Page 1 e-commerce/ xml server accelerator sa7150 user guide...
Page 2 Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett-Packard.
Page 3: Table Of Contents
Table of Contents Chapter 1: Introduction Introduction to the SA7150..........1 Assumptions .
Page 4 C O N T E N T S HP e-Commerce/XML Server Accelerator SA7150 User Guide Console Connection ..........11 Using HyperTerminal* .
Page 5 Table of Contents Exporting a Key/Certificate from a Server ......37 Apache Interface to Open SSL* (mod_ssl)......37 Apache SSL*.
Page 6 C O N T E N T S HP e-Commerce/XML Server Accelerator SA7150 User Guide Scenario 4—Cascaded SA7150s......... 63 Initial Configuration.
Page 7 Table of Contents Telnet and Windows 2000 ......... . 116 Local Serial Console .
Page 8 C O N T E N T S HP e-Commerce/XML Server Accelerator SA7150 User Guide UTL Alarm CLI commands ........136 OVL: Overload Alarm .
Page 9 Table of Contents Appendix D: Regulatory Information Taiwan Class A EMI Statement ........165 VCCI Statement .
Page 10 C O N T E N T S HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes...
Page 11: Chapter 1: Introduction
Introduction Introduction to the SA7150 The HP e-Commerce/XML Server Accelerator SA7150 provides the flexibility to analyze Extensible Markup Language (XML) traffic according to content and distribute it according to user-defined parameters. The SA7150 is positioned in the network in front of business-to-business (B2B) XML servers, where it detects and parses XML messages or transaction data.
Page 12: Assumptions
C H A P T E R 1 HP e-Commerce/XML Server Accelerator SA7150 User Guide Assumptions It is assumed that you are a network administrator and that you have at least a basic understanding of the following: • XML usage and syntax Networking concepts and terminology •...
Page 13: Specifications
C H A P T E R 1 Specifications Feature Benefits Offloads XML distribution Helps maximize server investment decisions from e-Business servers Easy, drop-in installation between No additional hardware or software needed router and server SA7150 Features Specifications Specification Description Servers supported Most Web servers (Apache*, Microsoft*, Netscape*, etc.) Most operating systems (UNIX*, Solaris*, Windows NT*, BSD*/...
Page 14 C H A P T E R 1 HP e-Commerce/XML Server Accelerator SA7150 User Guide Specification Description Dimensions Mounting: Standard 19-inch rack mount Height: 1.75 inches (4.45 cm) Width: 16.73 inches (46.99 cm) Depth: 18.5 inches (4.45 cm) Weight 8 pounds (3.64 kg) Interface connections 10/100 Ethernet TTY Serial - console...
Page 15: Typographic Conventions
C H A P T E R 1 Typographic Conventions Typographic Conventions The following typographic conventions are used throughout this User Guide: NOTE: This is an NOTES clarify a point, emphasize vital information, or describe example of a note. options, alternatives, or shortcuts. Except for those within tables, notes are always found in the left margin.
Page 16 C H A P T E R 1 HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes...
Page 17: Chapter 2: Installation And Initial Configuration
Installation and Initial Configuration Parts Checklist Ensure that the items listed below are included in the shipping box: HP e-Commerce/XML Server Accelerator SA7150 • • HP e-Commerce/XML Server Accelerator SA7150 Quick Start Guide HP e-Commerce/XML Server Accelerator SA7150 User Guide •...
Page 18: Additional Requirements
C H A P T E R 2 HP e-Commerce/XML Server Accelerator SA7150 User Guide Additional Requirements Before you begin installation, acquire or prepare the following: • IP address for SA7150 (Only if you intend to use the SA7150’s Remote Management capabilities. Please see Chapter 6 for details.) •...
Page 19: Physical Installation
C H A P T E R 2 Physical Installation Physical Installation WARNING: Do not The SA7150 is physically installed in either of two ways: remove the device’s • In a standard 19” rack, cantilevered from the provided mounting cover. There are no user- brackets serviceable parts inside.
Page 20: Free-Standing Installation
C H A P T E R 2 HP e-Commerce/XML Server Accelerator SA7150 User Guide Free-Standing 1. Attach the provided self-adhesive rubber feet to the SA7150’s bottom. Installation 2. Place the SA7150 on a flat surface and make sure that there is adequate airflow surrounding the unit (allow at least one inch of air space on all sides).
Page 21: Console Connection
C H A P T E R 2 Physical Installation 4. At this point both the Network and Server LEDs should be steadily illuminated. If not, please see Chapter 9, “Troubleshooting.” XML Server 1 XML Server 2 hub/switch hub/switch HP e-Commerce/XML Server Accelerator SA7150 Default Server Wiring Connections...
Page 22: Using Hyperterminal
C H A P T E R 2 HP e-Commerce/XML Server Accelerator SA7150 User Guide 4. Click the OK button. The COM1 Properties panel appears. Set the values displayed here to 9600, 8, none, 1, and none. 5. Click the OK button. Using If you’re using HyperTerminal* you must make the following configuration change:...
Page 23: Accessing The Command Prompt
C H A P T E R 2 Physical Installation Accessing the After the SA7150 boots up, the password prompt appears. Command 1. Type admin at the password prompt and press Enter to access the prompt: Prompt Password: admin (password is not echoed at prompt) Current date: 2000 11/01 05:01 HP SA7150>...
Page 24 C H A P T E R 2 HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes...
Page 25: Chapter 3: Theory Of Operation
Theory of Operation This chapter discusses the general operating principles for the HP e- Commerce/XML Server Accelerator SA7150. For details about the SA7150 command set, please see Chapter 5. For information about completing typical, specific tasks, please see Chapter 4. XML Operations The HP e-Commerce/XML Server Accelerator SA7150 provides a powerful means of using XML technology to facilitate Business-to-...
Page 26 C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide bother to examine the document for XML content, but simply passes the document to the “mapped” server (i.e., the one with the IP address and network port of the incoming message). XML expressions are the “fine”...
Page 27: General Considerations
C H A P T E R 3 XML Operations Which XML elements, attributes, or text and HTTP fulfillment • locations contained or identified in the anticipated XML traffic should be used for XML pattern matching? Which servers will be assigned the XML patterns that you •...
Page 28: Xml Data Model
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Server mappings are created using the create map command. Typically, a map specifies a Key ID for SSL encryption and decryption, as in the example following. HP SA7150>...
Page 29: Uri Expressions In Xml Patterns
C H A P T E R 3 XML Operations Where: • employee name address, street, city, state, are the elements of the XML document. • , and are the attributes of the lastName firstName initial element, name • 13280 Evening Creek Dr, San Diego, California, are the text components of the elements, 92128 street,...
Page 30: Negation Operator
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Negation Operator The “*” and “!” operators are allowed in URI expressions, but they can exist only at the beginning or end of an expression. Also, a positive expression must appear after a not (!) expression, otherwise the (!) expression has no effect.
Page 31 C H A P T E R 3 XML Operations An XML expression’s first element must be preceded by a step operator. Step Name Description Operator Child Selects all immediate children of the context node operator Descendant Selects elements at any level under the context node operator XML Step Operators The node to the left of the last step operator in an XML expression is...
Page 32: Attributes
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Comparison operators allow the SA7150 to look for specific values in the XML data tree and compare them with corresponding values in your preconfigured XML patterns. An XML pattern might look like this: URI Expression: */hr.asp XML Expression: //address[zip >...
Page 33: Filters
C H A P T E R 3 XML Operations Filters Filters are identified by a FilterExpression enclosed within square brackets, [ ]. These define a pattern within a pattern following this general structure: ( (’/’ | ’//’) Element )? [ FilterExpression Filter expressions are applied to every element returned by the preceding path pattern.
Page 34: Boolean Operators
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Boolean Operators Boolean operators are logical operators between expressions. These operators are used in the PathExpression and the FilterExpression, as shown below. PathExpression BooleanOperator PathExpression •...
Page 35 C H A P T E R 3 XML Operations required arguments. Wrong numbers of arguments or arguments not of the required type result in errors. The result of the FunctionCall expression is the result returned by the function. Function Description starts-with(value, The starts-with function tests whether the string value of value starts the...
Page 36: Values
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Values Values are used to specify the right operand of a comparison expression, and can be either literals (e.g., a string) or numeric values. Literals must be enclosed in either single or double quotes. If the literal string contains single quotes, double quotes should be used to enclose the string.
Page 37: Xml Pattern Creation
C H A P T E R 3 XML Operations XML Pattern Creation XML patterns are created with the create pattern command. Because each pattern is assigned to a specific server, the command’s syntax requires that a server be specified. HP SA7150>...
Page 38: Mapped Server
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide HP SA7150> show pattern Server: std Pattern ID Pattern ========== ========= * & //std Server: gold Pattern ID Pattern ========== ========= * & //gold * & //order [amount>1000] Server: silver Pattern ID Pattern...
Page 39: Default Keyword
C H A P T E R 3 XML Operations Default Keyword The keyword default can be used as an XML pattern’s XML expression component to catch cases not covered by active XML patterns with specific XML expressions. To illustrate, imagine you have a number of active XML patterns assigned to different servers, each with the same URI expression (orders.asp) but with different XML expressions.
Page 40: Xml "Well-Formed" Check
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide The table below illustrates ways in which XML messages are handled depending on which component of XML patterns match and whether a default XML server is configured. Default XML Server Default XML Server Configured...
Page 41: Network Configurations
C H A P T E R 3 Network Configurations Network Configurations Single Server The HP e-Commerce/XML Server Accelerator SA7150 is typically used with multiple servers although it can support multiple applications running on separate ports of a single server. In single server configurations the SA7150 is connected to the network between the router and the server.
Page 42: Multiple Sa7150S And Cascading
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Multiple Scalability and Cascading SA7150s and The SA7150’s capabilities are scalable by chaining, or “cascading,” Cascading multiple SA7150s together. In such configurations, each unit’s server side connector is wired to the network side connector of the next SA7150 in line.
Page 43: Ssl Operations
C H A P T E R 3 SSL Operations SSL Operations Keys and Certificates CAUTION: The SA7150 In addition to its XML processing capabilities, the SA7150 provides comes with default keys powerful SSL (Secure Socket Layer) decryption and encryption and certificates for test processing.
Page 44: Obtaining A Certificate From Verisign* Or Other Authority
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide To paste an item (key, certificate signing request, etc.) into HyperTerminal*: 1. Display the item in the appropriate application window, then click and drag to select the item. 2.
Page 45 C H A P T E R 3 SSL Operations Certifying authorities have specific guidelines on how to answer each of the questions. These guidelines may vary by certifying authority. Please refer to the guidelines of the certifying authority to whom you submit your Certificate Signing Request (CSR).
Page 46 C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide In this example, xmodem is used to send the CSR to a PC connected to the console port. HP SA7150> export sign mywebserver Export protocol: (xmodem, ascii) [ascii]:xmodem Use Ctrl-x to kill transmission Beginning export...
Page 47: Using An Existing Key/Certificate
C H A P T E R 3 SSL Operations -----BEGIN CERTIFICATE----- MIIDKDCCAtKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCB nDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQ4wDAYD VQQHEwVQb3dheTEaMBgGA1UEChMRQ29tbWVyY2Ug -----END CERTIFICATE----- <Enter> ... <Enter> Import successful! HP SA7150> 5. Create mapping for Server 1. Use the create map command to specify the server IP address, ports, and keyID. HP SA7150>...
Page 48: Apache Ssl
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide For certificate: 1. Look in $APACHEROOT/conf/httpd.conf for location of *.crt file (certificate). 2. Copy and paste the certificate file. Apache SSL* For key: 1. Look in $APACHESSLROOT/conf/httpd.conf for location of *.key file.
Page 49 C H A P T E R 3 SSL Operations -----BEGIN RSA PRIVATE KEY----- MIIBOgIBAAJBALGOlBH14vIdtfuA+UnyRIoKya13ey8m j3GDQakdwoDJALu+jtcC S9dPdwp6zctsZeztn/ewPeNamz3q8QoEhY8CawEA -----END RSA PRIVATE KEY-----<Enter> ... <Enter> Import successful! HP SA7150> 2. Use the import cert command with the keyID. As with import key, choose an import protocol for importing the key. Use the default to “paste.”...
Page 50: Creating A New Key/Certificate On The Sa7150
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide 4. Save the configuration when the server has been mapped. HP SA7150> config save Saving configuration to flash... Configuration saved to flash HP SA7150> Creating a new Use the create key and create cert commands to create new keys and certificates for SA7150 operation.
Page 51: Global Site Certificates
C H A P T E R 3 SSL Operations 3. Create a server mapping. Use the create map command to specify the server IP address, ports, and keyID. HP SA7150> create map Server IP (0.0.0.0): 10.1.1.30 SSL (network) port [443]: Cleartext (server) port [80]: KeyID to use for mapping: mywebserver 4.
Page 52: Global Site Certificate Paste Procedure
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Root* and VeriSign Class 3*. When a requesting browser receives a global site certificate along with an intermediate CA certificate, the browser’s root certificate is used to validate the intermediate CA certificate, which in turn is used to validate the global site certificate, thus letting the browser know that it can renegotiate the connection to use 128-bit encryption.
Page 53: Redirection: Clients And Unsupported Ciphers
C H A P T E R 3 Redirection: Clients and Unsupported Ciphers mMMrSPVyzWgNGrN0Y7uxWLaYRSLsEY3HTjOLYlohJGya wEK0Rak6+2fwkb4YH9VIGZNrjcs3S4bmfZv9jHiZ/ 4PC/ NlVBp4xZkZ9G3hg9FXUbFXIaWJwfE22iQYFm8hDjswMK NXRjM1GUOMxlmaSESQeSltLZl5lVR5fN5qu -----END CERTIFICATE-----<Enter> ...<Enter> Import successful! HP SA7150> Redirection: Clients and Unsupported Ciphers NOTE: The user must When a client that does not support the selected cipher suite attempts provide the redirect URL to connect to the SA7150, the default behavior is to reject the and ensure that it is...
Page 54: Client Authentication
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide To disable a redirect URL for a mapping: HP SA7150> set redirect 2 none HP SA7150> show redirect 2 Redirect URL for map 2 is not set Client Authentication The SA7150 supports only one root CA certificate per mapping.
Page 55: Creating A Client Ca Certificate Using Openssl
C H A P T E R 3 Client Authentication Verify the import by using the list map command again. Note that the Client Auth column now shows client authentication for Map ID 2 enabled. HP SA7150> list map Cipher Re- Client well ID KeyID...
Page 56: Ssl Processing
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide 4. Combine the key.pem and cert.pem keys into one file by typing this command. cat key.pem cert.pem > all.pem 5. Convert to p12 format by typing this command. openssl pkcs12 -export -in all.pem -out <file>.p12 - name “MY NAME”...
Page 57: Automapping
C H A P T E R 3 SSL Processing Automapping NOTE: Remember to Automapped entries are identified by a server IP address of zero save the configuration (0.0.0.0). When a server IP address of zero is specified, the SA7150 (with the config save intercepts packets to any server IP address with the matching network command) after making...
Page 58: Manual Mapping
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Manual mapping The user can create (with the create map command) one or more mapping entries for individual servers. This is the only way to specify unique keyIDs for each server.
Page 59: Subnet, Specific Port
C H A P T E R 3 SSL Processing Example: HP SA7150> create block Client IP to block [0.0.0.0]: 10.1.2.1 Client IP mask [0.0.0.0]: 255.255.255.255 Server IP to block [0.0.0.0]: 20.1.2.1 Server IP mask [0.0.0.0]: 255.255.255.255 Server Port to block: 80 Server Port mask [0xffff]: Use the show block command to verify.
Page 60: All Ips, Specific Port
C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Use show block to verify. HP SA7150> show block ----------- blocks : ----------- (1) block 10.1.2.1 255.255.0.0 20.1.2.1 255.255.0.0 80 0xffff ----------- All IPs, Specific Port To block a specific port on all IP addresses: 1.
Page 61: Delete A Block
C H A P T E R 3 Failure Conditions, Fail-safe, and Fail-through Delete a Block The example below illustrates how to delete a subnet block. Type the delete block command with the block ID (block ID is 1 in the example).
Page 62 C H A P T E R 3 HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes...
Page 63: Chapter 4: Scenarios
Scenarios This section contains scenarios illustrating examples of HP e- Commerce/XML Server Accelerator SA7150 configurations: Scenario 1: Basic XML Operation • Scenario 2: Single Server Configuration • • Scenario 3: Multiple Server Configuration (SSL) Scenario 4: Cascaded SA7150s • • Scenario 5: Different Ingress and Egress Routers Scenario 6: Configuring a Firewall •...
Page 64: Scenario 1-Basic Xml Operation
C H A P T E R 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide Scenario 1—Basic XML Operation As discussed in Chapter 3, the SA7150 parses XML content, searches it for user-configured patterns and distributes XML traffic to various servers according to user-established rules embodied in XML patterns reflecting the user’s business needs.
Page 65: Procedure For Scenario 1
C H A P T E R 4 Scenario 1—Basic XML Operation Procedure for 1. Create Server 1: HP SA7150> create server Scenario 1 Name: Server1 Server IP: 1.1.1.1 Cleartext (server) port [80]: Server MAC Address:00:a0:c9:fc:84:ab HP SA7150> 2. Create Server 2: HP SA7150>...
Page 66 C H A P T E R 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide Cleartext map for XML only? [n]: y HP SA7150> Verify creation of maps: Cipher Client well ID KeyID Server IP Port Port Suites direct Auth XML form == ===== ========= ===== ==== ======== =====...
Page 67 C H A P T E R 4 Scenario 1—Basic XML Operation 10. Create XML patterns for Server 3: HP SA7150> create pattern server3 URI Expression: */order.asp XML Expression: //Amount[Value > 5000 and Value < 10000] Enter another pattern? [n]: y URI Expression: */order.asp Address[zipcode <...
Page 68 C H A P T E R 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide The table below shows the SA7150’s responses to incoming XML data with URI expression */order.asp. SA7150 Response Incoming XML Data company name is Acme Sends to Server 1 company name is Widgets.com Sends to Server 2 company name is YourCo.com...
Page 69: Scenario 2-Single Server Configuration
C H A P T E R 4 Scenario 2—Single Server Configuration Scenario 2—Single Server Configuration NOTE: This This scenario describes a typical configuration of a SA7150 with one configuration is intended server, using either automapping or manual configuration/mapping. primarily for use with This scenario describes the fastest way to get up and running with a SSL-intensive SA7150.
Page 70 C H A P T E R 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide 3. Create a mapping for the server with the create map command: HP SA7150> create map Server IP [0.0.0.0]: 1.1.1.30 Network port [443]: Cleartext (server) port [80]: KeyID to use for mapping: default HP SA7150>...
Page 71: Scenario 3-Multiple Server Configuration (Ssl)
C H A P T E R 4 Scenario 3—Multiple Server Configuration (SSL) Scenario 3—Multiple Server Configuration (SSL) This scenario shows how to configure two or more servers. Server 1 HP e-Commerce/XML Server 10.1.1.30 Accelerator SA7150 Hub/switch Router Server 2 10.1.1.31 Single SA7150, Multiple Server Installation Procedure for...
Page 72 C H A P T E R 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide 5. Use the list map command to view the mapping. (Multiple keys and certificates can also be imported and each mapped to individual servers. If you do this, at least one field in the certificate information—usually the common name—must be unique.) HP SA7150>...
Page 73: Scenario 4-Cascaded Sa7150S
C H A P T E R 4 Scenario 4—Cascaded SA7150s Scenario 4—Cascaded SA7150s This scenario shows how to cascade SA7150s for additional performance and availability. The same procedures apply that were performed in Scenario 3. In addition, the complete configuration of the first SA7150 is exported to the second SA7150 in line.
Page 74: Procedure For Scenario 4
C H A P T E R 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide Procedure for 1. Configure the SA7150 farthest from the server as described in any of the preceding scenarios. Remain connected to that specific Scenario 4 SA7150 for the export configuration procedure.
Page 75 C H A P T E R 4 Scenario 4—Cascaded SA7150s 14. Select xmodem as the sending protocol. 15. Click the Send button. The transfer completes and then you are prompted to verify that you wish to install this configuration. Do you want to install this config ? [y]: y 16.
Page 76: Scenario 5-Different Ingress And Egress Routers
C H A P T E R 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide Scenario 5—Different Ingress and Egress Routers This scenario describes the configuration of a SA7150 when the ingress and egress traffic paths are different. This scenario includes: One or more servers •...
Page 77: Scenario 6-Configuring A Firewall
C H A P T E R 4 Scenario 6—Configuring a Firewall Scenario 6—Configuring a Firewall This scenario describes the recommended network configuration to allow a SA7150 to provide SSL services for a single server that also serves plain-text HTTP documents. Actual procedures for adjusting the firewall and server configurations vary widely depending upon the products used, so the steps outlined here are necessarily approximations and must be adjusted as required by the particulars of...
Page 78: Sa7150 Configuration
C H A P T E R 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide For the SA7150 to provide SSL services, the web server process providing port 443 services requires two modifications. First, because the SA7150 performs all of the SSL processing, •...
Page 79: Firewall Configuration
C H A P T E R 4 Scenario 6—Configuring a Firewall NOTE: The device 4. Once a user-created server assignment exists, the default automatically adjusts the mapping can be deleted. In this example, delete MapID list of MapIDs as they are number 1.
Page 80 C H A P T E R 4 HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes...
Page 81: Chapter 5: Command Reference
Command Reference The HP e-Commerce/XML Server Accelerator SA7150 is fully configurable through the Command Line Interface (CLI). The CLI is accessible through both the console and aux console RS232 ports or remotely via Telnet and SSH. Online Help The SA7150 provides online help with the following options: Type help to display a summary of commands.
Page 82: Command Line Interface
C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Line Interface The CLI handles all user interactions on the console and auxiliary console RS232 ports. One instance per port runs at all times. User To gain access to the CLI, the user must first be authenticated by providing a password at the logon banner prompt.
Page 83: Input Editing Commands
C H A P T E R 5 Input Editing Commands However, “sh” as shown below, is not an abbreviation to uniqueness in that it does not distinguish between show and showsnmp. HP SA7150> sh The solitary letter “e” in the context of the next example, (i.e., preceded by “ssh”), uniquely indicates ssh enable.
Page 84: Cut And Paste
C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Cut and Paste Command Description ctrl-d Delete the character underneath the cursor. ctrl-k Delete the text from the current cursor position to the end of the line.
Page 85: Command Summary
C H A P T E R 5 Command Summary Command Summary This section contains a high-level view of the SA7150’s command structure. Details appear in the next section, Command Reference. Command Command Options bypass config default compare reset save create block cert <keyID>...
Page 86 C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Command Options factory_default help help help <command> help usage import cert <keyID> client_ca <mapID> config key <keyID> patch upgrade inline insert server <ServerID> list blocks filters (shows blocks and permits) keys...
Page 87 C H A P T E R 5 Command Summary Command Command Options alarms <all, esc, rsc, utl, ovl, nls> cache <enable | disable> ciphers <mapID> ciphers <mapID> default client_tmo <seconds> date defcert egress_mac x:x:x:x:x:x egress_mac none ether idleto <timeout> ip <ip>...
Page 88 C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Command Options show alarm blocks cache ciphers <mapID> cert <keyID> client_ca <mapID> client_tmo config config default config saved date defcert egress_mac ether filters idleto info key <keyID>...
Page 89 C H A P T E R 5 Command Summary Command Command Options show telnet_port utl_highwater utl_lowwater utl_window setsnmp snmp <enable | disable> snmp_community snmp_port <port> snmp_info sys_contact sys_location sys_name trap_authen <enable | disable> trap_community trap_port <port> showsnmp snmp snmp_community snmp_port snmp_info sys_contact...
Page 90: Command Reference
C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Reference Help Commands Command Description help Display the list of available commands. help <command> Display usage for a single command. help usage Display all commands and their usage. tty_char View the available list of keyboard shortcut commands.
Page 91: Xml Commands
C H A P T E R 5 Command Reference Commands Command Description create server Specify an XML server. Prompts for a unique name, a unique IP address/port pair, and the correct MAC address to identify a server to fulfill XML requests. NOTE: Server names are case insensitive.
Page 92 C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description insert server XML servers exist in a numeric hierarchy reflecting the order in which they were created with the create server command. The system assigns a server index number to each server as it is created, incrementing the number with each new server.
Page 93 C H A P T E R 5 Command Reference Command Description create pattern Create an XML pattern for a specified server. Patterns associated with a given server are uniquely identified by a system-generated numeric pattern ID. After you execute the command, you are prompted to enter the URI expression followed by the XML expression.
Page 94 C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description delete pattern Delete an XML pattern specified by server and pattern ID. NOTE: Use the show pattern command to identify existing patterns. Syntax: HP SA7150>...
Page 95 C H A P T E R 5 Command Reference Command Description show pattern Display the list of XML patterns for: • all servers, or a specified server • When executed without the server name parameter, the command displays all patterns defined for all servers. When a server name is specified the command displays only the patterns defined for that server.
Page 96 C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description set xml Enables processing based on the XML patterns defined for a specified map. Default: disabled. NOTE: Setting the command to “enable” has no effect if no XML servers are defined.
Page 97 C H A P T E R 5 Command Reference Command Description set xml_well_formed Enables or disables the SA7150 ’s feature for the detection of malformed XML data coming in via HTTP POST. xml_well_formed normally works in parallel with the xml command (see above), that is, it is automatically enabled for a specified map when xml is enabled for that map, and automatically disabled (for a specified map) when xml is disabled (for that map).
Page 98: Port Mapping Commands
C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Port Mapping These commands are used to execute the operations described in Chapter 3’s Mapping and Blocking sections. Commands Command Definition create block Create a block to preclude access to specified IP addresses or through specified ports.
Page 99 C H A P T E R 5 Command Reference Command Definition create permit Create a configuration allowing a specified user access to specified servers and ports, and/or denying the specified user access to specified servers and ports. Example: HP SA7150> create permit Client IP to permit [0.0.0.0]:10.1.2.1 Client IP mask [0.0.0.0]:255.255.0.0 Server IP to permit [0.0.0.0]:20.1.2.1...
Page 100 C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Definition create map Create a mapping that associates server IP, SSL port, and Key ID, and clear text port (clear text maps only). Example 1 (for SSL operation): HP SA7150>...
Page 101: Operational Commands
C H A P T E R 5 Command Reference Command Definition list maps List all mappings. (Same as show map.) Example: HP SA7150> list maps Cipher Re- Client well ID KeyID Server IP Port Port Suites direct Auth XML form == ===== ========= ===== ==== ====== ===== ===== === ====...
Page 102 C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description inline Enables inline mode, in which the SA7150 processes traffic normally. (As opposed to bypass mode, in which traffic may flow through the device unprocessed.) Example: HP SA7150>...
Page 103: Remote Management Commands
C H A P T E R 5 Command Reference Command Description reboot Reboots the SA7150. WARNING: Any configuration changes mode during the current CLI session will be lost upon rebooting. Refer to the config save command for details regarding saving configuration changes. Example: HP SA7150>...
Page 104 C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description set ip Assign an IP address and netmask to the SA7150’s network interface for Telnet and SSH sessions. CAUTION: The assignment of an IP address introduces security issues.
Page 105 C H A P T E R 5 Command Reference Command Description set telnet Enables or disables Telnet sessions. When this command is set to “enable” and an IP address is assigned to the SA7150’s network interface, you can access the device’s CLI via remote Telnet session.
Page 106 C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description set ssh Enable or disable Secure Shell (SSH) sessions. When this command is set to “enable” and an IP address is assigned to the SA7150’s network interface, you can access the device’s CLI via remote SSH session.
Page 107 C H A P T E R 5 Command Reference Command Description showsnmp snmp Displays the current status of the SNMP agent: enabled or disabled. Example: HP SA7150> showsnmp snmp SNMP: enabled setsnmp snmp_info Set the following SNMP information and parameters: •...
Page 108 C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description setsnmp Set SNMP community strings. snmp_community Example: HP SA7150> setsnmp snmp_community SNMP Community String(s) Setting. Enter a SNMP Community IP (q to quit):1.1.1.1 Enter a SNMP Community String (q to quit): commstring Enter a SNMP Community IP (q to quit): q...
Page 109 C H A P T E R 5 Command Reference Command Description showsnmp trap_authen Displays current status of trap authentication trap. Example: HP SA7150> showsnmp trap_authen SNMP Authorization Trap: enabled setsnmp Sets SNMP trap community strings. trap_community Example: HP SA7150> setsnmp trap_community SNMP Trap Community String(s) Setting.
Page 110: Alarms And Monitoring Commands
C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Alarms and Monitoring Commands Command Description set alarms Enable all or a selection of the SA7150’s alarms. Syntax: HP SA7150> set alarms <all esc nls none ovl rsc utl>...
Page 111 C H A P T E R 5 Command Reference Command Description show rsc_window Display current Refused SSL Connections Alarm interval. Syntax: HP SA7150> show rsc_window Check for refused SSL connections [secs]: 10 set utl_window Set interval (window) at which the device checks for exceeded utilization thresholds (CPU load, Connections per Second, or Total Open Connections and, if any are detected, issues a Utilization Threshold Alarm.
Page 112 C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description set utl_lowwater Set the Utilization Threshold Alarm low-water value. Expressed as a percentage, the low-water value represents the lowest CPU utilization, Connections per Second, or Total Open Connections required to trigger a UTL Alarm.
Page 113: Configuration Commands
C H A P T E R 5 Command Reference Command Description show ovl_window Display the current Overload Alarm window. Example: HP SA7150> show ovl_window Check for overload conditions [secs]: 10 Configuration Commands Command Description show config Display current volatile configuration settings. Example: HP SA7150>...
Page 114 60 idle 300 kstrength 512 con_speed 9600 con_bits 8 con_stop 1 con_parity n max_remote_sessions 5 trap_authen 1 defcert_cname US defcert_state California defcert_city Palo Alto defcert_orgname Hewlett-Packard Company defcert_orgunit Server Appliances Division defcert_name www.hp.com defcert_email support@hp.com prompt HP SA7150> HP SA7150>...
Page 115 C H A P T E R 5 Command Reference Command Description config compare Display differences between saved and current configuration. For optimal flexibility in configuration and testing, the SA7150 supports both “current” (volatile) and “saved” (non-volatile) configurations. The config compare command displays the differences, if any, between the two configurations.
Page 116 C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description export config Export all configuration, key, sign and certificate information (ASCII, xmodem). If you use ASCII as the export protocol, you must WARNING: Do not edit an exported configuration file.
Page 117 C H A P T E R 5 Command Reference Command Description import upgrade Import a complete software release. (See Chapter 6 for details regarding software updates.) Example: HP SA7150> import upgrade Import protocol: (xmodem) [xmodem]: Start xmodem upload now Use Ctl-X to cancel upload Verifying upgrade image...
Page 118: Administration Commands
C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description factory_default Returns to factory configuration settings. Example: HP SA7150> factory_default Reset to default configuration [n]: y Reset to factory defaults System rebooting...done T944 V2.31 DXC. 868242+361188O/S running Generating 512 bit default key Generating default certificate...
Page 119 Display software version information. Example: show info HP SA7150> ================================================ hp e-commerce/xml server accelerator sa7150 (c)Copyright 2001 Hewlett-Packard Company Version 2.4.1, Build xx ================================================ set date Set the date and time. WARNING: Execution of this command reboots the SA7150. Example: HP SA7150>...
Page 120 C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Command Description show ether Display ethernet settings. Example: HP SA7150> show ether Ethernet media set to auto set idleto Set the console idle interval in minutes. After <n > minutes absence of keyboard activity, the user is automatically logged off.
Page 121 C H A P T E R 5 Command Reference Command Description set prompt Change the prompt from SA7150 to the desired prompt. Example: HP SA7150> set prompt Prompt [HP SA7150> ]: HP SA7150> set serial Allows user to set the console port to monitor the CLI or the output logging, and set the speed, data bits, stop bits, and parity bits.
Page 122: Logging Commands
C H A P T E R 5 HP e-Commerce/XML Server Accelerator SA7150 User Guide Logging Commands Command Description export log Export a saved log/trace file. Syntax: NOTE: Log files referred HP SA7150> export log <logID> to here are not human- readable.
Page 123: Chapter 6: Remote Management
Remote Management Overview The SA7150 supports remote management via three protocols: Telnet • • Secure Shell (SSH) SNMP • NOTE: Remote When enabled, remote management allows you to access the device’s management functions Command Line Interface (CLI) from Telnet or SSH sessions running can be enabled and on remotely located machines.
Page 124: Limitations
C H A P T E R 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide Limitations Note that several CLI capabilities available at the local console are unavailable in remote sessions. These are: Assignment of an IP address to the SA7150’s network interface •...
Page 125 C H A P T E R 6 Overview show ssh_port displays current SSH port. • SNMP-specific: setsnmp snmp enable|disable enables or disables SNMP • management. • showsnmp snmp displays current SNMP status: enabled or disabled. setsnmp snmp_info sets the following SNMP information and •...
Page 126: Remote Telnet Sessions
C H A P T E R 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide Remote Telnet Sessions This section contains procedures for accessing the SA7150’s CLI via remote Telnet session. Telnet and Windows 2000* users need to change the default terminal type, ANSI, to VT100 before running remote Telnet sessions with the Windows 2000 SA7150, and to disable CRLF.
Page 127: Remote Console, Telnet
C H A P T E R 6 Remote Telnet Sessions Enable remote Telnet sessions: HP SA7150> set telnet enable Configure the network route: HP SA7150> set route Enter Default Route (’none’ to delete) [10.1.1.1] : Verify the route configuration (optional): HP SA7150>...
Page 128: Changing The Telnet Port
C H A P T E R 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide NOTE: If other remote After you enter your password, the Telnet session displays the sessions are already SA7150’s CLI. From this point, you can manage the device as you running and the new one would from the local serial console, minus the few disallowed exceeds the number...
Page 129: Remote Ssh Sessions
C H A P T E R 6 Remote SSH Sessions Remote SSH Sessions NOTE: The default user This section contains procedures for accessing the SA7150’s CLI via name and password for remote Secure Shell (SSH) session. The table below illustrates SSH sessions are admin.
Page 130: Remote Console, Ssh
C H A P T E R 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide Delete a route configuration (optional): HP SA7150> set route none NOTE: To ensure that Remote SSH management is now enabled and configured on the this remote management SA7150.
Page 131: Disabling Ssh
C H A P T E R 6 SNMP To display the SSH port: show ssh_port HP SA7150> SSH Port Number: 22 0 Disabling SSH SSH sessions are disabled at the SA7150’s local serial console. To disable, follow the steps below: HP SA7150>...
Page 132: Starting Snmp
C H A P T E R 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide Starting SNMP SNMP is enabled or disabled using the CLI’s setsmnp snmp command (it is disabled by default): setsnmp snmp enable HP SA7150> With no community string defined, the device will not respond to SNMP queries (even with SNMP enabled).
Page 133: Hp Mib Tree
C H A P T E R 6 SNMP HP MIB Tree The following figure illustrates HP’s MIB tree. HP’s MIB Tree All HP enterprise MIBs and MIB objects are defined under the HP tree. All sysObjectIds that identify HP products are defined under the hpServerAppliancesSystem branch of the HP tree.
Page 134: Supported Mib
C H A P T E R 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide Supported MIB Management Information Base-II (MIB-II) HP Enterprise MIBs: hpserver-header.my hpxml-accelerator-mib.my Where to find the MIB File Electronic copies of the HP MIB file used by the SA7150 are shipped with the product on the Resource CD.
Page 135 C H A P T E R 6 SNMP encryptionResumed Resumes processing traffic after having been stopped serverInterfaceStateChanged The server-side interface state changed networkInterfaceStateChanged The network-side interface state changed cpuUtilAlert The device has exceeded the CPU utilization high water threshold cpuUtilNormal CPU utilization back to normal levels sslCpsAlert...
Page 136: Enabling Snmp
C H A P T E R 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide sslOverloadThrottles Connections were throttled in the past sslOverloadInterval appRestartAlert SSL processing application has restarted Enabling Enabling and disabling SNMP is accomplished with the CLI command, setsnmp snmp enable|disable. Operational status can be SNMP verified using showsnmp snmp.
Page 137: Community String
C H A P T E R 6 SNMP You can also configure SNMP information elements individually using the following commands: setsnmp snmp_port sets the SNMP port • • setsnmp trap_port sets the SNMP trap port setsnmp sys_contact sets the contact person •...
Page 138: Trap Community String
C H A P T E R 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide Trap Community String Use CLI commands setsnmp trap_community , list trap_community and delete trap_community to set, display, and delete trap community strings. HP SA7150> setsnmp trap_community SNMP Trap Community String(s) Setting.
Page 139 C H A P T E R 6 Access Control To permit a client, specified by IP and IP mask, access to a specified server, use the create permit command as illustrated below: HP SA7150> create permit Client IP to permit [0.0.0.0]: 10.1.2.1 Client IP mask [0.0.0.0]:255.255.255.255 Server IP to permit [0.0.0.0]:20.1.2.1 Server IP mask [0.0.0.0]:255.255.255.255...
Page 140 C H A P T E R 6 HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes...
Page 141: Chapter 7: Alarms And Monitoring
Alarms and Monitoring Overview The HP e-Commerce/XML Server Accelerator SA7150 supports: Alarms that can be sent to the console upon pre-designated • events • Periodic status-monitoring reports Both alarms and monitor reports are single lines of text. Both can be written either to the local administration console or to remote management sessions (Telnet or Secure Shell only).
Page 142 C H A P T E R 7 HP e-Commerce/XML Server Accelerator SA7150 User Guide Refused SSL connections • Utilization (Threshold) alarms • Overload alarms • Network Link Status • All alarms are disabled by default and may be enabled in any combination.
Page 143: Alarm Types
C H A P T E R 7 Alarm Types Alarm Types The configurable alarm types are detailed in separate sections below. ESC: When enabled, an alarm is issued when the device is changed between INLINE and BYPASS modes. This change can be made Encryption from CLI using the commands, inline or bypass, or at the device’s Status Change...
Page 144: Rsc: Refused Ssl Connections
C H A P T E R 7 HP e-Commerce/XML Server Accelerator SA7150 User Guide RSC: Refused When enabled, an alarm is generated whenever SSL connections are refused for cipher suite mismatch or client certificate authentication failure during the current user-specified period (5 to 65000 seconds, Connections default: 15 seconds).
Page 145: Utl: Utilization Threshold Alarm
C H A P T E R 7 Alarm Types UTL: This alarm monitors three utilization threshold values: Utilization • Threshold Connections per Second • Alarm Total Open Connections. • When enabled, an alarm is issued whenever any of the utilization values exceeds its high-water mark, or, having exceeded the high- water mark, drops below the low-water mark.
Page 146: Utl Alarm Cli Commands
C H A P T E R 7 HP e-Commerce/XML Server Accelerator SA7150 User Guide UTL Alarm CLI commands To set Utilization Threshold Alarm time window: set utl_window <seconds> (Range: 5-65000, default: 15) To set Utilization Threshold Alarm high-water value: set utl_highwater <percentage>...
Page 147: Ovl: Overload Alarm
C H A P T E R 7 Alarm Types OVL: Overload When enabled, an alarm is issued upon occurrence of overloads resulting in spills or throttles during the current user-configured Alarm alarm period (5 to 65000 seconds, default: 15 seconds). WARNING: This alarm Format: indicates loss of encryp-...
Page 148: Nls: Network Link Status Alarm
C H A P T E R 7 HP e-Commerce/XML Server Accelerator SA7150 User Guide NLS: Network An alarm is issued whenever the Network or Server link status is changed. Link Status Format: Alarm A:mm/dd/yyyy hh:mm:ss: NLS:NETL|SVRL:LNKD|10HDX|10FDX|100HDX|100FDX :/*message*/ Where: A: identifies the message as an alarm. mm/dd/yyyy hh:mm:ss: is the timestamp.
Page 149 C H A P T E R 7 Alarm Logging These alarms can be viewed on the console using the CLI command, status alarms. Additionally, any logs generated and saved as a result of an exceptional condition are viewable by using the CLI command, status <log filename>.
Page 150 C H A P T E R 7 HP e-Commerce/XML Server Accelerator SA7150 User Guide (0x00000026 0x00000003 0x00000026) Server NIC: No carrier (0x00000023 0x00000001 0x00000023) Network LED: Server LED: to permit SSL Caching: enabled --------------- Configuration -------------- conlog 0xffffffef ilog 0xffffffff trace 0xfffff3dd media auto logport tty01...
Page 151 C H A P T E R 7 Alarm Logging prompt HP SA7150> trap_authen remote_if exp0 ip 10.1.11.34 netmask 255.255.0.0 A:07/27/2000 14:54:47:NLS:SVRL:NC:/* Server port status, No carrier */ A:07/27/2000 14:54:41:NLS:SVRL:100FDX:/* Server port status, 100Mb/s, full dupl/ A:07/27/2000 14:54:21:NLS:NETL:100HDX:/* Network port status, 100Mb/s, half dup/ A:07/27/2000 14:54:21:NLS:SVRL:NC:/* Server port status, No carrier */...
Page 152: Monitoring
C H A P T E R 7 HP e-Commerce/XML Server Accelerator SA7150 User Guide Monitoring Monitoring A monitoring report is one line of user-configurable text displayed at the console at a user-configurable interval of between five and 65000 Reports seconds.
Page 153: Monitoring Reports Cli Commands
C H A P T E R 7 Monitoring NetIF;s Net interface; (s)tatus [NC|10HDX|10FDX|100HDX|100FDX] SvrIF;s Svr interface; (s)tatus [NC|10HDX|10FDX|100HDX|100FDX] BES;c,m,t Bytes Encrypted per Second; (c)urrent, (m)ax, (t)otal BDS;c,m,t Bytes Decrypted per Second; (c)urrent, (m)ax, (t)otal TOTCS;c,.m.t Total connections per second; (c)urrent, (m)ax, (t)otal XMLCS;c,m,t XML connections per second;...
Page 154 C H A P T E R 7 HP e-Commerce/XML Server Accelerator SA7150 User Guide Monitoring for this terminal: disabled HP SA7150> set monitoring_fields <args> Where <args> are: all => All monitoring fields enabled. cps => SSL connections per second. cpu =>...
Page 155: Chapter 8: Software Updates
Software Updates Use the import upgrade command to upgrade your HP e- Commerce/XML Server Accelerator SA7150 software. When you upgrade your SA7150 software, the configuration (including all keys, certificates, and mapping) is saved. However, all log files are cleared. The software is in the form of an image file (*.IMG). Use the import patch command to install a patch to a current software release.
Page 156: Using Hyperterminal
C H A P T E R 8 HP e-Commerce/XML Server Accelerator SA7150 User Guide Using HyperTerminal* Command: import upgrade Use the SA7150’s aux console port, which defaults to 115.2 kbps, for greater speed. The import procedure (using xmodem) requires approximately 7 minutes at 115.2 kbps.
Page 157 C H A P T E R 8 Using HyperTerminal* Command: import patch Use the SA7150’s aux console port, which defaults to 115.2 kbps, for greater speed. The import procedure (using xmodem) requires approximately 7 minutes at 115.2 kbps. 1. Download the patch file (.patch) to the local PC. 2.
Page 158 C H A P T E R 8 HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes...
Page 159: Chapter 9: Troubleshooting
Troubleshooting Item Symptom Probable Remedy Cause Server and/or Unit is in If the Inline LED is not illuminated • • Network LEDs not Bypass mode. (solid or blinking) take the SA7150 illuminated. out of Bypass mode by either Improper • pressing the Bypass switch on the cabling.
Page 160 C H A P T E R 9 HP e-Commerce/XML Server Accelerator SA7150 User Guide Item Symptom Probable Remedy Cause Non-SSL data does Improper cabling. Refer to Item 1 in this table. not pass through If both Network and Server LEDs are SA7150.
Page 161 C H A P T E R 9 Item Symptom Probable Remedy Cause Error message The intermediate See Global Site Certificates in Chapter 3 indicates that the certificate is not for correct procedures. browser does not installed or is recognize the signer installed of this certificate after improperly.
Page 162 C H A P T E R 9 HP e-Commerce/XML Server Accelerator SA7150 User Guide Item Symptom Probable Remedy Cause Error message: Server and network Use the status command to determine Server/Network ports have the media settings: media mismatch. autonegotiated to different media HP SA7150>...
Page 163: Appendix A: Front Panel
Front Panel The following diagram shows the LEDs, buttons, switches and con- nections for the HP e-Commerce/XML Server Accelerator SA7150. Note that there is no power switch or button. Power is applied to the device by connecting the power cable. LEDs LEDs Power...
Page 164: Buttons And Switches
A P P E N D I X A HP e-Commerce/XML Server Accelerator SA7150 User Guide Buttons and Switches There are two buttons and one switch on the front panel of the SA7150. Button/Switch Action Reset button Press momentarily to issue a soft reset to the SA7150.
Page 165 A P P E N D I X A Front Panel LEDs Status Overload ON – SA7150 is saturated with SSL requests. LED ranges from dim flickering to bright steady, indicating low to high spillover. Refer to the spill command for ways to offload requests to another SA7150.
Page 166: Connectors
A P P E N D I X A HP e-Commerce/XML Server Accelerator SA7150 User Guide Connectors The following table describes the SA7150’s connectors. Designator Type Purpose Network 100baseTX/10baseT connection to network (clients), RJ45 wired as a host port. Server 100baseTX/10baseT connection to server (or servers), RJ45 wired as a hub port.
Page 167: Appendix B: Failure/Bypass Modes
Failure/Bypass Modes WARNING: Enabling The HP e-Commerce/XML Server Accelerator SA7150 is designed bypass mode will with the ability to automatically bypass e-Commerce traffic in the instantly terminate all event of a failure. If necessary, the user can force a bypass with the active remote bypass button or from the command line interface using the bypass management sessions.
Page 168: Bypass Button
A P P E N D I X B HP e-Commerce/XML Server Accelerator SA7150 User Guide LEDs Inline Reset Network Link Server Link (green) Network Link Server Link Bypass Fail-Through switch Front Panel Detail: Failure/Bypass Mode Controls and Indicators Bypass Button Forcing a bypass of the SA7150 may be necessary when certain actions must be performed offline (e.g., configuration changes, entering certificates, or problem isolation).
Page 169 A P P E N D I X B Fail-through Switch (Security Level) During normal processing, the Inline (green) LED on the front panel indicates whether e-Commerce traffic will pass through in the event of a failure (depending on Fail-through switch state). Steady green or blinking green both mean that the SA7150 is processing traffic;...
Page 170 A P P E N D I X B HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes...
Page 171: Appendix C: Supported Ciphers
Supported Ciphers The HP e-Commerce/XML Server Accelerator SA7150 supports only RSA key exchange and authentication. Diffie-Hellman (including Anonymous and Ephemeral) key exchange/authentication and DSS authentication are not supported. Use the set cipher command to specify the cipher. The command prompts you for the cipher strength and SSL version level. Options for these values are: Cipher Strength All - all supported ciphers (including export ciphers)
Page 172: Ssl Version Level
A P P E N D I X C HP e-Commerce/XML Server Accelerator SA7150 User Guide SSL Version Level SSLv2 - all SSL version 2.0 ciphers • • SSLv3 - all SSL version 3.0 ciphers • SSLv2 and SSLv3 - all SSL version 2.0 and 3.0 ciphers The default cipher value is all supported ciphers (both SSLv2 and SSLv3).
Page 173 A P P E N D I X C SSL Version Level Name Protocol Key Authentication Encryption Message Profile (Hi/ Exchange (key size) Authentication Medium/ Low/ Export) RC4-64- SSLv2 RC4(64) DES- CBC- SSLv2 DES(56) EXP- DES- SSLv3 RSA(512) DES(40) SHA1 CBC-SHA EXP- RC2-...
Page 174 A P P E N D I X C HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes...
Page 175: Appendix D: Regulatory Information
Regulatory Information Taiwan Class A EMI Statement...
Page 176: Vcci Statement
A P P E N D I X D HP e-Commerce/XML Server Accelerator SA7150 User Guide VCCI Statement Class A ITE This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI).
Page 177: Canada Compliance Statement (Industry Canada)
A P P E N D I X D Canada Compliance Statement (Industry Canada) NOTE: This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
Page 178: Vcci Class A (Japan)
A P P E N D I X D HP e-Commerce/XML Server Accelerator SA7150 User Guide VCCI Class A (Japan) Australia WARNING The system is designed to operate in a typical office environment. Choose a site that is: Clean and free of airborne particles (other than normal room •...
Page 179: Avertissement
A P P E N D I X D AVERTISSEMENT Provided with a properly grounded wall outlet. • Do not attempt to modify or use the supplied AC power cord if it is not the exact type required. Ensure that the system is disconnected from its power source and from all telecommunications links, networks, or modem lines whenever the chassis cover is to be removed.
Page 180: Avvertenza
A P P E N D I X D HP e-Commerce/XML Server Accelerator SA7150 User Guide gut gelüftet und keinen Heizquellen ausgesetzt sein • (einschließlich direkter Sonneneinstrahlung); keinen Erschütterungen ausgesetzt sein; • • keine starken, von elektrischen Geräten erzeugten elektromagnetischen Felder aufweisen; in Regionen, in denen elektrische Stürme auftreten, mit einem •...
Page 181: Advertencias
A P P E N D I X D ADVERTENCIAS Prima di rimuovere il coperchio del telaio, assicurarsi che il sistema sia scollegato dall’alimentazione, da tutti i collegamenti di comunicazione, reti o linee di modem. Non avviare il sistema senza aver prima messo a posto il coperchio.
Page 182: Wichtige Sicherheitshinweise
A P P E N D I X D HP e-Commerce/XML Server Accelerator SA7150 User Guide Wichtige Sicherheitshinweise 1. Bitte lesen Sie sich diese Hinweise sorgfältig durch. 2. Heben Sie diese Anleitung für den spätern Gebrauch auf. 3. Vor jedem Reinigen ist das Gerät vom Stromnetz zu trennen. Vervenden Sie keine Flüssig- oder Aerosolreiniger.
Page 183 A P P E N D I X D Wichtige Sicherheitshinweise 15. Wenn folgende Situationen auftreten ist das Gerät vom Stromnetz zu trennen und von einerqualifizierten Servicestelle zu überprüfen: a. Netzkabel oder Netzstecker sint beschädigt. Flüssigkeit ist in das Gerät eingedrungen. Das Gerät war Feuchtigkeit ausgesetzt.
Page 184 A P P E N D I X D HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes...
Page 185: Appendix E: Software License Agreement
Software License Agreement ATTENTION: USE OF THE SOFTWARE IS SUBJECT TO THE HP SOFTWARE LICENSE TERMS SET FORTH BELOW. USING THE SOFTWARE INDICATES YOUR ACCEPTANCE OF THESE LICENSE TERMS. IF YOU DO NOT ACCEPT THESE LICENSE TERMS, YOU MAY RETURN THE SOFTWARE FOR A FULL REFUND.
Page 186 A P P E N D I X E HP e-Commerce/XML Server Accelerator SA7150 User Guide Ownership. The Software is owned and copyrighted by HP or its third party suppliers. Your license confers no title or ownership and is not a sale of any rights in the Software, its documentation or the media on which they are recorded or printed.
Page 187 A P P E N D I X E U.S. Government Restricted Rights. The Software and any accompanying documentation have been developed entirely at private expense. They are delivered and licensed as "commercial computer software" as defined in DFARS 252.227-7013 (Oct 1988), DFARS 252.211-7015 (May 1991) or DFARS 252.227-7014 (Jun 1995), as a "commercial item"...
Page 188: Mozilla* And Expat* License Information
2. The open source code has neither been modified by Hewlett- Packard nor have files been added to or deleted from the source code by Hewlett-Packard. Hewlett-Packard’s code is simply linked to the expat code through its API function call.
Page 189 A P P E N D I X E Mozilla* and expat* License Information 1.7. ’’Larger Work’’ means a work which combines Covered Code or portions thereof with code not governed by the terms of this License. 1.8. ’’License’’ means this document. 1.8.1.
Page 190 A P P E N D I X E HP e-Commerce/XML Server Accelerator SA7150 User Guide For purposes of this definition, "control’’ means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity.
Page 191 A P P E N D I X E Mozilla* and expat* License Information (b)under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: 1) Modifications made by that Contributor (or portions...
Page 192 A P P E N D I X E HP e-Commerce/XML Server Accelerator SA7150 User Guide 3.2. Availability of Source Code. Any Modification which You create or to which You contribute must be made available in Source Code form under the terms of this License either on the same media as an Executable version or via an accepted Electronic Distribution Mechanism to anyone to whom you made an Executable version available;...
Page 193 A P P E N D I X E Mozilla* and expat* License Information to implement that API, Contributor must also include this information in the LEGAL file. (c) Representations. Contributor represents that, except as disclosed pursuant to Section 3.4(a) above, Contributor believes that Contributor’s Modifications are Contributor’s original creation(s) and/or Contributor has sufficient rights to grant the rights conveyed by this License.
Page 194 A P P E N D I X E HP e-Commerce/XML Server Accelerator SA7150 User Guide 3.6. Distribution of Executable Versions. You may distribute Covered Code in Executable form only if the requirements of Section 3.1-3.5 have been met for that Covered Code, and if You include a notice stating that the Source Code version of the Covered Code is available under the terms of this License, including a description of how and where You have...
Page 195 A P P E N D I X E Mozilla* and expat* License Information 5. Application of this License This License applies to code to which the Initial Developer has attached the notice in Exhibit A and to related Covered Code. 6.
Page 196 A P P E N D I X E HP e-Commerce/XML Server Accelerator SA7150 User Guide 7. DISCLAIMER OF WARRANTY. COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS’’ BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR...
Page 197 A P P E N D I X E Mozilla* and expat* License Information arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Participant to You under Sections 2.1 and/or 2.2 automatically terminate at the expiration of the 60 day notice period specified above.
Page 198 A P P E N D I X E HP e-Commerce/XML Server Accelerator SA7150 User Guide 9. LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR...
Page 199 A P P E N D I X E Mozilla* and expat* License Information 11. MISCELLANEOUS. This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable.
Page 200 A P P E N D I X E HP e-Commerce/XML Server Accelerator SA7150 User Guide Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License.
Page 201: Appendix F: Support Services
Support Services Support for your SA7150 U.S. and For hardware service and telephone support, contact: Canada • An HP-authorized reseller • HP Customer Support Center at 1-800-633-3600...
Page 202: Europe
A P P E N D I X F HP e-Commerce/XML Server Accelerator SA7150 User Guide Europe For hardware service and telephone support, contact: An HP-authorized reseller • One of the following HP Customer Support Centers: • Country and Number Austria –...
Page 203: Asia
A P P E N D I X F Support for your SA7150 Asia For hardware service and telephone support, contact an HP- authorized reseller or one of these support centers: Country and Number Australia – 03-8877-8000 Hong Kong – 800-96-2598 India –...
Page 204: Other Countries
A P P E N D I X F HP e-Commerce/XML Server Accelerator SA7150 User Guide Other For hardware service, contact your local authorized reseller or HP sales office. For telephone support, contact your authorized reseller. Countries...
Page 205: Glossary
Glossary This section defines terms and acronyms used throughout the HP e- Commerce/XML Server Accelerator SA7150 User Guide. Attribute A parameter of an XML element (see). Attributes consist of a name and a value. For example, the “name” element below has three attributes, lastName, firstName, and initial, each with its own value within quotation marks.
Page 206 G L O S S A R Y HP e-Commerce/XML Server Accelerator SA7150 User Guide Cipher Any encryption algorithm, either symmetric or public key, operating either as a data stream or divided into blocks. Comparison Operators Comparison operators are used in the XML expression components of XML patterns allow the SA7150 to look for specific values in the XML data tree.
Page 207 G L O S S A R Y Mapped Server The server to which the SA7150 sends messages for which no XML expression match is found among the active XML patterns, including any that contain the keyword “default” in their XML expression component.
Page 208 G L O S S A R Y HP e-Commerce/XML Server Accelerator SA7150 User Guide URI Expression Component of XML patterns (see). A path specification which, if for which a match occurs in both an incoming XML data document and and active XML expression, results in the SA7150 further examining the document for XML expression matches.
Page 209: Index
Index Bypass mode 157 Access Control 128 Administration commands 108 Alarm and monitoring commands 100 Cascading 32, 63 Alarms Certificate Authority 34 Encryption status change 133 Certificates 33 Logging 138 Ciphers 162 Network link status 138 CLI Commands Overload 137 Administration 108 Refused SSL connections 134 Alarms and monitoring 100...
Page 210 I N D E X HP e-Commerce/XML Server Accelerator SA7150 User Guide Configuration, initial 13 Connectors 156 Logging alarms 138 Cut and Paste 74 Logging Commands 112 Deleting a block 51 Manual mapping 47, 48 Mapping 46 MIB tree 123 Egress routers 66 Multiple SA7150s 63 Encryption status change alarm 133...
Page 211 I N D E X HP e-Commerce/XML Server Accelerator SA7150 User Guide Scenarios Utilization threshold alarm 135 Basic XML Operation 54 Cascaded SA7150s 63 Configuring a Firewall 67 Different Ingress and Egress Routers commands and operators 20 creating patterns 27 Multiple Server Configuration...
Page 212 I N D E X HP e-Commerce/XML Server Accelerator SA7150 User Guide Notes...

This manual is also suitable for:

Sa7150

HP P4518A - Traffic Management Server Sa7150 User Manual

Chapter 1: Introduction

Chapter 2: Installation and Initial Configuration

Chapter 3: Theory of Operation

Chapter 4: Scenarios

Chapter 5: Command Reference

Chapter 6: Remote Management

Chapter 7: Alarms and Monitoring

Chapter 8: Software Updates

Chapter 9: Troubleshooting

Appendix A: Front Panel

Appendix B: Failure/Bypass Modes

Appendix C: Supported Ciphers

Appendix D: Regulatory Information

Appendix E: Software License Agreement

Appendix F: Support Services

Glossary

Index

Quick Links

Related Manuals for HP P4518A - Traffic Management Server Sa7150

Summary of Contents for HP P4518A - Traffic Management Server Sa7150

This manual is also suitable for:

Table of Contents