Manualshelf

BackBox H4.00 User Manual

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series
191192193194195196197198199200
Appendix A Encryption of BackBox TCP/IP control paths
194 BackBox H4.00 User Manual
(10) In VTC1, the SSL proxy server forwards incoming sessions
from ports 18764-18766 to address 127.0.0.1 ports 8764-8766
In VTC2, the SSL proxy server forwards incoming sessions
from ports 18764-18766 to address 127.0.0.1 ports 8764-8766
(11) In the NonStop, the SSL proxy client forwards incoming sessions
from ports 18764-18766 to address 192.168.3.101 ports 18764-18766
from ports 28764-28766 to address 192.168.3.102 ports 18764-18766
(12) In the BackPak GUI, VTC configuration,
VTC1 is given the TCPIP address 127.0.01
In VTC1 Advanced properties, SSL Proxy ports is enabled,
and ports set to 18764, 18765 and 18766
VTC2 is given the TCPIP address 127.0.01
In VTC2 Advanced properties, SSL Proxy ports is enabled,
and ports set to 28764, 28765 and 28766
Suggestions
If there are several BackPak Domains, even on different NonStop nodes that
could use the same port, it is suggested to use a distinct pair of port (non-
encrypted and encrypted) for each domain, 4561 and 14561 for the first domain,
4562 and 14562 for the second etc….
In the BackPak VTC configurations:
If there are several VTCs, use a distinct set of ports for each distinct VTC. Also
use always the same port numbers to reach the same VTC from different
NonStops, even across multiple BackPak Domains. For example:
18764, 18765 & 148766 will reach the 1
st
VTC
28764, 28765 & 248766 will reach the 2nd VTC .
If the VTC configurations:
Always use ports 18764, 18765 & 148766 for receiving the encrypted network
traffic.
The three suggestions above should create identical configurations for the whole
SSL proxy (client and server) in all VTCs.
Identical SSL configurations on Windows can be copied from VTC to VTC. Refer
to HP SSL manual to see how to extract and import the section of Windows
registry containing the HP SSL configuration.
Sample SSL configuration in NonStop 192.168.3.1
SSL proxy client:
RUN SWAP /NAME $SSLC/ PROXYC; CONFIG $DATA15.SSL.CFGCLI
SSL proxy server: