Manualshelf

HP e-Commerce / XML director server appliance sa8250 - Users Guide

ManualsBrandsHP ManualsServerHP e-Commerce/XML Director sa8250
41424344454647484950
C H A P T E R 2 SSL Acceleration
35
Server-timeout
A server timeout, which causes a change in servers, can appear as a
cookie sticky state change. The recommended value for server
timeout is at least 1.5 times the maximum server response time.
We recommend that you use 120 seconds as the default.
Grouping Services
NOTE: RICH is required
for sticky service
grouping.
The SA8250s sticky capabilities can ensure that all service requests
from the same user are routed to the same server. Enabling sticky
cookie on multiple services ensures that requests from the same client
will be routed to the same fulfillment server for the duration of the
sticky relationship. Of course the server must be able to fulfill all
service requests to have a true one-to-one client-server relationship.
SSL
Acceleration
The SA8250 is a powerful addition to any web site desiring high
security levels. It was specifically created to manage secure traffic
going to and from critical applications. It handles SSL traffic into and
out of the customers environment, as well as providing load
balancing, fault management, and error recovery.
The SA8250 includes cryptographic software features and hardware-
based acceleration. It provides up to 1200 SSL (HTTPS) connections
per second, far exceeding the performance of even the most powerful
web servers on the market today.
The SA8250 allows users to off load SSL processing from their back
end servers, and at the same time achieve full-featured traffic
management. In a SA8250 environment, all encrypted traffic
required by e-Commerce applicationsis handled at the SA8250.
The interaction between the SA8250 and the servers is done in the
clear, allowing load balancing and session management.
SSL processing is enabled by assigning an RSA private key (a public
encryption key algorithm invented in 1977) and an X.509 certificate
to a Layer 7 service. The SA8250 Command Line Interface (CLI)
creates or imports keys and certificates when you define a service.
Once the key and certificate are in place, secure HTTP (HTTPS)
requests are decrypted and passed on to the web server. The SA8250's
dual NIC and packet filtering capabilities can be used to isolate the
web servers from the Internet, further preventing unauthorized
access.