Print Page
Product Lifecycle: Deploy
The Deploy workflow describes your tasks related to conducting a sizeable Packeteer installation.
To begin the Deploy workflow, you need to have received all components of your deployment (they might even still be in their boxes).
If you have not yet ordered your Packeteer equipment, see the Procure section of Best Practices.
In Deploy, you plan and complete a pilot installation, test it, and then follow through with the full installation, complete with initial configuration.
Each of the following sequential topics are covered:
Plan Deployment:- Establish security strategy
- Plan traffic categorization and organization
- Design high-level performance management strategy
- Plan integration with third-party management products
- Choose site(s) for pilot deployment
- Plan for PolicyCenter
- Install PacketShapers
- Install LAN Expansion Modules
- Configure Xpress compression and/or acceleration
- Implement traffic trees based on plan
- Install and configure PolicyCenter
- Install and configure ReportCenter
- Implement performance strategy based on plan
- Implement security strategy based on plan
- Implement integration with third-party management products
- Test and verify pilot deployment
- Repeat installation and configuration for remaining units
Note: Tasks below with an asterisk (*) require the Shaping Module.
Plan Deployment
Alleviate headaches for yourself later in the installation process by attending to strategy planning now for security, traffic organization and control, and third-party integration.
Establish PacketShaper's own security strategy
Your PacketShaper system will determine who and which applications get what kind of access to your network. With that kind of power, we advise you to consider the security for access to PacketShapers themselves.
Of course, if your LAN is protected by a firewall, then the unit is protected to the same extent that the rest of your hosts are protected. In addition, PacketShaper offers several methods for its own security, including passwords, access lists, RADIUS authentication, SSH, access protocol selection, and others. See Add Security to PacketWise for details and to select the security mechanisms you'd like put in place.
Plan traffic categorization and organization
The way the PacketShaper organizes traffic dictates how it can analyze
and control that traffic. A traffic tree is the construct that organizes
and categorizes traffic. The traffic tree design you choose determines
many of the features you have available.
For example, if your tree doesn't distinguish SAP from Oracle, then you
can't measure distinct response times for each. Or, if your tree doesn't
distinguish traffic to your Paris office from traffic to your Oslo office,
then you won't be able to compare traffic volumes or give prescribed amounts
of bandwidth to each branch.
Consult Traffic Tree Designs to see descriptions of several types of trees, their pros and cons, scalability implications, and more. Then select a type of tree for each location where you plan to deploy a PacketShaper.
As examples:
|
If You Have a
|
Then You Might Choose a
|
| Main-site PacketShaper and 20 branch-site PacketShapers | Simple location-based traffic tree for the main site and application-based traffic trees for each branch location |
| PacketShaper at your main site, managing similar applications to similarly sized branch offices | Location-based tree with global applications |
| PacketShaper at your main site, managing traffic to several branches with different applications, different WAN link sizes, and different branch responsibilities and priorities | Location-based tree with per-location applications |
Design high-level performance management strategy (*)
This section is relevant only for PacketShapers with the Shaping Module.
Your first and best approach to controlling application performance is to contain greedy traffic and to protect your most important applications. As you evaluate the following suggestions, make notes about the bandwidth-allocation rules (partitions and policies) you want to put into effect as soon as you finish your installation. Don't choose too much. You can always refine and add later.
Think of a small set of applications that are the most critical to your organization's success and that tend to suffer poor performance. Characterize your critical applications' traffic in terms of importance, time-sensitivity, size, and jitter. Then, consult Policy and Partition Guidelines to see recommendations for the types of partitions and policies you should define for your critical applications.
If you evaluated a PacketShaper in your own environment before purchase, you already have an idea of one or two applications that tend to use more than an appropriate amount of your link. You'll use a static partition to limit the total bandwidth this application is able to access. Consult Sizing a Static Partition to design the partition you'll use later.
If you plan on managing bandwidth to branch locations from a main site, consult Control Branch Traffic from a Main Site to see how it's done and plan your approach.
If you need to provision bandwidth on a per-group or per-user basis, compare Provision Bandwidth Equitably and Subdivide Bandwidth to choose an approach and plan allocation amounts.
If you have a very specific plan or special purpose in mind for your deployment, such as support for a new video-over-IP service, examine the tailored recommendations detailed in PacketGuide.
Plan integration with third-party management products
Do you use a network management platform such as HP OpenView? Do you want to incorporate PacketShaper's metrics into third-party reporting platforms?
If you would like to integrate your PacketShaper installation with third-party reporting or management tools, see Integration Possibilities for planning purposes.
Choose site(s) for a pilot deployment
Most organizations can group their remote sites based on similarities in applications, performance priorities, and WAN-link size. Group your remote sites now based on this criteria. The list of traffic tree designs for each site that you made earlier can assist you in this process.
You probably ended up with one to three groups, plus one or more main sites. For example, an organization's groups might be:
- Remote sales offices with 64 Kbps WAN links
- Distribution centers with T1 links
- Manufacturing sites with T1 links
- A main site with an OC3 link
Note that the distribution centers and manufacturing sites are two distinct groups despite the fact that they share a common size for their WAN links. This is because they run slightly different applications, and have definite differences in application performance requirements.
Pick one representative site from each of your groups for the pilot installation. In addition to considering whether a site is typical of its group, consider which site has the most or the most unique traffic. For instance, if you are just beginning a rollout of the new CRM system, it might be wise to pick a site that is already running this new app so you can see how it behaves and what policies it will need.
We'll call each unit at the representative site for one group a primary unit. Later, once you have completed a pilot installation successfully, you will be able to share each primary unit's configuration with the other units in its group.
In addition to the primary units, include a main site's unit in your pilot installation. That way, if you ordered the Compression and/or Acceleration Module, you will have tunnel partners for testing. Also, a unit at your main site ensures your performance when testing resembles your performance with a full installation.
Plan for PolicyCenter
If you did not order PolicyCenter, skip this section.
PolicyCenter is Packeteer's centralized management product for managing groups of PacketShapers. It allows you to multiply the number of Packeteer devices on a network without multiplying the amount of effort required to configure and maintain them. A copy of each unit's configuration is stored on a single Windows 2000 server.
Packeteer recommends that you use PolicyCenter for configuring large deployments as well as installations that include PacketShaper 1400 Lites at the network edge. Since the PacketShaper 1400 Lite has a reduced feature set and supports a limited number of traffic classes, you should use PolicyCenter to create a configuration that is appropriate for these models and then assign this configuration to these units.
If you have PolicyCenter, you have some choices to make that will influence how you deploy. Consider your strategy for how you wish to group and manage your PacketShapers.
During the previous step (Choose Sites for a Pilot Deployment), did you have one or more groups with multiple units? Are each of your primary units truly representative of the other sites? They would share the same traffic-tree design and control strategy?
If your branch units will have an application-based traffic tree, share traffic-tree designs, and will use the same or similar policy and partition strategy, then you should consider using a comprehensive PolicyCenter configuration to have PolicyCenter manage the entire traffic tree for your branches.
On the other hand, if your branch units will see different types of traffic
and have distinct performance goals, then a selective
PolicyCenter configuration would be better, where PolicyCenter manages just
a few communal applications. You can also use PolicyCenter only to monitor individual
units, not to manage them together, by creating a functional
PolicyCenter configuration.
Read up on all three modes and choose the one that seems right for your situation. For further details on PolicyCenter configurations, consult your PolicyCenter version's Getting Started Guide, accessible from the documentation page.
If you chose to have a comprehensive group configuration for PolicyCenter, then remember which units you selected as your primaries in the previous step. You'll use your primary units for configuration tasks that you want to do only once instead of multiple times on multiple units.
Execute Deployment
Install PacketShapers
First for your pilot units, and later (after testing) for the remainder of your deployment, install your PacketShapers.
Install LAN Expansion Modules (LEMs)
If you did not order LEMs for your PacketShaper units, skip this section.
The LAN Expansion Module (LEM) extends the benefits of the PacketShaper to topologies that incorporate multiple LANs or redundant designs. Sometimes LEMs come pre-installed in the larger-capacity models. But if yours are still in their boxes, installing them is your next step.
Retrieve the small, hard-copy manual shipped with your LEM(s). Alternatively, bring up Packeteer's documentation web page, click on Hardware Extensions, and open the PDF manual for your LEM type. Follow its instructions for installing and connecting to the network.
Configure Xpress compression and/or acceleration
If you are upgrading a number of PacketShapers that have been successfully running Xpress compression in v7.x, follow the instructions in Migrate to Xpress.
If this is a new installation, follow the instructions in Configure Xpress in Enhanced Mode.
Implement traffic trees based on plan
In your deployment planning phase, you explored some of the types of traffic trees that are possible and selected a style for each of your units. Also, you made some choices while planning for PolicyCenter and choosing sites for your pilot installation. Retrieve your lists.
If you decided on PolicyCenter's comprehensive group configuration, then create a traffic tree only on your primary units and, if you have one, on your main-site unit. Otherwise, you'll need to create each unit's tree on the unit itself.
Follow the instructions for each type of tree you want to create (first for your pilot installation's units, and later for all your units):
- Application-based traffic tree
- Simple location-based traffic tree
- Location-based traffic tree with per-location applications
- Location-based traffic tree with global applications
If you need to review the types of traffic trees and their pros and cons, see Traffic Tree Designs.
Install and configure PolicyCenter
If you did not order PolicyCenter, skip this section.
Before you can start adding PacketShaper units to PolicyCenter, you must first identify the size of your PolicyCenter deployment and verify the requirements for your installation platform. Then, depending upon your deployment size, you will
- Install PolicyCenter and the Directory Server software on a single server or
- Install PolicyCenter and the Directory Server software on a Windows and a Solaris server
With the PolicyCenter and Sun ONE Directory Server software installed, you are ready to add PacketShaper units to PolicyCenter. Retrieve the lists you made while planning for PolicyCenter and choosing your pilot units.
Adding Configured Units to PolicyCenter
First with your pilot units, and later (after testing) with the remainder of your deployment, add each configured unit to PolicyCenter. Use the sequence of instructions listed below under the configuration strategy you selected for each group of units.
Adding Unconfigured Units to PolicyCenter
The table above describes how to add currently configured units to PolicyCenter. If, however, many of your PacketShaper units have not yet been configured, you can use the PolicyCenter auto-deployment feature to automatically assign a network identify and configuration to any unconfigured PacketShaper unit that has been installed on the network and powered on. This can greatly reduce the time and expense required for each deployment.
Basic setup and network identification information in the form of an RSVP auto-deploy message is sent to a host machine behind the unconfigured unit. When the unit receives the auto-deploy message, it configures its network identity and subscribes to PolicyCenter, where it will automatically assign itself to any specified PolicyCenter configuration. (If no configuration is specified, the unit assigns itself to a blank PolicyCenter configuration at the root of the configuration tree.)
- Install the PacketShaper unit at the remote site. Installation does not require
advanced technical knowledge; simply connect the two network cables and plug
in the power cord.
- Verify that your network routers are correctly configured for auto-deployment.
- Create an entry for the unit in the PolicyCenter auto-deployment table.
Each unit entry is comprised of a network identification for the unconfigured
unit, and any additional information the information that unit needs to subscribe
to PolicyCenter.
- (Optionally) Specify additional information for the unit to increase the
likelihood that the unit will see the auto-configure message, or to determine
exactly how the unit will subscribe to PolicyCenter.
- Enable the auto-deployment server. The auto-deployment server must be enabled
before it can start sending auto-deployment messages to individual units.
- Review the auto-deployment table. This table shows which units remain unconfigured, and can be used to identify units that either haven't received an auto-configure message, or that failed to respond to a message.
Install and configure ReportCenter
If you did not order ReportCenter, skip this section.
ReportCenter gathers statistics and correlates information about the performance of your network applications across your entire network. Install ReportCenter on a Windows PC that will be dedicated to ReportCenter tasks only. A customized version of Oracle is installed automatically. For best results, use a PC that has never had Oracle installed before. Because of the number of concurrent processes used by ReportCenter, large amounts of RAM are beneficial.
Note: Packeteer recommends that ReportCenter be used for generating reports for PacketShaper 1400 Lites, since this model has limited built-in reporting capabilities.
ReportCenter documentation consists of a set of materials. You should have hard copies of the ReportCenter Installation Checklist and the ReportCenter Getting Started Guide that came with your ReportCenter software. PacketGuide for ReportCenter is on the first of the CDs shipped to you in the ReportCenter box. Also, all ReportCenter documentation is available from PacketGuide for ReportCenter.
To install ReportCenter, refer to the instructions in the ReportCenter Installation Checklist and Chapter 2 of the ReportCenter Getting Started Guide.
To configure ReportCenter, use the following steps. The links are to PacketGuide for ReportCenter.
- Create
network groups that reflect the topology of your network. For example
in a world-wide network you could create a network group for each geographic
region. Later you will be able to create reports that will reflect all, or
just a portion, of your network.
- Add PacketShapers to the groups you just created. You can import a list of PacketShapers from PolicyCenter, add PacketShapers individually, or add PacketShapers using auto-discovery.
- If needed, create user accounts that have access to only certain report types, or only some network groups. Use this option in large networks if you need to limit access to portions of the network to only specific individuals.
- If some of your remote locations do not have their own PacketShapers installed, you can use the Site Reporting feature in ReportCenter to track traffic to and from these locations.
- Verify that the traffic classes reported by your PacketShapers are properly associated with the applications they represent within ReportCenter. Applications allow you to see the way specific types of network traffic behave across some or all of your network.
Implement performance strategy based on plan (*)
In your deployment planning phase, you collected some initial partitions and policies that would be appropriate for your situation. Retrieve your list.
If you're using PolicyCenter, create your policies and partitions from within PolicyCenter. If you're using PolicyCenter's comprehensive group configuration, then you need to create shared policies and partitions only once. If you're using PolicyCenter's selective group configuration, you can create policies and partitions for the few shared traffic classes once, but you'll need to create custom, branch-specific policies and partitions on a per-unit basis for the remainder.
When you have:
- An application-based traffic tree:
Create the policies or partitions you noted in your list. For assistance, use Set a Rate Policy, Set a Priority Policy, Create a Partition, Create a Dynamic Partition, and instructions for creating other types of PacketGuide policies for assistance.
- Any type of location-based traffic tree:
With your list in hand, follow the instructions in Control Branch Traffic from a Main Site, but skip over the part at the beginning because you already have a traffic tree. Be sure to attend to the tasks it describes for specific types of location-based traffic trees.
Implement PacketShaper security strategy based on plan
In your deployment planning phase, you explored the various methods to secure the PacketShapers themselves. Now, you'll put those security mechanisms in place, first for your pilot units, and later for the remainder of your installation. See Add Security to PacketWise for instructions.
For large multi-unit deployments, most of the security methods offer economy of scale if you use PolicyCenter to change your settings and policies, which in turn shares the changes with multiple units. Details are within the Add Security to PacketWise instructions.
Implement integration with third-party management products
Packeteer provides information on integrating PacketWise with the following third-party management products:
- SNMP Integration Tools
PacketWise includes an SNMP agent that supports the RFC 1213/MIB-II standard and Packeteer enterprise Management Information Base (MIB). Once you have installed and configured an SNMP management tool, you must incorporate Packeteer MIBs and configure Packeteer devices for SNMP support. (See Deploy SNMP Management Tools).
- The PacketWise XML API
Use the XML API to retrieve measurement engine data, and access and manipulate configuration information by creating and deploying XML documents. There are no installation requirements to access the PacketWise XML API. The XML parser is already installed on your PacketShaper.
Test and verify pilot deployment
Verifying your pilot deployment includes everything from testing for basic connectivity to assessing the impact of your control strategy. It will help you determine when you should proceed to a full installation.
Repeat installation and configuration for remaining units
Return to the beginning of this Execute Deployment section and repeat all the configuration steps for the remainder of the units in your full deployment.
Note: Tasks with an asterisk (*) require the Shaping Module.
Please see bluecoat.com/support/packeteer
for more detailed information.
Resource Library