hp e-commerce server accelerator sa7100/sa7120 user guide
© Copyright 2001 Hewlett-Packard Company. All rights reserved. Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304-1185 Publication Number 5971-0894 February 2001 Disclaimer The information contained in this document is subject to change without notice. HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Table of Contents Chapter 1: Introduction About this User Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Who Should Use this Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 How to Use this Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Inline LED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Admin Terminal Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 HyperTerminal* Paste Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Automapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Automapping with user-specified key and certificate. . . . . . . . . . . . . . . . . . . . 30 Automapping with multiple port combinations . . . . . . . . . . . . . . . . . . . . . . . . 30 Deleting automapping entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Manual mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Cutting Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Command Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Command Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Private Traps in the HP private MIB (hpssl-appliance-mib.my) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Enabling SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Specifying SNMP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Community String . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Chapter 8: Software Updates Before Upgrading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Monitoring output data can interfere with import/export operations.. . . . . . . 126 IP blocks may not persist across software upgrade. . . . . . . . . . . . . . . . . . . . . 126 Using Windows* HyperTerminal* . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents ADVERTENCIAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Wichtige Sicherheitshinweise. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Appendix E: Software License Agreement Mozilla* and expat* License Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 MOZILLA PUBLIC LICENSE, Version 1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Notes x
Introduction Congratulations on your choice of the HP e-Commerce Server Accelerator SA7100/SA7120. The processing of secure transactions through Secure Socket Layer (SSL) can use up to 90% of even the largest servers’ CPU power and can degrade response time significantly. The SA7100/SA7120 provides a completely transparent way to increase the performance of Web sites for SSL transactions.
CHAPTER 1 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Who Should Use this Book This User Guide is intended for administrators with the following background: • Familiarity with networking concepts and terminology. • Basic knowledge of network topologies. • Basic knowledge of networks and IP routing. • Some knowledge of SSL, keys, and certificates. • Knowledge of Web servers.
CHAPTER 1 How to Use this Book • Chapter 6: Remote Management details how you can use Telnet, Secure Shell (SSH), and SNMP to manage the SA7100/SA7120 from remote locations. • Chapter 7: Alarms and Monitoring explains the ways in which you can configure the device to report information to you, either routinely or as a result of abnormal events or conditions. • Chapter 8: Software Updates provides procedures for obtaining SA7100/SA7120 system software updates.
CHAPTER 1 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Notes 4
Installation and Initial Configuration Before You Begin WARNING: Do not remove the device’s cover. There are no userservicable parts inside. Before you begin installation, you need the following: • IP address for SA7100/SA7120 (only if you intend to use the Remote Management). • IP addresses and IP port numbers of servers. • Keys/certificates. See Chapter 3 for information on obtaining keys and certificates. • Network cables, such as straight-through and/or crossover cables.
CHAPTER 2 HP e-Commerce Server Accelerator SA7100/7120 User Guide Installing the SA7100/SA7120 Free-Standing or in a Rack The HP e-Commerce Server Accelerator SA7100/SA7120 is physically installed in either of two ways: Rack Installation • In a standard 19” rack, cantilevered from the provided mounting brackets. • Free-standing on a flat surface with sufficient space for air-flow. Rack mounting requires the use of the mounting brackets, and all four of the included Phillips screws. 1.
CHAPTER 2 Installing the SA7100/SA7120 Free-Standing or in a Rack Free-Standing Installation 1. Attach the provided self-adhesive rubber feet to the SA7100/ SA7120’s bottom. 2. Place the SA7100/SA7120 on a flat surface and make sure that there is adequate airflow surrounding the unit (allow at least one inch of air space on all sides). Network Connections Use the table below to select and install the appropriate cables. (All cables must be Category 5 UTP or better.
CHAPTER 2 HP e-Commerce Server Accelerator SA7100/7120 User Guide 5. At this point both the Network and Server LEDs should be steadily illuminated. If not, please see Chapter 9, “Troubleshooting.” HP e-Commerce Server Accelerators Hub/Router/Switch Server Network Connections Status Check Before proceeding to the Admin Terminal Connection section, take a moment to verify that the SA7100/SA7120 is correctly connected.
CHAPTER 2 Installing the SA7100/SA7120 Free-Standing or in a Rack Admin Terminal Connection Run HyperTerminal* or a similar terminal emulator on your PC. The steps below are illustrative of HyperTerminal*. Other terminals will require different procedures. 1. Use the serial cable provided with the SA7100/SA7120 to connect the device’s serial port (the left-hand serial port labeled “Console”) to the serial port of any terminal. (A PC running Windows* HyperTerminal* is used here as an example.
CHAPTER 2 HP e-Commerce Server Accelerator SA7100/7120 User Guide 5. Click OK to exit ASCII Setup. 6. Click OK to exit Connection Properties. Troubleshooting Server and Network LEDs If either the Network or Server LED fails to illuminate using either straight-through or crossover network cables, the problem may be elsewhere in the network. Verify by wiring around the SA7100/ SA7120. Inline LED The Fail-through switch allows you to control what happens in the event of a failure.
Theory of Operation Security The HP e-Commerce Server Accelerator SA7100/SA7120 offers Remote Management capability. This feature requires that the SA7100/SA7120’s network interface be assigned an IP address, thus security becomes a matter for your attention. If you intend to manage your SA7100/SA7120 from a remote location, be sure to read the section, “Access Control” in Chapter 6. Single Server Acceleration Typically, SA7100/SA7120 supports the SSL processing needs of a single server.
CHAPTER 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Ideally, the SA7100/SA7120 is installed in the network in such a way as to minimize network latency. HP e-Commerce Server Accelerator SA7100/7120 Router Single Server SA7100/SA7120 in Single Server Configuration Multiple Servers Given the SSL processing power of the SA7100/SA7120, multiple servers can be supported. In this configuration, the SA7100/SA7120 sits between the router and the switch.
CHAPTER 3 Working with Internet Traffic Management (ITM) Devices Working with Internet Traffic Management (ITM) Devices The SA7100/SA7120 is compatible with Internet Traffic Management (ITM) devices. In such environments, the SA7100/ SA7120 lies between the router and the ITM device, or between the ITM device and the server. ITM devices distribute workload across multiple servers and redirect traffic based on content.
CHAPTER 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Positioning SA7100/ SA7120 between ITM Device and Server Router If security considerations require limited network access to clear text, the SA7100/SA7120 should be placed between the ITM device and the server. ITM Device HP e-Commerce Server Accelerator SA7100/7120s Internet Client Servers NOTE: The illustrated configuration precludes layer 7 load balancing because secure traffic through the ITM device is encrypted.
CHAPTER 3 Spilling and Throttling Multiple SA7100/SA7120s and Cascading Processing When the SA7100/SA7120’s “spill” option is enabled, if a given SA7100/SA7120 cannot process a request within a specified interval, the request is passed on, still encrypted, to the next SA7100/SA7120 in line. The last SA7100/SA7120 on the server side can also be enabled to spill to the server. Spilling is performed dynamically on a connection-by-connection basis. (See spill command, Chapter 5, “Command Reference.
CHAPTER 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Keys and Certificates WARNING: The SA7100/SA7120 comes with default keys and certificates for test purposes. Certificates for production use should be obtained from a recognized certificate authority. A necessary part of the SA7100/SA7120 configuration is the use of keys and certificates. A key is a set of numbers used to encrypt or decrypt data. A certificate is a “form” that identifies a server or user.
CHAPTER 3 Keys and Certificates 3. Move to the HyperTerminal* window, and position the cursor at the appropriate point. 4. Pull down the Edit menu, and select Paste to Host (or type ). Obtaining a Certificate from VeriSign* or Other Certificate Authority Use the create key command to create your key and the create sign command to create a signing request to be sent to VeriSign* or other CA for authentication. The CA will return it in approximately one to five days.
CHAPTER 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide • Locality: This is usually the name of the city where your organization’s head office is located. • Organization: This should be the organization that owns the domain name. The organization name (corporation, limited partnership, university, or government agency) must be registered with some authority at the national, state, or city level. Use the legal name under which your organization is registered.
CHAPTER 3 Keys and Certificates A0tGQzEdMBsGA1UEAxMUd3d3Lmlsb3ZlY2hpY2tlbi5jb20w gZ0wDQYJKoZIhvcNAQEBBQADgYsAMIGHAoGBALmJA2FLSGJ9 iCF8uwfPW2AKkyyKoe9aHnnwLLw8WWjhl[ww9pLietwX3bp6 Do87mwV3jrgQ1OIwarj9iKMLT6cSdeZ0OTNn7vvJaNv1iCBW GNypQv3kVMMzzjEtOl2uGl8VOyeE7jImYj4HlMa+R168AmXT 82ubDR2ivqQwl7AgEDoAAwDQYJKoZIhvcNAQEEBQADgYEAn8 BTcPg4OwohGIMU2m39FVvh0M86ZBkANQCEHxMzzrnydXnvRM KPSE208x3Bgh5cGBC47YghGZzdvxYJAT1vbkfCSBVR9GBxef 6ytkuJ9YnK84Q8x+pS2bEBDnw0D2MwdOSF1sBb1bcFfkmbpj N2N+hqrrvA0mcNpAgk8nU= -----END CERTI
CHAPTER 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Using an Existing Key/Certificate Exporting a Key/Certificate from a Server This method is used when it is important that the existing keys and certificates are used. NOTE: Currently there is no published method for extracting private keys from Microsoft* IIS or Netscape* servers. Consult your server software documentation for detailed instructions on how to export keys and certificates.
CHAPTER 3 Keys and Certificates Stronghold* For key: 1. Look in $STRONGHOLDROOT/conf/httpd.conf for location of *.key file. 2. Copy and paste the key file. For certificate: 1. Look in $STRONGHOLDROOT/conf/httpd.conf for location of *.cert file. 2. Copy and paste the certificate file. Importing into the SA7100/SA7120 1. Use the import key command with the keyID, and choose an import protocol for importing the key. In this case, use the default to “paste.
CHAPTER 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide -----BEGIN CERTIFICATE----MIIDKDCCAtKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnDEL MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQ4wDAYDVQQHEwVQ b3dheTEaMBgGA1UEChMRQ29tbWVyY2Ug . . . -----END CERTIFICATE----- ... Import successful! HP SA7120> 3. Create a server mapping. Use the create map command to specify the server IP address, ports, and keyID. HP SA7120> create map Server IP (0.0.0.0): 10.1.1.
CHAPTER 3 Keys and Certificates Enter the information for the certificate, as prompted: • Country • State • Locality • Organization • Organization unit • Common name (for example, www.myserver.com) • E-mail address 3. Create a server mapping. Use the create map command to specify the server IP address, ports, and keyID. HP SA7120> create map Server IP (0.0.0.0): 10.1.1.30 SSL (network) port [443]: Cleartext (server) port [80]: KeyID to use for mapping: mywebserver 4.
CHAPTER 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Export versions of Internet Explorer* and Netscape* Communicator use 40-bit encryption to initiate connections to SSL servers. Upon receiving a client request, the server responds by sending a digital certificate. If this certificate is a conventional server certificate (that is, not a global site certificate), browser and server complete the SSL handshake and use a 40-bit key to encrypt application data.
CHAPTER 3 Keys and Certificates VQQGEwJVUzETMBEG -----END CERTIFICATE---------BEGIN CERTIFICATE----MIIEMTCCA5qgAwIBAgIQI2yXHivGDQv5dGDe8QjDwzANBgkq hkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMO VmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNOTcwNDE3MDAwMDAwWhcN : OTk3IFZlcmlTaWduMA0GCSqGSIb3DQEBAgUAA4GBALiMmMMr SPVyzWgNGrN0Y7uxWLaYRSLsEY3HTjOLYlohJGyawEK0Rak6 +2fwkb4YH9VIGZNrjcs3S4bmfZv9jHiZ/4PC/ NlVBp4xZkZ9G3hg9FXUbFXIaWJwfE22iQYFm8hDjswMKNXRj M1G
CHAPTER 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Redirection: Clients and Unsupported Ciphers NOTE: The user must provide the redirect URL and ensure that it is available, as well as define the content of the redirect page. WARNING: If the redirect URL causes a client to access the same SA7100/SA7120 mapping that invoked the redirection an infinite loop condition will occur.
CHAPTER 3 Client Authentication Client Authentication By default, the SA7100/SA7120 does not authenticate client identities, however specific map IDs can be configured to request client certificates for the purpose of verifying identities. When this feature is enabled, the SA7100/SA7120 verifies that client certificates are signed by a known CA. This feature is controlled by the import client_ca command.
CHAPTER 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Verify the import by using the list map command again. Note that the Client Auth column now shows client authentication for Map ID 2 enabled. HP SA7120> list map Map Net Ser Cipher ReClient ID KeyID Server IP Port Port Suites direct Auth == ===== ========= ==== ==== ====== ===== ==== 1 default Any 443 80 all(v2+v3) n n 2 sample 10.1.2.
CHAPTER 3 SSL Processing 3. Sign the client certificate signing request with the client CA certificate: openssl x509 -req -CAcreateserial -CAkey ca_key.pem -CA ca_cert.pem -days 365 -in csr.pem -out cert.pem 4. Combine the key.pem and cert.pem keys into one file by typing this command: cat key.pem cert.pem > all.pem 5. Convert to p12 format by typing this command: openssl pkcs12 -export -in all.pem -out .p12 - name “MY NAME” The output file .
CHAPTER 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Automapping NOTE: Remember to save the configuration (with the config save command) after making mapping changes. Automapped entries are identified by a server IP address of zero (0.0.0.0). When a server IP address of zero is specified, the SA7100/ SA7120 intercepts packets to any server IP address with the matching network ports. As with any mapping entry, the combination of server IP address and network port must be unique.
CHAPTER 3 SSL Processing Manual mapping The user can create (with the create map command) one or more mapping entries for individual servers. This is the only way to specify unique keyIDs for each server. Normally, when manual mapping is performed, the initial automapping entry is deleted, but this is not a requirement. Combining automapping and manual mapping NOTE: If both manual mappings and applicable automappings are available, the SA7100/ SA7120 always uses the manual mapping.
CHAPTER 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Use the show block command to verify: HP SA7120> show block -------blocks : --------(1) block 10.1.2.1 255.255.255.255 20.1.2.1 255.255.255.255 80 0xffff Subnet, Specific Port To block a subnet, and specific port combination: 1. Specify a subnet, using 0 as the address’s final octet. (In the example below, all IPs from “10.1.2.x” to “20.1.2.x” are blocked on port 80.) 2.
CHAPTER 3 SSL Processing 4. Press Enter to accept the default port mask. Example: HP SA7120> create block Client IP to block [0.0.0.0]: Client IP mask [0.0.0.0]: Server IP to block [0.0.0.0]: Server IP mask [0.0.0.0]: Server Port to block: 80 Server Port mask [0xffff]: 5. Use the show block command to confirm the block: HP SA7120> show block ----------blocks : ----------(1) block 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.
CHAPTER 3 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Failure Conditions, Fail-safe, and Fail-through During any failure condition of the SA7100/SA7120, unprocessed data packets can either pass through or not, depending on whether Fail-safe or Fail-through mode is enabled. The Fail-through switch is by default in Fail-safe mode, meaning that during a failure no data packets will pass from one side of the SA7100/SA7120 to the other. For details, see “Failure/Bypass Modes” in Appendix B.
Scenarios This section contains scenarios illustrating examples of HP eCommerce Server Accelerator SA7100/SA7120 configurations: • Scenario 1: Single server • Scenario 2: Multiple servers • Scenario 3: Multiple SA7100/SA7120s, cascaded • Scenario 4: Different ingress and egress routers • Scenario 5: Configuring a Firewall
CHAPTER 4 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Scenario 1—Single Server This scenario describes a typical configuration of a SA7100/SA7120 with one server, using either automapping or manual configuration/ mapping. This scenario describes the fastest way to get up and running with a SA7100/SA7120. HP e-Commerce Server Accelerator Router Single Server Single SA7100/SA7120, Single Server Installation Procedure for Scenario 1 Automapping 1.
CHAPTER 4 Scenario 1—Single Server 4. You can delete the default mapping. After the user has manually created the mapping, the default mapping can be deleted. In this case, delete MapID number 1. MapID number 2 becomes MapID number 1 when the default is deleted. HP SA7120> delete map 1 HP SA7120> list maps Map Net Ser Cipher Re- Client ID KeyID Server IP Port Port Suites direct Auth == ===== ========= ==== ==== ====== ===== ==== 1 myserver 10.1.1.30 443 80 med(v2+v3) n n HP SA7120> 5.
CHAPTER 4 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Scenario 2—Multiple Servers This scenario shows how to configure two or more servers. Router HP e-Commerce Server Accelerator Hub/switch Server 1 10.1.1.30 Server 2 10.1.1.31 Single SA7100/SA7120, Multiple Server Installation Procedure for Scenario 2 1. Perform the installation as described in Chapter 2. Access the SA7120 command prompt. 2.
CHAPTER 4 Scenario 2—Multiple Servers Map Net Ser Cipher ReID KeyID Server IP Port Port Suites == ===== ========= ==== ==== ============ 1 default Any 443 80 all(v2+v3) n 2 myserver 10.1.1.30 443 80 med(v2+v3) n 3 myserver2 10.1.1.31 443 80 med(v2+v3) n HP SA7120> Client direct Auth ====== ==== n n n 6. After you have manually created a mapping, the default mapping can be deleted. In this case, delete MapID number 1. MapID number 2 becomes MapID number 1 when the default is deleted.
CHAPTER 4 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Scenario 3—Multiple SA7100/SA7120s, Cascaded This scenario shows how to cascade SA7100/SA7120s for additional performance and availability. The same procedures apply that were performed in Scenario 3. In addition, the complete configuration of the first SA7100/SA7120 is exported to the second SA7100/SA7120 in line. Initial Configuration • Two or more SA7100/SA7120s must be physically installed on the same network.
CHAPTER 4 Procedure for Scenario 3 Scenario 3—Multiple SA7100/SA7120s, Cascaded 1. Configure the SA7100/SA7120 farthest from the server as described in any of the preceding scenarios. Remain connected to that specific SA7100/SA7120 for the export configuration procedure. 2. At the command prompt, type the set spill enable command. This allows overflow traffic to be transferred to the second SA7100/SA7120 for processing. 3. Save configuration. HP SA7120> config save Saving configuration to flash...
CHAPTER 4 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Use Ctl-X to cancel upload 13. Select Send from the HyperTerminal* Transfer menu. 14. Type or use the Browse button to specify the file to send. 15. Select xmodem as the sending protocol. 16. Click the Send button. The transfer completes and then you are prompted to verify that you want to install this configuration. Do you want to install this config ? [y]: 17. After verification (y) or refusal (n), the prompt reappears.
CHAPTER 4 Scenario 4—Different Ingress and Egress Routers Scenario 4—Different Ingress and Egress Routers This scenario describes the configuration of a SA7100/SA7120 when the ingress and egress traffic paths are different.
CHAPTER 4 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Scenario 5—Configuring a Firewall This scenario describes the recommended network configuration to allow a SA7100/SA7120 to provide SSL services for a single server that also serves plain-text HTTP documents.
CHAPTER 4 Scenario 5—Configuring a Firewall • First, because the SA7120 performs all of the SSL processing, the web server process must be configured to expect only standard HTTP (unencrypted) connections, even for sensitive content. • Second, the web server process must be configured to listen for these HTTP connections on a port other than the standard HTTPS port (443). In this scenario we configure the port 443 service to listen on port 81.
CHAPTER 4 NOTE: The device automatically adjusts the list of MapIDs as they are created and deleted, thus MapID 2 becomes MapID 1 when the default (the original MapID 1) is deleted. HP e-Commerce Server Accelerator SA7100/SA7120 User Guide 4. Once a user-created server assignment exists, the default mapping can be deleted. In this example, delete MapID number 1. HP SA7120> > delete map HP SA7120> list maps Map Net ID KeyID Server IP Port == ===== ========= ==== 1 serv1 10.1.1.
Command Reference The HP e-Commerce Server Accelerator SA7100/SA7120 is fully configurable through the Command Line Interface (CLI). The CLI is accessible through both the console and aux console RS232 ports or remotely via Telnet and SSH. Online Help The SA7100/SA7120 provides online help with the following options: • Type help to display a summary of commands.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide • Type tty_char to display a list of special terminal editing characters. Command Line Interface The CLI handles all user interactions on the console and auxiliary console RS232 ports. One instance per port runs at all times. User Authentication To gain access to the CLI, the user must first be authenticated by providing a password at the logon banner prompt. The logon banner provides build version information and the serial number.
CHAPTER 5 Abbreviation to Uniqueness Command Line Interface It is not always necessary to type the entire command. CLI commands can be abbreviated to uniqueness.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Input Editing Commands Moving the Insertion Point Command Description ctrl-b Move back one character. ctrl-f Move forward one character. ctrl-a Move to the start of the current line. ctrl-e Move to the end of the line. ctrl-l Clear the screen and redraw the current line, leaving the current line at the top of the screen.
CHAPTER 5 Command Line Interface Cutting Text Command Description ctrl-d Delete the character underneath the cursor. ctrl-k Delete the text from the current cursor position to the end of the line. ctrl-u Delete backward from the cursor to the beginning of the current line. ctrl-w Delete the word behind the cursor, using white space as a word boundary. ctrl-y Paste text that has been cut using any of the four above deletion commands.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Summary This section contains a high-level view of the SA7100/SA7120’s command structure. Details appear in the Command Reference.
CHAPTER 5 Command Summary Command Command Options import cert client_ca config key patch upgrade inline list blocks filters (shows blocks and permits) keys logs maps permit monitoring procs snmp_community system trap_community nic password reboot 53
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Command Options set alarms cache ciphers ciphers default client_tmo date defcert egress_mac x:x:x:x:x:x egress_mac none ether idleto ip kstrength max_remote_sessions<0-5> monitoring monitoring_interval monitoring_fields more ovl_window prompt redirect redirect none
CHAPTER 5 Command Summary Command Command Options show alarms blocks cache ciphers cert client_ca client_tmo config config default config saved date defcert egress_mac ether filters idleto info ip key kstrength logs map max_remote_sessions monitoring monitoring_interval monitoring_fields more ovl_window permits rsc_window redirect route serial server_tmo ssh ssh_port sign spill status telnet 55
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Command Options show telnet_port utl_highwater utl_lowwater utl_window setsnmp snmp snmp_community snmp_port snmp_info sys_contact sys_location sys_name trap_authen trap_community trap_port showsnmp snmp snmp_community snmp_info snmp_port sys_contact sys_location sys_name trap_authen trap_community trap_port status line realtime alarms tty_char 56
CHAPTER 5 Command Reference Command Reference Help Commands Command Description help Display the list of available commands. help Display usage for a single command. help usage Display all commands and their usage. tty_char View the available list of keyboard shortcut commands. Status Command Command Description status Display device statistics. Several modes are available, as described below. (Default: realtime.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide SSL Commands Command Description create key Create a new keypair and associate it with a Key ID. Example: HP SA7120> create key Key strength (512/1024) [512]: 1024 New keyID [001]: Keypair was created for keyID: 001. HP SA7120> delete key Delete a specified keypair for a given Key ID. Syntax: HP SA7120> delete key where is the Key ID whose associated keypair you want to delete.
CHAPTER 5 Command Reference Command Description export key Export a keypair for a specified Key ID (ASCII or xmodem). Syntax: HP SA7120> export key Export protocol: (xmodem, ascii) [ascii]: Press any key to start, then again when done... -----BEGIN RSA PRIVATE KEY----MIIBOgIBAAJBALqeajCDgfa8fY8FROLi0B8fVp3m4EI 2MpOzKvEKKe6Kk5pDBkH83tUBkssGBtbnDYHkiAyGzA . . .
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Description create cert Create a new certificate for a specified Key ID. Syntax: HP SA7120> create cert where is the Key IDfor which you want to create a certificate. delete cert Delete the certificate associated with a specified Key ID. Syntax: HP SA7120> delete cert where is the Key ID whose associated certificate you want to delete.
CHAPTER 5 Command Reference Command Description show cert Display the expanded certificate (including PEM format) associated with a specified Key ID. If no Key ID is specified, displays all certificates. Syntax: HP SA7120> show cert where is the Key ID whose associated certificate you want to view. set ciphers Establish the list of ciphers and cipher strengths that will be recognized by the specified Map ID.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Description set redirect Set an alternative address to which a client is directed in the event it doesn’t support the specified Map ID’s selected cipher suites. Syntax: HP SA7120> set redirect [none] Enter redirect URL []: where is the Map ID for which you want to define a redirect URL, and is the Web address to which you want to redirect clients that don’t support the selected cipher suites.
CHAPTER 5 Command Reference Command Description import client_ca If you want to authenticate a client, use this command to import the trusted CA’s certificate. When enabled, clients without certificates or with invalid certificates are refused connection. Syntax: HP SA7120> import client_ca Import protocol: (paste, xmodem) [paste]: Type or paste in data, end with ... alone on line (certificate pasted here...) ...
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Description delete sign Delete the signing request for a specified Key ID. Syntax: HP SA7120> delete sign where is the Key ID number of the Key whose signing request you want to delete. export sign Export signing request (PEM format) for specified Key ID. Syntax: HP SA7120> export sign where is the Key ID number of the Key whose signing request you want to export.
CHAPTER 5 Command Reference Command Description set defcert Set the default certificate creation information. For example, country, state, city, organization, organization unit, issuer name, and issuer e-mail address. You can change all, some or none of the fields. Press Enter to accept a default and move to the next field.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Description set kstrength Set the default key strength. Usable values are 512 or 1024. The default value is 512. Syntax: HP SA7120> set kstrength <512 | 1024> where <512> allows you to specify low key strength and <1024> allows you to specify high key strength. show kstrength Display the default key strength value.
CHAPTER 5 Command Reference Command Description set server_tmo Limits the period of time to establish a connection with the server. If the connection is not established within the specified time, the client request is rejected. NOTE: Typical causes for server timeout include: server powered off, server not accessible, application is not available on the specified port. Syntax: HP SA7120> set server_tmo where is a value in seconds between 5 and 36000.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Definition delete block Delete a block specified by index number. Use show block (see below) to correlate existing blocks with their numbers. Example: HP SA7120> delete block 1 HP SA7120> show block Display all existing blocks. Example: HP SA7120> show block -------blocks : --------(1) block 10.1.2.1 255.255.0.0 20.1.2.1 255.255.0.
CHAPTER 5 Command Reference Command Definition show permit Display permits currently in force. Example: HP SA7120> show permit -------permits : --------(1) permit 10.1.2.1 255.255.0.0 20.1.2.1 255.255.0.0 443 0xffff ---------HP SA7120> create map Create a mapping that associates server IP, SSL port, clear text port, and Key ID. Example: HP SA7120> create map Server IP (0.0.0.0): 1.1.1.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Definition list maps List all mappings. (Same as show map.) Example: HP SA7120> list maps Map ID KeyID Server IP == ===== ========= 1 default Any 2 sample 1.1.2.
CHAPTER 5 Command Reference Command Description inline Enables inline mode, in which the SA7100/SA7120 processes traffic normally. (As opposed to bypass mode, in which traffic may flow through the device unprocessed.) Example: HP SA7120> inline The LED labeled “inline” on the SA7100/SA7120’s front panel is illuminated when inline mode is enabled. NOTE: Other factors may preclude the use of inline mode. See Failure/Bypass Modes in Appendix B.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Description set spill Allows you to enable or disable spill mode. “Spill” is used to offload processing of a request, when the SA7100/SA7120 has reached a specified queue threshold, to a secondary SA7100/ SA7120 or to the server.
CHAPTER 5 Command Reference Remote Management Commands Command Description list procs List all processes associated with the CLI and remote management commands (inetd, telnetd, sshd2, and snmpd). Example: HP SA7120> list procs PID: 40 PID: 41 HP SA7120> set ip PROG: cli PROG: cli Assign an IP address and netmask to the SA7100/SA7120’s network interface for Telnet and SSH sessions. CAUTION: The assignment of an IP address introduces security issues.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Description set telnet Enables or disables Telnet sessions. When this command is set to “enable” and an IP address is assigned to the SA7100/SA7120’s network interface, you can access the device’s CLI via remote Telnet session. When disabled, the device refuses Telnet connections. The console prompts for any missing parameters. Default: disable. Syntax: HP SA7120> set telnet enable Need an IP address to start Telnet service.
CHAPTER 5 Command Reference Command Description set ssh Enable or disable Secure Shell (SSH) sessions. When this command is set to “enable” and an IP address is assigned to the SA7100/SA7120’s network interface, you can access the device’s CLI via remote SSH session. When disabled, the device refuses SSH connections. Default: disable. Syntax: HP SA7120> set ssh show ssh Display current SSH status: enabled or disabled.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Description setsnmp snmp_info Set the following SNMP information and parameters: • SNMP port (Default: 161) • SNMP trap port (Default: 162) • Contact person • System name • System location Example: HP SA7120> setsnmp snmp_info SNMP Port [161]: 161 SNMP Trap Port [162]: 162 Contact Person []: support System Location []:Palo Alto System Name []: SA7120 showsnmp snmp_info Display the currently effective SNMP informatio
CHAPTER 5 Command Reference Command Description list snmp_community Display currently configured SNMP community strings. Example: HP SA7120> list snmp_community <2> Current SNMP Community String(s): 1.) IP: 0.0.0.0 => String: public 2.) IP: 0.0.0.0 => String: private delete snmp_community Delete SNMP community strings. Example: HP SA7120> delete snmp_commmunity SNMP Community String(s) Deletion. <2> Current Available SNMP Community 1.) IP: 0.0.0.0 => String: 2.) IP: 0.0.0.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Description list trap_community Display SNMP trap community strings. Example: HP SA7120> list trap_community SNMP Trap Community String(s) information. <2> Current SNMP Trap Community String(s): 1.) IP: 0.0.0.0 => String: public 2.) IP: 0.0.0.0 => String: private delete trap_community Delete SNMP trap community strings. Example: HP SA7120> delete trap_community SNMP Trap Community String(s) Deletion.
CHAPTER 5 Command Reference Alarms and Monitoring Commands Command Description set alarms Enable all or a selection of the SA7120’s alarms. Syntax: HP SA7120> set alarms where all enables all five of the SA7120’s alarms. esc enables the Encryption Status Change Alarm.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Description show rsc_window Display current Refused SSL Connections Alarm interval. Syntax: HP SA7120> show rsc_window Check for refused SSL connections [secs]: set utl_window Set interval (window) at which the device checks for exceeded utilization thresholds (CPU load, Connections per Second, or Total Open Connections) and, if any are detected, issues a Utilization Threshold Alarm.
CHAPTER 5 Command Reference Command Description set utl_lowwater Set the Utilization Threshold Alarm low-water value. Expressed as a percentage, the low-water value represents the lowest CPU utilization, Connections per Second, or Total Open Connections required to trigger a UTL Alarm. (Range: 1-99%, default: 60) NOTE: See also set utl_window and set utl_highwater.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Description show ovl_window Display the current Overload Alarm window. Example: HP SA7120> show ovl_window Check for overload conditions [sec]: 10 Configuration Commands Command Description show config Display current volatile configuration settings. Example: HP SA7120> show config # default config file created on Tues July 25 06:56:46 2000 (Configuraton parameters are displayed here...
CHAPTER 5 Command Reference Command Description show config default Display default configuration settings. These are values used when factory default commands are executed. Example: HP SA7120> show config default Default configuration ===================== conlog 0xffffffef ilog 0xffffffff trace 0xfffff3dd media auto logport tty01 cache 3 server_tmo 5 client_tmo 30 serverif exp1 netif exp0 map 0.0.0.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Description config compare Display differences between saved and current configuration. For optimal flexibility in configuration and testing, the SA7100/ SA7120 supports both “current” (volatile) and “saved” (nonvolatile) configurations. The config compare command displays the differences, if any, between the two configurations.
CHAPTER 5 Command Reference Command Description export config Export all configuration, key, sign and certificate information (ASCII, xmodem). WARNING: Do not edit an Example: exported configuration file. HP SA7120> export Export protocol: Press any key to done... # default config 06:56:46 2000 config (xmodem, ascii) [ascii]: start, then again when file created on Fri Jul 28 (...configuration specifics are displayed...) HP SA7120> import config Import a configuration file (paste, xmodem).
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Description import upgrade Import a complete software release. (See Chapter 8 for details regarding software updates.) Example: HP SA7120> import upgrade Import protocol: (xmodem) [xmodem]: Start xmodem upload now Use Ctl-x to cancel upload Verifying upgrade image... upgrade image valid version x.
CHAPTER 5 Command Reference Command Description factory_default Returns to factory configuration settings. Example: HP SA7120> factory_default Reset to default configuration [n]: y Reset to factory defaults System rebooting...done T944 V2.31 DXC. .. 868242+361188O/S running Generating 512 bit default key Generating default certificate Saving default key/cert to flash Restricted Rights Legend (...copyright and version information displayed here...
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Description show info Display software version information. Example: HP SA7120> show info ============================================ === hp e-commerce server accelerator sa7120 === Copyright (c) 2001 Hewlett-Packard Company === === Version 2.3.2, Build xx ============================================ set date Set the date and time. WARNING: Execution of this command reboots the SA7100/ SA7120.
CHAPTER 5 Command Reference Command Description set ether Specify ethernet settings. Example: HP SA7120> set ether 1 - auto 2 - 10baseT, half duplex 3 - 10baseT, full duplex 4 - 100baseTX, half duplex 5 - 100baseTX, full duplex Select media type [1]: Media set to auto HP SA7120> show ether Display ethernet settings. Example: HP SA7120> show ether Ethernet media set to auto HP SA7120> set idleto Set the console idle interval.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Description show more Display the current setting for the console display’s page length. Default is 300. Example: HP SA7120> show more Set 23 lines per page nic Allows you to set the network interface card configuration.
CHAPTER 5 Command Reference Command Description show serial Display console serial parameters. Example: HP SA7120> show serial Speed: 9600 Bits: 8 Stop bits: 1 Parity: n HP SA7120> exit Log the user out of the CLI. If the current configuration has changed, the user is allowed to save the current configuration as the active configuration. Example: HP SA7120> exit Exiting CLI... . . . password: Logging Commands Command Description export log Export a saved log/trace file.
CHAPTER 5 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Command Description delete log Delete saved log/trace files from /flash/logs. Syntax: HP SA7120> delete log | all where is the ID of the specific log you want to delete, and all deletes all logs. list logs 92 List all log files.
Remote Management Overview The current software release allows you to remotely manage the SA7100/SA7120. Remote management is available via three protocols: NOTE: Remote management functions can be enabled and configured only through the local serial console. • Telnet • Secure Shell (SSH) • SNMP When enabled, remote management allows you to access the device’s Command Line Interface (CLI) from Telnet or SSH sessions running on remotely located machines.
CHAPTER 6 Limitations HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Note that several CLI capabilities available at the local console are unavailable in remote sessions.
CHAPTER 6 Overview • show telnet_port displays current Telnet port. SSH-specific: • set ssh enable|disable enables or disables SSH sessions. • show ssh displays current SSH status: enabled or disabled. • set ssh_port sets the SSH port. (Default: 22.) • show ssh_port displays current SSH port. SNMP-specific: • setsnmp snmp enable|disable enables or disables SNMP management. • showsnmp snmp displays current SNMP status: enabled or disabled.
CHAPTER 6 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Remote Telnet Sessions NOTE: The default password for Telnet sessions is admin. This section contains procedures for accessing the SA7100/SA7120’s CLI via remote Telnet session. Local Serial Console Assign an IP address to the SA7100/SA7120’s network interface using the following procedure: HP SA7120> set ip Enter IP [10.1.2.56]: 10.1.1.1 Enter Netmask [255.255.255.
CHAPTER 6 Remote Console, Telnet NOTE: If other remote sessions are already running and the new one exceeds the number allowed as configured with the set max_remote_sessions command, the CLI displays the message, “Max Remote Session Limit of (5) exceeded!” Either close a session, or increase the maximum number allowed. Changing the Telnet Port Remote Telnet Sessions With remote Telnet enabled on the SA7100/SA7120, use the following procedure to access it’s CLI: Unix-prompt> telnet 10.1.1.1 Trying 10.1.
CHAPTER 6 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Disabling Telnet Telnet sessions are disabled at the SA7100/SA7120’s local serial console. To disable, follow the steps below: HP SA7120> set telnet disable To verify Telnet disable: HP SA7120> show telnet Telnet: disable To ensure that Telnet sessions remain disabled across a device shutdown and startup, run the config save command. Remote SSH Sessions NOTE: The default user name and password for SSH sessions are admin.
CHAPTER 6 Remote SSH Sessions Configure the network route: HP SA7120> set route Enter Default Route (’none’ to delete) [10.1.1.1] : Verify the route configuration (optional): HP SA7120> show route Default Route : 10.1.1.1 Delete a route configuration (optional): HP SA7120> set route none NOTE: To ensure that this remote management configuration persists across a device shutdown and startup, run the config save command. Remote SSH management is now enabled and configured on the SA7100/SA7120.
CHAPTER 6 Changing the SSH Port HP e-Commerce Server Accelerator SA7100/SA7120 User Guide The SSH port is set and displayed by using the CLI commands set ssh_port and show ssh_port. These commands are available only at the local serial console and when the remote management is enabled. By default, the SSH port number is 22.
CHAPTER 6 SNMP Standards Compliance The SA7100/SA7120 SNMP agent is bilingual and can support both SNMPv1 and SNMPv2c requests. HP private enterprise MIB files are compliant with SMIv2 as specified in RFC 1902. SET operations are not allowed for any private MIB objects for the SA7100/SA7120, although you can change MIB variable values by way of commands issued on the CLI. HP MIB Tree The figure below illustrates the top level of HP’s MIB tree.
CHAPTER 6 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide All HP enterprise MIBs and MIB objects are defined under the mib2ext branch of the tree. All system object IDs that identify products are defined under the hpServerAppliancesSystem branch of the tree. Supported MIBs Management Information Base-II (MIB-II) HP Enterprise MIBs: hpserver-header.my hpssl-appliance-mib.
CHAPTER 6 SNMP spill(2): Device will spill SSL connections when utilization reaches 100% sslSessionCache enabled(1): SSL session caching is turned on disabled(2): SSL session caching is turned off restarts Number of times the system has restarted appLastRestart The value of sysUpTime at the time the last restart of the application process happened encryptionAlarm enabled(1): Encryption status change alarm is turned on disabled(2): Encryption status change alarm is turned off sslConnectionAlarm enabled(1):
CHAPTER 6 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide networkInterfaceState State of the network-side interface utilWindow Sliding window (in seconds) to calculate average connections, CPU utilization, and active connnection rates cpuUtil CPU utilization percentage (0-100) cpuUtilNetwork CPU utilization percentage processing network traffic (0-100) cpuUtilProxy CPU proxy utilization percentage (0-100) cpuUtilHiWater CPU utilization high water mark (2-100) cpuUtilLoWater CPU utilization low w
CHAPTER 6 SNMP Concurrent open SSL connection count high water mark sslConnCntLoWater Concurrent open SSL connection count low water mark sslConnCntState When concurrent open SSL connection count exceeds the hi water mark, sslConnCntState is in alert and is not returned to normal until the lo water threshold is crossed encryptedBps Encryption rate in bytes per second encryptedBpsMaximum Maximum encryption rate in bytes per second since (re)start encryptedBytesTotalMb Total number of megabytes of data encr
CHAPTER 6 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide spillsTotal Total number of spills since (re)start spills Number of spills in the last sslOverloadInterval refusedSslInterval The periodic interval (in seconds) used when counting the number of refused SSL connections. If any SSL connections were refused in this time interval, a trap is generated.
CHAPTER 6 SNMP cpuUtilAlert The device has exceeded the CPU utilization high water threshold cpuUtilNormal CPU utilization back to normal levels sslCpsAlert The device has exceeded the SSL connections per second high water threshold sslCpsNormal The SSL connections per second processed by the device is back to normal levels sslConnCntAlert The device has exceeded the open SSL connection count high water threshold sslConnCntNormal The open SSL connection count of the device is back to normal levels sslConn
CHAPTER 6 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Specifying SNMP Information Configurable SNMP parameters can be set collectively using the setsnmp snmp_info command as illustrated below: HP SA7120> setsnmp snmp_info SNMP Port [161]: 161 SNMP Trap Port [162]: 162 Contact Person []: support System Location []: System Name []: SA7120 Current values of SNMP parameters are displayed using the shownmp snmp_info command: HP SA7120> showsnmp snmp_info SNMP Port Number : 161 SNMP Trap Port Num
CHAPTER 6 SNMP Community String Use CLI commands setsnmp snmp_community, list snmp_community and delete snmp_community to set, list, and delete SNMP community strings. HP SA7120> setsnmp snmp_community SNMP Community String(s) Setting. <2> Current SNMP Community String(s): 1.) IP: 1.1.1.1 => String: 1.1.1.2 => Rights: read 2.) IP: 1.1.1.3 => String: 1.1.1.4 => Rights: read Enter a SNMP Community IP (q to quit) [1.1.1.4]: 1.1.1.5 Enter a SNMP Community String (q to quit) [1.1.1.5]: 1.1.1.
CHAPTER 6 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Notes 110
Alarms and Monitoring Overview The HP e-Commerce Server Accelerator SA7100/SA7120 supports: • Alarms that can be sent to the console upon pre-designated events • Periodic status-monitoring reports Both alarms and monitor reports are single lines of text. Both can be written either to the local administration console or to remote management sessions (Telnet or Secure Shell only). On the display, alarms are prefaced by the letter “A,” and monitor reports with the letter “M.” Both have timestamps.
CHAPTER 7 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Alarms can be configured to immediately notify the user of the following conditions: • Encryption Status change • Refused SSL connections • Utilization (Threshold) alarms • Overload alarms • Network Link Status All alarms are disabled by default and may be enabled in any combination.
CHAPTER 7 Alarm Types rsc => Refused SSL conections alarm. utl => Utilization threshold alarm. HP SA7120> set alarm all HP SA7120> show alarm Alarms set: esc rsc utl ovl nls. HP SA7120> set alarm none HP SA7120> show alarm Alarms set: Alarm Types The configurable alarm types are detailed in separate sections below. ESC: Encryption Status Change Alarm When enabled, an alarm is issued when the device is changed between INLINE and BYPASS modes.
CHAPTER 7 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Format: A:mm/dd/yyyy hh:mm:ss RSC:CSMM|CCAF:XXX: /*message*/ Where: A: identifies the message as an alarm. mm/dd/yyyy hh:mm:ss is the timestamp. RSC: identifies the message as an Refused SSL Connections Alarm.
CHAPTER 7 UTL: Utilization Threshold Alarm Alarm Types This alarm monitors three utilization threshold values: • CPU • Connections per Second • Total Open Connections When enabled, an alarm is issued whenever any of the utilization values exceeds its high-water mark, or, having exceeded the highwater mark, drops below the low-water mark. The user defines the high and low-water marks. By default, the high-water mark is 90% and the low-water mark is 60%.
CHAPTER 7 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide UTL Alarm CLI commands To set Utilization Threshold Alarm time window: set utl_window (Range: 5-65000, default: 15) To set Utilization Threshold Alarm high-water value: set utl_highwater (Range: 2-100, default: 90) To set Utilization Threshold Alarm low-water value: set utl_lowwater (Range: 1-99, default: 60) To display current settings: show utl_window show utl_highwater show utl_lowwater Examples:
CHAPTER 7 Alarm Types Alarm Modifiers and Messages SPIL: indicates overload resulting in a spill. Message: Spill mode. THRT: indicates overload resulting in a throttle. Message: Throttle mode. Extended Data XXX: An integer value indicating the total number of overload events that occurred during the most recent alarm period.
CHAPTER 7 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Extended Data LINKD: indicates no carrier. 10HDX: indicates 10Mb/s, half duplex. 10FDX: indicates 10Mb/s, full duplex. 100HDX: indicates 100Mb/s, half duplex. 100FDX: indicates 100Mb/s, full duplex. Alarm Logging The SA7100/SA7120 maintains a circular buffer of alarms issued.
CHAPTER 7 Alarm Logging Example: status command HP SA7120> status 20000727_145544 ================= STATE ==================== Boot time: Thu Jul 27 14:54:21 2000 Curr time: Thu Jul 27 14:55:43 2000 Restarts: 3 KTR Mask: 0xFFFFF3DD Total Connections: 0 Active Connections: 0, 0 (cur, max) Connections/Second: 0, 0 (cur, max) Util Status: Secure Bytes Read: Plain Bytes Read: Secure Bytes Wrote: Plain Bytes Wrote: Bytes Allocated to dbufs: Bytes Per dbuf: Spill Mode: Transactions Spilled: Times Thottled Accep
CHAPTER 7 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide server_tmo 5 client_tmo 30 serverif exp1 netif exp0 map 0.0.0.
CHAPTER 7 Monitoring Example: status alarms command HP SA7120> status alarms A:07/27/2000 14:57:05:ESC:CONI:/* Console inline */ A:07/27/2000 14:57:05:NLS:NETL:100HDX:/* Network port status, 100Mb/s, half dup/ A:07/27/2000 14:57:01:ESC:CONB:/* Console bypass */ A:07/27/2000 14:57:01:NLS:NETL:NC:/* Network port status, No carrier */ A:07/27/2000 14:56:51:NLS:SVRL:NC:/* Server port status, No carrier */ A:07/27/2000 14:56:46:NLS:SVRL:100FDX:/* Server port status, 100Mb/s, full dupl/ A:07/27/2000 14:56:30:ES
CHAPTER 7 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Monitor report format: M:mm/dd/yyyy hh:mm:ss mode:failmode:CPU;i,k,a:CPS;c,m,t:OVRLD;r,c,m,t: NetIF;s:SvrIF;s:BES;c,m,t;BDS;c,m,t Where: M Monitor report mm/dd/yyyy hh:mm:ss Timestamp mode Bypass mode status [INLINE|BYPASS] failmode Fail mode status [SAFE|THRU] CPU;i,k,a CPU%; (i)dle, (k)ernel, (a)pplication CPS;c,m,t SSL Connections per Second; (c)urrent, (m)ax, (t)otal OVRLD;r,c,m,t Overload events; (r)esponse [SPIL|THRT], (c)urrent, (
CHAPTER 7 Monitoring set monitoring enable|disable (Default: disable) show monitoring Examples: HP SA7120> set monitoring_interval 15 HP SA7120> show monitoring_interval Monitoring report interval [secs]: 15 HP SA7120> set monitoring disable HP SA7120> show monitoring Monitoring for this terminal: disabled HP SA7120> set monitoring_fields all HP SA7120> show monitoring_fields Monitoring report fields: mode failmode cpu cps ovrld link enc dec HP SA7120> set monitoring enable HP SA7120> show monitoring Mon
CHAPTER 7 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Notes 124
Software Updates Use the import upgrade command to upgrade your HP e-Commerce Server Accelerator SA7100/SA7120 software. When you upgrade your SA7100/SA7120 software, the configuration (including all keys, certificates, and mapping) is saved. However, all log files are cleared. The software is in the form of an image file (*.IMG). Use the import patch command to install a patch to a current software release. Patches typically effect fixes to minor software issues.
CHAPTER 8 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Before Upgrading Monitoring output data can interfere with import/ export operations If import or export operations are carried out while any of the device’s monitors are enabled, the monitors’ periodic output will be inserted into the data flow of the import or export.
CHAPTER 8 Using Windows* HyperTerminal* Using Windows* HyperTerminal* Command: import upgrade Use the SA7100/SA7120’s aux console port, which defaults to 115.2 kbps, for greater speed. The import procedure (using xmodem) requires approximately 7 minutes at 115.2 kbps. 1. Download the image file (.IMG) to the local PC. 2. Connect the serial cable from COM1 or COM2 to the SA7100/ SA7120 auxiliary console. 3. Log in to the SA7100/SA7120. 4. Type the import upgrade command. The command prompts for xmodem.
CHAPTER 8 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide 4. Type the import patch command. The command prompts for xmodem. Press Enter to use the default (xmodem). HP SA7120> import patch Import protocol: (xmodem) [xmodem]: Start xmodem upload now Use Ctl-X to cancel upload 5.
Troubleshooting Item Symptom 1 Server and/or Network LEDs not illuminated. Probable Cause • Unit is in Bypass mode. • Improper cabling. Remedy • If the Inline LED is not illuminated (solid or blinking) take the SA7100/ SA7120 out of Bypass mode by either pressing the Bypass switch on the unit’s front panel or using the CLI’s inline command.
CHAPTER 9 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Item Symptom 2 Non-SSL data does not pass through SA7100/SA7120. 3 4 130 Web pages are not completely displayed, or an error message such as, “Document Contains No Data” appears. SSL traffic does not pass through SA7100/SA7120 Probable Cause Improper cabling. Remedy • Refer to Item 1 in this table.
CHAPTER 9 Troubleshooting Item Symptom Probable Cause Remedy 5 Error message: The page cannot be displayed. The digital certificate and/or private key is corrupt. Use the default key and certificate, or create new key and unsigned certificate. Try the page again. If the error no longer appears, recreate your private key and certificate signing request (CSR) and resubmit to the certificate authority to get a new certificate.
CHAPTER 9 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Item Symptom Probable Cause Remedy 7 Error message: Server/Network media mismatch Server and network ports have autonegotiated to different media settings. Use the status command to determine the media settings: HP SA7120> status . . Network port 100baseTX Full Duplex Server port 10baseT, Half Duplex Then use the nic command to force common media attributes, e.g.
Front Panel The following diagram shows the LEDs, buttons, switches and connections for the HP e-Commerce Server Accelerator SA7100/ SA7120. Note that there is no power switch or button. Power is applied to the device by connecting the power cable.
APPENDIX A HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Buttons and Switches There are two buttons and one switch on the front panel of the SA7100/SA7120. Button/Switch Action Reset button Press momentarily to issue a soft reset to the SA7100/SA7120. Press for 5 seconds to reset the SA7100/SA7120 and restore the factory defaults. Bypass button Press to physically force bypass mode (bypass SA7100/SA7120 processing).
APPENDIX A LED Overload Front Panel LEDs Status ON – SA7100/SA7120 is saturated with SSL requests. LED ranges from dim flickering to bright steady, indicating low to high spillover. Refer to the spill command for ways to offload requests to another SA7100/SA7120. OFF – Normal operation. Activity ON – SSL processing is being performed. Ranges from dim, when processing loads are low to bright, when greater amounts of processing are occuring. OFF – No SSL processing is being performed.
APPENDIX A HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Connectors The following table describes the SA7100/SA7120’s connectors. Designator Type Purpose Network RJ45 100baseTX/10baseT connection to network (clients), wired as a host port. Server RJ45 100baseTX/10baseT connection to server (or servers), wired as a hub port. Console DB9 RS-232 DTE console port (9600 8, N, 1) Aux Console DB9 RS-232 DTE console port (115200, 8, N, 1) includes kernel diagnostics at boot.
Failure/Bypass Modes WARNING: Enabling bypass mode will instantly and without warning terminate all active remote management sessions. The HP e-Commerce Server Accelerator SA7100/SA7120 is designed with the ability to automatically bypass e-Commerce traffic in the event of a failure. If necessary, the user can force a bypass with the Bypass button or from the command line interface using the bypass command. There is also a security feature (Fail-through switch).
APPENDIX B HP e-Commerce Server Accelerator SA7100/SA7120 User Guide LEDs Inline Network Link (green) Server Link Network Link Server Link Reset Bypass Fail-Through switch Front Panel Detail: Failure/Bypass Mode Controls and Indicators Bypass Button Forcing a bypass of the SA7100/SA7120 may be necessary when certain actions must be performed offline (e.g., configuration changes, entering certificates, or problem isolation). To force a bypass of SA7100/SA7120 processing, push the Bypass button ON.
APPENDIX B Fail-through Switch (Security Level) During normal processing, the Inline (green) LED on the front panel indicates whether e-Commerce traffic will pass through in the event of a failure (depending on Fail-through switch state).
APPENDIX B HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Notes 140
Supported Ciphers The HP e-Commerce Server Accelerator SA7100/SA7120 supports only RSA key exchange and authentication. Diffie-Hellman (including Anonymous and Ephemeral) key exchange/authentication and DSS authentication are not supported. Use the set cipher command to specify the cipher. The command prompts you for the cipher strength and SSL version level.
APPENDIX C HP e-Commerce Server Accelerator SA7100/SA7120 User Guide SSL Version Level • SSLv2 - all SSL version 2.0 ciphers • SSLv3 - all SSL version 3.0 ciphers • SSLv2 and SSLv3 - all SSL version 2.0 and 3.0 ciphers The default cipher value is all supported ciphers (both SSLv2 and SSLv3). The following table provides ciphers supported by the SA7100/ SA7120. Note that the export version of the software supports only the ciphers marked “E” in the Profile column.
APPENDIX C SSL Version Level Name Protocol Key Exchange Authentication Encryption (key size) Message Profile (Hi/ Authentication Medium/ Low/ Export) RC2CBCMD5 SSLv2 RSA RSA RC2(128) MD5 M RC4-MD5 SSLv2 RSA RSA RC4(128 MD5 M RC4-64MD5 SSLv2 RSA RSA RC4(64) MD5 L DESCBCMD5 SSLv2 RSA RSA DES(56) MD5 L SSLv3 EXPDESCBC-SHA RSA(512) RSA DES(40) SHA1 E SSLv3 RSA(512) RSA RC2(40) MD5 E EXPSSLv3 RC4-MD5 RSA(512) RSA RC4(40) MD5 E SSLv2 RSA(512) RSA RC2(40) MD5
APPENDIX C HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Notes 144
Regulatory Information Taiwan Class A EMI Statement
APPENDIX D HP e-Commerce Server Accelerator SA7100/SA7120 User Guide VCCI Statement Class A ITE This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions. Internal access to the device is intended only for qualified service personnel.
APPENDIX D Canada Compliance Statement (Industry Canada) NOTE: This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. CAUTION: If you make any modification to the equipment not expressly approved by HP, you could void your authority to operate the equipment.
APPENDIX D HP e-Commerce Server Accelerator SA7100/SA7120 User Guide CISPR 22 Statement WARNING: This is a Class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures. VCCI Class A (Japan) Australia WARNING 148 The system is designed to operate in a typical office environment. Choose a site that is: • Clean and free of airborne particles (other than normal room dust).
APPENDIX D AVERTISSEMENT • In regions that are susceptible to electrical storms, we recommend you plug your system into a surge suppressor and disconnect telecommunication lines to your modem during an electrical storm. • Provided with a properly grounded wall outlet. Do not attempt to modify or use the supplied AC power cord if it is not the exact type required.
APPENDIX D HP e-Commerce Server Accelerator SA7100/SA7120 User Guide WARNUNG Das System wurde für den Betrieb in einer normalen Büroumgebung entwickelt. Der entwickelt.
APPENDIX D ADVERTENCIAS • In aree soggette a temporali, è consigliabile collegare il sistema ad un limitatore di corrente. In caso di temporali, scollegare le linee di comunicazione dal modem. • Dotata di una presa a muro correttamente installata. Non modificare o utilizzare il cavo di alimentazione in c. a. fornito dal produttore, se non corrisponde esattamente al tipo richiesto.
APPENDIX D HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Wichtige Sicherheitshinweise 1. Bitte lesen Sie sich diese Hinweise sorgfältig durch. 2. Heben Sie diese Anleitung für den spätern Gebrauch auf. 3. Vor jedem Reinigen ist das Gerät vom Stromnetz zu trennen. Vervenden Sie keine Flüssig- oder Aerosolreiniger. Am besten dient ein angefeuchtetes Tuch zur Reinigung. 4. Um eine Beschädigung des Gerätes zu vermeiden sollten Sie nur Zubehörteile verwenden, die vom Hersteller zugelassen sind. 5.
APPENDIX D Wichtige Sicherheitshinweise 15. Wenn folgende Situationen auftreten ist das Gerät vom Stromnetz zu trennen und von einerqualifizierten Servicestelle zu überprüfen: a. Netzkabel oder Netzstecker sint beschädigt. b. Flüssigkeit ist in das Gerät eingedrungen. c. Das Gerät war Feuchtigkeit ausgesetzt. d. Wenn das Gerät nicht der Bedienungsanleitung ensprechend funktioniert oder Sie mit Hilfe dieser Anleitung keine Verbesserung erzielen. e.
APPENDIX D HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Notes 154
Software License Agreement ATTENTION: USE OF THE SOFTWARE IS SUBJECT TO THE HP SOFTWARE LICENSE TERMS SET FORTH BELOW. USING THE SOFTWARE INDICATES YOUR ACCEPTANCE OF THESE LICENSE TERMS. IF YOU DO NOT ACCEPT THESE LICENSE TERMS, YOU MAY RETURN THE SOFTWARE FOR A FULL REFUND. IF THE SOFTWARE IS BUNDLED WITH ANOTHER PRODUCT, YOU MAY RETURN THE ENTIRE UNUSED PRODUCT FOR A FULL REFUND. HP SOFTWARE LICENSE TERMS License Grant. HP grants you a license to Use one copy of the Software.
APPENDIX E HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Ownership. The Software is owned and copyrighted by HP or its third party suppliers. Your license confers no title or ownership and is not a sale of any rights in the Software, its documentation or the media on which they are recorded or printed. Third party suppliers may protect their rights in the Software in the event of any infringement. Copies and Adaptations.
APPENDIX E U.S. Government Restricted Rights. The Software and any accompanying documentation have been developed entirely at private expense. They are delivered and licensed as "commercial computer software" as defined in DFARS 252.227-7013 (Oct 1988), DFARS 252.211-7015 (May 1991) or DFARS 252.227-7014 (Jun 1995), as a "commercial item" as defined in FAR 2.101(a), or as "Restricted computer software" as defined in FAR 52.
APPENDIX E HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Mozilla* and expat* License Information 1. expat (http://www.jclark.com/xml/expat.html) is code used in the SA7100/SA7120. The license governing the expat code is either the Mozilla Public License (MPL) Version 1.1 or the GNU General Public License. 2. The open source code has neither been modified by HewlettPackard nor have files been added to or deleted from the source code by Hewlett-Packard.
APPENDIX E Mozilla* and expat* License Information 1.7. ’’Larger Work’’ means a work which combines Covered Code or portions thereof with code not governed by the terms of this License. 1.8. ’’License’’ means this document. 1.8.1. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein. 1.9.
APPENDIX E HP e-Commerce Server Accelerator SA7100/SA7120 User Guide For purposes of this definition, "control’’ means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. 2. Source Code License. 2.1. The Initial Developer Grant.
APPENDIX E Mozilla* and expat* License Information (b)under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: 1) Modifications made by that Contributor (or portions thereof); and 2) the combination of Modifications made by that Contributor with its Contributor Version (or portions of s
APPENDIX E HP e-Commerce Server Accelerator SA7100/SA7120 User Guide 3.2. Availability of Source Code.
APPENDIX E Mozilla* and expat* License Information to implement that API, Contributor must also include this information in the LEGAL file. (c) Representations. Contributor represents that, except as disclosed pursuant to Section 3.4(a) above, Contributor believes that Contributor’s Modifications are Contributor’s original creation(s) and/or Contributor has sufficient rights to grant the rights conveyed by this License. 3.5. Required Notices.
APPENDIX E HP e-Commerce Server Accelerator SA7100/SA7120 User Guide 3.6. Distribution of Executable Versions. You may distribute Covered Code in Executable form only if the requirements of Section 3.1-3.5 have been met for that Covered Code, and if You include a notice stating that the Source Code version of the Covered Code is available under the terms of this License, including a description of how and where You have fulfilled the obligations of Section 3.2.
APPENDIX E Mozilla* and expat* License Information 5. Application of this License This License applies to code to which the Initial Developer has attached the notice in Exhibit A and to related Covered Code. 6. Versions of the License. 6.1. New Versions. Netscape Communications Corporation (’’Netscape’’) may publish revised and/or new versions of the License from time to time. Each version will be given a distinguishing version number. 6.2. Effect of New Versions.
APPENDIX E HP e-Commerce Server Accelerator SA7100/SA7120 User Guide 7. DISCLAIMER OF WARRANTY. COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS’’ BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU.
APPENDIX E Mozilla* and expat* License Information arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Participant to You under Sections 2.1 and/or 2.2 automatically terminate at the expiration of the 60 day notice period specified above.
APPENDIX E HP e-Commerce Server Accelerator SA7100/SA7120 User Guide 9. LIMITATION OF LIABILITY.
APPENDIX E Mozilla* and expat* License Information 11. MISCELLANEOUS. This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by California law provisions (except to the extent applicable law, if any, provides otherwise), excluding its conflictof-law provisions.
APPENDIX E HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. The Original Code is _________________________________. The Initial Developer of the Original Code is _______________. Portions created by _____________________ are Copyright © ______ _______________________.
Support Services Support for your SA7100/SA7120 U.S.
APPENDIX F Europe HP e-Commerce Server Accelerator SA7100/SA7120 User Guide For hardware service and telephone support, contact: • An HP-authorized reseller or • One of the following HP Customer Support Centers: Country and Number Austria – 0660 6386 Belgium (Dutch) – 02 626 8806 Belgium (French) – 02 626 8807 Czech Republic – 420 2 613 07 310 Denmark – 3929 4099 English (non-UK) – +44 0870 842 2339 Finland – 02 03 47 288 France – 01 43 62 3434 Germany – 0180 525 8143 Greece – +30 (0) 16196411 Hungary
APPENDIX F Asia Support for your SA7100/SA7120 For hardware service and telephone support, contact an HPauthorized reseller or one of these support centers: Country and Number Australia – 03-8877-8000 Hong Kong – 800-96-2598 India – 91-11-6826035 Indonesia – 0800-21511 Japan – 0120-220-119 Korea – +82-2-32700911 Malaysia – 60 3 2931811 or 1-800-881811 New Zealand – Upper North Island – 09-356-6640 Lower North Island – 04-499-2026 South Island – 03-365-9805 People’s Republic of China – 86-8008105959 Phili
APPENDIX F Other Countries 136 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide For hardware service, contact your local authorized reseller or HP sales office. For telephone support, contact your authorized reseller.
Glossary This section defines terms and acronyms used throughout the HP eCommerce Server Accelerator SA7100/SA7120 User Guide. Bypass User action causing traffic to bypass SA7100/SA7120 processing, done either through the CLI bypass command or Bypass button on the front panel of the SA7100/SA7120. Cascading A configuration of two or more SA7100/SA7120s serially connected together to accommodate larger e-Commerce traffic processing (CPS) loads.
GLOSSARY HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Fulfillment Server HTTP HTTPS Inline IP IP Address IP Service Hypertext Transfer Protocol: the protocol used between a Web browser and a server to request a document and transfer its contents. HTTP exchanged over an SSL-encrypted session. When the SA7100/SA7120 is able to process SSL traffic, the Inline LED on the front panel is lit (blinking or steadily illuminated). Internet Protocol A unique identifier for a node on an IP network.
GLOSSARY HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Signing Request SNMP SSL (Secure Socket Layer) VeriSign* Required for a request for certificate authentication by a Certificate Authority. Simple Network Management Protocol. An application-layer Intenet protocol by which multiple devices in a network can be monitored and to some extent configured. Protocol developed by Netscape for encrypted transmission over TCP/IP networks, setting up a secure end-to-end link.
GLOSSARY HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Notes 178
Index A Administration Commands 87 Alarms Encryption status change 113 Logging 118 Network link status 117 Overload 116 Refused SSL connections 113 Utilization threshold 115 Automapping 30 Automapping with multiple port combinations 30 Automapping with user-specified key and certificate 30 B Blocking 31 All IPs, specific port 32 Delete block 33 Specific IP, specific port 31 Subnet IP, subnet mask, specific port 32 Bypass mode 137 C Cascading 14, 40 Certificate Authority 17 Certificates 16 Ciphers 142 Combi
INDEX HP e-Commerce Server Accelerator SA7100/SA7120 User Guide E Logging Commands 91 Egress routers 43 Encryption status change alarm 113 M F Failure/Bypass modes 137 Front panel LEDs 134 Manual mapping 30, 31 Mapping 29 Multiple 7100/7120s 40 Multiple servers 38 N G Getting Help 47 Global site certificates 23 Network connections 7 Network link status alarm 117 O H Help 47 Operational Commands 70 Overload alarm 116 I P Import certificate 19, 21 import key 38 Ingress routers 43 Input Editing C
INDEX HP e-Commerce Server Accelerator SA7100/SA7120 User Guide S Scenarios Cascading Multiple 7100/7120s 40 Using the 7100/7120 43 Using the 7100/7120 with Multiple Servers 38 Using the 7100/7120 with One Server 36 SNMP 100 Community string 109 Enabling 107 Private traps 106 Specifying information 108 Standard traps 106 Trap community string 109 Trap summary 106 software license agreement 155 Spill enable 41 Spilling 15 SSL Commands 58 SSL Processing 29 Status Commands 57 Support 171 Asia 173 Europe 172
INDEX HP e-Commerce Server Accelerator SA7100/SA7120 User Guide Notes 182