Although Riverbed is best known for its site-to-site WAN acceleration appliances, it hasn't forgotten teleworkers, road warriors and small branch offices. Steelhead Mobile is Riverbed's software client for accelerating individual remote connections to the data centre over the WAN or Internet.

Instead of having to deploy a Steelhead appliance for even the smallest branch office, IT can simply push the Steelhead Mobile client to users' desktops and laptops, and they can take advantage of Riverbed's best-of-class acceleration and optimisation wherever they might be or roam.

The newly released Riverbed Steelhead Mobile 3.1 fills in a number of features that were missing in previous versions. The ability to accelerate HTTPS, Exchange 2010 (encrypted MAPI), and Citrix XenApp and XenDesktop traffic streams, and support for Server Message Block (SMB) signing for secure Windows file sharing are now built in. Best of all, in addition to 32-bit Windows editions, Steelhead Mobile now runs on Windows 7 64-bit and Mac OS X Leopard (10.5) and Snow Leopard (10.6). Overall, performance on Windows and Mac OS X proved on a par with the physical appliance, with FTP traffic lagging ever so slightly behind all other traffic types.

Like a Steelhead appliance at the branch office, the Steelhead Mobile client works with a Steelhead at the opposite end of the link to reduce application protocol chattiness and deduplicate the data travelling over the network. In addition to at least one Steelhead appliance in the data centre, a Steelhead Mobile deployment requires a Steelhead Mobile Controller, which serves as the management and reporting system for the clients.

I tested Steelhead Mobile using both a Windows XP Pro PC and a MacBook Pro as my endpoints and a Steelhead 2050 as my data centre appliance. Instead of installing another appliance for the Steelhead Mobile Controller, I simply deployed the Steelhead Mobile Controller Virtual Edition on my Steelhead 2050 using the Riverbed Services Platform, a built-in virtualisation platform based on VMware. I simulated various WAN speeds and conditions using a Shunra Storm VE appliance and my test automation relied on Macro Scheduler from MJT Net.

Fast CIFS file copies, slower by FTP

Regardless of the link speed and conditions, Steelhead Mobile matched performance with the physical appliance for most traffic. This is because Steelhead Mobile's core is based on the code found in the physical Steelhead appliance. For example, a single large file copy using CIFS over a T1 with 500 ms of latency (simulating a satellite link) took 1 hour, 44 minutes and 16 seconds to complete without optimisation. With Steelhead Mobile enabled, the same copy only took 3 minutes and 17 seconds,  a 31x improvement. Subsequent "hot" passes averaged a mere 37 seconds. Performance was the same on Windows XP and Mac OS X. Both Steelhead Mobile clients performed just as expected.

Regardless of the WAN link speed, I saw similar reductions in transfer times whether the test was a bunch of small files, a series of open and save operations in Excel or MAPI traffic from an Exchange server. Even HTTP and HTTPS traffic benefited from Steelhead Mobile's optimisation and acceleration engine. The new HTTP and HTTPS pre-fetch and chatter reduction proved quite effective at improving the overall web experience.

Not all FTP traffic is equal, and I did notice an issue when testing FTP performance. There are two types of FTP communication: Active and Passive. Active FTP is where the client initialises the communication to the server and the server connects back to the client to complete the data transfer (outbound-inbound). Passive FTP is where the client initiates the communication and establishes the communication lane to the server (outbound-outbound). Passive FTP sessions benefit from Steelhead Mobile's optimisation, but Active FTP sessions do not, even though the Mobile Controller shows the connection as optimised.

This is due to the architecture of the Steelhead Mobile client. Whereas a Steelhead appliance will optimize connections that are initiated from either side of the WAN, the Steelhead Mobile client optimises only the connections it initiates. Mobile is smart enough not to block the FTP server's inbound connection, Active FTP sessions do work, but neither latency nor bandwidth requirements are reduced.

Passive FTP sessions are not affected because all communication is from the client to the server. When using Passive FTP, I did see performance gains, but they're relatively modest compared to CIFS file copies, an 8x improvement in the case of a single large file. Even on "hot" passes, CIFS traffic outpaced FTP response.

The Steelhead Mobile Controller gives admins an easy way to view the effectiveness of their optimization policy and the overall capacity increase on the WAN.

The Steelhead Mobile Controller gives admins an easy way to view the effectiveness of their optimisation policy and the overall capacity increase on the WAN.

Speedy Citrix XenApp and XenDesktop and secure Windows SMB

Also new in Steelhead Mobile 3.1 is native support for Citrix XenApp and XenDesktop traffic. For both Citrix terminal services and virtual desktop infrastructure (VDI) farms, Mobile now helps improve client response time over the WAN and reduce overall bandwidth needs. Mobile also automatically provides QoS for all Citrix traffic, resulting in more consistent and reduced response times. Configuration is limited to choosing the port for your XenApp traffic, there isn't anything else to worry about.

As noted earlier, Steelhead Mobile 3.1 now runs on Mac OS X, and it works like a champ. Along with speeding up WAN connections for the Mac itself, Mobile extends its optimization and acceleration benefits to hosted guest operating systems running on virtualisation layers such as VMware Fusion and Parallels Desktop. This means that any virtual machine hosted by the Mac will get the Steelhead treatment and take part in better overall WAN performance. The same goes for virtualisation on Windows, for that matter. As long as Steelhead Mobile fits into the computer's network stack, Mac or Windows, it can optimise any traffic that passes through it.

The Steelhead Mobile Controller displays the traffic passing between Steelhead Mobile clients and the data center. Here, it is easy to see that most CIFS traffic was redundant, providing a 99 percent reduction of data on the WAN.

The Steelhead Mobile Controller displays the traffic passing between Steelhead Mobile clients and the data centre. Here, it is easy to see that most CIFS traffic was redundant, providing a 99 percent reduction of data on the WAN.

By default, Windows Server 2008 domain controllers have SMB signing enabled to encrypt Server Message Block (Windows network protocol) packets as they move between client and server. By encrypting the packets, SMB signing provides a means of authenticating the end-to-end traffic, preventing man-in-the-middle attacks. With the version 3.1 release, Steelhead Mobile can handle these packets by participating in the Active Directory domain. Now Mobile is able to optimise any CIFS traffic it sees, not just unencrypted traffic. Finally, Mobile can now optimise encrypted MAPI traffic between clients and Microsoft Exchange 2007 and Exchange 2010 servers, too.


Riverbed Steelhead Mobile 3.1 plugs important gaps left open from previous releases. Performance keeps pace with its hardware-based cousin and the feature set is maturing nicely, with better SSL support, Citrix optimisations and support for Windows SMB signing and encrypted MAPI. The Mac OS X client is the icing on the cake, and best of all it just works.