HP P4518A User Manual
hp e-commerce/
xml server
accelerator
user guide
sa7150
© Copyright 2001 Hewlett-Packard Company. All rights reserved.
Hewlett-Packard Com pany
3000 Hanover Street
Palo Alto, CA 94304-1185
Publication Number
5971-3006
March 2001
Disclaimer
The information contained in this document is subject to change without notice.
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY
KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not
be liable for errors contained herein or for incide ntal or consequential damages
in connection with the furnishing, performance, or use of this material.
Hewlett-Packard assumes no responsibility for the use or reliabili ty of its
software on equipment that is not furnished by Hewlett-P ackard.
Warranty
A copy of the specific warranty terms applicable to your Hewlett-Packard
products and replacement parts can be obtained from http://www.hp.com/
serverappliances/support.
*Other brands and names are the property of their respective owne rs.
Table of Contents
Chapter 1: Introduction
Introduction to the SA7150. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Typographic Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Chapter 2: Installation and Initial Configuration
Parts Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Additional Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Physical Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Rack Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Free-Standing Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Network Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
C O N T E N T S HP e-Commerce/XML Server Accelerator SA7150 User Guide
Console Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Using HyperTerminal* . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Fail-through Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Accessing the Command Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Chapter 3: Theory of Operation
XML Operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
General Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Server Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
XML Data Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
URI expressions in XML Patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Invalid URI Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Negation Operator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Operators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Boolean Operators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Function Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
XML Pattern Creation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Mapped Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Default Keyword. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
XML Pattern Matching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
XML “Well-formed” Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Network Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Single Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Multiple Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Multiple SA7150s and Cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Scalability and Cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Spilling and Throttling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
SSL Operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Keys and Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Cutting and Pasting with HyperTerminal* . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Obtaining a Certificate from VeriSign* or Other Authority . . . . . . . . . . . . . . . . . 34
Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Using an Existing Key/Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
iv
Table of Contents
Exporting a Key/Certificate from a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Apache Interface to Open SSL* (mod_ssl). . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Apache SSL*. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Stronghold*. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Importing into the SA7150 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Creating a new Key/Certificate on the SA7150. . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Global Site Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Global Site Certificate Paste Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Redirection: Clients and Unsupported Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Client Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Creating a Client CA Certificate using OpenSSL* . . . . . . . . . . . . . . . . . . . . . . . . 45
SSL Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Automapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Automapping with user-specified key and certificate. . . . . . . . . . . . . . . . . . . . 47
Automapping with multiple port combinations . . . . . . . . . . . . . . . . . . . . . . . . 47
Deleting automapping entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Manual mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Combining automapping and manual mapping . . . . . . . . . . . . . . . . . . . . . . . . 48
Blocking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Specific IP, Specific Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Subnet, Specific Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
All IPs, Specific Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Delete a Block. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Failure Conditions, Fail-safe, and Fail-through . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Chapter 4: Scenarios
Scenario 1—Basic XML Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Procedure for Scenario 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Scenario 2—Single Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Procedure for Scenario 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Automapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Manual Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Scenario 3—Multiple Server Configuration (SSL) . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Procedure for Scenario 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
v
C O N T E N T S HP e-Commerce/XML Server Accelerator SA7150 User Guide
Scenario 4—Cascaded SA7150s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Initial Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Procedure for Scenario 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Scenario 5—Different Ingress and Egress Routers . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Procedure for Scenario 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Scenario 6—Configuring a Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
SA7150 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Chapter 5: Command Reference
Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Command Line Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Abbreviation to Uniqueness. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Input Editing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Moving the Insertion Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Cut and Paste . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Command Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Command Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Help Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Status Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
XML Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Port Mapping Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Operational Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Remote Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Alarms and Monitoring Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Administration Commands
Logging Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Chapter 6: Remote Management
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Limitations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Remote Management CLI Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Remote Telnet Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
vi
Table of Contents
Telnet and Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Local Serial Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Remote Console, Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Changing the Telnet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Disabling Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Remote SSH Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Local Serial Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Remote Console, SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Changing the SSH Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Disabling SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Starting SNMP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Standards Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
HP MIB Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Supported MIB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Where to find the MIB File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Trap Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Standard SNMP Traps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Traps in the HP Private MIB. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Enabling SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Specifying SNMP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Community String. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Trap Community String . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Chapter 7: Alarms and Monitoring
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Alarm Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
ESC: Encryption Status Change Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
RSC: Refused SSL Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
RSC Alarm CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
UTL: Utilization Threshold Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
vii
C O N T E N T S HP e-Commerce/XML Server Accelerator SA7150 User Guide
UTL Alarm CLI commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
OVL: Overload Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
OVL Alarm CLI Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
NLS: Network Link Status Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Alarm Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Monitoring Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Console Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Report Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Monitoring Reports CLI Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Chapter 8: Software Updates
Using HyperTerminal* . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Chapter 9: Troubleshooting
Appendix A: Front Panel
Buttons and Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Front Panel LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Appendix B: Failure/Bypass Modes
Bypass Button. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Fail-through Switch (Security Level) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Appendix C: Supported Ciphers
Cipher Strength. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
SSL Version Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
viii
Table of Contents
Appendix D: Regulatory Information
Taiwan Class A EMI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
VCCI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
FCC Part 15 Compliance Statement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Canada Compliance Statement (Industry Canada). . . . . . . . . . . . . . . . . . . . . . . . . . 167
CE Compliance Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
CISPR 22 Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
VCCI Class A (Japan). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Australia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
WARNING. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
AVERTISSEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
WARNUNG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
AVVERTENZA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
ADVERTENCIAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Wichtige Sicherheitshinweise. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Appendix E: Software License Agreement
Mozilla* and expat* License Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
MOZILLA PUBLIC LICENSE, Version 1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Appendix F: Support Services
Support for your SA7150 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
U.S. and Canada. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Europe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Asia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Latin America . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Other Countries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Glossary
Index
ix
C O N T E N T S HP e-Commerce/XML Server Accelerator SA7150 User Guide
Notes
x
Introduction
Introduction to the SA7150
The HP e-Commerce/XML Ser ver Accelerat or SA7150 pr ovides th e
flexibility to analyze Extensible Markup Language (XML) traffic
according to content and distribute it according to user-defined
parameters. The SA7150 is positioned in the network in front of
business-to-business (B2B) XML servers, where it detects and parses
XML messages or transaction data. It sends client data to the m ost
appropriate server, based on rul es pre-configured for each server. The
most common application is a B2B environment where the client is
often another server or application.
C H A P T E R 1 HP e-Commerce/XML Server Accelerator SA7150 User Guide
Assumptions
It is assumed that you are a network administrato r and that you have
at least a basic understanding of the following:
• XML usage and syntax
• Networking concepts and terminology
• Network topologies
• Networks and IP routing
Benefits
The SA7150 offload s Secure Socket L ayer (SSL) processin g for your
e-Commerce site, web site, or Intranet . The SA7150 i s the best XML
processing solution available.
Feature Benefits
Patent-pending rules engine
allows classification of XML
transactions for example, by:
•
Trading partner name
• Trading partner type
• Transaction quantity
• Transaction value
• Time of day
• Time zone
Business priorities e asily configured:
• If the request is from Vendor A, then send to Server
1
• If transaction value is above $100,000, then send to
Server 2
NOTE: The above items are examples.
You can define any number of
classifications according to your
business needs.
Multi-variable classification,
including AND, OR
Allows complex business priorities to be addressed.
Handles up to 600 secure
transactions per second
2
Security with continued transaction sp eed
SA7150 Features
C H A P T E R 1 Specifications
Feature Benefits
Offloads XML distribution
decisions from e-Business
servers
Easy, drop-in insta llation betwe en
router and server
Specifications
Specification Description
Servers supported
Most Web servers (Apache*, Microsoft*, Netscape*, etc.)
Most operating systems (UNIX*, Solaris*, Windows NT*, BSD*/
BSDI*, AIX*, etc.)
Most server hardware (SUN*, HP*, IBM*, Compaq*, SGI*,
Intel*-based platforms)
Helps maximize server investment
No additional hardware or software needed
SA7150 Features
XML Dialects supported
System administration
Performance
Supports up to 1000 servers
Supports most XML dialects and e-Business standards, such as
SOAP*, Microsoft’s Biztalk*, Ariba’s cXML*, Commerce One’s
CBL*, and the emerging ebXML standard via HTTP and HTTPS
transport protocols
Command line interface
SNMP monitoring (MIB II and Private MIB)
Dynamic configuration thro ugh password-protected serial consol e,
Telnet, SSH v1, and SSH v2
Rated up to 1700 HTTP connections per second and 450 HTTPS
connections per second (1K data)
Patent-pending technology offloads all cryptographic processing
from server
Specifications
3
C H A P T E R 1 HP e-Commerce/XML Server Accelerator SA7150 User Guide
Specification Description
Dimensions
Weight
Interface connections
Patent pending XML
routing
Security algorithms
supported
Mounting: Standard 19-inch rack mount
Height: 1.75 inches (4.45 cm)
Width: 16.73 inches (46.99 cm)
Depth: 18.5 inches (4.45 cm)
8 pounds (3.64 kg)
10/100 Ethernet
TTY Serial - console
XML patterns: Defined by URI and XML expressions, in the
form:
URI Expression: */order.asp
XML Expression:
//From[id=”acme”]
Blowfish, CAST , CAST5, DES, 3DES, DSA, IDEA MD5, MDC2,
RC2, RC4, RSA, RMD-160, SHA, SHA-1
SSH for secure Command Line Interface (up to 168 bit encryption )
Serial port logon
Specifications
4
C H A P T E R 1 Typographic Conventions
Typographic Conventions
The following typograp hic conventions are used throughout this User
Guide:
NOTE: This is an
example of a note.
CAUTION: This is an
example of a caution.
WARNING: This is an
example of a warning.
NOTES clarify a point, emphasize vital information, or describe
options, alternatives, or shortcuts. Except for those within tables,
notes are always found in the left margin.
CAUTIONS are designed to prevent mistakes that could result in
injury or equipment damage. Except for those within tables, cautions
are always found in the left margin.
WARNINGS alert you t o potential haz ards to life or limb. Except for
those within tables, warnings are always found in the left margin.
NUMBERED LISTS indicate step-by-st ep procedures th at you must
follow in numeric order, as shown below:
1. This is the first step.
2. This is the second step.
3. This is the third step, etc.
BULLETED LISTS indicate options or features available to you, as
shown below:
• The first feature or option
• The second feature or option
• The third feature or option, etc.
ITALICS are used for emphasis or to indicate onscreen controls, as
shown in this example:
4. To edit the configuration settings, press the Configure tab.
COMMANDS are shown in the following ways:
• Any command or command response text that appears on the
terminal is presented in the
• Any text that you need to type at the command line appears in
bold courier, for example:
HP SA7150> create gold
courier font.
5
C H A P T E R 1 HP e-Commerce/XML Server Accelerator SA7150 User Guide
Notes
6
Parts Checklist
Installation and Initial
Configuration
Ensure that the items listed below are inclu ded in the shipping box:
• HP e-Commerce/XML Server Accelerator SA7150
• HP e-Commerce/XML Server Accelerator SA7150 Quick Start
Guide
• HP e-Commerce/XML Server Accelerator SA7150 User Guide
(this document)
• HP e-Commerce/XML Server Accelerator SA7150 Release Notes
• AC power cord
• Serial cable
• Rack mounting bracke ts with Phillips mounting screws
C H A P T E R 2 HP e-Commerce/XML Server Accelerator SA7150 User Guide
Additional Requirements
Before you begin installation, acquire or prepare the following:
• IP address for SA7150 (Only if you intend to use the SA7150’s
Remote Management capabilities. Please see Chapter 6 for
details.)
• IP addresses and port numbers of servers.
• Keys/certificates. (Only if you anticipate supporting secure
transactions. See Chapter 3 for information on obtaining keys
and certificates.)
NOTE: Network cables
are not provided wit h the
SA7150.
• Network cables, such as straight-through and/or crossover
cables. (Procedures in the section “Network Connecti ons” in this
chapter will identify the types of cables you must use.)
If you are installing the SA7150 in a rack, you will also need:
• Phillips screwdrive r (not provided)
• Rack-mounting screws
8
C H A P T E R 2 Physical Installation
Physical Installation
WARNING: Do not
remove the device’s
cover. There are no userserviceable parts inside.
Rack
Installation
The SA7150 is physically installed in either of two ways:
• In a standard 19” rack, cantilevered fr o m the provided mounting
brackets
• Free-standing on a flat surface with sufficient space for air-flow
(1” on all sides)
Rack mounting requires the use of t he mounting brackets, and all four
of the included Phillips screws.
Mounting Bracket Installation
1. Locate the two mounting brackets and the four screws. (Two
screws for each bracket.)
2. Attach a mounting bracket to each side of t he SA715 0, using t wo
of the provided screws for each bracket. Use the holes near the
front of the SA7150’s sides. The brackets have both round and
oval holes; the flange with round holes attaches to the SA7150,
the one with oval holes attaches to the rack.
3. Position the SA7150 in the desired space of your 19” rack and
attach the front flange of each mounting bracket to the rack with
two screws each. (Rack-mounting screws are not provided.)
9
C H A P T E R 2 HP e-Commerce/XML Server Accelerator SA7150 User Guide
Free-Standing
Installation
Network
Connections
1. Attach the provided self-adhesive rubber feet to the SA7150’s
bottom.
2. Place the SA7150 on a flat surface and make sure that there is
adequate airflow surrounding the unit (allow at least one inch of
air space on all sides).
1. Use the table below to select and install the appropriate network
cables (Category 5 UTP or better):
SA7150’s network
connector
Workstation or Server Crossover cable Straight-through cable
Switch or Hub Straight-through cable Crossover cable
Router Crossover cable Not recommended
SA7150 network
connector*
SA7150 server
connector*
N/A Straight-through cable
Straight-through cable N/A
SA7150’s server
connector
NOTE: Never connect
both of the SA7150’s
network ports to the same
switch, hub, or router.
Doing so creates a
feedback loop that
adversely effects network
bandwidth.
* Applicable only to multiple, cascaded units
2. Connect the provided power cabl e to the bac k of the unit . (Ther e
is no power switch.) Under normal circumstances, the SA7150
requires approximately 30 seconds to boot. When the boot is
complete, the unit’s Power LED is steadily illuminated. (If the
Power LED is not steadily illuminated, see Cha pter 9,
“Troubleshooting,” to rectify before proceeding to Step 3.)
3. The Inline LED should be either steadily illuminated or blinking
(to indicate Inline mode). If it is not, press the Bypass switch on
the device’s front panel to enable Inline mode.
10
C H A P T E R 2 Physical Installation
4. At this point both the Network and Server LEDs should be
steadily illuminated. If not, please see Chapter 9,
“Troubleshooting.”
XML Server 1
XML Server 2
hub/switch
Console
Connection
hub/switch
HP e-Commerce/XML Ser v er
Accelerator SA7150
Default Serv er
Wiring Connections
Run HyperTerminal* or a simila r terminal emulator on yo ur PC. The
steps below assume HyperTerminal* is used. Other terminals will
require different procedures.
1. Use the serial cable provided with the SA7150 to connect the
device’s serial port (the left-hand serial port labeled “Console”)
to the serial port of any terminal.
Power
(green)
Error
(red)
LEDs
Overload
(amber)
Activity
(green)
Network
(green)
LEDs
Inline
(green)
Server
(green)
Reset
Console
(CLI)
Aux Console
(Diagnostics)
Network Link
(RJ45)
Fail-through switch
Server Lin k
(RJ45)
Bypass
Front Panel Connectors and LEDs
2. Type an appropriate name in the Name field of the Connection
Description window (e.g., “Configuration”), and then click the
OK button. The Phone Number panel appears.
3. In the Connect Using… field specify “COM1” (or the serial port
through which the PC is connected to the SA7150 if different
from COM1).
11
C H A P T E R 2 HP e-Commerce/XML Server Accelerator SA7150 User Guide
4. Click the OK button. The COM1 Properties panel appears. Set
the values displayed here to 9600, 8, none, 1, and none.
5. Click the OK button.
Using
HyperTerm inal*
Fail-through
Switch
If you’re using HyperTerminal* you must make the following
configuration change:
1. In the File menu, click Properties.
2. Click the Settings tab.
3. Click the ASCII Setup butto n.
4. Change the values of Line and Character delay from 0 to at least
1 millisecond.
5. Click OK to exit ASCII Setup.
6. Click OK to exit Connection Properties.
The Fail-through switch allows you to choose between two options in
the event of a failure. It is located in the opening between the Network
and Server connectors. Use a small screwdriver or paper clip to
operate the switch. The two options are:
• Allow traffic to flow through the SA7150 unprocessed. (Fail-
through mode, indicated by a steadily illuminated Inline LED.
Fail-through switch in DOWN position.)
12
• Block traffic f l ow t hroug h t he S A7150 entirely. (Fail-safe mode,
indicated by a blinking Inline LED. Fail-through switch in UP
position.)
Please see Appendix B for a description of LED display.
C H A P T E R 2 Physical Installation
Accessing the
Command
Prompt
NOTE: The password is
not echoed on the
command line.
After the SA7150 boots up, the password prompt appears.
1. Type admin at the password prompt and press Enter to access
the prompt:
Password: admin (password is not echoed at prompt)
Current date: 2000 11/0 1 05:01
HP SA7150>
You are now ready for operations at the Command Line Interface
(CLI) of the SA7150. The following is a typical way to begin:
2. Change your password from admin to another of your choice.
Use the password command.
HP SA7150> password
3. Use set date to correct the date/time, if necessary. The date
and time affect the validity of the certificate.
HP SA7150> set date
4. Use the help command to list available command (or refer to the
Command Reference in Chapter 5 of the User Guide).
HP SA7150> help
5. Configure XML servers and patterns as appropriate for your
business needs. (See Chapter 3 of the Use r Guide for details.)
6. If your operational model includes SSL traffic, configure the
appropriate keys and certificates. (See Chapter 3 of the User
Guide for details.)
13
C H A P T E R 2 HP e-Commerce/XML Server Accelerator SA7150 User Guide
Notes
14
Theory of Operation
This chapter discusses the general operating principles for the HP eCommerce/XML Server Accelerator SA7150. For details about the
SA7150 command set, please see Chapter 5. For information about
completing typical, specific tasks, please see Chapter 4.
XML Operations
The HP e-Commerce/XML Server Accelerator SA7150 provides a
powerful means of using XML technology to facilitate Business-toBusiness transactions. In addi tion to its XML capabi lity, the SA7150
provides SSL acceleration (discussed later in this chapter).
The SA7150 employs user-created rules to evaluate the content
transmitted in XML documents and to distribute this inf ormation
among the appropriate data center resources. XML functionality is
enabled or disabled for each user-specified “map” (i.e., a triad
consisting of an IP address, network port, and server port.)
XML functionality is controlled by way of the Command Line
Interface (CLI—detailed in Chapter 5). The SA7150 manages XML
traffic using “XML patterns,” pairs of “URI expressions” and “XML
expressions.” URI expressions serve as “coarse” filters, allowing the
system to determine whether a HTTP POST request i s t arge ted at an
XML-enabled server—if no URI match is found, t he SA7150 doesn’t
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide
bother to examine the document for XML content, but simply passes
the document to the “mapped” server (i.e., the one with the IP address
and network port of the i ncoming message). XML expressions are the
“fine” filters—those to be applied to the content and context of the
XML data embedded in the HTTP POST request. XML patterns are
assigned to servers (identified by IP address and server port), and
when a match between a pattern and an incoming request o ccurs, the
SA7150 sends data to the appropriate server.
XML Server 1
Router
HP e-Commerce/XML Ser v er
Accelerator SA7150
Basic SA7150 Operating Configuration
Multiple SA7150s can be connected in series, or “cascaded,” to
multiply your site’s XML processing and availability capabilities,
(and also its SSL processing ca pability, should you use it.)
HP e-Commerce/XML Server
Accelerator SA7150
hub/switchRouter
HP e-Commerce/XML S erver
Accelerator SA7150
XML Server 2
XML Server 3
XML Server 1
XML Server 2
hub/switch
Before you configure the SA7150 for XML operations, you should
first answer the following:
• Which of the several co m mon formats or varieties of XM L will
16
XML Server 3
Cascaded SA7150s
be used in the client application?
C H A P T E R 3 XML Operations
• Which XML elemen ts, attributes, or text and HTTP fulfillment
locations contained or identified in the anticipated XML traffic
should be used for XML pattern matching?
• Which servers will be a ssigned the XML patterns that you
create?
• Do you intend to use the SA7150’s SSL capabilities?
General Considerations
Some general facts to keep in mind concerning XML o perations with
the current ve rsion of the S A7150 are liste d below. These fac ts do not
apply to SSL operations.
• The SA7150 uses an abbreviated version of the XPATH syntax.
• The SA7150 works with any XML appli cation the support s XML
1.0 and that is transported via HTTP or HTTPS POST request
methods.
• Transport protocols other than HTTP and HTTPS such as FTP
and SMTP are not supported.
• Content of incoming documents must be of type “text.”
• URL encoding is supported.
• Base64 encoding is not supported.
• The complete XML data stream must be encapsulated in the
body of the HTTP(S) POST request.
• Multi-part MIME messages are not supported.
• The first character of the POST request’s body must be the “less
than” (<) character; the final character must be the “grea ter tha n”
(>) character.
Server Mappings
Because the SA7150’s purpose is to send XML messages with
specific content to speci fic servers, it must be configured to recogn ize
these servers. This configuration is managed through the use of
“server mappings.” A server mapping consists of three items:
• A server’s IP address
• Network port
• Server port
17
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide
Server mappings are created using the create map command.
Typically, a map specifies a Key ID for SSL encryption and
decryption, as in the example following.
HP SA7150> create map
Server IP [0.0.0.0]: x.x.x.x
Network port [443]:
Cleartext (server) port [80]:
KeyID to use for map ping: default
HP SA7150>
If your operations invol ve processing only unencrypted XML tr affic,
you should use a “clear text map,” i.e., a map with no Key ID. The
example below illustrates the creation of a clear text map:
NOTE: In the example
opposite, the prompt for a
KeyID is ignored. Keys,
certificates and related
matters are discussed in
this chapter under “SSL
Operations.”
HP SA7150> create map
Server IP [0.0.0.0]: x.x.x.x
Network port [443]:
Cleartext (server) port [80]:
KeyID to use for map ping:
Cleartext map for XML only? [n]: y
HP SA7150>
XML Data Model
XML data consists of three hierarchical components:
• Elements (data types)
• Attributes (subcategories of a data type or element)
• Text (specific data such as names, addresses, and quantities
contained within elements or attributes)
The content of an XML document is defined within these three
components, as illustrated below. The example shows a block of
incoming XML text as received by the SA7150 in an HTTP POST
request.
NOTE: XML examples
here are indented for e ase
of reading—the leading
spaces or tabs are not
significant with regard to
SA7150 operations.
18
<employee>
<name lastNam e="Smith" firstName="John"
initial="K"/>
<address>
<street>132 80 Evening Creek Dr</street>
<city>San Diego</city>
<state>California</state>
<zip>92128</zip>
</address>
</employee>
C H A P T E R 3 XML Operations
Where:
• employee, name, address, street, city, state,
and zip are the elements of the XML docume nt.
• lastName, firstName, and initial are the attributes of the
element,
• 13280 Evening Creek Dr, San Diego, California,
name.
and 92128 are the text components of the elements, street,
city, state,
• “Smith,” and “John,” and “K” are the text components of the
lastName, firstName, and initial attributes of the name
element.
XML expressions configured in the SA7150 are matched against
XML data which is then sent fo r fulfillment to server assignm e nts
defined in XML patterns.
and zip , respectively.
URI expressions in XML Patterns
XML configurations use URI expressions to assign particular classes
of URLs to particular servers for fulfillment. Applicable expressions
are listed below:
• File type expressions, such as *.asp
• Path expressions, such as /PurchaseOrder/*
• Unique file expressions, such as /purchase.cgi
• Wildcard expression, such as *
• Negation expressions, such as !*.asp or !*/purchase.cgi
Invalid URI Expressions
The following may not be used in URI expressions:
• Text on either side of the asterisk, such as /order*.asp
• Expressions containing more than one asterisk, such as
/order*.*
• Expressions containing one or more spaces or the dollar sign ($)
character
• Expressions containing a vertical bar ( | ) or a carat (^)
19
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide
Negation Operator
The “*” and “!” operators are allowed in URI expressions, but they
can exist only at the beginning or end of an expression. Also, a
positive expression must appear after a not (!) expression, otherwise
the (!) expression has no effect.
The order of URI expressions is significant only when the “not” (!)
operator is used.
Expression Yields
NOTE: The SA7150 uses
a subset of the XPath
Language standard.
!*.asp
!*/PurchaseOrder
!/Buy.cgi
All non-ASP requests
All non-PurchaseOrder requests
All non-Buy.cgi requests
Use of the Negation Operator
Operators
XML expressions consist of sequences of one or more XML ele ments
or attributes combined with various “operators.” “St ep operators” tell
the SA7150 where in the XML data tree to look, while “comparison
operators” tell the SA7150 what to look for. In typical XML
expressions, elements are separated by step operators—single or
double slashes (/ or //). These are used to sel ect elements according to
their location (“node”) in the XML data tree. Step operators are
described in the table above. Comparison operators are the familiar
“equal to,” “not equ al to,” “greater tha n,” “less than,”and other such
symbols. These form the bases upon which the SA7150 compares
incoming XML data t o its own XML patterns to decide where t o send
each XML documen t for fulfillment.
20
Loading...