HP e-Commerce / XML director server appliance sa8250 - Users Guide

ManualsBrandsHP ManualsServerHP e-Commerce/XML Director sa8250

KSHFRPPHUFH

[POGLUHFWRUVHUYHU

DSSOLDQFHVD

XVHUJXLGH

Summary of content (394 pages)

PAGE 1
KS H FRPPHUFH [PO GLUHFWRU VHUYHU DSSOLDQFH VD XVHU JXLGH
PAGE 2
© Copyright 2001 Hewlett-Packard Company. All rights reserved. Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304-1185 Publication Number 5971-3003 March 2001 Disclaimer The information contained in this document is subject to change without notice. HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
PAGE 3
Contents Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Introduction to the SA8250. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Benefits of the SA8250. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Specifications . . . . . . . . . . . . . . .
PAGE 4
CONTENTS HP e-Commerce/XML Director Server Appliance SA8250 User Guide MIME Content Type Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 URL Encoded MIME Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Multipart MIME Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Document Number Specification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 5
Contents Server Status Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 HTTP Error Detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Serial Cable Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Serial Cable Failover Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Replicating the Configuration . . . . . . . . . . . .
PAGE 6
CONTENTS HP e-Commerce/XML Director Server Appliance SA8250 User Guide Balance Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 XML Service Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Deleting Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 7
Contents Ether . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Netstat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Nslookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 8
CONTENTS HP e-Commerce/XML Director Server Appliance SA8250 User Guide Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 Run-Time CLI Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Global System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Admin Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 9
Contents Prerequisites for Scenario 7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 Procedure for Scenario 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 Chapter 7: SNMP Support . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Standards Compliance . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 10
CONTENTS HP e-Commerce/XML Director Server Appliance SA8250 User Guide Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288 Using Global Site Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 11
Contents Regulatory Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337 Taiwan Class A EMI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337 VCCI Class A (Japan). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337 VCCI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338 Australia . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 12
CONTENTS HP e-Commerce/XML Director Server Appliance SA8250 User Guide Notes x
PAGE 13
Introduction Introduction to the SA8250 The HP e-Commerce/XML Director Server Appliance SA8250 provides the flexibility to classify and load balance Extensible Markup Language (XML) traffic according to content and distribute it according to user-defined parameters. The SA8250 makes it easy to use the most appropriate resources at the datacenter to handle incoming requests.
PAGE 14
CHAPTER 1 HP e-Commerce/XML Director Server Appliance SA8250 User Guide The SA8250 also provides reliable URL- and port-based load balancing, failover, and policy-based management to your eCommerce site, web site, or Intranet. The SA8250 adds the ability to look into the data beyond the URL, and is the best load balancing solution available for the reasons shown in this table.
PAGE 15
CHAPTER 1 Benefits of the SA8250 Benefits of the SA8250 This table lists the benefits of the SA8250. Benefit Description Distribute XML traffic among multiple servers according to content The SA8250 analyzes and intelligently distributes XML traffic. The SA8250 categorizes XML traffic by content according to user-crafted rules, and then distributes it among multiple servers, thus allowing network resources to be used in a manner consistent with your corporate goals.
PAGE 16
CHAPTER 1 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Benefit Description SSL acceleration and intelligent traffic management benefits Performance degrades dramatically as more customers access a site in SSL mode, frustrating the very customers who are attempting to make a purchase. The SA8250 is essential to providing high performance and superior levels of service when building reliable, scalable, and secure e-Commerce sites.
PAGE 17
CHAPTER 1 Benefits of the SA8250 Benefit Description Intelligent session recovery for secure transactions The SA8250 provides Intelligent Session Recovery technology for secure transactions. By monitoring content within the response sent back by the server, Intelligent Session Recovery detects HTTP 400, 500, or 600 series errors, transparently rolls back the session, and redirects the transaction to another server until the request is fulfilled.
PAGE 18
CHAPTER 1 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Specifications This table lists the specifications for the SA8250. Specification Description Servers supported Any Web server (Apache, Microsoft, Netscape, etc.) Most operating systems, including UNIX*, Solaris*, Windows NT*, BSD*/BSDI*, AIX*, etc. Any server hardware (SUN, HP, IBM, Compaq, SGI, etc.
PAGE 19
CHAPTER 1 Specifications Specification Description Interface connections Dual 10/100 Ethernet TTY Serial - console Failover port Transparent operation Supports single or multiple Virtual IP (VIP) addresses per domain Priority classes Application/protocol types supported: HTTP, HTTPS, FTP, NNTP, or any TCP port Patent pending XML and intelligent content routing Content: URL, file types such as *.GIF, file paths such as \ads\, and file names such as index.
PAGE 20
CHAPTER 1 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Specification Description Security features supported RSA, RC2, RC4, DES, Triple DES, IDEA, Blowfish, MD5, SHA SSL v2 and v3 for transaction security SSH for secure Command Line Interface (up to 168 bit) IP filtering Serial port logon Specifications (continued) 8
PAGE 21
CHAPTER 1 Typographic Conventions Typographic Conventions The following typographic conventions are used throughout this manual. NOTE: This is an example of a note. NOTES clarify a point, emphasize vital information, or describe options, alternatives, or shortcuts. Except for tables, notes are always found in the left margin. CAUTION: This is an example of a caution. CAUTIONS are designed to prevent possible mistakes that could result in injury or equipment damage.
PAGE 22
CHAPTER 1 HP e-Commerce/XML Director Server Appliance SA8250 User Guide • 10 Vertical Bars ( | ) separate the choices of input parameters within straight brackets. You can choose only one of the set of choices separated by vertical bars. Do not include the vertical bar in the command.
PAGE 23
Theory of Operations General Operating Principles This chapter discusses the general operating principles of the HP eCommerce/XML Director Server Appliance SA8250. For details about the complete SA8250 command set, see Chapter 5. For information about completing specific tasks, see Chapter 6.
PAGE 24
CHAPTER 2 XML Operations HP e-Commerce/XML Director Server Appliance SA8250 User Guide The SA8250 provides a powerful means of using eXtensible Markup Language (XML) technology to facilitate B2B transactions. In addition to its XML capability, the SA8250 provides Layer 4 (HOT) services, Layer 7 (RICH) services, and Secure Sockets Layer (SSL) acceleration.
PAGE 25
CHAPTER 2 XML Operations XML Expression Syntax This table lists the valid XML expression syntax for the SA8250. These are described in more detail on the following pages.
PAGE 26
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide XML Data Model For standard SA8250 operations, XML data consists of three hierarchical components or nodes: NOTE: We indented XML commands for ease of reading in this document. However, the leading spaces or tabs are not significant.
PAGE 27
CHAPTER 2 XML Operations Commands and Operators The SA8250 uses an XML Path Language (XPath) subset. XML patterns are created in the CLI or GUI using a set of commands, operators, and comparison operators with XML elements, attributes, and text components. Patterns take the form of a “path,” similar to the “expressions” used in configuring the SA8250 for HTTP parsing as described later in this chapter. NOTE: For a detailed description of XML commands, see Chapter 5.
PAGE 28
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Each element together with the operator selects a set of nodes in the XML data tree relative to a context node. This set of nodes must match the name of the element specified in a step. Every path starts with the root node as the first context node. Nodes selected in a step form the set of context nodes for the following step. You can specify an element as “*”, which selects any element relative to the context node.
PAGE 29
CHAPTER 2 XML Operations The operative component of a FilterExpression is a comparison expression or any FunctionCall expression that returns a string value, which compares either an element or an attribute against a specified value. An element in a FilterExpression refers to the child element of the context node, while an attribute refers to the attribute of the context node.
PAGE 30
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Boolean Operators Boolean operators are logical operators between expressions. These operators are used in the PathExpression and the FilterExpression: • BooleanOperator • BooleanOperator This table shows two Boolean operators.
PAGE 31
CHAPTER 2 XML Operations Function Calls A FunctionCall expression is evaluated by using the FunctionName to identify a supported function, evaluating each of the arguments if needed, and calling the function passing the required arguments. It is an error if the number of arguments is wrong or if an argument is not of the required type. The result of the FunctionCall expression is the result returned by the function. A FunctionCall can only be specified within a FilterExpression.
PAGE 32
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide This table shows function call samples.
PAGE 33
CHAPTER 2 XML Operations Values Values are used to specify the right operand of a comparison expression, and can be either a literal (such as a string) or a number. A literal has to be enclosed either in single or double quotes. If the literal string contains a single quote, double quotes should be used to enclose the string. If the literal string contains double quotes, single quotes should be used to enclose the string.
PAGE 34
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide XML Pattern Creation XML-related commands are issued at the /xmlpattern level of the CLI, below the server port level. For example: …/server/10.1.1.1/port/80/xmlpattern# create */order.asp & doc=3 & //From[id="Acme"] NOTE: Case is significant for text elements like “Acme.” Incoming text using “acme” (all lowercase) does not match, unless you use the translate() function to convert text case. where: • */order.
PAGE 35
CHAPTER 2 XML Operations XML Pattern Matching Please refer to this example XML command throughout this discussion: create */order.asp & doc=3 & //From[id="Acme"] The SA8250 attempts to find XML pattern matches in the following sequence: 1. RICH expression matches. If the RICH expression (*/order.asp) does not match, the document number and XML expression are ignored. NOTE: We recommend using the same document number in all XML patterns with the same RICH expression for a service.
PAGE 36
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide MIME Content Type Support Multipurpose Internet Mail Extension (MIME) values in the “Content-Type” HTTP header are recognized by the SA8250 and handled accordingly. This is primarily to support multipart and URL encoded messages which can contain multiple documents in the message body.
PAGE 37
CHAPTER 2 XML Operations Media Type and Subtype This table lists the recognized media type and subtypes. The media types listed are the currently defined types registered with the IANA (Internet Assigned Number Authority). The SA8250 cannot recognize all possible media subtypes, because many of them are proprietary.
PAGE 38
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide URL Encoded MIME Processing Messages with a “application/x-www-form-urlencoded” media type are URL encoded messages in a special format that contains a set of field names and values, with the values encoded.
PAGE 39
CHAPTER 2 XML Operations Multipart messages can also be nested: POST /Order.asp HTTP/1.
PAGE 40
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Content Transfer Encoding Support NOTE: The ContentTransfer-Encoding header is not an HTTP header, and can only be specified in a MIME header (in the header of an embedded body part). Message bodies can be encoded so that they do not cause any problem for some of the protocol transfer gateways, especially when sending binary data.
PAGE 41
CHAPTER 2 XML Operations XML “Well formed” errors If the SA8250 detects punctuation or syntax errors in an incoming XML data stream, it can be configured to send an error message to the sending client (the default setting), or to direct the client data to servers matching the RICH expression, effectively ignoring the incoming XML data.
PAGE 42
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Services NOTE: The sample commands used in this chapter are meant as examples only. 30 Services are the virtual resources that the SA8250 provides to network clients. Services are defined by their Virtual Internet Protocol (VIP) address and virtual port number.
PAGE 43
CHAPTER 2 Services Layer 4 (HOT) Services HOT services provide the fastest brokered performance and are available on the SA8250. HOT services are defined in full by their Virtual IP address (VIP) and port number. In HOT or “Brokered” mode, the SA8250 performs Network Address Translation (NAT) on all packets passing through the connection. NAT changes the destination IP address and port of incoming packets to those of the selected fulfillment server.
PAGE 44
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Out-of-Path Return (OPR) NOTE: OPR is not applicable to Layer 7 services. Ordinarily, the SA8250 processes all traffic in both directions between clients and the server farm. Viewing the server return traffic helps the SA8250 accurately determine server response times and handle HTTP errors. Often, the volume of data sent from the server to the client is much larger than the traffic from client to server.
PAGE 45
CHAPTER 2 Sticky Options Sticky Options Some services operate best if all requests from a specific client during a single session are directed to the same fulfillment server. For example, if the server maintains a local database of client activity or context (shopping cart, registration info, navigation history, etc.), it is important that subsequent client requests go to the server with these database records. The SA8250's “sticky” options allow this to occur.
PAGE 46
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Sticky Persistence For source-ip based sticky, the relationship between the client IP address and the fulfillment server remains in effect for the entire time the SA8250 is online or until the sticky timeout value expires. In the event of failover, the sticky relationship is lost. Cookie sticky remains in effect while the browser is running or until the sticky timeout value expires.
PAGE 47
CHAPTER 2 SSL Acceleration Server-timeout A server timeout, which causes a change in servers, can appear as a cookie sticky state change. The recommended value for server timeout is at least 1.5 times the maximum server response time. We recommend that you use 120 seconds as the default. Grouping Services NOTE: RICH is required for sticky service grouping. The SA8250’s sticky capabilities can ensure that all service requests from the same user are routed to the same server.
PAGE 48
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide SSL Fundamentals SSL involves an interchange of keys used both to authenticate the parties and to provide information to securely encrypt confidential data. The keys distributed in this medium are “one way,” or asymmetric. That is, they can only be used to encrypt confidential data, and only the “owner” of the public key can decrypt the data once it is encrypted using the public key information.
PAGE 49
CHAPTER 2 SSL Fundamentals The SA8250 places encryption processing on the network side, thus eliminating the need for processing on the servers. The servers never see any of the SSL connection dialogue or the encrypted data. This removes a substantial processing load from the servers allowing improved response times and greater availability of system resources. Server Server ed Tr af fic Server En cr yp t 1. 2. 3. 4. 5.
PAGE 50
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Application Message Traffic Management The SA8250 was developed to perform load balancing in SSL environments. The SA8250 allows users to load balance based on application content (Layer 7, or RICH mode), as well as server address and port (Layer 4, or HOT mode). SSL management is handled independently of RICH mode processing.
PAGE 51
CHAPTER 2 SSL Fundamentals Fulfillment of each virtual service is load balanced across a number of real servers depending on the load balancing algorithm chosen.
PAGE 52
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide HTTP Header Option Fields The SA8250 can make the IP address of a requesting client available to a fulfillment server by constructing a custom HTTP header option, with the client’s IP as the value: HP_SOURCE_IP: SSL-related HTTP header option fields are only used by the SA8250 with any SSL service.
PAGE 53
CHAPTER 2 Load Balancing Across Multiple Servers Load Balancing Across Multiple Servers Balancing Algorithms The SA8250 provides a choice of load balancing algorithms. Services can be separately configured to load balance using a roundrobin or a response time algorithm. In most networks, the best performance results from use of the response time algorithm. Under this algorithm, the SA8250 measures the response time of each request to each server in the server farm.
PAGE 54
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Primary and Backup Servers Each server is identified as either a Primary or Backup for a given service. Primary servers are always considered first for request fulfillment. By default, Backup servers are considered for use only if a primary server goes down, though they can optionally be configured for use to maintain target response times.
PAGE 55
CHAPTER 2 Server Configuration Options Multi-hop Source Address Preservation It is possible in sophisticated network topologies to require requests to pass through two SA8250s. In such configurations, the SA8250 topologically closest to the clients must be configured with the Multihop Source Address Preservation (MSAP) feature enabled. MSAP allows requests to pass through two cascaded SA8250s in different geographical areas.
PAGE 56
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide RICH expressions in XML patterns Layer 7 RICH_HTTP service configurations use rich expressions to assign particular classes of URLs to particular servers for fulfillment. RICH expressions are used, for example, to distinguish content requested by clients performing online transactions, from content typically requested by casual browsers.
PAGE 57
CHAPTER 2 Server Configuration Options Order of RICH expressions When using expressions in Layer 7 (RICH) operations, the order of expressions is significant only when the not (!) operator is used. Expressions are described in this table. Expression Yields !*.gif All non-GIF files *.jpg All JPG files !/home/* No matches Order of Expressions Three rules for expressions: • The “*” and “!” are allowed in RICH expressions, but they can only exist at the beginning or end of the expression.
PAGE 58
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Routing with Dual Interfaces Because the SA8250 has two network interfaces, it can act as a router in some contexts. This means that it can route between two subnets. To do this, you must designate the SA8250 as the default gateway for your fulfillment servers. Routes to the inside subnet are not advertised to the outside router, but host routes are advertised to the VIPs.
PAGE 59
CHAPTER 2 Prioritization and Policy Groups This figure shows an example of the SA8250 routing topology. %URNHUHG 6XEQHW 5RXWHU ³2XWVLGH´ 5RXWHU 6HUYHU VLGH 6XEQHW 6$ 6HUYHU +XE RU 6ZLWFK 6HUYHU ³,QVLGH´ +XE RU 6ZLWFK 6HUYHU SA8250 Routing Topology Prioritization and Policy Groups Policy groups are containers used to organize services. Service prioritization uses policy group information to make decisions about which services should get more or less server resources.
PAGE 60
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Server 1: HTTP SA8250 Server 2: HTTPS Server 3: HTTP/HTTPS VIP: 10.2.2.4 HTTPS: 10 ms HTTP: 10 ms Target Response Time Satisfied For example, the services HTTP and HTTPS are both assigned to a single policy group. HTTPS is designated the highest priority service, and HTTP the second priority.
PAGE 61
CHAPTER 2 Prioritization and Policy Groups Server 1: HTTP SA8250 Server 2: HTTPS Server 3: HTTP VIP: 10.2.2.4 HTTPS: 12 ms HTTP: 10 ms Target Response Time Exceeded Upon noticing a break in the target response time threshold, the SA8250 scans the policy group’s active service and server pools for shared resources. In this example, both the HTTP and HTTPS services use Server 3.
PAGE 62
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Routing Method for VIP Addresses After setting up a service, you must configure the SA8250 to route the VIP address to the Internet. There are two possibilities: • In single SA8250 installations, “Standalone” mode is preferred as it allows the VIP to be ARP-accessible from the router. • If there are multiple address spaces (such as a SA8250 on the 10.x.x.x network and a VIP on the 209.x.x.
PAGE 63
CHAPTER 2 Error Detection Error Detection The SA8250 is capable of recognizing and reacting to server error conditions, detecting non-responsive (comatose) servers, and directing traffic to alternate resources until the server is back in operation. The SA8250 can also capture many HTTP errors before they reach the client, and redirect the request to an alternate server. Server Status Detection The SA8250 uses multiple means to monitor the status of the fulfillment servers.
PAGE 64
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide The dup-syn command uses the following syntax: config policygroup service dup-syn HTTP Error Detection The SA8250 offers HTTP error detection for RICH services. When HTTP error detection is enabled, the SA8250 scans the headers of server responses for errors. If an HTTP error is found, the original request is rerouted to another server for fulfillment, transparently to the client.
PAGE 65
CHAPTER 2 Serial Cable Failover NOTE: DHCP is not available when serial cable failover is enabled. NOTE: You can log on to the Backup SA8250, but the full command set is not available.
PAGE 66
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide NOTE: The Online IP Address is the address used by the SA8250 that is currently accepting connections — this can be either the Primary or the Backup SA8250 (though it is typically the Primary). The Online IP Address is the address by which you can access the Online SA8250 using telnet for administration. 4.
PAGE 67
CHAPTER 2 Serial Cable Failover 5. Save the Primary configuration. monitor>save List of currently saved configuration files(s). You may save over an existing configuration file or enter a new name. File name ---------active.cfg backup.cfg cris.cfg ‘active.cfg’ is the last booted configuration. Enter configuration file name (- to cancel): [active.cfg] ---> Configuration has been saved. 6. Boot the SA8250. monitor>boot Do you really want to continue boot? [y] ---> Boot which configuration? [active.
PAGE 68
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Configure the Backup SA8250 1. Reboot the SA8250 that will be the Secondary and press a key at the prompt to enter the Boot Monitor. 2. At the prompt, type this command: monitor>failover 3. Follow these prompts: Specify failover method (disabled, serial, route) [ ] --->s Checking for failover unit... Failover unit detected -------------------------Version : 2.3 Type : PRIMARY State : ONLINE Name : online13 IP : 13.1.1.
PAGE 69
CHAPTER 2 Serial Cable Failover 5. Boot the SA8250. monitor>boot ... current configuration ... ... list of saved configuration files ... Boot configuration file name? [active.cfg] ---> Do you really want to boot ‘active.cfg’? [y] ---> Please stand by, the system is being booted. Replicating the Configuration The active configuration is replicated upon changes to the Backup SA8250 from the Primary.
PAGE 70
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide The status appears on the last line of the info command’s output. A description of the status message is shown in this table. Failover Status Message Description The broker is ONLINE, and serial failover is NONE (disabled). One of the SA8250s is configured for either “none” or “route” failover. The broker is PRIMARY and ONLINE, the remote's serial failover is NONE (disabled).
PAGE 71
CHAPTER 2 NOTE: The notation, PRIMARY/BACKUP indicates that either “PRIMARY” or “BACKUP” will be displayed. Serial Cable Failover The Failover Status messages in this table are not specific to the Primary or Backup SA8250s. Failover Status Message Description The broker is PRIMARY/ BACKUP and WAITING_FOR_SYNC One of the SA8250s has been restarted. This status persists while the configuration files are loaded from the online SA8250.
PAGE 72
CHAPTER 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Notes 60
PAGE 73
Boot Monitor Using the Boot Monitor CAUTION: After configuring the SA8250 with the Boot Monitor, you must enable Autoboot with the autoboot command or the SA8250 will not operate. The HP e-Commerce/XML Director Server Appliance SA8250’s Boot Monitor configures boot options and manage boot configuration files. Typically, you will use the Boot Monitor only during the initial configuration or after major reconfigurations, if the latter becomes necessary.
PAGE 74
CHAPTER 3 HP e-Commerce/XML Director Server Appliance SA8250 User Guide System Requirements Accessing the Boot Monitor You can use any terminal or workstation with a terminal emulator to run Boot Monitor, provided the terminal has the following features: • 9600 bits per second, 8 data bits, 1 stop bit no parity, no flow control (9600-8-N-1) • A terminal emulation program, such as HyperTerminal* • Cable and connector to match the male DTE connector (DB-9) You can access the Boot Monitor in either o
PAGE 75
CHAPTER 3 Using the Boot Monitor Boot Monitor Commands autoboot This section lists and describes all Boot Monitor commands available on the SA8250. Enables or disables the Autoboot function. If Autoboot is enabled (the default), the SA8250 prompts you to press a key during restart to enter the Boot Monitor command line interface. If you ignore the prompt, restart finishes with the SA8250 in normal operating mode. If Autoboot is disabled, the restart sequence ends by displaying the Boot Monitor interface.
PAGE 76
CHAPTER 3 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Default Gateway: 10.6.3.1 Domain: None Primary name server: None DHCP: Disabled Failover mode: Disabled Network NIC setup: Auto Server NIC setup: Auto NTP: Disabled Autoboot: Disabled Static Routes: None RICH_Biased: Enabled Do you really want to boot active.cfg? [y] ---> 2. To boot to the normal operational prompt, type y. 3. To return to the monitor> prompt, type n.
PAGE 77
CHAPTER 3 Using the Boot Monitor Service side NIC: IP Address 10.6.5.21 Netmask: 255.255.255.0 MAC address: 0:d0:b7:6:c1:85 ------------Default Gateway: 10.6.3.1 Domain: None Primary name server: None DHCP: Disabled Failover mode: Disabled Network NIC setup: Auto Server NIC setup: Auto NTP: Disabled Autoboot: Disabled Static Routes: None RICH_Biased: Enabled The configuration has changed, save it? [y] ---> First Options: 1.
PAGE 78
CHAPTER 3 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Second Options: 1. If you choose not to save the modified file, the system displays a warning that it is reverting to the previously booted configuration: Warning: The current configuration has NOT been saved and will not be booted. Reverting to last saved active.cfg. 2. If there are no additional saved configurations then the system prompts you to confirm that want to boot the last saved configuration, which will always be active.
PAGE 79
CHAPTER 3 Using the Boot Monitor delete Deletes the specified configuration file. Example: monitor>delete Select a configuration to delete from the following files. Note: You cannot delete the active configuration file active.cfg. File name -------------active.cfg backup.cfg cris.cfg ‘active.cfg’ is the last booted configuration. Enter the configuration filename to delete: --->broker1.cfg broker1.cfg successfully deleted. dhcp Enables or disables the SA8250’s use of DHCP.
PAGE 80
CHAPTER 3 HP e-Commerce/XML Director Server Appliance SA8250 User Guide dns Sets the domain and (optionally) nameserver(s). The system prompts you for the required information. Example: monitor> dns Would you like to configure DNS (yes, no)? [no] ---> monitor>dns Would you like to configure DNS (yes, no)? [no] --->yes Enter Domain name (‘-’ to cancel) --->mydomain.com Enter the IP Address of the Primary name server (‘-’ to cancel) --->10.6.3.5 Specify additional name server ( to end ) --->10.6.
PAGE 81
CHAPTER 3 factory_reset NOTE: The first boot after a factory_reset command or a new installation will prompt you for the root password. Also, the factory_reset command does not delete saved configuration files. Using the Boot Monitor Resets the SA8250 to its factory defaults, as listed in this table.
PAGE 82
CHAPTER 3 HP e-Commerce/XML Director Server Appliance SA8250 User Guide failover Sets the SA8250’s failover method. Three failover options are available: • disabled: no failover method will be used • serial: serial cable failover will be used • route: router failover will be used Example: monitor>failover Specify failover method (disabled, serial, route): [disabled] --->serial Checking for failover unit... Failover unit not detected or may not be configured.
PAGE 83
CHAPTER 3 Using the Boot Monitor host Sets the SA8250’s host name. Example: monitor>host Enter the hostname you would like to assign to the Network NIC: --->CSLab7k info interface Displays the current boot configuration. Configures Ethernet port parameters (replaces the nic command). Compatibility with some older switches, hubs, or routers, may require that you manually specify the Ethernet speed and duplex mode of the SA8250's network interface card.
PAGE 84
CHAPTER 3 HP e-Commerce/XML Director Server Appliance SA8250 User Guide load Loads a previously saved configuration file into memory. Example: monitor>load Select a configuration file to load from the following files. File name -------------active.cfg backup.cfg cris.cfg ‘active.cfg’ is the last booted configuration. Enter the configuration filename to load (- to cancel): [active.cfg] ---> Configuration loaded: active.cfg netmask Sets the netmask. Example: monitor>netmask Enter Netmask for [255.255.
PAGE 85
CHAPTER 3 Using the Boot Monitor save Saves the current configuration. Changes made during the current Boot Monitor session are lost unless you use the save command. Example: monitor>save List of currently saved configuration file(s). You may save over an existing configuration file or enter a new name. File name ------------active.cfg bckup.cfg cris.cfg ‘active.cfg’ is the last booted configuration. Enter configuration file name (- to cancel): [active.
PAGE 86
CHAPTER 3 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Select a TIMEZONE from the ‘GMT’ list.
PAGE 87
CHAPTER 3 Using the Boot Monitor Selected TIMEZONE ‘Eastern’ The current time is now: Sat Oct 28 23:59:42 2000 Enter the year (YYYY): [2000]---> Enter the month(MM): [10]---> Enter the day (DD): [28]--->29 Enter the hour (HH): [23]--->01 Enter the minute (MM): [59]-->57 Enter the seconds (SS): [39]---> Sun Oct 29 01:57:39 EDT 2000 Example 3, without NTP (manual setting): NOTE: Example 3 is for setting the time using any timezone OTHER THAN GMT or US.
PAGE 88
CHAPTER 3 HP e-Commerce/XML Director Server Appliance SA8250 User Guide setup Starts the SA8250’s setup procedure. The system displays prompts for all inputs necessary to initialize it. Example: monitor>setup Enable dual NIC operation(yes,no)? [no] ---> yes Autoconfigure the Network side NIC speed and duplex? (yes,no)? [yes] ---> Autoconfigure the Server side NIC speed and duplex? (yes,no)? [yes] ---> DHCP is disabled for dual NIC operation.
PAGE 89
CHAPTER 3 static_routes Using the Boot Monitor Deletes and adds any number of static IP routes. Shows the current static IP routes (if any) when the function is entered. You are prompted for the destination and gateway IP addresses. The info command will show any static IP routes that are known to the Boot Monitor, and factory_reset will remove all static IP routes as part of its cleanup. Example: monitor>static_routes Static Route information. Enter Static route (1) dest quit): --->10.7.16.
PAGE 90
CHAPTER 3 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Notes 78
PAGE 91
Graphical User Interface Before You Begin NOTE: Some functions and features, such as expressions, are not available in the GUI. The HP e-Commerce/XML Director Server Appliance SA8250 has features and functions that are controlled through either the browserbased Graphical User Interface (GUI), as discussed in this chapter, or the Command Line Interface (CLI), as discussed in chapter 5.
PAGE 92
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Logon Screen To access the various GUI services available to you on the SA8250, you must first log on to the system as described in this section. Logging on to the GUI NOTE: If Internet Explorer* 5.01 is your browser, you must add a trailing slash (/) to the URL, as shown in step (2). Also, the default GUI port (1095) can be changed. For details, see “GUI Tab” later in this chapter. 1. Launch your browser. 2.
PAGE 93
CHAPTER 4 NOTE: The factory default for both the user name and password is admin (lowercase required). To change them, see “Users Tab” later in this chapter. Logon Screen 4. In the space provided, type your User name. 5. In the space provided, type your Password. 6. Click Logon. The Topology screen displays, as shown on the next page. The number of server icons varies, depending upon your network configuration.
PAGE 94
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Topology Screen Topology Screen Using the Topology Screen 82 Purposes of the Topology Screen • Displays a graphical representation of the current topological relationships between the SA8250 and network servers. The SA8250’s status and Serial Cable failover, if configured, are also reflected here. • Serves as a gateway to the Administration and Policy Manager screens, and the Configuration and Tools screens.
PAGE 95
CHAPTER 4 Topology Screen Topology Screen Toolbar Located at the top left of the window, the toolbar’s buttons are described below. Back Administration Configuration Policy Manager Tools Log File Statistics Topology Screen Toolbar • Back returns you to the previous screen. From the Topology screen, this will log you off the system and return you to the logon screen.
PAGE 96
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Topology Screen Elements This figure shows how the SA8250 is represented onscreen by a horizontal "rack unit" icon. SA8250 Icon • Right-clicking on the SA8250 icon displays a popup menu that can take you to other screens. • Double-clicking the SA8250 icon takes you to the Policy Management screen by default, but this can be changed in the Administration screen later in this chapter.
PAGE 97
CHAPTER 4 Topology Screen Window Controls To resize the Topology screen elements, click and drag the slider control located in the upper right hand corner of the screen. Slider Control • Moving the slider control to the far right, as shown in the figure above, for the largest display. • Moving the slider control to the far left results in the smallest display.
PAGE 98
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Policy Manager Screen When you double-click a SA8250 icon in the Topology screen (or right-click and select Policy Management), the Policy Manager screen displays. Policy Manager Screen The Policy Manager consists of a series of screens with multiple tabs that includes the controls used in the implementation of Policies.
PAGE 99
CHAPTER 4 Policy Manager Controls and Displays Policy Manager Screen The Policy Manager screen contains two main regions: • Policies, on the left side of the Policy Manager screen • Details, on the right side of the Policy Manager screen You can adjust the relative sizes of the Policies and Details displays by clicking and dragging the vertical line between the panels. The Policies display includes existing Policy Groups, Services, and Servers, reflecting the previously mentioned hierarchy.
PAGE 100
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Policy Manager’s Pop-up Menu You can display the Policy Manager’s pop-up menu by right-clicking in the Policies display. Display Commands Sort Commands Create/ Delete Commands Policy Manager’s Pop-up Menu Policy Groups Services are virtual resources provided to a client. However, Services can exist only in the context of Policy Groups. Policy Groups are regarded as containers used to organize Services.
PAGE 101
CHAPTER 4 Policy Manager Screen Creating Policy Groups You can create Policy Groups in either of two ways: 1. In the left of the Policy Manager toolbar, click New Policy Group, or 2. Right-click to display the menu, then select the New Policy Group command. A new Policy Group icon and the Detail screen displays in the Policies. Adding a New Policy Group 3. In the Policy Group Name field, type a name for the new Policy Group.
PAGE 102
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Throttling When throttling is enabled, requests to eligible servers in lowerpriority services are stopped until response times of higher priority services are met, or all eligible servers have been throttled. An eligible server is one that is shared by both higher and lower priority services. Throttling affects all services within a Policy Group. To enable or disable throttling for the selected Policy Group, follow these steps: 1.
PAGE 103
CHAPTER 4 Services Policy Manager Screen Once a Policy Group exists, you can create Services. Creating Services To create a Service, follow these steps: 1. In the Policies display, click to select a Policy Group. 2. In the Policy Manager toolbar, click New Service, or right-click in the Policies display and select New Service from the pop-up menu. The Service Details tab displays in the Details for the service.
PAGE 104
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide NOTE: The VIP/port combination must be unique. 6. In the Port field, type a port number. This is the listening port for incoming connections, and you can select port numbers between 1 and 65535. 7. When you have finished filling in the fields in the Service Details tab, click Apply. The Policies display now reflects the name of the new Service below the name of the Policy Group from which it was created.
PAGE 105
CHAPTER 4 Policy Manager Screen Control or Display Description Sticky Mode The SA8250 is configured to maintain a session’s state so that serial requests from a single client are allocated to the same server. This is called a "sticky" port. This setting may be disabled, based on Source IP, or based on a Cookie: Source IP: Source IP sticky mode uses the client’s source IP address to identify a series of requests to be directed to a single server.
PAGE 106
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Balance Strategy HOT Services are assigned server resources according to either of two Balance Algorithms. 1. Click the Balance Strategy tab of the Service Details screen to display the Balance Algorithm controls. Service Balance Strategy Tab Two Balance Algorithms are available: • Response Time: Requests for a Service using the Response Time algorithm are forwarded to the server that can fulfill them within the shortest time.
PAGE 107
CHAPTER 4 Policy Manager Screen XML Service Tab This screen controls how the SA8250 reacts to incorrect syntax or punctuation errors it detects in the incoming client data. 1. Click the XML tab of the Service Details screen. XML Services Tab 2. To enable the client error messages (HTTP 403, “POST data was not well formed”), check the Return “Well Formed” Errors to User checkbox. This is the default setting. 3. To disable this feature, uncheck the Return “Well Formed” Errors to User checkbox.
PAGE 108
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Deleting Services To delete a Service: 1. In the Tree, click select the name of the Service to delete. 2. In the Policy Manager toolbar, click Delete, or right-click to display the menu and click the Delete Selected Item command.
PAGE 109
CHAPTER 4 Servers Policy Manager Screen After you create Services, you must designate, or "create" Servers to fulfill client requests for Services. As Services must exist within Policy Groups, a Server (for example, a fulfillment host) must be mapped to a Service. To create Servers, follow these steps: 1. In the Policies tree, click an existing Service. 2. In the Policy Manager toolbar, click Create Server, or right-click in the Policies display and click New Server from the pop-up menu.
PAGE 110
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide 5. From the drop down menu, click to select the desired Type: NOTE: OPR cannot be used in conjunction with Services of type RICH_HTTP. • Primary: Primary servers are immediately available to accept client requests forwarded from the SA8250.
PAGE 111
CHAPTER 4 Policy Manager Screen XML Server Tab This screen defines the RICH and XML expressions that the SA8250 will look for in the incoming client data. For more details on XML expressions, see Chapter 2. Programming RICH and XML expressions To program the RICH and XML expressions, follow these steps: 1. From the Server Details screen, click the XML tab. This figure shows the XML Server Tab display. 1. Type the Layer 7 (RICH) expression here 2. Type the optional document number here 3.
PAGE 112
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide NOTE: If the RICH Expression field is blank, XML expressions will be ignored. If desired, you can type an asterisk (*) as a wildcard in the RICH Expression field to accept all RICH expressions Also, you cannot use the vertical bar ( | ) or the carat (^) in XML expressions. 2. In the RICH Expression field, type a valid RICH expression. 3.
PAGE 113
CHAPTER 4 Policy Manager Screen XML Syntax Checking The SA8250 includes a syntax checker to ensure that XML expressions you type are understood by the system. If your syntax is incorrect, as in the case of a missing double quote (“) or an incorrect document number, an error message is displayed. GUI XML Syntax Error Window The error message will tell you the location of the first error. In the figure above, a closing double quote was missing in the second character position of an XML expression.
PAGE 114
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Administration Screen The Administration Screen is a set of ten tabs containing the functions used to manage the SA8250. Each tab includes controls and displays related to a specific category of administration tasks. Administration Screen — Settings Tab Settings Tab The Settings tab includes controls used to set the following: • 102 System ID: Edit this field to set the unit identifier.
PAGE 115
CHAPTER 4 Administration Screen • Server Verification Interval: Edit this field to change the interval in seconds at which servers are "pinged" to verify they are available and able to handle traffic requests. For more details, see Chapter 5. The valid range for this field is 0 to 99999. A value of 0 disables IRV.
PAGE 116
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Administration Screen — Software Tab (System Software View) System Software The SA8250 provides sufficient local storage for five software images (though at any time, only one image is active and executing.
PAGE 117
CHAPTER 4 Administration Screen Agent Software The SA8250 can interface with other HP Server Appliances by using Agent Software images. The SA8250 provides sufficient local storage for at least five Agent software images (though at any time, only one image is enabled).
PAGE 118
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Specifying the Active System Software Image To change the active system image: 1. Click System Software. 2. In the System Software box, click the image you want to activate. 3. Click Boot. The SA8250 warns you that it will reboot. Boot Warning Window NOTE: You can also perform a soft reboot of the SA8250 by selecting the currently active software image and clicking Boot. 4. Click Yes.
PAGE 119
CHAPTER 4 Administration Screen Installing Software Images You can download and install new system and agent software images for the SA8250 using the controls in the Update Software box at the bottom of the Software tab. Downloading a System Software Update NOTE: A key is not required to obtain Agent Software. 1. To download the new image, contact HP Customer Support or your System Administrator to obtain the URL, Key, User, and Password information.
PAGE 120
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide 4. Click Yes. If you selected Agent Software, you are prompted to confirm the deletion. Delete Image Confirmation (Agent View) 5. Click Yes.
PAGE 121
CHAPTER 4 Users Tab Administration Screen The Users tab contains controls and displays allowing you to perform the following tasks: • Add users • Modify user permissions and passwords • Delete users • View the user names and permissions of all authorized users • View the user names and permissions of all users currently logged on • Promote your permissions level • Log off all other users currently logged on Administration Screen — Users Tab List of All Users The Add/Delete Users box contain
PAGE 122
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Adding Users To add a user: 1. In the User Name field, type the new user’s User Name. 2. In the Password field, type the new user’s password. 3. In the Confirm Password field, re-enter the password. 4. In the User Permissions box, select the appropriate permission level: Read-only, Read-write, Read-write-all. Users with Readwrite-all permissions can add, modify, and delete other user logon entries. 5. Click Add. 6.
PAGE 123
CHAPTER 4 Administration Screen Demotion and Promotion of Your Permissions NOTE: Use Promote with care. If you promote your permissions, be aware that conflicts may arise among multiple users who have ReadWrite-All permission. For example, administrative changes you make may be overwritten by another user.
PAGE 124
CHAPTER 4 Routing Tab HP e-Commerce/XML Director Server Appliance SA8250 User Guide The Administration screen’s Routing tab manages the following: • System Role • Active Routing Protocol • OSPF Protocol • RIP Protocol The Administration Screen’s Routing Tab 112
PAGE 125
CHAPTER 4 Administration Screen System Role The choice of System Role (or simply "role") depends in part on your network’s topology and on the number of SA8250s installed. A single SA8250’s role must be "Standalone." If two SA8250s are employed, and you intend to use serial cable failover you must designate both SA8250s as "standalone." If two SA8250s are employed, and you intend to use Router Failover, one must be designated as the "Primary" and the other as the "Backup.
PAGE 126
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide OSPF Protocol NOTE: Unless the config route protocol command is set to ospf, OSPF protocol is not active. For more information, see Chapter 5. NOTE: The Router Dead value must be at least four times the Hello interval. The Router tab’s OSPF Protocol box specifies the following values: • OSPF Area: This value must be set to the same OSPF area as the ingress router to which the SA8250 is talking.
PAGE 127
CHAPTER 4 Security Tab Administration Screen The security screen implements IP Packet Forwarding (IPFW) security policies. Three modes are available: • Closed mode disables all remote administration capabilities. • Open mode enables all remote administration capabilities, SA9200 agent traffic, and IP Forwarding. • Custom mode specifies filtering of traffic based on traffic port and source IP address.
PAGE 128
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Source IP Filtering The Security Tab’s Source IP dialog box filters administration access by source IP address. This dialog box contains a pair of buttons and combo box. To allow any IP address to perform administrative tasks, click Allow Any. To filter by source IP, click Allow List and type the IP addresses and/or subnets allowed administrative access into the IP Addresses/Subnets list.
PAGE 129
CHAPTER 4 GUI Tab Administration Screen The GUI tab configures the following aspects of the SA8250’s Graphical User Interface (GUI): • Server port on which the GUI is accessible from the browser • Response Timeout Value • Choice of result from double-clicking the SA8250 icon in the Topology Screen • Choice of result from double-clicking the Server icon in the Topology Screen The Administration Screen’s GUI Tab NOTE: After changing this setting your browser disconnects.
PAGE 130
CHAPTER 4 118 HP e-Commerce/XML Director Server Appliance SA8250 User Guide • The Broker Response timeout (sec): This field specifies, in seconds, the time the GUI will wait for a response from the SA8250 before timing out. This value must be an integer between 0 and 120. A value of 0 disables timeout. The default value is 30. • The Double-click Broker topology icon displays: The drop down menu specifies the destination within the GUI after doubleclicking a SA8250 icon in the topology screen.
PAGE 131
CHAPTER 4 CLI Tab Administration Screen The CLI tab configures the following aspects of the SA8250’s Command Line Interface: • SSH Port • Telnet Port • Telnet Sessions • Timeout • Prompt • Login Attempts • Enable "more" for screen paging • Lines per screen The Administration Screen’s CLI Tab • The CLI (SSH) Port field specifies the secure telnet port on which the CLI runs. Valid ports are port 22 (the default) or any unused port between 1024 and 65535.
PAGE 132
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide • The CLI (telnet) Port field specifies the standard (unencrypted) telnet port on which the CLI runs. Valid ports are port 23 (the default) or any port between 1024 and 65535. • The Telnet Sessions field specifies the maximum number of concurrent inbound remote CLI logon sessions allowed. This value must be an integer between 1 and 8. The default is 3.
PAGE 133
CHAPTER 4 SNMP Tab Administration Screen The SNMP tab includes controls for the SA8250’s Simple Network Management Protocol (SNMP) agent. Administration Screen’s SNMP Tab SNMP Agent The SNMP agent allows network management applications to monitor and retrieve the SA8250’s status and statistics via SNMP. NOTE: Ensure that the SA8250’s IP Filtering security mechanism allows IP access to SNMP, otherwise SNMP requests will not pass through the filter.
PAGE 134
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide • System Location: corresponds to the MIB variable sysLocation in MIB-II. System Location (sysLocation) is the physical location of this SA8250. By default, sysLocation is NULL. • System Contact: corresponds to the MIB variable sysContact in MIB-II. System Contact (sysContact) is the name of the administrator of this SA8250. By default, sysContact is NULL. • System Name: corresponds to the MIB variable sysName in MIB-II.
PAGE 135
CHAPTER 4 Multi-Site Tab Administration Screen This tab contains controls for setting the port that communicates with the HP Multi-Site Traffic Director Server Appliance SA9200. Administration Screen Multi-Site Tab To specify the Multi-Site Agent’s port: 1. In the Agent Port field, type that port number. Valid range is from 1 to 65535, and 1999 is the default. We recommend using ports 1024 and higher. 2. Click Apply.
PAGE 136
CHAPTER 4 Logging Tab HP e-Commerce/XML Director Server Appliance SA8250 User Guide The Logging tab specifies (or filters) the kinds of information written to the SA8250’s log file. This file records operational events for troubleshooting information. You can enable or disable the logging of specific types of information, and specify the log file size. Administration Screen’s Logging Tab Specifying System Log Parameters 1.
PAGE 137
CHAPTER 4 Administration Screen Viewing the Log File 1. To view the log file, click View Log. The System Log File displays. The Logging Tab’s File Contents Window The File Contents window’s Actions menu contains two items: • Filter • Mail To...
PAGE 138
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide The Log File Filter dialog box filters the view of the log displayed in the File Contents window. Log File Filter Window 1. Select or clear the appropriate check boxes to specify the types or categories of messages you want to display. 2. Click Apply, or Cancel to abort. Use the Mail Log File dialog box to email the contents of the log file. Log Mail To Window 1.
PAGE 139
CHAPTER 4 Configuration Screen Configuration Screen The Configuration screen saves, restores, sends, and receives SA8250 configuration information in individual ASCII files. You can save configuration files on the SA8250 and send them to a remote TFTP server or retrieve them. The Configuration screen also has a provision for restoring the factory default configuration. Configuration Screen Saving Configuration Files To save the SA8250’s current configuration to a file: 1.
PAGE 140
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Restoring Configuration Files To restore a configuration file: 1. In the Saved Configurations list, click the name of the file you wish to restore. 2. Click Restore. The system prompts you to confirm the operation. NOTE: Username commands are not valid in configuration files. The save config and restore config operations do not include username data. Use the Administration Screen’s Users Tab to specify users.
PAGE 141
CHAPTER 4 Copying Configuration Files Configuration Screen To copy an existing configuration file under a new name: 1. In the Saved Configurations list, click the name of the file you wish to copy. 2. Click Copy. The system prompts you for a file name. Copy New Filename Window Valid characters are letters, digits, (-), (_), and (.). File names cannot begin with the (.) character. 3. To complete the operation, click OK, or Cancel to abort.
PAGE 142
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Viewing Configuration Files To prevent certificates and keys from being displayed or transmitted as plain text across the network, the View Configuration File function has been disabled. 1. In the Saved Configurations list, click the name of the file whose contents you want to view. 2. Click View>>.
PAGE 143
CHAPTER 4 Resetting the Factory Configuration Configuration Screen This command resets the SA8250 to its original factory configuration. Reset deletes all policy groups, services, and servers. Original factory settings are listed in this table. Type Parameter Default Setting Route Role Standalone Protocol None OSPF-area Backbone Hello interval 10 seconds Dead interval 40 seconds RIP version 2.
PAGE 144
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Type Parameter Default Setting GUI broker-action 0 (Policy Manager) server-action 1 (Statistics) acl Cleared custom access-control Disabled custom forwarding Disabled custom ssh Enabled custom telnet Disabled custom gui Disabled custom snmp Disabled security mode Closed Security Factory Configuration (continued) To restore the factory default configuration: 1. Click Reset.
PAGE 145
CHAPTER 4 Sending and Retrieving Configuration Files Configuration Screen By default, configuration files are saved on the SA8250 itself. You can also send them to and retrieve them from remote TFTP servers. To send a configuration file to a remote TFTP server: 1. In the Saved Configurations list, click the name of the file you want to send. 2. In the Send/Receive Configuration box, click Put. 3. In the tftp Host field, type the name of the host where you will send the file. 4.
PAGE 146
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Tools Screen The SA8250’s Tools screen provides the following network diagnostic tools for your convenience: • ARP • Ether • Ping • Netstat • Nslookup • Reboot • Trace • Traceroute Tools Screen (defaults to ARP) 134
PAGE 147
CHAPTER 4 ARP Tools Screen Displays the SA8250’s Address Resolution Protocol (ARP) table. To use the command: 1. From the Command menu, click arp. 2. Click Run. After a few seconds, the ARP information displays in the Results window. ARP Results 3. To clear the Results window, click Clear.
PAGE 148
CHAPTER 4 Ether HP e-Commerce/XML Director Server Appliance SA8250 User Guide Displays the Ethernet interface values. To use the command: 1. From the Command menu, click ether. 2. Click Run. The Ethernet interface information displays in the Results window. Ether Results 3. To clear the Results window, click Clear.
PAGE 149
CHAPTER 4 Ping Tools Screen Ping tests the network connection to another networking device by sending five ICMP packets from the SA8250 to the target device, which if it receives them, sends a reply. When the SA8250 receives the reply, it displays a message reflecting the response time from the target device. If the SA8250 receives no reply, it displays a message indicating that the target device is not responding. To "ping" a network device: 1. From the Command menu, click ping. 2.
PAGE 150
CHAPTER 4 Netstat HP e-Commerce/XML Director Server Appliance SA8250 User Guide Displays the SA8250’s routing tables. To use the command: 1. From the Command menu, click netstat. 2. (Optional) In the Parameter field, type any parameter from the options/variables in this table.
PAGE 151
CHAPTER 4 Tools Screen Netstat -is Results 4. To clear the Results window, click Clear.
PAGE 152
CHAPTER 4 Nslookup HP e-Commerce/XML Director Server Appliance SA8250 User Guide Identifies the IP address of a given host, or the host name of a given IP address. You can use this tool to determine whether the SA8250 can resolve a host name or address, or to get the IP address of a machine of which you know only the host name. To use the command: 1. From the Command menu, click nslookup. 2. In the Parameters field, type the host name or IP address of the target device. 3. Click Run.
PAGE 153
CHAPTER 4 Reboot Tools Screen The Reboot command reboots the SA8250. This command requires no parameters, and when executed prompts for confirmation. Reboot Confirmation 1. To reboot click Yes, or No to abort. As the SA8250 reboots, it prompts you to close your browser window. Reboot Notification 2. Close all browser windows to ensure that your browser uses the newly activated administration application. 3.
PAGE 154
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Trace The trace command captures traffic on a network that matches the given expression. The trace output can be helpful for troubleshooting network problems. NOTE: By default, trace will automatically exit after 60 seconds. If the GUI is configured for a shorter timeout, the trace information may be lost. For more details, see “GUI Tab” in this chapter.
PAGE 155
CHAPTER 4 Tools Screen Switch Description -a Attempt to use the DNS to convert address to names -c Exit after receiving packets -D The TFTP path directory information. Required parameter. -e Print the link-level header on each dump line -f Print “foreign” Internet addresses numerically, rather than symbolically -F The filter expression file. If this file does not exist on the SA8250, it is TFTPed from the TFTP host (see the -D and -H options).
PAGE 156
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Switch Description -T Force packets selected by to be interpreted as the specified -v Slightly more verbose output -vv Even more verbose output -w The trace output file. Required parameter.
PAGE 157
CHAPTER 4 Tools Screen Expression Evaluation dst host True if the IP destination field of the packet is src host True if the IP source field of the packet is host True if either the IP source or destination field of the packet is ether dst True if the ethernet destination address is ether src True if the ethernet source address is ether host True if either the ethernet source or destination address is g
PAGE 158
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Traceroute The Traceroute command displays the route that packets travel to the specified network device. To trace the route from the SA8250 to another device: 1. From the Command menu, click traceroute. 2. In the Parameters field, type the host name or IP address of the target device. 3. Click Run. After a few seconds, the Traceroute information displays in the Results window. Traceroute Results 4.
PAGE 159
CHAPTER 4 Statistics Screen Statistics Screen The SA8250 provides a screen where you can view four different statistical categories, in a variety of graphical display formats, at the levels of Device, Service, and Server. Statistical data series are defined in the main Screen, and subsequently displayed in a separate window.
PAGE 160
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Selection List Statistics Box Selection Buttons (Arrow Buttons) Graph Options Graph Button Window Options Statistics Screen Statistics Box The Statistics box contains controls for you to select the statistics you want to view graphically, as well as the graph format in which you want those statistics displayed. 148 • Type: This pull-down list specifies the type of statistics that are available: System, Server, or Service.
PAGE 161
CHAPTER 4 NOTE: Statistics for open connections in RICH mode are not available. Statistics Screen • Available Statistics: In this graphical display, you can specify which of the available statistics you want to view. These include Average Response Time, Average Connections per Second, CPU Utilization, Open Connections, and Uptime. The available statistics will depend on your selection from the Type pull-down list. You can select multiple items in this list.
PAGE 162
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Selection List The Selection List reflects the item (System, Server, Service), statistical category, and graph type of each defined data series. These display in the List’s three columns, described below: • Items: The specific System, Server, or Service selected in the Statistics box's Items list. • Statistics: The statistical category selected in the Statistics box's Available Statistics list.
PAGE 163
CHAPTER 4 Statistics Screen Graphing Statistics NOTE: The graph parameters, including the Legend checkbox, can be changed on the fly, but the results will not be displayed in the graph window (in the figure at right) until you stop and restart the graph process from the Statistics Screen. 1.
PAGE 164
CHAPTER 4 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Notes 152
PAGE 165
Command Line Interface CLI Introduction The HP e-Commerce/XML Director Server Appliance SA8250 can be fully configured using the Command Line Interface (CLI). The CLI is accessible by using either the Telnet or the serial port. Commands exist in a logical hierarchy. Secure Shell Support The SA8250 provides secure shell (SSH) versions 1 and 2 support. NOTE: The secure shell is available only when administering the SA8250 over your network. 1.
PAGE 166
CHAPTER 5 Online Help HP e-Commerce/XML Director Server Appliance SA8250 User Guide The SA8250 provides online CLI command help in six forms: 1. Type help to describe help features. 2. Type help commands to display the list of commands you can enter at the current prompt. 3. Type help ttychars to display a list of special terminal editing characters. 4. Type help for a description of a specific command or, if relevant, a list of sub-commands you can enter from within . 5.
PAGE 167
CHAPTER 5 Syntax Syntax CLI examples in this chapter use the syntax found in this table. Syntax Description Angled brackets (< >) Designates where you enter variable parameters Straight brackets ([ ]) Choices of parameters appear between straight brackets, separated by vertical bars. Braces ({ }) Optional commands or parameters appear between braces. Boldface Commands that you enter after the CLI prompt appear in boldface type.
PAGE 168
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Categorical List of CLI Commands This section lists the SA8250’s CLI commands by functional category. For more complete details regarding CLI commands, see “Run-Time CLI Command Reference” later in this chapter. Global System Commands ? !, !! Tab key arp back, ..
PAGE 169
CHAPTER 5 File Management Commands File Management Commands cat copy dir get put remove restore restore-verbose save CLI Commands config config cli delete config cli info config cli login-attempts config cli more [enable | disable] config cli port config cli prompt config cli screenlines config cli ssh-port config cli telnet-sessions config cli timeout config cli username password level config
PAGE 170
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Routing Commands config route ospf-area [backbone | ] config route ospf-hello config route ospf-dead config route ospf-authtype [none | simple ospf-authkey | md5 [ospf-authkey md5 keyid ] config route protocol [rip | ospf | none] config route rip-version config route role [standalone | primary | backup] Policy Group Commands config policygroup create config policyg
PAGE 171
CHAPTER 5 Server Commands Server Commands config policygroup service server create port {type [primary | backup | disabled]} {mode [brokered | sap | opr]} {msap [enable | disable]}{606 [enable | disable]} {http [enable | disable]} config policygroup service server delete port | -all config policygroup service server port {mode [brokered | sap | opr]} {type [primary | backup]{msap [enable | disable]}{606 [enable | disable]
PAGE 172
CHAPTER 5 Security Commands 160 HP e-Commerce/XML Director Server Appliance SA8250 User Guide config sys security custom config sys security custom access-control [enable | disable] config sys security custom acl add ip config sys security custom acl add netmask config sys security custom acl delete ip config sys security custom acl delete netmask
PAGE 173
CHAPTER 5 SNMP Commands SNMP Commands config sys snmp community info config sys snmp community create ip [] rights [ro | rw] config sys snmp community delete ip [ | any] config sys snmp info config sys snmp port <#> config sys snmp sysContact config sys snmp sysLocation config sys snmp sysName config sys snmp trap config sys snmp trap create community config sys snmp trap delete
PAGE 174
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide SSL Commands config policygroup service key certificate [create | delete | import | export | info] config policygroup service key client-ca [delete | export | import | info] config policygroup service key client-ca header-certificate [disable | enable] config policygroup service key client-ca revocation [delete | import | info | mode | refresh
PAGE 175
CHAPTER 5 Show Commands Show Commands show admin info show cli info show gui info show irv info show msd info show policygroup info show policygroup info show policygroup service info show policygroup service info show policygroup service key info show policygroup service key certificate info show policygroup service key client-ca info show policygroup service key client-ca revocation info show policygroup service
PAGE 176
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Run-Time CLI Command Reference Global System Commands This table includes descriptive examples of the Global System commands. Command Description ? Displays the help command tree ! Enter ! followed by an index number from the history list to execute the indexed command.
PAGE 177
CHAPTER 5 Global System Commands Command Description force-rwa If a user with Read-Write-All authorization logs on when another user with the same authorization is already logged on, the SA8250 "demotes" the new user’s permission to Read-only. The forcerwa command restores a demoted user’s permission to ReadWrite-All. This command is available only to users with "rwa" authorization. Note: The use of force-rwa potentially allows conflicts among users of equivalent authorization.
PAGE 178
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description netstat Displays the SA8250’s routing tables.
PAGE 179
CHAPTER 5 Global System Commands Command Description quit, exit, logout Exit the CLI reboot Reboots the SA8250 reset Resets the SA8250 to its original factory configuration. Only parameters set within the CLI are affected. Networking parameters controlled through the Boot monitor are not affected by the reset command. Note 1: Reset causes all policy groups, services, and servers to be deleted. Note 2: This operation disables all remote administration access.
PAGE 180
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description reset (continued) Route Factory Settings: • Role is set to ‘standalone.’ • Protocol is set to ‘none’ • OSPF-area is set to ‘backbone.’ • Hello interval is set to 10 seconds. • Dead interval is set to 40 seconds. • RIP version is set to 2.0. Security Settings: • acl is cleared. • custom access-control is disabled. • custom forwarding is disabled. • custom ssh is enabled. • custom telnet is disabled.
PAGE 181
CHAPTER 5 Global System Commands Command Description trace Displays TCP packets coming into or out of the SA8250. It can be helpful for troubleshooting network problems. Trace accepts a tcpdump-style expression and several command line options that cause the device to capture packets in the tcpdump binary format; You can TFTP this capture to a remote machine for debugging. Use the CLI File Management command put to TFTP the resultant dump file from this device.
PAGE 182
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description trace (continued) The has the same format as a "tcpdump" expression: If no is given all packets on the net will be output. primitives can be combined using parentheses and ’!’ or ’not’, ’&&’ or ’and’, and ’||’ or ’or.’ Here is a list of the primitives: • dst host : true if the IP destination field of the packet is .
PAGE 183
CHAPTER 5 Global System Commands Command Description trace (continued) • • • traceroute ip proto : true if the packet is an ip packet of protocol type , where is icmp, udp, or tcp. ether broadcast : true if the packet is an ethernet broadcast packet. ip broadcast : true if the packet is an IP broadcast packet Displays the route that packets travel to the network host.
PAGE 184
CHAPTER 5 Admin Commands HP e-Commerce/XML Director Server Appliance SA8250 User Guide This table describes the SA8250’s admin commands, which specify the server port where the Graphical User Interface is accessed and verify the current port. Command Description config admin info Displays the current Graphical User Interface (GUI) port config admin info config admin port Sets the Graphical User Interface (GUI) port number. This is the port where the admin GUI listens for connections.
PAGE 185
CHAPTER 5 File Management Commands File Management Commands This table describes the File Management commands. Command Description cat Displays contents of the specified saved configuration file. cat {filename} where filename is the name of the file to be displayed. If not specified, the file active.cfg is displayed. copy Copies an existing configuration file to a new file. copy to where source is the name of the original file and destination is the name of the target file.
PAGE 186
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description put Puts a configuration to the specified remote file or directory. If the remote-directory form is used, the remote host is assumed to be a UNIX* machine. Because the TFTP protocol has no user-logon or validation, sites that support it typically enforce some file access restrictions. Such restrictions are specific to each site and vary widely in scope and methods.
PAGE 187
CHAPTER 5 File Management Commands Command Description restore-verbose Same as restore but displays every line as it is restored restore-verbose {filename} where filename is the name of the configuration file to be restored (the default file name is active.cfg). Note: Username commands are not valid in configuration files, that is, save config and restore config operations do not include username data. Type the config cli username command to restore usernames.
PAGE 188
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide CLI Commands This table describes the Command Line Interface commands. Command Description config Changes the prompt to the CLI config branch. config config cli delete Deletes the specified user. config cli delete Note: The default user name, "admin" cannot be deleted. config cli info Shows all current CLI settings at this level.
PAGE 189
CHAPTER 5 CLI Commands Command Description config cli port Specifies the telnet port on which the CLI runs. Note: If you are logged in using telnet, do not use this command. Doing so will change the port parameters and you will be disconnected. config cli port where port is a valid port. Valid ports are port 23 (the default) or any port between 1024 and 65535. config cli prompt Changes the root level prompt. config cli prompt where prompt is the new prompt name.
PAGE 190
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config cli ssh-port Sets the Secure Shell (SSH) port number. Note: If you are logged in using SSH, do not use this command. Doing so will change the port parameters and you will be disconnected. config cli ssh-port where port is a valid port. Valid ports are port 22 (the default) or any unused port between 1024 and 65535.
PAGE 191
CHAPTER 5 IRV Commands IRV Commands This table describes the Intelligent Resource Verification (IRV) commands. Command Description config irv Changes to the config/irv branch config irv config irv info Displays the current ping interval config irv info config irv ping-interval Sets the IRV ping interval config irv where ping-interval is a the number of seconds from 0 to 99999. To disable IRV, set ping-interval to 0.
PAGE 192
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide GUI Commands This table describes the SA8250’s GUI commands, which are used to configure its Graphical User Interface. Command Description config gui broker-action Specifies the start screen within the GUI when you double-click a SA8250 icon in the topology screen.
PAGE 193
CHAPTER 5 GUI Commands Command Description config gui server-action Specifies the start screen within the GUI when you double-click a server icon in the topology screen.
PAGE 194
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Routing Commands The Routing Commands are used both in route and serial failover modes. In serial failover mode, they advertise routes to the VIPs. NOTE: Latency exists in the refresh process of normal routing tables. If you configure OSPF routing protocol for a SA8250 on a specific router, VIP destinations may be inconsistent in the routing table.
PAGE 195
CHAPTER 5 Routing Commands Command Description config route ospf-dead Changes the duration of the OSPF router dead interval. The router dead interval is the number of seconds the SA8250’s OSPF neighbors should wait before assuming that this OSPF SA8250 is down. This must match the router dead interval of the ingress router. Valid range is from 1 to 2,147,483,647, and the default is 40. Note: This value must be at least four times the hello interval.
PAGE 196
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config route ospfauthtype Specifies the OSPF authentication mode. Router Authentication type and key are security mechanisms to guarantee that routing information is exchanged only with trusted routers. The type and key together comprise the "authentication scheme." Note 1: An OSPF Area can have only one OSPF authentication scheme.
PAGE 197
CHAPTER 5 Routing Commands Command Description config route protocol Specifies the desired routing protocol. config route protocol [rip | ospf | none] where: • rip enables Routing Information Protocol (RIP) on the SA8250. • ospf enables Open Shortest Path First (OSPF) routing protocol on the SA8250. • none disables both RIP and OSPF protocols. config route rip-version Specifies the RIP version (1 or 2).
PAGE 198
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Policy Group Commands NOTE: The names of existing Policy Groups cannot be changed. This table describes the Policy Group commands. Policy Group names must adhere to the following conventions: • From 1 to 25 characters in length • Any alphanumeric character • Other eligible characters include hyphens ("-"), periods ("."), and underscores ("_") • Spaces must not be used.
PAGE 199
CHAPTER 5 Policy Group Commands Command Description config policygroup throttle Enables throttling of services to meet specified response times. config policygroup throttle [enable | disable] where: • policy-name is the name of the policy group • enable enables throttling • disable disables throttling Note: When throttling is activated, requests to eligible servers in lower-priority services are throttled until response times are met or all eligible servers have been throttled.
PAGE 200
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config policygroup service create Creates a service. The default type is TCP. config policygroup service create vip port {type [TCP | UDP | RICH_HTTP]} Note 1: The VIP/port combination must be unique. The service type defaults to TCP unless specified otherwise on the command line.
PAGE 201
CHAPTER 5 Policy Group Commands Command Description config policygroup service dup-syn Sets the time interval (in microseconds) within which if the dynamically calculated number of duplicate SYNs (lost packets) to a fulfillment server is detected, the server is declared dead.
PAGE 202
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config policygroup service header-names Sets the name used in the HeaderNameField of the HTTP headers inserted when header or header-certificate are enabled, on a per-service basis.
PAGE 203
CHAPTER 5 Policy Group Commands Command Description config policygroup service priority Sets the priority level of the specified service. config policygroup service priority where: • policy-name is the name of an existing Policy Group • service-name is the name of the service • level is the service priority. You can specify a value from 1 (highest) to 5 (lowest), and 1 is the default. config policygroup service response Sets the target response time.
PAGE 204
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config policygroup service server create Creates a new server. Note: The server name and port must be unique.
PAGE 205
CHAPTER 5 Policy Group Commands Command Description config policygroup service server port http Enables or disables HTTP error detection on the named server. When HTTP error detection is enabled, requests that generate HTTP errors 401-405 and 500-503 are rerouted (transparently to the client), to the next available server. When disabled, these errors are sent back to the requesting client.
PAGE 206
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config policygroup Enables or disables Multi-hop Source Address Preservation service server port msap (MSAP) on the named server.
PAGE 207
CHAPTER 5 Policy Group Commands Command Description config policygroup service server port xmlpattern create Creates an XML pattern defined by the specified string for the server and port specified in the current path config policygroup service server port xmlpattern create where: • policy-name is the name of the policy group • service-name is the name of the service • server-name is the name of the server • port is the port number • xmlpa
PAGE 208
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config policygroup service server port xmlpattern create (continued) An example xmlpattern_string: create */order.asp & doc=5 & //Amount[Value > 10000] Note 3: You must include a single space before and after the ampersands (&) used to separate the RICH expression, document number, and XML expression.
PAGE 209
CHAPTER 5 Policy Group Commands Command Description config policygroup service server port xmlpattern delete Deletes the XML pattern defined by the specified string, or by index number, for the server and port specified in the current path config policygroup service server port xmlpattern delete [ | ] where: • policy-name is the name of the policy group • service-name is the name of the service • server-name is the name of the serv
PAGE 210
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config policygroup service sticky The SA8250 can be configured to maintain a session’s state so that serial requests from a single client are allocated to the same server. This is called "sticky port" functionality. This command enables or disables the sticky port function. Sticky functionality is enabled in either of two modes. "Src-ip" (source IP address) mode identifies requesting clients by IP address.
PAGE 211
CHAPTER 5 Policy Group Commands Command Description config policygroup service sticky-timeout When the sticky port function is enabled, the maximum time during which a single server is forced to serve serial requests by a single client is called the "sticky timeout." This command sets the sticky timeout.
PAGE 212
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide System Commands This table describes the System commands. Command Description config sys Changes the prompt to the config/sys branch config sys config sys autoboot Enables or disables the Autoboot function. If Autoboot is enabled, the SA8250 prompts you to press a key during restart to enter the Boot Monitor command line interface. If you ignore the prompt, restart finishes with the SA8250 in normal operating mode.
PAGE 213
CHAPTER 5 System Commands Command Description config sys id Sets the unit identifier. The SA8250 is shipped pre-configured with the unit’s serial number in this field. This command can change the identifier if the site requires alternate asset tracking information. config sys id where identifier is an alphanumeric value from 1 to 64 characters.
PAGE 214
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config sys software delete Deletes old versions of SA8250 software from local storage. It can be used to free local storage to install a version update or product upgrade. config sys software delete where index is a valid index of an installed software image, as displayed using the command, show sys software info config sys software install Downloads and installs SA8250 software updates or upgrades.
PAGE 215
CHAPTER 5 System Commands Command Description config sys software ms-software Specifies the multi-site software level. The parameters are used to show all installed multi-site agents, enable a multi-site agent, delete a multi-site agent, or install a new multi-site agent.
PAGE 216
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Security Commands This table describes the Security commands. Command Description config sys security custom access-control Determines whether the access control list is enabled or disabled. Access control lists are configured with the commands acl add (ip or netmask) and acl delete (ip or netmask). If an IP or netmask is on the access control list they are allowed to connect with any of the enabled administrative methods.
PAGE 217
CHAPTER 5 Security Commands Command Description config sys security custom Switches to custom security settings menu config sys security custom config sys security custom forwarding Enables or disables IP forwarding. If IP forwarding is enabled, the servers connected to the second interface of the SA8250 are directly accessible by their IP addresses. There is no restriction on direct access to the servers through the SA8250.
PAGE 218
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config sys security custom ssh Enables or disables administration using Secure Shell (SSH). config sys security custom ssh [enable | disable] config sys security custom telnet Enables or disables administration using telnet. config sys security custom telnet [enable | disable] Disabled by default.
PAGE 219
CHAPTER 5 SNMP Commands SNMP Commands This table describes the SNMP commands. Command Description config sys snmp community create Specifies community strings that the SA8250 will accept on incoming SNMP requests. Up to 10 community strings can be created. config sys snmp community create ip [|any] rights [ro|rw] where: • is the name of the community you wish to create • is the IP address of the host from which you will accept this community string.
PAGE 220
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config sys snmp info Displays information about the SNMP port, sysContact, sysName, and sysLocation. config sys snmp info config sys snmp port Specifies the port where the SA8250 receives SNMP requests. config sys snmp port <#> where # is a number between 5020 and 65535 (the default is 161) config sys snmp sysContact Specifies a string for the MIB-II variable sysContact. The default is NULL.
PAGE 221
CHAPTER 5 SNMP Commands Command Description config sys snmp trap create community Specifies the host to which SA8250 sends SNMP traps. Up to 10 trap receivers can be created. By default the trap receiver list is empty, thus no traps are sent.
PAGE 222
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide SSL Commands This table describes the Secure Transactions (SSL) commands. Commands in this section are only valid for RICH_HTTP services. Command Description config policygroup service key certificate create Creates a certificate. A private key must be created prior to using this command. You can optionally provide distinguished name (DN) information. If no DN information is provided, the default DN information is used.
PAGE 223
CHAPTER 5 SSL Commands Command Description config policygroup service key certificate delete Deletes a certificate. config policygroup service key certificate delete where: • policy-name is the name of a policy group • service-name is the name of a service Example: HP SA8250/.../service//key># certificate delete Note: When the procedure is complete, you can type info at the prompt to verify the certificate's deletion.
PAGE 224
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config policygroup service key certificate import Imports an existing certificate. We recommend you copy the certificate (a block of ASCII text) from a server’s console window, then paste it into the SA8250’s console window when prompted. To paste in a certificate, type the import command and press . The CLI prompts you to paste in the certificate. When finished, type three periods ("...
PAGE 225
CHAPTER 5 SSL Commands Command Description config policygroup service key client-ca Displays, deletes, exports, or imports a client certificate.
PAGE 226
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config policygroup service key client-ca revocation delete Deletes a Certificate Revocation List (CRL). config policygroup service key client-ca revocation delete where: • policy-name is the name of a policy group • service-name is the name of a service config policygroup service key client-ca revocation import Imports a CRL from a server.
PAGE 227
CHAPTER 5 SSL Commands Command Description config policygroup service key client-ca revocation mode Sets the mode to disable or enable.
PAGE 228
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config policygroup service key client-ca revocation url Retrieves the CRL. config policygroup service key client-ca revocation url {user password | none} where: • policy-name is the name of a policy group • service-name is the name of a service • url is a URL used to retrieve the CRL. The format of the URL is protocol://server:port/path.
PAGE 229
CHAPTER 5 SSL Commands Command Description config policygroup service key create Creates a private key. config policygroup service key create {[512 | 1024]} where: • policy-name is the name of a policy group • service-name is the name of a service • 512 (the default) creates a 512 bit RSA private key • 1024 creates a 1024 bit RSA private key Note: When the procedure is complete, you can type info at the prompt to verify the key's creation.
PAGE 230
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config policygroup service key export Exports a private key. The private key can be either exported to the console or to a remote machine via ftp.
PAGE 231
CHAPTER 5 SSL Commands Command Description config policygroup service key import Imports an existing private key. For example, you can copy the key (a block of ASCII text) from a server’s console window, then paste it into the SA8250’s console window, or the private key may be copied via ftp. To paste in a key, type the import command and press . The CLI prompts you to paste in the certificate. When finished, type three periods ("...") on a separate line, then press .
PAGE 232
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config policygroup service key redirect Specifies the default URL to return the user if the client does not support the cipher suite. Each service may specify a different URL.
PAGE 233
CHAPTER 5 SSL Commands Command Description config policygroup service key signrequest create Creates a signing request. Signing requests are used to obtain certificates from a Certificate Authority. Once created, the signing request is exported and emailed to the Certificate Authority, who will mail you a certificate for you to import into the SA8250. You can optionally include distinguished name (DN) information in the request. If no DN information is provided, the default DN information is used.
PAGE 234
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config policygroup service key signrequest delete Deletes a signing request. config policygroup service key signrequest delete where: • policy-name is the name of a policy group • service-name is the name of a service For example: HP SA8250/...
PAGE 235
CHAPTER 5 SSL Commands Command Description config policygroup service key suite Specifies a cipher suite for each type of service.
PAGE 236
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description config ssl dn Sets the Distinguished Name (DN) configuration. This information will be incorporated into new certificate or signing requests unless otherwise specified. Note: A unique DN should be specified when generating certificates for each private key created or installed on the SA8250. This prevents potential certificate conflicts with cached certificates on the client’s browser.
PAGE 237
CHAPTER 5 SSL Commands Command Description config ssl suite Configures the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. The value applies to all SSL-enabled services.
PAGE 238
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Logging Commands This table describes the Logging commands. Command Description config logging info Displays current logging configuration settings. config logging sys Displays system-level logging configuration. config logging output Log file viewing and configurations. config logging sys info Displays the current system logging mask settings and available logging mask.
PAGE 239
CHAPTER 5 Logging Commands Command Description config logging output info Displays the current logging configuration settings config logging output logsize Sets the maximum log file size. The range is from 1024 to 60000. config logging output viewlog Allows review of the log file. An option filter value can be indicated to remove the logging mask from the log file upon review.
PAGE 240
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Show Commands This table describes the Show commands.
PAGE 241
CHAPTER 5 Show Commands Command Description show policygroup service info To display the configuration for all services in the specified policy group: show policygroup service info where policy-name is the name of the policy group whose service information you want to view To display the configuration for a specified service: show policygroup service info where: • policy-name is the name of the policy group • service-name is the name of the service show poli
PAGE 242
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description show policygroup key client-ca info Displays client-ca information show policygroup service key client-ca info • • show policygroup key sign-request info policy-name is the name of the policy group service-name is the name of the service Displays signing request information show policygroup service key sign-request info • • show policygroup key clien
PAGE 243
CHAPTER 5 Show Commands Command Description show policygroup service server info To display the server information for all servers: show policygroup service server info where: • policy-name is the name of the policy group • service-name is the name of the service To display the server information for a specific server: show policygroup service server info where: • policy-name is the name of the policy group • service-name is the
PAGE 244
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Command Description show policygroup service server port xmlpattern info Displays the list of XML expressions for a specified server show policygroup service server port xmlpattern info where: • policy-name is the name of the policy group • service-name is the name of the service • server-name is the name of the server • port is the server port show route info Displays the SA8250'
PAGE 245
CHAPTER 5 Show Commands Command Description show stats service vport server port Displays statistics for a specified server show stats service vport server port where: • vip is the service IP address (Virtual IP) • vport is the VIP port • ipaddr is the server IP address • port is the server port show sys date Displays the system date show sys date show sys info Displays the following system information: IP address, netmask, broadcast, hostname, default route, name serv
PAGE 246
CHAPTER 5 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Notes 234
PAGE 247
Scenarios SA8250 Scenarios This chapter contains multiple scenarios that demonstrate the HP eCommerce/XML Director Server Appliance SA8250’s operation using “real world” applications.
PAGE 248
CHAPTER 6 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Scenario 1: Load Balancing a Web Site with Two Servers and the SA8250 in Inline Mode An Internet Service Provider (ISP) wants to set up a load-balanced, two server web site named “Acme Web” with the SA8250 operating in Dual NIC mode. The service is HTTP and the website's address is 30.1.1.201. This diagram shows the network configuration for scenario 1.
PAGE 249
CHAPTER 6 SA8250 Scenarios Prerequisites for Scenario 1 • Two web servers are configured with replicated content. In this example they are referred to as “serv1.acme.com” and “serv2.acme.com” with IP addresses of 10.6.1.99 and 10.6.1.100, respectively. • One SA8250 is installed between two distinct subnets. The outside subnet is connected to the router, and the inside subnet is connected to the switch.
PAGE 250
CHAPTER 6 HP e-Commerce/XML Director Server Appliance SA8250 User Guide monitor>dns Would you like to configure DNS (yes,no)? [no] --->yes Enter Domain name (‘-’ to cancel) --->tcslab.acme.com Enter the IP Address of the Primary name server (‘-’ to cancel)--->10.6.5.11 Specify additional name server ( to end ) ---> monitor>save List of currently saved configuration file(s). You may save over an existing configuration file or enter a new name. File name ----------active.cfg test.
PAGE 251
CHAPTER 6 SA8250 Scenarios Default Gateway: 10.6.2.1 Domain: tcslab.acme.com Primary name server: 10.6.5.11 DHCP: Disabled Failover mode: Disabled Network NIC speed/duplex: Auto Server NIC speed/duplex: Auto NTP: Disabled Autoboot: Disabled Static Routes: None RICH Biased: Enabled Select a boot configuration from the following files. active.cfg bobs failover backup.cfg Boot configuration file name? [active.cfg] ---> Do you really want to boot ‘active.
PAGE 252
CHAPTER 6 HP e-Commerce/XML Director Server Appliance SA8250 User Guide 3. To move the prompt to that level, type the name of the new policy group: HP SA8250/config/policygroup#gold Add HTTP Service and VIP 1. To add HTTP service to policy group gold, type this command: HP SA8250/config/policygroup/gold# service create http vip 30.1.1.201 port 80 This command creates a new HTTP service on the SA8250 at IP address 30.1.1.201, listening on TCP port 80. 2.
PAGE 253
CHAPTER 6 Scenario 2: Load Balancing Servers with Source Address Preservation SA8250 Scenarios In its default operating mode, the SA8250 alters source and destination packet addresses so that fulfillment servers see only the SA8250’s address. However, under some circumstances, administrators may want to preserve incoming clients’ addresses in the server log files.
PAGE 254
CHAPTER 6 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Prerequisites for Scenario 2 • At least one Web server • One client • One SA8250 must be physically installed on the network, and its Boot Monitor and routing protocol configurations must be complete. For more information, see the Getting Started Guide. Procedure for Scenario 2 Connect to the SA8250 1. Telnet to the SA8250's port 23 and log on as the administrator (admin).
PAGE 255
CHAPTER 6 SA8250 Scenarios 2. To move the prompt to the level of the specific service, type this command: HP SA8250/config/policygroup/saptest#service sap Add Servers to the SAP Service 1. To add the server “serv1” to the SAP service, type this command: HP SA8250/config/policygroup/saptest/service/ sap#server create serv1.prime.com port 80 Server serv1.prime.com port 80 has been created. This tells the SA8250 that serv1.prime.com can fulfill requests arriving at 30.1.1.201 on port 80. 2.
PAGE 256
CHAPTER 6 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Scenario 3: Routing Outbound Data Away from the SA8250 for OPR You can configure the SA8250 to direct outbound data from the fulfillment servers to bypass the SA8250. Most requests to servers elicit a disproportionate amount of return data. Under some circumstances, it is desirable to avoid routing such volumes of content through the SA8250 as it returns to the client.
PAGE 257
CHAPTER 6 SA8250 Scenarios Prerequisites for Scenario 3 Equipment • At least one Web server with an installed loopback adapter (for example, UNIX* or Windows* or NT*) • One SA8250 physically installed on the network, with its Boot Monitor and routing protocol configurations completed. For more information, see the Getting Started Guide. Procedure for Scenario 3 Connect to the SA8250 1. Telnet to the SA8250's port 23 and log on as the administrator (admin).
PAGE 258
CHAPTER 6 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Add HTTP Service and VIP 1. To add HTTP service to policy group oprtest, type this command: HP SA8250/config/policygroup/oprtest# service create OPR vip 30.1.1.201 port 80 This command creates a new service on the SA8250, using the HTTP protocol, at IP address 30.1.1.201, listening on TCP port 80. 2.
PAGE 259
CHAPTER 6 Scenario 4: Content Routing using RICH only SA8250 Scenarios Because the SA8250 can differentiate servers according to their content, it can apportion requests based on the type of content requested. For example, an administrator might choose to run the most processor-intensive processes (such as CGI scripts) on the most powerful servers while placing the less processor-bound files on slower servers.
PAGE 260
CHAPTER 6 HP e-Commerce/XML Director Server Appliance SA8250 User Guide This diagram shows the data flow for scenario 4. &OLHQW %URNHU 6HUYHU 6<1 6<1 $&. $&. *HW 85/ 6<1 6<1 $&. $&. *HW 85/ 'DWD 'DWD Data Flow for Scenario 4 Prerequisites for Scenario 4 248 • At least two Web servers • One for HTML and images • One for CGI scripts • One SA8250 physically installed on the network, and its Boot Monitor and routing protocol configurations must be complete.
PAGE 261
CHAPTER 6 SA8250 Scenarios Procedure for Scenario 4 Connect to the SA8250 1. Telnet to the SA8250’s port 23 and log on as the administrator (admin). The Command Line prompt displays: HP SA8250# Create a Policy Group 1. To create a policy group, first move the prompt to the policy group level by typing this command: HP SA8250#config policygroup 2. To specify the new policy group's name (“xml” in this example), type this command: HP SA8250/config/policygroup#create xml 3.
PAGE 262
CHAPTER 6 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Add Servers to the RICH Service 1. To add “serv1” to the rich service, type this command: HP SA8250/config/policygroup/xml/service/ rich#server create serv1.prime.com port 80 Server serv1.prime.com port 80 has been created. This tells the SA8250 that serv1.prime.com can fulfill requests arriving at 30.1.1.201 on port 80. 2.
PAGE 263
CHAPTER 6 SA8250 Scenarios 3. To add “serv2” to the rich service, type these commands: HP SA8250/config/policygroup/xml/service/rich/ server/serv1.prime.com/port/80#back HP SA8250/config/policygroup/xml/service/rich/ server#create serv2.prime.com port 80 4. To move the prompt, type this command: HP SA8250/config/policygroup/xml/service/rich/ server#serv2.prime.com port 80 Add an Expression to serv2's Configuration 1.
PAGE 264
CHAPTER 6 Scenario 5: Using SSL Acceleration HP e-Commerce/XML Director Server Appliance SA8250 User Guide We now build upon Scenario 4 by adding a Layer 7 service using the SA8250’s SSL acceleration capabilities. As discussed earlier, the SA8250 can off load SSL processing from the web server, providing dramatically improved performance. This diagram shows the network configuration for scenario 5.
PAGE 265
CHAPTER 6 SA8250 Scenarios 5. The SA8250 and client send ChangeCipherSpec message to indicate readiness. 6. The SA8250 and client send “finished” messages, including whole conversation. 7. Encrypted data is sent to the SA8250, decrypted, and forwarded to the least busy server. 8. A clear response is sent to the SA8250, encrypted, and sent to client. Procedure for Scenario 5 Using this procedure, you will add an SSL enabled service called “SSL” to the previously defined “xml” policy group. 1.
PAGE 266
CHAPTER 6 HP e-Commerce/XML Director Server Appliance SA8250 User Guide 6. To create a certificate, type these commands: HP SA8250/config/policygroup/xml/service/SSL# key certificate create Certificate created (Expires in 30 days). The service is SSL enabled. Define the servers to start processing. HP SA8250/config/policygroup/xml/service/SSL# server create serv2.prime.com port 80 Server serv2.prime.com port 80 has been created. HP SA8250/config/policygroup/xml/service/SSL# server create serv3.prime.
PAGE 267
CHAPTER 6 Scenario 6: Content Routing using RICH and XML expressions SA8250 Scenarios In addition to recognizing RICH expressions, the SA8250 has the unique ability to direct traffic to servers based on its recognition of patterns in the incoming XML data. This diagram shows the network configuration for scenario 6. For ease of reading, the SA8250 is interfaced to only three servers in this scenario, but the principles demonstrated here could be applied to any number of servers.
PAGE 268
CHAPTER 6 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Server RICH Expression XML Expression 1 */order.asp //From[id = “Acme”] */order.asp //Amount[Value >= 10000] */order.asp default */order.asp //From[id = “Widgets.com”] */order.asp //Amount[Value < 10000] */order.asp //Order[@type = “debit card”] */order.asp //Amount[Value > 5000 and Value < 10000] */order.asp //Address[ZipCode > 90000] */order.
PAGE 269
CHAPTER 6 Scenario 7: Using CRLs SA8250 Scenarios The SA8250 can be configured to work with Client Revocation Lists (CRLs). In this scenario, the SA8250 uses a CRL to validate that a client certificate is not expired, meaning that it does not display in the CRL. For more information on CRLs, see Appendix B. Prerequisites for Scenario 7 NOTE: Scenario 7 assumes that you have already completed all steps in Scenario 5.
PAGE 270
CHAPTER 6 HP e-Commerce/XML Director Server Appliance SA8250 User Guide You will see: Paste in the data, end with ... alone on line. 5. Paste in the certificate.
PAGE 271
CHAPTER 6 SA8250 Scenarios 7. To provide the SA8250 with the download address for the CRL, type this command: HP SA8250/config/policygroup/richtest/service/ SSL/key/client-ca/revocation#url ftp:// 10.1.2.64/Certsrv/myCA.crl user john password smith where john is your username and smith is your password. You will see: URL updated 8.
PAGE 272
CHAPTER 6 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Notes 260
PAGE 273
SNMP Support Using SNMP The HP e-Commerce/XML Director Server Appliance SA8250 includes a fully compliant, embedded SNMP agent that supports SNMPv1 and SNMPv2c requests.
PAGE 274
CHAPTER 7 Standards Compliance 262 HP e-Commerce/XML Director Server Appliance SA8250 User Guide The SA8250 SNMP agent is bilingual and can support both SNMPv1 and SNMPv2c requests. HP private enterprise MIB files are compliant with SMIv2 as specified in RFC 1902. The SNMP agent supports Management Information Base-II (MIB-II) as specified in RFC 1213, but allows SET operations only on the SYSTEM and SNMP groups.
PAGE 275
CHAPTER 7 MIB Tree Using SNMP This figure illustrates the HP MIB tree. Please refer to it as needed throughout this chapter. HP’s MIB Tree All HP enterprise MIBs and MIB objects are defined under the management branch of the hp tree. All sysObjectIds that identify HP products are defined under the hpServerAppliancesSystem branch of the hp tree.
PAGE 276
CHAPTER 7 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Supported MIBs Management Information Base-II (MIB-II) HP Enterprise MIBs: hpserver-header.my hpbroker-mib.my hpl7-broker-mib.my hpssl-acceleration-mib.my hpuser-mib.my Where to find MIB Files Electronic copies of the HP MIB files used by the SA8250 are shipped with the product on CD-ROM and are available from HP’s web site: http://www.hp.
PAGE 277
CHAPTER 7 Using SNMP Server Availability (Ping) NOTE: The Intelligent Resource Verification (IRV) CLI command is config irv and the default ping-interval is zero. To make the serverPingTable active, ensure that the pinginterval is NOT set to zero. The serverPingTable can be used to monitor server availability. If a server is responding to periodic ping requests from the SA8250, then its state is marked as responding. Otherwise, the server is marked as notResponding.
PAGE 278
CHAPTER 7 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Trap thresholds for server connections can be configured such that if the connection/second rate reaches a given value, a trap is sent. The serverCpsAlert and serverCpsNormal trap and applicable thresholds work similarly for server response time. Layer 4 Service (VIP, PORT) The performance of each configured Layer 4 service (VIP, PORT) presented to clients is monitored. Performance data is stored in the serviceTcpTable.
PAGE 279
CHAPTER 7 Using SNMP Broker Connection Count, Connections/Second, and CPU Utilization brokerConnCount is the number of established TCP connections used for load balancing. This number aggregates all serviceConnCnt values in the serviceTcpTable. brokerCps is the number of TCP connections/second established by the Director. brokerCps aggregates all serviceCps values in the serviceTcpTable. brokerCpuUtil returns the current CPU utilization of the Director. Its value can be from 0 to 100%.
PAGE 280
CHAPTER 7 HP e-Commerce/XML Director Server Appliance SA8250 User Guide hpl7-broker-mib.my hpl7-broker-mib.my defines objects and traps for Layer 7 load balancing. The hpl7-broker-mib.my objects and traps are discussed below. HTTP Monitor Table A 24-hour history of HTTP performance is maintained in httpMonTable. httpMonTable is indexed by hours of the day, so httpMonTable is indexed from 0 to 23. To get the current http performance numbers, index the table by the current hour.
PAGE 281
CHAPTER 7 Using SNMP http606Redirects is the number of times during the hour that the Director redirected a request to a server. http606ErrsToClient is the number of times during the hour that a 503 error is returned to the client because all redirection attempts failed to fulfill an HTTP request. A trap threshold, http606ErrsToClientTh, is available in the MIB. If http606ErrsToClient reaches http606ErrsToClientTh during the current hour, a trap is sent.
PAGE 282
CHAPTER 7 HP e-Commerce/XML Director Server Appliance SA8250 User Guide sslTraffic indicates whether or not SSL traffic exceeded maximum capacity at least once during the 1-hour period. This object starts with the value "ok" and is changed to "overflow" at the first instance in which SSL traffic exceeds the capacity of the box. The value does not toggle back to "ok." In this way, a 24-hour history of SSL traffic capacity can be retrieved.
PAGE 283
CHAPTER 7 Trap Summary Using SNMP This list summarizes the traps generated by the SA8250. For details about a particular trap, please read the description of each MIB above, or read the documentation within the MIB file. Traps are generated by SNMPv2c. Standard SNMP Traps coldStart authenticationFailure linkUp linkDown hpbroker-mib.
PAGE 284
CHAPTER 7 HP e-Commerce/XML Director Server Appliance SA8250 User Guide hpuser-mib.my operatorLogin operatorLogout Displaying SNMP Parameters The GUI’s Administration SNMP tab displays all SNMP parameters. In the CLI, use the following command to display all SNMP parameters: show sys snmp info The SA8250 has an IP filtering capability accessible through the Administration-Security tab or the config sys security command.
PAGE 285
CHAPTER 7 Using SNMP For example: config sys snmp community create test ip 209.218.240.5 rights ro This command creates the community string test with read-only privilege. SNMP read-only requests using community string test will be accepted only from IP address 209.218.240.5.
PAGE 286
CHAPTER 7 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Configuring Other SNMP Parameters The following CLI commands are used to display and configure general SNMP parameters: NOTE: You can also configure these parameters in the Administration-SNMP tab of the GUI interface. SNMP port is used by the SA8250 SNMP to listen for SNMP requests. By default, the SNMP port is 161. The SNMP port can be changed to a number between 5020 and 65535.
PAGE 287
Software Updates Updating Your System Software We recommend that you visit http://www.hp.com/ serverappliances/support/ on a routine basis to ensure that your system is running the current software release. After initial installation and setup, you may be eligible for, or choose to purchase, a software version update. Update procedures are performed using either the Graphical User Interface (GUI, Chapter 4) or the Command Line Interface (CLI, Chapter 5).
PAGE 288
CHAPTER 8 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Multiple Software Images The SA8250 provides sufficient local storage for at least five software images (though at any time, only one image is active and executing). You can download and install new software images on the SA8250 using the config sys software install CLI command.
PAGE 289
CHAPTER 8 Downloading and Installing the Software Downloading and Installing the Software NOTE: If you install the same image as the currently running image, the system will automatically reboot. The process for downloading and installing the software is the same whether the image is a version update or patch. After the install file is on an ftp server, use the GUI or the CLI to download and install it onto the SA8250.
PAGE 290
CHAPTER 8 HP e-Commerce/XML Director Server Appliance SA8250 User Guide Rebooting with the New Image and Verifying Installation As an added security feature, you must be connected to the serial console throughout this section. After the image has been downloaded and installed, you can verify it by typing the CLI command, show sys software info. For example, after downloading and installing an update, the response to show sys software info might look like the example shown in this table.
PAGE 291
CHAPTER 8 Upgrading Under Serial Cable Failover Configuration Downloading and Installing the Software Upgrading software versions on two SA8250s (System A and System B) configured for serial cable failover presents a special case. This procedure ensures minimum downtime during upgrade. 1. At System A’s run time CLI, type the save command to save its current configuration in a file, such as beforeupgrade.cfg. 2.
PAGE 292
CHAPTER 8 HP e-Commerce/XML Director Server Appliance SA8250 User Guide 11. At the prompt, type the new password. This password must also consist of 8 to 128 characters. 12.
PAGE 293
Security Configuration Recommended Security Configuration This section describes configuration options to enhance the level of protection of your SA8250. For more details, see Chapter 5. 1. If you have not already done so, change the admin password by typing the config cli username command. 2. Set security to closed or custom mode typing the config sys security mode [closed|custom] command. Closed mode restricts administration to the serial port.
PAGE 294
A P P E N D I X A HP e-Commerce/XML Director Server Appliance SA8250 User Guide 3. With custom mode access, control lists can be used to further enhance administration security by restricting management functionality to either your IP or subnet.
PAGE 295
SSL Configuration Obtaining Keys and Certificates NOTE: The SA8250 comes with default keys and certificates for test purposes. However, certificates for production use must be obtained from a recognized Certificate Authority. Keys and certificates are necessary for the successful operation of the SA8250 for XML traffic processing. The SA8250 supports certificates in PEM format.
PAGE 296
A P P E N D I X B HP e-Commerce/XML Director Server Appliance SA8250 User Guide Copying and Pasting Keys and Certificates Copying and pasting is an integral part of the next several procedures. These are steps required to perform these tasks using HyperTerminal*. If you use another terminal program, consult that product’s documentation for the appropriate procedures. To copy an item (key, certificate signing request, etc.) from HyperTerminal§: 1. Open the HyperTerminal§ window. 2.
PAGE 297
APPENDIX B Obtaining Keys and Certificates Obtaining a Certificate from Verisign or another CA Use the policy manager key create command to create your key and the key signrequest create command to create a signing request to be sent to Verisign or another CA for authentication. The CA will return the certificate, but there may be a delay of 1-5 days. NOTE: Be sure to save your configuration after creating a key.
PAGE 298
A P P E N D I X B HP e-Commerce/XML Director Server Appliance SA8250 User Guide Importing Keys into the SA8250 We recommend importing an existing key by copying the key (a block of ASCII text) from a server’s console window, then pasting it into the SA8250’s console window when prompted. NOTE: Do not interrupt the key import process. If you do interrupt the process, delete the key and start again.
PAGE 299
APPENDIX B Obtaining Keys and Certificates Importing Certificates into the SA8250 We recommend importing an existing certificate by copying the certificate (a block of ASCII text) from a server’s console window, then pasting it into the SA8250’s console window when prompted. NOTE: Do not interrupt the import process. If you do interrupt the process, delete the certificate and start again.
PAGE 300
A P P E N D I X B HP e-Commerce/XML Director Server Appliance SA8250 User Guide Creating a new Key/Certificate on the SA8250 Use the policy manager key create and key create certificate commands to create new keys and certificates for SA8250 operation. This procedure can be used when there are no existing keys and certificates on the server. The advantage of this method is that it is very fast, but a CA has not signed the certificates.
PAGE 301
APPENDIX B Using Global Site Certificates Obtaining Keys and Certificates Overview The export versions of Internet Explorer and Netscape Communicator initiate an SSL connection to the SSL server to use 40-bit encryption, even though the browser is capable of 128-bit encryption. The server responds to the browser with a digital certificate. If the certificate is not a global site certificate, both the browser and server will continue the SSL handshake and use the 40bit key to encrypt application data.
PAGE 302
A P P E N D I X B HP e-Commerce/XML Director Server Appliance SA8250 User Guide NOTE: There must be no white space before, between, or after certificates, and the “Begin” headers and “End” trailers must all be retained.
PAGE 303
APPENDIX B Generating a Client CA Generating a Client CA NOTE: To acquire a copy of OpenSSL* for your environment, access the OpenSSL website at http://www.openssl.org. This procedure will show you how to generate a client CA using OpenSSL: 1. Create a working directory where all the keys and certificates will be stored. 2. Copy the file openssl.cnf from the openSSL source directory. 3. Create a private key by typing this command: openssl genrsa -out key.pem 1024 4.
PAGE 304
A P P E N D I X B HP e-Commerce/XML Director Server Appliance SA8250 User Guide Generating a CRL NOTE: To acquire a copy of OpenSSL for your environment, access the OpenSSL website at http://www.openssl.org. This procedure shows how to generate a Certificate Revocation List (CRL) using OpenSSL. The SA8250 cannot use CRLs with more than 10,000 serial numbers. 1. If you have not already done so, create a working directory where all the keys and certificates will be stored. 2.
PAGE 305
APPENDIX B Revoking a Certificate 12. Combine the clientkey1.pem and cert.pem files into one file by typing this command: cat clientkey1.pem cert.pem > all.pem 13. Convert to p12 format by typing this command: openssl pkcs12 -export -in all.pem -out .p12 -name “MY NAME” Revoking a Certificate 1. To revoke a certificate, type this command: openssl ca -revoke clientcertificate.pem 2. To generate a new CRL to incorporate the revoked certificate, type this command: openssl ca -gencrl -out crl.
PAGE 306
A P P E N D I X B HP e-Commerce/XML Director Server Appliance SA8250 User Guide The default cipher value is all supported ciphers (both SSLv2 and SSLv3). This table provides ciphers supported by the SA8250. Notice that the export version of the software supports only the ciphers marked “E” in the Profile column.
PAGE 307
APPENDIX B HTTP Header Information HTTP Header Information The SA8250 includes the client IP address and current encryption information in the HTTP request sent to the server. This information is listed in this table. Tag Value HP_CLIENT_ CERTIFICATE The client certificate in ASCII. HP_CIPHER_USED The cipher suite for the connection. For example: DES-CBC-SHA HP_SOURCE_IP The client’s IP address in ASCII. For example: 209.249.194.100 HP_SSL_SESSION_ID The SSL session ID in ASCII.
PAGE 308
A P P E N D I X B HP e-Commerce/XML Director Server Appliance SA8250 User Guide Notes 296
PAGE 309
Failover Method Dependencies Failover Modes This table describes the failover modes.
PAGE 310
A P P E N D I X C HP e-Commerce/XML Director Server Appliance SA8250 User Guide This table shows the feature availability under different failover modes.
PAGE 311
APPENDIX C Failover Mode Failover Modes Single Interface with “outside” router Dual Interface Dual Interface with “outside” router Dual Interface with “inside” and “outside” routers (3) N/A Same subnet, only on “outside” N/A Same subnet, only on “outside” No No No No Yes Yes Yes Yes (5) HOT and SAP Yes (1) Yes (1) Yes (1) Yes (1) (4) OPR Yes N/A Yes No RICH Yes Yes Yes Yes (5) RICH and SAP Yes (1) Yes (1) Yes (1) Yes (1) (4) Feature VIP ARPing Serial Cable Failover AND
PAGE 312
A P P E N D I X C HP e-Commerce/XML Director Server Appliance SA8250 User Guide Notes 300
PAGE 313
Configuring Out-ofPath Return Configure OPR for Windows* 2000 Set the Loopback 1. From the Start menu, click Settings. 2. Open the Control Panel.
PAGE 314
A P P E N D I X D HP e-Commerce/XML Director Server Appliance SA8250 User Guide NOTE: OPR is not available for SSLenabled services. This figure shows the Control Panel. Windows 2000 Control Panel 3. Double-click Add/Remove Hardware.
PAGE 315
APPENDIX D Configure OPR for Windows* 2000 This figure shows the Add/Remove Hardware Wizard main screen. Add/Remove Hardware Wizard 4. Click Next.
PAGE 316
A P P E N D I X D HP e-Commerce/XML Director Server Appliance SA8250 User Guide This figure shows the Choose a Hardware Task screen. Choose a Hardware Task Screen 5. Select Add/Troubleshoot a device. 6. Click Next.
PAGE 317
APPENDIX D Configure OPR for Windows* 2000 This figure shows the Devices list. Devices List 7. From the Devices list, select Add a new device. 8. Click Next.
PAGE 318
A P P E N D I X D HP e-Commerce/XML Director Server Appliance SA8250 User Guide This figure shows the Find New Hardware screen. Find New Hardware Screen 9. Select No, I want to select the hardware from a list to search for new hardware. 10. Click Next.
PAGE 319
APPENDIX D Configure OPR for Windows* 2000 This figure shows the Hardware Type screen. Hardware Type Screen 11. From the Hardware types menu, select Network adapters. 12. Click Next.
PAGE 320
A P P E N D I X D HP e-Commerce/XML Director Server Appliance SA8250 User Guide This figure shows the Select Network Adapter screen. Select Network Adapter Screen 13. From the Manufacturers list, select Microsoft. 14. From the Network Adapter list, select Microsoft Loopback Adapter. 15. Click Next.
PAGE 321
APPENDIX D Configure OPR for Windows* 2000 This figure shows the Start Hardware Installation screen. Start Hardware Installation Screen 16. Click Next.
PAGE 322
A P P E N D I X D HP e-Commerce/XML Director Server Appliance SA8250 User Guide This figure shows the Completing the Add/Remove Hardware Wizard screen. Completing the Add/Remove Hardware Wizard Screen 17. Click Finish. 18. To configure the Loopback, open the Control Panel.
PAGE 323
APPENDIX D Configure OPR for Windows* 2000 This figure shows the Control Panel. Windows 2000 Control Panel 19. Double-click Network and Dial-up Connections.
PAGE 324
A P P E N D I X D HP e-Commerce/XML Director Server Appliance SA8250 User Guide This figure shows the Network and Dial-up Connections screen. Network and Dial-up Connections Screen 20. From the Device Name list, select the Microsoft Loopback Adapter. 21. From the menu bar, select File > Properties.
PAGE 325
APPENDIX D Configure OPR for Windows* 2000 This figure shows the Properties screen. Properties Screen 22. From the menu, double-click Internet Protocol (TCP/IP) to display its properties.
PAGE 326
A P P E N D I X D HP e-Commerce/XML Director Server Appliance SA8250 User Guide This figure shows the Internet Protocol (TCP/IP) Properties screen. Internet Protocol (TCP/IP) Properties Screen 23. In the IP address field, type the Virtual IP (VIP) address of the SA8250. 24. In the Subnet Mask field, type the subnet mask appropriate for your environment. 25. Leave the Default Gateway field blank. 26. Click OK. 27. Reboot the computer.
PAGE 327
APPENDIX D Configure OPR for Windows* NT* Configure OPR for Windows* NT* Set the Loopback 1. From the Start menu, click on Settings. 2. Open the Control Panel. This figure shows the Control Panel. NOTE: OPR is not available for SSLenabled services. Control Panel 3. Double-click on the Network icon.
PAGE 328
A P P E N D I X D HP e-Commerce/XML Director Server Appliance SA8250 User Guide This figure shows the Network dialog display. Network Adapter Setting 4. Click the Adapters tab. 5. Click Add.
PAGE 329
APPENDIX D Configure OPR for Windows* NT* This figure shows the Select Network Adapter dialog. Choosing the MS Loopback Adapter 6. From the Network Adapter list, select MS Loopback Adapter and click OK. This figure shows the MS Loopback Adapter Card Setup dialog. Adapter Card Setup 7. Choose the default Frame Type (802.3) and click OK.
PAGE 330
A P P E N D I X D HP e-Commerce/XML Director Server Appliance SA8250 User Guide If the necessary files are not found on your system, the Windows NT Setup dialog displays: Copying Windows NT Files 8. If necessary, specify where Windows NT can find the files and click Continue.
PAGE 331
APPENDIX D Configure OPR for Windows* NT* 9. Click the Protocols tab. This figure shows the protocol settings. Protocol Settings 10. From the Network Protocols list, click TCP/IP Protocol. 11. Click Properties....
PAGE 332
A P P E N D I X D HP e-Commerce/XML Director Server Appliance SA8250 User Guide This figure shows the Microsoft TCP/IP Properties dialog. Setting the TCP/IP Properties 12. From the Adapter pull-down menu, select the MS Loopback Adapter. 13. Click Specify an IP address. 14. In the IP address field, type the Virtual IP (VIP) address of the SA8250. 15. In the Subnet Mask field, type the subnet mask appropriate for your environment. 16. Leave the Default Gateway field blank. 17. Click Apply. 18. Click OK. 19.
PAGE 333
APPENDIX D Configure OPR for Windows* NT* Run a Web Service on the Loopback Interface Using IIS 3.0 NOTE: If you cannot find Microsoft Internet Server (Common), you do not have IIS running on your server. Install IIS 3.0 and start this procedure again. 1. From the Start menu, click Programs and then Microsoft Internet Server (Common) to run the Internet Service Manager. 2. After the Microsoft Internet Service Manager console displays, double-click the WWW service.
PAGE 334
A P P E N D I X D HP e-Commerce/XML Director Server Appliance SA8250 User Guide Run a Web Service on the Loopback Interface Using IIS 4.0 NOTE: If you cannot find Internet Service Manager, you do not have IIS running on your server. Download and install the Option Pack, then start this procedure again. 1. From the Start menu, click Programs, click Windows NT 4.0 Option Pack, and then click Microsoft Internet Information Server. 2. Run the Internet Service Manager. 3.
PAGE 335
APPENDIX D Configuring OPR for a UNIX-based Apache Web Server Configuring OPR for a UNIX-based Apache Web Server This section reproduces the commands required to configure Out-ofPath Return for an Apache Web Server on a UNIX* machine. ifconfig lo0 add or ifconfig lo0 alias or ifconfig lo0:1 1. Add the appropriate command to an /etc/rc file to return this configuration at boot time. 2. Edit the httpd.
PAGE 336
A P P E N D I X D HP e-Commerce/XML Director Server Appliance SA8250 User Guide Notes 324
PAGE 337
Diagnostics & Troubleshooting Running Diagnostics on the SA8250 This section describes the available diagnostic information and infield diagnostics.
PAGE 338
APPENDIX E Diagnostic LEDs HP e-Commerce/XML Director Server Appliance SA8250 User Guide The front panel’s LEDs provide information generated by the boottime power-on-self-test (POST) and application restart sequences. This diagram shows the four LEDs on the front panel. Power Status Act 1 Act 2 Diagnostic LEDs Power Indication The front panel Power LED connects directly to the unit’s power supply.
PAGE 339
APPENDIX E Running Diagnostics on the SA8250 Boot-time LED Diagnostics The front panel’s Status, Act 1 and Act 2 LEDs display the transition through a sequence of codes at boot time indicating the SA8250’s progress through the boot process. If the boot process aborts, terminates, or hangs before the SA8250 is online and functional, the state of the LEDs can help in diagnosing the problem. This table describes the restart sequence and conditions.
PAGE 340
APPENDIX E HP e-Commerce/XML Director Server Appliance SA8250 User Guide Activity LEDs This table describes the run time behavior of the Activity LEDs (Act 1, Act 2).
PAGE 341
APPENDIX E Troubleshooting Troubleshooting This section contains descriptions of possible difficulties followed by possible causes and suggestions for solutions. This table contains the SA8250 Troubleshooting Guide. Problem Possible Cause Solution Cannot ping the VIP Route role/protocol configuration is incorrect. Ensure that the route role and protocol are set correctly. Route role must be set to “standalone” and protocol must be set to “none.
PAGE 342
APPENDIX E HP e-Commerce/XML Director Server Appliance SA8250 User Guide Problem Possible Cause Solution GUI Administrative interface initialization fails DNS name resolution is The client machine’s host name must be incomplete. DNS-resolvable by the SA8250. If DNS is not used, use the config sys hosts add command at the CLI to add the client’s hostname to the SA8250’s local host file. The SA8250 also needs to be added to the client machine’s local hosts file.
PAGE 343
APPENDIX E Troubleshooting Problem Possible Cause Solution An attempt to connect to the CLI Administrative interface results in the message “CLI not ready.” Domain configuration is incorrect or incomplete. Verify that the domain is correct. If it is incorrect, use the dns command at the Boot Monitor prompt to re-enter the correct information. Reboot the SA8250 and restart for changes to take effect. DNS resolution is set on the SA8250 but is not being used at the site.
PAGE 344
APPENDIX E HP e-Commerce/XML Director Server Appliance SA8250 User Guide Problem Possible Cause Solution Client connects directly to the fulfillment server, bypassing the SA8250 Timing issue with routers Define a static route for the SA8250 on the router. Unexpected routing behavior Turn off “Keepalive” on the fulfillment “Keepalive” option is servers when using the sticky option. enabled on the fulfillment servers when configured with the sticky option on the SA8250.
PAGE 345
APPENDIX E Troubleshooting Problem Possible Cause Solution Client getting timeout or “service not found” errors Proxy servers inhibit use of sticky src-ip option. Some ISPs use proxy servers to load balance client sessions. When the sticky src-ip option is enabled and the client’s session is switched to another proxy server, the source IP address is changed. This may cause the SA8250 to route the request to a different server.
PAGE 346
APPENDIX E HP e-Commerce/XML Director Server Appliance SA8250 User Guide Notes 334
PAGE 347
Cleaning the Dust Filter Background The HP e-Commerce/XML Director Server Appliance SA8250 has a dust filter element mounted behind the front grille and in front of the dual intake fans. This filter is washable and must be cleaned every six months at a minimum. If you use your SA8250 in an abnormally dusty environment, clean the filter more often. You need not interrupt the SA8250’s operation to perform the following cleaning procedure.
PAGE 348
APPENDIX F HP e-Commerce/XML Director Server Appliance SA8250 User Guide Cleaning Procedure To clean the dust filter, follow these steps: 1. Remove the two Phillips screws that secure the metal grille on the left side of the SA8250’s front panel. Remove the grille to expose the foam filter element. 2. Remove the foam filter element from its recess. 3. Replace the grille and its screws while the filter element is being cleaned. 4. Wash the filter in warm water and set aside to dry. 5.
PAGE 349
Regulatory Information Taiwan Class A EMI Statement VCCI Class A (Japan)
PAGE 350
R E G U L A T O R Y HP e-Commerce/XML Director Server Appliance SA8250 User Guide VCCI Statement Class A ITE This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions. WARNING: This is a Class A product.
PAGE 351
FCC Part 15 Compliance Statement REGULATORY FCC Part 15 Compliance Statement This product has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
PAGE 352
R E G U L A T O R Y HP e-Commerce/XML Director Server Appliance SA8250 User Guide Canada Compliance Statement (Industry Canada) Cet appareil numérique respecte les limites bruits radioélectriques applicables aux appareils numériques de Classe A prescrites dans la norme sur le matériel brouilleur: "Appareils Numériques," NMB-003 édictée par le Ministre Canadien des Communications.
PAGE 353
WARNING REGULATORY WARNING The system is designed to operate in a typical office environment. Choose a site that is: • Clean and free of airborne particles (other than normal room dust). • Well-ventilated and away from sources of heat including direct sunlight. • Away from sources of vibration or physical shock. • Isolated from strong electromagnetic fields produced by electrical devices.
PAGE 354
R E G U L A T O R Y HP e-Commerce/XML Director Server Appliance SA8250 User Guide AVERTISSEMENT Le système a été conçu pour fonctionner dans un cadre de travail normal. L’emplacement choisi doit être: • Propre et dépourvu de poussière en suspension (sauf la poussière normale). • Bien aéré et loin des sources de chaleur, y compris du soleil direct. • A l’abri des chocs et des sources de ibrations. • Isolé de forts champs magnétiques géenérés par des appareils électriques.
PAGE 355
WARNUNG REGULATORY WARNUNG Das System wurde für den Betrieb in einer normalen Büroumgebung entwickelt. Der entwickelt.
PAGE 356
R E G U L A T O R Y HP e-Commerce/XML Director Server Appliance SA8250 User Guide AVVERTENZA Il sistema è progettato per funzionare in un ambiente di lavoro tipico. Scegliere una postazione che sia: • Pulita e libera da particelle in sospensione (a parte la normale polvere presente nell’ambiente). • Ben ventilata e lontana da fonti di calore, compresa la luce solare diretta. • Al riparo da urti e lontana da fonti divibrazione. • Isolata dai forti campi magnetici prodotti da dispositivi elettrici.
PAGE 357
ADVERTENCIAS REGULATORY ADVERTENCIAS El sistema está diseñado para funcionar en un entorno de trabajo normal. Escoja un lugar: • Limpio y libre de partículas en suspensión (salvo el polvo normal). • Bien ventilado y alejado de fuentes de calor, incluida la luz solar directa. • Alejado de fuentes de vibración. • Aislado de campos electromagnéticos fuertes producidos por dispositivos eléctricos.
PAGE 358
R E G U L A T O R Y HP e-Commerce/XML Director Server Appliance SA8250 User Guide Wichtige Sicherheitshinweise 1. Bitte lesen Sie sich diese Hinweise sorgfältig durch. 2. Heben Sie diese Anleitung für den spätern Gebrauch auf. 3. Vor jedem Reinigen ist das Gerät vom Stromnetz zu trennen. Vervenden Sie keine Flüssig- oder Aerosolreiniger. Am besten dient ein angefeuchtetes Tuch zur Reinigung. 4.
PAGE 359
REGULATORY Wichtige Sicherheitshinweise 15. Wenn folgende Situationen auftreten ist das Gerät vom Stromnetz zu trennen und von einerqualifizierten Servicestelle zu überprüfen: a. Netzkabel oder Netzstecker sint beschädigt. b. Flüssigkeit ist in das Gerät eingedrungen. c. Das Gerät war Feuchtigkeit ausgesetzt. d. Wenn das Gerät nicht der Bedienungsanleitung ensprechend funktioniert oder Sie mit Hilfe dieser Anleitung keine Verbesserung erzielen. e.
PAGE 360
R E G U L A T O R Y HP e-Commerce/XML Director Server Appliance SA8250 User Guide Notes 348
PAGE 361
Software License Agreement ATTENTION: USE OF THE SOFTWARE IS SUBJECT TO THE HP SOFTWARE LICENSE TERMS SET FORTH BELOW. USING THE SOFTWARE INDICATES YOUR ACCEPTANCE OF THESE LICENSE TERMS. IF YOU DO NOT ACCEPT THESE LICENSE TERMS, YOU MAY RETURN THE SOFTWARE FOR A FULL REFUND. IF THE SOFTWARE IS BUNDLED WITH ANOTHER PRODUCT, YOU MAY RETURN THE ENTIRE UNUSED PRODUCT FOR A FULL REFUND. HP SOFTWARE LICENSE TERMS License Grant. HP grants you a license to Use one copy of the Software.
PAGE 362
SOFTWARE HP e-Commerce/XML Director Server Appliance SA8250 User Guide Copies and Adaptations. You may only make copies or adaptations of the Software for archival purposes or when copying or adaptation is an essential step in the authorized Use of the Software on a backup product, provided that copies and adaptations are used in no other manner and provided further that Use on the backup product is discontinued when the original or replacement product becomes operable.
PAGE 363
SOFTWARE Software License Agreement Mozilla* and expat* License Information 1. expat (http://www.jclark.com/xml/expat.html) is code used in the SA8250. The license governing the expat code is either the Mozilla Public License (MPL) Version 1.1 or the GNU General Public License. 2. The open source code has neither been modified by HP nor have files been added to or deleted from the source code by HP. HP’s code is simply linked to the expat code through its API function call. 3.
PAGE 364
SOFTWARE HP e-Commerce/XML Director Server Appliance SA8250 User Guide 1.7. ’’Larger Work’’ means a work which combines Covered Code or portions thereof with code not governed by the terms of this License. 1.8. ’’License’’ means this document. 1.8.1. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein. 1.9.
PAGE 365
SOFTWARE Software License Agreement For purposes of this definition, "control’’ means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. 2. Source Code License. 2.1. The Initial Developer Grant.
PAGE 366
SOFTWARE HP e-Commerce/XML Director Server Appliance SA8250 User Guide (b)under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: 1) Modifications made by that Contributor (or portions thereof); and 2) the combination of Modifications made by that Contributor with its Contributor Versi
PAGE 367
SOFTWARE Software License Agreement 3.2. Availability of Source Code.
PAGE 368
SOFTWARE HP e-Commerce/XML Director Server Appliance SA8250 User Guide to implement that API, Contributor must also include this information in the LEGAL file. (c) Representations. Contributor represents that, except as disclosed pursuant to Section 3.4(a) above, Contributor believes that Contributor’s Modifications are Contributor’s original creation(s) and/or Contributor has sufficient rights to grant the rights conveyed by this License. 3.5. Required Notices.
PAGE 369
SOFTWARE Software License Agreement 3.6. Distribution of Executable Versions. You may distribute Covered Code in Executable form only if the requirements of Section 3.1-3.5 have been met for that Covered Code, and if You include a notice stating that the Source Code version of the Covered Code is available under the terms of this License, including a description of how and where You have fulfilled the obligations of Section 3.2.
PAGE 370
SOFTWARE HP e-Commerce/XML Director Server Appliance SA8250 User Guide 5. Application of this License This License applies to code to which the Initial Developer has attached the notice in Exhibit A and to related Covered Code. 6. Versions of the License. 6.1. New Versions. Netscape Communications Corporation (’’Netscape’’) may publish revised and/or new versions of the License from time to time. Each version will be given a distinguishing version number. 6.2. Effect of New Versions.
PAGE 371
SOFTWARE Software License Agreement 7. DISCLAIMER OF WARRANTY. COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS’’ BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU.
PAGE 372
SOFTWARE HP e-Commerce/XML Director Server Appliance SA8250 User Guide arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Participant to You under Sections 2.1 and/or 2.2 automatically terminate at the expiration of the 60 day notice period specified above.
PAGE 373
SOFTWARE Software License Agreement 9. LIMITATION OF LIABILITY.
PAGE 374
SOFTWARE HP e-Commerce/XML Director Server Appliance SA8250 User Guide 11. MISCELLANEOUS. This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by California law provisions (except to the extent applicable law, if any, provides otherwise), excluding its conflict-of-law provisions.
PAGE 375
SOFTWARE Software License Agreement Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. The Original Code is _________________________________. The Initial Developer of the Original Code is _______________. Portions created by _____________________ are Copyright © ______ _______________________. All Rights Reserved.
PAGE 376
SOFTWARE HP e-Commerce/XML Director Server Appliance SA8250 User Guide Notes 364
PAGE 377
Glossary This section defines terms and acronyms used throughout the HP eCommerce/XML Director Server Appliance SA8250 User Guide.
PAGE 378
GLOSSARY HP e-Commerce/XML Director Server Appliance SA8250 User Guide Default Server DHCP Dynamic Host Configuration Protocol. This protocol allows servers to dynamically assign IP addresses to nodes (workstations) on the fly. DN Distinguished Name. Used when creating a signing request. DNS Domain Name Server. A mechanism used in the Internet for translating the names of host machines into addresses.
PAGE 379
GLOSSARY HP e-Commerce/XML Director Server Appliance SA8250 User Guide Key A public key and private key pair used to encrypt/decrypt messages Key Strength Length, in bits, of keys used in data encryption or authentication. For example: 56, 128, 512 Keypair Matching public and private keys Layer 4 See HOT Layer 7 See RICH LDAP Load Balancing Lightweight Directory Access Protocol. Used to access common directory information.
PAGE 380
GLOSSARY HP e-Commerce/XML Director Server Appliance SA8250 User Guide the client by a path other than the one established for the original connection. This method typically results in faster delivery of the requested content to the client. OSPF Open Shortest Path First. A link-state routing algorithm used to calculate routes based on the number of routers, transmission speed, delays, and route cost.
PAGE 381
GLOSSARY HP e-Commerce/XML Director Server Appliance SA8250 User Guide S/MIME SNMP Secured MIME. See MIME. Simple Network Management Protocol. A method by which network management applications can query a management agent using a supported MIB. See also MIB. SSH Secure shell SSL Secure Socket Layer. Protocol developed by Netscape* for encrypted transmission over TCP/IP networks, setting up a secure end-to-end link.
PAGE 382
GLOSSARY HP e-Commerce/XML Director Server Appliance SA8250 User Guide Notes 370
PAGE 383
Support Services Support for your SA8250 U.S.
PAGE 384
SUPPORT Europe HP e-Commerce/XML Director Server Appliance SA8250 User Guide For hardware service and telephone support, contact: • An HP-authorized reseller or • One of the following HP Customer Support Centers: Country and Number Austria – 0660 6386 Belgium (Dutch) – 02 626 8806 Belgium (French) – 02 626 8807 Czech Republic – 420 2 613 07 310 Denmark – 3929 4099 English (non-UK) – +44 20 7512 5202 Finland – 02 03 47 288 France – 01 43 62 3434 Germany – 0180 525 8143 Greece – +30 (0) 16196411 Hungary
PAGE 385
SUPPORT Asia Support for your SA8250 For hardware service and telephone support, contact an HPauthorized reseller or one of these support centers: Country and Number Australia – 03-8877-8000 Hong Kong – 800-96-2598 India – 91-11-6826035 Indonesia – 0800-21511 Japan – 0120-220-119 Korea – +82-2-32700911 Malaysia – 60 3 2931811 or 1-800-881811 New Zealand – Upper North Island – 09-356-6640 Lower North Island – 04-499-2026 South Island – 03-365-9805 People’s Republic of China – 86-8008105959 Philippines – 6
PAGE 386
SUPPORT HP e-Commerce/XML Director Server Appliance SA8250 User Guide Latin America For hardware service and telephone support, contact an HPauthorized reseller or one of these support centers: Country and Number Argentina – (541) 4778-8380 Brazil – Sao Paulo – (11) 3747-7799 All Others – 0800-15-77-51 Chile – 800-360-9999 Columbia – 9-800-91-9477 Guatemala – 1-800-999-5305 Mexico – Ciudad de Mexico – 5258-9922 All Others – 800-472-6684 Peru – 0-800-10111 Puerto Rico – 1-877-232-0589 Venezuela – Caracas
PAGE 387
Index Numerics B 606 error detection 98 balance strategy 94 response time 94 round robin 94 boot monitor 61 boot monitor commands autoboot 63 boot 63 delete 67 dhcp 67 dns 68 dual 68 factory_reset 69 failover 70 gateway 70 help 70 host 71 info 71 interface 71 ip 71 load 72 netmask 72 A admin commands 156, 172 config admin info 156 config admin port 156 administration screen CLI tab 119 GUI tab 117 logging tab 124 multi-site tab 123 routing tab 112 security screen 115 settings tab 102 SNMP tab 121 softwa
PAGE 388
INDEX HP e-Commerce/XML Director Server Appliance SA8250 User Guide rich_bias 72 save 73 settime 73 setup 76 static_routes 77 version 77 boot monitor interface accessing 62 interrupting 62 system requirements 62 C Certificate Revocation List, see CRL certificates & keys 283 copy and pasting 284 generating a client CA 291 generating a CRL 292 global site certificates 289 importing 287 obtaining from Verisign 285 revoking a certificate 293 cipher suite not supported by client 38 ciphers 293 cleaning dust f
PAGE 389
INDEX HP e-Commerce/XML Director Server Appliance SA8250 User Guide Tab key 156 top 156 toplevel 156 trace 156 traceroute 156 who 156 client does not support cipher suite 38 command line interface (see CLI commands) configuration file copying 129 deleting 128 restoring 128 retrieving and sending 133 saving 127 viewing 130 configuration, replicating 57 connecting to the 7180 242, 245, 249 creating XML patterns 195, 196 CRL command description 214 D default server 29, 100 deleting XML patterns 197 diagnost
PAGE 390
INDEX HP e-Commerce/XML Director Server Appliance SA8250 User Guide G general operating principles error detection 51 load balancing 41 prioritization and policy groups 47 replicating the configuration 57 RICH services 31 routing 46 serial cable failover 53 status information 57 sticky options 33 global system commands 156, 164 ! 156 !! 156 ? 156 arp 156 back 156 box 156 ether 156 exit 156 force-rwa 156 halt 156 help 156 history 156 info 156 list 156 logout 156 netstat 156 nslookup 156 ping 156 quit 156 r
PAGE 391
INDEX HP e-Commerce/XML Director Server Appliance SA8250 User Guide service adding servers to 240 HTTPS Redirect 38 I installation verifying software 278 interface statistics 138 IP source address filtering 116 IRV commands 157, 179 K keys & certificates 283 copy and pasting 284 creating new 288 importing 286 L Layer 4 HOT services 31 service 266 VIP 30 Layer 7 17-broker-mib.
PAGE 392
INDEX HP e-Commerce/XML Director Server Appliance SA8250 User Guide O OPR 32, 244 adding servers 246 Apache Web Server 323 configuring for Windows 2000 301 configuring for Windows NT 315 setting loopback 301, 315 OSPF 114 Out-of-Path Return (see OPR) RICH_HTTP 91 adding service 249 RIP 113 routing 46, 244 active protocol 113 content 247 routing commands 158, 182 config route 158 S P packet and error counts 138 packets dup-syn interval 51 ping 137, 265 pipes 154 policy group commands 158, 186 config poli
PAGE 393
INDEX HP e-Commerce/XML Director Server Appliance SA8250 User Guide server commands 159 config policygroup 158 service commands 158 config policygroup 158 services 30, 91 deleting 96 HOT services 31 HOT TCP 91 RICH services 31, 52 RICH_HTTP 91 VIP 30 show commands 163, 228 show admin info 163 show cli info 163 show gui info 163 show irv info 163 show msd info 163 show policygroup 163 show route info 163 show ssl info 163 show stats info 163 show sys 163 SNMP 116, 261 agent 121 traps 271 SNMP commands 161,
PAGE 394
INDEX HP e-Commerce/XML Director Server Appliance SA8250 User Guide trap summary standard SNMP traps 271 troubleshooting 329 U update system software 275 upgrade failover configuration 279 V VIP 91, 242, 266 adding 240, 246, 249 W Web Service loopback interface 321, 322 well formed errors 29, 95, 199 X XML adding servers 99 boundary parameter 24 charset parameter 24 checking syntax 101 commands and operators 15 content transfer encoding 28 creating patterns 22, 195, 196 creating services 95 data model