Accelerate your brain
Overall, the WXC 1800 did a good job of accelerating my traffic over the WAN. CIFS traffic showed a decent performance increase in both "cold" (first pass) and "warm" (subsequent) runs. Juniper posted a cold time of 54 minutes, 21 seconds (a 4.5 times improvement) when copying many small files (641 files totaling 9MB ) over my long, dirty T1, with the warm pass only marginally better at 53 minutes, 29 seconds (a 4.6 times improvement). In comparison, Riverbed's latest release posted a cold time of 23 minutes, 49 seconds (a 10.4 times improvement) and warm pass of 19 minutes, 8 seconds (a 12.9 times improvement). The baseline nonoptimized times took nearly four hours to complete.
FTP traffic also saw a significant increase over nonoptimized, but still lagged Riverbed's quicker times. A single ISO image (155MB) took a little less than 48 minutes (a 3.3 times improvement) to transfer over the T1; warm passes took just more than three minutes (a 50 times improvement). Riverbed's times were 11 minutes cold (a 14.6 times improvement) and 30 seconds warm (a 320 times improvement). Nonoptimized times were more than two and a half hours.
Optimizing SSL traffic is very important in the enterprise, and the list of vendors capable of doing it is relatively short. Juniper's SSL support is slightly different from Riverbed's. Riverbed automatically passes the server-side SSL certificate from the datacenter appliance to the branch office appliance, requiring the certificate to be present on each in order to encrypt/decrypt the traffic (classic man-in-the-middle).
Juniper also requires the SSL certificate on the datacenter appliance, but not the branch side. Instead, as a client requests an SSL connection to the server, the datacenter WXC transparently intercepts the request, establishes the session key, and passes this information to the branch office WXC. The branch office appliance does not store the session key or any other SSL information on disk; it is only kept in volatile memory for the duration of the SSL conversation. From this point on, the appliance can "see" the SSL traffic and apply optimization techniques to it. This works with client-side SSL certificates, too, allowing users of two-factor authentication to participate in accelerated traffic. I really like the ease of setup and the additional security provided by client-side certificates.