hp e-commerce/ xml server accelerator sa7150 user guide
© Copyright 2001 Hewlett-Packard Company. All rights reserved. Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304-1185 Publication Number 5971-3006 March 2001 Disclaimer The information contained in this document is subject to change without notice. HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Table of Contents Chapter 1: Introduction Introduction to the SA7150. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS HP e-Commerce/XML Server Accelerator SA7150 User Guide Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Using HyperTerminal* . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Fail-through Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Accessing the Command Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Exporting a Key/Certificate from a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Apache Interface to Open SSL* (mod_ssl). . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Apache SSL*. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Stronghold* . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Importing into the SA7150 . . . . . . . . . . . . . . . . .
CONTENTS HP e-Commerce/XML Server Accelerator SA7150 User Guide Scenario 4—Cascaded SA7150s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Initial Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Procedure for Scenario 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Scenario 5—Different Ingress and Egress Routers . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Telnet and Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Local Serial Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Remote Console, Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Changing the Telnet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Disabling Telnet . . . . . . . . .
CONTENTS HP e-Commerce/XML Server Accelerator SA7150 User Guide UTL Alarm CLI commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 OVL: Overload Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Appendix D: Regulatory Information Taiwan Class A EMI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 VCCI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 FCC Part 15 Compliance Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Canada Compliance Statement (Industry Canada) . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes x
Introduction Introduction to the SA7150 The HP e-Commerce/XML Server Accelerator SA7150 provides the flexibility to analyze Extensible Markup Language (XML) traffic according to content and distribute it according to user-defined parameters. The SA7150 is positioned in the network in front of business-to-business (B2B) XML servers, where it detects and parses XML messages or transaction data. It sends client data to the most appropriate server, based on rules pre-configured for each server.
CHAPTER 1 HP e-Commerce/XML Server Accelerator SA7150 User Guide Assumptions It is assumed that you are a network administrator and that you have at least a basic understanding of the following: • XML usage and syntax • Networking concepts and terminology • Network topologies • Networks and IP routing Benefits The SA7150 offloads Secure Socket Layer (SSL) processing for your e-Commerce site, web site, or Intranet. The SA7150 is the best XML processing solution available.
CHAPTER 1 Specifications Feature Benefits Offloads XML distribution decisions from e-Business servers Helps maximize server investment Easy, drop-in installation between router and server No additional hardware or software needed SA7150 Features Specifications Specification Description Servers supported Most Web servers (Apache*, Microsoft*, Netscape*, etc.) Most operating systems (UNIX*, Solaris*, Windows NT*, BSD*/ BSDI*, AIX*, etc.
CHAPTER 1 HP e-Commerce/XML Server Accelerator SA7150 User Guide Specification Description Dimensions Mounting: Standard 19-inch rack mount Height: 1.75 inches (4.45 cm) Width: 16.73 inches (46.99 cm) Depth: 18.5 inches (4.45 cm) Weight 8 pounds (3.64 kg) Interface connections 10/100 Ethernet TTY Serial - console Patent pending XML routing XML patterns: Defined by URI and XML expressions, in the form: URI Expression: */order.
CHAPTER 1 Typographic Conventions Typographic Conventions The following typographic conventions are used throughout this User Guide: NOTE: This is an example of a note. NOTES clarify a point, emphasize vital information, or describe options, alternatives, or shortcuts. Except for those within tables, notes are always found in the left margin. CAUTION: This is an example of a caution. CAUTIONS are designed to prevent mistakes that could result in injury or equipment damage.
CHAPTER 1 HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes 6
Installation and Initial Configuration Parts Checklist Ensure that the items listed below are included in the shipping box: • HP e-Commerce/XML Server Accelerator SA7150 • HP e-Commerce/XML Server Accelerator SA7150 Quick Start Guide • HP e-Commerce/XML Server Accelerator SA7150 User Guide (this document) • HP e-Commerce/XML Server Accelerator SA7150 Release Notes • AC power cord • Serial cable • Rack mounting brackets with Phillips mounting screws
CHAPTER 2 HP e-Commerce/XML Server Accelerator SA7150 User Guide Additional Requirements Before you begin installation, acquire or prepare the following: NOTE: Network cables are not provided with the SA7150. • IP address for SA7150 (Only if you intend to use the SA7150’s Remote Management capabilities. Please see Chapter 6 for details.) • IP addresses and port numbers of servers. • Keys/certificates. (Only if you anticipate supporting secure transactions.
CHAPTER 2 Physical Installation Physical Installation WARNING: Do not remove the device’s cover. There are no userserviceable parts inside. Rack Installation The SA7150 is physically installed in either of two ways: • In a standard 19” rack, cantilevered from the provided mounting brackets • Free-standing on a flat surface with sufficient space for air-flow (1” on all sides) Rack mounting requires the use of the mounting brackets, and all four of the included Phillips screws.
CHAPTER 2 HP e-Commerce/XML Server Accelerator SA7150 User Guide Free-Standing Installation 1. Attach the provided self-adhesive rubber feet to the SA7150’s bottom. 2. Place the SA7150 on a flat surface and make sure that there is adequate airflow surrounding the unit (allow at least one inch of air space on all sides). Network Connections 1.
CHAPTER 2 Physical Installation 4. At this point both the Network and Server LEDs should be steadily illuminated. If not, please see Chapter 9, “Troubleshooting.” XML Server 1 XML Server 2 hub/switch hub/switch HP e-Commerce/XML Server Accelerator SA7150 Default Server Wiring Connections Console Connection Run HyperTerminal* or a similar terminal emulator on your PC. The steps below assume HyperTerminal* is used. Other terminals will require different procedures. 1.
CHAPTER 2 HP e-Commerce/XML Server Accelerator SA7150 User Guide 4. Click the OK button. The COM1 Properties panel appears. Set the values displayed here to 9600, 8, none, 1, and none. 5. Click the OK button. Using HyperTerminal* If you’re using HyperTerminal* you must make the following configuration change: 1. In the File menu, click Properties. 2. Click the Settings tab. 3. Click the ASCII Setup button. 4. Change the values of Line and Character delay from 0 to at least 1 millisecond. 5.
CHAPTER 2 Physical Installation Accessing the Command Prompt After the SA7150 boots up, the password prompt appears. 1. Type admin at the password prompt and press Enter to access the prompt: Password: admin (password is not echoed at prompt) Current date: 2000 11/01 05:01 HP SA7150> NOTE: The password is not echoed on the command line. You are now ready for operations at the Command Line Interface (CLI) of the SA7150. The following is a typical way to begin: 2.
CHAPTER 2 HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes 14
Theory of Operation This chapter discusses the general operating principles for the HP eCommerce/XML Server Accelerator SA7150. For details about the SA7150 command set, please see Chapter 5. For information about completing typical, specific tasks, please see Chapter 4. XML Operations The HP e-Commerce/XML Server Accelerator SA7150 provides a powerful means of using XML technology to facilitate Business-toBusiness transactions.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide bother to examine the document for XML content, but simply passes the document to the “mapped” server (i.e., the one with the IP address and network port of the incoming message). XML expressions are the “fine” filters—those to be applied to the content and context of the XML data embedded in the HTTP POST request.
CHAPTER 3 XML Operations • Which XML elements, attributes, or text and HTTP fulfillment locations contained or identified in the anticipated XML traffic should be used for XML pattern matching? • Which servers will be assigned the XML patterns that you create? • Do you intend to use the SA7150’s SSL capabilities? General Considerations Some general facts to keep in mind concerning XML operations with the current version of the SA7150 are listed below. These facts do not apply to SSL operations.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Server mappings are created using the create map command. Typically, a map specifies a Key ID for SSL encryption and decryption, as in the example following. HP SA7150> create map Server IP [0.0.0.0]: x.x.x.x Network port [443]: Cleartext (server) port [80]: KeyID to use for mapping: default HP SA7150> If your operations involve processing only unencrypted XML traffic, you should use a “clear text map,” i.e., a map with no Key ID.
CHAPTER 3 XML Operations Where: • employee, name, address, street, city, state, and zip are the elements of the XML document. • lastName, firstName, and initial are the attributes of the element, name. • 13280 Evening Creek Dr, San Diego, California, and 92128 are the text components of the elements, street, city, state, and zip , respectively. • “Smith,” and “John,” and “K” are the text components of the lastName, firstName, and initial attributes of the name element.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Negation Operator The “*” and “!” operators are allowed in URI expressions, but they can exist only at the beginning or end of an expression. Also, a positive expression must appear after a not (!) expression, otherwise the (!) expression has no effect. The order of URI expressions is significant only when the “not” (!) operator is used. Expression Yields !*.
CHAPTER 3 XML Operations An XML expression’s first element must be preceded by a step operator. Step Operator Name Description / Child operator Selects all immediate children of the context node // Descendant operator Selects elements at any level under the context node XML Step Operators The node to the left of the last step operator in an XML expression is the “context node,” i.e.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Comparison operators allow the SA7150 to look for specific values in the XML data tree and compare them with corresponding values in your preconfigured XML patterns. An XML pattern might look like this: URI Expression: */hr.asp XML Expression: //address[zip > 90000] Because the server to which the XML pattern belongs is configured for zip codes greater than 90000 (as defined in the XML expression component of the XML pattern), and John K.
CHAPTER 3 XML Operations Filters Filters are identified by a FilterExpression enclosed within square brackets, [ ]. These define a pattern within a pattern following this general structure: ( (’/’ | ’//’) Element )? [ FilterExpression ] Filter expressions are applied to every element returned by the preceding path pattern. They return a match if the server is a valid choice according to the filter expression.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Boolean Operators Boolean operators are logical operators between expressions. These operators are used in the PathExpression and the FilterExpression, as shown below.
CHAPTER 3 XML Operations required arguments. Wrong numbers of arguments or arguments not of the required type result in errors. The result of the FunctionCall expression is the result returned by the function. Function Description starts-with(value, substring) The starts-with function tests whether the string value of value starts the specified substring. value can be either an element, attribute, or function call that returns a string value.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Values Values are used to specify the right operand of a comparison expression, and can be either literals (e.g., a string) or numeric values. Literals must be enclosed in either single or double quotes. If the literal string contains single quotes, double quotes should be used to enclose the string. Conversely, if the literal string contains double quotes, it should be enclosed in single quotes.
CHAPTER 3 XML Operations XML Pattern Creation XML patterns are created with the create pattern command. Because each pattern is assigned to a specific server, the command’s syntax requires that a server be specified. HP SA7150> create pattern After entering the command and a server name, the SA7150 prompts you for a URI expression.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide HP SA7150> show pattern Server: std Pattern ID ========== 1 Pattern ========= * & //std Server: gold Pattern ID ========== 1 Pattern ========= * & //gold 2 * & //order [amount>1000] Server: silver Pattern ID ========== 1 Pattern ========= * & //silver You can display the list for a single server by using the show pattern command with the name of the server whose pattern list you wish to view included as an argument.
CHAPTER 3 XML Operations Default Keyword The keyword default can be used as an XML pattern’s XML expression component to catch cases not covered by active XML patterns with specific XML expressions. To illustrate, imagine you have a number of active XML patterns assigned to different servers, each with the same URI expression (orders.asp) but with different XML expressions. orders.asp & //company[name=”GM”] orders.asp & //company[name=”Ford”] orders.asp & //company[name=”Chrysler”] orders.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide The table below illustrates ways in which XML messages are handled depending on which component of XML patterns match and whether a default XML server is configured.
CHAPTER 3 Network Configurations Network Configurations Single Server The HP e-Commerce/XML Server Accelerator SA7150 is typically used with multiple servers although it can support multiple applications running on separate ports of a single server. In single server configurations the SA7150 is connected to the network between the router and the server. Ideally, the SA7150 is installed in the network in such a way as to minimize network latency.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Multiple SA7150s and Cascading Scalability and Cascading The SA7150’s capabilities are scalable by chaining, or “cascading,” multiple SA7150s together. In such configurations, each unit’s server side connector is wired to the network side connector of the next SA7150 in line. The last SA7150 in line is connected to the server or switch.
CHAPTER 3 SSL Operations SSL Operations Keys and Certificates CAUTION: The SA7150 comes with default keys and certificates for test purposes. Certificates for production use should be obtained from a recognized certificate authority. In addition to its XML processing capabilities, the SA7150 provides powerful SSL (Secure Socket Layer) decryption and encryption processing. When secure maps are used it becomes necessary to configure keys and certificates.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide To paste an item (key, certificate signing request, etc.) into HyperTerminal*: 1. Display the item in the appropriate application window, then click and drag to select the item. 2. Once the item is selected, click the Edit menu and select Copy (or type ). 3. Move to the HyperTerminal* window, and position the cursor at the appropriate point. 4. Pull down the Edit menu, and select Paste to Host (or type ).
CHAPTER 3 SSL Operations Certifying authorities have specific guidelines on how to answer each of the questions. These guidelines may vary by certifying authority. Please refer to the guidelines of the certifying authority to whom you submit your Certificate Signing Request (CSR). Please keep the following in mind when entering the information that will be incorporated into your certificate request.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide In this example, xmodem is used to send the CSR to a PC connected to the console port. HP SA7150> export sign mywebserver Export protocol: (xmodem, ascii) [ascii]:xmodem Use Ctrl-x to kill transmission Beginning export... Export successful! HP SA7150> To submit the CSR to a certifying authority, paste it into the field provided in the authority’s online request form.
CHAPTER 3 SSL Operations -----BEGIN CERTIFICATE----MIIDKDCCAtKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCB nDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQ4wDAYD VQQHEwVQb3dheTEaMBgGA1UEChMRQ29tbWVyY2Ug . . . -----END CERTIFICATE----- ... Import successful! HP SA7150> 5. Create mapping for Server 1. Use the create map command to specify the server IP address, ports, and keyID. HP SA7150> create map Server IP (0.0.0.0): 10.1.1.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide For certificate: 1. Look in $APACHEROOT/conf/httpd.conf for location of *.crt file (certificate). 2. Copy and paste the certificate file. Apache SSL* For key: 1. Look in $APACHESSLROOT/conf/httpd.conf for location of *.key file. 2. Copy and paste the key file. For certificate: 1. Look in $APACHESSLROOT/conf/httpd.conf for location of *.cert file. 2. Copy and paste the certificate file. Stronghold* For key: 1.
CHAPTER 3 SSL Operations -----BEGIN RSA PRIVATE KEY----MIIBOgIBAAJBALGOlBH14vIdtfuA+UnyRIoKya13ey8m j3GDQakdwoDJALu+jtcC . . . S9dPdwp6zctsZeztn/ewPeNamz3q8QoEhY8CawEA -----END RSA PRIVATE KEY----- ... Import successful! HP SA7150> 2. Use the import cert command with the keyID. As with import key, choose an import protocol for importing the key. Use the default to “paste.” When the paste is finished, add a line break followed by three periods to display the command line.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide 4. Save the configuration when the server has been mapped. HP SA7150> config save Saving configuration to flash... Configuration saved to flash HP SA7150> Creating a new Key/Certificate on the SA7150 Use the create key and create cert commands to create new keys and certificates for SA7150 operation. This procedure can be used when there are no existing keys and certificates on the server.
CHAPTER 3 SSL Operations 3. Create a server mapping. Use the create map command to specify the server IP address, ports, and keyID. HP SA7150> create map Server IP (0.0.0.0): 10.1.1.30 SSL (network) port [443]: Cleartext (server) port [80]: KeyID to use for mapping: mywebserver 4. Save the configuration when the server has been mapped. HP SA7150> config save Saving configuration to flash...
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Root* and VeriSign Class 3*. When a requesting browser receives a global site certificate along with an intermediate CA certificate, the browser’s root certificate is used to validate the intermediate CA certificate, which in turn is used to validate the global site certificate, thus letting the browser know that it can renegotiate the connection to use 128-bit encryption.
CHAPTER 3 Redirection: Clients and Unsupported Ciphers mMMrSPVyzWgNGrN0Y7uxWLaYRSLsEY3HTjOLYlohJGya wEK0Rak6+2fwkb4YH9VIGZNrjcs3S4bmfZv9jHiZ/ 4PC/ NlVBp4xZkZ9G3hg9FXUbFXIaWJwfE22iQYFm8hDjswMK NXRjM1GUOMxlmaSESQeSltLZl5lVR5fN5qu -----END CERTIFICATE----- ... Import successful! HP SA7150> Redirection: Clients and Unsupported Ciphers NOTE: The user must provide the redirect URL and ensure that it is available, as well as define the content of the redirect page.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide To disable a redirect URL for a mapping: HP SA7150> set redirect 2 none HP SA7150> show redirect 2 Redirect URL for map 2 is not set Client Authentication The SA7150 supports only one root CA certificate per mapping. However, multiple intermediate CA certificates per single mapping are supported.
CHAPTER 3 Client Authentication Verify the import by using the list map command again. Note that the Client Auth column now shows client authentication for Map ID 2 enabled. HP SA7150> list map Map ID KeyID Server IP == ===== ========= 1 default Any 2 sample 10.1.2.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide 4. Combine the key.pem and cert.pem keys into one file by typing this command. cat key.pem cert.pem > all.pem 5. Convert to p12 format by typing this command. openssl pkcs12 -export -in all.pem -out .p12 - name “MY NAME” The output file .p12 will be imported into the browser as a personal certificate.
CHAPTER 3 SSL Processing Automapping NOTE: Remember to save the configuration (with the config save command) after making mapping changes. Automapped entries are identified by a server IP address of zero (0.0.0.0). When a server IP address of zero is specified, the SA7150 intercepts packets to any server IP address with the matching network ports. As with any mapping entry, the combination of server IP address and network port must be unique.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Manual mapping The user can create (with the create map command) one or more mapping entries for individual servers. This is the only way to specify unique keyIDs for each server. Normally, when manual mapping is performed, the initial automapping entry is deleted, but this is not a requirement.
CHAPTER 3 SSL Processing Example: HP SA7150> create block Client IP to block [0.0.0.0]: 10.1.2.1 Client IP mask [0.0.0.0]: 255.255.255.255 Server IP to block [0.0.0.0]: 20.1.2.1 Server IP mask [0.0.0.0]: 255.255.255.255 Server Port to block: 80 Server Port mask [0xffff]: Use the show block command to verify. HP SA7150> show block (1) block 10.1.2.1 255.255.255.255 20.1.2.1 255.255.255.255 80 0xffff Subnet, Specific Port To block a subnet and port combination: 1.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Use show block to verify. HP SA7150> show block ----------blocks : ----------(1) block 10.1.2.1 255.255.0.0 20.1.2.1 255.255.0.0 80 0xffff ----------- All IPs, Specific Port To block a specific port on all IP addresses: 1. Type all zeroes as the IP address to be blocked. 2. Type all zeroes as the IP wildcard mask to be blocked. 3. Type the specific port. 4. Press Enter to accept the default port mask.
CHAPTER 3 Failure Conditions, Fail-safe, and Fail-through Delete a Block The example below illustrates how to delete a subnet block. Type the delete block command with the block ID (block ID is 1 in the example). 1. Use the show block command to identify the block to be deleted. HP SA7150> show block ----------blocks : ----------(1) block 10.1.2.1 255.255.255.255 20.1.2.1 255.255.255.255 80 0xffff ----------- 2. Use the delete block command followed by the block ID to delete the block.
CHAPTER 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes 52
Scenarios This section contains scenarios illustrating examples of HP eCommerce/XML Server Accelerator SA7150 configurations: • Scenario 1: Basic XML Operation • Scenario 2: Single Server Configuration • Scenario 3: Multiple Server Configuration (SSL) • Scenario 4: Cascaded SA7150s • Scenario 5: Different Ingress and Egress Routers • Scenario 6: Configuring a Firewall
CHAPTER 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide Scenario 1—Basic XML Operation As discussed in Chapter 3, the SA7150 parses XML content, searches it for user-configured patterns and distributes XML traffic to various servers according to user-established rules embodied in XML patterns reflecting the user’s business needs.
CHAPTER 4 Scenario 1—Basic XML Operation Procedure for Scenario 1 1. Create Server 1: HP SA7150> create server Name: Server1 Server IP: 1.1.1.1 Cleartext (server) port [80]: Server MAC Address:00:a0:c9:fc:84:ab HP SA7150> 2. Create Server 2: HP SA7150> create server Name: Server2 Server IP: 1.1.1.2 Cleartext (server) port [80]: Server MAC Address:00:a0:d9:fc:84:ab HP SA7150> 3. Create Server 3: HP SA7150> create server Name: Server3 Server IP: 1.1.1.
CHAPTER 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide Cleartext map for XML only? [n]: y HP SA7150> Verify creation of maps: Map ID KeyID == ===== 1 N/A 2 001 3 N/A Server IP ========= 1.1.1.1 1.1.1.2 1.1.1.3 Net Port ===== 443 443 443 Ser Port ==== 80 80 80 Cipher ReClient well Suites direct Auth XML form ======== ===== ===== === ==== N/A N/A N/A n N/A all(v2+v3) n n n N/A N/A N/A N/A n N/A 7.
CHAPTER 4 Scenario 1—Basic XML Operation 10. Create XML patterns for Server 3: HP SA7150> create pattern server3 URI Expression: */order.asp XML Expression: //Amount[Value > 5000 and Value < 10000] Enter another pattern? [n]: y URI Expression: */order.asp XML Expression: //Address[zipcode < 9000] Enter another pattern? [n]: y URI Expression: */order.
CHAPTER 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide The table below shows the SA7150’s responses to incoming XML data with URI expression */order.asp. Incoming XML Data SA7150 Response company name is Acme Sends to Server 1 company name is Widgets.com Sends to Server 2 company name is YourCo.
CHAPTER 4 Scenario 2—Single Server Configuration Scenario 2—Single Server Configuration NOTE: This configuration is intended primarily for use with SSL-intensive operations—it is not optimal for XML environments. This scenario describes a typical configuration of a SA7150 with one server, using either automapping or manual configuration/mapping. This scenario describes the fastest way to get up and running with a SA7150.
CHAPTER 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide 3. Create a mapping for the server with the create map command: HP SA7150> create map Server IP [0.0.0.0]: 1.1.1.30 Network port [443]: Cleartext (server) port [80]: KeyID to use for mapping: default HP SA7150> 4. After you have manually created the mapping, you can delete the default mapping. In this case, delete MapID number 1.
CHAPTER 4 Scenario 3—Multiple Server Configuration (SSL) Scenario 3—Multiple Server Configuration (SSL) This scenario shows how to configure two or more servers. Router HP e-Commerce/XML Server Accelerator SA7150 Server 1 10.1.1.30 Hub/switch Server 2 10.1.1.31 Single SA7150, Multiple Server Installation Procedure for Scenario 3 1. Perform the installation as described in Chapter 2. Access the SA7150 command prompt. 2.
CHAPTER 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide 5. Use the list map command to view the mapping. (Multiple keys and certificates can also be imported and each mapped to individual servers. If you do this, at least one field in the certificate information—usually the common name—must be unique.) HP SA7150> list map Map ID KeyID Server IP == ===== ========= 1 default Any 2 default 1.1.1.30 3 default 1.1.1.
CHAPTER 4 Scenario 4—Cascaded SA7150s Scenario 4—Cascaded SA7150s This scenario shows how to cascade SA7150s for additional performance and availability. The same procedures apply that were performed in Scenario 3. In addition, the complete configuration of the first SA7150 is exported to the second SA7150 in line. Initial Configuration • Two or more SA7150s must be physically installed on the same network.
CHAPTER 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide Procedure for Scenario 4 1. Configure the SA7150 farthest from the server as described in any of the preceding scenarios. Remain connected to that specific SA7150 for the export configuration procedure. NOTE: The SA7150 restarts when spill is enabled. Depending on the size of the current configuration file, it can require from 30 seconds to seven minutes to return to operations. 2. At the command prompt, type the set spill enable command.
CHAPTER 4 Scenario 4—Cascaded SA7150s 14. Select xmodem as the sending protocol. 15. Click the Send button. The transfer completes and then you are prompted to verify that you wish to install this configuration. Do you want to install this config ? [y]: y 16. After verification (y) or refusal (n), the prompt reappears. HP SA7150> 17. Save the configuration. HP SA7150> config save Saving configuration to flash... Configuration saved to flash HP SA7150> 18. Repeat steps 11-17 for any additional SA7150s.
CHAPTER 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide Scenario 5—Different Ingress and Egress Routers This scenario describes the configuration of a SA7150 when the ingress and egress traffic paths are different.
CHAPTER 4 Scenario 6—Configuring a Firewall Scenario 6—Configuring a Firewall This scenario describes the recommended network configuration to allow a SA7150 to provide SSL services for a single server that also serves plain-text HTTP documents. Actual procedures for adjusting the firewall and server configurations vary widely depending upon the products used, so the steps outlined here are necessarily approximations and must be adjusted as required by the particulars of your environment.
CHAPTER 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide For the SA7150 to provide SSL services, the web server process providing port 443 services requires two modifications. • First, because the SA7150 performs all of the SSL processing, the web server process must be configured to expect only standard HTTP (unencrypted) connections, even for sensitive content.
CHAPTER 4 Scenario 6—Configuring a Firewall NOTE: The device automatically adjusts the list of MapIDs as they are created and deleted, thus MapID 2 becomes MapID 1 when the default (the original MapID 1) is deleted. 4. Once a user-created server assignment exists, the default mapping can be deleted. In this example, delete MapID number 1. HP SA7150> list map Map Net Ser Cipher ReID KeyID Server IP Port Port Suites direct == ===== ========= ===== ==== ======== ===== 1 default 1.1.1.
CHAPTER 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes 70
Command Reference The HP e-Commerce/XML Server Accelerator SA7150 is fully configurable through the Command Line Interface (CLI). The CLI is accessible through both the console and aux console RS232 ports or remotely via Telnet and SSH. Online Help The SA7150 provides online help with the following options: • Type help to display a summary of commands.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Line Interface The CLI handles all user interactions on the console and auxiliary console RS232 ports. One instance per port runs at all times. User Authentication To gain access to the CLI, the user must first be authenticated by providing a password at the logon banner prompt. The logon banner provides build version information and the serial number.
CHAPTER 5 Input Editing Commands However, “sh” as shown below, is not an abbreviation to uniqueness in that it does not distinguish between show and showsnmp. HP SA7150> sh The solitary letter “e” in the context of the next example, (i.e., preceded by “ssh”), uniquely indicates ssh enable. HP SA7150> set ssh e SSH Service started. Input Editing Commands Moving the Insertion Point Command Description ctrl-b Move back one character. ctrl-f Move forward one character.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Cut and Paste Command Description ctrl-d Delete the character underneath the cursor. ctrl-k Delete the text from the current cursor position to the end of the line. ctrl-u Delete backward from the cursor to the beginning of the current line. ctrl-w Delete the word behind the cursor, using white space as a word boundary. ctrl-y Copy text that has been deleted. backspace/del Delete the character to the left of the cursor.
CHAPTER 5 Command Summary Command Summary This section contains a high-level view of the SA7150’s command structure. Details appear in the next section, Command Reference.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Command Options factory_default N/A help help help help usage import cert client_ca config key patch upgrade inline N/A insert server list blocks filters (shows blocks and permits) keys logs maps permits monitoring procs snmp_community system trap_community nic N/A password N/A reboot N/A 76
CHAPTER 5 Command Summary Command Command Options set alarms cache ciphers ciphers default client_tmo date defcert egress_mac x:x:x:x:x:x egress_mac none ether idleto ip kstrength max_remote_sessions <0-5> monitoring monitoring_interval monitoring_fields more ovl_window prompt redirect redirect none route x.x.x.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Command Options show alarm blocks cache ciphers cert client_ca client_tmo config config default config saved date defcert egress_mac ether filters idleto info ip key kstrength logs map max_remote_sessions monitoring monitoring_interval monitoring_fields more patch ovl_window pattern pattern permits rsc_window redirect route serial server server_tmo ssh ssh_port sign spil
CHAPTER 5 Command Summary Command Command Options show telnet_port utl_highwater utl_lowwater utl_window setsnmp snmp snmp_community snmp_port snmp_info sys_contact sys_location sys_name trap_authen trap_community trap_port showsnmp snmp snmp_community snmp_port snmp_info sys_contact sys_location sys_name trap_authen trap_community trap_port status line realtime alarms tty_char N/A 79
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Reference Help Commands Command Description help Display the list of available commands. help Display usage for a single command. help usage Display all commands and their usage. tty_char View the available list of keyboard shortcut commands. Status Command Command Description status Display device statistics. Several modes are available, as described below. (Default: realtime.
CHAPTER 5 Command Reference XML Commands Command Description create server Specify an XML server. Prompts for a unique name, a unique IP address/port pair, and the correct MAC address to identify a server to fulfill XML requests. NOTE: Server names are case insensitive. Example: HP SA7150> create server Server Name: Standard Server IP: 10.1.1.2 Cleartext (server) port [80]: 8080 Server MAC Address:00:a0:c9:fc:84:ab HP SA7150> delete server Delete the specified XML server name from the system.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description insert server XML servers exist in a numeric hierarchy reflecting the order in which they were created with the create server command. The system assigns a server index number to each server as it is created, incrementing the number with each new server.
CHAPTER 5 Command Reference Command Description create pattern Create an XML pattern for a specified server. Patterns associated with a given server are uniquely identified by a system-generated numeric pattern ID. After you execute the command, you are prompted to enter the URI expression followed by the XML expression. After a pattern is created the system prompts the user to enter another pattern.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description delete pattern Delete an XML pattern specified by server and pattern ID. NOTE: Use the show pattern command to identify existing patterns.
CHAPTER 5 Command Reference Command Description show pattern Display the list of XML patterns for: • all servers, or • a specified server When executed without the server name parameter, the command displays all patterns defined for all servers. When a server name is specified the command displays only the patterns defined for that server. Pattern IDs appear in the left column, the content of the pattern appears to the right.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description set xml Enables processing based on the XML patterns defined for a specified map. Default: disabled. NOTE: Setting the command to “enable” has no effect if no XML servers are defined. NOTE: Enabling xml automatically enables xml_well_formed (see below) for the specified map, while disabling xml automatically disables xml_well_formed (assuming it has not previously been manually disabled).
CHAPTER 5 Command Reference Command Description set xml_well_formed Enables or disables the SA7150’s feature for the detection of malformed XML data coming in via HTTP POST. xml_well_formed normally works in parallel with the xml command (see above), that is, it is automatically enabled for a specified map when xml is enabled for that map, and automatically disabled (for a specified map) when xml is disabled (for that map).
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Port Mapping Commands These commands are used to execute the operations described in Chapter 3’s Mapping and Blocking sections. Command Definition create block Create a block to preclude access to specified IP addresses or through specified ports. A single IP, a single port, or all ports can be blocked. If fewer than all ports are to be blocked, you must repeat the create block command for each one.
CHAPTER 5 Command Reference Command Definition create permit Create a configuration allowing a specified user access to specified servers and ports, and/or denying the specified user access to specified servers and ports. Example: HP SA7150> create permit Client IP to permit [0.0.0.0]:10.1.2.1 Client IP mask [0.0.0.0]:255.255.0.0 Server IP to permit [0.0.0.0]:20.1.2.1 Server IP mask [0.0.0.0]:255.255.0.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Definition create map Create a mapping that associates server IP, SSL port, and Key ID, and clear text port (clear text maps only). Example 1 (for SSL operation): HP SA7150> create map Server IP [0.0.0.0]: 1.1.1.
CHAPTER 5 Command Reference Command Definition list maps List all mappings. (Same as show map.) Example: HP SA7150> list maps Map Net Ser Cipher ReID KeyID Server IP Port Port Suites direct == ===== ========= ===== ==== ====== ===== 1 default Any 443 80 all(v2+v3) n 2 sample 10.1.2.57 443 80 med(v2+v3) n Client Auth XML ===== === n n n n well form ==== N/A N/A Operational Commands Command Description bypass Enables bypass mode, in which traffic flows through SA7150 without being processed.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description inline Enables inline mode, in which the SA7150 processes traffic normally. (As opposed to bypass mode, in which traffic may flow through the device unprocessed.) Example: HP SA7150> inline The LED labeled “inline” on the SA7150’s front panel is illuminated when inline mode is enabled. NOTE: Other factors may preclude the use of inline mode. See Failure/Bypass Modes in Appendix B.
CHAPTER 5 Command Reference Command Description reboot Reboots the SA7150. WARNING: Any configuration changes mode during the current CLI session will be lost upon rebooting. Refer to the config save command for details regarding saving configuration changes. Example: HP SA7150> reboot Are you sure you want to reboot [n]: y System rebooting...done (System reboots, eventually prompting you for your password.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description set ip Assign an IP address and netmask to the SA7150’s network interface for Telnet and SSH sessions. CAUTION: The assignment of an IP address introduces security issues. Please refer to the “Access Control” section of Chapter 6. NOTE: To disable a currently configured IP, use set ip followed by none. Example: HP SA7150> set ip Enter IP Address (’none’ to delete) [10.1.2.124]: Enter Netmask (’none’ to delete) [255.
CHAPTER 5 Command Reference Command Description set telnet Enables or disables Telnet sessions. When this command is set to “enable” and an IP address is assigned to the SA7150’s network interface, you can access the device’s CLI via remote Telnet session. When disabled, the device refuses Telnet connections. The console prompts for any missing parameters. Default: disable. Syntax: HP SA7150> set telnet enable Need an IP address to start Telnet service. Enter IP Address [209.218.240.67]:10.1.2.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description set ssh Enable or disable Secure Shell (SSH) sessions. When this command is set to “enable” and an IP address is assigned to the SA7150’s network interface, you can access the device’s CLI via remote SSH session. When disabled, the device refuses SSH connections. Default: disable. Syntax: HP SA7150> set ssh show ssh Display current SSH status: enabled or disabled.
CHAPTER 5 Command Reference Command Description showsnmp snmp Displays the current status of the SNMP agent: enabled or disabled.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description setsnmp snmp_community Set SNMP community strings. Example: HP SA7150> setsnmp snmp_community SNMP Community String(s) Setting. Enter a SNMP Community IP (q to quit):1.1.1.1 Enter a SNMP Community String (q to quit): commstring Enter a SNMP Community IP (q to quit): q list snmp_community Display currently configured SNMP community strings. Example: HP SA7150> list snmp_community SNMP Community String(s) information.
CHAPTER 5 Command Reference Command Description showsnmp trap_authen Displays current status of trap authentication trap. Example: HP SA7150> showsnmp trap_authen SNMP Authorization Trap: enabled setsnmp trap_community Sets SNMP trap community strings. Example: HP SA7150> setsnmp trap_community SNMP Trap Community String(s) Setting. Enter a SNMP Trap Community IP (q to quit): 0.0.0.0 Enter a SNMP Trap Community String (q to quit): private Enter a SNMP Trap Community IP (q to quit): 0.0.0.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Alarms and Monitoring Commands Command Description set alarms Enable all or a selection of the SA7150’s alarms.
CHAPTER 5 Command Reference Command Description show rsc_window Display current Refused SSL Connections Alarm interval. Syntax: HP SA7150> show rsc_window Check for refused SSL connections [secs]: 10 set utl_window Set interval (window) at which the device checks for exceeded utilization thresholds (CPU load, Connections per Second, or Total Open Connections and, if any are detected, issues a Utilization Threshold Alarm.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description set utl_lowwater Set the Utilization Threshold Alarm low-water value. Expressed as a percentage, the low-water value represents the lowest CPU utilization, Connections per Second, or Total Open Connections required to trigger a UTL Alarm. (Range: 1-99%, default: 60%) NOTE: See also set utl_window and set utl_highwater, this section.
CHAPTER 5 Command Reference Command Description show ovl_window Display the current Overload Alarm window. Example: HP SA7150> show ovl_window Check for overload conditions [secs]: 10 Configuration Commands Command Description show config Display current volatile configuration settings. Example: HP SA7150> show config # default config file created on Tues July 25 06:56:46 2000 (Configuration parameters are displayed here...) show config saved Display saved non-volatile configuration settings.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description show config default Display default configuration settings. These are values used when factory default commands are executed. Example: HP SA7150> show config default Default configuration ===================== conlog 0xffffffef ilog 0xffffffff trace 0xfffff3dd media auto logport tty01 cache 3 server_tmo 5 client_tmo 30 serverif exp1 netif exp0 map 0.0.0.
CHAPTER 5 Command Reference Command Description config compare Display differences between saved and current configuration. For optimal flexibility in configuration and testing, the SA7150 supports both “current” (volatile) and “saved” (non-volatile) configurations. The config compare command displays the differences, if any, between the two configurations. Example: HP SA7150> config compare Only in /keys: 4 HP SA7150> config reset Restore saved configuration.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description export config Export all configuration, key, sign and certificate information (ASCII, xmodem). If you use ASCII as the export protocol, you must WARNING: Do not edit an exported configuration file. Example: HP SA7150> export config Export protocol: (xmodem, ascii) [ascii]: Press any key to start, then again when done... # default config file created on Fri Jul 28 06:56:46 2000 (...
CHAPTER 5 Command Reference Command Description import upgrade Import a complete software release. (See Chapter 6 for details regarding software updates.) Example: HP SA7150> import upgrade Import protocol: (xmodem) [xmodem]: Start xmodem upload now Use Ctl-X to cancel upload Verifying upgrade image... upgrade image valid version x.x, build xxx Continue with the upgrade? [n]:y NOTE: All saved logs will be deleted and the system will reboot upon successful completion of the upgrade.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description factory_default Returns to factory configuration settings. Example: HP SA7150> factory_default Reset to default configuration [n]: y Reset to factory defaults System rebooting...done T944 V2.31 DXC. .. 868242+361188O/S running Generating 512 bit default key Generating default certificate Saving default key/cert to flash Restricted Rights Legend (...copyright and version information displayed here...
CHAPTER 5 Command Reference Command Description show info Display software version information. Example: HP SA7150> show info ================================================ === hp e-commerce/xml server accelerator sa7150 === (c)Copyright 2001 Hewlett-Packard Company === === Version 2.4.1, Build xx ================================================ set date Set the date and time. WARNING: Execution of this command reboots the SA7150.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description show ether Display ethernet settings. Example: HP SA7150> show ether Ethernet media set to auto set idleto Set the console idle interval in minutes. After minutes absence of keyboard activity, the user is automatically logged off. Range: 0 to 525600. Default is five minutes. A value of 0 specifies that the console never times out.
CHAPTER 5 Command Reference Command Description set prompt Change the prompt from SA7150 to the desired prompt. Example: HP SA7150> set prompt Prompt [HP SA7150> ]: HP SA7150> set serial Allows user to set the console port to monitor the CLI or the output logging, and set the speed, data bits, stop bits, and parity bits. The aux console port is fixed at 115200, 8, 1, N. This command returns the user to the “password” prompt after setting the console port.
CHAPTER 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Logging Commands Command Description export log Export a saved log/trace file. NOTE: Log files referred to here are not humanreadable. Syntax: HP SA7150> export log where is the ID of the specific log you wish to export. Example: HP SA7150> export log a Export protocol: (xmodem): Use Ctrl-X to kill transmission Beginning export... delete log Delete saved log/trace files from /flash/logs.
Remote Management Overview The SA7150 supports remote management via three protocols: NOTE: Remote management functions can be enabled and configured only through the local serial console. • Telnet • Secure Shell (SSH) • SNMP When enabled, remote management allows you to access the device’s Command Line Interface (CLI) from Telnet or SSH sessions running on remotely located machines. Up to five remote sessions can be configured, including both Telnet and SSH sessions.
CHAPTER 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide Limitations Note that several CLI capabilities available at the local console are unavailable in remote sessions.
CHAPTER 6 Overview • show ssh_port displays current SSH port. SNMP-specific: • setsnmp snmp enable|disable enables or disables SNMP management. • showsnmp snmp displays current SNMP status: enabled or disabled. • setsnmp snmp_info sets the following SNMP information and parameters: • SNMP port (Default: 161) • SNMP trap port (Default: 162) • SNMP agent IP address • Contact person • System location • System name • showsnmp snmp_info displays current SNMP information and parameters.
CHAPTER 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide Remote Telnet Sessions This section contains procedures for accessing the SA7150’s CLI via remote Telnet session. Telnet and Windows 2000 Windows 2000* users need to change the default terminal type, ANSI, to VT100 before running remote Telnet sessions with the SA7150, and to disable CRLF. To do so, follow this procedure: 1. Click the Windows Start button. 2. In the Start menu, select Run... 3.
CHAPTER 6 Remote Telnet Sessions Enable remote Telnet sessions: HP SA7150> set telnet enable Configure the network route: HP SA7150> set route Enter Default Route (’none’ to delete) [10.1.1.1] : Verify the route configuration (optional): HP SA7150> show route Default Route : 10.1.1.1 Delete a route configuration (optional): HP SA7150> set route none NOTE: To ensure that this remote management configuration persists across a device shutdown and startup, run the config save command.
CHAPTER 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide NOTE: If other remote sessions are already running and the new one exceeds the number allowed as configured with the set max_remote_sessions command, the CLI displays the message, “Max Remote Session Limit of (5) exceeded!” Either close a session, or increase the maximum number allowed. After you enter your password, the Telnet session displays the SA7150’s CLI.
CHAPTER 6 Remote SSH Sessions Remote SSH Sessions NOTE: The default user name and password for SSH sessions are admin. This section contains procedures for accessing the SA7150’s CLI via remote Secure Shell (SSH) session. The table below illustrates ciphers supported by the domestically available SA7150 under SSH1 and SSH2. The export version of the product supports only the SSH2 cipher DES.
CHAPTER 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide Delete a route configuration (optional): HP SA7150> set route none NOTE: To ensure that this remote management configuration persists across a device shutdown and startup, run the config save command. Remote SSH management is now enabled and configured on the SA7150. Now you can access the CLI from a remote SSH session.
CHAPTER 6 SNMP To display the SSH port: HP SA7150> show ssh_port SSH Port Number: 220 Disabling SSH SSH sessions are disabled at the SA7150’s local serial console. To disable, follow the steps below: HP SA7150> set ssh disable To verify SSH disable: HP SA7150> show ssh SSH: disable To ensure that SSH sessions remain disabled across a device shutdown and startup, run the config save command. SNMP NOTE: SNMP is disabled by default.
CHAPTER 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide Starting SNMP SNMP is enabled or disabled using the CLI’s setsmnp snmp command (it is disabled by default): HP SA7150> setsnmp snmp enable With no community string defined, the device will not respond to SNMP queries (even with SNMP enabled). Because there is no default community string, the user must set the community string as well as enable the SNMP function. HP SA7150> setsnmp snmp_community SNMP Community String(s) Setting.
CHAPTER 6 SNMP HP MIB Tree The following figure illustrates HP’s MIB tree. HP’s MIB Tree All HP enterprise MIBs and MIB objects are defined under the HP tree. All sysObjectIds that identify HP products are defined under the hpServerAppliancesSystem branch of the HP tree.
CHAPTER 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide Supported MIB Management Information Base-II (MIB-II) HP Enterprise MIBs: hpserver-header.my hpxml-accelerator-mib.my Where to find the MIB File Electronic copies of the HP MIB file used by the SA7150 are shipped with the product on the Resource CD. Write access through SNMP SET is not allowed for any MIB variables or SNMP groups. An SNMP SET on any group returns an error.
CHAPTER 6 SNMP encryptionResumed Resumes processing traffic after having been stopped serverInterfaceStateChanged The server-side interface state changed networkInterfaceStateChanged The network-side interface state changed cpuUtilAlert The device has exceeded the CPU utilization high water threshold cpuUtilNormal CPU utilization back to normal levels sslCpsAlert The device has exceeded the SSL connections per second high water threshold sslCpsNormal The SSL connections per second processed by the device
CHAPTER 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide sslOverloadThrottles Connections were throttled in the past sslOverloadInterval appRestartAlert SSL processing application has restarted Enabling SNMP Enabling and disabling SNMP is accomplished with the CLI command, setsnmp snmp enable|disable. Operational status can be verified using showsnmp snmp.
CHAPTER 6 SNMP You can also configure SNMP information elements individually using the following commands: • setsnmp snmp_port sets the SNMP port • setsnmp trap_port sets the SNMP trap port • setsnmp sys_contact sets the contact person • setsnmp sys_name sets the system name • setsnmp sys_location sets the system location Correspondingly, the values set with the above commands are displayed using the commands: • showsnmp snmp_port • showsnmp trap_port • showsnmp sys_contact • showsnmp sys
CHAPTER 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide Trap Community String Use CLI commands setsnmp trap_community, list trap_community and delete trap_community to set, display, and delete trap community strings. HP SA7150> setsnmp trap_community SNMP Trap Community String(s) Setting. Enter a SNMP Trap Community IP (q to quit): 0.0.0.0 Enter a SNMP Trap Community String (q to quit): private Enter a SNMP Trap Community IP (q to quit): 0.0.0.
CHAPTER 6 Access Control To permit a client, specified by IP and IP mask, access to a specified server, use the create permit command as illustrated below: HP SA7150> create permit Client IP to permit [0.0.0.0]: 10.1.2.1 Client IP mask [0.0.0.0]:255.255.255.255 Server IP to permit [0.0.0.0]:20.1.2.1 Server IP mask [0.0.0.0]:255.255.255.
CHAPTER 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes 130
Alarms and Monitoring Overview The HP e-Commerce/XML Server Accelerator SA7150 supports: • Alarms that can be sent to the console upon pre-designated events • Periodic status-monitoring reports Both alarms and monitor reports are single lines of text. Both can be written either to the local administration console or to remote management sessions (Telnet or Secure Shell only). On the display, alarms are prefaced by the letter “A,” and monitor reports with the letter “M.” Both have timestamps.
CHAPTER 7 HP e-Commerce/XML Server Accelerator SA7150 User Guide • Refused SSL connections • Utilization (Threshold) alarms • Overload alarms • Network Link Status All alarms are disabled by default and may be enabled in any combination. Alarm format: A:mm/dd/yyyy hh:mm:ss: ALARM_CODE:MODIFIER:EXTENDED_DATA:/ *message*/ Where: A: Identifies the message as an alarm (as opposed to a monitor report). mm/dd/yyyy hh:mm:ss: The timestamp. ALARM_CODE: The alarm type: [ESC RSC UTL OVL NLS].
CHAPTER 7 Alarm Types Alarm Types The configurable alarm types are detailed in separate sections below. ESC: Encryption Status Change Alarm When enabled, an alarm is issued when the device is changed between INLINE and BYPASS modes. This change can be made from CLI using the commands, inline or bypass, or at the device’s front panel by pressing the BYPASS button. Format: A:mm/dd/yyyy hh:mm:ss: ESC:HDWR|CONB|CONI|FNTB| FNTI|APPR:/*message*/ Where: A: identifies the message as an alarm.
CHAPTER 7 HP e-Commerce/XML Server Accelerator SA7150 User Guide RSC: Refused SSL Connections When enabled, an alarm is generated whenever SSL connections are refused for cipher suite mismatch or client certificate authentication failure during the current user-specified period (5 to 65000 seconds, default: 15 seconds). The total number of refused SSL connections is reported along with the reason for refusal. This alarm can be enabled or disabled at the CLI.
CHAPTER 7 Alarm Types UTL: Utilization Threshold Alarm This alarm monitors three utilization threshold values: • CPU • Connections per Second • Total Open Connections. When enabled, an alarm is issued whenever any of the utilization values exceeds its high-water mark, or, having exceeded the highwater mark, drops below the low-water mark. The user defines the high and low-water marks. By default, the high-water mark is 90% and the low-water mark is 60%.
CHAPTER 7 HP e-Commerce/XML Server Accelerator SA7150 User Guide UTL Alarm CLI commands To set Utilization Threshold Alarm time window: set utl_window (Range: 5-65000, default: 15) To set Utilization Threshold Alarm high-water value: set utl_highwater (Range: 2100, default: 90) To set Utilization Threshold Alarm low-water value: set utl_lowwater (Range: 1-99, default: 60) To display current settings: show utl_window show utl_highwater show utl_lowwater Examples: HP
CHAPTER 7 Alarm Types OVL: Overload Alarm When enabled, an alarm is issued upon occurrence of overloads resulting in spills or throttles during the current user-configured alarm period (5 to 65000 seconds, default: 15 seconds). WARNING: This alarm indicates loss of encryption/decryption. (Normal SSL operation resumes when the alarm ceases.) Format: A:mm/dd/yyyy hh:mm:ss:OVL:SPIL|THRT:XXX: /*message*/ Where: A: identifies the message as an alarm. mm/dd/yyyy hh:mm:ss: is the timestamp.
CHAPTER 7 HP e-Commerce/XML Server Accelerator SA7150 User Guide NLS: Network Link Status Alarm An alarm is issued whenever the Network or Server link status is changed. Format: A:mm/dd/yyyy hh:mm:ss: NLS:NETL|SVRL:LNKD|10HDX|10FDX|100HDX|100FDX :/*message*/ Where: A: identifies the message as an alarm. mm/dd/yyyy hh:mm:ss: is the timestamp. NLS: identifies the message as a Network Link Status Alarm. Alarm Modifiers and Messages NETL: indicates the network port status.
CHAPTER 7 Alarm Logging These alarms can be viewed on the console using the CLI command, status alarms. Additionally, any logs generated and saved as a result of an exceptional condition are viewable by using the CLI command, status . (A list of the viewable log files is displayed using the list logs command.
CHAPTER 7 HP e-Commerce/XML Server Accelerator SA7150 User Guide (0x00000026 0x00000003 0x00000026) Server NIC: No carrier (0x00000023 0x00000001 0x00000023) Network LED: on Server LED: off SSL Caching: enabled to permit --------------- Configuration -------------conlog 0xffffffef ilog 0xffffffff trace 0xfffff3dd media auto logport tty01 cache 3 server_tmo 5 client_tmo 30 serverif exp1 netif exp0 map 0.0.0.
CHAPTER 7 Alarm Logging prompt HP SA7150> trap_authen remote_if exp0 ip 10.1.11.34 netmask 255.255.0.
CHAPTER 7 HP e-Commerce/XML Server Accelerator SA7150 User Guide Monitoring Monitoring Reports A monitoring report is one line of user-configurable text displayed at the console at a user-configurable interval of between five and 65000 seconds. The interval default is 15 seconds. Console Configuration Monitoring reports are disabled by default, and are enabled with the CLI set monitoring command. (See Chapter 5.
CHAPTER 7 Monitoring NetIF;s Net interface; (s)tatus [NC|10HDX|10FDX|100HDX|100FDX] SvrIF;s Svr interface; (s)tatus [NC|10HDX|10FDX|100HDX|100FDX] BES;c,m,t Bytes Encrypted per Second; (c)urrent, (m)ax, (t)otal BDS;c,m,t Bytes Decrypted per Second; (c)urrent, (m)ax, (t)otal TOTCS;c,.m.
CHAPTER 7 HP e-Commerce/XML Server Accelerator SA7150 User Guide Monitoring for this terminal: disabled HP SA7150> set monitoring_fields Where are: all => All monitoring fields enabled. cps => SSL connections per second. cpu => CPU utilization. dec => Decrypted Data throughput. enc => Encrypted Data throughput. failmode => Fail-safe or Fail-through mode. link => Network and Server Link status. mode => INLINE or BYPASS mode.
Software Updates Use the import upgrade command to upgrade your HP eCommerce/XML Server Accelerator SA7150 software. When you upgrade your SA7150 software, the configuration (including all keys, certificates, and mapping) is saved. However, all log files are cleared. The software is in the form of an image file (*.IMG). Use the import patch command to install a patch to a current software release. Patches typically effect fixes to minor software issues.
CHAPTER 8 HP e-Commerce/XML Server Accelerator SA7150 User Guide Using HyperTerminal* Command: import upgrade Use the SA7150’s aux console port, which defaults to 115.2 kbps, for greater speed. The import procedure (using xmodem) requires approximately 7 minutes at 115.2 kbps. 1. Download the image file to the local PC. 2. Connect the serial cable from COM1 or COM2 to the SA7150 aux console. 3. Log in to the SA7150. 4. Type the import upgrade command and press Enter.
CHAPTER 8 Using HyperTerminal* Command: import patch Use the SA7150’s aux console port, which defaults to 115.2 kbps, for greater speed. The import procedure (using xmodem) requires approximately 7 minutes at 115.2 kbps. 1. Download the patch file (.patch) to the local PC. 2. Connect the serial cable from COM1 or COM2 to the SA7150 aux console. 3. Log in to the SA7150. 4. Type the import patch command and press Enter.
CHAPTER 8 HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes 148
Troubleshooting Item 1 Symptom Server and/or Network LEDs not illuminated. Probable Cause • Unit is in Bypass mode. • Improper cabling. Remedy • If the Inline LED is not illuminated (solid or blinking) take the SA7150 out of Bypass mode by either pressing the Bypass switch on the unit’s front panel or using the CLI’s inline command.
CHAPTER 9 Item 2 3 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide Symptom Probable Cause Remedy Non-SSL data does not pass through SA7150. Improper cabling. Refer to Item 1 in this table. Web pages are not completely displayed, or an error message such as, “Document Contains No Data” appears. The client timeout value is too small. Increase the interval with the following command: “Client timeout” is the interval that the connection between the client and server can remain idle (i.e.
CHAPTER 9 Item 6 Symptom Error message indicates that the browser does not recognize the signer of this certificate after loading global server ID. Probable Cause The intermediate certificate is not installed or is installed improperly. Remedy See Global Site Certificates in Chapter 3 for correct procedures.
CHAPTER 9 Item 7 Symptom Error message: Server/Network media mismatch. HP e-Commerce/XML Server Accelerator SA7150 User Guide Probable Cause Server and network ports have autonegotiated to different media settings. Remedy Use the status command to determine the media settings: HP SA7150> status . . Network port 100baseTX Full Duplex Server port Duplex 10baseT, Half Then use the nic command to force common media attributes, e.g.
Front Panel The following diagram shows the LEDs, buttons, switches and connections for the HP e-Commerce/XML Server Accelerator SA7150. Note that there is no power switch or button. Power is applied to the device by connecting the power cable.
APPENDIX A HP e-Commerce/XML Server Accelerator SA7150 User Guide Buttons and Switches There are two buttons and one switch on the front panel of the SA7150. Button/Switch Action Reset button Press momentarily to issue a soft reset to the SA7150. Press for 5 seconds to reset the SA7150 and restore the factory defaults. Bypass button Press to physically force bypass mode (bypass SA7150 processing).
APPENDIX A Front Panel LEDs LED Status Overload ON – SA7150 is saturated with SSL requests. LED ranges from dim flickering to bright steady, indicating low to high spillover. Refer to the spill command for ways to offload requests to another SA7150. OFF – Normal operation. Activity ON – SSL processing is being performed. Ranges from dim, when processing loads are low to bright, when greater amounts of processing are occurring. OFF – No SSL processing is being performed.
APPENDIX A HP e-Commerce/XML Server Accelerator SA7150 User Guide Connectors The following table describes the SA7150’s connectors. Designator Network Server Console Aux Console Power 156 Type Purpose RJ45 100baseTX/10baseT connection to network (clients), wired as a host port. RJ45 100baseTX/10baseT connection to server (or servers), wired as a hub port.
Failure/Bypass Modes WARNING: Enabling bypass mode will instantly terminate all active remote management sessions. The HP e-Commerce/XML Server Accelerator SA7150 is designed with the ability to automatically bypass e-Commerce traffic in the event of a failure. If necessary, the user can force a bypass with the bypass button or from the command line interface using the bypass command. There is also a security feature (Fail-through switch).
APPENDIX B HP e-Commerce/XML Server Accelerator SA7150 User Guide LEDs Inline Network Link (green) Server Link Network Link Server Link Reset Bypass Fail-Through switch Front Panel Detail: Failure/Bypass Mode Controls and Indicators Bypass Button Forcing a bypass of the SA7150 may be necessary when certain actions must be performed offline (e.g., configuration changes, entering certificates, or problem isolation). To force a bypass of SA7150 processing, push the bypass button ON.
APPENDIX B Fail-through Switch (Security Level) During normal processing, the Inline (green) LED on the front panel indicates whether e-Commerce traffic will pass through in the event of a failure (depending on Fail-through switch state).
APPENDIX B HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes 160
Supported Ciphers The HP e-Commerce/XML Server Accelerator SA7150 supports only RSA key exchange and authentication. Diffie-Hellman (including Anonymous and Ephemeral) key exchange/authentication and DSS authentication are not supported. Use the set cipher command to specify the cipher. The command prompts you for the cipher strength and SSL version level.
APPENDIX C HP e-Commerce/XML Server Accelerator SA7150 User Guide SSL Version Level • SSLv2 - all SSL version 2.0 ciphers • SSLv3 - all SSL version 3.0 ciphers • SSLv2 and SSLv3 - all SSL version 2.0 and 3.0 ciphers The default cipher value is all supported ciphers (both SSLv2 and SSLv3). The following table provides ciphers supported by the SA7150. Note that the export version of the software supports only the ciphers marked “E” in the Profile column.
APPENDIX C Name SSL Version Level Protocol Key Exchange Authentication Encryption (key size) Message Profile (Hi/ Authentication Medium/ Low/ Export) RC4-64MD5 SSLv2 RSA RSA RC4(64) MD5 L DESCBCMD5 SSLv2 RSA RSA DES(56) MD5 L EXPDESSSLv3 CBC-SHA RSA(512) RSA DES(40) SHA1 E EXPRC2CBCMD5 SSLv3 RSA(512) RSA RC2(40) MD5 E EXPSSLv3 RC4-MD5 RSA(512) RSA RC4(40) MD5 E EXPRC2CBCMD5 SSLv2 RSA(512) RSA RC2(40) MD5 E EXPSSLv2 RC4-MD5 RSA(512) RSA RC4(40) MD5 E 163
APPENDIX C HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes 164
Regulatory Information Taiwan Class A EMI Statement
APPENDIX D HP e-Commerce/XML Server Accelerator SA7150 User Guide VCCI Statement Class A ITE This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions. Internal access to the device is intended only for qualified service personnel.
APPENDIX D Canada Compliance Statement (Industry Canada) NOTE: This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. CAUTION: If you make any modification to the equipment not expressly approved by HP, you could void your authority to operate the equipment.
APPENDIX D HP e-Commerce/XML Server Accelerator SA7150 User Guide VCCI Class A (Japan) Australia WARNING The system is designed to operate in a typical office environment. Choose a site that is: 168 • Clean and free of airborne particles (other than normal room dust). • Well-ventilated and away from sources of heat including direct sunlight. • Away from sources of vibration or physical shock. • Isolated from strong electromagnetic fields produced by electrical devices.
APPENDIX D AVERTISSEMENT • Provided with a properly grounded wall outlet. Do not attempt to modify or use the supplied AC power cord if it is not the exact type required. Ensure that the system is disconnected from its power source and from all telecommunications links, networks, or modem lines whenever the chassis cover is to be removed. Do not operate the system with the cover removed. AVERTISSEMENT Le système a été conçu pour fonctionner dans un cadre de travail normal.
APPENDIX D HP e-Commerce/XML Server Accelerator SA7150 User Guide • gut gelüftet und keinen Heizquellen ausgesetzt sein (einschließlich direkter Sonneneinstrahlung); • keinen Erschütterungen ausgesetzt sein; • keine starken, von elektrischen Geräten erzeugten elektromagnetischen Felder aufweisen; • in Regionen, in denen elektrische Stürme auftreten, mit einem Überspannungsschutzgerät verbunden sein; während eines elektrischen Sturms sollte keine Verbindung der Telekommunikationsleitungen mit dem Mo
APPENDIX D ADVERTENCIAS Prima di rimuovere il coperchio del telaio, assicurarsi che il sistema sia scollegato dall’alimentazione, da tutti i collegamenti di comunicazione, reti o linee di modem. Non avviare il sistema senza aver prima messo a posto il coperchio. ADVERTENCIAS El sistema está diseñado para funcionar en un entorno de trabajo normal.
APPENDIX D HP e-Commerce/XML Server Accelerator SA7150 User Guide Wichtige Sicherheitshinweise 1. Bitte lesen Sie sich diese Hinweise sorgfältig durch. 2. Heben Sie diese Anleitung für den spätern Gebrauch auf. 3. Vor jedem Reinigen ist das Gerät vom Stromnetz zu trennen. Vervenden Sie keine Flüssig- oder Aerosolreiniger. Am besten dient ein angefeuchtetes Tuch zur Reinigung. 4. Um eine Beschädigung des Gerätes zu vermeiden sollten Sie nur Zubehörteile verwenden, die vom Hersteller zugelassen sind. 5.
APPENDIX D Wichtige Sicherheitshinweise 15. Wenn folgende Situationen auftreten ist das Gerät vom Stromnetz zu trennen und von einerqualifizierten Servicestelle zu überprüfen: a. Netzkabel oder Netzstecker sint beschädigt. Flüssigkeit ist in das Gerät eingedrungen. Das Gerät war Feuchtigkeit ausgesetzt. Wenn das Gerät nicht der Bedienungsanleitung ensprechend funktioniert oder Sie mit Hilfe dieser Anleitung keine Verbesserung erzielen. Das Gerät ist gefallen und/oder das Gehäuse ist beschädigt.
APPENDIX D HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes 174
Software License Agreement ATTENTION: USE OF THE SOFTWARE IS SUBJECT TO THE HP SOFTWARE LICENSE TERMS SET FORTH BELOW. USING THE SOFTWARE INDICATES YOUR ACCEPTANCE OF THESE LICENSE TERMS. IF YOU DO NOT ACCEPT THESE LICENSE TERMS, YOU MAY RETURN THE SOFTWARE FOR A FULL REFUND. IF THE SOFTWARE IS BUNDLED WITH ANOTHER PRODUCT, YOU MAY RETURN THE ENTIRE UNUSED PRODUCT FOR A FULL REFUND. HP SOFTWARE LICENSE TERMS License Grant. HP grants you a license to Use one copy of the Software.
APPENDIX E HP e-Commerce/XML Server Accelerator SA7150 User Guide Ownership. The Software is owned and copyrighted by HP or its third party suppliers. Your license confers no title or ownership and is not a sale of any rights in the Software, its documentation or the media on which they are recorded or printed. Third party suppliers may protect their rights in the Software in the event of any infringement. Copies and Adaptations.
APPENDIX E U.S. Government Restricted Rights. The Software and any accompanying documentation have been developed entirely at private expense. They are delivered and licensed as "commercial computer software" as defined in DFARS 252.227-7013 (Oct 1988), DFARS 252.211-7015 (May 1991) or DFARS 252.227-7014 (Jun 1995), as a "commercial item" as defined in FAR 2.101(a), or as "Restricted computer software" as defined in FAR 52.
APPENDIX E HP e-Commerce/XML Server Accelerator SA7150 User Guide Mozilla* and expat* License Information 1. expat (http://www.jclark.com/xml/expat.html) is code used in the SA7150. The license governing the expat code is either the Mozilla Public License (MPL) Version 1.1 or the GNU General Public License. 2. The open source code has neither been modified by HewlettPackard nor have files been added to or deleted from the source code by Hewlett-Packard.
APPENDIX E Mozilla* and expat* License Information 1.7. ’’Larger Work’’ means a work which combines Covered Code or portions thereof with code not governed by the terms of this License. 1.8. ’’License’’ means this document. 1.8.1. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein. 1.9.
APPENDIX E HP e-Commerce/XML Server Accelerator SA7150 User Guide For purposes of this definition, "control’’ means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. 2. Source Code License. 2.1. The Initial Developer Grant.
APPENDIX E Mozilla* and expat* License Information (b)under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: 1) Modifications made by that Contributor (or portions thereof); and 2) the combination of Modifications made by that Contributor with its Contributor Version (or portions of s
APPENDIX E HP e-Commerce/XML Server Accelerator SA7150 User Guide 3.2. Availability of Source Code.
APPENDIX E Mozilla* and expat* License Information to implement that API, Contributor must also include this information in the LEGAL file. (c) Representations. Contributor represents that, except as disclosed pursuant to Section 3.4(a) above, Contributor believes that Contributor’s Modifications are Contributor’s original creation(s) and/or Contributor has sufficient rights to grant the rights conveyed by this License. 3.5. Required Notices.
APPENDIX E HP e-Commerce/XML Server Accelerator SA7150 User Guide 3.6. Distribution of Executable Versions. You may distribute Covered Code in Executable form only if the requirements of Section 3.1-3.5 have been met for that Covered Code, and if You include a notice stating that the Source Code version of the Covered Code is available under the terms of this License, including a description of how and where You have fulfilled the obligations of Section 3.2.
APPENDIX E Mozilla* and expat* License Information 5. Application of this License This License applies to code to which the Initial Developer has attached the notice in Exhibit A and to related Covered Code. 6. Versions of the License. 6.1. New Versions. Netscape Communications Corporation (’’Netscape’’) may publish revised and/or new versions of the License from time to time. Each version will be given a distinguishing version number. 6.2. Effect of New Versions.
APPENDIX E HP e-Commerce/XML Server Accelerator SA7150 User Guide 7. DISCLAIMER OF WARRANTY. COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS’’ BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU.
APPENDIX E Mozilla* and expat* License Information arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Participant to You under Sections 2.1 and/or 2.2 automatically terminate at the expiration of the 60 day notice period specified above.
APPENDIX E HP e-Commerce/XML Server Accelerator SA7150 User Guide 9. LIMITATION OF LIABILITY.
APPENDIX E Mozilla* and expat* License Information 11. MISCELLANEOUS. This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by California law provisions (except to the extent applicable law, if any, provides otherwise), excluding its conflictof-law provisions.
APPENDIX E HP e-Commerce/XML Server Accelerator SA7150 User Guide Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. The Original Code is _________________________________. The Initial Developer of the Original Code is _______________. Portions created by _____________________ are Copyright © ______ _______________________.
Support Services Support for your SA7150 U.S.
APPENDIX F HP e-Commerce/XML Server Accelerator SA7150 User Guide Europe For hardware service and telephone support, contact: • An HP-authorized reseller or • One of the following HP Customer Support Centers: Country and Number Austria – 0660 6386 Belgium (Dutch) – 02 626 8806 Belgium (French) – 02 626 8807 Czech Republic – 420 2 613 07 310 Denmark – 3929 4099 English (non-UK) – +44 20 7512 5202 Finland – 02 03 47 288 France – 01 43 62 3434 Germany – 0180 525 8143 Greece – +30 (0) 16196411 Hungary – 3
APPENDIX F Support for your SA7150 Asia For hardware service and telephone support, contact an HPauthorized reseller or one of these support centers: Country and Number Australia – 03-8877-8000 Hong Kong – 800-96-2598 India – 91-11-6826035 Indonesia – 0800-21511 Japan – 0120-220-119 Korea – +82-2-32700911 Malaysia – 60 3 2931811 or 1-800-881811 New Zealand – Upper North Island – 09-356-6640 Lower North Island – 04-499-2026 South Island – 03-365-9805 People’s Republic of China – 86-8008105959 Philippines
APPENDIX F HP e-Commerce/XML Server Accelerator SA7150 User Guide Other Countries For hardware service, contact your local authorized reseller or HP sales office. For telephone support, contact your authorized reseller.
Glossary This section defines terms and acronyms used throughout the HP eCommerce/XML Server Accelerator SA7150 User Guide. Attribute A parameter of an XML element (see). Attributes consist of a name and a value. For example, the “name” element below has three attributes, lastName, firstName, and initial, each with its own value within quotation marks. Boolean Operators Logical AND and OR operators between expressions in XML patterns (see).
GLOSSARY HP e-Commerce/XML Server Accelerator SA7150 User Guide Cipher Any encryption algorithm, either symmetric or public key, operating either as a data stream or divided into blocks. Comparison Operators Comparison operators are used in the XML expression components of XML patterns allow the SA7150 to look for specific values in the XML data tree. These operators are: =, !, <, >, <=, and >=.
GLOSSARY Mapped Server The server to which the SA7150 sends messages for which no XML expression match is found among the active XML patterns, including any that contain the keyword “default” in their XML expression component. Node A location, identified by type, within an XML document. Node types are: elements, attributes, and text (see all). Operators SA7150 operations use three types of operators: step, comparison and Boolean. Please see the separate definitions for each of these for details.
GLOSSARY HP e-Commerce/XML Server Accelerator SA7150 User Guide URI Expression URL Encoding A content-encoding method optionally employed in HTTP documents. The SA7150 transparently decodes URL-encoded content before performing XML processing Validity Check A test for syntactical correctness of the two XML pattern components, URI expressions and XML expressions. Performed automatically each time one of these expressions is entered in the process of creating an XML pattern.
Index A Access Control 128 Administration commands 108 Alarm and monitoring commands 100 Alarms Encryption status change 133 Logging 138 Network link status 138 Overload 137 Refused SSL connections 134 Utilization threshold 135 Automapping 47 Automapping with multiple port combinations 47 Automapping with user-specified key and certificate 47 B Blocking 48 All IPs, specific port 50 Delete block 51 Specific IP, specific port 48 Subnet, specific port 49 Bypass mode 157 C Cascading 32, 63 Certificate Authorit
INDEX HP e-Commerce/XML Server Accelerator SA7150 User Guide Configuration, initial 13 Connectors 156 Cut and Paste 74 L Logging alarms 138 Logging Commands 112 D Deleting a block 51 M Manual mapping 47, 48 Mapping 46 MIB tree 123 Multiple SA7150s 63 E Egress routers 66 Encryption status change alarm 133 Expressions order of 20 Extensible Markup Language (see XML) N Network connections 10 Network link status alarm 138 F Failure/Bypass modes 157 Front panel LEDs 154 O Operational Commands 91 Order o
INDEX HP e-Commerce/XML Server Accelerator SA7150 User Guide S Scenarios Basic XML Operation 54 Cascaded SA7150s 63 Configuring a Firewall 67 Different Ingress and Egress Routers 66 Multiple Server Configuration (SSL) 61 Single Server Configuration 59 SNMP 121 Community string 127 Enabling 126 MIB tree 123 Specifying information 126 Standard traps 124 Trap community string 128 Trap summary 124 software license agreement 175 Specifications 3 Spill enable 64 Spilling 32 SSL Processing 46 Status Commands 80
INDEX HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes 202
