HP sa7220 User Manual

hp traffic director server appliances

user guide for the hp e-commerce traffic director server appliance sa8200/sa8220 and the hp traffic director server appliance sa7200/ sa7220

Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304-1185

Publication Number 5971-0900 February 2001

Disclaimer

The information contained in this document is subject to change without notice.

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained here in or for i ncidental or co nsequential damages in connection with the furnishing, performance, or use of this material.

Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by HewlettPackard.

Warranty

A copy of the specific warranty terms applicable to your HewlettPackard products and replacement parts can be obtained from http://www.hp.com/serverappliances/support.

*Other brands and names are the propert y of thei r respectiv e owners.

Contents

Chapter 1: Introduction 1

Introduction to the Traffic Director Server Appliances . . . . . . . . . . . . . . . . . . . . . . . . 2

Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Typographic Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Chapter 2: Theory of Operations 11

General Operating Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Layer 4 (HOT) Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Layer 7 (RICH) Services (all models except the SA7200). . . . . . . . . . . . . . . . 13

Out-of-Path Return (OPR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

FTP Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

C O N T E N T S HP Traffic Director Server Appliances User Guide

Sticky Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Sticky Persistence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Sticky-timeout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Server-timeout (SA8200/SA8220 only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

SSL and Sticky (SA8200/SA8220 only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Grouping Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

SSL Acceleration (SA8200/SA8220 only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

SSL Fundamentals (SA8200/SA8220 only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Application Message Traffic Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

HTTPS Redirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Client Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

HTTP Header Option Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Load Balancing Across Multiple Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Balancing Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Response-Time Metrics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Primary and Backup Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Server Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Source Address Preservation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Multi-hop Source Address Preservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

RICH Expressions (not available on the SA7200) . . . . . . . . . . . . . . . . . . . . . . 25

Order of Expressions (not available on the SA7200) . . . . . . . . . . . . . . . . . . . . 26

Routing with Dual Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Prioritization and Policy Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Routing Method for VIP Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Error Detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Server Status Detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

HTTP Error Detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Serial Cable Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Serial Cable Failover Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Replicating the Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Status Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Contents

Chapter 3: Boot Monitor 41

Using the Boot Monitor CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Accessing the Boot Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Interrupting the Bootup Sequence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Using the Run Time CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Boot Monitor Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Chapter 4: Graphical User Interface 59

Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Logon Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Logging on to the GUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Topology Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Using the Topology Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Purposes of the Topology Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Topology Screen Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Online Help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Topology Screen Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Window Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Policy Manager Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Policy Manager Controls and Displays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Policy Manager Toolbar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Policy Manager’s Pop-up Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Policy Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Creating Policy Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Throttling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Deleting Policy Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Creating Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Additional Service Tab Controls and Displays. . . . . . . . . . . . . . . . . . . . . . . . . 73

Balance Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Deleting Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

RICH Controls (all models except the SA7200). . . . . . . . . . . . . . . . . . . . . . . . 79

Order of Expressions (all models except the SA7200) . . . . . . . . . . . . . . . . . . . 81

Deleting Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

iii

C O N T E N T S HP Traffic Director Server Appliances User Guide

Administration Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Settings Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Software Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

System Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Agent Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Users Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Routing Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

System Role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Active Routing Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

RIP Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

OSPF Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Security Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Source IP Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Access Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

GUI Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

CLI Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

SNMP Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

SNMP Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Multi-Site Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Logging Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

Specifying System Log Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

Viewing the Log File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Configuration Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Saving Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Restoring Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Deleting Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Copying Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Viewing Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Resetting the Factory Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Sending and Retrieving Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Tools Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Ether. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Netstat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Contents

Nslookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Trace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Statistics Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Statistics Screen Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Statistics Box. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

Graph Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Selection List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Window Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Graphing Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Chapter 5: Command Line Interface 133

CLI Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Secure Shell Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Pipes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Categorical List of CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Global System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Admin Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

File Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

IRV Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

GUI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Policy Group Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Service Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Security Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

SSL Commands (SA8200/SA8220 only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Logging Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

C O N T E N T S HP Traffic Director Server Appliances User Guide

Run-Time CLI Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Global System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Admin Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

File Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

IRV Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

GUI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

Policy Group Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Security Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

SSL Commands (SA8200/SA8220 only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Logging Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Chapter 6: Scenarios 207

e-Commerce Appliance Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

Scenario 1: Load Balancing a Web Site with Two Servers and the SA8220 in Inline

Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

Prerequisites for Scenario 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Procedure for Scenario 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Scenario 2: Load Balancing Servers with Source Address Preservation . . . . . . 214

Prerequisites for Scenario 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Procedure for Scenario 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Scenario 3: Routing Outbound Data Away from the SA8220 for OPR . . . . . . . 217

Prerequisites for Scenario 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Procedure for Scenario 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Scenario 4: Content Routing (SA7220 and SA8200/SA8220 only). . . . . . . . . . 220

Prerequisites for Scenario 4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Procedure for Scenario 4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Scenario 5: Using SSL Acceleration (SA8200/SA8220 only) . . . . . . . . . . . . . . 226

Procedure for Scenario 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

Scenario 6: Using CRLs (SA8200/SA8220 only). . . . . . . . . . . . . . . . . . . . . . . . 228

Contents

Chapter 7: SNMP Support 233

Using SNMP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Standards Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

HP MIB Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Supported MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Where to find MIB Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Trap Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Standard SNMP Traps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Displaying SNMP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Configuring Community Authentication and Security Parameters . . . . . . . . . . . 243

Configuring Trap Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Other Configurable SNMP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Chapter 8: Software Updates 247

Updating Your System Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Multiple Software Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Software Image Media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Saving Your Current Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Downloading and Installing the Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Rebooting with the New Image and Verifying Installation. . . . . . . . . . . . . . . . . 250

Upgrading Under Serial Cable Failover Configuration. . . . . . . . . . . . . . . . . . . . 251

Appendix A: Security Configuration 253

Recommended Security Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Appendix B: SSL Configuration 255

Obtaining Keys and Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Copying and Pasting Keys and Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Obtaining a Certificate from Verisign or another CA . . . . . . . . . . . . . . . . . . . . . 257

Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Importing Keys into the SA8220. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Importing Certificates into the SA8220. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

Creating a new Key/Certificate on the SA8220. . . . . . . . . . . . . . . . . . . . . . . . . . 260

Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

vii

C O N T E N T S HP Traffic Director Server Appliances User Guide

Using Global Site Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Generating a Client CA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

Generating a CRL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

Revoking a Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Using Ciphers with the SA8220 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

HTTP Header Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Appendix C: Failover Method Dependencies 269

Failover Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

Appendix D: Configuring Out-of-Path Return 273

Configure OPR for Windows* 2000* . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

Set the Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

Configure OPR for Windows* NT*. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Set the Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Run a Web Service on the Loopback Interface Using IIS 3.0 . . . . . . . . . . . . 295

Run a Web Service on the Loopback Interface Using IIS 4.0 . . . . . . . . . . . . 296

Configuring OPR for Apache Web Server on a UNIX* machine . . . . . . . . . . . . . . 297

Appendix E: Diagnostics and Troubleshooting 299

Running Diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Diagnostic LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

Power Indication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

Boot-time LED Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

Run time LED Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

Run time Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Appendix F: Cleaning the Dust Filter 307

Background. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

Dust Filter Cleaning Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

viii

Contents

Regulatory Information 309

Taiwan Class A EMI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

VCCI Class A (Japan). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

VCCI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

Australia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

FCC Part 15 Compliance Statement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

Canada Compliance Statement (Industry Canada). . . . . . . . . . . . . . . . . . . . . . . . . . 312

CE Compliance Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

CISPR 22 Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

WARNING. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

AVERTISSEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

WARNUNG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

AVVERTENZA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

ADVERTENCIAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317

Wichtige Sicherheitshinweise. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

Software License Agreements 321

Support Services 325

Support for your SA8220 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

U.S. and Canada. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

Europe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326

Asia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

Latin America . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328

Other Countries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328

Glossary 329

C O N T E N T S HP Traffic Director Server Appliances User Guide

Notes

Introduction

This chapter covers the following topics:

NOTE: For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models.

• Introduction to the Traffic Director Server Appliances

• Assumptions

• Benefits

• Specifications

• Typographic Conventions

C H A P T E R 1 HP Traffic Director Server Appliances User Guide

Introduction to the Traffic Director Server Appliances

The HP e-Commerce Traffic Director Server Appliance SA8200/ SA8220s and the HP Traffic Director Server Appliance SA7200/ SA7220s provide reliable l oad b a la nci ng, fa ilo ver , and pol icy -based management to Web sites, Intranets, and e-Commerce sites. These models also include intelligent c ont ent rout i ng, a nd are t he best load balancing solution available for the reasons shown below.

Feature Description Reliability

Fault Resistance

Policy-based Management

Intelligent Content Routing (SA8200/ SA8220 only)

Error Recovery

Secure Sockets Layer Acceleration (SA8200/ SA8220 only)

The SA8220 provides 7 x 24 uptime through failover systems and the inherent robustness of leading network protocols.

The SA8220-managed configurations offer many features and capabilities that improve the availability and reliability of s erverbased services.

The SA8220 allows system administrators to implement classes of service, assign priority levels, and set target response times.

The SA8220 takes application-aware routing to a new level with the ability to segment Internet content according to the requested URL.

Application intelligence allows the SA8220 to understand and correct application errors transparently to the end user.

The SA8220 can of fload encr ypted web tra ffi c (HTTPS) p roviding a significant performance improvement over web server based Secure Sockets Layer (SSL) processing.

C H A P T E R 1 Assumptions

Assumptions

This User Guide assumes that you are a network administrator and that you have at least a basic understanding of the following:

• Networking concepts and terminology

• Network topologies

• Networks and IP routing

Benefits

SA8220 benefits are listed below.

Benefit Description Substantial performance

boost and reliability for e-Commerce (SA8200/SA8220 only)

Up to 150 times SSL acceleration (SA8200/SA8220 only)

The SA8220 can increase the speed, scalability, and reliability of multi-server e-Commerce sites. It regains the speed lost by servers processing secure transactions by delivering faster SSL processing. It integrates SSL processing with third generation traffic management technology, eliminating errors and improving Quality of Service (QoS). This unique capability ensures that customers working with sensitive information or buying online receive timely responses, do not see error messages, and are confident that delivery of their information is kept private.

E-Commerce sites suffer dramatic performance degradation as secure transactions increase. Using patent-pending technology to perform cryptographic processing offloaded from the server, the SA8220 (only) can support up to 1200 SSL connections per second.

The SA8220 enables e-Commerce sites to transact secure bu siness and deliver sensitive information quickly, and confidentially. It performs all key management and encryption. The result is a tremendous performance boost for heavily tra f ficked e-Co mmerce sites.

C H A P T E R 1 HP Traffic Director Server Appliances User Guide

Benefit Description Substantial economic

benefits (SA8200/SA8220 only)

SSL acceleration and intelligent traffic management benefits (SA8200/SA8220 only)

The SA8220 improves customer satisfaction by improving the response time for secure transactions. E-Commerce sites can now enjoy the benefits provided by having secure transactions participate in layer 7 intelligent traffic management. This creates substantial economic savings for e-Commerce sites through improved customer satisfaction, lowe r cost of owner ship, and reduced server provisioning requirements.

Performance degrades dramatically as more customers access a site in secure SSL mode , f r ustr at ing to the very customers who ar e trying to make a purchase. The SA8220 is essential to providing high performance and superior levels of service when building reliable, scalable, and secure e-Commerce sites.

Off-loading SSL handling from e-Commerce servers improves overall site performance and customer response time

Accelerated SSL processing eliminates over-provisioning capacity Lower processing demands on the server creates greater capacity

for your e-Commerce site Drop-in installation avoids impacting your mission critical e-

Commerce servers Response-time based prioritized service for secure transactions Improved responsiveness, reliability, and QoS for secure

transactions means delivering the highest levels of support for paying customers

Ensures that e-Commerce merchants are always open for business by preventing “Server Too Busy” and “File Not Found” errors, even for secure transactions

C H A P T E R 1Benefits

Benefit Description Intelligent content

routing for SSL transactions (SA8200/SA8220 only)

Intelligent session recovery for transactions (all models except the SA7200)

Response-time base prioritized service for secure transactions

The SA8220 incorporat es intellig ent traf fic management for secure transactions, dramatically improving an e-Commerce site’s responsiveness, reliability, and QoS. While typical tr affic management devices make decisions based onl y on i nfor mat io n at Layer 4 in the network stack, the SA8220 combines Layer 4 through 7 (application/content) awareness to speed up response times and eliminate error messages for secure transactions. It keeps e-Commerce sites open for business, even during back-end transaction problems or content glitches.

The SA8220 provides I ntel ligent Session Recov ery tech nology for transactions. By monitoring conte nt within the resp onse sent back by the server, Intelligent Session Reco very detects HTTP 400, 500, or 600 series errors, transparently rolls back the session, and redirects the transaction to another server until the request is fulfilled.

The SA8220 enables system administrators to implement varying classes of service, assign priority levels, and set target response times for secure transactions. The SA8220 continually measures the response times of each class of service group and assigns incoming requests to the server that can fulfill tho s e requests within the predefined response time. If the response time exceeds the predefined threshold, requests designated as high priority receive preference over those of lower priority. The SA8220 allows you to offer predictable performance for high-priority secure requests.

C H A P T E R 1 HP Traffic Director Server Appliances User Guide

Specifications

SA8220 specifications are listed below.

Specification Description

Servers supported

Any Web server (Apache, Microsoft, Netscape, etc.)

Any operating system (UNIX*, Solaris*, Windows NT*, BSD*/BSDI*, AIX*, etc.)

Any server hardware (SUN, HP, IBM, Compaq, SGI, Intel-based platforms, etc.)

No practical limit on number of servers XXX

System Administration

Command line interface XXX Web-based GUI XXX SNMP monitoring (MIB II and Private

MIB) Dynamic configuration through

password-protected serial console, telnet, SSH v1, and SSH v2

SA7200 SA7220 SA8200/

SA8220

XXX

C H A P T E R 1 Specifications

Specification Description

Performance

SA8220 is rated up to 1200 HTTPS connections/sec, 2500 RICH HTTP connections/sec, 3500 HOT connections/ sec, 95 Mb/sec. SA8200 is rated up to 600 HTTPS connections/sec, 1300 RICH HTTP connections/sec, 2800 HOT connections/ sec. Both the SA8200 and the SA8220 are rated up to 6600 Max HTTP/ HTTPS/sec.

Layer 7 traffic management XX Patent-pending technology of f l oad s all

cryptographic processing from server

Dimensions

Mounting: Standard 19-inch rack mount XXX Height: 3.5 inches (8.9 cm) XXX Width: 17 inches (43.2 cm) XXX Depth: 20.16 inches (51.21 cm) for the

SA7200, SA7220, and SA8220 Depth: 23.75 inches (60.3 cm) for the SA8200

SA7200 SA7220 SA8200/

SA8220

XXX

Weight Interface

Connections

Transparent Operation

Priority Classes

24 pounds (10.89 kg) XXX Dual 10/100 Ethernet XXX TTY Serial - console XXX Failover port XXX Supports single or multiple Virtual IP

XXX

(VIP) addresses per domain Application/protocol types supported:

XXX

Any TCP Port, e.g., HTTP, HTTPS, FTP

C H A P T E R 1 HP Traffic Director Server Appliances User Guide

Specification Description

Intelligent Content Routing

Content: URL, file types such as *.GIF, file paths such as \ads\, file na mes such as Index.html

Transactions: Transaction types such as *.CGI

Intelligent Session Recovery (HTTPS is available on the SA8200/SA8220 only)

Response-time based Priority for secure and non-secure transactions)

Automatically resubmits requests XX Traps 400, 500, a nd 600 series errors for

HTTP and HTTPS

Sets and enacts target response times XX

Real-time performance monitoring XX Automatic server weighting and tuning XX Server-state aware (“sticky”) based on:

SA7200 SA7220 SA8200/

SA8220

System Fault Tolerance

- Source IP XXX

- SSL session ID X

- HTTP cookie XX Single site, single or multiple

XXX

connections Automatic detection of status change

XXX

and health of servers Intelligent Resource Verification (IRV) XXX

C H A P T E R 1 Typographic Conventions

Specification Description

Security Features Supported

SSL v2 and v3 for transaction security XX SSH for secure Command Line Interface XX IP filtering XX Serial port logon XX

Typographic Conventions

The following typographic conventions are used throughout this manual.

ONE MODEL NUMBER (SA8220): For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models.

NOTE: This is an example of a note.

CAUTION: This is an example of a caution.

NOTES clarify a point, emphasize vital information, or describe options, alternatives, or shortcuts.

CAUTIONS are designed to prevent possible mistakes that could result in injury or equipment damage.

SA7200 SA7220 SA8200/

SA8220

WARNINGS alert you to potential hazard s to life or limb. Excep t for tables, warnings are always found in the left margin.

NUMBERED LISTS indicate step-by-step proce dures that you must follow in numeric order, as shown below:

1. This is the first step.

2. This is the second step.

3. This is the third step, etc. BULLETED LISTS indicate options or features available to you, as

shown below:

• The first feature or option

• The second feature or option

• The third feature or option, etc.

ITALICS are used for emphasis or to indicate onscreen controls, as shown in this example:

C H A P T E R 1 HP Traffic Director Server Appliances User Guide

4. To edit the configuration settings, press the Configure tab. COMMANDS are shown in the following ways:

• Any command or command response text that appears on the terminal is presented in the

courier font.

• Any text that you need to type at the command line appears in

bold courier, for example:

HP SA8220/config/policygroup#create gold

• Angled brackets (< >) designate where you enter variable parameters

• Straight brackets ([ ]) show parameter choices, separated by vertical bars

• Braces ({ }) show optional commands and parameters

• VERTICAL BARS ( | ) separate the choices of in put paramet ers

within straight brackets. You can choose only one of the set of choices separated by vertical bars. Do not include the vertical bar in the command.

Theory of Operations

This chapter covers the following topics:

NOTE: For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models. A l so, all references to “RICH” functionality or “Expressions” in this chapter do not apply to the SA7200.

• Services

• FTP Limitations

• Sticky Options

• SSL Acceleration (SA8200/SA8220 only)

• Load Balancing Across Multiple Servers

• Server Configuration Options

• Routing with Dual Interfaces

• Prioritization and Policy Groups

• Error Detection

• Serial Cable Failover

C H A P T E R 2 HP Traffic Director Server Appliances User Guide

General Operating Principles

This chapter discusses the general operating principles for the HP eCommerce Traffic Director Server Appl iance SA8200/SA8220s, and the Traffic Director S erver Applianc e SA7200/SA72 20s. For de tails about the SA8220 command set, please see “Command Line Interface” in Chapter 5. For information about completing specific tasks, please see “Scenarios” in Chapter 6.

Services

NOTE: The sample commands used in this chapter are meant as examples only.

Services are the virtual resources that the SA8220 provides to network clients. Services are defined by their Virtual Internet Protocol (VIP) address and virtual port number. The SA8220 load balances network client requests for a service by receiving requests from the user and directing them for fulfillmen t to the most appropriate resource in the provider's server farm. Services are defined and created within Policy Groups (please see “Prioritization and Policy Groups in Ch apter 2) and are managed usi ng the following commands:

config policygroup <policy-name> service create <service-name> vip <ipaddr> port <num ber> {type [TCP | UDP | RICH_HTTP]} {sticky [disable| src-ip | cookie]} {sticky-timeout <seconds>} {backups [enable | disable]} {response <milli-sec>} {priority <level>} {balancing [load | robin]} {server-timeout <seconds>} config policygroup <name> service delete [<name> | -all] config policygroup <name> service <name> {enable}{disable} {balancing [robin | load]} {sticky [disable | src-ip | cookie]} {sticky-timeout <seconds>} {backups [enable | disable]} {respons e <milli-sec>} {dup -syn <micro-sec>} {prio rity <level>} {server-timeout <seconds>}

C H A P T E R 2 Services

Layer 4 (HOT) Services

HOT services provide very fast brokering performance. HOT services are defined in full by their VIP and port number.

In HOT or “Brokered” mode, the SA8220 performs Network Address Translation (NAT) on all incoming packets passing through the connection. NAT changes the destination IP address and port of incoming packets to those of the selected fulfillment server. The source IP address is modified to be that of the SA8220.

Fulfillment servers can be addressable by IP address, and thus can be on either local or wide area networks.

By default in HOT mode, the fulfillment server sees all requests as coming from the SA8220 rather than from the actual client. In some environments, it may be desirable to have the fulfillment server see the requests as if they were coming directly from the client. The Source Address Preservation (SAP) mode of the S A8220 all ows this to happen (see “Source Address Preservation” for more detailed information).

Layer 7 (RICH) Services (all models except the SA7200)

The SA8220 allows more flexible service fulfillment for RICH (Realtime Intelligent Conte nt Handling) services. The servi ce type “RICH_HTTP” is available on the SA8220 and enables it to make fulfillment decisions based on the content of the URL of each client HTTP request. RICH services also i nclude advance d er ror de tection, and automatic resubmission of HTTP requests under most error conditions.

As with HOT services above, fulfillment servers can be addressable by IP address, and thus can be on either local or wide area networks.

C H A P T E R 2 HP Traffic Director Server Appliances User Guide

Out-of-Path Return (OPR)

Ordinarily, the SA8220 processes all traffic in both directions between clients and the server farm. Viewing the server return traffic helps the SA8220 accurately determine server response times and handle HTTP errors. Often, the volume of data sent from the server to the client is much larger than the traffic from client to server, and checking for HTTP errors is not re quired. In such situations, you can use OPR mode to increase performance. OP R is enabled by typing the following command:

config policygroup <name> service <name> server <name> port <port> mode [opr]

NOTE: OPR is not applicable to Layer 7 services.

FTP Limitations

Each server for which OPR is enabled must have its loopback interface configured to identify itself as the VIP of the brokered service. This allows the server to respond directly to the client. The server’s loopback interface, or an equivalent interface that will not respond to ARP requests, must be configured before setting up the SA8220 for OPR. For more information, please see “Configuring Out-of-Path Return in Appendix D.

The table below lists t ho se limitations of FTP on the SA8200.

Mode Active FTP Passive FTP HOT HOT with SAP OPR

HOT with SAP does not change the server's IP ad dress during Passive FTP because the server is making the connecti on directly to the client, using its real IP address. If the server’s IP address is not a "real" IP address, this mode will not work.

No Yes Yes Yes (see below ) No No

C H A P T E R 2 Sticky Options

Sticky Options

Some services operate best if all requests from a sp ecific client during a single session are directed to the same fulfillment server. For example, if the server maintains a local database of client activity or context (shopping cart, re gistration info, navigat ion history, etc.), it is important that subsequent client requests go to the server with these database records. The SA822 0's “sticky” options allow this to occur.

Sticky is available in the two modes shown below.

Mode Description Source IP

address (“src-ip”)

Sticky source IP for SSL uses the SSL session ID for stickiness instead of the source IP of the client.

Both HTTP and HTTPS services can be RICH. However, i nco ming RICH SSL connections will always be decrypted and sent on to the fulfillment servers in clear text. Sticky cookie must be used when the clients need to remain stuck to the same server between HTT PS and HTTP.

Requests from a given IP address are directed to a single server.

The requesting browser is given a cookie, which subsequently identifies it as a unique requestor to be directed to a single server. This method uniqu ely identifies the client even if the request passes through a proxy server. RICH service is required.

There is no sticky cookie requirement for HTTPS traffic. Each brokered service can be configured with sticky cookie, sticky

IP, or no sticky option enabled. When a sticky option is configured, all client requests (identified according to the enabled sticky mode) during a session are routed to the same fulfillment server. When the sticky option is disabled, the SA8220 determines the best fulfillment server for each client request and directs them accordingly.

C H A P T E R 2 HP Traffic Director Server Appliances User Guide

Sticky Persis te nce

For source-ip based sticky, the relationship between the client IP address and the fulfillment server remains in effect for the entire time the SA8220 is online or until the sti cky ti meou t value expires. In th e event of failover, the sticky rel ationship is lost. Cookie sticky remain s in effect while the browser is running or until the sticky timeout value expires. Since the browser maintains the cookie, cookie sticky is maintained in the event of failover. The system clocks on both SA8220s must be synchronized for failover handling to work. You do this by enabling NTP (Network Time Protocol) using the Boot Monitor. The administrator can control the length of tim e a server is forced to handle serial re quests from a single client using the sticky timeout value.

NOTE: SA7200 sticky support allows for source IP ONLY. All cookie sticky RICH services will be stuck to the same server for the duration of the sticky timeout value.

Sticky-timeout

The current software version for the SA8220 treats the timeout differently for cookie versus source-ip sticky. With source-ip sticky, the timeout is reset with every connection from the client (so that the timeout is effectively an "i dle time"). With cookie stic ky, the timeout starts with the first connection from the client to the server, and never gets reset. When the cookie expires, even if actively being used, the next connection will be load balanced to a new server.

We recommend that you set the cookie sticky ti meout value to at least

1.5 times the maximum amount of time a user will expect to be stuck

to a server. If you are uncertain of the exact setting, we recommend using 43200 seconds (12 hours).

Server-timeout (SA8200/SA8220 only)

A server timeout, which causes a change in servers, can appear as a cookie sticky state change. The recommended value for server timeout is at least 1.5 times the maximum server response time.

We recommend that you set the value to 120 seconds.

C H A P T E R 2 SSL Acceleration (SA8200/SA8220 only)

SSL and Sticky (SA8200/SA8220 only)

SSL (Secure Sockets Layer, or HTTPS)-en abled services can also be made sticky by specifying “sti cky cooki e” or “sticky src-ip” on the CLI. For SSL services, sticky cookie behaves exactly as it does for ordinary HTTP services. Source IP sticky uses the SSL session ID to maintain server context. The server relationship will not survive failover. As with sticky cookie, use of the session ID uniquely identifies the client eve n if the req uest passes t hrough a pr oxy server .

Grouping Services

NOTE: RICH is required for sticky service grouping.

SSL Acceleration (SA8200/ SA8220 only)

The SA8220's sticky capabilities can ensure that all service requests from the same user are routed to the same server. Enabling sticky cookie on multiple services ensures that req uests from the same client will be routed to the same fulfillme nt server for the duration of the sticky relationship. Of course the server must be able to fulfill all service requests to have a true one-to-one client-server relationship.

The SA8220 is a powerful addition to any web site desiring high security levels. It was specifically created to manage secure traffic going to and from c ritical applicat ions. It handles SS L traffic int o and out of the customer's environment, as well as providing load balancing, fault management, and error recovery.

The SA8220 includes cryptographic software featur es and hardwarebased acceleration. I t provides up to 1200 SSL (HTTPS) conn ections per second (SA8220 only), far exceed ing the performance of even the most powerful web servers on the market today.

The SA8220 allows users to off loa d S SL processi ng f r om thei r back end servers, and at the same time achieve full-featured traffic management. In a SA8220 environment, all encrypted traffic— required by e-commerce applications—is handled at the SA8220. The interaction between the SA8220 and the servers is done in the clear, allowing load balancing and session management.

SSL processing is enabled by assig ning an RSA private key ( a public encryption key algorithm i nvented in 1977) and an X.509 cert ifi cat e to a Layer 7 service. The SA8220 Command Line Interface (CLI) allows you to create or import k eys and c ertific ate when you define a service. Once the key and certificate are in place, secure HTTP (HTTPS) requests are decrypted and passed on to the web server. The

C H A P T E R 2 HP Traffic Director Server Appliances User Guide

SA8220’s dual NIC and packet filtering capabilities can be used to isolate the web servers from the Internet, further preventing unauthorized access.

SSL Fundamentals (SA8200/ SA8220 only)

SSL involves an interchange of keys used both to authenticate the parties and to provide information to securely encrypt confidential data. The keys distributed in this medium are “one way,” or asymmetric. That is, they can only be used to encrypt confidential data, and only the “owner” of the public key can d ecrypt the data once it is encrypted using the public key inf ormation. SSL assures the three things shown below.

Benefit Description

Authenticity Verifies the identities of the two parties Privacy None other than the transacting parties can acce ss

the information being exchanged.

Integrity The message cannot be altered in transit bet ween

the two parties by a third party without the alteration being dete cted .

To establish a secure session with a server, the client sends a “hello” message to which the server responds with its certificate and an encryption methodology . The client then responds with an encryp ted random challenge, which is used to establish the session keys. This method allows two parties to quickly establish each others’ identities and establish a secure connection.

Several encryption methods are employed. Common ones are DES, 3DES, RC2, and RC4. Key size can be varied to determine the level of security desired. A longer key is more secure.

The SA8220 supports all common keys and ciphers, as well as the following encryption methods: DES, DES3, and RC2 & RC4. The SA8220 includes a li censed version of the RSA code embedded in th e security module as well. The device's session management software has been certified by prominent security agencies and meets all standards for SSL traffic.

The SA8220 handles all the handshaking, key establishment, and bulk encryption for SSL transactions. Essentially, the SA8220 is a full-featured, SSL-enabled web se rver. Traditionally, th ese functions

C H A P T E R 2 SSL Fundamentals (SA8200/SA8220 only)

are performed either at the server level, by web servers generally providing SSL functionality by way of standalone software components, or by embedded encryption software.

The HP methodology places encryption processing on the network side, thus eliminating the need for processing on the servers (see the figure on the next page). The servers never see any of the SSL connection dialogue o r the encrypted data. This removes a substantial processing load from the servers allowing improved response times and greater availability of system resources.

Server Server Server

1. Client connects to server

2. Server responds with certificate

3. Client encrypts random key

4. Server generates working key

5. Session established

Client

SA8220

Client

Server Server Server

1. Client connects to SA8220 w ith C lientH ello (includes ciphers s uppo rted)

2. SA8220 responds with SS L ServerH ello (includes selected cipher & sess ion ID)

3. SA8220 sends certificate for s er ver

4. Client sends ClientKeyExchange mess a ge; includes PK (session key)

5. SA8220 and client send ChangeCiph erSp ec message to indica te rea dines s

6. SA8220 and client send "finished " messages; includes hash of whole conversation

7. Encrypted dat a sent to SA8220, decry pted and forwarded to least bus y s erver

8. Clear response sent to SA8220 , encrypted and sent to client.

Basic SSL Operations

C H A P T E R 2 HP Traffic Director Server Appliances User Guide

Application Message Traffic Management

The SA8220 was developed to perform load balancing in SSL environments. The SA8220 allows users to load balance based on application content (Layer 7, or RICH mode), as well as server address and port (Layer 4, or HOT mode). SSL management is handled independently of RICH mode processing. That is, once a session is established an d the message is d ecrypted, it is p assed to the SA8220’s RICH processing component. This allows even SSL traffic to take full advantage of the features of the device, including error recovery and session rollback.

The SA8220 allows non-encrypted traffic to be processed independently of SSL tr aff ic . The ad vant age of t his is t hat it permi ts load balancing (in eithe r HOT or RICH mode) conf iguration on a per virtual IP address, t hus all owing you to i solat e the impact o f the S SL processing. Many users tune their sites for maximum performance by assigning HOT load balancing to all traffic except SSL.

One of other advantages of the SA8220 is its ability to recogni ze SSL session IDs. This permits “sticky” (or persistent) sessions to be established on a given server.

HTTPS Redirect

If desired, you can specify a page to return to the client if a successful session cannot be negotiated because the client does not support the required cipher suite. The SA8220 accomplishes this by sending an HTTP 302 “redirect” message back to the client in the case of a cipher negotiation failure. For example: The server supports 128-bit encryption, but the client’s software is only capable of 40-bit encryption.

The CLI pa rameter page the client is redirected to.

where <URL> is the fully qu al ified location of the page. For example:

error.html.

redirectpage=http://www.companyname.com/

The default configuration file setting is: redirectpage=none.

redirectpage=<URL> allows you to set which

C H A P T E R 2 SSL Fundamentals (SA8200/SA8220 only)

Fulfillment of each virtual service is load balanced across a number of real servers depending on the load balancing algorithm chosen. Servers capable of fulfilling requests for a service are identified and managed with the following commands:

config policygroup <name> service <name> server delete <name> port <port>

config policygroup <name> service <name> server create <name> port <port>

Client Authentication

By default, the SA8200/SA8220 does not authenticate client identities; however you can configure services to request client certificates for the purpose of verif ying id entitie s. When you enable this feature, the SA8200/SA8220 verifies that client certificates are signed by a known CA.

Issued client certificates are expected to be in use for their entire validity period. The CA periodically issues a signed data structure, called a Certificate Revocation List (CRL), containing the serial numbers of all expired certificates. You can configure the SA8200/ SA8220 to obtain and use a CRL using LDAP, HTTP or FTP protocols. The SA8200/SA8220 first verifies a client certificate against the installed CA certificate, and then looks up its serial number in the installed CRL. If the serial number exists in the CRL, then the client connection is terminated. Before the connection is closed, the SA8200/SA8220 returns a message to the client indicating that the client’s certificate was revoked.

C H A P T E R 2 HP Traffic Director Server Appliances User Guide

HTTP Header Option Fields

Both the SA7220 and the SA8200/SA8220 can make the IP address of a requesting client available to a fulfillment server b y constructing a custom HTTP header option, with the client’s IP as the value:

HP_SOURCE_IP:<client-IP>

SSL-related HTTP header op tion fi elds are only use d by the SA8200/ SA8220 with any SSL service. The HP_CIPHER_USED header option is used whenever HP_SOURCE_IP is used, to provide the name of the SSL-cipher negotiated between th e SA8200/SA8220 and the client:

HP_CIPHER_USED:<ssl-cipher>

These two header fields are used only by the SA8200/SA8220 when client authentication is in use:

HP_CLIENT_CERTIFICATE:<client-certificate> HP_SESSION_ID : <SSL-session-ID >

Because a client certificate contains information useful for client/user authorization, the SA8200/SA8220 inserts the client certificate in the request header before sending the request to the server. The server can then extract the certificate from the request header and use it for authorization or other purposes.

The client certificate is inserted in the request header only once per session. Requests following the initial request will be sent to the server with only the SSL-session-id i n t he he ader . The SS L- sessi onid is unique for each session and allows the server to work with multiple sessions. The clie nt certificate is inserted in th e r equest header with a new SSL-session-id only when the client certificate has been re-negotiated between theSA8200/SA8220 and the client:

• New Session/Initial Request:SA8200/SA8220 sends both the

HP_CLIENT_ C ERTIFICAT E and HP_SESSIO N_ID header options.

• Existing Session/Subsequent Requests: SA8200/SA8220 sends

only the HP_SESSION_ID header option.

The use of header option fields is an efficient way of supplying information to the server about the client. To ease the use of this important feature, SA72 20/SA8200/SA8220 allows cu stomization of all the above header option field names. For more information, see Chapter 5.

C H A P T E R 2 Load Balancing Across Multiple Servers

Load Balancing Across Multiple Servers

Balancing Algorithms

The SA8220 provides a choice of load balanci ng algorithms. Services can be separately configured to load balance using a rou nd-robin or a response time algorithm. In most networks, the best performance results from use of the response time algorithm. Under this algorithm, the SA8220 measures the response time of each request to each server in the server farm. It then balances requests to the service among the servers, sending more requests to the fastest servers and fewer to the slower ones, thus optimizing the average response time.

In cases where Out-of-Path Return (please see “Out-of-Path Return (OPR) in Chapter 2) is used in unpredictable WAN environments, response time metrics may be obscur ed by WAN latency variance. I n these situations, round-robin load balancing can provide equal distribution of client requests to each fulfillment server.

The balancing algorithm is specified with the command:

config policygroup <name> service <name> balancing [robin | load]

Response-Time Metrics

For both balancing algorithms, servers can be assigned target response times. These values indicate the desired average response time for requests for specified services to be fulfilled, and instructs the SA8220 to use alternate resources for fulfillment if the average response time exceeds targe t re sponse time. Target response time is controlled with the fo llowing command:

config policygroup <name> service <name> response <mil-seco nds>

If the servers do not meet the specified response time threshold, backup servers, if available and enabled, are activated. In addition, the servers providing lower priority services are throttled if the response time is still not being met (if policygroup). Both mechanisms are available for both of the loadbalancing algorithms.

throttle is enabled in the

C H A P T E R 2 HP Traffic Director Server Appliances User Guide

Primary and Backup Servers

Each server is identified as either a Primary or Backup for a given service. Primary servers are always considered first for request fulfillment. By default, Backup servers are considered for use on ly if a primary server goes down, though they can optionally be configured for use to maintain target response times. A server’s type is established with the fo llowing command:

config policygroup <name> service <name> server <name> port <port> typ e [primary | backup]

Backup servers are enabled to maintain target r esponse times with the following command:

config policygroup <name> service <name> backups [enable | disable]

Server Configuration Options

NOTE: For the SA8220 to operate in SAP mode, the default gateway for each SAP-enabled server must be set to the SA8220’s physical IP address, not the VIP.

Source Address Preservation

By default, brokered service requests arriving at a fulfillment server appear to the server as requests originating from the SA8220. Consequently, server log files record the SA8220 as the source of these requests. When Source Address Preservat ion (S AP) i s enab le d however, the SA8220 preserves the original source addresses of requests delivered to the server farm. If you use the log files from your server farm to gather information based on client source addresses, use Source Address Preservation. SAP is controlled with the following command:

config policygroup <name> service <name> server <name> port <port> mode [sap]

SAP cannot be used in WAN or multiple router LAN environmen ts. To use SAP, each server must be configured so that its default gateway is set to the physical IP address of the SA8220, thus there can be no routers between the SA8220 and the fulfillment servers.

Limitations of SAP mode operation are listed below:

• The client machine cannot be on the same subnet as the SA8220.

• The SA8220 and server must be on the same subnet.

When SAP is enabled, serial cable failover is the only failover option—routing failover is not available.

C H A P T E R 2 Server Configuration Options

Multi-hop Source Address Preservation

It is possible in sophisticated network topologies to require requests to pass through two SA8220s. In such configurations, the SA8220 topologically closest to the clients must be configured with the Multihop Source Address Preservation (MSAP) feature enabled.

MSAP allows requests to pass through two cascaded SA8220s in different geographical areas. Enabling MSAP ensures that the ac tual IP addresses of requesting c lients, rather than the virtu al IP address of the SA8220 that delivered the request, are recorded in the server logs. This is similar to SAP (described in the precedin g secti on), ho wever this feature allows SA8220s to be geographically-dispersed, as shown in below.

BostonSan Diego

NOTE: In most configurations, the default setting (MSAP disabled) is required.

SA8220 #1

SA8220 #1 with MS AP

with MS AP

Client Server 1

ClientClient Server 1Server 1

with MS AP

Enabled

SA8220 #2

SA8220 #2 wit h MS AP

wit h MS AP

Dis abled

MSAP on a Geographically-Dispersed Network

In the figure above, a client in San Diego sends a request to a fulfillment server in Boston. MSAP is enabled on S A8220 Br oker 1, and Server 1’s default route is set to SA8220 Broker 2. The SA8220 Broker 2 doesn’t need SAP enabled for this service, since SAP is automatically used on MSAP requests fro m SA8220 Broker 1. Under this configuration, the San Diego client's IP address will be preserved in the Boston fulfillment s erve rs' logs. MSAP is enabled at the CLI with the following command:

config policygroup <policy-name> service <service-name> ser ver <server-name> port < > msap [enable]

RICH Expressions (not available on the SA7200)

Layer 7 RICH_HTTP service configurations use rich expressions to assign particular classes of URLs to particular servers for fulfillment. RICH expressions are used, for example, to distinguish content requested by clients performing online transactions, from content typically requested by casual browsers. I n this way, users performing online transactions are given higher priority access to server resources (and better response times) than other users.

C H A P T E R 2 HP Traffic Director Server Appliances User Guide

Each server listed for fulfillment of a RICH_HTTP service can be configured to serve any number of specific rich expressions. Applicable expressions are listed below:

• File type expressions, such as *.gif, or */index.html

• Path expressions, such as /home/*, or /home/images/*, or /home/

images/a*.

• Unique file expressions, such as /index.html

• Wildcard expression, such as *.

• Negation expressions, such as !*.gif or !*/index.html

RICH expressions are managed with the following commands:

config policygroup <name> service <name> server <name> port <port> expression create <expression>, and

config policygroup <name> service <name> server <name> port <port> expression delete <expression>

NOTE: The “*” and “!” are allowed in expressions, but they can only exist at the beginning or end of the expression. Also, a positive expression is required after a not (!) expression, otherwise the (!) expression has no effect.

Order of Expressions (not available on the SA7200)

When using expressions in Layer 7 (RICH) operations, the order of expressions is significant only when the "not" (!) operator is used.

Expressions are described below.

Expression Yields !*.gif;* *;!*.gif

!*.html;/home/*

/home/*;!*.html

!/home/* !/home/*;*

All non-GIF files All files, because after specifying “all” (*), the

!*.gif expression is never reached Matches all requests of the form “/home/*”

except HTML files Matches all files of the form “/home/*.” The

!*.html has no effect. No matches All matches except ones starting with "/home"

C H A P T E R 2 Routing with Dual Interfaces

Routing with Dual Interfaces

NOTE: The SA8220 cannot route multiple subnets on one interface.

Because the SA8220 has two network interfaces, it can act as a router in some contexts. This means that it can rou te between two subnets. To do this, you must designate the SA8 220 as the default gateway fo r your fulfillment servers. Route s to the inside subnet are not advertised to the outside router, but host routes are advertised to the VIPs. Packets destined for defined VIPs are always routed through the SA8220 to the server-side subnet. Other packets are forwarded through the SA8220 only when the security mode is set to OPEN or when set to CUSTOM and IP Forwar ding is turned on. Th e SA8220’s routing capabilities vary depending on which routing and failover methods are used. For more details about these variations and their relationships to routing and failover configurations, please see “Failover Method Dependencies” in Appendix C.

Terms pertinent to SA8220 routing are listed be low.

Term Description

Network-side subnet

Server-side subnet

The SA8220 interface attached to the side of the physical network on w hich client requests arrive.

The SA8220 interface attached to the side of the physical network that includes the fulfillment servers.

“Outside” device

“Inside” device

The router or switch one ho p from the SA8220 on the brokered subnet

The router or switch one ho p from the SA8220 on the server-side subnet

The figure below shows an example of the SA82 20 routing topo logy.

Brokered

Subnet

Router

RouterRouter

“Outs ide”

Router

SA8220

SA8220SA8220

Server-side

Subnet

Hub or

Hub or Switch

Switch

“I ns i de” Hub

or S witch

Server

ServerServer

Server

ServerServer

Server

ServerServer

SA8220 Routing Topology

C H A P T E R 2 HP Traffic Director Server Appliances User Guide

Prioritization and Policy Groups

Policy groups are containers used to organize services. Service prioritization uses pol icy g roup infor mation t o make deci sions a bout which services should get more or less ser ver resources. Although the assignment of services to poli cy groups can be arb itrarily determin ed by the operator, effective use requires t hat each p olicy grou p cont ain services related by their shared use o f server resources. Services and servers are assigned to Policy Groups at their time of creation.

Policy group management commands are listed below:

config policygroup create <name>

config policygroup delete <name>

config policygroup <name> throttle [enable | disable]

The policy group framework allows the priori tization of categories of client requests. Each service defined in a policy group is assigned a priority within that group and a target response time. When the average response time of a service exceeds its target response time, that service is allocated, on the ba sis of its pr iority, a great er share of common server resources to attempt to bring response time back within the target range (this assumes that the throttling option is enabled for the policy group).

Server 1: HTTP

SA8220

Server 2: HTTPS

Server 3: HTTP/HTTPS

VIP: 10.2.2.4 HTTPS: 10 ms HTT P: 1 0 ms

Target Response Time Satisfied

C H A P T E R 2 Prioritization and Policy Groups

For example, the services HTTP and HTTPS are both assigned to a single policy group. HTTPS is designated the highest priori ty service, and HTTP the second priority. The SA8220 monitors the response time of each service, and if necessary re-prioritizes server resources of subordinate services to keep the response time for the highest priority service within the specified range. The figure above shows a policy group with services sharing a defined VIP, two services, and their associated target response times. When the average response time of HTTPS is less than or equal to 10ms, Server 1 fulfills HTTP requests, Server 2 fulfills HTTPS re quests, and Se rver 3 fulfi lls both HTTP and HTTPS requests. The ne xt figure illustrates server utilization after HTTPS response time exceeds 10 ms.

Server 1: HTTP

Server 2: HTTPS

Server 3: HTTP

VIP : 1 0 .2.2 .4 HTTPS: 12 ms HTTP: 10 ms

SA8220

Target Response Time Exceeded

Upon noticing a break in the target response time threshold, the SA8220 scans the policy group’s active service and server pools for shared resources. In this example, both the HTTP and HTTPS services use Server 3. To provide the greatest server resources for the highest priority service, shared resources are eliminated from subordinate service pools (although each service will always have at least one point of fulfillment.) F or example, in the figure above, n ew HTTP connections are no longer sent to Server 3 in an effort to guarantee the target response time for HTTPS. Server 3 will again serve HTTP when target response times are met.

C H A P T E R 2 HP Traffic Director Server Appliances User Guide

Routing Method for VIP Addresses

After setting up the servi ce, you must con figure the SA822 0 to rout e the VIP address to the Internet. There are two possibilities:

• In single SA8220 installations, “Standalone” mode is preferred as it allows the VIP to be ARP-accessible from the router.

• If there are multiple address spaces (such as a SA8220 on the

10.x.x.x network and a VIP on the 209.x.x.x), then a routing protocol might be the best method to advertise the VIP. When configuring routing on the SA8220, always match the router's configuration. The SA8220 can be programmed to use RIP v1, RIP v2, or OSPF.

For example (standalone mode):

HP SA8220#config route HP SA8220/config/route#info Route configura tion:

---------------------------Broker role: standalone RIP Info: Active:no Version:2

OSPF Info: Active: no Area: backbone Hello interval: 10 (seconds) Router dead interval: 40 (seconds)

C H A P T E R 2 Error Detection

Error Detection

The SA8220 is capable of recognizing and reacting to server error conditions, detecting non-responsive (comatose) servers, and directing traffic to alternate resources until the server is back in operation. The SA8220 can also capture many HTTP errors before they reach the client, and redirect the request to an alternate server.

Server Status Detection

The SA8220 uses multiple means to monitor the status of the fulfillment servers. The “Intelligent Resource Verifica tion” (IRV) module periodically pings the servers to verify they are alive. The SA8220 also monitors a “dup-syn” interval to calculate packet loss rate.

Intelligent Resource Verification When the IRV module pings a server and receives no response, it tries

to connect to each port on which the suspect server is configured to listen. If the SA8220 itself does not receive a response from a given port, then that server/port combination is decl ared dead. If the server maintains network connectivity and responds positively to IRV pings, but ports stop responding, then t he dup -syn interval threshold (described below) is used to decide if the server is declared dead.

Dup-syn Interval The SA8220 dynamically calculat es th e t hreshol d f or t he ac cept abl e

number of dropped packets within a given interval. If at any time in this interval the number of dropped packets exceeds this threshold, the server is considered dead. After the specified time value has expired the lost packet (or dup-syn) count is divided by two and the time interval starts again. In this way, some history information is kept between time intervals.

The dup-syn interval for this threshold is established with the

syn

CLI command, and ranges in value from 1000 to 2,147, 483,647 microseconds. The default time interval value is 500,000 microseconds (one half second), which is appropriate for most environments. By lowering or raising this value, you render the SA8220 respectively less or more sensitive to dropped packets, and less or more likely to declare a server dead. The volume of network traffic must be taken into account when set ting the dup-syn interval. Higher volumes of traffic require a shorter dup-syn interval to avoid mistakenly declaring a server dead due to network congestion.

dup-

C H A P T E R 2 HP Traffic Director Server Appliances User Guide

The dup-syn command uses the following syntax:

config policygroup <name> service <name> dup-syn <micro-seconds>

HTTP Error Detection

NOTE: This section applies to all models except the SA7200.

The SA8220 offers HTTP error detection for RICH services. When HTTP error detection is enabled, the SA8220 scans the headers of server responses for errors. If an HTTP error is found, the original request is rerouted to another server for fulfillment, transparently to the client. This process continues until a server responds without an error, or all applicable servers have bee n tried. Co nversel y, i f HTTP error detection is disabled, the error is returned directly to the client. HTTP error detection for errors 401-405 and 500-503 (as defined in the HTTP specification) is configured with the command:

config policygroup <name> service <name> server <name> port <port> http [enable | disable]

The SA8220 extends standard HTTP error handling by allowing the server to return a special 606 error code. Detection and handling of 606 errors is separately configurable. In this way, standard errors may be passed to the client while 606 errors are hand led transparently by the HP system. If 606 error handl ing is enabled, the SA8220 scans the returned HTTP header for an HTTP 606 response code. If the 606 response code is found and another server is available to handle the request, it is sent automatically. This process continues until a server responds without an error, or until all applicable servers have been tried.

The HTTP header for 606 handling is of the form: “HTTP/1.0 606 Error.” Users can generate this response through a variety of methods including CGI and nph scripts. Consult your web server documentation for information about generating custom error messages.

config policygroup <name> service <name> server <name> port <port> 606 [enable | disable]

C H A P T E R 2 Serial Cable Failover

Serial Cable Failover

NOTE: DHCP is not available when serial cable failover is en abled.

NOTE: You can log on to the Backup SA8220, but the full command set is not available.

The SA8220 offers two failover methods:

• Router Failover (including OSPF, RIPv1 and RIPv2), and

• Serial Cable Failover

When serial cable failover is configured, the Primary and Backup SA8220s communicate heartbeat, configuration, and status information using the include d null modem serial ca ble. The Back up SA8220 assumes control from the Pr imary when any of the following occur:

• The Backup SA8220 does not detect the Primary SA8220's

heartbeat within the timeout period (the default is 3 seconds).

• The Primary SA8220's Ethernet interface becomes inactive. For

example, if the Ethernet cable is disconnected.

• The Primary SA8220 experiences an internal software error. Both the Primary and Backup SA8220s need to know their own

identity and the “Online Identity” by address and name to satisfy internal communication parameters. The SA8220s' own names and the shared online identi ty are automatically entered into their host files during failover configuration. If Dual NIC is enabled, the identities for both the Outside (network-side) and Inside (server-side) NICs are shared.

For information on failover method dependencies, see Appendix C.

NOTE: Before configuring serial cable failover, both the primary and backup SA8220s must be configured with the

setup command.

For more information, please see “Setup” in Chapter 3.

Serial Cable Failover Configuration

The following procedures are used to configure the Primary and Secondary SA8220s for serial cable failover operation.

Configure the Primary SA8220

1. Connect the two SA8220s using their failover ports using the

provided null modem serial cable.

2. Reboot the SA8220 that will be the Primary and press a key at

the prompt to enter the Boot Monitor.

3. At the prompt, type the following command:

monitor>failover

C H A P T E R 2 HP Traffic Director Server Appliances User Guide

NOTE: The Online IP Address is the address used by the SA8220 tha t is currently accepting remote administration connections — this can be either the Primary or the Backup SA8220 (though it is typically the Primary) . The Onli ne IP Address is the address by which you can access the Online SA8220 using telnet for administration.

4. Follow the prompts as illustrated below (for single NIC operation):

Specify failove r method (disabled, se rial, route) :[disabled] --->serial Checking for fail over unit... Failover unit not detected or may not be configured. Is this machine Primary or Backup? [Primary]---> Enter the Network ’s ONline IP Address

--->10.6.3.200 Enter the Network ’s Online hostname

--->netonline

Serial failover successfully configured

If Dual NIC operation is enabled, failover configuration looks like the example shown below:

monitor>failover Specify failove r method (disabled, se rial, route) [disabled] -- ->serial Checking for fail over unit... Failover unit not detected or may not be configured. Is this machine Primary or Backup? [Primary]

--->primary Enter the Netwo rk side Online IP Address [10.6.3.200]---> Enter the Serve r side Online IP Address [10.6.4.200] ---> Enter the Netwo rk side Online hostname [netonline] ---> Enter the Serve r side Online hostname --- > servonline

Serial failover successfully configured

C H A P T E R 2 Serial Cable Failover

5. Save the Primary configuration.

monitor>save List of currently saved configuration files(s). You may save over an existing configuration file or enter a new name. File name

---------active.cfg backup.cfg cris.cfg

‘active.cfg’ is the last booted configuration.

Enter configura tion file name (- to cance l): [active.cfg] ---> Configuration has been saved.

6. Boot the SA8220.

monitor>boot Do you really want to continue boot? [y]

---> <Enter> Boot which config uration? [active.c fg]

---> <Enter> Please stand by, the system is being booted.

.... Done

Configure the Backup SA8220

1. Reboot the SA8220 that wi l l b e th e Secondary and press a key at the prompt to enter the Boot Monitor.

2. At the prompt, type the following command:

monitor>failover

3. Follow the prompts as listed below:

Specify failove r method (disabled, se rial, route) [ ] --->s Checking for fail over unit... Failover unit det ected

-------------------------Version : 2.3 Type : PRIMARY State : ONLINE Name : online13

C H A P T E R 2 HP Traffic Director Server Appliances User Guide

IP : 13.1.1.20 Mac : 0:1:c9:ed:a6:fb

NOTE: Use the same Online IP Address and name for the Backup SA8220 as the Primary (these appear by default).

Is this machine Primary or Backup? [Backup]

---> <Enter> Enter Online IP Addr ess [13.1.1.20] --- > <Enter> Enter Online Name [online13] ---> <Enter> Serial failover successfully configured monitor>

4. Save the Backup configuration.

monitor>save List of currently saved configuration file(s). You may save over an exi sting configurati on file or enter a new name. File name

---------active.cfg backup.cfg cris.cfg

‘active.cfg’ is the last booted configuration. Enter configura tion file name (- to cance l): [active.cfg] ---> Configuration has been saved.

5. Boot the SA8220.

monitor>boot ... current configuration ... ... list of saved configuration files ... Boot configuration file name? [active.cfg]

---> <Enter> Do you really want to boot ‘active.cfg’? [y]

---> <Enter> Please stand by, the system is being booted.

C H A P T E R 2 Serial Cable Failover

Replicating the Configuration

The active configuration is replicated upon changes to the Backup SA8220 from the Primary. For most configurations, faults are detected within 3 seconds, and the Backup is ful ly online within 25 seconds. The latter interval increases as the number of services increases.

Status Information

You can display information about the SA8220s’ function and failover status either via the Command Line Interface or the GUI. Below are the commands to display status information followed by a list of status messages and their explanations.

1. Log in to the SA8220.

2. At the CLI prompt, type the following command:

HP SA8220>info

The status appears on the last line of the info command’s output. A description of the status message can be found below.

Failover Status Message Description

The broker is ONLINE, and serial failover is NONE (disabled).

The broker is PRIMARY and ONLINE, the remote's serial failover is NONE (disabled).

The broker is PRIMARY and

One of the SA8220s is configured for either “none” or “route” failover.

Normal Serial Failover Operation ONLINE, the remote's state is READY.

The broker is BACKUP and READY, and the remote's state is ONLINE.

C H A P T E R 2 HP Traffic Director Server Appliances User Guide

Failover Status Message Description

The broker is PRIMARY and NIC_FAILED, and the remote’s state is ONLINE.

The broker is BACKUP and ONLINE, and the remote’s state is NIC_FAILED.

The broker is PRIMARY and ONLINE, the connection to the remote has TIMED OUT.

The broker is BACKUP and IP_IN_USE_ERROR, the connection to the remote has TIMED OUT.

Ethernet cable disconnected, or cable, NIC, or HUB port failure

The serial cable connecting the SA8220s is disconnected

C H A P T E R 2 Serial Cable Failover

NOTE: The notation, PRIMARY/BACKUP indicates that either

“PRIMARY” or “BACKUP” will be

displayed.

The Failover Status messages in this table are not specific to the Primary or Backup SA8220s.

Failover Status Message Description

The broker is PRIMARY/ BACKUP and WAITING_FOR_SYNC

One of the SA8220s has been

restarted. This status persists

while the configuration files are

loaded from the online SA8220.

The time this state persists

depends on the number of VIPs

and services configured. The broker is PRIMARY/

BACKUP and CONFIGURATION_ ERROR

The broker is PRIMARY/ BACKUP and DNS_FAILED

Both SA8220s are configured as

Primary or as Backup. Neither

SA8220 will come online until

this condition is corrected

The online IP address is missing

form both the local host file and

the DNS server. The broker is PRIMARY/

BACKUP and CORE_APP_FAILED.

Indeterminate error. Use an earlier

working configuration. If the

condition persists, contact

Customer Support for assistance. The broker is PRIMARY/

BACKUP and RICH_APP_FAILED.

C H A P T E R 2 HP Traffic Director Server Appliances User Guide

Notes

Boot Monitor

This chapter covers the following topics:

NOTE: For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models.

• System Requirements

• Accessing the Boot Monitor

• Boot Monitor Commands

C H A P T E R 3 HP Traffic Director Server Appliances User Guide

Using the Boot Monitor CLI

CAUTION: After configuring the SA8220 with the Boot Monitor, you must enable Autob oot with the command or the SA8220 will not operate.

autoboot

System Requirements

The HP e-Commerce Traffic Director Server Appliance SA8200/ SA8220s’ and the HP Traffic Director Server Appliance SA7200/ SA7220s’ Boot Monitor Command Line Interface (CLI) allow you to configure boot options and manage boot configuration files. Typically, you will use th e Boot Monitor only during the initial configuration or after major reconfigurations, if the latter becomes necessary. Day-to-day operations are managed using the Graphical User Interface (please see “Graphical User Interface”, Chapter 4) or the Run Time CLI (please see “Command Line Interface, Chapter 5).

General categories of tasks performed by the Boot Monitor include:

• Configure and display boot options, including the configuration file

• Manage the boot configuration file system

• Configure and change IP parameters

You can use any terminal or workstation with a terminal emulator as the CLI command station, provided the terminal has the following features:

• 9600 bits per second, 8 data bits, 1 stop bit no parity, no flow control (9600-8-N-1)

• A terminal emulation program, such as HyperTerminal*

• Cable and connector to match the male DTE connector (DB-9)

C H A P T E R 3 Using the Boot Monitor CLI

Accessing the Boot Monitor

You can access the Boot Monitor Command Line Interface in either of the two ways described in this section.

Interrupting the Bootup Sequence

1. Interrupt the SA8220’s bootup sequence by pressing a key at the following prompt:

Press any key to stop au toboot.

In a few seconds the monitor> prompt displays, confirming that the Boot Monitor is running:

Using the Run Time CLI

1. Type this command at the prompt:

config sys autobo ot disable

2. Then, at the HP SA8220# prompt, type this command:

reboot

The monitor> prompt displays, confirming that the Boot Monitor is running.

C H A P T E R 3 HP Traffic Director Server Appliances User Guide

Boot Monitor Commands

autoboot Enables or disables the Autoboot function. When Autoboot is

Boot Monitor CLI commands (listed below) are described in this chapter.

• autoboot • info

• boot • interface

• delete • ip

• dhcp • load

• dir • netmask

• dns • rich_bias

• dual • save

• factory_reset • settime

• failover • setup

• gateway • static_routes

• help • version

• host

enabled, the SA8220 prompts you to press a key during restart to enter the Boot Monitor command line interface. If you ignore the prompt, restart finishes with the SA8220 in normal operating mode. If Autoboot is disabled, the restart sequence ends by displaying the Boot Monitor interface.

Example:

monitor>autoboot Enable Autoboot ? (yes,no) [yes] --->

boot Boots the device with a specific configuration. Variations on use of

the reboot command are described below. Reboot with No Configuration Changes

1. Type the boot command. The Boot Monitor displays the current configuration prompts

you for confirmation, as shown in the example below:

C H A P T E R 3 Using the Boot Monitor CLI

Current active configuration

---------------------------Product: HP Version: 2.7 Patch Level: 0.0 Build: 12 Current time: Tue Sep 12 17:02:05 2000 Hostname: CSLab7k

------------Network side NIC: IP Address: 10.6.3.21 Netmask: 255.255.255.0 MAC address: 0:a0:c9:ed:6c:cc

------------Service side NIC: IP Address 10.6.5.21 Netmask: 255.255.255.0 MAC address: 0:d0:b7:6:c1:85

------------Default Gateway: 10.6.3.1 Domain: None Primary name server: None DHCP: Disabled Failover mode: Disabled Network NIC setup: Auto Server NIC setup: Auto NTP: Disabled Autoboot: Disabled Static Routes: None RICH_Biased: Enabled Do you really want to boot active.cfg? [y] --->

SA8220

2. To boot to the normal operational prompt, type y.

3. To return to the

monitor> prompt, type n.

Reboot with Configuration Changes When you use the boot command after changing the SA8220’s

configuration, you are presented with a number of options. These allow you to use the changed configuration, revert to the last saved

C H A P T E R 3 HP Traffic Director Server Appliances User Guide

configuration, or choose among a list of previously saved configurations. Procedures for choosing among these options are organized within three groups, described below.

1. Type the

boot command.

2. The Boot Monitor displays the changed configuration information and prompts you to save the new configuration, as shown in the example below:

Current active configuration

---------------------------Product: HP Version: 2.7 Patch Level: 0.0 Build: 12 Current time: Tue Sep 12 17:02:05 2000 Hostname: CSLab7k

------------Network side NIC: IP Address: 10.6.3.21 Netmask: 255.255.255.0 MAC address: 0:a0:c9:ed:6c:cc

------------Service side NIC: IP Address 10.6.5.21 Netmask: 255.255.255.0 MAC address: 0:d0:b7:6:c1:85

SA8220

C H A P T E R 3 Using the Boot Monitor CLI

First Options:

NOTE: This list includes

backup.cfg, a backup

of the most recently booted configuration. This file is automatically created when you c hange the configuration and

save.

1. If you select the defaul t, figuration as either

Configuration file name? [active.cfg] --->

2. You can either accept the default,

y, the system allows you to save the con-

active.cfg or the last loaded filename.

active.cfg, or type a new

filename. The system then saves the file and presents a list of all saved files.

Select a boot config uration from the foll owing files. active.cfg backup.cfg Boot configuration file name? [active.cfg] --->

3. You can accept the default, active.cfg, or select another previously saved confi gur at io n. R eg ar dle ss of the file you select, the configuration f ile you are about t o boot is di spla yed to e nsure that the last file displayed is the configuration that is booted.

4. If you select the default, operational prompt, if you type

y, the system boots to the normal

n, it returns to the monitor>

prompt.

Second Options:

1. If you choose not to save the modified fi le, the system di spl ays a warning that it is reverting to the previously booted configuration, as shown below:

Warning: The curr ent configuration ha s NOT been saved and will not be bo oted. Reverting to las t saved active.cf g.

2. If there are no additional saved configurations then the system prompts you to confirm that want to boot the last saved configuration, which will always be

Do you really want to boot active.cfg? [y] --->

active.cfg.

3. If you select the default, y, the system boots to the normal operational prompt. If you type

n, it returns to the monitor>

prompt.

C H A P T E R 3 HP Traffic Director Server Appliances User Guide

Third Options:

1. If there are any previously saved configurations on the system, you are offered a choice of configuration files to boot from.

Select a boot config uration from the foll owing files. active.cfg backup.cfg Boot configuration file name? [active.cfg] --->

2. You can accept the offered default, active.cfg, or select another previously saved configuration. If you select

active.cfg, the configuration is not redisplayed. If you select

a file other than

active.cfg, the file’s contents are displayed to

ensure that the last file displayed is the configuration that is booted.

3. If you select the default, operational prompt, if you type

y, the system boots to the normal

n, it returns to the monitor>

prompt.

delete Deletes the specified configuration file.

Example:

monitor>delete

Select a configur ation to delete from the following files. Note: You cannot del ete the active configuration file active.cfg. File name

-------------active.cfg backup.cfg cris.cfg

‘active.cfg’ is the last booted configuration. Enter the configu ration filename to del ete:

--->broker1.cfg broker1.cfg successfully deleted.

C H A P T E R 3 Using the Boot Monitor CLI

dhcp Enables or disables the SA8220’s use of DHCP. When DHCP is

enabled, the SA8220 receives its configuration parameters from the DHCP server at startup. When DHCP is di sabled, the SA8220 ignores the DHCP server, and so it must be manually configured at restart. Respond to the prompt with

y to enable, or n to disable. DHCP is

disabled by default. Example:

monitor> dhcp Enable DHCP (yes, no)? [no] --->

dir Displays the list of saved boot configuration files.

dns Specifies the domain and (optionally) nameserver(s). The system

prompts you for the required information. Example:

Would you like to configure DNS (yes, no)? [no] ---> monitor>dns Would you like to configure DNS (yes, no)? [no] --->yes Enter Domain name (‘-’ to cancel)

--->mydomain.com Enter the IP Address of the Primary name serve r (‘-’ to cancel) --->10.6.3.5 Specify additional name server ( <return> to end ) --->10.6.3.10 Specify additional name server ( <return> to end ) --->

dual Selects single or dual NIC operation.

Example:

monitor>dual Enable dual NIC operation (yes, no) [no] --->

C H A P T E R 3 HP Traffic Director Server Appliances User Guide

factory_reset Resets the system to factory defaults, listed below.

NOTE: The first boot after a

factory_reset

command or a new installation will prompt you for the root password. Also, the

factory_reset

command does not delete

Parameter Setting

All added user accounts Deleted Policy groups, services, and servers Deleted Route parameters Deleted

saved configuration files.

CLI parameters Deleted IP address Deleted Default route Deleted Hostname Deleted Domain Deleted Name servers Deleted

DHCP Disabled Dual NIC Disabled Failover mode Disabled Autoboot Disabled Autoboot timeout 5 seconds Added hosts in the host file Deleted New root password on next boot Forced Rich bias Enabled Static routes Deleted

C H A P T E R 3 Using the Boot Monitor CLI

failover Specifies the SA8220’s failover method. Three failover options are

available:

• disabled: no failover method will be used

• serial: serial cable failover will be used

• route: router failover will be used

Example:

monitor>failover Specify failove r method (disabled, se rial, route): [disabled] --->serial Checking for fail over unit... Failover unit not detected or may not be configured. Is this machine Primary or Backup? [Primary] ---> Enter the Network side Online IP Address

---> Enter the Server sid e Online Address

--->10.6.5.200 Enter the Network side Online hostname

--->net-onlinehost Enter the Server sid e Online hostname

--->serv-onlinehost Serial failover successfully configured

10.6.3.200

gateway Specifies the default gateway.

Example:

monitor>gateway Enter default gateway: --->10.6.3.1

help Lists all Boot Monitor commands or optionally displays syn tax for a

specified command. Example:

gateway Set default gateway interface Configure network interface card

C H A P T E R 3 HP Traffic Director Server Appliances User Guide

host Sets the SA8220’s host name.

Example:

monitor>host Enter the hostname you would like to assign to the Network NIC: --->CSLab7k

info Displays the current boot configuration.

interface Configures Ethernet port parameters. Compatibility with some older

switches, hubs, or routers, may require that y ou manuall y specify th e Ethernet speed and duplex mode of the SA8220's network interface card.

Single NIC configuration example:

Auto configure the network NIC speed and duplex (yes,no)? [yes] --->no 1 - 100BaseTx 2 - 10BaseTx Select Media Type (1 or 2): [1] ---> Use Full Duplex? [n] --->n

Dual NIC configuration example:

Auto configure the Network side NIC speed and duplex (yes,no)? [yes] ---> Auto configure th e Server side NIC speed and duplex (yes,no)? [yes] --->

ip Specifies the SA8220's IP address.

Example:

monitor>ip Enter the IP address for the Network side NIC [10.6.3.21] ---> Enter the IP address for the Server side NIC [10.6.5.21] --->

C H A P T E R 3 Using the Boot Monitor CLI

load Loads a previously saved configuration file into memory.

Example:

monitor>load Select a configuration file to load from the following files. File name

-------------active.cfg backup.cfg cris.cfg

‘active.cfg’ is the last booted configuration. Enter the configu ration filename to loa d (- to cancel): [active.cfg] ---> Configuration loaded: active.cfg

netmask Specifies the netmask.

Example:

monitor>netmask Enter Netmask for Network side NIC [255.255.255.0] ---> Enter Netmask for Service side NIC [255.255.255.0] --->

rich-bias

(not available on the

SA7200)

Optimizes RICH_HTTP serv ice performance. If your RI C H_HTT P service responses consist mostl y of files gr eater than 8K, the enable d (default) setting of

rich_bias will optimize performance. If your

site is experiencing performance problems and the RICH_HTTP service responses are less than 8K, you may want to disable

rich_bias.

This command has no effect on SSL terminated connections. Example:

monitor>rich_bias Unit is currently ‘RICH_Biased’, change it (yes, no) [no] ---> RICH_Biased (enable, disable) [enable]

--->

disable

yes

C H A P T E R 3 HP Traffic Director Server Appliances User Guide

save Saves the current configuration. Changes made during the current

Boot Monitor session are lost unless you use the

save command.

Example:

monitor>save

List of currently saved configuration file(s). You may save over an exi sting configurati on file or enter a new name. File name

------------active.cfg bckup.cfg cris.cfg

‘active.cfg’ is the last booted configuration. Enter configura tion file name (- to cance l): [active.cfg] ---> -monitor>

settime Selects a method for setting the SA8220’s system time and date. If

you select NTP, you will be prompted for the IP address of the NTP server(s) you want to use. If you set the date manually, you will be prompted first for the timezone, then for the date in 24-hour format.

NOTE: Example 1 is for setting the time usin g Greenwich Mean Time (GMT). For example, the GMT-14 timezone is GMT minus 14 hours.

Example, with NTP:

monitor>settime Use NTP? [enable] ---> Enter IP address of NT P server or <return> to end: ---> Enter IP address of NT P server or <return> to end: ---> Enter IP address of NT P server or <return> to end: --->

209.218.240.1

209.218.240.238

Example 1, without NTP (manual setting):

monitor>settime Use NTP? [disable ] --->

Select TIMEZONE s to list (GMT, US, Other or q to quit: [GMT] --->GMT

C H A P T E R 3 Using the Boot Monitor CLI

Select a TIMEZONE from the ‘GMT’ list.

1) GMT-14 2) GMT-13 3) GMT-12

4) GMT-11 5) GMT-10 6) GMT-9

7) GMT-8 8) GMT-7 9) GMT-6

10)GMT-5 11)GMT-4 12)GMT-3

13)GMT-2 14)GMT-1 15)GMT

16)GMT+1 17)GMT+2 18)GMT+3

19)GMT+4 20)GMT+5 21)GMT+6

22)GMT+7 23)GMT+8 24)GMT+9

25)GMT+10 26)GMT+11 27)GMT+12

Select a number betw een 1 and 27 (q to quit)--->2

Selected TIMEZONE ‘GMT-13’ The current time is no w: Fri Sep 29 05:38:38 GMT-13 2000

Enter the year (YYYY): [2000] ---> Enter the month (MM): [09] ---> Enter the day (DD): [29] ---> Enter the hour (HH): [05] ---> Enter the minute (MM): [38] ---> Enter the seconds (SS): [38] ---> Fri Sep 29 05:38:38 GM T-13 2000

NOTE: Example 2 is for setting the time usin g United States time (US).

Example 2, without NTP (manual setting):

monitor>settime Use NTP? [disable] -- ->

Select TIMEZONE s to list (GMT, US, Other or q to quit: [GMT] --->US

Select a TIMEZONE from the ‘US’ list.

1) Alaska 2) Aleutian 3) Arizona

4) Central 5) Eastern 6) Hawaii

7) Indiana-East 8) Indiana-Starke 9) Michigan

10)Mountain 11)Pacific 12)Somoa

Select a number betw een 1 and 12 (q to quit): [11}--->5

C H A P T E R 3 HP Traffic Director Server Appliances User Guide

Selected TIMEZO NE ‘Eastern’ The current time is no w: Sat Oct 28 23:59:42 2000 Enter the year (YYYY ): [2000]---> Enter the month(MM): [10]---> Enter the day (DD): [28]--->29 Enter the hour (HH): [23]--->01 Enter the minute (MM ): [59]-->57 Enter the seconds (SS): [39]---> Sun Oct 29 01:57:39 ED T 2000

Example 3, without NTP (manual setting):

NOTE: Example 3 is for setting the time using any timezone OTHER THAN GMT or US.

monitor>settime Use NTP? [disable] -- ->

Select TIMEZONE s to list (GMT, US, Other or q to quit: [GMT] --->O

Select a TIMEZONE from the ‘Other’ list.

1) Bangkok 2) Belfast 3) Belgrade

4) Berlin 5) Brussels 6) Copenhagen

7) Hongkong 8) Israel 9) Japan

10)London 11)Madrid 12)Manila

13)Paris 14)Poland 15)Portugal

16)Prague 17)Rome 18)Singapore

19)Stockholm 20)Turkey 21)Warsaw

22)Zulu 23)Zurich

Select a number betw een 1 and 23 (q to quit): [10]--->22

Selected TIMEZO NE ‘Zulu’ The current time is no w: Sat Oct 28 23:59:42 2000 Enter the year (YYYY ): [2000]---> Enter the month(MM): [10]---> Enter the day (DD): [28]--->29 Enter the hour (HH): [23]--->01 Enter the minute (MM ): [59]-->57 Enter the seconds (SS): [39]---> Sun Oct 29 01:57:39 ED T 2000

C H A P T E R 3 Using the Boot Monitor CLI

setup Initiates the SA8220’s setup procedure. The system displays prompts

for all inputs necessary to initialize it. Example:

monitor>setup Enable dual NIC operation(yes,no)? [no] ---> yes Autoconfigure the Network side NIC speed and duplex? (yes,no)? [y es] ---> Autoconfigure the Server side NIC speed and duplex? (yes,no)? [y es] --->

DHCP is disabled for dual NIC operation.

Enter the hostname you would like to assign to the Network NIC: ---> Enter the IP address for the Network side NIC

--->10.6.3.21 Enter the IP address for the Server side NIC

--->10.6.5.21 Enter the Netmask for the Network side NIC

--->255.255.255.0 Enter the Netmask for the Server side NIC

--->[255.255.25 5.0] --->255.255.255.0 Enter default gateway: --->10.6.3.1 Would you like to configure DNS (yes, no)? [no]

--->DNS not configured. Specify failove r method (disabled, se rial, route): [disabled] ---> Set Autoboot? (yes,no) [no] --->

CSLab7k

C H A P T E R 3 HP Traffic Director Server Appliances User Guide

static_routes Deletes and adds any number of static IP routes. Shows the current

static IP routes (if any) when the function is entered. You are prompted for the destination and gateway IP addresses. The

info

command will show any static IP routes that are known to the Boot Monitor, and

factory_reset will remove all static IP routes as

part of its cleanup. Example:

monitor>static_routes

Static Route information.

Enter Static rout e (1) dest IP(- to del, q to quit): --->10.7.16.5 Enter Static rout e (1) gate IP(- to del, q to quit): --->10.8.15.40

Enter Static rout e (2) dest IP(- to del, q to quit): --->10.7.18.50 Enter Static rout e (2) gate IP(- to del, q to quit): --->10.8.15.40 Enter Static rout e (3) dest IP(- to del, q to quit): --->q {2} Static Route( s).

version Displays software version information.

Example:

monitor>version Product: HP SA7220 Version: 2.4 Patch Level: 0.1 Build: 40

Graphical User Interface

This chapter covers the following topics:

NOTE: For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models.

• Before You Begin

• Logon Screen

• Topology Screen

• Policy Manager Screen

• Administration Screen

• Configuration Screen

• Tools Screen

• Statistics Screen

C H A P T E R 4 HP Traffic Director Server Appliances User Guide

Before You Begin

NOTE: Some functions and features are not available in the GUI.

The HP e-Commerce Traffic Director Server Appliance SA8200/ SA8220s and HP Traffic Director Server Appliance SA7200/ SA7220s have features and functions that are controlled through either the browser-based Graphical User Interface (GUI), as discussed in this chapter, or the Command Line Interface (CLI), as discussed in Chapter 5.

In order to use the insi de IP or inside online IP for admi nistration , the client must be on the same subnet as the inside interface, or must have an alternate path back through the outside interface.

C H A P T E R 4 Logon Screen

Logon Screen

To access the various GUI services available to you on the SA8220, you must first log on to the system as described in this section.

Logging on to the GUI

NOTE: If Internet Explorer* 5.01 (or later) is your browser, you must add a trailing slash (/) to the URL, as shown in step (2). Also, the default GUI port (1095) can be changed. For details, please see “GUI Tab” in this chapter.

1. Launch your browser.

2. In your browser’s Address or Location field, type the SA8220’s address and specify port 1095. For example:

http://system_name:1095/

where system_name is the actual name or IP address of your SA8220.

3. Press Enter. The Logon screen displays, as shown below.

Logon Screen

C H A P T E R 4 HP Traffic Director Server Appliances User Guide

NOTE: The factory default for both the user name and password is

admin (lowercase

required). To change them, please see “Users Tab” in this chapter.

4. In the space provided, type your User name.

5. In the space provided, type your Password.

6. Click Logon. The Topology screen displays, as shown on the next page. The

number of server icons varies, depending upon your network configuration.

C H A P T E R 4 Topology Screen

Topology Screen

Using the Topology Screen

Topology Screen

Purposes of the Topology Screen

• Displays a graphical representation of the current topological relationships between the SA8220 and network servers. The SA8220’s status and Serial Cable failover , i f configured, are also reflected here.

• Serves as a gateway to the Administration and Policy Manager screens, and the Configuration and Tools screens.

C H A P T E R 4 HP Traffic Director Server Appliances User Guide

Topology Screen Toolbar

Policy

Back

Administration

Manager

Log File

Configuration

Tools

Statistics

Topology Screen Toolbar

Located at the top left of the window, the toolbar is shown above. The toolbar’s buttons, from left to right, are described below:

• Back returns you to the previous screen. From the T opo lo gy screen, this will log you off the system and return you to the logon screen.

• Configuration displays the Configuration Screen

• Administration displays the Administration Screen

• Tools displays the Tools Screen

• Policy Manager displays the Policy Manager Screen

• Statistics displays the Statistics Screen

• Log File displays the SA8220's log file.

Online Help

Online Help Button

Located at the top right of the window, the Help button is shown iabove. Click Help to display the online help file.

C H A P T E R 4 Topology Screen

Topology Screen Elements

SA8220 Icon

The SA8220 is represented onscreen by a horizont al "rack unit" icon, as shown above.

• Right-clicking on the SA8220 icon displays a popup menu that can take you to other screens.

• Double-clicking the SA8220 icon takes you to the Policy Management screen by default, but this can be changed in the Administration screen (please see “Administration Screen” in this chapter).

Server Icon

Servers are represented onscreen by vertical "tower case" icons, as shown above.

• Right-clicking on a server icon displays a popup menu that can take you to other screens.

• Double-clicking the server icon takes you to the Statistics screen by default, but this can be changed in the Administration screen (please see “Administration Screen” in this chapter).

C H A P T E R 4 HP Traffic Director Server Appliances User Guide

Window Controls

Slider Control

To resize the Topology screen elements, click and drag the slider control located in the upper right hand corner of the screen, as shown above.

• Move the slider control to the far right, as shown above, for the largest display.

• Move the slider control to the far left for the smallest display.

Background Zoom and Refresh Control

The Topology screen elements can also be resized by right-clicking on the background of the screen. The popup menu shown above displays onscreen.

• Zoom In enlarges the display an d is t he equi va lent of moving the slider control to the right.

• Zoom Out reduces the display and is the equ ivalent of moving the slider control to the left.

• Refresh Display updates the Topology screen.

C H A P T E R 4 Policy Manager Screen

Policy Manager Screen

When you double-click a SA8220 icon in the Topology screen (or right-click and select Policy Management), the Policy Manager screen displays, as shown below.

Policy Manager Screen

The Policy Manager consists of a series of screens with multiple tabs that includes the controls used in the implementation of Policies. The discrete items created, alte re d, and deleted in the course of Policy management are listed below:

• Policy Groups

• Services

• Servers

C H A P T E R 4 HP Traffic Director Server Appliances User Guide

Policy Manager Controls and Displays

Policy Manager Toolbar

The Policy Manager screen contains two main regions, as described below:

• The Policies display, on the left side of the Po licy Manager screen

• The Details display, on the right side of the Policy Manager screen

The relative sizes of the Policies and Details displays are adjustable by clicking and dragging the vertical line between the panels. The Policies display includes existing Policy Groups, Services, and Servers, reflecting the previously mentioned hierarchy. The Details display includes controls and status displays relating to the item selected in the Policies display, and changes according to the type (Policy Group, Service, or Server) of the it em selected. If a Ser vice or Server is selected, then the Details screen contains two tabs, each containing related controls.

The three types of items form a hierarchy: policy groups contain Services. Services in turn contain Servers. A lower hierarchy item cannot be created unless its immediately superior type exists, t hat is, a policy group must exist before you can create a Service, and a Service must exist before you can create a Server.

New Policy Group

New Server

New Service

Policy Manager Toolbar

Delete Selected Item

C H A P T E R 4 Policy Manager Screen

The Policy Manager toolbar contains three bu ttons for creating Policy Groups, Services and Servers, and one button to delete the currently selected item, regardless of its type. The toolbar’s buttons are enabled or disabled (dimmed) according to the type of ite m selected in the Policies display.

Policy Manager’s Pop-up Menu

Policy Groups

You can display the Policy Mana ger’s pop-up menu, shown below, by right-clicking in the Policies display.

Display Commands

Sort Commands

Create/ Delete Commands

Policy Manager’s Pop-up Menu

Services are virtual resou rces provided to a client. However, Services

can exist only in the context of Policy Groups. Policy Groups are regarded as containers used to organize Services. Therefore, before Services can be defined, Policy Groups must be created to contain them.

The Policy Manager's Policy Group Details screen provides two functions:

• Naming of newly created Policy Groups

• Enabling or disabling of the selected Policy Group's throttling

function

C H A P T E R 4 HP Traffic Director Server Appliances User Guide

Creating Policy Groups

You can create Policy Groups in either of two ways:

1. Click New Policy Group, in the left of the Policy Manager toolbar, or

2. Right-click to display the menu, then select the New Policy Group command.

A new Policy Group icon and the De ta il screen displays in the Policies display, as shown below.

NOTE: The names of existing Policy Groups cannot be changed.

Adding a New Policy Group

3. T ype a name for the new Policy Group in the Policy Group Name field. Policy Group names must adhere to the following conventions:

• From 1 to 25 characters in length

• Any alphanumeric character

• Other eligible characters include hyphens ("-"), p eriods ("."), and

underscores ("_")

• Spaces must not be used. Within these restrictions, the naming of Policy Groups is at your

discretion, though convenient naming schemes might include serial names ("Group1," "Group2," etc.), or names that reflect a Policy Group’s content, such as "e-CommerceGrp" or "HTTP_Group."

C H A P T E R 4 Policy Manager Screen

Naming the New Policy Group

4. To accept the specified name, click Apply. The new Policy Group’s new name displays in the Policies display.

When the new Policy Group name displays, Create Service (see above), becomes available. This reflects the fact that Services cannot be created unless at least one Policy Group already exists.

Throttling

When throttling is enabled, requests to eligible serve rs in lowerpriority services are stopped until response times of higher priority services are met, or all eligible servers have been throttled. An eligible server is one that is shared by both higher and lower priority services. Throttling affects all services within a Policy Group.

To enable or disable throttling for the selected Policy Group, follow the steps below:

1. Select the Enable S erver T hrottling check bo x (see figure above).

2. Click Apply.

Deleting Policy Groups

To delete a Policy Group, follow the steps below:

1. In the Policies display, click to select the name of the Policy Group to be deleted.

2. In the Policy Manager toolbar, click Delete (X), or right-click to display the menu and click the Delete Selected Item command.

C H A P T E R 4 HP Traffic Director Server Appliances User Guide

Services

Once a Policy Group exists, you can create Services.

Creating Services

Follow these steps to create a Service:

1. In the Policies display, click to select a Policy Group.

2. In the Policy Manager toolbar, click New Service, or right-click in the Policies display and select New Service from the pop-up menu.

The Service Details ta b displays in the Details screen, as shown below.

NOTE: All fields mentioned in steps (3) through (6) become readonly after the service is created.

Service Details Tab

3. In the Service Name field, Type a name for the service.

4. From the Service Type pull-down menu, click the desired Service type. The choices are HOT TCP (the default), or RICH_HTTP.

C H A P T E R 4 Policy Manager Screen

5. From the Virtual IP pull -down menu, click the desired Virtual IP (VIP) address. If there are no VIPs in the menu, or if the desired one is absent, type it in.

NOTE: The VIP/port combination must be unique.

6. Type a port in the Port field. The port is the listening port fo r incoming connections, and you can select port numbers between 1 and 65535.

7. When you have finished f illing in the f ields in t he Service Details tab, click Apply.

The Policies display now reflects the name of the new Service below the name of the Policy Group from which it was created.

Additional Service Tab Controls and Displays

The items listed below can be changed after the Service has been created.

Control or Display Description Enabled

Priority

Duplicate SYN Timeout

Select this check box to activate the selected Service. Clear the check box to disable the Service.

Services within a single P olicy Group can be pri oritized. The SA 8220 assures more server resources to Services with high priority numbers than to those with lower numbers. The Priority setting is an integer from 1 (highest priority) to 5 (lowest priority), and the default is 1.

This value is the time interval (in microseconds) after which the fulfillment server is declared dead if the dynamically calculated number of duplicate SYNs (lost packets) to that server is detected. You can specify a value from 1000 to 2,147,483,647, and the default is 500,000.

Server Timeout (RICH only on all models except the SA7200)

Enable Backup Servers

This value is the time interval (in seconds) during which a server must respond before it is declared dead. If the server fails to respond before the end of timeout interval, the outstanding request is passed to another server. This value is only available for RICH_HTTP services.

This check box allows you to enable or disable servers designated as type "Backup" to come on line if necessary to assure target response times. For more details about servers, please see “Servers” in this chapter.

C H A P T E R 4 HP Traffic Director Server Appliances User Guide

Control or Display Description Insert Source IP in

HTTP Header (RICH only on all models except the SA7200)

Sticky Mode

NOTE: If using SSL services on the SA8200/SA8220, the SSL session ID maintains a sticky relationship when Source IP sticky is selected

Sticky Timeout

This check box specifies whether or not the Source IP address is embedded within the HTTP header information.

The SA8220 is configured to maintain a session’s state so that serial requests from a single client are allocated to the same server. This is called a "sticky" port. This setting may be disabled, based on Source IP, or based on a Cookie as described below:

Source IP: Source IP sticky mode uses the client’s source IP address to identify a series of requests to be directed to a single server.

Cookie: In cases where requests come through a proxy server, all requests display to originate from that server’s IP address, thus IP address is of no use in iden tif ying individ ual r equest ors. Coo kie st icky mode provides an active method of identifying requestors in such situations. When Cookie sticky mode is enabled, a cookie is given to requesting browsers. Subsequent requests from clients who have received cookies contain ident ifying i nformat ion al l owing t he SA82 20 to direct them to a single server. Cookie mode is available only for RICH_HTTP, so it is not available on the SA7200.

The current software version for the SA8220 treats the timeout differently for cookie versus Source IP sticky. With Source IP sticky, the timeout is reset with every connection from the client (so that the timeout is effectively an "idle time"). With cookie sticky, the timeout starts with the first connection from the client to the server, and never gets reset. When the cookie expires, even if actively being used, the next connection will be load balanced to a new server.

Protocol Status

Work around: We recommend that you set the cookie sticky timeout value to at least 1.5 times the maximum amount of time a user will expect to be stuck to a server. The default is 90 seconds

This read-only field displays the protocol of the Service (TCP). This read-only field displays the status of the selected Service

("Active" or "Inactive").

C H A P T E R 4 Policy Manager Screen

Balance Strategy

HOT Services are assigned server resources according to either of two Balance Algorithms. Click the Balance Strategy tab of the Service Details screen to displa y the Balance Algorithm controls, as shown below.

Service Balance Strategy Screen

Two Balance Algorithms are available:

• Response Time: Requests for a Service using the Response Time algorithm are forwarded to the server th at can fulfill them within the shortest time.

• Round Robin: Requests for a Service using the Round Robin algorithm are distributed evenly among the available servers.

1. From the pull-down menu, click to select the desired Balance Algorithm for the Service selected in the Policies display. If you select Response Time, type a value (in milliseconds) in the Max response time (ms) field. For more details, please see “Response- Time Metrics” in Chapter 2.

C H A P T E R 4 HP Traffic Director Server Appliances User Guide

Deleting Services

To delete a Service:

1. In the Tree, click select the name of the Service to be deleted.

2. In the Policy Manager toolbar, click Delete, or right-click to display the menu and click the Delete Selected Item command.

Servers

After you create Services, y ou must designa te, or "create" Servers to fulfill client requests for Services. As Services must exist within Policy Groups, a Server (for example, a fulfillment host) must be mapped to a Service.

To create Servers, follow the steps below:

1. In the tree, click an existing Service.

2. In the Policy Manager toolbar, Click Create Server, or right-click in the Policies display and click New Server from the pop-up menu.

The Server Details ta b displays in the Details screen, as shown below.

C H A P T E R 4 Policy Manager Screen

The Policy Manager’s Server Detail Screen

3. In the Server Name field, type an IP address or server name known to the SA8220 via DNS or static host table. This value cannot be changed after the server is created.

4. If appropriate, edit the Port field. The default value is the port number of the Service under which this Server displays in the Tree. This value cannot be changed after the server is created.

C H A P T E R 4 HP Traffic Director Server Appliances User Guide

5. From the drop down menu, click to select the desired Server Type. Available types are listed below:

• Primary: Primary servers are immediately available to

accept client requests forwarded from the SA8220.

• Backup: Backup servers are sent requests under only two

circumstances: First, when the primary servers are unable to meet the configured target response times a backup server may be used if and only if "backups" is enabled for this service. Second, backup servers are given requests when a primary server is unavailable. As primary servers become inactive, backup servers are brought into service to handle requests.

• Disabled: Renders the server unavailable to accept client

requests.

6. From the drop down menu, click to select the desired Server Mode. This command enables or disables Source Address Preservation (SAP) on the named server. When Out-of-Path Return (OPR) is enabled, the user-designated server port is ignored and the configured service server port is used. By default, SAP is enabled (and ca nnot be disa bled) when OPR is in effect.

• For more details about SAP, please see Source Address

Preservation” in Chapter 2.

• For more details about OPR, please see “Out-of-Path Return

(OPR)” in Chapter 2.

C H A P T E R 4 Policy Manager Screen

RICH Controls (all models except the SA7200)

NOTE: OPR cannot be used in conjunction with Services of type RICH_HTTP.

If the type of the Service under which you create a Server is RICH_HTTP, the Server Details tab displays some additional controls, as shown below.

Server Details Screen with RICH Controls Displayed

The RICH controls are listed below:

• Multi-hop Source Address Preservation: It is possible in

sophisticated network topologies to require that requests pass through two cascaded SA8220s. In such configurations, the SA8220 topologically closest to the clients must be configured with the MSAP feature enabled. In most configurations, the default setting (MSAP disabled) must be used.

• 606 Error Detection: "606" is a user -defined error code, that is,

you can specify an applicati on level error as a "606 error" so i t is detectable by the SA822 0. W hen 606 E r ror Det ect ion i s enabled, requests that generate a 606 error are rerouted, transparently to the client, to the next available server. When disabled, the error is sent back to the requesting client.

C H A P T E R 4 HP Traffic Director Server Appliances User Guide

• HTTP Error Detection: When HTTP Error Detection is enabled, requests that generate HTTP errors 401-405 and 500503 are rerouted, transparently to the client, to the next available server. When disabled, these errors are sent back to the requesting client.

• RICH Expression List: Expressions allow the SA8220 to parse requests at the levels of path name, file type, and filename and direct them to the appropriate server. Expressions can include wildcards. To define an expression list, type a series of expressions separated by the semicolon character into the RICH Expression List: field according to the following usage:

Valid expressions include the following:

• File type expressions, such as *.gif, or */index.html

• Path expressions, such as /home/*, or /home/images/*, or /home/

images/a*

• Unique file expressions, such as /index.html

• Wildcard expression, such as *

• The negation operator (!), e.g., !*.gif, or !*/index.html

Invalid expressions include the following:

• Text on either side of the asterisk, e.g., /index*.gif

• Expressions containing more than one asterisk, e.g., /index*.*

• Expressions containing one or more spaces or the dollar sign ($)

character

C H A P T E R 4 Policy Manager Screen

Order of Expressions (all models except the SA7200)

When using expressions in Layer 7 (RICH) operations, the order of expressions is significant only when the "not" (!) operator is used.

Expressions are described below.

Expression Yields !*.gif;* *;!*.gif

All non-GIF files All files, because after specifying “all” (*),

the !*.gif expression is never reached

!*.html;/home/*

Matches all entries of the form “/home/*” except HTML files

/home/*;!*.html

Matches all files of the form “/home/*.” The !*.html has no effect.

!/home/* !/home/*;*

No matches all matches except ones starting with "/

home."

Deleting Servers

To delete a Server:

1. In the Tree, click the name of the Server to be deleted.

2. In the Policy Manager toolbar, click Delete, or right click to display the menu and click the Delete Selected Item command.

C H A P T E R 4 HP Traffic Director Server Appliances User Guide

Administration Screen

The Administration Screen is a set of ten tabs containing the functions used to manage th e SA8220. Each tab includes cont rols and displays related to a specific category of administration tasks.

Settings Tab

Administration Screen — Settings Tab

The Settings tab includes controls used to set the following:

• System ID: Edit this field to set the unit identifi er. The SA8220s

are shipped with the unit serial number in this field. You can use this control to change the identifier if your site requ ires alternate asset tracking information. The new ID can be an alphanumeric value from 1 to 64 characters. To change this value, type the desired identifier, and then click Apply.

C H A P T E R 4 Administration Screen

• Server Verification Interval: Edit this field to change the interval in seconds at which servers are "pinged" to verify they are available and able to handle traffi c requests. (See "IRV" in the Command Line Interface chapter). The valid range for this field is 0 to 99999. A value of 0 disables IRV.

In addition to the above controls, the Settings tab also contains the following read-only displays:

• System Name: Displays the name given the SA8220 in its in itial configuration.

• MAC Address: Displays the SA8220's Media Access Control address.

• Status: The Status field displays information about the SA8220's function and failover status. For more details about status messages, please see “Status Information” in Chapter 2.

Software Tab

The Software tab contains controls and displays allowing you to perform the following tasks:

• Specify image category as either System software or Agent Software (Agent software lists software components other than the SA8220 system image that may be installed on the unit, such as the HP Multi-Site Traffic Director Server Appliance SA9200 agent).

• View the list of currently installed system software images (the SA8220 can have up to five system images installed).

• View the list of currently installed agent software ima ges (the SA8220 can have up to four agents installed in addition to those accompanying each system software image).

• Specify which of the inst al led software images is to be ac tive.

• Install or update software images.

• Delete software images.

• Enable or disable Passive FTP.

• FTP or TFTP new Multi-Site Agents to the SA8220.

C H A P T E R 4 HP Traffic Director Server Appliances User Guide

Administration Screen — Software Tab (System Software View)

System Software

The SA8220 provides sufficient local storage for five software images (though at any t ime, o nly one image is activ e and executing. ) The "System Software" a rea of the Software tab display s the list of currently installed system images, incl uding the following detai ls for each:

• Image index number

• "Active" status (yes/no)

• Product name

C H A P T E R 4 Administration Screen

• Product version number

• Patch number

• Build number

Agent Software

The SA8220 can interface with other HP units by using Agent Software images. The SA8220 provides sufficient local storage for at least five Agent software images (though at any time, only one image is enabled). To display the "Agent Software" area of the Software tab, click Agent Software, which displays the list of currently installed Multi-Site Director Agent images, as shown below.

Software Tab in Agent Software View

Details displayed for each Agent include:

• Image index number

• "Active" status (yes/no)

C H A P T E R 4 HP Traffic Director Server Appliances User Guide

• Product version number

• Patch number

• Build numbe r

• Compatible Multi- Site Traffic Director version number

Specifying the Active System Software Image To change the active system image:

1. Click System Software.

2. In the System Software box, click the image you want to activate.

3. Click Boot. The SA8220 displays a message prompting you to proceed but warning you that the SA8220 will reboot as shown below.

NOTE: You can also perform a soft reboot of the SA8220 by selecting the currently active software image an d clicking Boot.

Boot Warning Window

4. Click Yes. As the SA8220 reboots, the screen shown below displays.

Reboot Screen

You must close all browser windows to ensu re your browser uses the newly activated Administration Application.

5. Wait three to five minutes for the SA8220 to finish rebooting, and then run the administration application.

6. Go to the Software tab of the Administration screen and verify that the "Active" column of the selected image displays yes.

C H A P T E R 4 Administration Screen

Installing Software Images You can download and install new system and agent software images

for the SA8220 using the controls in the Update Software box at the bottom of the Software tab.

Downloading a System Software Update

NOTE: A key is not required to obtain Agent Software.

1. To download the new image, contact HP Customer Support or your System Administrator to obtain the URL, Key, User, and Password information.

For more details about software installation and updates, please see Software Updates and Upgrades” in Chapter 8.

Deleting Software Images To delete a software image from th e list of installed images:

1. In the Software View box, click the software type to be deleted.

2. In the Installed Software box, click the image to be deleted.

3. Click Delete. The SA8220 prompts you to co nfi rm that you want to delete the selected image, as shown below.

Delete Image Confirmation (System View)

C H A P T E R 4 HP Traffic Director Server Appliances User Guide

4. Click Yes. If you selected Agent Software, the prompt shown below

displays.

Delete Image Confirmation (Agent View)

5. Click Yes.

HP sa7220 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Introduction

Introduction to the Traffic Director Server Appliances

Assumptions

Benefits

Specifications

Typographic Conventions

Theory of Operations

General Operating Principles

Services

Layer 4 (HOT) Services

Layer 7 (RICH) Services (all models except the SA7200)

Out-of-Path Return (OPR)

FTP Limitations

Sticky Options

Sticky Persis te nce

Sticky-timeout

Server-timeout (SA8200/SA8220 only)

SSL and Sticky (SA8200/SA8220 only)

Grouping Services

SSL Acceleration (SA8200/ SA8220 only)

SSL Fundamentals (SA8200/ SA8220 only)

Application Message Traffic Management

HTTPS Redirect

Client Authentication

HTTP Header Option Fields

Load Balancing Across Multiple Servers

Balancing Algorithms

Response-Time Metrics

Primary and Backup Servers

Server Configuration Options

Source Address Preservation

Multi-hop Source Address Preservation

RICH Expressions (not available on the SA7200)

Order of Expressions (not available on the SA7200)

Routing with Dual Interfaces

Prioritization and Policy Groups

Routing Method for VIP Addresses

Error Detection

Server Status Detection

HTTP Error Detection

Serial Cable Failover

Serial Cable Failover Configuration

Replicating the Configuration

Status Information

Boot Monitor

Using the Boot Monitor CLI

System Requirements

Accessing the Boot Monitor

Interrupting the Bootup Sequence

Using the Run Time CLI

Boot Monitor Commands

Graphical User Interface

Before You Begin

Logon Screen

Logging on to the GUI

Topology Screen

Using the Topology Screen

Purposes of the Topology Screen

Topology Screen Toolbar

Online Help

Topology Screen Elements

Window Controls

Policy Manager Screen

Policy Manager Controls and Displays

Policy Manager Toolbar

Policy Groups

Creating Policy Groups

Throttling

Deleting Policy Groups

Services

Creating Services

Additional Service Tab Controls and Displays

Balance Strategy

Deleting Services

Servers

RICH Controls (all models except the SA7200)