Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2745
Views
0
Helpful
1
Replies

WAAS without a central manager

bclough
Level 1
Level 1

‎01-14-2011 01:27 PM

I am trying to set up WAAS acceleration for a Secure FTP connection between two locations. I only have a NME-WAE-522 available to be the central manager.However, it appears that the 522 is not supported as a central manager.

So my questions are:

  1. Is there any software version that will let the WAE 522 module function as a central manager?
  2. Is it possible to perform the acceleration using just two WAE devices without the CM?
  3. Can such a configuration support SFTP acceleration?

Bruce Clough

Network Engineer

NSTec

0 Helpful
1 Reply 1

Michael Korenbaum
Level 4
Level 4

‎01-15-2011 06:34 PM

Hi,

Answers inline...

Is there any software version that will let the WAE 522 module function as a central manager?

     No, the smallest WAAS device that can be configured as a CM is the WAVE-274

Is it possible to perform the acceleration using just two WAE devices without the CM?

     Technically it is possible, but this is an unsupported/ not recommended configuration.  Without a CM you won't be able to have accurate reporting, centralized management of the policy engine on all devices, you won't be able to use features like the SSL AO, or CIFS prepositioning, etc. 

Can such a configuration support SFTP acceleration?

SFTP uses the SSH protocol to transfer data, which is encrypted.  Thus, the best level of optimization you can get is TFO only. 

By default SFTP will match against the default SSH policy, which applies TFO only.  If you want to specifically identify SFTP separately from SSH, you would need to create a new application & classifier that would match on the source and/or destination IP address (this would best be accomplished via the CM GUI). 

If you were to force the policy to full optimization, since SFTP relies on SSH to secure the transmission, the benefit from DRE+LZ would be minimal/ could cause more overhead since you won't likely find redundant bit patterns within encrypted data.

If you have the ability to transfer this data via HTTPS, then you could utilize the SSL AO by creating an SSL accelerated service, and you would receive full L4 optimization (TFO, DRE, LZ) and L7 optimization (HTTP and HTTPS AO if using WAAS 4.3.1; HTTPS AO only if prior to 4.3.1).  However, as mentioned above you will need a Central Manager in order to configure/ use SSL AO since you need to use the cms secure store to manage the keys.

For more information on the SSL AO you can review the following configuration guide section:

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v431/configuration/guide/policy.html#wp1096862


Hope this helps,

Mike Korenbaum

Cisco WAAS PDI Help Desk 

http://www.cisco.com/go/pdihelpdesk

0 Helpful
Customers Also Viewed These Support Documents