Amazon Web Services (AWS) continuously adds new services and features to enhance the cloud experience. Amazon FSx delivers that experience for Windows file shares so it’s critical that applications accessing FSx perform well. In this post, I will cover both the features and benefits of using Riverbed’s Application Acceleration solutions to enhance the user experience for AWS FSx.
What is Amazon FSx?
Amazon offers a fully-managed native Microsoft Windows file system for Windows called FSx. Built on Windows Server, FSx provides administrative features such as Microsoft Active Directory (AD) integration, user quotas, end-user file restore, and is accessible via SMB3. Windows-based applications that require file storage in AWS can access this file server, which is cost-optimized for short-term workloads.
Accessing windows files via SMB3 on Amazon FSx can be challenging because branch offices are spread across continents. Because SMB3 is a chatty protocol, transferring data on an Internet link may take a long time. For example, copying a 2.6 MB AutoCAD folder with design files takes a minute and 33 secs from Mumbai to AWS, California. Average AutoCAD files are in the range of a few GBs, which may take hours and sometimes even days to copy, resulting in lost productivity. My measurements show that average speeds at work range from 5 Mbps to 10 Mbps; at home, average speeds are 700Kbps to 900 Kbps.
Mumbai to California ( AWS) measurements | |
Latency | 236 ms |
Bandwidth | 121.9 Mbps (Uplink), 29.3 Mbps (Downlink) |
With many employees working from home due to the Coronavirus–and potentially staying at home as remote work becomes more popular–enterprises need to ensure consistent performance of SaaS, cloud, and on-premises applications to any user, regardless of location or network type.
Riverbed delivers remote work solutions built for today’s dynamic and distributed workforce. Through a combination of the following WAN optimization and application acceleration offerings, Riverbed can ensure end-to-end acceleration with help of:
Application acceleration for Amazon FSx
Riverbed accelerates Amazon FSx for remote/mobile users, branch office users, and data center applications using a combination of Riverbed products such as SteelHead, Client Accelerator, and Cloud Accelerator. Client Accelerator offers SteelHead benefits for mobile/remote workers using laptops to optimize applications across branches, data centers, and cloud services. Client Accelerator is configured by SteelCentral Controller for SteelHead Mobile (SCSM) using centralized policies deployed by IT administrators.
Cloud Accelerator is an infrastructure-as-a-Service (IaaS) environment running on leading IaaS platforms such as Microsoft Azure, AWS, and Oracle Cloud. User productivity is enhanced because Cloud Accelerator optimizes and accelerates applications to deliver maximum cloud value to the business.
To accelerate Amazon FSx, deploy Cloud Accelerator for AWS in the same VPC that hosts the FSx server. To deploy FSx, please refer to the AWS deployment guide at https://docs.aws.amazon.com/fsx/latest/WindowsGuide/getting-started.html.
The FSx server connects to the Active Directory Domain of the enterprise, so users/applications would use the FSx server.
How to install Riverbed Cloud Accelerator
There are three ways to install Cloud Accelerator (Cloud SteelHead virtual appliance), as described below.
1) Riverbed Community Cookbook
You can use the Riverbed Community Cookbook for installing Cloud Accelerator on AWS because it offers a single-click launch facility with few configurations and it is easy to set up. It is configured in two modes described below.
- To configure an existing VPC and create Cloud Accelerator, you need to input details such as VPC ID, security group, subnet details, and more
- To create a VPC and set it up in a new VPC, you need to input VPC details such as Zone, CIDR blocks, and EC2 key pair to enable SSH, IAM role, and more. Cloud Accelerator gets created in the new VPC.
2) Manual deployment (requires a Riverbed support login account)
Here are the steps required to create a Cloud Accelerator for AWS:
- Log in to your AWS account.
- Choose the AMI that Riverbed Support shared with you, and generally, available in AMIs private image section, and click Launch. Refer to this site before you begin.
- Select an instance type based on the Cloud Accelerator model you are deploying. See Cloud Accelerator models and required virtual machine resources.
Configure instance details – advanced details – user data
ds=/dev/xvdq
passwd=<Your preferred password>
appname=<your org Name ManuallyDeployedSteelHead>
lshost=cloudportal.riverbed.com
rvbd_dshost=cloudportal.riverbed.com
lott=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
where:
- ds – The device node in which the Cloud Accelerator expects the data store EBS volume to appear. Due to changes in EC2 architecture, set this to /dev/xvdq.
- passwd – The password hash for the admin user.
- appname – Name of the Cloud Accelerator.
- lshost – The fully qualified domain name of the licensing server, and generally, this name is usually the Riverbed Cloud Portal.
- rvbd_dshost – Fully qualified domain name of the discovery server, and generally, this name is often the Riverbed Cloud Portal.
- lott – You can obtain a token from the Cloud SteelHead license on the Riverbed Cloud Portal, and hence to redeem the license.
Add storage
- Add and configure two volumes in addition to the root volume. One of these volumes stores the Cloud Accelerator software, so it serves as the configuration and management services disk. The other serves as the data storage disk.
- Click Add a New Volume
- Under the Device column, select /dev/sdk for the configuration and management services disk, and select /dev/sdm for the datastore disk.
- Under the Size (GiB) column for each drive, specify a size based on the Cloud Accelerator model. See Cloud Accelerator models and required virtual machine resources.
- Under Volume Type, you can choose Magnetic unless the Cloud Accelerator model you are deploying requires a solid-state drive (SSD).
Configure security group
- Choose a security group for the virtual appliance.
- To connect the Cloud Accelerator, the Discovery Agent, and the client-side SteelHead, configure the security group to allow:
- UDP port 7801, so connections coming in from the Discovery Agent work.
- TCP incoming ports 7800, 7810-7850, so connections coming in from the client-side SteelHead work.
- TCP incoming ports 22, 80, and 443, so CLI and UI connections coming in from the client-side SteelHead work.
- Click Review and Launch.
- To connect the Cloud Accelerator, the Discovery Agent, and the client-side SteelHead, configure the security group to allow:
3) Riverbed Cloud Portal deployment (requires a Riverbed support login account)
Cloud Accelerator needs to be configured with the Active Directory domain services so that it joins the same domain as FSx. The Active directory could be an external AD or AWS-managed AD. Client Accelerator is managed and configured by SteelCentral Controller for SteelHead Mobile. Client Accelerator automatically connects to cloud services, so the connections are accelerated to the Amazon FSx server. See Riverbed Cloud Portal deployment (requires Riverbed support login account).
Testing methodology
Performance tests are concentrated on the transaction response time and compared under three different conditions (when possible):
- Baseline transaction – without application acceleration setup
- Cold transaction – with application acceleration setup (the first transaction)
- Warm transaction – SteelHead cache is not empty (second-and-above time transaction).
For our test, we set up a standard set of reference MS Office files (Word and PowerPoint), PDF files, and AutoCAD design files, so that different sizes are used for the Windows file sharing test. The test ran in a setup similar to the graphic above (from Mumbai to AWS, California).
We observed unique benefits with Riverbed application acceleration of FSx. The below-given measures are in seconds and in X for the improvement factor.
Optimization ratio highlights the benefit of Riverbed SteelHead on user experience. It shows how application acceleration divides application response time.
Each transaction was played two times under each of the three conditions so to avoid any artifact effects. We took the BEST case of baseline values (lowest transaction time), and the worst case of cold and warm transactions (highest transaction time). The optimization ratios were computed as per the below formulas:
- Cold Transaction Improvement over baseline = Baseline value/Cold Transaction value
- Warm Transaction Improvement over baseline = Baseline value/Warm Transaction value
Test results
Windows File Sharing
Copy PDF file: 100MB | |
Baseline value | 37.43 Seconds |
Cold Transaction value | 30.14 Seconds |
Cold Transaction Improvement over baseline | 1.241X |
Warm Transaction value | 7.98 Seconds |
Warm Transaction | 4.69X |
Copy AutoCAD Folder structure: 1.95 GB ( 1992 files) | |
Baseline value | 11340.12 Seconds |
Cold Transaction value | 2411.47 Seconds |
Cold Transaction Improvement over baseline | 4.70X |
Warm Transaction value | 1583.78 Seconds |
Warm Transaction Improvement over baseline | 7.16X |
Copy of word file: 99.5 MB | |
Baseline value | 54.62 Seconds |
Cold Transaction value | 30.31 Seconds |
Cold Transaction Improvement over baseline | 1.80X |
Warm Transaction value | 7.76 Seconds |
Warm Transaction Improvement over baseline | 7.038X |
For this transaction, cold cache measurement was not taken into account since the file is already transferred and working on it.
Save of word file: 99.5 MB | |
Baseline value | 20.69 Seconds |
Warm Transaction value | 16.69 Seconds |
Warm Transaction Improvement over baseline | 1.239X |
For this transaction, cold cache measurement was not taken into account since the file is already transferred and working on it.
Open word file: 99.5 MB | |
Baseline value | 19.64 Seconds |
Warm Transaction value | 13.59 Seconds |
Warm Transaction Improvement over baseline | 1.445X |
LAN Vs. WAN Peak rate ratio (218 Mbps Vs. 14.6 Mbps ~ 15X), and excellent average ratio (8.7 Mbps Vs. 1.4 Mbps ~ 6X) on encrypted SMB3 connections:
66% data reduction on encrypted SMB3 connection for the above operation on the cold transaction:
93% data reduction on SMB3 encrypted connection over Warm Transaction on FSx:
106.7 times capacity increase (Lan throughput of 981.5MB translated to 9.2MB of WAN throughput):
Conclusion
Riverbed application acceleration provides tremendous benefits to the workforce, hence phenomenally improving user productivity. It saves high costs by lowering bandwidth requirements and reduces egress traffic cost in AWS because it saves several GB traffic. The user experience is dramatically enhanced.