iTP Secure WebServer System Administrator's Guide (Version 7.0)

ManualsBrandsHP ManualsServerHP NonStop G-Series

121

122

123

124

125

126

127

128

129

130

Integrating the WebSafe2 Internet Security

Processor (WISP)

iTP Secure WebServer System Administrator’s Guide—523346-012

5-3

The Secure Configuration Terminal (SCT)

secure location for these tasks to be performed, preventing unwanted access to keying

material. The contents of WISPs are protected by the MFK, which is a key loaded into

it at initialization time. The WISP can only be initialized and managed using a device

called a Secure Configuration Terminal (SCT); it cannot be controlled or its contents

accessed using a network connection.

WISPs are equipped with sensors designed to detect tampering, extreme variations in

temperature, and dangerous fluctuations in voltage.

The iTP Secure WebServer’s SSL 3.0 protocol using WebSafe2 encryption allows you

to send and receive certificate chains to and from the iTP Secure WebServer. For

information about sending and receiving certificate chains, see How to Use Server

Certificate Chains With WebSafe2 Encryption on page 5-17.

The Secure Configuration Terminal (SCT)

The SCT is a handheld device whose menu-driven interface is used to define key

values, send keys to the WISP, and perform configuration and utilities functions for the

WISP. When a power supply and an adapter are attached to the SCT, the SCT can

define keys and passwords without being connected to the WISP, store them, and then

send them to the WISP when connected to it.

The WebSafe2 Interface Driver (WID)

To use a WISP, you must install the WID software, which provides an interface

between the WISP and the iTP Secure WebServer. The WID is a NonStop TS/MP

server class that you can run in the iTP Secure WebServer PATHMON environment or

in any other PATHMON environment on the same NonStop system.

A WID process uses only one WISP.To use multiple WISPs concurrently, you can

define multiple processes in the WID server class. Here are a few guidelines for

defining the right number of servers in the WID server class:

•

Define a number of static servers (Numstatic) equal to the average number of

concurrent SSL sessions. The values of the Maxlinks and Linkdepth attributes of

the server class must be 1.

•

Define a maximum number of servers (Maxservers) no greater than the maximum

number of connections for all WISPs (currently 14 on each WISP).

•

Define a number of httpd (WebServer) processes at least equal to the number of

processes in the WID server class.

If there are multiple WISPs in the configuration and only one WID server, the WID uses

in the order that they are referred to in the configuration. If a WISP in use fails, the WID

can use the next one in the configuration.

Note. WID is compatible only with systems running on G-series RVUs.