iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

101

102

103

104

105

106

107

108

109

110

Integrating the WebSafe2 Internet Security

Processor (WISP)

iTP Secure WebServer System Administrator’s Guide—522659-001

5-4

Fault-Tolerance Requirements

A web client sends the iTP Secure WebServer a master key during the handshake phase

of communication, encrypting this key with the server’s public key received with the

server’s certificate. This key is used by both parties to generate the session keys that

they will use. The server passes the encrypted master key on to the WISP for decryption.

The WISP decrypts the master key, but protects it with a Key Exchange Key (KEK)

before returning it to the iTP Secure WebServer. A KEK is a key designed to encrypt

other keys. The server uses the master key to generate its SERVER-READ and

SERVER-WRITE session keys.

Fault-Tolerance Requirements

There is no automatic backup to software encryption in the event of WISP failures.

Therefore, you must install and configure enough hardware to survive a single point of

failure. The minimum recommended configuration, in addition to the local area network

(LAN) that the iTP Secure WebServer runs on, includes the following:

•

Two WISPs

•

Two LAN segments

•

Two 3615 Ethernet LAN controllers

•

Two Ethernet 4 ServerNet Adapters (E4SAs) or

•

Two Token-Ring ServerNet Adapters (TRSAs)

Figure 5-2. Setting Up Secure Communication Using a WebSafe2 Internet Security

Processor (WISP)

WebSafe2

Internet

Security

Processor

(WISP)

iTP Secure

WebServer

NonStop Kernel

{decrypted master key}

KEK

{master key}

Public Key

Web

Client

SSL Handshake

Protocol

{text} text WID=WebSafe2 Interface Driver

encrypted message

encryption key

CDT014.CDD

WID

Distributor

Process