HP sa7150 User Manual

hp e-commerce/

xml server accelerator

user guide

sa7150

Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304-1185

Publication Number

5971-3006 March 2001

Disclaimer

The information contained in this document is subject to change without notice.

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or f or incidental or conse quential damages in connection with the furnishing, performance, or use of this material.

Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett-Packard.

Warranty

A copy of the specific warranty terms applicable to your Hewlett-Packard products and replacement parts can be obtained from http://www.hp.com/ serverappliances/support.

*Other brands and names are the prop erty of their respective owners.

Chapter 1: Introduction

Introduction to the SA7150. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Typographic Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Chapter 2: Installation and Initial Configuration

Parts Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Additional Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Physical Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Rack Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Free-Standing Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Network Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

C O N T E N T S HP e-Commerce/XML Server Accelerator SA7150 User Guide

Console Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Using HyperTerminal* . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Fail-through Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Accessing the Command Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Chapter 3: Theory of Operation

XML Operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

General Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Server Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

XML Data Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

URI expressions in XML Patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Invalid URI Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Negation Operator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Operators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Boolean Operators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Function Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

XML Pattern Creation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Mapped Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Default Keyword. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

XML Pattern Matching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

XML “Well-formed” Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Network Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Single Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Multiple Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Multiple SA7150s and Cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Scalability and Cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Spilling and Throttling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

SSL Operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Keys and Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Cutting and Pasting with HyperTerminal* . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Obtaining a Certificate from VeriSign* or Other Authority . . . . . . . . . . . . . . . . . 34

Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Using an Existing Key/Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Table of Contents

Exporting a Key/Certificate from a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Apache Interface to Open SSL* (mod_ssl). . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Apache SSL*. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Stronghold*. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Importing into the SA7150 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Creating a new Key/Certificate on the SA7150. . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Global Site Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Global Site Certificate Paste Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Redirection: Clients and Unsupported Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Client Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Creating a Client CA Certificate using OpenSSL* . . . . . . . . . . . . . . . . . . . . . . . . 45

SSL Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Automapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Automapping with user-specified key and certificate. . . . . . . . . . . . . . . . . . . . 47

Automapping with multiple port combinations . . . . . . . . . . . . . . . . . . . . . . . . 47

Deleting automapping entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Manual mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Combining automapping and manual mapping . . . . . . . . . . . . . . . . . . . . . . . . 48

Blocking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Specific IP, Specific Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Subnet, Specific Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

All IPs, Specific Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Delete a Block. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Failure Conditions, Fail-safe, and Fail-through . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Chapter 4: Scenarios

Scenario 1—Basic XML Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Procedure for Scenario 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Scenario 2—Single Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Procedure for Scenario 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Automapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Manual Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Scenario 3—Multiple Server Configuration (SSL) . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Procedure for Scenario 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

C O N T E N T S HP e-Commerce/XML Server Accelerator SA7150 User Guide

Scenario 4—Cascaded SA7150s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Initial Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Procedure for Scenario 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Scenario 5—Different Ingress and Egress Routers . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Procedure for Scenario 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Scenario 6—Configuring a Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

SA7150 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Chapter 5: Command Reference

Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Command Line Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Abbreviation to Uniqueness. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Input Editing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Moving the Insertion Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Cut and Paste . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Command Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Command Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Help Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Status Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

XML Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Port Mapping Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Operational Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Remote Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Alarms and Monitoring Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Administration Commands

Logging Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Chapter 6: Remote Management

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Limitations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Remote Management CLI Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Remote Telnet Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Table of Contents

Telnet and Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Local Serial Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Remote Console, Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Changing the Telnet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Disabling Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Remote SSH Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Local Serial Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Remote Console, SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Changing the SSH Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Disabling SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Starting SNMP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Standards Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

HP MIB Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Supported MIB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Where to find the MIB File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Trap Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Standard SNMP Traps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Traps in the HP Private MIB. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Enabling SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Specifying SNMP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Community String. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Trap Community String . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Chapter 7: Alarms and Monitoring

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Alarm Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

ESC: Encryption Status Change Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

RSC: Refused SSL Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

RSC Alarm CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

UTL: Utilization Threshold Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

vii

C O N T E N T S HP e-Commerce/XML Server Accelerator SA7150 User Guide

UTL Alarm CLI commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

OVL: Overload Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

OVL Alarm CLI Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

NLS: Network Link Status Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Alarm Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Monitoring Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Console Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Report Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Monitoring Reports CLI Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Chapter 8: Software Updates

Using HyperTerminal* . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Chapter 9: Troubleshooting

Appendix A: Front Panel

Buttons and Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Front Panel LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Appendix B: Failure/Bypass Modes

Bypass Button. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Fail-through Switch (Security Level) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Appendix C: Supported Ciphers

Cipher Strength. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

SSL Version Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

viii

Table of Contents

Appendix D: Regulatory Information

Taiwan Class A EMI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

VCCI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

FCC Part 15 Compliance Statement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Canada Compliance Statement (Industry Canada). . . . . . . . . . . . . . . . . . . . . . . . . . 167

CE Compliance Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

CISPR 22 Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

VCCI Class A (Japan). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

Australia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

WARNING. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

AVERTISSEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

WARNUNG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

AVVERTENZA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

ADVERTENCIAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Wichtige Sicherheitshinweise. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Appendix E: Software License Agreement

Mozilla* and expat* License Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

MOZILLA PUBLIC LICENSE, Version 1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Appendix F: Support Services

Support for your SA7150 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

U.S. and Canada. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Europe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

Asia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Latin America . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Other Countries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

Glossary

Index

C O N T E N T S HP e-Commerce/XML Server Accelerator SA7150 User Guide

Notes

Introduction

Introduction to the SA7150

The HP e-Commerce/XML Server Acce lerator S A7150 prov ides the flexibility to analyze Extensible Markup Language (XML) traffic according to content and distribute it according to user-defined parameters. The SA7150 is positioned in the network in front of business-to-business (B2B) XML servers, where it detects and parses XML messages or transaction data. It se nds client data to the most appropriate server, based on rules pre-configured for each server. The most common application is a B2B environment where the client is often another server or application.

C H A P T E R 1 HP e-Commerce/XML Server Accelerator SA7150 User Guide

Assumptions

It is assumed that you are a net w ork ad mini st rator and that you have at least a basic understanding of the following:

• XML usage and syntax

• Networking concepts and terminology

• Network topologies

• Networks and IP routing

Benefits

The SA7150 offloads S ecure Socket Layer (SSL) processing f or your e-Commerce site, web site, or Intranet. The S A7150 is th e best XML processing solution available.

Feature Benefits Patent-pending rules engine

allows classification of XML transactions for example, by:

•

Trading partner name

• Trading partner type

• Transaction quantity

• Transaction value

• Time of day

• Time zone

NOTE: The above items are examples. You can define any number of classifications according to your business needs.

Multi-variable classification, including AND, OR

Handles up to 600 secure transactions per second

Business priorities easily configured:

• If the request is from Vendor A, then send to Server

• If transaction value is above $100,000, then send to

Server 2

Allows complex business priorities to be addressed.

Security with contin ued transaction speed

SA7150 Features

C H A P T E R 1 Specifications

Feature Benefits Offloads XML distribution

decisions from e-Business servers

Easy, drop-in installation between router and server

Specifications

Specification Description Servers supported

XML Dialects supported

Most Web servers (Apache*, Microsoft*, Netscape*, etc.) Most operating systems (UNIX*, Solaris*, Windows NT*, BSD*/

BSDI*, AIX*, etc.) Most server hardware (SUN*, HP*, IBM*, Compaq*, SGI*,

Intel*-based platforms) Supports up to 1000 servers Supports most XML dialects and e-Business standards, such as

SOAP*, Microsoft’s Biztalk*, Ariba’s cXML*, Commerce One’s CBL*, and the emerging ebXML standard via HTTP and HTTPS transport protocols

Helps maximize server investment

No additional hardware or software needed

SA7150 Features

System administration

Performance

Command line interface SNMP monitoring (MIB II and Private MIB ) Dynamic configuration through password-p rotected serial console,

Telnet, SSH v1, and SSH v2 Rated up to 1700 HTTP connections per second and 450 HTTPS

connections per second (1K data) Patent-pending technology offloads all cryptographic processing

from server

Specifications

C H A P T E R 1 HP e-Commerce/XML Server Accelerator SA7150 User Guide

Specification Description Dimensions

Weight Interface connection s

Patent pending XML routing

Security algorithms supported

Mounting: Standard 19-inch rack mount Height: 1.75 inches (4.45 cm) Width: 16.73 inches (46.99 cm) Depth: 18.5 inches (4.45 cm) 8 pounds (3.64 kg) 10/100 Ethernet TTY Serial - console XML patterns: Defined by URI and XML expressions, in the

form: URI Expression: */order.asp XML Expressio n:

//From[id=”acme”]

Blowfish, CAST, CAST5, DES, 3DES, DSA, IDEA MD5, MDC2, RC2, RC4, RSA, RMD-160, SHA, SHA-1

SSH for secure Command Line Interface (up to 168 bit encryp tion) Serial port logon

Specifications

C H A P T E R 1 Typographic Conventions

Typographic Conventions

The following typographic conven tions are used throughout this User Guide:

NOTE: This is an example of a note.

CAUTION: This is an example of a caution.

WARNING: This is an example of a warning.

NOTES clarify a point, emphasize vital information, or describe options, alternatives, or shortcuts. Except for those within tables, notes are always found in the left margin.

CAUTIONS are designed to prevent mistakes that could result in injury or equipment damage. Except for those within tables, cautions are always found in the left margin.

WARNINGS alert you to po tential hazar ds to life or l imb. Except for those within tables, warnings are always found in the le ft margin.

NUMBERED LISTS indicate step-by-step proce dures that you must follow in numeric order, as shown below:

1. This is the first step.

2. This is the second step.

3. This is the third step, etc. BULLETED LISTS indicate options or features available to you, as

shown below:

• The first feature or option

• The second feature or option

• The third feature or option, etc.

ITALICS are used for emphasis or to indicate onscreen controls, as shown in this example:

4. To edit the configuration settings, press the Configure tab. COMMANDS are shown in the following ways:

• Any command or command response text that appears on the

terminal is presented in the

• Any text that you need to type at the command line appears in

bold courier, for example:

HP SA7150> create gold

courier font.

C H A P T E R 1 HP e-Commerce/XML Server Accelerator SA7150 User Guide

Notes

Parts Checklist

Installation and Initial Configuration

Ensure that the items li sted below are included in th e shipping box:

• HP e-Commerce/XML Server Accelerator SA7150

• HP e-Commerce/XML Server Accelerator SA7150 Quick Start

Guide

• HP e-Commerce/XML Server Accelerator SA7150 User Guide

(this document)

• HP e-Commerce/XML Server Accelerator SA7150 Release Notes

• AC power cord

• Serial cable

• Rack mounting brackets wi th Phillips mounting screws

C H A P T E R 2 HP e-Commerce/XML Server Accelerator SA7150 User Guide

Additional Requirement s

Before you begin installation, acquire or prepare the following:

• IP address for SA7150 (Only if you intend to use the SA7150’s

Remote Management capabilities. Please see Chapter 6 for details.)

• IP addresses and port numbers of servers.

• Keys/certificates. (Only if you anticipate supporting secure

transactions. See Chapter 3 for information on obtaining keys and certificates.)

NOTE: Network cables are not provided wit h th e SA7150.

• Network cables, such as straight-through and/or crossover

cables. (Procedures in the section “Network Connection s” in this chapter will identify the types of cables you must u s e.)

If you are installing the SA7150 in a rack, you will also need:

• Phillips screwdriver (not provided)

• Rack-mounting screws

C H A P T E R 2 Physical Installation

Physical Installation

WARNING: Do not remove the device’s cover. There are no userserviceable parts inside.

Rack Installation

The SA7150 is physically installed in either of two ways:

• In a standard 19” rack, cantilevered from th e pro vided mounting

brackets

• Free-standing on a flat surface with sufficient space for air-flow

(1” on all sides)

Rack mounting requires the use of the mount ing brackets, and all four of the included Phillip s screws.

Mounting Bracket Installation

1. Locate the two mounting brackets and the four screws. (Two screws for each bracket.)

2. Attach a mounting bracket to each side of the SA7150, u sing two of the provided screws for each bracket. Use the holes near the front of the SA7150’s sides. The brackets have both round and oval holes; the flange with round holes attaches to the SA7150, the one with oval holes attaches to the rack.

3. Position the SA7150 in the desired space of your 19” rack and attach the front flange of each mounting bracket to the rack with two screws each. (Rack-mounting screws are not provided.)

C H A P T E R 2 HP e-Commerce/XML Server Accelerator SA7150 User Guide

Free-Standing Installation

Network Connections

1. Attach the provided self-adhesive rubber feet to the SA7150’s bottom.

2. Place the SA7150 on a flat surface and make sure that there is adequate airflow surrounding the unit (allow at least one inch of air space on all sides).

1. Use the table below to select and install the appropriate network cables (Category 5 UTP or better):

SA7150’s network connector

Workstation or Server Crossover cable Straight-through cable

Switch or Hub Straight-through cable Crossover cable

Router Crossover cable Not recommended

SA7150 network connector*

SA7150 server connector*

* Applicable only to multiple, cascaded units

N/A Straight-through cable

Straight-through cable N/A

SA7150’s server connector

NOTE: Never connect

both of the SA7150’s network ports to the same switch, hub, or router. Doing so creates a feedback loop that adversely effects network bandwidth.

2. Connect the provided power cable to the bac k of the uni t. (There is no power switch.) Under normal circumstances, the SA7150 requires approximately 30 seconds to boot. When the boot is complete, the unit’s Power LED is steadily illumin ated. (If the Power LED is not steadily illuminated, see Chapter 9, “Troubleshooting,” to rectify before proceeding to Step 3.)

3. The Inline LED should be either steadily illuminated or blinking (to indicate Inline mode). If it is not, press the Bypass switch on the device’s front panel to enable Inline mode.

C H A P T E R 2 Physical Installation

4. At this point both the Network and Server LEDs should be steadily illuminated. If not, please see Chapter 9, “Troubleshooting.”

XML Server 1

XML Server 2

hub/switch

Console Connection

hub/switch

HP e-Commerce/XML Server

Accelerator SA7150

Default Server

Wiring Connections

Run HyperTerminal* or a similar term inal emulator on your PC . The steps below assume HyperTerminal* is used. Other terminals will require different procedures.

1. Use the serial cable provided with the SA7150 to connect the device’s serial port (the left-hand serial port labeled “Console”) to the serial port of any terminal.

Power

(green)

Error (red)

LEDs

Overload

(amber)

Activity (green)

Network

(green)

LEDs

Inline

(green)

Server

(green)

Reset

Console

(CLI)

Aux Console (Diagnostics)

Network Link

(RJ45)

Fail-through switch

Server Link

(RJ45)

Bypass

Front Panel Connectors and LEDs

2. Type an appropriate name in the Name field of the Connection Description window (e.g., “Configuration”), and then click the OK button. The Phone Number panel appears.

3. In the Connect Using… field specify “COM1” (or the serial port through which the PC is connected to the SA7150 if different from COM1).

C H A P T E R 2 HP e-Commerce/XML Server Accelerator SA7150 User Guide

4. Click the OK button. The COM1 Properties panel appears. Set the values displayed here to 9600, 8, none, 1, and none.

5. Click the OK button.

Using HyperTerminal*

Fail-through Switch

If you’re using HyperTerminal* you must make the following configuration change:

1. In the File menu, click Properties.

2. Click the Settings tab.

3. Click the ASCII Setup button.

4. Change the values of Line and Character delay from 0 to at least 1 millisecond.

5. Click OK to exit ASCII Setup.

6. Click OK to exit Connection Properties.

The Fail-through switch allows you to choose between two options in the event of a failure. It is located in the opening between the Network and Server connectors. Use a small screwdriver or paper clip to operate the switch. The two options are:

• Allow traffic to flow through the SA7150 unprocessed. (Fail-

through mode, indicated by a steadily illuminated Inline LED.

Fail-through switch in DOWN position.)

• Block traffic flow t hr oug h t he S A7150 ent irel y. (Fail-safe mode,

indicated by a blinking Inline LED. Fail-through switch in UP position.)

Please see Appendix B for a description of LED display.

C H A P T E R 2 Physical Installation

Accessing the Command Prompt

NOTE: The password is not echoed on the command line.

After the SA7150 boots up, the password prompt appears.

1. Type admin at the password prompt and press Enter to access the prompt:

Password: admin (password is not echoed at prompt) Current date: 2000 11/01 05:01 HP SA7150>

You are now ready for operations at the Command Line Interface (CLI) of the SA7150. The following is a typical way to begin:

2. Change your password from admin to another of your choice. Use the password command.

HP SA7150> password

3. Use set date to correct the date/time, if necessary. The date and time affect the validity of the certificate.

HP SA7150> se t date

4. Use the help command to list available command (or refer to the Command Reference in Chapter 5 of the User Guide).

HP SA7150> help

5. Configure XML servers and patterns as appropriate for your business needs. (See Chapter 3 of the User Guide for details.)

6. If your operational model includes SSL traffic, configure the appropriate keys and certificates. (See Chapter 3 of the User Guide for details.)

C H A P T E R 2 HP e-Commerce/XML Server Accelerator SA7150 User Guide

Notes

Theory of Operation

This chapter discusses the general operating principles for the HP eCommerce/XML Server Accelerator SA7150. For details about the SA7150 command set, please see Chapter 5. For information about completing typical, specific tasks, please see Chapter 4.

XML Operations

The HP e-Commerce/XML Server Accelerator SA7150 provides a powerful means of using XML technology to facilitate Business-toBusiness transactions. In additi on to its XML capabilit y, the SA7150 provides SSL acceleration (discussed later in this chapter).

The SA7150 employs user-created rules to evaluate the content transmitted in XML documents and to distri bute this information among the appropriate data center resources. XML functionality is enabled or disabled for each user-specified “map” (i.e., a triad consisting of an IP address, network port, and server port.)

XML functionality is controlled by way of the Command Line Interface (CLI—detailed in Chapter 5). The SA7150 man a ges XML traffic using “XML patterns,” pairs of “URI expressions” and “XML expressions.” URI expressions serve as “coarse” filters, allowing the system to determine whether a HTTP POST request is targe ted at an XML-enabled server—if no URI match is found, the SA71 50 doesn’t

C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide

bother to examine the document for XML content, but simpl y passes the document to the “mapped” server (i.e., the one with the IP address and network port of the incoming message). XML expressions are the “fine” filters—those to be applied to the content and context of the XML data embedded in the HTTP POST request. XML patterns are assigned to servers (identified by IP address and server port), and when a match between a pat tern and an incomi ng request o ccurs, the SA7150 sends data to the appropriate server.

XML Server 1

Router

HP e-Commerce/XML Server

Accelerator SA7150

Basic SA7150 Operating Configuration

Multiple SA7150s can be connected in series, or “cascaded,” to multiply your site’s XML processing and availability capabilities, (and also its SSL processing capability, should you use it.)

HP e-Commerce/XML Server

Accelerator SA7150

hub/switchRouter

HP e-Commerce/XML Se rver

Accelerator SA7150

XML Server 2

XML Server 3

XML Server 1

XML Server 2

hub/switch

XML Server 3

Cascaded SA7150s

Before you configure the SA7150 for XML operations, you should first answer the following:

• Which of the several common formats or varieties of XML w ill

be used in the client application?

C H A P T E R 3 XML Operations

• Which XML elements, attributes, or text and HTTP fulfillment

locations contained or identified in the anticipated XML traffic should be used for XML pattern matching?

• Which servers will be assigned the XML patterns that yo u

create?

• Do you intend to use the SA7150’s SSL capabilities?

General Considerations

Some general facts to keep in mi nd concerning XML operat ions with the current version of the SA7150 are listed be low. These fac ts do not apply to SSL operations.

• The SA7150 uses an abbreviated version of the XPATH syntax.

• The SA7150 works with any XML applicati on the supports XML

1.0 and that is transported via HTTP or HTTPS POST request methods.

• Transport protocols other than HTTP and HTTPS such as FTP

and SMTP are not supported.

• Content of incoming documents must be of type “text.”

• URL encoding is supported.

• Base64 encoding is not supported.

• The complete XML data stre am must be encapsulated in the

body of the HTTP(S) POST request.

• Multi-part MIME messages are not supported.

• The first character of the POST request’s body must be the “less

than” (<) character; the final character must be the “greate r than” (>) character.

Server Mappings

Because the SA7150’s purpose is to send XML messages with specific content to specific servers, it must be configured to recogniz e these servers. This configuration is managed through the use of

“server mappings.” A server mapping consists of three items:

• A server’s IP address

• Network port

• Server port

C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide

Server mappings are created using the create map command. Typically, a map specifies a Key ID for SSL encryption and decryption, as in the example following.

HP SA7150> create map Server IP [0.0.0.0]: x.x.x.x Network port [443]: Cleartext (server) port [80]: KeyID to use for mappi ng: default HP SA7150>

If your operations involve processing only unen crypted XML traff ic, you should use a “clear text map,” i.e., a map with no Key ID. The example below illustrates the creation of a clear text map:

NOTE: In the example opposite, the prompt for a KeyID is ignored. Keys, certificates and related matters are discussed in this chapter under “SSL Operations.”

NOTE: XML examples here are indented for ease of reading—the leading spaces or tabs are not significant with regard to SA7150 operations.

HP SA7150> create map Server IP [0.0.0.0]: x.x.x.x Network port [443]: Cleartext (server) port [80]: KeyID to use for mappi ng: Cleartext map for XML only? [n]: y HP SA7150>

XML Data Model

XML data consists of three hierarchical components:

• Elements (data types)

• Attributes (subcategories of a data type or element)

• Text (specific data such as names, addresses, and quantities

contained within elements or attributes)

The content of an XML document is defined within these three components, as illustrated below. The example shows a block of incoming XML text as received by the SA7150 in an HTTP POST request.

<street>13280 Evening Creek Dr</street> <city>San Diego</city> <state>California</state> <zip>92128</zip>

</address>

</employee>

C H A P T E R 3 XML Operations

Where:

• employee, name, address, street, city, state,

and zip are the elements of the XML document.

• lastName, firstName, and initial are the attributes of the

element,

• 13280 Evening Cre ek Dr, San Diego, California,

name.

and 92128 are the text components of the elements, street,

city, state,

• “Smith,” and “John,” and “K” are the text components of the

lastName, firstName, and initial attributes of the name

element.

XML expressions configured in the SA7150 are matched against XML data which is then sent for fulfillment to server assignments defined in XML patterns.

URI expressions in XML Patterns

XML configurations use URI expressions to assign partic ular classes of URLs to particular servers for fulfillment. Applicable expressions are listed below:

and zip , respectively.

• File type expressions, such as *.asp

• Path expressions, such as /PurchaseOrder/*

• Unique file expressions, such as /purchase.cgi

• Wildcard expression, such as *

• Negation expressions, such as !*.asp or !*/purchase.cgi

Invalid URI Expressions

The following may not be used in URI expressions:

• Text on either side of the asterisk, such as /order*.asp

• Expressions containing more than one asterisk, such as

/order*.*

• Expressions containing one or more spaces or the dollar sign ($)

character

• Expressions containing a vertical bar ( | ) or a carat (^)

C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide

Negation Operator

The “*” and “!” operators are allowed in URI expressions, but they can exist only at the beginning or end of an expression. Also, a positive expression must appear after a not (!) expression, otherwise the (!) expression has no effect.

The order of URI expressions is significant only when the “not” (!) operator is used.

Expression Yields

NOTE: The SA7150 uses a subset of the XPath Language standard.

!*.asp

!*/PurchaseOrder

!/Buy.cgi

All non-ASP requests

All non-PurchaseOrder requests

All non-Buy.cgi requests

Use of the Negation Operator

Operators

XML expressions consist of sequences of one or more XML elements or attributes combined with various “operators.” “Step operators” tell the SA7150 where in the XML data tree to look, while “comparison operators” tell the SA7150 what to look for. In typical XML expressions, elements are separated by step operators—single or double slashes (/ or //). These are used to select el ements according to their location (“node”) in the XML data tree. Step operators are described in the table above. Comparison operators are the familiar “equal to,” “not equal t o, ” “greater than,” “less than,”and other such symbols. These form the bases upon which the SA7150 compares incoming XML data to it s own XML patterns to decide where to sen d each XML document for fu lfillment.

+ 182 hidden pages