- This license does not grant you rights to use any contributors' name, logo, or
trademarks.
(B) If you bring a patent claim against any contributor over patents that you claim are infringed by the software,
your patent license from such contributor to the software ends automatically.
(C) If you distribute any portion of the software, you must retain all copyright, patent, trademark, and
attribution notices that are present in the software.
(D) If you distribute any portion of the software in source code form, you may do so only under this license by
including a complete copy of this license with your distribution. If you distribute any portion of the software in
compiled or object code form, you may only do so under a license that complies with this license.
(E) The software is licensed "as-is." You bear the risk of using it. The contributors give no express warranties,
guarantees or conditions. You may have additional consumer rights under your local laws which this license
cannot change. To the extent permitted under your local laws, the contributors exclude the implied warranties
of merchantability, fitness for a particular purpose and non-infringement.
WinPcap
Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy).
Copyright (c) 2005 - 2009 CACE Technologies, Davis (California).
All rights reserved.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
ii
Cisco WAAS Mobile Administration Guide
Contents
Foreword................................................................................................................................................... i Contents ..................................................................................................................................................iii List of Tables .......................................................................................................................................... v List of Figures ........................................................................................................................................ vi About this Document ..........................................................................................................................vii Intended Audience .......................................................................................................................... vii Document Outline............................................................................................................................ vii Related Documents ......................................................................................................................... viii CHAPTER 1. Overview..................................................................................................................... 1 Product Overview .............................................................................................................................. 1 CHAPTER 2. Hardware and Software System Requirements .................................................. 2 Server Hardware and Software Requirements .............................................................................. 2 Client Hardware and Software Requirements ............................................................................... 3 Software Compatibility ..................................................................................................................... 4 CHAPTER 3. Cisco WAAS Mobile System Installation............................................................. 8 Pre-Installation System Check.......................................................................................................... 8 WAAS Mobile Server Installation.................................................................................................. 10 WAAS Mobile Client Installation .................................................................................................. 14 CHAPTER 4. Getting Started With The Cisco WAAS Mobile Manager ............................... 16 Manager Functionality .................................................................................................................... 16 Applying Configuration Settings................................................................................................... 17 CHAPTER 5. Configuring the Cisco WAAS Mobile Manager ............................................... 19 Establishing the Management Authority...................................................................................... 19 Defining the Servers to be Managed ............................................................................................. 19 Pooled Client Licensing .................................................................................................................. 20 Changing the Manager Password.................................................................................................. 22 Changing Manager Properties ....................................................................................................... 22 CHAPTER 6. Configuring Cisco WAAS Mobile Servers ......................................................... 23 Configuring Server Profiles ............................................................................................................ 23 Configuring Server Acceleration ................................................................................................... 24 Configuring Server Networking .................................................................................................... 26 Configuring Server Diagnostics ..................................................................................................... 27 Configuring Server Capacity .......................................................................................................... 30 Configuring Client Access Control ................................................................................................ 30 WAAS Mobile Security ................................................................................................................... 31 CHAPTER 7. Configuring the Cisco WAAS Mobile Client .................................................... 33 Configuring Client Software .......................................................................................................... 33 Configuring Client Acceleration .................................................................................................... 35 Configuring Client Networking..................................................................................................... 41 Cisco WAAS Mobile Administration Guide
iii
Configuring Client Diagnostics Settings....................................................................................... 46 Configuring the Client’s User Interface ........................................................................................ 47 CHAPTER 8. Managing Cisco WAAS Mobile ........................................................................... 49 Using the Cisco WAAS Mobile Dashboard .................................................................................. 50 Performance Management .............................................................................................................. 51 Monitoring System Resources and Usage .................................................................................... 52 Managing Servers ............................................................................................................................ 52 Managing Clients ............................................................................................................................. 53 Managing a Specific Client ............................................................................................................. 54 Managing Events ............................................................................................................................. 56 Managing System Reports .............................................................................................................. 56 Backing Up and Restoring the Manager ....................................................................................... 58 SNMP Support ................................................................................................................................. 58 CHAPTER 9. Tips for Optimizing Application Acceleration.................................................. 61 Outlook 2007 ..................................................................................................................................... 61 Firefox HTTPS acceleration ............................................................................................................ 61 Microsoft ISA Firewall Client ......................................................................................................... 62 Virtual Desktops .............................................................................................................................. 62 Citrix ICA .......................................................................................................................................... 64 Kaspersky Internet Security ........................................................................................................... 64 Symantec Data Loss Prevention (formerly Vontu)...................................................................... 65 To interoperate with Symantec Data Loss Prevention, Symantec needs to be configured as
follows: .............................................................................................................................................. 65 FTP over the Internet ....................................................................................................................... 65 Optimizing Acceleration over Satellite ......................................................................................... 66 Virus Scanning Best Practices ......................................................................................................... 66 CHAPTER 10. Diagnostics .......................................................................................................... 67 Server-Side Diagnostics................................................................................................................... 67 Client-Side Diagnostics ................................................................................................................... 69 CHAPTER 11. Troubleshooting ................................................................................................. 73 Problem Isolation ............................................................................................................................. 78 CHAPTER 12. System Status Reports ....................................................................................... 98 Generating a System Report from a Client Computer ................................................................ 98 Generating a System Report from the WAAS Mobile Server .................................................... 98 iv
Appendix A. Hardware and Software Configuration Guidelines ......................................... 99 Appendix B. List of Acronyms ....................................................................................................101 Cisco WAAS Mobile Administration Guide
List of Tables
Table 1 Server System Requirements ........................................................................................................ 2 Table 2 Server Software Requirements ..................................................................................................... 2 Table 3 Client Hardware System Requirements ..................................................................................... 3 Table 4 Client Software Requirements ..................................................................................................... 3 Table 5 Protocols and Applications Compatible with Cisco WAAS Mobile ....................................... 4 Table 6 Delta Cache Settings .................................................................................................................... 24 Table 7 HTTP Prefetching Settings......................................................................................................... 25 Table 8 Configuring Client IP Aliasing .................................................................................................. 27 Table 9 Server Diagnostics Settings......................................................................................................... 28 Table 10 Access Control Settings ............................................................................................................. 30 Table 11 Client Distribution Configuration Settings ............................................................................ 33 Table 12 Accelerated Processes Settings ................................................................................................. 36 Table 13 HTTP Settings ............................................................................................................................. 38 Table 14 HTTPS Settings........................................................................................................................... 38 Table 15 File Shares Settings .................................................................................................................... 40 Table 16 Delta Cache Settings .................................................................................................................. 40 Table 17 Connection Settings ................................................................................................................... 44 Table 18 Diagnostics Settings ................................................................................................................... 46 Table 19 Client User Interface Settings ................................................................................................... 48 Table 20 WAAS Mobile Server Issues and Isolation ............................................................................. 78 Table 21 WAAS Mobile Client Issues and Isolation ............................................................................. 79 Table 22 WAAS Mobile Client Event Messages .................................................................................... 82 Table 23 WAAS Mobile Server Event Messages ................................................................................... 94 Table 24 Server Hardware and Software Requirements ...................................................................... 99 Cisco WAAS Mobile Administration Guide
v
List of Figures
Figure 1 Starting a 30-Day Evaluation .................................................................................................... 10 Figure 2 Starting Up WAAS Mobile in a Production Environment ................................................... 11 Figure 3 Enter License Information ......................................................................................................... 12 Figure 4 Applying System Settings ......................................................................................................... 18 Figure 5 Accelerated Processes Table ..................................................................................................... 36 Figure 6. The Cisco WAAS Mobile Dashboard ..................................................................................... 50 Figure 7 Traffic Summary Graph ............................................................................................................ 51 Figure 8 System Reports Download Page .............................................................................................. 56 Figure 9 Windows SNMP Service Configuration ................................................................................. 59 Figure 10 Acceleration Icon in System Tray .......................................................................................... 69 Figure 11 Client Manager Diagnostics – TCP Sessions Tab ................................................................. 70 Figure 12 WAAS Mobile System Tray Icon Menu ................................................................................ 98 vi
Cisco WAAS Mobile Administration Guide
About this Document
Intended Audience
This guide is intended for administrators of the Cisco WAAS Mobile software. Administrators
may be responsible for any or all of the following tasks:
•
Installing, configuring, and monitoring the WAAS Mobile server
•
Creating, distributing, and installing the WAAS Mobile client on end user machines
•
Providing support for Cisco WAAS Mobile end users
Document Outline
•
Overview—briefly describes the overall WAAS Mobile system.
•
Hardware and Software System Requirements—hardware and software requirements for
optimal operation of the WAAS Mobile system.
•
Cisco WAAS Mobile System Installation- describes installation and upgrade procedures for
the WAAS Mobile server and client software.
•
Getting Started with the Cisco WAAS Mobile Manager – provides an overview of the Cisco
WAAS Mobile Manager, which provides centralized management and monitoring of all
Cisco WAAS Mobile servers and clients from a single GUI.
•
Configuring the Cisco WAAS Mobile Manager – provides instructions for configuring which
servers are managed by the Manager, licensing and system-wide parameters.
•
Configuring Cisco WAAS Mobile Servers – provides instructions for configuring server
profiles, which describe a set of acceleration, networking, and other policies for groups of
servers.
•
Configuring the Cisco WAAS Mobile Client—provides instructions for configuring and
managing clients.
•
Managing WAAS Mobile - provides instructions for centrally managing and monitoring all
servers and clients within an enterprise.
•
Tips for Optimizing Application Acceleration – provides guidance for configuring Cisco
WAAS Mobile to optimally accelerate applications and for configuring applications for
optimum acceleration by Cisco WAAS Mobile.
•
Diagnostics—provides a high level summary of the various types of diagnostic
information that are generated.
•
Troubleshooting—provides guidance on how to troubleshoot and resolve WAAS Mobile
client and server issues.
•
System Status Reports—provides detailed instructions for creating and using system status
reports used by support personnel to isolate and diagnose problems.
Cisco WAAS Mobile Administration Guide
vii
Related Documents
In addition to this Administration Guide, the following documents are also available:
viii
•
Cisco WAAS Mobile User Guide—A guide for the WAAS Mobile end user. This
complements the on-line help system and provides a reference for offline study.
•
Cisco WAAS Mobile Release Notes—Release-specific information regarding features added,
changed, and removed as well as known and resolved issues.
Cisco WAAS Mobile Administration Guide
CHAPTER 1.
Overview
Product Overview
Cisco Wide Area Application Services (WAAS) Mobile extends Cisco WAAS software application
acceleration benefits to teleworkers, small and home office workers, and mobile employees who
travel outside the branch office. Compared to corporate WAN and branch-office optimization,
acceleration of mobile VPN connections over the public Internet brings additional technical
challenges:
•
•
•
Quality of the network connection is lower than the corporate WAN: Rather than
using dedicated branch-to-corporate WAN leased lines, mobile users are using
public Internet connections such as DSL, Wi-Fi, satellite, dial-up, cable, and cellular.
These connections have lower bandwidth, higher packet loss and latency, and
additional challenges such as time-slicing delay in cellular environments;
Small footprint for the PC/laptop: In contrast to branch-office users who can rely on
a dedicated branch-office device for application acceleration, mobile users have to
share laptop or PC computing resources and the TCP software stack with numerous
other PC applications;
Support cost and manageability concerns: The open environment of a Windows PC,
in contrast to the controlled environment of an appliance, has a very different class of
stability and interoperability requirements, with a variety of operating systems,
browser versions, end point security applications, VPN client software and a wide
range of business applications.
To address these challenges, Cisco WAAS Mobile provides the smallest PC footprint and the
lowest Total Cost of Ownership (TCO) normally associated with mass-user deployment of PC
software, plus it achieves industry-leading performance under the most challenging network
connectivity conditions by extending Cisco WAAS acceleration technologies to include the
following:
•
•
•
Advanced data transfer compression: Cisco WAAS Mobile maintains a persistent
and bi-directional history of data on both the mobile PC and the Cisco WAAS Mobile
server. This history can be used in current and future transfers, across different VPN
sessions and during temporary network disconnects, to minimize bandwidth
consumption and improve performance.
Application-specific acceleration for a broad range of application protocols including:
o Microsoft Exchange: Microsoft Outlook Messaging API (MAPI)
o Windows Common Internet File System (CIFS)
o HTTP, supporting enterprise web-based intranet and Internet applications
o HTTPS for secured intranet applications without compromising security
Transport optimization: Cisco WAAS Mobile handles the network variations found
in packet switched wireless networks, the significant bandwidth-latency problems of
broadband satellite links, and noisy Wi-Fi and DSL connections. The result is
significantly higher link resiliency.
Cisco WAAS Mobile Administration Guide
1
CHAPTER 2.
Hardware and Software System Requirements
Server Hardware and Software Requirements
Requirements for Deploying WAAS Mobile Server Software on Dedicated
Servers
This section details hardware and software requirements for proper system performance.
Table 1 Server System Requirements
Minimum 1
Recommended
1.8 GHz dual core
See Appendix A
System Memory (RAM)
2 GB
See Appendix A
Disk Space Available for Cache
5 GB
See Appendix A
CPU
Table 2 Server Software Requirements
Operating Systems supported:
o
Windows Server 2008 R2 x64 Standard Edition
o
Windows Server 2008 x64 Standard Edition (optionally with SP2)
o
Windows Server 2003 R2 x64, Standard Edition (optionally with
SP2)
o
Windows Server 2003 x64, Standard Edition
o
Windows Server 2003 R2, Standard Edition (optionally with SP2)
(See Appendix A)
o
Windows Server 2003, Standard Edition (optionally with SP1) (See
Appendix A)
NOTE: IIS 6.0 or later must be installed.
IMPORTANT: WAAS Mobile will not run on a Windows server that is also a
Domain Controller.
1
2
Minimum server configuration supports 5-10 users.
Hardware and Software System Requirements
Requirements for Deploying WAAS Mobile Server Software on Virtual Machines
WAAS Mobile Server Software may also be deployed as a Virtual Appliance. Use the guidelines
outlined in Appendix A to define the size of the virtual machine that is needed for your
deployment. Expect that the throughput of the Virtual Appliance will be 80-90% of a native
appliance, so plan the CPU allocation accordingly.
Client Hardware and Software Requirements
The minimum PC hardware and software requirements are provided in the tables below:
Table 3 Client Hardware System Requirements
Minimum
Recommended
750 MHz
1.5 GHz
System Memory (RAM)
512 MB
1 GB
Disk Space Available for Cache
80 MB
1 GB
CPU
Table 4 Client Software Requirements
Minimum
Recommended
Windows XP SP2
Windows XP SP3
Vista
Windows 7
Cisco WAAS Mobile Administration Guide
3
Software Compatibility
Cisco WAAS Mobile has been tested and is compatible with the following applications. Other
software packages not listed may also be compatible.
Protocol and Application Compatibility
This table contains the list of enterprise software applications that Cisco WAAS Mobile
accelerates, including web browsers, email clients and other web-enabled applications.
Table 5 Protocols and Applications Compatible with Cisco WAAS Mobile
Protocol
Application1
HTTP
Microsoft Internet Explorer
FireFox
Chrome
Netscape
Netscape Communicator
Opera
Mozilla
Windows Explorer
HTTPS
Microsoft Internet Explorer
Firefox 2
Chrome
FTP
Microsoft Internet Explorer
Netscape
Opera
Mozilla
FireFox
Windows Explorer
WS-FTP PRO
FTP.exe
SMTP/POP3 (email)
Microsoft Outlook
Eudora
Netscape Communicator
Email-enabled MS Office Apps
Outlook Express
2
4
See CHAPTER 9 for information on configuring Firefox HTTPS optimization.
Hardware and Software System Requirements
Protocol
Application1
Thunderbird
CIFS SMB
Windows Explorer and other applications that use
the CIFS protocol. Signed and unsigned SMB
supported.
MAPI
Microsoft Outlook 2007 Online, Cached mode,
Encryption disabled
Microsoft Outlook 2003 Online, Cached mode
Microsoft Outlook 2002 Online, Offline
Microsoft Outlook 2000 Online, Offline
IMAP4 (email)
Microsoft Outlook
Outlook Express
Lotus Notes (email)
Lotus Notes
Microsoft Office
Microsoft Office 2007
Microsoft Office 2003
Microsoft Office XP
SharePoint 2003 and 2007
Oracle
Jinitiator
Java Runtime Environment
Misc. Applications
Citrix ICA/RDP (compression and encryption
disabled)
Microsoft Remote Desktop (Terminal Services)
Misc test utilities (wget, urlclient, curl)
1 Applications
that do not appear on this list may be added by the enterprise administrator. The
listed applications have been certified for use with Cisco WAAS Mobile.
VoIP bandwidth preservation
Cisco WAAS Mobile may be used to dynamically preserve bandwidth for real-time UDP traffic.
The following soft phone VoIP applications, are supported by default, and others may be
supported by adding them to the Accelerated Processes List via the Configure > Clients >
Acceleration page:
•
Cisco IP Communicator
•
Avaya Onex Agent
•
Nortel Unified Communications and Nortel soft phone
•
Microsoft Office Communicator
Cisco WAAS Mobile Administration Guide
5
Antivirus/Security Software Interoperability
WAAS Mobile Client software is interoperable with a wide range of anti-virus software,
including the following:
•
McAfee Virus Scan Enterprise
•
McAfee Internet Security Suite
•
Norton Internet Security
•
Norton 360
•
Norton Anti Virus
•
CA Antivirus
•
Trend Micro PC-Cillin
•
Trend Micro Internet Security
•
Microsoft Windows Firewall
•
Panda Antivirus
•
Kaspersky Internet Security
o
See the Kaspersky Internet Security section of CHAPTER 9 for configuration
guidance.
•
AVG Anti-Virus
•
Bit Defender
•
F-Secure
•
Symantec Data Loss Prevention (formerly Vontu)
o
See the Symantec Data Loss Prevention section of CHAPTER 9 for configuration
VPN Software Interoperability
WAAS Mobile Client software is interoperable with a wide range of IPsec and SSL VPNs,
including the following:
•
A broad range of IPsec VPNs, including
o
Cisco VPN Client
o
Nortel Contivity VPN Client
o
Microsoft Intelligent Application Gateway (IAG) VPN Client
o
Checkpoint VPN Client
NOTE: When interoperating with the Microsoft IAG or CheckPoint IPsec VPN
clients, the network monitoring feature on the client should not be enabled. Note
that this feature is disabled by default.
•
6
SSL VPNs
o
Cisco AnyConnect Premium and Essentials
o
Juniper Network Connect, Secure Application Manager, and
Clientless Core Web Access
o
Nortel Net Direct, Enhanced Clientless, and Clientless Web Access
Hardware and Software System Requirements
o
Citrix Secure Access Client
o
F5 FirePass Network Access
o
Neoteris
Accelerator Incompatibilities
The software programs below are not interoperable with the Cisco WAAS Mobile client because
these applications redirect traffic in direct conflict with Cisco WAAS Mobile’s traffic redirection.
•
Blue Coat Proxy Client
•
Riverbed Steelhead Mobile Client
•
Venturi VClient.
•
Bytemobile optimization client
Other Software Interoperability Notes
Microsoft ISA Server
When deploying WAAS Mobile with Microsoft ISA server, the Flood Mitigation feature, which is
on by default in ISA server, should be disabled. Additionally, the WAAS Mobile server
addresses should be added to the ISA server’s flood mitigation IP address exclusion list.
Applications Employing Source IP authentication or tracking
Several applications, including those listed below, employ source IP authentication to provide an
added level of application security. The WAAS Mobile servers that are accelerating these
application servers should be configured to either use Client IP Preservation, which can be
enabled via the Configure > Servers > Networking page, or to bypass these applications.
Applications requiring Client IP preservation include:
•
Infosys Finacle
•
Some Lexis/Nexus applications
•
TACACS server GUI
•
Applications using the MSDNWS SOAP user agent
•
Video streaming using the RTSP protocol
•
VoIP, when SIP authentication is enabled
Cisco WAAS Mobile Administration Guide
7
CHAPTER 3.
Cisco WAAS Mobile System Installation
This chapter describes the procedures an administrator will need to use in order to install the
Cisco WAAS Mobile software.
This chapter contains the following sections:
•
Pre-Installation System Check
•
WAAS Mobile Server Installation
•
WAAS Mobile Client Installation
Pre-Installation System Check
1.
Verify that the computer on which you intend to install the server software meets the
system requirements listed in CHAPTER 2.
2.
Do not run other applications, including the client software, on the computer running the
WAAS Mobile server. If anti-virus software is installed on the server, it must be
configured to allow outgoing ports that the WAAS Mobile server may use (e.g., SMTP
port 25).
NOTE: When virus scanning is run on WAAS Mobile server, it is recommended
that the delta cache file and the delta cache index file be excluded from the scan.
Specifically, exclude the following files from being scanned by the virus scanner:
On Windows Server 2003 and 2003 R2:
C:\Documents and Settings\All Users\Application
Data\Cisco\WAASMobile\DeltaCache\BD_ServerPage.acc
C:\Documents and Settings\All Users\Application
Data\Cisco\WAASMobile\DeltaCache\BD_ServerControl.acc
On Windows Server 2008 and 2008 R2:
C:\ProgramData\Cisco\WAASMobile\DeltaCache\BD_ServerPage.acc
C:\ProgramData\Cisco\WAASMobile\DeltaCache\BD_ServerControl.
acc
8
3.
Verify network routability from the client computers that will run the WAAS Mobile
client to the WAAS Mobile server.
4.
Verify network routability from the WAAS Mobile server to the content and application
servers that will be accelerated.
5.
Verify that the firewall on the Windows Server is configured to allow TCP and UDP
access over port 1182. Optimized data is transmitted over UDP port 1182 and session
initiation and control uses TCP port 1182.
Cisco WAAS Mobile System Installation
IMPORTANT: Windows Server 2008 blocks port 1182 by default. Before
running WAAS Mobile, this port must be opened for TCP and UDP traffic.
6.
Verify that any firewalls between the WAAS Mobile server and computers running the
WAAS Mobile client are configured to allow TCP and UDP access over port 1182.
7.
It is generally recommended that WAAS Mobile be installed on a 64-bit Windows Server
OS.
NOTE: If WAAS Mobile is being installed on a 32-bit Windows Server OS and
the server is configured with 4 GB or more RAM, configure server memory
management to allocate additional memory to the user process. To do this,
modify the “boot.ini” file to allocate 3 GB of RAM for user space for the WAAS
Mobile server, by adding the /3GB option to the appropriate line, as follows:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Enterprise"
/fastdetect /3GB
IMPORTANT: When deploying with a Windows 32-bit OS, memory
management must be properly configured to achieve desired server
performance.
8.
Read the Release Notes.
Cisco WAAS Mobile Administration Guide
9
WAAS Mobile Server Installation
Installation of the WAAS Mobile Server Software
1.
To perform the procedures in this section, you must be logged into the server computer
as a user with administrator privileges.
2.
Install the WAAS Mobile server as follows:
3.
Verify that IIS is running.
NOTE: WAAS Mobile installs on IIS port 80.
4.
Download software from link provided by Cisco.
5.
Install server software by double clicking on the ServerSetup.exe file.
NOTE: WAAS Mobile requires that the inetpub directory be configured on the C:
disk partition.
NOTE: WAAS Mobile Manager cannot be installed on a Windows Domain
Controller.
6.
When the installation completes, a browser window will open and display the WAAS
Mobile Manager Login page. If this page does not open automatically or if you receive
an error, verify that IIS permissions are set correctly.
NOTE: It may take some time to load the page for the first time.
7.
Before proceeding, read the Release Notes thoroughly.
Starting a 30-Day WAAS Mobile Evaluation
1.
Login to the WAAS Mobile Manager using the following default credentials:
•
Username: admin
•
Password: default
2.
Select the IP address that the client PCs will use to connect to this server from the drop-down
list of IP addresses that have been configured on this server.
3.
Check the “Start 30 Day Evaluation” checkbox
Figure 1 Starting a 30-Day Evaluation
4.
10
Click “Submit” to start the 30-day evaluation.
Cisco WAAS Mobile System Installation
•
The server will be started automatically.
•
A default client distribution will be generated automatically, and a link to that software
will be posted at the top of the WAAS Mobile Manager window.
•
Click on the hyperlink at the top of the page to download and install the client software
on the test PCs.
Starting Up WAAS Mobile in a Production Environment
1.
2.
Login to the WAAS Mobile Manager using the following default credentials:
•
Username: admin
•
Password: default
Verify that the “Start 30-Day Evaluation” checkbox is not checked.
Figure 2 Starting Up WAAS Mobile in a Production Environment
3.
For each acceleration server that you wish to deploy, obtain license key(s) by going to
http://www.cisco.com/go/license and inputting the Product Authorization Key (PAK) and
Media Access Control (MAC) of one of the NIC cards on the server. Cisco will then send you
an email with a key that is affliated with the PAK, server MAC, and the number of client user
licenses you have purchased.
IMPORTANT: If your server is running on a virtual machine, a change to the
Media Access Control (MAC) address may cause your license key to fail.
License keys are affiliated with MAC addresses, so try to preserve it when
moving the WAAS Mobile server to a different virtual host. In the case where
this is not possible, a new key will be required to re-host the WAAS Mobile
server. Please contact the Cisco Licensing team
(http://www.cisco.com/go/license) with your new Virtual NICs MAC address
to obtain new keys prior to re-hosting your application
IMPORTANT: The NIC hosting the designated MAC address must be active in
order for the license to be recognized.
4.
Enter the license key sent in the license.dat attachment on the Configure > Manager >
Licenses page by selecting a server and then selecting “Edit License Key.”
Cisco WAAS Mobile Administration Guide
11
Figure 3 Enter License Information
NOTE: Licenses that are issued for evaluation and test purposes have an
expiration date.
5.
Verify Delta Cache size and location by navigating to the Configure > Servers > Acceleration
> Delta Cache page.
IMPORTANT: Before starting the server for the first time, verify the size and
location of the delta cache.
•
By default, the delta cache is placed on the same disk partition as the server. For many
deployments, it may be preferable to place the cache in its own RAID 5 partition.
•
By default, WAAS Mobile will attempt to configure a 50 GB cache. To support this, the
server should be provisioned with at least 80 GB capacity and 2 GB RAM.
IMPORTANT: If the minimum disk space is not available, then delta caching
will not be supported and acceleration performance will be limited to transport
optimization and compression.
NOTE: The minimum server delta cache that may be configured by the
administrator is 5 GB.
6.
Configure Client Distributions as described in the section entitled WAAS Mobile Client
Installation below.
7.
Start the Server(s). Navigate to the Manage > Servers page, select the server(s) to be started,
and click the Start button.
Uninstalling the WAAS Mobile Server Software
To uninstall the WAAS Mobile server software:
1.
From the Control Panel,
•
On Windows Server 2003, double-click Add or Remove Programs.
•
On Windows Server 2008, double-click Programs and Features
2.
Select Cisco WAAS Mobile Server from the list, and click the Change button.
3.
The server software will be removed from the system.
12
Cisco WAAS Mobile System Installation
Upgrading the WAAS Mobile Server Software
To upgrade the WAAS Mobile server software:
1.
Stop the Server(s). Navigate to the Manage > Servers page, select all servers, and click the
Stop button.
2.
Install the new software version; the previous version will be automatically uninstalled and
your current configuration will be automatically saved and reloaded.
3.
The client software will be upgraded automatically, as described in the “Automatically
Upgrading WAAS Mobile Client Software” section below.
IMPORTANT: All servers managed by the Manager must run the same release
version, and must be upgraded at the same time.
Cisco WAAS Mobile Administration Guide
13
WAAS Mobile Client Installation
Initial Installation of the WAAS Mobile Client Software
The first time the administrator logs into the WAAS Mobile Manager, it creates a “default” client
distribution that may be distributed to end users. Links to the client distribution page
(Configure > Clients > Software ) are available on the dashboard and for evaluations, a link is
posted at the top of the Manager page.
NOTE: For best operation, do not install the client software on the WAAS Mobile
server machine.
While this default configuration covers the most common use cases, it may be necessary or
desirable to tune the configuration or create additional client distributions to meet the needs of
different user groups, as described below.
Creating a Client Distribution
Go to the Configure > Clients > Software page. Note that a default client distribution has been
created. On this page, the following actions can be taken:
•
Add. Creates a new client distribution. When a client distribution is added, the software
package is created, and a link to this software is placed in the table.
•
Remove. Removes the selected client distribution.
•
Edit. Modify the name or server IP associated with the client distribution.
•
Copy. Creates a new distribution by cloning the parameters associated with the selected
client distribution.
Configuring a Client Distribution
Prior to distributing the client distribution file, the administrator may wish to modify the default
configuration for specific user populations, applications, or networks, as discussed in CHAPTER
7. For many installations, the default settings provide the appropriate configuration, and
additional configuration may not be necessary.
NOTE: Parameters associated with a Client Distribution can be modified by
navigating to the other pages under Configure > Clients and selecting the
distribution to be modified from the pull-down menu at the top.
NOTE: The administrator may modify the client distribution after users install it;
clients will automatically update their configurations the next time they connect
to the server.
Distributing and Installing a Client Distribution
Client Distributions may be distributed to clients by
•
14
Emailing the “Client Software” link located on the Distributions tab of the
Configure > Clients > Software page to users for them to download and install the
Cisco WAAS Mobile System Installation
software. This mode is typically used during evaluations to send the software to
specific test users and requires that the users have administrative rights to their PC.
•
Distributing and installing the software via enterprise software distribution tools
(e.g., Microsoft SMS or Active Directory, IBM Tivoli, or Computer Associates
Unicenter).
o
Distribute the .msi that can be downloaded from the “Client Software” link,
or
o
To manage the assignment of client distributions to computers via Active
Directory, go to the Active Directory tab
ƒ
Distribute the Unconfigured Client Software Package (.msi) and
ƒ
Use the auto-generated Administrative Template (.adm) file to
specify Active Directory group policies that map sets of Client
Distribution names and server IP/hostnames to Active Directory
groups.
NOTE: Active Directory group polices should be defined for
machines (HKLM) versus users (HKCU).
Automatically Upgrading WAAS Mobile Client Software
The automatic upgrade feature enables WAAS Mobile client software to be automatically
upgraded when the server software is upgraded. When the WAAS Mobile client connects to the
server, it will detect that a new software version is available and automatically download and
install it. This feature is enabled by default. To disable automatic upgrades, navigate to the
Configure > Clients > Software page, select the Upgrades tab, and un-check the Enable
Automatic Upgrades checkbox.
Cisco WAAS Mobile Administration Guide
15
CHAPTER 4.
Getting Started With The Cisco WAAS Mobile
Manager
The Cisco WAAS Mobile Manager provides a central management and configuration facility for
all Cisco WAAS Mobile servers and clients.
Manager Functionality
Via the Manage menu, administrators may monitor system, server, and client performance,
control servers and individual users, and diagnose issues affecting any server or client, as
follows:
•
Dashboard. The dashboard provides a summary of system health and status, with
hyperlinks to pages where any needed actions should be performed. The dashboard also
provides a system-level summary of usage and bandwidth savings versus time.
•
Performance. View acceleration performance and traffic characteristics at the system level,
server farm level, or client level across the time range of interest.
•
Monitoring. View server resource utilization statistics from across all servers and drill
down to view how individual servers are performing.
•
Servers. View the health of all servers and drill down to control individual servers.
•
Clients. View the performance and diagnose client issues of any accelerated client.
•
Events. View the aggregated server event logs from all servers, and drill down by
severity, timeframe, and server.
•
System Reports. View the aggregated system reports from all servers and clients.
•
Backup and Restore. Export or import system configurations or the statistics database or
restore factory settings.
Via the Configure menu, administrators may:
•
Apply Settings. View pending configuration changes and apply them to the system.
IMPORTANT: Unless otherwise noted, configuration changes do not take effect
immediately. When an administrator changes a parameter including the
addition or modification of a license, the new settings are not activated until they
are applied.
•
Configure the Manager
o
Select the Management Authority. Select the server that will assume the Manager
role.
IMPORTANT: Only one server should be nominated to assume the Manager
role.
16
Getting Started With The Cisco WAAS Mobile Manager
NOTE: Upon initial startup, the Manager is configured to manage a single, local
server. The Management Authority page allows the administrator to select a
remote Manager for this server. When managed by a remote Manager, the local
management GUI becomes inactive.
o
•
Add Servers and assign them to Server Farms, and configure Licenses and Passwords.
Configure the Server(s). Define server profiles, acceleration, networking, and diagnostics
policies, server capacities, and security configurations.
NOTE: Servers are not configured at a device level, but rather via group policies
called server profiles. Configuration parameters are applied to server profiles,
which in turn are mapped to individual servers.
IMPORTANT: On each server configuration page, before modifying server
profile parameters, select the profile that is to be modified from the drop-down
list at the top of the page.
•
Configure the Clients. Define client distributions, acceleration, networking, and diagnostics
policies, and the user interface configuration.
NOTE: Clients are also not configured individually, but via policies that are
associated with client software distributions or Active Directory group policies.
When client configuration changes are applied, the deployed clients are
automatically updated the next time they connect to the server.
IMPORTANT: On each client configuration page, before modifying client
distribution parameters, select the distribution that is to be modified from the
drop-down list at the top of the page.
Applying Configuration Settings
WAAS Mobile configuration changes are not applied to servers and clients until the “Apply
Configuration Changes” button is clicked on the Configure > Apply Settings page.
All Server settings and Client settings are applied when “Apply Configuration Changes” is
selected; settings for the Manager are applied as follows:
•
Settings that are applied by “Apply Configuration Changes”: Settings on the Server farm page
and the password.
•
Settings that are applied via a control on the page where they are entered: Settings on the
Management authority, licenses, properties pages.
Cisco WAAS Mobile Administration Guide
17
When a new configuration is applied, both the server and client configurations are pushed to the
servers. When a client starts an acceleration session, it checks with the server to see if there is a
pending configuration change, and updates its configuration as needed.
The Configure > Apply Settings page provides the administrator with the ability to analyze the
pending configuration changes:
•
Client distribution changes. Most changes do not require that the servers be restarted, so
applying client distribution changes does not automatically restart the servers.
•
Server profile changes. Applying changes will result in servers associated with the
changed profile being automatically stopped and restarted.
NOTE: Servers will automatically be restarted when their server profiles are
updated.
Server and client configurations are implemented via registry key settings. The change summary
shows how these keys will be modified, as follows:
•
“+”(Plus sign). Registry key and value will be added.
•
“-“ (Minus sign). Registry key and value will be deleted.
•
“>” (Greater-than sign). Old value.
•
“<” (Less-than sign). New value
Figure 4 Applying System Settings
18
Getting Started With The Cisco WAAS Mobile Manager
CHAPTER 5.
Configuring the Cisco WAAS Mobile Manager
The Cisco WAAS Mobile Manager is configured by the Configure > Manager menu, which
includes the following selections:
•
Management Authority. Select whether the server is the Manager or will be managed
remotely.
•
Managed Servers. Identify the servers that will be managed. These servers are also
referred to as worker servers.
•
Licenses. Centrally manage licences.
•
Farms. Identify the servers to be managed and group servers into server farms.
•
Password. Change the Manager password.
•
Properties. Modify system update intervals, time-outs, etc.
Establishing the Management Authority
Any server may assume the role of the Manager. The server hosting the Manager may also
provide acceleration server functionality, or for large deployments, a stand-alone Manager may
be deployed. By default, the server starts up assuming the Manager role, which is appropriate
for single-server deployments.
When multiple servers are deployed, a single Manager must be identified.
IMPORTANT. When more than one server is being deployed, one of the servers
must be configured as the central manager.
On every server except the server running the Manager, select “Manager is Remote” on the
Configure > Manager > Management Authority page and enter the IP of the remote Manager.
Once this selection has been made, the local menu on the server will be grayed out and the server
may only be managed remotely from the central manager.
Defining the Servers to be Managed
The servers that are to managed by the Manager must be identified to the Manager via the
Configure > Manager > Managed Servers page.
To add a server, click on “Add Server” and enter:
•
Public IP. The IP address that clients will use to reach the server
NOTE: Only acceleration servers should be entered in the server table. When
configuring a stand-alone Manager (i.e., a server that runs as a Manager but does not also
run as an acceleration server), remove it from this table.
Cisco WAAS Mobile Administration Guide
19
Additionally, when configuring a stand-alone Manager, configure the server IP used by
the client distributions (on the Distributions tab of the Configure > Clients > Software
page) to be the IP address of an acceleration server.
NOTE: Only enter a server’s public IP once in the Managed Servers table.
•
Management IP. The IP address that the Manager will use to reach the server. If this
field is left blank, the Manager will use the Public IP.
o
By setting a separate management IP address, administrators can isolate the
management network from the clients.
•
License key. The client license key may be entered on this page or on the Configure >
Manager > Licenses page.
•
Farm. Each server must be mapped to a server farm. Server farms are used to map
acceleration servers to accelerated networks and to define failover and load balancing.
Farms must first be defined on the Configure > Manager > Farms page. By default, the
server will be mapped to DefaultFarm.
NOTE: When deploying a single server, it is not necessary to define server farms.
•
Profile. Each server must be mapped to a server profile, which is a configuration policy.
Server profiles must first be defined on the Configure > Servers > Profiles page.
Pooled Client Licensing
WAAS Mobile licenses are managed centrally as a pooled resource. A connected user consumes
a single license, no matter how many servers with which it establishes acceleration sessions.
When all licenses are in use, no new users sessions will be accepted, and those users will not be
accelerated. License usage may be monitored via the Dashboard and via the Active Users graph
on the Manage > Servers > Statistics page.
One or more servers should be provisioned with client licenses. Before a client will accelerate
traffic, it must be granted a license from one of these servers.
Client licenses should be entered on the Configure > Manager > Licenses page. When “Submit”
is clicked, the licenses will be immediately pushed to the servers.
NOTE: Once licenses have been applied, the servers are automatically restarted.
Servers that are not granting servers may be started via the Manage > Servers
page.
Clients obtain WAAS Mobile licenses from servers as follows:
20
•
The first time the client starts, it will attempt to get a license from the server specified in
the client distribution.
•
The next the client starts, the client will first attempt to get a license from the servers it
accessed most recently for acceleration.
Configuring the Cisco WAAS Mobile ManagerError! Reference source not found.
•
If a client is unable to obtain a license from any of the servers it most recently used, it will
proceed to search through the farms to find a license. The client will continue to do this
until a license becomes available.
A server will not grant a client license if
•
The server is unavailable.
•
The server has exceeded its license capacity.
•
The server has exceeded its session capacity. See the Configuring Server Capacity section
of this document for more information.
In the event that a license granting server fails
•
All users that have license-granting sessions to that server will attempt to get a license
from another server to which they are also connected, so that acceleration can continue
without the user being disconnected.
•
If that fails, the client session will be temporarily disconnected while the client searches
for a new license from other servers.
•
In the event that a client is unable to obtain a license, its traffic will not be accelerated.
Configuring Server Farms
A Server Farm is a group of servers that:
•
Accelerates the same set of subnets.
•
Load balances client connections and automatically fails over these connections to
another server in the farm in the event of a failure.
Defining Server Farms
All servers need to be assigned to server farms. When a single server is deployed, it is
automatically mapped to DefaultFarm, so a manual assignment is not required.
1.
Before a server may be mapped to a farm, the farm name must be defined on the
Configure > Manager > Farms page by clicking on “Add Farm” and entering a farm
name.
2.
To then map the server to a farm, drag and drop the server IP onto the farm.
NOTE: Servers placed in the same farm should be geographically co-located and will
accelerate the same set of destination subnets.
High Availability
To configure high availability within a server farm, administrators may employ load balancing or
hot/standby server configurations.
•
For load balancing, place all load balanced servers into the same farm. No additional
configurations are required.
•
For hot/standby servers, place the hot servers and standby servers in separate farms, and
create pairs of rules that map all subnets and hosts to both farms. The first rule
encountered will select the hot server farm. If that farm is not available, the next rule will
select the standby server farm.
Cisco WAAS Mobile Administration Guide
21
Load Balancing Methods
The following load balancing methods may be configured for each farm via the Farm Options tab
on the Configure > Manager > Farms page:
Client-based Load Balancing. Recommended for best performance.
•
Load balancing and failover are performed by client-side logic as follows: The first time
a client forms an accelerated connection to a farm, it randomly selects a server. On
subsequent accesses, it will first attempt to connect to that server in order to reap the
benefits of Persistent Sessions and/or Delta Caching. If the server cannot accept the
connection either because it has reached its capacity limit or is unavailable, the client will
attempt to connect to another server. The client will make up to three attempts to reach a
server in the farm and then failover to a backup farm.
Layer 7 switch load balancing.
•
The clients address the farm via the Virtual IP (VIP), and the Layer 7 switch selects a
server.
NOTE: Select the farm from the drop-down menu before configuring the load balancing
option.
Internet Gateway Identification
To enable the client to auto-detect the best Internet gateway to use the administrator should
specify which Server Farms that are hosted at locations that also provide Internet Gateways by
navigating to the Farm Options tab of the Configure > Manager > Farms page, selecting the farm
from the drop-down menu, and checking the “This Farm has an Internet gateway” checkbox.
Changing the Manager Password
The Manager password may be modified via the Configure > Manager > Password page.
“Apply Settings” to have password changes take effect.
NOTE: Changes to the Manager password affect the Manager and all servers
managed by the Manager.
Changing Manager Properties
The administrator may modify the following Manager properties via the Configure > Manager >
Properties page:
22
•
Server Monitor Interval. By default, the Manager polls the servers for status every 15
seconds.
•
Client Monitor Interval. By default, the Manager updates client data every 5 minutes.
•
Form timeout. By default, the Manager GUI times out after 10 minutes of inactivity.
Configuring the Cisco WAAS Mobile ManagerError! Reference source not found.
CHAPTER 6.
Configuring Cisco WAAS Mobile Servers
Servers are configured via group policies called server profiles which are defined and configured
via the Configure > Servers menu, which includes the following selections:
•
Profiles. Define server profiles and map them to servers.
•
Acceleration. Configure HTTP optimization and delta cache parameters
•
Networking. Specify addressing option to be used by the server when accessing
destination servers.
•
Diagnostics. Configure server diagnostic features and email alerts.
•
Capacity. Configure session and storage capacity limits.
•
Security. Specify user access control list.
All servers are initially mapped to a “Standard” server profile which may be modified to meet
requirements. A single profile may suffice in many cases. Multiple profiles will be needed for
the following scenarios:
•
There is a mix of server capacities, where servers are provisioned with different RAM,
CPU, and/or disk capacitities. Separate profiles should be created for each server
configuration.
•
Client IP aliasing is configured. Each farm must be aliased to different IP ranges, so
separate sets of profiles must be generated for each farm.
•
Client IP preservation is configured. Each server will require a separate profile.
•
There is a need to manage the configuration of server parameters in one farm differently
than in other farms.
Configuring Server Profiles
Server profiles are defined and mapped to servers on the Configure > Servers > Profiles page.
NOTE: Before a server profile can be applied to a server, the server needs to be defined
in the Manager. This may be done by entering the Server IP address via the Configure >
Manager > Managed Servers page.
Create server profiles using the “Server Profiles” table, via the following commands:
•
Add. Creates a new server profile. Once a server profile has been added, servers may be
mapped to it.
•
Remove. Deletes the selected server profile.
•
Edit. Modifies the name of the selected server’s profile.
•
Copy. Creates a new server profile by cloning the parameters associated with the selected
profile.
Servers may then be mapped to server profiles in the “Map Servers to Server Profiles” section by
dragging and dropping the server IP onto the appropriate profile.
Cisco WAAS Mobile Administration Guide
23
Configuring Server Acceleration
The following paragraphs describe the configuration options available on the Configure >
Servers > Acceleration page.
NOTE: Before configuring server profile acceleration parameters, select the desired
profile from the drop-down menu at the top of the page.
Configuring the Server Delta Cache
The server delta cache may be configured via the settings on the Delta Cache tab on the
Configure > Servers > Acceleration page, as described in the table below.
Table 6 Delta Cache Settings
Delta Cache Size in GB
Enter the desired server delta cache size. The default delta cache
size is 50 GB. See Appendix A for minimum delta cache sizing
guidelines.
Delta Cache Location
Enter the desired server delta cache location. The default pre-set
setting for software installations is to place the delta cache in the
All Users area.
Enable HTTPS Caching
Enables caching of data received via HTTPS. This feature should
be enabled when HTTPS acceleration is enabled. This feature is
enabled by default.
Enable Cache Encryption
Enables encryption of the server delta cache. Delta cache
encryption is disabled by default. Encryption pre-requisites are as
follows:
In a domain environment, Group Policy must be set up with a
Data Recovery Agent and valid X.509 certificate, and the
policy(ies) must be configured to allow users to encrypt files
using EFS. For additional information, on configuring a Data
Recovery Agent, see HTTP://technet.microsoft.com/enus/library/cc778448.aspx
Configuring HTTP Optimization Settings
Most HTTP optimization settings are configured as part of the client distribution, with the
exception of HTTP pre-fetching settings, which are configured via the HTTP tab of the Configure
> Servers > Acceleration page. HTTP prefetching is a server-side acceleration technique that
models browser-to-web server behavior to predict and actively pre-fetch web objects prior to
being requested.
24
Configuring the Cisco WAAS Mobile ManagerError! Reference source not found.
Table 7 HTTP Prefetching Settings
Enable Prefetching
HTTP prefetching is enabled by default. Check the checkbox to
disable it.
Files with the following
extensions will not be
prefetched
Provide a semicolon-separated list to prevent prefetching specific
file types from all hosts. By default, the following file types are not
prefetched: php, php3, php4, cgi, pl, asp, cfm, jsp, exe, dll, swe,
aspx.
Files from the following
hosts will not be
prefetched
Provide a comma-separated list to prevent prefetching from specific
host names. Do not leave any spaces between hostname entries.
Configuring HTTPS
In SSL communication, the secure server provides its certificate to the client; the client decides if
the certificate represents the server and is trusted. When accelerating HTTPS with WAAS Mobile,
the secure server’s certificate is reissued by the WAAS Mobile server, and it is the reissued
certificate that the client compares with expectations. The WAAS Mobile server acts as a
certificate authority (CA) to perform the reissuing function. There are two main scenarios:
•
The WAAS Mobile server CA is a root authority (i.e., it is self-signed).
•
The WAAS Mobile server CA is a subordinate authority (i.e., its certificate is issued by
another CA).
In production deployments, it is recommended that the WAAS Mobile server be configured as a
subordinate CA, as follows:
•
In the server profile of each server that will be supporting HTTPS acceleration, enable the
use of a Subordinate CA via the HTTPS tab on the Configure > Servers > Acceleration
page.
•
Apply the updated server profile to the servers via the Apply Settings page; the servers
will automatically be restarted.
•
The server will generate a certificate request file named “<hostname>.req” and place it in
the C:\WINDOWS\system32 folder.
•
Submit the .req file to your Enterprise Certificate Authority (Enterprise CA) to get a
subordinate CA certificate file.
•
Import the certificate into the local machine (not user) store on the WAAS Mobile server
machine.
•
Restart the WAAS Mobile server.
•
Repeat this procedure for each server.
NOTE: The Root Authority for the Enterprise CA must be in each user’s trusted
store on each client machine.
Cisco WAAS Mobile Administration Guide
25
Configuring Server Networking
IP Addressing Options
TCP connections between clients and servers consist of three segments:
•
Client application to WAAS Mobile client connection (local)
•
WAAS Mobile client to WAAS Mobile server connection (WAN)
•
WAAS Mobile server to application server connection (LAN)
The Configure > Servers > Networking page allows the administrator to control how the WAAS
Mobile servers assigned to each profile will address upstream application servers. Three
addressing modes are provided:
•
Use Server’s IP. TCP connections from the WAAS Mobile server to the application servers
use the IP address of the WAAS Mobile server as the Source IP address. (The WAAS
Mobile server checks the Windows Operating System’s routing table to determine the
NIC through which data will be sent.) This is the default addressing mode.
•
Use Client IP preservation. TCP connections from the WAAS Mobile server to the
application servers use the IP address of the WAAS Mobile client as the Source IP
address. When using this mode, traffic from the application servers will be addressed to
the client Source IP and must be redirected to the WAAS Mobile server via an external
Layer 4 switch.
NOTE: The layer 4 switch must be configured to return traffic upstream via MAC
address. Depending on the switch vendor, this feature may be referred to as MAC
stickiness, return-to-sender, nPath, or direct server return.
NOTE: A separate NIC should be used for IP preservation. Verify that the NIC
supporting IP preservation on the WAAS Mobile server has been configured with
Receive Side Scaling disabled and with TCP Checksum Offload disabled. These options
are configured as part of the NIC Advanced Options.
To utilize the IP preservation feature:
1.
Install the IP preservation driver on each WAAS Mobile server for which IP
preservation is to be employed.
a.
Stop the server(s).
b. Run the IP driver installer msi file, which is located in
i. Windows Server 2003: C:\Program Files\Cisco
Systems\WAASMobileServer\IP Preservation Driver\
ii. Windows Server 2008: C:\Program Data\Cisco
Systems\WAASMobileServer\IP Preservation Driver\
c.
2.
Configure IP preservation via the Manager
a.
26
Start the server(s)
Enter the IP address of the network interface that is facing the LAN.
Configuring the Cisco WAAS Mobile ManagerError! Reference source not found.
NOTE: A separate profile should be created for each server for which IP
preservation is enabled, as the server IP address configured for IP preservation
will reference a single server.
•
Use Client IP aliasing. A pool of aliased IP addresses are created on the WAAS Mobile
server, each of which have a static 1:1 mapping to a client Source IP address. TCP
connections from the WAAS Mobile server to the application server use the aliased
server address as the Source IP address. In this mode, each client Source IP address is
presented as a unique aliased address to the upstream application servers.
Client IP aliasing is configured as follows:
Table 8 Configuring Client IP Aliasing
Public Network Interface
Name
Name of the network interface that the server is using for aliasing.
(e.g., Local Area Network)
Client Source IPs
For each address range, enter the <ClientIP addresslowaddress1>
and the <ClientIPaddresshighaddress1>
Server Source IPs and
Subnet Masks
For each address range, enter the <ServerIP addresslowaddress1>
and the <ServerIPaddresshighaddress1> and the mask that will be
applied to the network interface.
NOTE: The number of client addresses, when summed across all
ranges must equal the number of server addresses.
Server Source IP for
Unmapped Client IP
addressess
In the event a client accesses the server with a source address that
does not fall within the specified Client Source IP, it will be mapped
to this address.
Configuring Server Diagnostics
Cisco WAAS Mobile has a sophisticated diagnostic system which sends detailed system
reports— from either or both the client and the server—when requested by the end user or
administrator or when abnormal behavior is detected in the acceleration system.
Contents of a System Report
A System Report is a .cab archive several files, including the following:
•
Description.txt: This file contains the problem description entered by the end user when
the system report was generated. Administrators should encourage users to enter a
comprehensive and detailed description of the actions that led up to the issue that was
observed.
Cisco WAAS Mobile Administration Guide
27
•
Blackbox.txt: This file contains a wealth of information about the machine from which
the report was sent including other software running, networking configuration, as well
as the WAAS Mobile software configuration. This information is often very useful for
troubleshooting configuration or connectivity issues.
•
CustomInfo.xml: This contains information about the user sending the report, including
the User Name with which they logged onto the system.
•
Instrument.dat: This file contains instrumentation data about what happened on the
machine in the time leading up to the triggering of the report.
NOTE: System reports may only be analyzed by the Cisco Technical Assistance
Center (TAC). Cisco technicians use these reports to validate configuration
settings, inspect performance, and perform advanced troubleshooting and
diagnostics.
Triggering System Reports
When system reports are generated for clients, a set of reports is generated – one from the client
plus one from each server to which the client is connected. These system report sets may be
generated as follows:
•
Administrator-generated reports are generated via the Manage > Clients page.
•
End-user generated reports are generated by right-clicking the desktop icon and selecting
System Report. This capability is enabled by default but may be disabled via the
Configure > Clients > User Interface page.
System reports for specific servers may also be generated via the Manage > Servers page.
Server Diagnostics Settings
Before configuring server diagnostics parameters, select the desired profile from the drop-down
menu at the top of the Configure > Servers > Diagnostics page.
Table 9 Server Diagnostics Settings
System Reports URL
Identifies the WAAS Mobile worker server where the server system
reports are sent and stored. When the value is “default,” system
reports generated by the worker server are stored on that worker
server.
To post system reports to another server, enter:
HTTP://<serverip>/SystemReportsReceiver/ReportReceiver.ashx?
•
<server-ip> is the address of the WAAS Mobile server that is
going to receive the system reports
•
The “?” is required at the end of this path
The Manager provides an integrated view of all system reports from
all servers, which may be viewed via the Manage > System Reports
page.
28
Configuring the Cisco WAAS Mobile ManagerError! Reference source not found.
NOTE: System reports are posted to one of the following
locations on the specified WAAS Mobile server, depending on
the type of system report that is genererated.
On Windows Server 2003 and 2003 R2:
C:\Documents and Settings\All Users\Application Data
\Cisco\WAASMobile\Inbox, or to
C:\Documents and Settings\All Users\Application Data
\Cisco\WAASMobile\Exceptions
On Windows Server 2008 and 2008 R2:
C:\ProgramData\Cisco\WAASMobile\Inbox, or to
C:\ProgramData\Cisco\WAASMobile\Exceptions
NOTE: System reports are transmitted from the client to the
worker servers over port 80.
NOTE: The server that receives the system reports must be
defined as a server on the Configure > Managed Servers page.
System Reports
Directory
Identify the directory for the system reports inbox if a location other
than the default is desired. The amount of storage allocated for
server system reports may be configured via the Configure >
Servers > Capacity page. The default location is:
On Windows Server 2003 and 2003 R2:
C:\Documents and Settings\All Users\Application
Data\Cisco\WAASMobile\Inbox.
On Windows Server 2008 and 2008 R2:
C:\ProgramData\Cisco\WAASMobile\Inbox.
Enable E-mail Alert
Enables e-mail alerts when system reports are created.
From
Name of sender.
To
Name(s) of recipients.
Subject
Email subject
Frequency in
minutes
How often e-mail alerts are sent.
Outgoing mail
server (SMTP)
Name of SMTP server used to deliver alerts.
Cisco WAAS Mobile Administration Guide
29
Port
Port to use for outgoing mail.
Enable SSL
Enables SSL security.
User Name
SMTP server user name credentials.
Password
SMTP server password credentials.
Enable Network
Monitoring
If checked, enables packet captures to be included in system reports.
Accessing System Reports
System Reports may be downloaded from the WAAS Mobile Manager by navigating to Manage
> System Reports.
Configuring Server Capacity
Before configuring server capacity settings, select the desired profile from the drop-down menu
at the top of the Configure > Servers > Capacity page.
Session Capacity
Enter the maximum number of accelerated client sessions
that the server will support.
System Reports Storage Limit
2000 MB, default allocation. When the storage limit is
reached, old reports are deleted to make room for new
reports.
Configuring Client Access Control
Client Access Control lists may be used to allow or deny acceleration to users based on their
source IP addresses. This function may be configured via the Configure > Servers > Security
page. Before configuring ACLs, select the desired profile from the drop-down menu at the top of
the page.
Access Control Settings support the deployment of WAAS Mobile in conjunction with WAAS
branch office appliances. This feature should be used to support users who access applications
and content via a combination of remote connections and fixed branch offices (e.g., laptop users).
Access Control settings allow administrators to disable WAAS Mobile acceleration for subnets on
which WAAS or other acceleration appliances have been deployed by including them in the
“Deny List” so that they are not accelerated by WAAS Mobile.
Table 10 Access Control Settings
30
Configuring the Cisco WAAS Mobile ManagerError! Reference source not found.
Access Control List
Type
When the Access Control List is enabled, administrators may specify
which client IP sub-networks should be accelerated or denied.
Allow List/Deny List
If Allow List is selected, then any client connecting with an IP in any
of the sub-networks added to the allow list will be accelerated.
If the client is connecting from an IP not in one of the ranges, then the
software will disable itself and the user will not experience
acceleration and all traffic will bypass WAAS Mobile completely.
In deployments where WAAS Mobile is provisioned for VPN users
and WAAS appliances are provisioned for the branch workers, the
Allow List may be configured with the VPN IP range to ensure that
WAAS Mobile is only used when users connect remotely.
Alternatively, as described below, a deny list may be used instead.
If Deny List is selected, the list of sub-networks serves as a
“blacklist”, indicating the client IP addresses that will NOT be
accelerated. Enter all subnets accelerated by Cisco WAAS appliances
here.
WAAS Mobile Security
Control Channel Encryption
WAAS Mobile encrypts the initial TCP exchange on port 1182 between the client and the server
using a public/private key exchange.
Data Channel Encryption
By default, the data traffic between the WAAS Mobile client and WAAS Mobile server is not
encrypted. In most deployments, the client-server traffic is encapsulated in a VPN, so an
additional level of encryption is not required. However, if strong encryption is required for your
deployment, please contact Cisco Technical Assistance Center (TAC) who will confirm that you
meet US export requirements and then provide you with an additional license key (a Security
License Key) for enabling strong link encryption, following the process described below:
1.
Once export approval has been granted, obtain the following identification information
from the server and provide it to the Cisco Technical Assistance Center (TAC):
a.
MAC address
b. Unique ID. The Unique ID is obtained by running the following in a command
window:
C:\Program Files\Cisco Systems\WAASMobileServer\GetWinInstId.exe
The program will print a string that looks something like S-1-5-21-20734716931124288435-3808008820, which is the unique ID for this server.
2.
The Cisco Technical Assistance Center (TAC) will then send you a file called license1.dat.
Cisco WAAS Mobile Administration Guide
31
3.
Install license1.dat in the following folder:
For Windows Server 2003 and 2003 R2:
C:\Documents and Settings\All Users\Application Data\Cisco\WAASMobile.
For Windows Server 2008 and 2008 R2:
C:\ProgramData\Cisco\WAASMobile
4.
Stop and restart the WAAS Mobile server(s).
Delta cache encryption
The delta cache on both the client and server may be encrypted (see the Delta Cache tabs on the
Configure > Servers > Acceleration and Configure > Clients > Acceleration pages). When
encryption is enabled, the Windows Encrypted File System (EFS) is used to provide AES-256
encryption by default. When Windows is configured for FIPS 140-2 mode, encryption is 3DES on
Windows XP and AES-256 on Windows Vista and Windows 7.
Manager-client isolation
In larger deployments, it may be desirable to host the Manager on a dedicated server with a
firewall between the users and the Manager to prevent any user from having access to the server.
Since the Manager does not communicate directly with clients, but routes all communications
through a server, the central management platform can be completely isolated from the users.
Server management isolation
Server management may be configured on a separate IP that is only accessible via a management
LAN. Additionally, the server may be placed behind a NAT device, with Manager access over
private IPs and client access over public IPs.
Network monitoring
Network monitoring is enabled by default on the servers to support advanced troubleshooting,
and may be disabled via the Configure > Servers > Diagnostics page. When network monitoring
is enabled, network packet captures are included in the system report.
Access Control Lists
Client Access Control Lists may be used to allow or deny acceleration to specific IPs or subnets of
users.
32
Configuring the Cisco WAAS Mobile ManagerError! Reference source not found.
CHAPTER 7.
Configuring the Cisco WAAS Mobile Client
The Cisco WAAS Mobile client configurations are managed through the Configure > Client
menu, which includes the following selections:
•
Software. Manage client software distributions/policies.
•
Acceleration. Configure Accelerated Processes list, HTTP/HTTPS acceleration, file share
acceleration, and delta cache parameters.
•
Networking
o
Map subnets to be accelerated to acceleration server farms and identify subnets
to be bypassed.
o
Configure high speed bypass and persistent connections.
o
Define ports whose traffic should be bypassed.
•
Diagnostics. Configure diagnostic features for the client.
•
User Interface. Configure client interface preferences.
Configuring Client Software
Client Distribution Management
The Distributions tab on the Configure > Clients > Software page allows administrators to add,
copy, delete, and change properties for client distribution files.
On this page, the following actions may be taken:
•
Add. Creates a new client distribution. When a client distribution is added, the software
package is created, and a link to this software is placed in the table.
•
Remove. Deletes the selected client distribution.
•
Edit. Modifies the name or server IP associated with the selected client distribution.
•
Copy. Creates a new distribution by cloning the parameters associated with the selected
client distribution.
The fields in the Client Distribution table are described below:
Table 11 Client Distribution Configuration Settings
Name
The name assigned to the distribution by the administrator. A
default distribution is provided. It is recommended that changes be
made to a copy of this distribution.
Cisco WAAS Mobile Administration Guide
33
Client Software
This URL links to the Windows Installer (.msi) package associated
with this software distribution.
NOTE: This link will display the IP address via which the
server is currently being accessed. If the Manager is being
accessed via localhost, the URL will contain “localhost..”
Before distributing the link to this software, make sure that a
routable IP address is inserted in the URL.
Server IP
The address of the server to which the client will connect after the
software has been installed. After this initial connection, the client
will connect to acceleration servers based on information specified in
the Accelerated Networks tab on the Configure > Clients >
Networking page.
Created and Last
Modified
Time the client distribution was created and last modified.
Software Upgrade Management
Automatic upgrades, which are enabled by default, automatically upgrades the installed clients
when the server software is upgraded. Software upgrades typically require the end user to
reboot the computer to complete the installation and the Cisco WAAS Mobile client will be
inactive until the reboot is performed. This setting may be modified on the Upgrades tab on the
Configure > Clients > Software page.
Active Directory Management of Client Configurations
Instead of distributing different software distributions to different user groups, enterprises may
alternatively distribute a common software distribution to everyone and use Active Directory
group policies to assign users to “distributions.” (In this case, the term “distribution” refers to a
set of policies for a group of users instead of actual distributions.)
The files needed to support Active Directory management are posted on the Active Directory tab
of the Configure > Clients > Software page.
When using Active Directory management, distribute the .msi file to end users via standard
enterprise software distribution tools and then use the .adm file to configure the following
policies:
•
Autostart. The “unconfigured” .msi file does not start when Windows starts, enabling
administrators to distribute it broadly to end users and then selectively turn on the
software for select user groups.
•
Client Policy. Maps groups of end users to a specific client policy/distribution.
•
Server Name. The name and address of the server to which the client will connect when
the software runs for the first time. After this initial connection, the client will connect to
acceleration servers based on information specified in the Accelerated Networks tab on
the Configure > Clients > Networking page.
Tips for adding the WAAS Mobile Group Policies on the Windows Domain Controller:
34
Configuring the Cisco WAAS Mobile Client
•
Save the .adm file in the %SystemRoot%\inf directory (e.g., c:\Windows\inf).
•
Open AD, select Properties, select the Group Policy Tab, and Open.
•
Right-click on the OU (Organizational Unit) that corresponds to the template that is to be
applied and click Edit.
•
Right-click on Administrative Templates, select Add/Remove Templates, click Add, and
Open the WAAS Mobile adm file, then Close the Add/Remove Templates window.
•
In the GPO Editor window, select View > Filtering and clear the checkbox next to Only
show policy settings that can be fully managed, and then click OK.
•
Double click on the WAAS Mobile settings to bring up the Properties window. Verify
the properties settings are enabled.
Configuring Client Acceleration
The Configure > Clients > Acceleration pages provides configuration settings for selecting
which applications will be accelerated, for configuring protocol optimization settings for HTTP,
HTTPS, and file shares, and for configuring the client delta cache as described below.
NOTE: Before configuring client acceleration parameters, select the desired client
distribution from the drop-down menu at the top of the page.
Configuring the Accelerated Processes List
The Accelerated Processes tab on the Configure > Clients > Acceleration page defines a white
list of application processes that will be accelerated by the client.
On this page, the following actions may be taken:
•
Add. Add a new process to the white list.
•
Remove. Remove selected process from the white list.
•
Edit. Modify the selected process’ acceleration parameters.
•
Export. Export the Accelerated Process table to a .csv file.
•
Import. Import the Accelerated Process table from a .csv file
NOTE. When exporting and re-importing this table, confirm that all entries remain text.
For example, verify that the command line entries such as “-k LocalService” have not
been inadvertently modified.
Cisco WAAS Mobile Administration Guide
35
Figure 5 Accelerated Processes Table
Table 12 Accelerated Processes Settings
Process Name
Name of the process to be proxied.
Application Name
Common name for this application.
Min/Max Versions
Minimum and maximum version of the process that will be
accelerated. By default, all versions of the process will be
accelerated.
Command line
Use this field to specify command line options that are applicable to
the specified process.
For example, to enable acceleration of Microsoft SharePoint Explorer
View’s WebDAV protocol, the svchost.exe process with the “-k
LocalService” command option must be specified.
36
Configuring the Cisco WAAS Mobile Client
Acceleration Type
Select one of the following from the drop-down menu:
•
Normal Acceleration
•
Generic Acceleration
•
VoIP (RTP) Monitoring Only
•
Generic Acceleration with VoIP (RTP) Monitoring
Normal Acceleration includes application protocol optimizations,
differencing and compression, and transport optimizations.
Generic Acceleration includes differencing and compression and
transport optimizations.
VoIP Modes
VoIP modes enable soft phones to interoperate with WAAS Mobile
by reserving bandwidth for voice calls. This function works as
follows:
•
Link bandwidth is continuously measured.
•
When voice/video traffic associated with the identified
process is present, bandwidth is reserved.
•
If the link bandwidth is:
o
less than 142 kbps, 85% of the
bandwidth is reserved.
o
between 142 and 800 kbps, 120 kbps is
reserved.
o
greater than 800 kbps, 20% of the link is
reserved.
NOTE: The bandwidth and percentile thresholds
may be modified via registry key settings. Contact
the Cisco Technical Assistance Center (TAC) for
assistance in changing these settings.
•
When the voice/video traffic stops, the bandwidth
reservation ends.
•
VoIP (RTP) Monitoring Only provides bandwidth
reservation for the UDP traffic of the accelerated process.
•
Generic Acceleration with VoIP (RTP) Monitoring will
provide generic acceleration for all TCP connections from
the process while providing bandwidth reservation for the
UDP traffic.
NOTE: VoIP UDP traffic is not placed into the accelerated
connection and is not destined for the WAAS Mobile server.
Cisco WAAS Mobile Administration Guide
37
Auto Reset Connection
Acceleration of certain applications does not begin immediately if
Cisco WAAS Mobile starts after the application has established TCP
connections. If the Auto Reset Connection is enabled for a given
process, then when WAAS Mobile starts, it will terminate the TCP
connection(s) for that process so that when the process reconnects, it
is accelerated.
Auto Reset Connection is typically enabled when optimizing
dynamic web applications (e.g., SharePoint).
Configuring HTTP Optimization
HTTP optimizations are configured via the HTTP tab on the Configure > Clients >
Acceleration page.
Table 13 HTTP Settings
Additional HTTP Ports
By default, HTTP traffic on ports 80 and 8080 are accelerated. To
accelerate HTTP traffic on other ports, add them to this list. Port
numbers should be separated by commas with no spaces.
Configuring HTTPS Optimization
HTTPS optimizations are configured via the HTTPS tab on the Configure > Clients >
Acceleration page.
Table 14 HTTPS Settings
Enable HTTPS
Acceleration
By default, HTTPS traffic is not accelerated.
When HTTPS acceleration is enabled, the default configuration uses a
self-signed certificate to provide acceleration for web traffic that uses
Microsoft Internet Explorer or that uses the Microsoft certificate store
API (e.g., Google Chrome) or that uses the Oracle certificate store.
In production deployments, it is recommended that the Cisco WAAS
Mobile server be configured as a Subordinate CA. (See “Configuring
HTTPS”.) This will not only ensure that trusted enterprise
certificates are used, but will enable Cisco WAAS Mobile to
accelerate HTTPS from browsers that don’t use the Microsoft
certificate store (e.g., Firefox) and from other applications.
IMPORTANT: When enabling HTTPS acceleration, it is
recommended that HTTPS delta caching be enabled on the
server (go to the Delta Cache tab on the Configure > Servers
> Acceleration page.
NOTE: When enabling HTTPS acceleration, it may be
desirable to encrypt the delta cache on the server and client.
38
Configuring the Cisco WAAS Mobile Client
To encrypt the server delta cache, go to the Delta Cache tab
of the Configure > Servers > Acceleration page. To encrypt
the client delta caches, go to the Delta Cache tab of the
Configure > Clients > Acceleration page.
NOTE: The traffic between the client PC and the acceleration
server is unencrypted by default for export control purposes.
To enable link encryption and provide an additional layer of
security above what is provided by your users’ VPN, contact
your Cisco sales representative to obtain a Security License
Key. Follow the instructions in the WAAS Mobile Security
section of CHAPTER 6 to install the key.
Accelerate All HTTPS
Sites
All HTTPS traffic will be accelerated if this radio button is selected.
Accelerate Inclusion
List
HTTPS acceleration can be restricted to accelerate intranet sites only
by selecting the Accelerate Inclusion List and adding the IP
addresses of select HTTPS servers to the list. Only hosts listed in the
Host Inclusion List will be accelerated by the HTTPS optimizer.
•
Use Add, Remove, and Edit to create the list.
NOTE: Although host name and IP address fields are
provided, only the IP address is used; the host name is
for descriptive purposes only.
For more information on HTTPS Optimization, see the Cisco WAAS
Mobile Integration Guide.
HTTPS Port Inclusion
List
By default, only HTTPS traffic on port 443 is accelerated. To
accelerate HTTPS traffic on other ports, add them to this list. Port
numbers should be separated by commas with no spaces.
HTTPS Process
Acceleration List
When HTTPS acceleration is enabled, only traffic associated with
selected processes from the Accelerated Process list are accelerated.
The default HTTPS Process Acceleration List accelerates Internet
Explorer and processes used by Microsoft SharePoint.
To accelerate other applications that communicate via HTTPS, first
verify that the processes have been added to the Accelerated
Processes table on the Configure > Clients > Acceleration page.
Then, enable these processes for HTTPS acceleration navigating to
the HTTPS tab, clicking the Add button in the HTTPS Process
Acceleration List table and then selecting a Process name.
NOTE: Before adding new processes to this list, verify that
either a) Subordinate CAs are enabled and certificates have
been installed or b) the process uses the Microsoft certificate
store API.
Cisco WAAS Mobile Administration Guide
39
Configuring File Shares Optimization
File share acceleration optimizations are configured via the File Shares tab on the Configure >
Clients > Acceleration page.
Table 15 File Shares Settings
Enable Transparent
SMB Acceleration
This checkbox enables acceleration of CIFS file share traffic.
SMB over TCP
(port 445)
Enable SMB over TCP to accelerate most file shares.
SMB over NetBIOS
(port 139)
To accelerate older Windows file shares and Novell file shares, SMB over
NetBIOS acceleration will need to be enabled. This feature is disabled by
default.
NOTE: To accelerate NETBIOS traffic over port 139 on PCs
running Vista and Windows 7, in addition to enabling SMB over
NETBIOS, Port 9025 must be opened for TCP traffic on the end
user’s PC firewall. The PC will not accept connections on this
port; this port is required for an internal loopback connection.
Configuring the Client Delta Cache
File share acceleration optimizations are configured via the Delta Cache tab on the Configure >
Clients > Acceleration page.
Table 16 Delta Cache Settings
Desired Delta Cache Size
Enter the desired client delta cache size. The default is 1024 MB.
The client delta cache size must be smaller than the server delta
cache.
Maximum Delta Cache Size
If the Advanced Settings tab has been enabled in the client
configuration (via the Manager’s Configure > Clients > User
Interface page), users can change the size of their delta cache.
Administrators can use this setting to control the maximum size
of the user’s delta cache. The default maximum client delta cache
size is 10240 MB.
Enable Reduced Size
If there is insufficient disk space and the client is unable to create
the desired delta cache size, it will, if this option is checked,
attempt to create a reduced size delta cache.
Reduced Delta Cache Size
The fallback delta cache size is 256 MB by default, and may be
40
Configuring the Cisco WAAS Mobile Client
modified by the administrator.
Delta Cache Location
Used to specify the delta cache location, if other than the default.
By default, the delta cache is placed in the All Users area.
Enable HTTPS Caching
Enables caching of data received via HTTPS. This feature should
be enabled when HTTPS acceleration is enabled. To enable
HTTPS acceleration, navigate to the HTTPS tab on this page. This
feature is enabled by default.
NOTE: After modifying the HTTPS Caching configuration, the
WAAS Mobile worker servers should be restarted.
Enable Cache Encryption
Enables encryption of cached data on the clients’ PCs. Cache
encryption is disabled by default. Encryption pre-requisites are as
follows:
In a domain environment, Group Policy must be set up with a
Data Recovery Agent and valid X.509 certificate, and the
policy(ies) must be configured to allow users to encrypt files
using EFS. For additional information, on configuring a Data
Recovery Agent, see HTTP://technet.microsoft.com/enus/library/cc778448.aspx
NOTE: Delta cache encryption leverages Windows EFS,
which is only available for Windows XP Professional,
Windows Vista Business and Ultimate, and Windows 7
Professional, Enterprise, and Ultimate editions. (Not
supported for XP Home, or Vista or Windows 7 Starter,
Home Basic, and Home Premium editions).
This capability is only supported when the delta cache is built
on NTFS.
Supports FIPS-140 evaluated cryptographic providers, and
default encryption for XP SP2 and later is AES-256.
Configuring Client Networking
The Configure > Clients > Networking pages provides configuration settings for selecting which
networks will be accelerated, configuring connection bypass settings, and for exluding specific
ports from acceleration, as described below.
NOTE: Before configuring client networking parameters, select the desired client
distribution from the drop-down menu at the top of the page.
Cisco WAAS Mobile Administration Guide
41
Defining Networks to be Accelerated
The Accelerated Networks tab on the Configure > Clients > Networking page defines which
destination networks should be accelerated and by which server farm.
NOTE: In the case of a single-server deployment, the server is identified as the
“Default” server farm.
The Accelerated Networks table consists of a set of rules that are sequentially processed by the
client, with the rule at the top of the list checked first. The first rule that matches is executed. In
order for a rule to fire, the destination address must match and the client must be able to establish
an accelerated connection to a server in the farm selected in the “Server Farm” field.
Each entry in the table consists of a
•
Network. Variable length subnet mask (e.g., 10.10.10.1/24).
•
Server farm. Select the server farm that should accelerate the network from a
drop-down menu as follows:
o
Closest Farm. Server farm that has the lowest latency to the client will
be selected.
o
Closest Farm with Gateway. Server farm that has the lowest latency to
the client and is an Internet gatway will be selected. The default
rule, 0.0.0.0/0 is configured to select the Closest Farm with Gateway,
which routes Internet traffic through those farms.
NOTE: The association of server farms and Internet gateways is configured via
the Farm Options tab on the Configure > Manager > Farms page.
o
Do Not Accelerate.
NOTE: The default rule (0.0.0.0/0) accelerates all traffic. If the desired default
behavior is to not accelerate all other traffic, change the rule behavior to “Do Not
Accelerate.”
o
<farm name> or DefaultFarm
NOTE: It is recommended that enterprise application server subnets (e.g.,
Microsoft Exchange, file servers) be explicitly mapped to farms to ensure
consistent access by end users.
On this page, the following actions may be taken:
42
•
Add. Add a new rule.
•
Remove. Remove a rule.
•
Edit. Edit a rule.
•
Move Up. Move the rule higher in the list.
•
Move Down. Move the rule lower in the list
Configuring the Cisco WAAS Mobile Client
NOTE: Rules are matched in the order that they appear in the list. The default
rule (0.0.0.0/0) should always be placed at the bottom of the list as it matches all
traffic.
•
Export. Export the Accelerated Networks table to a .csv file.
•
Import. Import the Accelerated Networks table from a .csv file.
Configuring High Availability with Accelerated Network rules
In the event a client is unable to reach the preferred server farm, the rules in the Accelerated
Networks table will be used to select an alternate acceleration server farm. Some examples of
how these rules can be used to define high availability behavior are below:
•
•
Example: Active-active data center failover.
o
All traffic goes to the closest available data center and each data
center has an Internet gateway.
o
No configuration required. The default rule (0.0.0.0/0 to Closest
Farm with Gateway) will route traffic appropriately.
Example: Applications are hosted redundantly, but in different data centers. For
example, email is hosted via one set of active-active data centers and the ERP system
is hosted in another.
o
Use separate rules to map each data center network to an
acceleration server farm (e.g., 10.0.0.0/16 to Farm1, 10.1.0.0/16 to
Farm2, etc.).
NOTE: Since the Manager only communicates with servers, a high degree of
scalability and fault tolerance is achieved. Failure of the Manager does not cause
a loss of acceleration functionality.
Configuring Client Connection Settings
Client connection settings may be modified via the Connection Settings tab on the Configure >
Clients > Networking page.
Cisco WAAS Mobile Administration Guide
43
Table 17 Connection Settings
Enable Latency-Based
Bypass
Latency-Based Bypass is used to accelerate individual TCP
connections if the latency of the network between the client machine
and the destination content server exceeds the threshold value. Use
this setting for mobile workers that access a combination of local and
remote servers. By default, latency-based bypass is enabled.
When Latency-Based Bypass is enabled, once the client connects to a
content server, the bypass decision for the IP and port associated
with that TCP connection is cached and the client will not perform
another latency check until the client is restarted or the network
connection changes.
NOTE: The client will still connect to the WAAS Mobile
server when this feature is enabled. Once WAAS Mobile has
performed a latency check to a specific content server, it will
either bypass or accelerate that connection for the remainder
of the session.
Enable High Speed
Bypass
High Speed Bypass disables acceleration when a low latency
connection to the WAAS Mobile server is detected, as defined by the
Round-Trip Time Threshold. Use this setting when the user and all
WAAS Mobile servers to which the user will connect are on the same
LAN. By default, high speed bypass is disabled.
NOTE: When High Speed Bypass is enabled, the WAAS
Mobile client will not connect to, or request a license from,
the WAAS Mobile server for which the latency threshold is
not met and a license will not be consumed.
44
Configuring the Cisco WAAS Mobile Client
Enable Persistent
Connections
Persistent connections are disabled by default, and should be
enabled for highly mobile workers. Persistent Connections insulates
the end-user from problems with RF coverage in wireless networks
as well as from problems in poor quality dial-up access. It allows the
acceleration system to support advanced wireless network features
such as automated Wi-Fi/cellular switchover or hand-offs when
roaming through different cellular networks.
In some deployments, clients may not have the same IP when they
reconnect or when they roam to a different network. The WAAS
Mobile server will recognize the client even if the IP presented to the
server has changed.
When persistent connections are enabled and communications are
disrupted, the WAAS Mobile client will maintain an active session
with the application process on the client. Similarly, the WAAS
Mobile server will maintain an active session with the application
server, keeping the TCP connections alive.
NOTE: The persistent connections feature is not currently
supported for SMB CIFS traffic.
When a client cannot connect to any server, it will enter a persistent
connection mode; it will exit this mode when it can connect to at least
one acceleration server.
Many web browsers, email clients, and application servers will
terminate a session if they detect an inactive connection. During the
time that the client-proxy link is unusable, WAAS Mobile keeps the
TCP connections to the client and server applications open for a
predetermined period of time. It also sends application layer
messages for HTTP and email that prevent shutdown of the
application session before service is restored. The accelerated
application(s) whose connections are being kept alive by persistent
mode will time out according to their tolerated interval of inactivity.
With Persistent Connections, the server always assumes that the
most recent session from a client is still active. The server closes a
session when one of 3 events occurs:
•
The server receives a restart message from the client.
•
A request for a new session is received from a client who has
an existing session.
•
A session remains inactive for an interval longer than a
threshold defined in the registry (currently set to 1 hour).
The client closes a session when one of 3 events occurs:
•
The client receives a restart message from the server.
•
A session remains inactive for an interval longer than a
threshold defined in the registry (currently set to 1 hour).
•
When a network connection is present but the client has not
received any data from the server after a pre-defined time
period (20 minutes, by default).
Cisco WAAS Mobile Administration Guide
45
Port Exclusions Tab
TCP connections whose destination port is on the exclusion list will not be proxied or accelerated.
By default, ports 554 (RTSP) and 1627 (Cisco MeetingPlace) are excluded.
Configuring Multiple Traffic Flows to the Same Acceleration Server
In some cases, it may be desirable to create multiple traffic flows between the WAAS Mobile
client and the WAAS Mobile server, which could then be separately managed over the network
using destination IP address-based QoS rules. For example, an organization may want to place
all corporate application traffic in one traffic flow and all Internet traffic in another, so that
different QoS rules may be applied.
The Servers table on the Configure > Manager > Managed Servers may be used to define
multiple endpoints on a single server. To configure these endpoints, enter a pair of
management/public IP addresses for each flow, using the same management IP address in each
pairing. (Each of these IPs needs to be defined on the NIC as well.) When entering the IP
address pairings, map each pairing to a separate farm. Then, on the Accelerated Networks tab
on the Configure > Clients > Networking page, map each farm to separate subnets.
Configuring Client Diagnostics Settings
The Configure > Clients > Diagnostics pages provides configuration settings for logging, system
reports, and network monitoring, as described below.
NOTE: Before configuring client diagnostics parameters, select the desired client
distribution from the drop-down menu at the top of the page.
Table 18 Diagnostics Settings
Enable Large Client
System Reports
Use this feature to create a system report that captures a longer time
period of events than is captured by default. By default, client
system reports are 4.5 MB. When large system reports are enabled,
40 MB is allocated. Since the system report buffers reside in RAM,
selecting large system reports will increase the RAM utilized by the
client.
Enable Network
Monitoring
When network monitoring is enabled, network packet traces are
included in the system report. By default client network monitoring
is disabled. See CHAPTER 12 for more information on system
reports.
System Report URL
Identifies the WAAS Mobile worker server where the client system
reports are sent and stored. When the value is “default,” system
reports generated by the client are pushed to the worker server from
which it received a license grant.
To post client system reports to another server, enter:
HTTP://<server-
46
Configuring the Cisco WAAS Mobile Client
ip>/SystemReportsReceiver/ReportReceiver.ashx?
•
<server-ip> is the address of the controller WAAS Mobile
server
•
The “?” is required at the end of this path
The Manager provides an integrated view of all system reports from
all servers, which may be viewed via the Manage > System Reports
page.
NOTE: System reports are posted to one of the following
locations on the specified WAAS Mobile server, depending on
the type of system report that is genererated.
On Windows Server 2003 and 2003 R2:
C:\Documents and Settings\All Users\Application Data
\Cisco\WAASMobile\Inbox, or to
C:\Documents and Settings\All Users\Application Data
\Cisco\WAASMobile\Exceptions
On Windows Server 2008 and 2008 R2:
C:\ProgramData\Cisco\WAASMobile\Inbox or to
C:\ProgramData\Cisco\WAASMobile\Exceptions
NOTE: System reports are transmitted from the client to the
worker servers over port 80.
Enable Client Logging
Client logging is enabled by default. When client logging is enabled,
administrators may select the number of logs and the maximum size
of the log. When a log is full, logging rotates to the next log.
Configuring the Client’s User Interface
The administrator may configure the functionality that is displayed to the end user via the
Configure > Clients > User Interface page.
NOTE: Before configuring client user interface parameters, select the desired client
distribution from the drop-down menu at the top of the page.
Cisco WAAS Mobile Administration Guide
47
Table 19 Client User Interface Settings
Use a Simplified User
Interface
If this checkbox is checked, the client user interface is simplified to
just a tray icon with an Exit option. The Client Manager is not
displayed and the user may not generate system reports.
NOTE: The first time the user interface starts, the full client
GUI is enabled. When it then connects to the Manager, it
will be configured with the Simplified User Interface.
Enable Advanced
Options
Enables the Advanced Settings tab in the Client GUI, which
provides the user with the ability to control select configuration
settings. By default, the Advanced Settings tab is not displayed.
Enable User Diagnostics
Enables the user to generate system reports. This is enabled by
default.
Enable Client
Registration
By default, users will be identified in the Manager by their computer
name. This enables administrators to correlate session monitoring
data with users, which is helpful when troubleshooting user
problems.
When Client Registration is enabled, users will instead be prompted
to enter a name and email address the first time they start WAAS
Mobile. The email address will be used in place of the computer
name to identify the end user in the Manager.
NOTE: Client Registration information is only used for
internal system management and is not used to register the
software with Cisco Systems, Inc. or any other third party.
Enable Client Messages
48
By default, the administrator may send the end user messages or the
system may inform the user of a configuration update or software
update via balloon messages. Unchecking this checkbox disables
balloon messages from being sent by the system, though
administrators may still send messages to users.
Configuring the Cisco WAAS Mobile Client
CHAPTER 8.
Managing Cisco WAAS Mobile
Via the Manage menu, administrators may monitor and manage all Cisco WAAS Mobile servers
and accelerated client s from a single interface. The Manage menu includes the following:
•
Dashboard. The dashboard provides a summary of system health and status, with
hyperlinks to pages where any needed actions should be performed. The dashboard also
provides a system-level summary of usage and bandwidth savings versus time.
•
Performance. View acceleration performance versus time and protocol at the system level,
server farm level, client subnet, or individual client level across the time range of interest.
•
Monitoring.
o
Resource Monitoring. View server CPU, memory, and delta cache resource
utilization statistics from across all servers and drill down to view how
individual servers are performing.
o
Connection Monitoring. View number of users who are connected, number of
accelerated sessions at a system level, farm level or individual server levels.
Monitor TCP connection failures, licenses exceeded failures, etc. centrally.
•
Servers. View the health and status of all servers via a summary table. Click on any
server to drill down to view detailed server status, start/stop it, generate system reports,
or clear its delta cache.
•
Clients.
o
Manage all the clients in the enterprise from this page. Filter to view users that
received licenses from specific farms or servers, view user groups by subnet, PC
operating system, and/or client distribution, or look for a single user by
username or computer name.
o
For any user or group of users, generate detailed diagnostics (system reports),
disconnect them or send them administrative messages.
o
Drill down to individual users by clicking on the user, to view detailed status
and configuration information, performance, TCP connections, accelerated
sessions, and event logs.
•
Events. View all events; filter by server farm, specific server, or type of event.
•
System Reports. View system reports that have been generated.
•
Backup and Restore. Fully backup and restore all configuration settings and the back end
database.
Cisco WAAS Mobile Administration Guide
49
Using the Cisco WAAS Mobile Dashboard
The dashboard provides a thumbnail summary for system health and performance, and provides
links to the pages that the administrator should use to gather further information or take action to
fix the issue.
Figure 6. The Cisco WAAS Mobile Dashboard
50
Managing Cisco WAAS Mobile
Performance Management
The Manage > Performance page allows the administrator to view:
•
Performance of select server farm
•
Performance of a select server
•
Performance during the last hour, day, week, month or over a specified data
range
•
Performance of one or more users, as defined by a variable length subnet (e.g.,
10.10.10.5/32)
•
Performance by protocol
•
Traffic either in both directions, download only, or upload only
The Traffic Summary tab graphs the aggregate traffic before optimization versus traffic after
optimization for each application protocol. The table below the graph provides a summary of this
data, along with the compression ratio for each application protocol.
The Traffic Timeline tab graphs the traffic before optimization versus traffic after optimization as
a function of time for each server and provides totals across all servers.
Figure 7 Traffic Summary Graph
Cisco WAAS Mobile Administration Guide
51
Monitoring System Resources and Usage
The Manage > Monitoring page provides graphs of resource utilization versus time. From this
page, administrators may view:
•
Resource utilization statistics of all servers, overlaid on a single graph.
•
Resource utilization of all servers in a specified farm, overlaid on a single graph.
•
Resource utilization of a single server.
•
The timelime may be adjusted to show the last hour, day, week, month or utilization
over a specified data range.
The following server statistics may be viewed via this page:
•
CPU utilization
•
Disk utilization
•
Memory Utilization
•
Delta Cache Utilization
•
Delta Cache Depth
•
Active Sessions
•
Active Users
•
DNS Lookup Failures
•
TCP Connection Failures
•
License Exceeded Login Failures
•
Login Failures
Managing Servers
Monitoring and Controlling Servers
The status of all Cisco WAAS Mobile servers are summarized on the Manage > Servers page.
For each server, the following information is displayed:
•
Farm. Farm to which the server belongs.
•
Server. This is the IP address that the Manager uses to manage the server.
•
Status. Server status.
•
Profile. Server profile that was applied to the server
•
Last Config Update. Last time the server configuration was updated
•
Session capacity. This is the maximum number of users that can be simultaneously be
accelerated by the server.
NOTE: The session capacity of the server must always be at least as large as the
number of licenses provisioned for that server.
NOTE: A single user may form acceleration sessions with multiple Cisco WAAS
Mobile servers simultaneously, while consuming only a single license.
52
Managing Cisco WAAS Mobile
•
Current sessions. Number of user sessions currently active on the server
•
TCP connections. Number of TCP connectons currently active on the server
•
Licenses provisioned. Number of licenses that have been provisioned for the server
•
Licenses in use. Number of licenses that are currently in use on the server
For more detailed server information, click on a server in the Server Status and Control table.
Included in the server details is the following information:
•
Hardware information: CPU type, speed, and number of cores; RAM, disk space
•
Software Information: Windows Server version
•
Server delta cache utilization:
o
Size
o
Percent used
NOTE: Once the cache fills up, this value will remain at 100%.
o
•
Depth, in days. Depth is a measure of the amount of traffic history
that is being retained in the delta cache. When the delta cache fills
up, it makes room for new byte sequences by deleting old traffic,
based on a least recently used algorithm.
Other status information (health, configuration, connection, licenses)
The Manage > Servers page may also be used to control servers as follows:
•
Start or Stop. Starts or stops one or more servers.
•
Request system report. The system reports generated through this request are posted
on the Manage > System Reports page.
•
Clear cache. This button will stop the server, clear its delta cache, and then restart the
server.
NOTE: Clearing the delta cache deletes both the cache index file and the cache
file. When the server restarts, these files are recreated.
Managing Clients
The Manage > Clients page lets administrators manage all clients centrally, and drill down to
specific users or user communities. The filters at the top of the page allow the administrator to
select:
•
All clients (default)
•
All clients who get their license from a particular farm
•
All clients who get their license from a particular server
•
Clients using a specific computer, by computer name
•
A specific user, identified by domain name (e.g., domain\username)
NOTE: If client registration is enabled, this filter will use the email address that
was entered by the client during the registration process.
Cisco WAAS Mobile Administration Guide
53
•
A specific user or group of users by variable length subnet
•
Connected users (default) or all users to date
•
Users that are working with a particular client distribution
•
Users that are running a particular Operating System
The Manage > Clients page may also be used to control clients as follows:
•
Send Message. The message will be sent to the selected clients and will appear as a
pop-up balloon message over the Cisco WAAS Mobile desktop icon.
•
Disconnect User. The WAAS Mobile client running on the end user’s PC will be
forced to exit.
•
Request System Report. System reports will be generated for the WAAS Mobile client
running on the end user’s PC and on all servers to which that user is connected,
thereby capturing a full client/server diagnostic snapshot. For more information on
System Reports, please see CHAPTER 10.
Managing a Specific Client
For more information about a particular user, click on a user in the table on the Manage > Clients
page to view Detailed Client Information. For each connected user, the following information is
provided on this multi-tab page:
•
Status tab
o
o
o
o
User information
ƒ
User name. By default, the username is <domain>\<username>. If client
registration is enabled, the username is the email address the end user
entered.
ƒ
IP address. This is the IP of the client as presented to the server. If the
client IP is NATed, then this is the NATed IP.
ƒ
Alias IP. The aliased IP presented by the server for this client. If Alias
IPs are not being used, the field contains 0.0.0.0.
Accelerated session information
ƒ
Status. Status of the accelerated session to the server.
ƒ
Session Duration. Elapsed time since the accelerated server session
started.
ƒ
Licensor. IP address of the server that granted the client a license.
User PC information
ƒ
Operating System. Version of Windows that the client is running.
ƒ
CPU. Describes the CPU on the client’s PC.
ƒ
Total Disk Space. Size of the disk on the client’s PC.
ƒ
Disk Space Available. Free disk space on the client’s PC.
ƒ
RAM. Size of the RAM on the client’s PC.
ƒ
Number of CPUs. Number of processor cores on the client’s PC.
WAAS Mobile software information
ƒ
54
Software version. WAAS Mobile software version, formatted as Major
Release.Minor Release.Maintenance Release.Build Number.
Managing Cisco WAAS Mobile
ƒ
o
Distribution Name. Name of the client distribution that the client is
running.
Delta cache statistics
ƒ
Delta Cache Size. Size in MB of the client’s delta cache.
ƒ
Delta Cache % used. The cache fills until it reaches 100%. From that point,
the % used remains at 100%.
ƒ
Delta Cache Depth (Days). Cache depth is a measure of the amount of
traffic history that is being retained in the delta cache. When the delta
cache fills up, it makes room for new byte sequences by deleting old
traffic, based on a Least Recently Used algorithm.
•
Performance tab. Graphs and tables showing traffic breakdown and compression by
protocol.
•
TCP Connections tab. For each client TCP connection, the following information is
provided:
o
Application name. Identifies the process that is being accelerated.
o
Acceleration server. The IP address of server that is accelerating this TCP
connection.
o
Destination IP. The destination IP address of the client’s TCP connection.
o
Status. Acceleration status for the TCP connection. If the TCP connection is not
being accelerated by WAAS Mobile, the status field provides an explanation as to
why not.
o
Performance for each TCP connection, including:
ƒ
Data reduction. Percent data reduction achieved for this TCP connection.
ƒ
Before Optimization. Bytes before the TCP connection was optimized.
ƒ
After optimization. Bytes after the TCP connection was optimized.
NOTE: TCP session view is available for PCs running Windows XP SP2 and
later OSs.
•
•
Acceleration Server Sessions tab. For each acceleration session between the client
and WAAS Mobile server, the following information is provided:
o
Start time. Time when the client formed an acceleration session with a server.
o
State. State of the acceleration session.
o
Performance statistics for each acceleration server connection, including:
ƒ
Bandwidth Down (bps)
ƒ
Bandwidth Up (bps)
ƒ
Latency (ms)
ƒ
Packet Loss (%)
ƒ
Data Reduction (%)
ƒ
Before Optimization (Bytes)
ƒ
After Optimization (Bytes)
Event log tab. Events logged by the client are displayed on this page.
Cisco WAAS Mobile Administration Guide
55
Managing Events
Server alert messages may be viewed on the Manage > Events page. Using the filters at the top
of this page, the administrator may view:
•
All events
•
Events associated with a particular server farm or server
•
Events by severity (error, warning, or informational)
•
Events in the last hour, day, week, month or in a specified date range
Managing System Reports
Links to system reports generated by all clients and servers are posted on the Manage > System
Reports page.
Figure 8 System Reports Download Page
Reports listed on the System Reports page use the following naming convention:
•
SysRepID_C or S_datetime_ IPaddress.cab:
where:
•
SysRepID is a unique identifier for each set of client and server system reports
that are generated. When a system report is requested by a client, a report is
simultaneously generated on the client and on all servers to which that client is
connected. If a crash occurs on the WAAS Mobile server, only the server report
will be generated. If a crash occurs in the WAAS Mobile client, report will be
generated for the client (if client system reports are enabled) and for all servers to
which the client is connected.
NOTE: When providing system reports to Cisco support, send all
reports associated with a given SysRepID.
56
•
C or S identifies the system report as being from either a client or a server.
•
datetime is the timestamp when the system report was generated. Datetime is
expressed in GMT (Greenwich Mean Time), and is formatted as yyyy-mmddThhmmss.
•
IPaddress is the address of the machine that created the system report.
Managing Cisco WAAS Mobile
NOTE: When deleting system reports, use the WAAS Mobile manager
GUI to select and remove the system reports that are to be deleted. Do
not manually delete the files from the system folders.
Cisco WAAS Mobile Administration Guide
57
Backing Up and Restoring the Manager
Via the Manage > Backup and Restore page, administrators may:
•
Backup and restore configurations as follows:
o
Restore all configurations to factory defaults. This will completely
wipe out any modifications that have been made to any
configuration.
o
Import a previously saved configuration.
o
Export the current running configuration.
NOTE: Backup and Restore will export the current running configuration but
not any pending changes.
NOTE: When configuring a backup Manager, use the Backup and Restore
functionality. If configurations are manually cloned, the client will perceive
them as different configurations and download configuration updates to all
clients when the client connects.
IMPORTANT: It is highly recommended that the operating state of the WAAS
Mobile Manager be backed up to facilitate rapid restoration of service in the
event of a hardware device failure.
•
Manage the performance monitoring and statistics database as follows:
o
Clear all statistics.
o
Import a previously exported database.
Export the current database.
SNMP Support
This section describes WAAS Mobile’s support for native Windows SNMP alarm generation and
access to SNMP counters. In addition, these same values are accessible via Windows NT Events
and Windows performance counters respectively.
MIB
The WAAS Mobile server MIB is installed in the WAAS Mobile server software folder. The file
name is WAAS MOBILE-SERVER-MIBv1_3.5.TXT. The syntax of the MIB file has been checked
using the online MIB checker at HTTP://www.muonics.com/Tools/smicheck.php.
This MIB is also used to document the available Windows Performance Counters and NT Events,
which use the same names as the SNMP values.
58
Managing Cisco WAAS Mobile
SNMP Deployment Pre-requisites
•
The IP address of the servers must be accessible to the network monitoring station or
OAM if SNMP monitoring is desired.
•
The firewall must allow TCP and UDP access to port 161 from the network monitoring
station (OAM) if it will be querying for SNMP counters.
Configuring the SNMP Service
Ensure the SNMP service is installed and running on the servers. Note that SNMP is not installed
on Windows by default. To manage the SNMP service,
•
•
For Windows Server 2003
o
Navigate to Control Panel > Add or Remove Programs > Add/Remove
Windows Components
o
In Components, click Management And Monitoring Tools, but do not select or
clear its check
o
Click Details
o
Select the Simple Network Management Protocol checkbox, and click OK
o
Click Next. The SNMP service starts automatically after installation.
For Windows Server 2008, install the SNMP service in Windows Server 2008, using the
Server Manager snap-in to add the SNMP Service feature.
Configure the SNMP service on the Traps tab so that it sends SNMP packets to the management
station. The example below shows the OAM management station running at 192.168.1.160.
Figure 9 Windows SNMP Service Configuration
Ensure the SNMP service accepts the community name you are planning to use to access the
performance variables, for example, traps. Read-only access is adequate.
Preparing the SNMP Management Station
Cisco WAAS Mobile Administration Guide
59
To monitor the traps sent by the WAAS Mobile service and to request and display counter
information requires an application that can send and receive SNMP data over the network,
interpret it according to the WAAS Mobile MIB and display it. Such an application is part of
SNMP management station software, which is usually remote from the WAAS Mobile server (in
a test environment, it might run on the server machine). There are many such applications
available, and they are all managed in a similar fashion. The main configuration aspects, common
to all SNMP management station software and relevant to testing traps from WAAS Mobile, are:
60
•
Ensure any needed software is available. For example, on Windows the management
station software might rely on the service called “Windows Trap Service” to receive traps
(service this is not required by WAAS Mobile – it only provides for receiving traps).
•
Import (compile) the WAAS Mobile MIB. This provides the management station with
information to interpret the OIDs in the trap data.
•
Tell the management station to listen to the WAAS Mobile server. This means to tell it the
IP address of that machine and the port it is using to send SNMP traps (via UDP). The
port is determined by the SNMP service on the server machine and is usually left at the
default (162). You may need to specify the trap community name as well, consistent with
the setting used by the Windows SNMP service.
•
Tell the management station which “community” to listen to for traps. The default for
Windows SNMP traps is “trap”, which is set on the Traps tab of the SNMP service. The
community is a primitive security mechanism. If you don’t listen for the right
community, you will not see the trap.
•
Tell the management station which community to use for requesting performance
counters. Because all WAAS Mobile performance counters are read-only, it is reasonable
to use the community public.
•
Tell the management station whether to use SNMPv1 or SNMPv2.
•
When setting up SNMP, it may be useful to have NetMon or a similar packet capture
application available to capture the SNMP packets that the WAAS Mobile server will
send to the management station.
Managing Cisco WAAS Mobile
CHAPTER 9.
Tips for Optimizing Application Acceleration
Outlook 2007
Outlook 2007 encrypts email, by default. For optimum acceleration, Outlook 2007 encryption
should be turned off.
The Outlook encryption feature may be disabled using Office Group Policies (see instructions at
HTTP://support.microsoft.com/kb/924617/en-us) or by manually changing the feature on the
client by opening Outlook 2007, selecting Account Settings from the Tools menu, selecting
Change account, clicking More Settings, clicking the Security tab, and then unchecking the
Encrypt data between Microsoft Office Outlook and Microsoft Exchange checkbox.
Firefox HTTPS acceleration
When WAAS Mobile HTTPS acceleration is enabled, a self-signed certificate that is placed in the
Microsoft certificate store is used by default. Firefox uses a different certificate store, so Firefox
HTTPS traffic is not accelerated with the default configuration.
•
If the WAAS Mobile Server is configured as a subordinate certificate authority (CA), and
Firefox is already configured to trust the enterprise CA, the Manager must be configured
to recognize and accelerate Firefox as described below.
•
If the WAAS Mobile Server is configured as a subordinate CA, and Firefox is not
configured to trust the enterprise CA, install the root CA for your enterprise in the
Firefox trusted certificate store. In addition the WAAS Mobile Manager must be
configured to recognize and accelerate Firefox as described below.
•
If the WAAS Mobile Server is configured as a self-signed (root) CA the WAAS Mobile
Manager must be configured to recognize and accelerate Firefox and the user must also
install the WAAS Mobile Server CA in the Firefox trusted certificate store as described
below.
Firefox setup - WAAS Mobile Manager steps
On the HTTPS tab on the Configure > Clients > Acceleration page of the WAAS Mobile
Manager:
•
Enable HTTPS Acceleration
•
Add hosts to be accelerated to the Host Inclusion List or accelerate all HTTPS sites
•
Add firefox.exe to the HTTPS Process Acceleration List
•
Apply the new configuration
Cisco WAAS Mobile Administration Guide
61
Additional Firefox setup steps when WAAS Mobile is using the default self-signed certificate
It is generally not recommended that the self-signed certificate be used in production
deployments with Firefox. However, for lab testing it may be desirable to configure Firefox
HTTPS acceleration without having to setup the WAAS Mobile server as a subordinate CA by
manually installing the self-signed certificate into the Firefox certificate store as follows:
a.
Exit and restart WAAS Mobile after the above Manager changes are completed.
b. After WAAS Mobile reconnects, open Firefox and click Tools > Options.
c.
Select the Content tab and then click the Certificates button.
d. In the Certificates dialog, select the Trusted Root Certification Authorities tab.
e.
Scroll down until you can see the certificate(s) issued by Cisco and click on the one with
the latest expiration date. Click Export, and then click Next.
f.
Leave the "Select the format you want to use..." at the default and click Next.
g. Click the Browse button and browse to a convenient location to save the certificate file.
h. Enter a meaningful name into the File Name field, such as "Cisco Cert," and then click
Save.
i.
Click Next, and finally Finish. Close the remaining windows by clicking OK.
j.
Open the Firefox browser and click Tools > Options.
k. Click the Advanced button in the upper right of the dialog, and then select the
Encryption tab.
l.
Click the "Select One Automatically" radio button, and then click View Certificates.
m. In the Certificate Manager, select the Authorities tab.
n. Click Import, and then navigate to and double-click the certificate file you saved in step
h; follow the prompts to import.
o.
Check the "Trust this CA to identify websites" checkbox and click OK.
p. Click OK to close all open windows.
Microsoft ISA Firewall Client
The Microsoft ISA Firewall Client intercepts traffic in the Winsock stack and redirects it to an ISA
server. It does this redirection at a level above where Cisco WAAS Mobile intercepts traffic, so
traffic that is redirected by MFC will be accelerated between the client and the ISA server. For
optimum acceleration, the ISA server should be located near the destination applications.
Virtual Desktops
Configuring VMWare VDI over Microsoft RDP
To optimize VMware VDI traffic, the encryption and compression employed by the underlying
Microsoft RDP protocol should be disabled. Microsoft RDP is one of the underlying protocols
supported by VMware VDM and is currently the predominant protocol used by the various
VMware VDI implementations.
62
Tips for Optimizing Application Acceleration
To disable encryption on RDP, the settings on the virtual desktop must be changed. The changes
can be made either by group policy settings or by changes to the registry. Both methods can also
be distributed to large groups of virtual desktops using Microsoft Active Directory.
To disable compression, the settings on the VMware VDM client must be modified. These can be
configured by group policy and thus can easily be deployed to large groups of clients using
Microsoft Active Directory.
Disabling Compression via the RDP File
To disable compression via the RDP configuration file, follow these steps:
•
Step 1. Open the RDP connection (.rdp) file in Notepad.
•
Step 2. Change the line compression:i:1 to compression:i:0.
•
Step 3. Save the file.
After the change is made, any new connection using the changed file will not use RDP
compression.
Configuring VMware VDM to Use Uncompressed RDP Sessions
To configure VMware VDM to use uncompressed RDP sessions, follow these steps:
Step 1. Copy the c:\ Program Files\VMware\VMware
VDM\Server\ADM\vdm_client.adm file from the connection broker server to the
VMware VDI client PC.
Step 2. Import this file to the group policy object (GPO).
Step 3. In the GPO, choose User Configuration > VMware VDI Client and disable the
Enable Compression policy.
Disabling Encryption
Changing the following registry keys disables encryption on Windows virtual desktops:
•
Set HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDPTcp\MinEncryptionLevel to 1.
•
Create HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDPTcp\SecurityLayer as a DWORD value and set it to 0.
•
After changing the above keys the server running VMWare VDM must be rebooted.
Large deployments should use Microsoft Active Directory to push these changes to the virtual
desktops.
NOTE: On Windows XP 32 bit Virtual Desktop Machines, a hot-fix from
Microsoft is required to add the capability to disable RDP protocol encryption.
(See HTTP://support.microsoft.com/KB/956072.) This hot-fix is not required to
disable RDP protocol encryption on Windows Vista and Windows 7 desktops.
Cisco WAAS Mobile Administration Guide
63
Citrix ICA
WAAS Mobile accelerates Citrix ICA traffic with its default settings. Additional performance
improvement can be gained by configuring the Citrix server for login encryption only (no session
encryption) and no compression. WAAS Mobile data reduction algorithms provide far better
compression levels than can be realized with native Citrix compression. Additionally, when
users request previously viewed screen content, WAAS Mobile eliminates redundant data
transmissions and only sends deltas. Also, WAAS Mobile optimizes the packet flows,
eliminating ICA’s high level of unnecessary 64-byte acknowledgement packets, and improving
throughput efficiency over the WAN.
To enable low encryption (authentication only) on the Citrix Management Console for Metaframe
XP:
•
Right-click (serverfarm) Policies, and select "Create a new policy".
•
Double-click the policy to edit, select "Required Encryption Level".
•
In the policy window right pane select "Rule enabled" and set the encryption level to
"RC5 (128bit) logon only", then click "Apply" and "OK".
To enable low encryption (authentication only) on the Citrix Connection Configuration console:
•
Double-click the ica-tcp connection.
•
In the “edit connection” dialog window, select "Advanced".
•
Under security, verify that required encryption is set to "RC5 (128bit) logon only" and
click “OK”.
To disable compression in the Citrix Program Neighborhood console:
•
Select the server farm to modify, right-click select "Properties", then select the "Default
Options" tab.
•
Uncheck the checkbox next to "Use data compression". Click "Apply" and "OK".
To configure the client ICA file, edit the client ICA template file as follows:
•
If a line exists that begins with "Compress=", change the line to show "Compress=Off".
Otherwise, add a line that says "Compress=Off".
•
If a line exists that begins with "EncryptionLevelSession=", change the line to show
"EncryptionLevelSession=EncRC5-0". Otherwise, add a line that says
"EncryptionLevelSession=EncRC5-0".
Kaspersky Internet Security
To interoperate with Kaspersky Internet Security, WAAS Mobile must be configured as follows:
•
64
Verify that the AVP.exe process is listed in the Accelerated Processes table on the
Configure > Clients > Acceleration page; this is the default configuration.
Tips for Optimizing Application Acceleration
This is required because Kaspersky intercepts traffic before WAAS Mobile, and
all traffic destined for WAAS Mobile will come from the AVP.exe process. Since
the AVP.exe process selects the traffic that will go through WAAS Mobile, the
other processes listed in the table are ignored. Accordingly, to constrain which
traffic should be accelerated when using Kaspersky Internet Security, use the
Accelerated Networks table on the Configure > Clients > Networking page to
limit acceleration to specific hosts and applications.
•
Disable Latency-based bypass. This control is located on the Connection Settings tab of
the Configure > Clients > Networking page. No traffic will flow if latency-based bypass
is enabled.
To interoperate with Kaspersky Internet Security, Kaspersky must be configured as follows:
•
On the main page of Kaspersky, go to settings (upper right corner) -> Options -> Threats
and exclusions -> exclusions settings - > Trusted Applications (2nd tab).
•
Click “Add” and then browse to the WAAS Mobile application and open it.
•
On the next dialog screen, check “Do not scan network traffic,” hit “OK,” and then apply.
•
Reboot the PC.
Symantec Data Loss Prevention (formerly Vontu)
To interoperate with Symantec Data Loss Prevention, Symantec needs to be configured as
follows:
•
Add the application fingerprint for WAAS Mobile to the “Do Not Monitor These
Activities” list and select Network, Print/Fax, and Clipboard. Binary name is
waasmobileproxy.exe.
•
On the “Agent Monitoring” tab, add a folder called “Cisco WAAS Mobile” to the Local
Drive Ignore list. The folder path is c:\programfiles$\Cisco Systems\WAASMobile\*.
•
Then add a monitoring filter to ignore all files in folder c:\programfiles$\Cisco
Systems\WAASMobile\*.
FTP over the Internet
When the FTP server being accelerated is not near the WAAS Mobile server, there are scenarios
where FTP transfers may fail. Failures may occur when the user is accessing an FTP server at
another enterprise (a business partner), or across the Internet. This is due to the behavior of the
data exchange in an accelerated environment versus the native behavior of the FTP “handshakes”
and is dependent on the configured time-out value of the FTP client software. When FTP is
accelerated, the transfer between the WAAS Mobile client and the WAAS Mobile server occurs
very quickly, but the transfer between the WAAS Mobile server and the FTP server may be slow,
causing the FTP session on the user’s PC to time out.
To address this behavior, the FTP client’s connect and session time-outs should be increased; an
initial value of 300 seconds is recommended, though this may need to be adjusted depending on
network conditions and file sizes.
Cisco WAAS Mobile Administration Guide
65
Optimizing Acceleration over Satellite
Many satellite modems employ TCP performance enhancing proxies. By default, WAAS Mobile
employs a latency measurement to determine if traffic should be accelerated or bypassed. When
there is a satellite modem with a TCP proxy in the path, there is almost no latency between the
WAAS Mobile client and the modem, so the traffic is bypassed. To interoperate with these
modems, disable latency-based bypass via the Connection Settings tab on the Configure >
Clients > Networking page.
Additionally, to mitigate round trip latency associated with DNS lookups, when optimizing
Internet traffic, deploy a web proxy cache on the LAN-side of the WAAS Mobile server and
configure users’ browsers to point to this cache. (With Internet Explorer, this may be done via
Active Directory group policies or manually via the Tools > Internet Options > Connections tab >
LAN settings button.)
Virus Scanning Best Practices
In order to ensure that all servers remain free of viruses, many organizations require that virus scanning software be run periodically on all computers and servers. When virus scanning is run on WAAS Mobile servers, it is recommended that the delta cache file and the delta cache index file be excluded from the scan. NOTE: When virus scanning is run on WAAS Mobile server, it is recommended that the
delta cache file and the delta cache index file be excluded from the scan. Specifically,
exclude the following files from being scanned by the virus scanner:
On Windows Server 2003 and 2003 R2:
C:\Documents and Settings\All Users\Application
Data\Cisco\WAASMobile\DeltaCache\BD_ServerPage.acc
C:\Documents and Settings\All Users\Application
Data\Cisco\WAASMobile\DeltaCache\BD_ServerControl.acc
On Windows Server 2008 and 2008 R2:
C:\ProgramData\Cisco\WAASMobile\DeltaCache\BD_ServerPage.acc
C:\ProgramData\Cisco\WAASMobile\DeltaCache\BD_ServerControl.acc
NOTE: The administrator may change the location of these files via the WAAS Mobile Manager. If the file location has been modified, the administrator‐specified URNs should be used instead. IMPORTANT: Failure to exclude these files may result in a significant loss of
acceleration.
66
Tips for Optimizing Application Acceleration
CHAPTER 10. Diagnostics
WAAS Mobile includes a comprehensive set of diagnostics tools that provide detailed
information on system health and performance. This chapter describes the various types of
information that are available and how to access and use the diagnostic tools.
Diagnostics include:
•
•
Server-side diagnostics
o
Client monitoring, including visibility into client’s TCP connections and
acceleration sessions.
o
System monitoring, including server resource utilization statistics.
o
System events, which are displayed in the GUI but are also available as NT
events or via SNMP
o
System reports, which capture additional server-side information that can be
used by the Cisco Technical Assistance Center (TAC) to assist in troubleshooting.
o
Logs, including installation logs.
Client-side diagnostics
o
TCP connection monitor, which provides real-time information regarding the
acceleration of each active TCP session.
o
Accelerated session monitor, which provides real time information regarding the
acceleration sessions between the client and each server to which it is connected.
o
Event log, which is a persistent log of client events.
o
System reports, which capture additional client-side information that can be used
by the Cisco Technical Assistance Center (TAC) to assist in troubleshooting
Server-Side Diagnostics
Client monitoring
Client monitoring enables the administrator to monitor each user’s acceleration performance, link
capacity, delta cache capacity, software version, and configuration. From the Manager, the
administrator can view the TCP connections and acceleration sessions active on any end user’s
PC, to diagnose application acceleration or networking issues.
System monitoring
System monitoring enables the administrator to monitor overall acceleration performance,
system performance and server status.
The data that is displayed in these graphs is obtained from Windows Performance Monitor
(PerfMon) counters. These PerfMon counters may be monitored directly using standard tools.
Additionally, the same data that is available via the PerfMon counters is also available via the
MIB, and may be displayed via any standard network management tool.
Cisco WAAS Mobile Administration Guide
67
System events
The most recent events are displayed on the Manage > Dashboard page. Internally, these events
are generated as NT events and, as such may be monitored by Microsoft System Manager or,
using any number of 3rd party utilities, may be pushed to a syslog. In addition, for each NT event,
an SNMP trap is also set, enabling standard network management tools to monitor WAAS
Mobile system events. The WAAS Mobile server MIB is installed with the server software in the
C:\Program Files\Cisco\WAASMobileServer folder.
System reports
See CHAPTER 6 for a complete description of system reports. System reports are not humanreadable, and are sent to Cisco for advanced troubleshooting support. To ensure that all
necessary troubleshooting information is captured:
•
Enable Network Monitoring (prior to generating the system report) by navigating to the
Configure > Clients > Diagnostics menu. This feature is disabled by default, as there
may be interoperability issues with certain IPsec VPNs (e.g., CheckPoint).
•
Ensure that both the WAAS Mobile client and server are running. If the user Disables the
client, the troubleshooting information is preserved, but if he/she Exits the client, all
debug information is lost.
•
Generate the system report shortly after an event occurs since, by default, the system
report only covers a short traffic interval. To enable the capture of more history, enable
Large Client System Reports by navigating to the Configure > Clients > Diagnostics
menu, but still ensure that the system report is generated as soon after the event occurs as
possible.
•
Enter a concise description of the issue in the system report description field, including
the sequence of steps that led up to the occurrence of the issue. This will guide the Cisco
engineers who examine the report.
•
Capture both a client and server system report. The GUID (which is the prefix in the
system report title) and the time of day (which is also included in the system report title)
facilitate matching the server and client system reports associated with the same event.
Logs
There are multiple types of logs that may be generated, including:
•
Installation log.
NOTE: Installation logs are only created by PCs running Windows Installer 4.5 or later.
To check the version level of the Windows installer on a PC, open a command prompt
window and type “msiexec /?”.
•
68
Event logs. Event logs are displayed on the Manage > Events page.
Diagnostics
Client-Side Diagnostics
Icon Colors
While running, an “acceleration icon” will be displayed in the Windows system tray to indicate
the WAAS Mobile software status.
Figure 10 Acceleration Icon in System Tray
The icon states and corresponding descriptions are as follows:
Cisco WAAS Mobile is accelerating traffic.
Cisco WAAS Mobile is not accelerating traffic.
Client Diagnostics
When the user double-clicks the tray icon or selects Client Manager from the tray icon menu, the
Cisco WAAS Mobile GUI is launched in a browser. From this page, select the Diagnostics tab
which consists of the following tabbed pages:
•
TCP Connections. Real time information regarding the acceleration of each active TCP
connection, including:
o
Application process name.
o
Acceleration server that is accelerating this TCP connection.
o
Destination IP of the TCP connection.
o
Acceleration status. If the TCP connection is not being accelerated by WAAS Mobile,
the status field provides an explanation as to why not.
o
Performance for each TCP connection, including data reduction, data before
optimization, and data after optimization.
NOTE: TCP session view is available for PCs running Windows XP SP2 and
later OSs.
•
Acceleration Server Connections. Real time information regarding the acceleration sessions
between the client and each server to which it is connected, including
o
Start time.
Cisco WAAS Mobile Administration Guide
69
•
o
Connection state.
o
Performance of each acceleration server connection, including bandwidth up and
down, latency, packet loss, data reduction, data before optimization, and data after
optimization.
Event Log. Persistent log of client events. See CHAPTER 11 for a listing of the client
messages and recommended diagnostic actions.
Figure 11 Client Manager Diagnostics – TCP Sessions Tab
TCP Session Status
Each TCP session will have one of the following acceleration status indicators:
•
•
•
•
•
•
70
Accelerated. The TCP session is being accelerated via the designated acceleration server.
Bypassed : Acceleration Server Unavailable. The client has successfully established an
acceleration connection with a license granting server, but the acceleration server that has
been designated to handle this connection by the Accelerated Network rules is
unavailable.
Bypassed : Per Accelerated Networks Rules. The Accelerated Network rules specify that TCP
connections to this address should be bypassed.
Bypassed : Low Latency. The latency between the client and the application server is less
than the latency threshold, which is 10 ms by default. This threshold may be modified on
the Connection Settings tab on the Configure > Clients > Networking page.
Bypassed: Client is Not Connected. The client cannot connect to the server because either
a.
Client has been disabled
b.
Client is close to the server and is in High-Speed Bypass
c.
Client is unable to obtain a license
d.
Client is unable to connect to a license granting server. See CHAPTER 11 for
troubleshooting tips.
Bypassed: Not on Accelerated Processes List. The process name associated with this TCP
connection is not on the Accelerated Processes white list. Processes may be added to this
list via the Accelerated Processes tab on the Configure > Clients > Acceleration page.
Diagnostics
•
•
•
•
Bypassed: Pre-existing Connection. When WAAS Mobile is started after other applications,
the existing TCP connections associated with those applications will not be reset unless
the “Auto Reset Connection” property has been selected for the process in the
Accelerated Processes table, and hence, these pre-existing connections will be bypassed.
Bypassed: Inderterminate routing rule. When multiple WAAS Mobile server farms are
deployed, the Exchange servers must be explicitly mapped to the server farms that will
accelerate them via the Accelerated Networks tab on the Configure > Clients >
Acceleration page.
Bypassed: Pre-existing or Low Latency. See above.
Bypassed : Reason Unknown. This message will occur when an attempt to reset a TCP
connection associated with an application that has been configured to have these
connections be automatically reset (via the Accelerated Processes table on the Configure
> Clients > Acceleration page) fails.
NOTE: The TCP session status table displays established TCP connections to
applications; it does not display TCP connections that are in the listening,
time_wait, or close_wait states and it does not display TCP connections to
localhost or connections associated with the Cisco WAAS Mobile client proxy
process.
Acceleration Server Connections
Accelerated traffic will be sent to one or more acceleration servers over an Acceleration Server
Connection. For each acceleration session between the client and WAAS Mobile server, the
following information is provided:
•
•
•
Start time
Connection state
Performance of each acceleration server connection, including bandwidth up and down,
latency, packet loss, data reduction, data before optimization, and data after optimization
At start-up, the client forms acceleration connections to up to 3 servers. One of these connections
will be the license-granting session. If the client needs to establish additional connections to other
acceleration servers, these sessions will be set up on-demand as traffic arrives.
Each Acceleration Server Connection will be in one of the following states:
•
Not connected. The client has a license and is connected to at least one acceleration server,
but traffic has not yet flowed over an accelerated connection.
•
Connecting. The client is in the process of connecting to the acceleration server.
•
Persistent. Networking has been interrupted, and the connection is being persisted
through the outage.
•
Active. The connection is being used to accelerate traffic.
•
Blank. If connection state is blank, then the client has not yet connected to any
acceleration server.
•
Dormant. There has been no activity on a connection to an acceleration server during the
last hour, and the client no longer has an accelerated connection to that server. Dormant
connections reduce the initial connection times for TCP sessions destined to the
acceleration server.
Cisco WAAS Mobile Administration Guide
71
System Reports
CHAPTER 6 provides a complete description of how to generate a system report. Note that
system reports must be generated while the WAAS Mobile client is running and shortly after the
issue has occurred. When the client generates a system report, information is captured on the
WAAS Mobile client and all servers to which the client is connected. The client system report is
automatically uploaded to the WAAS Mobile server from which it obtained a license. When a
server generates a system report, it is stored on that server. The Manager’s Manage > System
Reports page provides an integrated view of all of the system reports on all of the servers, and
provides links to these reports.
72
Diagnostics
CHAPTER 11. Troubleshooting
This chapter is divided into two sections: the first is intended to guide administrators in
determining exactly what type of issue the user is having, and the second can then be used to
help troubleshoot and resolve the issue. If necessary or if the support issue is beyond the scope of
this document, escalate the issue to the Cisco Technical Assistance Center (TAC) for assistance.
Installation & Integration Troubleshooting
•
General installation issues
o
Please confirm that the client or server in question meets the minimum hardware
requirements and that the server meets all software requirements as noted in
CHAPTER 2.
•
For server issues, see Table 20 in this chapter.
•
For client issues, see Table 21 in this chapter.
•
Networking issue relating to server integration.
o
Refer to Table 20 in this chapter; in general, the server should be setup in similar
fashion to other application servers co-located with it.
NOTE: The Cisco WAAS Mobile system is not in the critical path, which means
when properly configured it will never restrict access to resources. If the server
or client crashes the client machine will simply lose acceleration to network
resources, not access.
Troubleshooting Client Connection Issues
•
Client unable to connect to WAAS Mobile server.
o
•
•
This could be a problem on the client machine, server machine or the network so,
while a common problem, it is also complex in nature. Check the Event Log tab
of the Diagnostics page of the Client Manager and then refer to Table 22.
Server not running.
o
Was the server stopped? Check the Manage > Servers page and attempt to start
the server.
o
Is a valid license key being used? Check that licenses are properly provisioned on
the Configure > Manager > Licenses page.
o
Check the Manage > Events page for related messages.
o
Refer to Table 20 for additional guidance.
Client unable to connect to network resource when connected to the WAAS Mobile
server.
o
Does the problem occur when WAAS Mobile is not running?
o
Does the WAAS Mobile server have access to the resource?
ƒ
Can the WAAS Mobile server ping the resource?
ƒ
If not, can the WAAS Mobile run the application that the client is trying
to run? If it can’t perform the action, it can’t proxy the application on the
client’s behalf.
Cisco WAAS Mobile Administration Guide
73
Troubleshooting Performance Issues
If acceleration is not occurring
•
Verify that the desktop icon is green, indicating that the client has formed an acceleration
session with at least one acceleration server.
•
•
If green, then
o
Check the TCP Sessions tab of the Diagnostics page of the Client Manager and
verify that the TCP sessions associated with the application are being accelerated.
o
Check the Acceleration Server Sessions tab of the Diagnostics page of the Client
Manager to verify connectivity and that the sent/received statistics are
incrementing.
If gray, then
o
See Troubleshooting Client Connection Issues above.
Refer to Table 21 for further troubleshooting techniques.
Troubleshoooting HTTPS
Verify that HTTPS is properly configured
•
Start WAAS Mobile client.
•
Open a browser.
•
Visit a secure site. It should open without any problems (i.e., no pop-up dialog boxes).
•
Double-click the padlock icon. A certificate will be displayed. (This is for Internet
Explorer. Other browsers also display padlocks but displaying the certificate may require
a different action).
•
The issuer name that is displayed should end with a GUID. The GUID should be the
same as the registry value Options\HTTPS\HostId on the WAAS Mobile server.
HTTPS Troubleshooting Steps
•
Verify that HTTPS acceleration has been enabled and that the destination server is on the
HTTPS inclusion list.
•
When using the WAAS Mobile self-signed CA:
o
•
74
After the client has been run and the certificate popup accepted, check that the
WAAS Mobile server CA certificate is in the user’s trusted certificate store. If not,
send a System Report to the Cisco Technical Assistance Center (TAC) for
analysis.
When WAAS Mobile server is configured as a subordinate CA:
o
Check the messages relating to the SSL Proxy in the WAAS Mobile server log on
startup. If the message following, “The result of the attempt is” is not “certificate
request created” or “success,” send a System Report to the Cisco Technical
Assistance Center (TAC) for analysis.
o
Check that the WAAS Mobile server CA certificate is present in the personal
machine store on the WAAS Mobile server machine. If not, it must be obtained
and installed.
Troubleshooting
o
Check that the WAAS Mobile server CA certificate is trusted on the WAAS
Mobile server. If not, the certificate chain for the Enterprise CA used to issue the
WAAS Mobile server CA certificate must be imported into the personal machine
store, and the root of the chain must be imported into the trusted machine store.
o
Run the WAAS Mobile client on a client machine. After it connects successfully,
check that the WAAS Mobile server CA certificate is in the user’s personal
certificate store on the client machine after the WAAS Mobile client has been run.
If not, send a System Report to the Cisco Technical Assistance Center (TAC) for
analysis.
o
Check that the WAAS Mobile server CA certificate in the user’s personal
certificate store on the client machine is trusted. If not, send a System Report to
the Cisco Technical Assistance Center (TAC) for analysis.
Popup (or other alert) On Client
On occasion you may visit a secure web site and the browser will present you with a popup
dialog box. The dialog box presents information about the reissued web server certificate that has
been created by the WAAS Mobile server from the original web server certificate. There are
usually three things to look at:
•
Is the reissued certificate trusted?
•
Is the reissued certificate within its date range?
•
Is the name on the reissued certificate correct?
If the reissued certificate is not trusted, it means the original certificate was not trusted on the
WAAS Mobile server. The usual cause of this is that the root of the certificate chain for the web
server certificate is not in the trusted machine store on the WAAS Mobile server machine. Web
server certificates are almost always issued by a globally recognized CA that is pre-installed on
all major operating systems. Lack of trust for a certificate from a public web server strongly
suggests that the original certificate should be viewed with suspicion.
The situation is entirely different when the web server is inside your own enterprise. In that case
the likely cause for this error is that the root of the web server certificate has not been imported
into the trusted machine store on the WAAS Mobile server machine. This will almost certainly be
the case in three common scenarios:
•
The web server certificate is self-signed. In this case, import the web server certificate
itself into the trusted machine store on the WAAS Mobile server machine.
•
The web server certificate is signed by an enterprise CA that is self-signed. In this case,
import the CA certificate into the trusted machine store on the WAAS Mobile server
machine.
•
The web server certificate is issued using a two-level enterprise CA, in which the root
certificate is self-signed. In this case, import the root CA certificate into the trusted
machine store on the WAAS Mobile server machine.
On Windows operating systems, use the certificates MMC snap-in to import, export and view
certificates.
Another cause of lack of trust is date range problems. The WAAS Mobile server issues an
untrusted certificate in this case. If everything else is OK and the date range is wrong, it is
common practice to accept the certificate.
Troubleshooting Delta Cache Encryption
If Delta cache encryption is not working or is not allowed on a domain computer.
Cisco WAAS Mobile Administration Guide
75
•
Verify that the Group Policy for the domain is setup with a Data Recovery Agent;
additional information can be found at HTTP://technet.microsoft.com/enus/library/cc778448.aspx.
•
Check if the Group Policy is setup with a Data Recovery Agent but its certificate is
invalid or expired. Additional information on renewing certificates can be found at
HTTP://support.microsoft.com/default.aspx/kb/937536.
•
Verify that the Group Policy is configured to allow File Encryption. This requires a
checkbox to be checked in the Encrypting File System Æ Properties window.
•
For more information on Windows EFS, see HTTP://technet.microsoft.com/enus/library/bb457116.aspx.
Troubleshooting SNMP
Troubleshooting SNMP Notifications (“Traps”)
1.
Is the WAAS Mobile Server process running? If not, start it and make its start
automatic.
2.
Are NT Events enabled on the WAAS Mobile server? If not, enable them.
3.
Is the SNMP Service running? If not, start it and make its start automatic.
4.
Is AccelSnmpXa.dll loaded? If not, check if it is installed and registered properly as
described above. If it is correctly installed and registered but not loaded, the DLL is
corrupt and the WAAS Mobile server software should be reinstalled.
5.
Check SNMP Service Properties Traps tab. Is the community name what you
expected? Is the monitoring station address in the list of trap destinations? If either of
these conditions is not met, make the appropriate changes.
6.
Are traps from the WAAS Mobile server reaching their destination? To troubleshoot,
trace the packet trail as follows:
a.
Using NetMon on the WAAS Mobile server, capture SNMP packets
generated when the server process is restarted, monitoring on the interface
on which they are sent. If none are captured, return to step 1 of this
troubleshooting guide.
b. If the packets are being sent, inspect their content to see if they are being sent
to the expected host and port.
c.
7.
On the monitoring station, capture packets on the interface on which they
should arrive. If none arrive when they are known to be generated on the
server, check the local firewall (if any), network connections and the IP
routing arrangements of your network.
Check that the server machine IP address corresponds to one of the entities to which
the management station is listening, and that the entity is set to use SNMPv1 or
SNMPv2.
After all these steps are successfully completed the traps will be displayed.
Troubleshooting SNMP Statistics
76
Troubleshooting
1.
Is the WAAS Mobile Server process running? If not, start it and make its start
automatic.
2.
Are NT performance counters enabled on the computer hosting the WAAS Mobile
server? If not, enable them.
3.
Is the SNMP Service running on the computer hosting the WAAS Mobile server? If
not, start it and make its start automatic.
4.
Is AccelSnmpXa.dll loaded? If not, check it is installed and registered. If it is correctly
installed and registered but not loaded, the DLL is corrupt and the WAAS Mobile
server software should be reinstalled.
5.
Check SNMP Service Properties Security tab. Is the community name what you
expect (e.g., public)? Is the monitoring station address in the list of trap destinations?
If either of these conditions is not met, make the appropriate changes.
6.
Requests for counters originate on the monitoring station. To troubleshoot, follow the
packet trail using NetMon.
7.
Using NetMon on the monitoring station, capture SNMP packets generated when the
management station tries to access the performance variables, monitoring on the
interface on which the packets are sent. If none are captured, check that the
management station is sending to the correct host.
8.
If the packets are being sent, inspect their content to see if they are being sent to the
expected host and port.
9.
On the WAAS Mobile server, capture packets on the interface on which they should
arrive. If none arrive when they are known to be generated on the server, check the
local firewall (if any), network connections and the IP routing arrangements of your
network.
10. If the packets are arriving, check if any packets are being sent back. It is common for
the SNMP service to notify of problems in a response packet. If the returned packets
contain “authentication failure” indications, check the Accepted Community Names
on the Security tab of the SNMP Service, and check the security name associated with
the Context that is being used in by the management station.
After all these steps are successfully completed, the counters will be displayed.
Cisco WAAS Mobile Administration Guide
77
Problem Isolation
WAAS Mobile Server Issues and Isolation
Table 20 WAAS Mobile Server Issues and Isolation
78
Activity
Symptom
Possible Causes
Resolution
Installation
License key issues
No license key has been
input, or invalid license
key input
Input a valid license key on the Configure > Manager >
Licenses page. Make sure that there are no space
characters either before or after the license string.
General installation
issues
Missing operating
system components (for
example, IIS)
Verify server software and hardware requirements found
in CHAPTER 2.
Networking
Network or Specific
Resource is Inaccessible
General Networking
Issue on Server During
Setup
Use the command line tool ipconfig.exe along with
Windows Network Connections module to verify the
WAAS Mobile server has the proper network settings.
Starting WAAS
Mobile
Manager
An “Under
Construction” page is
presented when
opening the WAAS
Mobile Manager
Incorrect URL or
Firewall issues
Verify the URL is in the form of
HTTP://ServerName/ControllerWeb/manSummary.aspx.
Accessing
System Reports
The following error
message is displayed
“Security Alert… Your
current security settings
do not allow this file to
be downloaded.”
Manager is being
accessed from localhost,
and the system report,
which uses the server’s
IP, is not trusted.
Verify network path to the server and that the Manager
will open using the browser on the server.
In the browser settings, add the host IP to the local intranet
zone list. For Internet Explorer, go to Tools > Internet
Options > Security to configure this.
Troubleshooting
WAAS Mobile Client Issues and Isolation
Table 21 WAAS Mobile Client Issues and Isolation
Activity
Symptom
Possible Causes
Resolution
Client
Installation
Client Fails to Install.
The client installation
components may be
inaccessible if hosted on a
network share.
Restart the client computer and
retry the installation. If that does
not succeed, redownload the
installation file to the PC and
reinstall. If a Windows error
message is provided during the
installation, search online for that
error message for further
information.
Client
Installation
Client Fails to Install.
In the rare case where an
install fails after multiple
attempts a machine may have
a bad OS configuration.
Contact Cisco support for
assistance.
Client
Connection
Icon in system tray shows not connected.
If this is happening for all
users, the server(s) may not be
running.
First, go to the Manage >
Dashboard page to verify that the
server(s) is (are) running.
If this is happening for a single
user, then client may be
disabled or may not be able to
reach the server.
Then, on the client PC, open the
Client Manager, click on the
Diagnostics tab, view the Event
Log, and refer to Table 22.
The browser is configured to
use an upstream proxy server.
Enable “Bypass proxy server for
local addresses.” For Internet
Explorer 8, do this via the Tools >
Internet Options > Connections >
LAN Settings menu.
Client User
Interface
The user is unable to launch the Client
Manager.
Cisco WAAS Mobile Administration Guide
79
80
Activity
Symptom
Possible Causes
Resolution
Client
Operations
WAAS Mobile is connected but HTTP traffic is
not being accelerated.
Proxy settings can cause
protocol specific errors.
Check the user’s browser settings
for an incorrect proxy address.
Also check the user’s TCP sessions
tab, which can be accessed in
either the client GUI or the
Manager GUI.
Client
Operations
Unable to access site or network share.
The WAAS Mobile server may
not have access to the site.
Confirm this issue occurs when
WAAS Mobile is not running.
Once WAAS Mobile is running, all
accelerated traffic is routed
through the WAAS Mobile server;
confirm that the server’s DNS
server is properly resolving the
names of the servers to be
accelerated and that there is a
routable path from the WAAS
Mobile server to this resource.
Confirm that the same application
can be run on the WAAS Mobile
server; after doing this, uninstall
the application from the WAAS
Mobile server if it had to be
installed for this test.
Troubleshooting
Activity
Symptom
Possible Causes
Resolution
Client
Operations
Application is not being accelerated.
Configuration issue can result
in traffic bypassing WAAS
Mobile.
Determine if the traffic is passing
through WAAS Mobile by viewing
the client TCP Session statistics. If
it is not being accelerated, the
reason the traffic is being bypassed
is displayed in this table.
Review the settings on the server,
making certain that there is no rule
that causes the traffic of interest to
not receive acceleration. If the
reason for the lack of acceleration
can not be determined, trigger a
system report and contact Cisco
Technical Assistance Center
(TAC).
Client
Operations
HTTPS traffic is not being accelerated.
WAAS Mobile is bypassing a
network resource.
Check the TCP Sessions view to
determine if the traffic is being
bypassed because the latency to
the server is below the threshold.
If latency bypass is not causing the
problem, verify HTTPS settings
and certificates as described in
CHAPTER 6.
Client Event Messages
The table below summarizes the client event log messages. These messages may be displayed on the client PC by navigating to the Event Log tab
of the Diagnostics tab of the Client Monitor. Alternatively, these messages may be viewed on the Manager by navigating to the Manage > Clients
page, clicking on the client for you would like to view Detailed Client Status, and then selecting the Event Log tab.
Cisco WAAS Mobile Administration Guide
81
Table 22 WAAS Mobile Client Event Messages
Event Text
Cause
Resolution
Unable to connect to server <IP or hostname>.
UDP port <port number> is blocked.
Port 1182 has not been opened
Session connected: Server <IP or hostname>.
Downlink bandwidth is xx kbps, Uplink
bandwidth is yy kbps, round trip time is zz
msec
Session status: Connected to server <IP or
hostname>
Session status: Persisting to server <IP or
hostname>
Client has successfully connect to the server
Check to see if a firewall on the user’s machine
or anywhere between the client and the server
is blocking port 1182 UDP
None required. Informational only.
Informational only.
None required.
Client has disconnected from the server
Persistent sessions is enabled and the server is
maintaining the session.
Session status: High speed bypass of server
<IP or hostname>
Client traffic is bypassing the WAAS Mobile
server because there is a low latency
connection between the client and the server.
Farm or server configuration on client's
accelerated networks table has not been
configured in the farm list.
None required if this is the desired behavior. If
you do not want the disconnected session to
be maintained, disable the persistent sessions
feature on the server.
If this is not the desired behavior disable the
High Speed bypass feature on the server.
Session status: Client unable to connect to
server <ip or hostname>: Inconsistent
configuration detected. Farm name could not
be matched.
Session status: Client unable to connect to
server <ip or hostname>: Client failed to
create TCP connection to the server.
Session status: Client unable to connect to
server <ip or hostname>: Server not reachable
Session status: Client unable to connect to
server <ip or hostname>: Authorization
Timeout
82
This is typically related to a network
configuration or a connectivity issue.
This is typically related to a network
configuration or a connectivity issue.
Client was unsuccessful trying to obtain login
credentials from external source
Verify accelerated networks table and server
farm settings in the Manager match for the
appropriate client distribution.
Verify that client path to server is functional
and the firewall allows access over TCP port
1182.
Verify that client path to server is functional
and that the appropriate ports are open on the
firewall.
Verify server configuration for RADIUS
authentication and verify connectivity to
RADIUS server from WAAS MobileServer.
Troubleshooting
Event Text
Cause
Resolution
Session status: Client unable to connect to
server <ip or hostname>: Server licenses
exceeded
Session status: Client unable to connect to
server <ip or hostname>: Server is busy
Server license limit has been reached. If
multiple servers are configured, the client will
attempt to connect to a different server.
Server is experiencing high load. If multiple
servers are configured, the client will attempt
to connect to a different server.
Session status: Client unable to connect to
server <ip or hostname>: Unknown
connection problem
Session status: Client unable to connect to
server <ip or hostname>: Login problem
Client is unable to interpret reason for
inability to connect.
Verify license parameters and either reduce
the number of users or provision additional
licenses
Wait a few minutes and instruct user to try
again. If problem persists check server
memory and CPU parameters for the user
load via the Manage > Monitoring page.
Have user try again. If problem persists
trigger a system report and contact Cisco
Technical Assistance Center (TAC).
Have user try again. If problem persists
trigger a system report and contact Cisco
Technical Assistance Center (TAC).
Session status: Disconnected from server <IP
or hostname>: Network problem
Client was unable to successfully complete the
login process with the WAAS Mobile server. If
multiple servers are configured, the client will
attempt to connect to a different server.
Connection to the WAAS Mobile server was
unexpectedly terminated
Session status: Disconnected from server <IP
or hostname>: Session problem
Client needed to reset the connection to the
server.
Session status: Disconnected from server <IP
or hostname>: Server disconnected
The server has restarted due to a problem or
the administrator action.
Cisco WAAS Mobile Administration Guide
Verify network health. Connection should be
automatically restored once connectivity is
available. If the physical network is not the
problem, trigger a system report on client and
server then contact Cisco Technical Assistance
Center (TAC).
Connection should automatically be
reestablished. This will automatically trigger a
client system report at the time of the problem.
If the problem persists, contact Cisco Technical
Assistance Center (TAC) and provide the
system report.
If this is a server restart, check the Manager’s
system report page for presence of a servertriggered system report and contact Cisco
Technical Assistance Center (TAC).
83
Event Text
Cause
Resolution
Session status: Disconnected from server <IP
or hostname>: Client disconnected
Typically this is an informational message
only.
Session status: Disconnected from server <IP
or hostname>: Server problem
The server needed to restart the connection to
the client
Session status: Client unable to connect to
server <ip or hostname>: Login timed out
During the login process excessive delays
were encountered.
Session status: Client unable to connect to
server <ip or hostname>: ACL bypass
Persistent session to server <IP or hostname>
is terminated. This session was inactive for too
long.
Persistent session to server <IP or hostname>
is terminated. This session does not exist on
the server anymore.
Informational only. Server is being bypassed
due to ACL configuration.
Informational only. Client has been
disconnected from server for longer than
configured persistent session timeout value.
informational only. Client has been
disconnected from the server for longer than
the configured persistent session timeout
value, so the session has been terminated. A
new session should be established when the
client tries to connect.
Informational only.
Verify the client has disconnected
intentionally. If that is not the case verify the
issue is reproducible and provide system
report to Cisco Technical Assistance Center
(TAC).
Check the Manager’s system report page for
presence of a server-triggered system report
and contact Cisco Technical Assistance Center
(TAC).
Request user try again. If problem persists.
Trigger a system report on the client and
contact Cisco Technical Assistance Center
(TAC).
None required.
On-demand connection to <IP or hostname>
completed
On-demand connection to farm
'<farm_name>' started -- application traffic to
<IP or hostname>
Session to <IP or hostname> timed out due to
inactivity
84
None required.
None required.
None required.
Informational only.
None required.
Informational only.
None required.
Troubleshooting
Event Text
Cause
Resolution
License status: Granted from server <IP or
hostname>
License status: Denied from: server <IP or
hostname>
Informational only.
None required.
Occurs when a server runs out of licenses.
Configuration status: Update received from:
server <IP or hostname>
Configuration status: Successfully applied
Configuration status: Failed to apply
Informational only.
If client was unable to obtain a license from
any server, verify that a sufficient number of
licenses have been provisioned.
None required.
Informational only.
Client configuration change was unsuccessful.
Software upgrade: Upgrade received from:
server <IP or hostname>
Software upgrade: Successfully applied.
Software upgrade: Failed to apply.
Informational only.
Failed to initialize the client GUI shared state.
Error code x, x.
Attempted to start client while a client process
was still running.
Configuration warning: Insufficient disk space
on client. The client delta cache file is located
at <delta_cache_directory>. Delta caching
disabled.
Insufficient disk space on the PC.
Cisco WAAS Mobile Administration Guide
Informational only.
Client software upgrade was unsuccessful.
None required.
Exit and restart the client. If problem is not
resolved, reboot client PC. If problem is still
not resolved, obtain a system report and
contact Cisco Technical Assistance Center
(TAC).
None required.
None required.
Reboot client PC. If problem is still not
resolved, delete the client via Add/Remove
Programs on the Control Panel and reinstall.
If still unsuccessful, obtain a system report
and contact Cisco Technical Assistance Center
(TAC).
The client will continue trying to startup for 15
seconds. After that time, the user will receive
the following pop-up message, “The WAAS
Mobile Client GUI failed to initialize. Please
try starting the WAAS Mobile Client again.”
The PC disk must have sufficient capacity to
support at least the fallback delta cache size,
which is 256 MB, by default, and which can be
modified via the Manager.
85
Event Text
Cause
Resolution
Configuration warning: Insufficient disk space
on server <server_addr>. Please contact your
administrator. Delta caching disabled.
Failed to contact server <IP or hostname>
while initiating server system report
Server is improperly configured and does not
have sufficient space available to create a delta
cache file.
Client was trying to tell the server to generate
a system report and was unable to do so.
Failed to send data to <IP or hostname> while
initiating server system report
Client was trying to upload a system report
and was unable to do so.
Initiated server system report to server <IP or
hostname>
Initiated server system report to primary
server <IP or hostname>
Client has generated a system report and
triggered the matching report on listed server.
Client or another server in the server farm has
triggered a system report.
User Action: Client Restarted.
User Action: Restored default settings.
User Action: Changed delta cache size.
User Action: Cleared delta cache.
User Action: Cleared Client Manager statistics.
User Action: Enabled Start when Windows
starts checkbox.
User Action: Disabled Start when Windows
starts checkbox.
User Action: Acceleration disabled.
Informational only.
Informational only.
Informational only.
Informational only.
Informational only.
Informational only.
Free up appropriate disk space on the server
or change the server delta cache size via the
Manager.
May be a result of a network connectivity
issue or a server problem. If all users are
experiencing this issue, verify permission
settings on the server. Verify network
connectivity and that the reports were
generated on both the client and server and
then contact Cisco Technical Assistance Center
(TAC).
Verify network connectivity and server status.
If all users are experiencing this issue, verify
permission settings on the server. Contact
Cisco Technical Assistance Center (TAC) if
problem persists.
Contact Cisco Technical Assistance Center
(TAC) if appropriate.
If the report was generated by a server check
for log messages related to that server and
contact Cisco Technical Assistance Center
(TAC) if appropriate.
None required.
None required.
None required.
None required.
None required.
None required.
Informational only.
None required.
Informational only.
None required.
86
Troubleshooting
Event Text
Cause
Resolution
User Action: Acceleration enabled.
User Action: Created System Report.
User Action: Client Started
User Action: Client Exited
Log rotation: <timestamp>. This should be
the first message in the new log file upon
completion of a rotation event. The old log file
is archived at <archived_filename>.
Creating <Process Name> System Report.
<Process Name> System Report is temporarily
written to <File path for Temporary Dat File>
The System Report will be sent to <Url>
Compiled System Report Archive at <File path
for Cab File> with <Number of Files
Archived> files
Send System Report using Connection Type
<Connection Type>
System Report failure: Unable to send System
Report data to the System Report receiver.
Informational only.
Informational only.
Informational only.
Informational only.
Informational only.
None required.
None required.
None required.
None required.
None required.
Informational only.
Informational only.
None required.
None required.
Informational only.
Informational only.
None required.
None required.
Informational only.
None required.
A system report was generated by a client. The
attempt to send it to a server failed. The user
will be prompted to save the system report
locally on the PC.
Informational only.
Ensure connectivity to server and verify
system report exists on client.
Sending System Report succeeded.
No connection attempts to the System Report
Receiver succeeded. Please inform your
Administrator.
Cisco WAAS Mobile Administration Guide
This event usually occurs in conjunction with
the event about WAAS Mobile client System
Report process (BlackBoxThrow.exe) being
unable to open a TCP connection to the
System Report Receiver.
Verify the creation of the system report and
contact Cisco Technical Assistance Center
(TAC).
Check that the machine can connect to the
System Report Receiver correctly. The
Receiver's machine may not be running
currently or there may be a firewall blocking
access. By default all clients will upload their
System Reports to the server they received a
license from. This can be seen in the client
Event Log.
87
Event Text
Cause
Resolution
System Report failure: Unable to access a local
network device.
A network configuration problem occurred on
the local client machine.
System Report failure: Unable to access
System Report data.
The System Report was not created correctly.
System Report failure: Invalid System Report
URL <Url>.
The system report receiver site set in the
client's configuration is invalid.
System Report failure: System Report receiver
site <Url> must use HTTP or HTTPS.
The system report receiver site set in the
client's configuration is not using HTTP or
HTTPS.
System Report failure: Unable to create a TCP
connection using Connection Type
<Connection Type>.
System Report failure: Unable to create a TCP
connection to System Report receiver site
<Url>.
WAAS Mobile client System Report process
(BlackBoxThrow.exe) is unable to connect to
the System Report receiver site.
WAAS Mobile client System Report process
(BlackBoxThrow.exe) is unable to connect to
the System Report receiver site.
Please check the network configuration
settings on the client that reported the
problem.
Check that the location of the System Report
exists. If it does not exist, make sure that
WAAS Mobile process has permissions to
write to the local user's temporary directory
(WAAS Mobile runs as the local user). The
location appears in a previous log message. If
it does, enable System Report logging and
send a BlackBox.log file to the Cisco Technical
Assistance Center (TAC). To enable this log on
the client side create the following registry
key:
HKLM\Software\ICT\Blackbox\EnableLogging
(DWORD) set it to 1 and restart the client.
Have a System Administrator review and
modify the client's configuration system report
receiver URL under Configure > Clients >
Diagnostics.
Have a System Administrator review and
modify the client's configuration system report
receiver URL under Configure > Clients >
Diagnostics.
The user should check his or her network
connection to the server.
88
The user should check his or her network
connection to the server.
Troubleshooting
Event Text
Cause
Resolution
System Report failure: Cannot create request
to send System Report.
WAAS Mobile client System Report process
(BlackBoxThrow.exe) was able to create a TCP
connection to the System Report Receiver but
was unable to create an HTTP request to send
to the Receiver.
System Report failure: Unable to send System
Report due to a proxy authentication failure
with account <username>.
This problem can only occur if WAAS Mobile
client System Report process
(BlackBoxThrow.exe) needs to send a System
Report through a proxy server before it
reaches the System Report Receiver. The proxy
server needs authentication and the proxy
authentication account set in the client's
configuration is incorrect.
This problem can only occur if WAAS Mobile
client System Report process
(BlackBoxThrow.exe) needs to send a System
Report through a proxy server before it
reaches the System Report Receiver. The proxy
server needs authentication and the proxy
authentication account set in the client's
configuration is incorrect.
This problem can only occur if WAAS Mobile
client System Report process
(BlackBoxThrow.exe) needs to send a System
Report through a proxy server before it
reaches the System Report Receiver. The proxy
server needs authentication and the proxy
authentication account set in the client's
configuration is incorrect.
This indicates that there is a problem with
BlackBoxThrow.exe. In this case, enable
System Report logging and send a copy of
BlackBox.log to the Cisco Technical Assistance
Center (TAC). To enable this log on the client
side create the following registry key:
HKLM\Software\ICT\Blackbox\EnableLogging
(DWORD) set it to 1 and restart the client.
Check where the server is located in the
network map. All machines that use WAAS
Mobile must be able to connect to it directly.
By default all clients will upload their System
Reports to the server they received a license
from. This can be seen in the client Event Log.
System Report failure: Unable to complete
sending the System Report due to a proxy
authentication failure with account
<username>
System Report failure: Unable to send System
Report using proxy authentication with
account <username>
Cisco WAAS Mobile Administration Guide
Check where the server is located in the
network map. All machines that use WAAS
Mobile must be able to connect to it directly.
By default all clients will upload their System
Reports to the server they received a license
from. This can be seen in the client Event Log.
Check where the server is located in the
network map. All machines that use WAAS
Mobile must be able to connect to it directly.
By default all clients will upload their System
Reports to the server they received a license
from. This can be seen in the client Event Log.
89
Event Text
Cause
Resolution
System Report failure: Unable to set the
System Report size in the request.
WAAS Mobile client System Report process
(BlackBoxThrow.exe) is unable to set the
content length header in the HTTP request
that is sent to the System Report Receiver.
System Report failure: Unable to send the
request to the System Report receiver site
<Url>.
A failure occurred while sending an HTTP Get
request to the System Report Receiver. The
content length of the request is invalid or the
application is in offline mode.
Unable to read the HTTP status code header
value from the System Report receiver's
response.
Save the System Report locally and send it to
the Cisco Technical Assistance Center (TAC).
If the problem continues, enable System
Report logging and send a copy of
BlackBox.log to the Cisco Technical Assistance
Center (TAC). To enable this log on the client
side create the following registry key:
HKLM\Software\ICT\Blackbox\EnableLogging
(DWORD) set it to 1 and restart the client.
Check that the machine's network device is
active and connected. If that is true, save the
System Report locally and send it to the Cisco
Technical Assistance Center (TAC).
This usually means there is a problem with the
System Report Receiver service on the WAAS
Mobile server. Send a server system report to
the Cisco Technical Assistance Center (TAC)
to report the issue.
This usually means there is a problem with the
System Report Receiver service on the WAAS
Mobile server. Send a server system report to
the Cisco Technical Assistance Center (TAC)
to report the issue.
Close applications to free up memory or
increase virtual memory page size.
System Report failure: Unable to read the
response from the System Report receiver site
<Url>.
System Report failure: Unable to read the
content type from the System Report receiver's
response.
Unable to read the content type header value
from the System Report receiver's response.
System Report failure: There is not enough
space on the local machine to read the System
Report receiver's response.
Resource constraints on the local machine
causes if WAAS Mobile client System Report
process (BlackBoxThrow.exe) to be unable to
read the System Report receiver's response.
This problem occurs if WAAS Mobile client
System Report process (BlackBoxThrow.exe)
cannot read the HTTP content-type header
from the System Report receiver response.
System Report failure: A problem occurred
while reading the System Report receiver's
response.
90
This usually means there is a problem with the
System Report Receiver service on the WAAS
Mobile server. Send a server system report to
the Cisco Technical Assistance Center (TAC)
to report the issue.
Troubleshooting
Event Text
Cause
Resolution
System Report failure: Failed to download
data from the System Report receiver site
<Url>.
A failure occurred while WAAS Mobile client
System Report process (BlackBoxThrow.exe)
read a portion of the response data from the
connection to the System Report receiver.
System Report failure: Failed to upload the
System Report data to the System Report
receiver.
A failure occurred while WAAS Mobile client
System Report process (BlackBoxThrow.exe)
was sending a block of the System Report data
to the System Report receiver.
System Report failure: Did not upload all of
the System Report data to the System Report
receiver.
The WAAS Mobile client System Report
process (BlackBoxThrow.exe) sends blocks of
System Report data. It must send each entire
block of data to avoid corruption of the
System Report. If the entire block of data is not
sent, this error occurs.
The System Report Receiver was unable to
process the System Report and sent back an
error response.
This can indicate that the network connection
was unexpectedly terminated in the middle of
a System Report transfer. Check that the
machine's network status is functional before
attempting to send a new System Report.
This can indicate that the network connection
was unexpectedly terminated in the middle of
a System Report transfer. Check that the
machine's network status is functional before
attempting to send a new System Report.
This can indicate that the network connection
was unexpectedly terminated in the middle of
a System Report transfer. Check that the
machine's network status is functional before
attempting to send a new System Report.
System Report failure: HTTP error response
received from System Report Receiver:
Internal Error 500 - Please check that the
acceleration server's Web Server is functioning
properly.
System Report failure: HTTP error response
received from System Report Receiver: Bad
Gateway 502 - Please check that the
acceleration server's Web Server is functioning
properly.
Cisco WAAS Mobile Administration Guide
The System Report Receiver was unable to
process the System Report and sent back an
error response.
This usually means there is a problem with the
System Report Receiver service on the WAAS
Mobile server. Try restarting the Controller
Service on the server. If there are still issues
send a server system report to the Cisco
Technical Assistance Center (TAC) to report
the issue.
This usually means there is a problem with the
System Report Receiver service on the WAAS
Mobile server. Try restarting the Controller
Service on the server. If there are still issues
send a server system report to the Cisco
Technical Assistance Center (TAC) to report
the issue.
91
Event Text
Cause
Resolution
System Report failure: HTTP error response
received from System Report Receiver:
Unauthorized 401 - Please supply username
and password information when sending
System Reports.
The System Report Receiver requires that all
connections must be authenticated. The client
or server configuration does not include a
username and password to send with System
Report requests or the username and
password is invalid.
System Report failure: HTTP error response
received from System Report Receiver:
Request Timeout 408 - The acceleration
server's Web Server timed out while waiting
for the System Report to upload.
The connection between the System Report
Receiver and the WAAS Mobile client System
Report process (BlackBoxThrow.exe) was
terminated because it took too long to send the
System Report. This is a common problem
with connections over very slow network
speeds.
This problem can only occur if the WAAS
Mobile client System Report process
(BlackBoxThrow.exe) needs to send a System
Report through a proxy server before it
reaches the System Report Receiver. The proxy
server needs authentication and the proxy
authentication account set in the client's
configuration is incorrect.
The System Report Receiver was unable to
process the System Report and sent back an
error response.
The System Report Receiver should not
require authentication. In IIS Manager on the
Central Controller server, check that
authentication is disabled for the System
Report Receiver's virtual directory. Also
confirm that “Everyone” has
read\write\modify access to the following IIS
folder: \SystemReportsReceiver\Data
Send a server system report to the Cisco
Technical Assistance Center (TAC) to report
the issue. Also indicate how long it took to
send the system report before the problem
occurred.
System Report failure: HTTP error response
received from System Report Receiver: Proxy
Authentication Required 407 - Please supply
proxy server username and password
information when sending System Reports.
System Report failure: HTTP error response
received from System Report Receiver:
Forbidden 403 - Please check that the
acceleration server's Web Server is functioning
properly.
92
Check where the server is located in the
network map. All machines that use WAAS
Mobile must be able to connect to it directly.
By default all clients will upload their System
Reports to the server they received a license
from. This can be seen in the client Event Log.
This usually means there is a problem with the
System Report Receiver service on the
Acceleration server. Try restarting the
Controller Service on the server and check the
IIS settings. If there are still issues send a
server system report to the Cisco Technical
Assistance Center (TAC) to report the issue.
Troubleshooting
Event Text
Cause
Resolution
System Report failure: HTTP error response
received from System Report Receiver: HTTP
status code <status code>
The System Report Receiver was unable to
process the System Report and sent back an
unknown error response.
This usually means there is a problem with the
System Report Receiver service on the
Acceleration server. Try restarting the
Controller Service on the server and check the
IIS settings. If there are still issues send a
server system report to the Cisco Technical
Assistance Center (TAC) to report the issue.
Cisco WAAS Mobile Administration Guide
93
Server Event Messages
The table below includes commonly seen messages displayed on the Manage > Events and/or the Manage > Dashboard pages.
Table 23 WAAS Mobile Server Event Messages
Event Text
Cause
Resolution
The server encountered an error during
license validation. The license key was not
found.
The license key was not found.
Make sure your license is valid, reapply it and
restart the server.
The server encountered an error during
license validation. The license key appears to
be invalid.
The license key appears to be invalid or
missing.
Make sure your license is valid, reapply it and
restart the server.
The server encountered an error during
license validation. The license key was not
valid.
The license key was not valid.
Make sure your license is valid, reapply it and
restart the server.
The server encountered an error during
license validation. Unable to create network
info object.
Unable to create network info object.
Make sure your license is valid, reapply it and
restart the server.
The server encountered an error during
license validation. The license key did not
match required parameters.
The license key did not match required
parameters, i.e. something is different on the
machine from when the license was created.
Make sure your license is valid, reapply it and
restart the server.
The server failed to initialize. Server Health
Check failed at startup.
Server health check failed at startup.
Verify that the delta cache was created
properly by navigating to the Manage >
Servers page and clicking on the server to
view Detailed Server Status. Check that the
delta cache size is as expected and verify that
the machine is not running low on disk space.
94
Troubleshooting
Event Text
Cause
Resolution
Server failed to initialize. Failed to run the
proxy system manager.
Failed to run the proxy system manager.
This is a general error in response to a more
specific one. Make note of any error events
prior to this in the Windows Event Viewer.
View server log (if enabled) for more
information.
Server failed to initialize. Failed to run the
server link manager.
Failed to run the server link manager.
This is a general error in response to a more
specific one. Make note of any error events
prior to this in the Windows Event Viewer.
View server log (if enabled) for more
information.
Event logging was initialized.
Informational only.
None required.
The server license check succeeded.
Informational only.
None required.
Starting WAAS Mobile Server.
Informational only.
None required.
Shutting down WAAS Mobile Server.
Informational only.
None required.
Generating a black box, request received from
usersession.
Informational only.
None required.
Transport Thread Health Check Failed.
The transport thread was hung for at least 60
seconds. The server will now restart.
None required.
3-GB switch enabled.
Informational only.
None required.
3-GB switch disabled.
Informational only.
None required.
The server internet connection check failed.
The server internet connection appears to be
broken.
Fix the server’s internet connection.
Server failed to initialize. Failed to initialize
the SSL proxy.
Failed to initialize the SSL proxy.
This is a general error in response to a more
specific one. Make note of any error events
prior to this in the Windows Event Viewer.
View server log (if enabled) for more
information.
Cisco WAAS Mobile Administration Guide
95
Event Text
Cause
Resolution
Server failed to initialize. Failed to initialize
the persistent delta.
Failed to initialize the persistent delta.
Verify that the delta cache was created
properly by navigating to the Manage >
Servers page and clicking on the server to
view Detailed Server Status. Check that the
delta cache size is as expected and verify that
the machine is not running low on disk space.
Server failed to initialize. Server Health Check
failed at startup.
Server health check failed at startup.
Verify that the delta cache was created
properly by navigating to the Manage >
Servers page and clicking on the server to
view Detailed Server Status. Check that the
delta cache size is as expected and verify that
the machine is not running low on disk space.
Server failed to initialize. Failed to run the
proxy system manager.
Failed to run the proxy system manager.
This is a general error in response to a more
specific one. Make note of any error events
prior to this in Windows Event Viewer. View
server log (if enabled) for more information.
Server failed to initialize. Failed to run the
server link manager.
Failed to run the server link manager.
This is a general error in response to a more
specific one. Make note of any error events
prior to this in Windows Event Viewer. View
server log (if enabled) to see if there is any
more information.
The server encountered an error during
license validation. The license key was not
found.
The license key was not found.
Make sure your license is valid, reapply it and
restart the server.
The server encountered an error during
license validation. The license key appears to
be invalid.
The license key appears to be invalid or
missing.
Make sure your license is valid, reapply it and
restart the server.
96
Troubleshooting
Event Text
Cause
Resolution
The server encountered an error during
license validation. The license key was not
valid.
The license key was not valid.
Make sure your license is valid, reapply it and
restart the server.
The server encountered an error during
license validation. Unable to create network
info object.
Unable to create network info object.
A memory error occurred while trying to
verify the license key. Verify that the server
has sufficient memory available, and restart.
The server encountered an error during
license validation. Maximum number of total
users in license terms exceeded in user
database.
Maximum number of total users in license
terms exceeded in user database.
Decrease number of users or buy more
licenses.
The server encountered an error during
license validation. The license key did not
match required parameters.
The license key did not match required
parameters, i.e. something is different on the
machine from when the license was created.
On the Configure > Manager > Licenses page,
verify the key displayed exactly matches the
key that was issued.
The Manager encountered a run error. Failed
to initialize the FIF Config.
A memory error occurred while trying to
initialize the configuration subsystem.
Verify that the server has sufficient memory
available, and restart.
Cisco WAAS Mobile Administration Guide
97
CHAPTER 12. System Status Reports
System status reports are used by Cisco support technicians and software engineers when indepth system analysis is required for problem isolation. These reports include system state as
well as a brief history up to the point in time when the system report was generated. In the
unlikely event the WAAS Mobile client crashes, it will trigger a report automatically.
System reports may also be triggered manually from the server or any of the client computers.
This is often helpful when system anomalies are observed. Reports generated from a client
computer will also generate matching reports on the server(s) to which the client is connected.
Generating a System Report from a Client Computer
1.
Click the acceleration icon in the system tray and select System Report.
Figure 12 WAAS Mobile System Tray Icon Menu
When the Cisco WAAS Mobile: Description and Additional Information window appears:
•
Enter any information that could be helpful in diagnosing the situation you have
encountered, including a description of the problem and what you were doing when the
problem occurred. If the issue involves the transmission of a particular file, select Add
File to attach the file to the System Report (multiple files may be attached).
•
When finished, click Send Report and the system report will be sent to the server where
it can be downloaded along with the matching server-side report. All system reports can
be retrieved from the Manage > System Reports page. By default, system reports can
also be found in the following directory:
o
On Windows Server 2003 and 2003 R2: C:\Documents and Settings\All
Users\Application Data\Cisco\Inbox.
o
On Windows Server 2008 and 2008 R2: C:\ProgramData\Cisco\Inbox
Generating a System Report from the WAAS Mobile Server
There are two options for generating system reports from the WAAS Mobile server:
•
From the Manage > Servers page, select the servers and click Request System Report to
generate server status reports.
•
From the Manage > Clients page, select one or more users and click Request System
Report to generate reports for the selected clients and the servers to which they are
connected.
If system reports cannot be sent to the WAAS Mobile server, they may be saved locally on the
client’s PC by choosing Save Report on the Product Description and Additional Info window.
98
System Status Reports
Appendix A. Hardware and Software Configuration Guidelines
When configuring WAAS Mobile servers, the following hardware and software guidelines are
provided:
o
Windows Server x64 Standard Edition (2003 or 2008) is required to support 500 or more
concurrent users.
o
Delta cache storage should be provisioned to provide the desired history depth. The
desired history depth may vary, but 1-2 weeks of traffic history typically suffices. When
the cache is full, the least recently used data is overwritten. Server cache depth in days
may be viewed on the Manage > Monitoring page.
o
For best performance, the sum of the server delta cache capacities across all servers
should be at least 1/3 to 1/2 the sum of the provisioned client delta cache capacities
across all clients.
The table below provides specific guidance for configuring WAAS Mobile servers to meet a range
of capacity requirements for typical use cases. The administrator should configure the size of the
server delta cache for each server profile per the guidelines on this table via the Manager, by
navigating to Configure > Servers > Acceleration > Delta Cache.
Table 24 Server Hardware and Software Requirements
Number of Concurrent Users Less than 75 Storage Allocation OS and Delta WAAS Cache* Mobile
files 39 GB 35 GB Software
Standard Minimum Windows Server Edition 75 to 200 171 GB 61 GB Standard 200 to 500 405 GB 61 GB Standard 500 to 2000 1297 GB 100 GB x64 Standard 2000 to 4000 1297 GB 100 GB x64 Standard 4000 to 6000 2694 GB 100 GB x64 Standard 6000 to 8000 4+ TB 100 GB x64 Standard Hardware
Min. CPU 1.8 GHz Dual‐core 1.8 GHz Dual‐core 2.0 GHz Quad‐core Dual 2.0 GHz Quad‐
core Dual 2.0 GHz Quad‐
core Dual 2.3 GHz Quad‐
core Dual 2.3 GHz Quad‐
core Min. RAM Recom‐
mended Disk Config. Min. Raw Capacity per Disk NA 80 GB If 2 disks, RAID 1 250 GB 7200 RPM 7200 RPM RAID 1 500 GB RAID 5 500 GB Min. # Min. Hard Disk Disks Speed
2 GB 1 7200 RPM 7200 RPM 2 GB 1 or 2 4 GB 2 6 GB 4 12 GB 6 15000 RPM RAID 5 300 GB 16 GB 6 15000 RPM RAID 5 600 GB 24 GB 15000 RPM RAID 1 OS/ RAID 50 cache** External storage array * This column shows the maximum delta cache supported by the disk configuration listed in the
table. If additional storage is provisioned, larger delta caches are supported.
** In high capacity configurations, it is suggested that the operating system and WAAS Mobile
system files run on a pair of RAID 1 disks, with the delta cache in a RAID 5 or RAID 50
configuration.
Cisco WAAS Mobile Administration Guide
99
NOTE: This sizing guidance may also be applied to sizing virtual WAAS Mobile servers.
Expect that the throughput of the virtual server will be 80-90% of a bare metal server, so
plan the CPU allocation accordingly.
NOTE: For every 1 TB of additional delta cache that is configured, 1 GB of additional
RAM of must be provisioned. Delta caches larger than 1 TB should only be configured
on x64 operating system editions.
NOTE: Disk storage is specified in gigabytes (GB), and Windows file storage is specified
in gibibytes (GiB), so
Windows storage = 109 ÷ 230 × disk storage .
In other words, a 100 GB disk will provide 93 GB of file storage on a Windows OS.
NOTE: In a RAID 5 array, disk storage is (Num disks -1) x storage per disk.
In a RAID 1 array, disk storage is (Num disks ÷ 2) x storage per disk.
In a RAID 50 array, typically 2 sets of RAID 5 arrays are configured, in which case disk
storage is ((Num disks ÷ 2) -1) X storage per disk.
100
Hardware and Software Configuration Guidelines
Appendix B. List of Acronyms
Acronym
Definition
API
Application Programming Interface
ASP
Active Server Page(s) (Microsoft web scripting language and file
extension)
CGI
Common Gateway Interface (web scripting facility)
CIFS
Common Internet File Services (Microsoft)
DNS
Domain Name Service/System
EVDO
Evolution Data Only (optional version of CDMA 2000)
FTP
File Transfer Protocol
GB
Gigabyte
GbE
Gigabit Ethernet (IEEE 802.3z-1998)
GUI
Graphical User Interface
HTTP
Hypertext Transfer Protocol (world wide web protocol)
HTTPS
Hypertext Transfer Protocol over SSL
ICA
Independent Computing Architecture (Citrix)
IMAP4
Internet Messaging Access Protocol 4
IP
Internet Protocol
IIS
Internet Information Services (Microsoft)
IT
Information Technology
LAN
Local Area Network
MAPI
Microsoft Outlook Messaging API
MSSQL
Microsoft SQL Server
NetBIOS
Network Basic Input/Output System
NIC
Network Interface Card (PC Ethernet network card)
NTFS
New Technology File System (Microsoft Windows)
OS
Operating System
PC
Personal Computer
POP3
Post Office Protocol version 3 (Internet email protocol)
RAID
Redundant Array of Independent Disks
RAM
Random-Access Memory
RDP
Remote Desktop Protocol
Cisco WAAS Mobile Administration Guide
101
Acronym
Definition
RPM
Revolutions Per Minute
RTT
Round-Trip Time
SMB
Server Message Block (protocol)
SMTP
Simple Mail Transfer Protocol (internet email)
SNMP
Simple Network Management Protocol
SQL
Structured Query Language (database query lanquage)
SSL
Secure Sockets Layer (Netscape; web security protocol)
TAC
Technical Assistance Center
TCP
Transmission Control Protocol
UDP
Universal Datagram Protocol
URL
Uniform Resource Locator (world wide web address)
UTC
Coordinated Universal Time (Greenwich Mean Time, GMT)
VoIP
Voice Over IP
VPN
Virtual Private Network
WAAS
Cisco Wide Area Application Services
WAN
Wide Area Network
WiFi
Wireless Fidelity (IEEE 802.11b wireless networking)
102
List of Acronyms
This page intentionally left blank.
Cisco WAAS Mobile Administration Guide
103
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED
WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY
PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET
THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE
SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s
public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS
IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING,
WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM
A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES,
INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS
MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, the Cisco logo, DCE, and Welcome to the
Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS,
Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo,
Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch,
Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo,
LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX,
PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath,
WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (0809R)
Cisco WAAS Mobile Administration Guide 
Copyright © 2011 Cisco Systems, Inc. All rights reserved.