Manualshelf

BackBox H4.00 User Manual

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series
191192193194195196197198199200
Appendix A Encryption of BackBox TCP/IP control paths
192 BackBox H4.00 User Manual
Appendixes
Appendix A Encryption of BackBox TCP/IP
control paths
SSL can be implemented on the BackBox TCP/IP control paths by use of HP NonStop
SSL that provides an SSL tunnel through proxy processes on NonStop and Windows
servers. The support of this software should be assessed from HP and/or ComForte
in the context of its usage for BackBox.
On older NonStop releases, this SSL software is available as the SecureCS product
from ComForte company.
For simplicity, the BackPak documentation assumes SSL will be installed in a second
step, after an initial BackPak installation has been tested without SSL and with the
regular TCPIP ports in the Configuration chapter, Network Configuration
This reduces the number of details to handle in each of the very first steps of the
installation.
The draw-back to this 2-step implementation is in the firewall setup: the TCPIP port
numbers will be different with SSL. A possible way to avoid two network
configuration projects is to open both sets of TCPIP ports in the first project: open
traffic for both non-encrypted and encrypted ports. After completion of SSL
activation and testing the non-encrypted ports can be closed in the firewall.
The suggestions presented in the Sample SSL setup for BackBox below should be
read to anticipate the port numbers for the encrypted traffic.
***
The remainder of this section shows the configuration related to the encryption of
BackPak IP traffic by SSL tunneling, for a sample BackPak Domain that includes two
NonStop nodes and two VTCs.
The tunneling setup model for BackPak is described as “Secure Proxy for Generic
TCP/IP Client/Server Protocols” in the HP SSL Reference manual.
Proxy server installation
SecureCS is probably already installed on NonStop. The Windows part RemoteProxy
must be installed in VTCs and the workstation, as a Windows service.
Note: To access the GUI that configures the RemoteProxy instance running as a
Windows service, the GUI must be fetched by clicking the RemoteProxy icon in the
Windows task bar, not by the Windows menus. If the icon is not visible in task-bar,
reboot the server.