Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2170
Views
0
Helpful
4
Replies

WAAS SFTP or FTP over SSL/TLS

mlouis
Level 1
Level 1

‎08-21-2010 01:10 PM

I am working on a WAAS installation where we want to accelerate SFTP traffic over a pair of data center accelerators. Will WAAS support SFTP acceleration or is there another alternative we could deploy - such as migrating the current SFTP setup to a FTP over SSL/TLS scenario. The requirement is that we keep the secure file transfer in place but increase the performance of the transfer. Today the SFTP transfers are taking 8 times longer than a typical FTP transfer without WAAS. SFTP could still benefit from the TFO optimizations however we are really looking for compression here since the link is currently 500Mbps +.

0 Helpful
4 Replies 4

Bhavin Yadav
Cisco Employee
Cisco Employee

‎08-25-2010 06:08 PM

Hello,

SSL AO can only be used for port 443 over https traffic. This will not accelerate SFTP  traffic. By default SFTP will only use TFO optimization.

Hope this helps.

Regards.

PS: If this answers your question, please mark this as Answered.

0 Helpful

svajirka
Level 1
Level 1

‎08-26-2010 03:26 PM

Any chance you could setup an HTTPS server and use HTTPS for copying your files ?

You don't necessarily need to use a browser for such a transfer. Tools like wget can be used to transfer files over HTTPS.

0 Helpful

Bhavin Yadav
Cisco Employee
Cisco Employee
In response to svajirka

‎08-26-2010 03:34 PM

Hello,

I am not sure about the 3rd party tools but the SSL AO depends on the HTTP traffic pattern. Something like Connection Initiation, Connection closure, client behaviour, server behaviour, URI format,  etc.

If the third party tools are using same behaviour, yes you can but any diversion from RFC means you may not get the expected result.

Regards.

PS: If this answers your question, please mark it as Answered.

0 Helpful

Bhavin Yadav
Cisco Employee
Cisco Employee
In response to Bhavin Yadav

‎08-27-2010 11:06 AM

A minor correction:

The  SSL accelerator does not optimize protocols that do not start their  SSL/TLS handshake from the very first byte. The only exception is HTTPS  going through a proxy (where the HTTP accelerator detects the start of  SSL/TLS, and then hands the connection to SSL accelerator for  optimization).

The SSL application accelerator supports SSL  Version 3 (SSLv3) and Transport Layer Security Version 1 (TLSv1)  protocols. TLSv1.1 and TLSv1.2 protocols are not supported.

So, in your case, you may be able to accelerate it but it will depend a lot on how the SSL/TLS handshake starts in yoru case.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents