Hp E Commerce Server Accelerator Sa7120 Users Manual

Hp-E-Commerce-Server-Accelerator-Sa7100-Users-Manual-155727 hp-e-commerce-server-accelerator-sa7100-users-manual-155727

2015-01-05

: Hp Hp-E-Commerce-Server-Accelerator-Sa7120-Users-Manual-155728 hp-e-commerce-server-accelerator-sa7120-users-manual-155728 hp pdf

Open the PDF directly: View PDF PDF.
Page Count: 192

DownloadHp Hp-E-Commerce-Server-Accelerator-Sa7120-Users-Manual- Hp-e-commerce-server-accelerator-sa7120-users-manual
Open PDF In BrowserView PDF
hp e-commerce

server accelerator
sa7100/sa7120

user guide

© Copyright 2001 Hewlett-Packard Company. All rights reserved.
Hewlett-Packard Company
3000 Hanover Street
Palo Alto, CA 94304-1185

Publication Number
5971-0894
February 2001

Disclaimer
The information contained in this document is subject to change without notice.
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY
KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not
be liable for errors contained herein or for incidental or consequential damages
in connection with the furnishing, performance, or use of this material.
Hewlett-Packard assumes no responsibility for the use or reliability of its
software on equipment that is not furnished by Hewlett-Packard.

Warranty
A copy of the specific warranty terms applicable to your Hewlett-Packard
products and replacement parts can be obtained from
http://www.hp.com/serverappliances/support.
*Other brands and names are the property of their respective owners.

Table of Contents

Chapter 1: Introduction
About this User Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Who Should Use this Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
How to Use this Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Chapter 2: Installation and Initial Configuration
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Installing the SA7100/SA7120 Free-Standing or in a Rack . . . . . . . . . . . . . . . . . . . . . 6
Rack Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Free-Standing Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Network Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Status Check. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Network and Server LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

CONTENTS

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Inline LED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Admin Terminal Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
HyperTerminal* Paste Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Server and Network LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Continuing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Chapter 3: Theory of Operation
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Single Server Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Multiple Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Working with Internet Traffic Management (ITM) Devices . . . . . . . . . . . . . . . . . . . 13
Positioning SA7100/SA7120 between ITM Device and Client Network . . . . . . . 13
Positioning SA7100/SA7120 between ITM Device and Server . . . . . . . . . . . . . . 14
Multiple SA7100/SA7120s and Cascading Processing . . . . . . . . . . . . . . . . . . . . . . . 14
Scalability and Cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Spilling and Throttling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Keys and Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Cutting and Pasting with HyperTerminal* . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Obtaining a Certificate from VeriSign* or Other Certificate Authority . . . . . . . . 17
Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Exporting a Key/Certificate from a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Apache* Interface to Open SSL* (mod_ssl). . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Apache SSL*. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Stronghold* . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Importing into the SA7100/SA7120 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Creating a new Key/Certificate on the SA7100/SA7120. . . . . . . . . . . . . . . . . . . . 22
Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Global Site Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Global Site Certificate Paste Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Redirection: Clients and Unsupported Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Client Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Creating a Client CA Certificate using OpenSSL* . . . . . . . . . . . . . . . . . . . . . . . . 28
SSL Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Server Assignment (“Mapping”) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
iv

Table of Contents

Automapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Automapping with user-specified key and certificate. . . . . . . . . . . . . . . . . . . . 30
Automapping with multiple port combinations . . . . . . . . . . . . . . . . . . . . . . . . 30
Deleting automapping entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Manual mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Combining automapping and manual mapping . . . . . . . . . . . . . . . . . . . . . . . . 31
Blocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Specific IP, Specific Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Subnet, Specific Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
All IPs, Specific Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Delete a Block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Failure Conditions, Fail-safe, and Fail-through . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Chapter 4: Scenarios
Scenario 1—Single Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Procedure for Scenario 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Automapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Manual Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Scenario 2—Multiple Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Procedure for Scenario 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Scenario 3—Multiple SA7100/SA7120s, Cascaded . . . . . . . . . . . . . . . . . . . . . . . . . 40
Initial Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Procedure for Scenario 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Scenario 4—Different Ingress and Egress Routers . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Procedure for Scenario 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Scenario 5—Configuring a Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
SA7120 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Chapter 5: Command Reference
Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Command Line Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Abbreviation to Uniqueness. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Moving the Insertion Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
v

CONTENTS

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Cutting Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Command Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Command Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Help Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Status Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
SSL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Port Mapping Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Operational Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Remote Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Alarms and Monitoring Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Administration Commands
Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Chapter 6: Remote Management
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Remote Management CLI Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Remote Telnet Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Local Serial Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Remote Console, Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Changing the Telnet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Disabling Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Remote SSH Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Local Serial Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Remote Console, SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Changing the SSH Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Disabling SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Standards Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
HP MIB Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Supported MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Where to find MIB Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Enterprise Private MIB Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Trap Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Standard SNMP Traps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
vi

Table of Contents

Private Traps in the HP private MIB
(hpssl-appliance-mib.my) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Enabling SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Specifying SNMP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Community String . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Trap Community String . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Chapter 7: Alarms and Monitoring
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Alarm Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
ESC: Encryption Status Change Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Alarm Modifiers and Messages: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
RSC: Refused SSL Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
RSC Alarm CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
UTL: Utilization Threshold Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
UTL Alarm CLI commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
OVL: Overload Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
OVL Alarm CLI Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
NLS: Network Link Status Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Extended Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Alarm Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Example: list logs command: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Example: status command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Example: status alarms command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Monitoring Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Report Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Monitoring Reports CLI Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

vii

CONTENTS

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Chapter 8: Software Updates
Before Upgrading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Monitoring output data can interfere with import/export operations.. . . . . . . 126
IP blocks may not persist across software upgrade. . . . . . . . . . . . . . . . . . . . . 126
Using Windows* HyperTerminal* . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Chapter 9: Troubleshooting
Appendix A: Front Panel
Buttons and Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Front Panel LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Appendix B: Failure/Bypass Modes
Bypass Button . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Fail-through Switch (Security Level) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Appendix C: Supported Ciphers
Cipher Strength . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
SSL Version Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Appendix D: Regulatory Information
Taiwan Class A EMI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
VCCI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
FCC Part 15 Compliance Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Canada Compliance Statement (Industry Canada) . . . . . . . . . . . . . . . . . . . . . . . . . . 147
CE Compliance Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
CISPR 22 Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
VCCI Class A (Japan). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Australia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
WARNING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
AVERTISSEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
WARNUNG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
AVVERTENZA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

viii

Table of Contents

ADVERTENCIAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Wichtige Sicherheitshinweise. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Appendix E: Software License Agreement
Mozilla* and expat* License Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
MOZILLA PUBLIC LICENSE, Version 1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Support Services
Support for your SA7100/SA7120 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
U.S. and Canada. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Europe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Asia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Latin America . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Other Countries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Glossary
Index

ix

CONTENTS

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Notes

x

Introduction

Congratulations on your choice of the HP e-Commerce Server
Accelerator SA7100/SA7120. The processing of secure transactions
through Secure Socket Layer (SSL) can use up to 90% of even the
largest servers’ CPU power and can degrade response time
significantly. The SA7100/SA7120 provides a completely
transparent way to increase the performance of Web sites for SSL
transactions. The SA7100/SA7120 is positioned in front of the server
farm, where it intercepts SSL transactions, processes them, and relays
them to the servers. The SA7100/SA7120 performs all encryption
and decryption management in this environment with a minimum of
administrator interaction.

About this User Guide
This User Guide supports the HP e-Commerce Server Accelerator
SA7100 and the HP e-Commerce Server Accelerator SA7120. By
default this text refers to the product as “SA7100/SA7120.” Where
appropriate, the text refers to “SA7100” or “SA7120.” Additionally,
notes in the left-hand margin may be used to distinguish the two products. Illustrations of the command prompt use:
“HP SA7120>”.

CHAPTER 1

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Who Should Use this Book
This User Guide is intended for administrators with the following
background:
•

Familiarity with networking concepts and terminology.

•

Basic knowledge of network topologies.

•

Basic knowledge of networks and IP routing.

•

Some knowledge of SSL, keys, and certificates.

•

Knowledge of Web servers.

Before You Begin
SA7100/SA7120 setup can be divided into three basic procedures:
•

Physically install single or multiple SA7100/SA7120s with single or multiple servers.

•

Configure your SA7100/SA7120 in the Command Line Interface.

•

Identify existing certificates or obtain new ones you want to use
in SSL operations.

How to Use this Book
The information in this book is organized as follows:

2

•

Chapter 1: Introduction provides an introduction and overview
of the SA7100/SA7120, and a summary of new features.

•

Chapter 2: Installation and Initial Configuration contains
installation and initial configuration procedures. (This material is
also discussed in the separate Quick Start Guide.)

•

Chapter 3: Theory of Operation explains the general principles
behind SA7100/SA7120 operation.

•

Chapter 4: Scenarios provides examples of SA7100/SA7120
configurations, together with specific procedures for their
implementation.

•

Chapter 5: Command Reference explains the Command Line
Interface (CLI), and lists the commands and their functions.

CHAPTER 1

How to Use this Book

•

Chapter 6: Remote Management details how you can use Telnet,
Secure Shell (SSH), and SNMP to manage the SA7100/SA7120
from remote locations.

•

Chapter 7: Alarms and Monitoring explains the ways in which
you can configure the device to report information to you, either
routinely or as a result of abnormal events or conditions.

•

Chapter 8: Software Updates provides procedures for obtaining
SA7100/SA7120 system software updates.

•

Chapter 9: Troubleshooting is a table containing symptoms of
problems you may encounter with corresponding likely causes
and remedies.

•

Appendix A: Front Panel diagrams and explains the SA7100/
SA7120’s front panel LEDs, buttons, and connections.

•

Appendix B: Failure/Bypass Modes explains how the SA7100/
SA7120 deals with failure conditions and details the bypass
function.

•

Appendix C: Supported Ciphers lists the supported encryption
ciphers.

•

Appendix D: Regulatory Information provides information
regarding the SA7100/SA7120’s compliance with applicable
regulations.

•

Appendix E: Software License Agreement contains the software
license and terms and conditions of user of this product.

•

Support Services contains customer support telephone numbers
for various locales.

•

Glossary defines terms appearing in this User Guide.

3

CHAPTER 1

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Notes

4

Installation and Initial
Configuration

Before You Begin
WARNING: Do not
remove the device’s
cover. There are no userservicable parts inside.

Before you begin installation, you need the following:
•

IP address for SA7100/SA7120 (only if you intend to use the
Remote Management).

•

IP addresses and IP port numbers of servers.

•

Keys/certificates. See Chapter 3 for information on obtaining
keys and certificates.

•

Network cables, such as straight-through and/or crossover
cables. (The table in the section “Network Connections” in this
chapter identifies the types of cables you must use.)

•

Phillips screwdriver (rack-mounting only).

•

Rack-mounting screws (rack-mounting only).

CHAPTER 2

HP e-Commerce Server Accelerator SA7100/7120 User Guide

Installing the SA7100/SA7120 Free-Standing or
in a Rack
The HP e-Commerce Server Accelerator SA7100/SA7120 is
physically installed in either of two ways:

Rack
Installation

•

In a standard 19” rack, cantilevered from the provided mounting
brackets.

•

Free-standing on a flat surface with sufficient space for air-flow.

Rack mounting requires the use of the mounting brackets, and all four
of the included Phillips screws.
1. Locate the two mounting brackets and the four screws. (Two
screws for each bracket.)
2. Attach a mounting bracket to each side of the SA7100/SA7120,
using two of the provided screws for each bracket. Use the holes
near the front of the SA7100/SA7120’s sides. The brackets have
both round and oval holes; the flange with round holes attaches
to the SA7100/SA7120, the flange with oval holes to the rack.

Mounting Bracket Orientation
3. Position the SA7100/SA7120 in the desired space of your 19”
rack and attach the front flange of each mounting bracket to the
rack with two screws each. (Rack-mounting screws are not
provided.)

6

CHAPTER 2

Installing the SA7100/SA7120 Free-Standing or in a Rack

Free-Standing
Installation

1. Attach the provided self-adhesive rubber feet to the SA7100/
SA7120’s bottom.
2. Place the SA7100/SA7120 on a flat surface and make sure that
there is adequate airflow surrounding the unit (allow at least one
inch of air space on all sides).

Network
Connections

Use the table below to select and install the appropriate cables. (All
cables must be Category 5 UTP or better.)
SA7100/SA7120’s
network
connector

SA7100/SA7120’s
server
connector

Workstation or Server

Crossover cable

Straight-through cable

Switch or Hub

Straight-through cable

Crossover cable

Router

Crossover cable

Not recommended

SA7100/SA7120
network
connector*

N/A

Straight-through cable

SA7100/SA7120
server
connector*

Straight-through cable

N/A

* Applicable only to multiple, cascaded units.

NOTE: Use caution
when connecting both of
the SA7100/SA7120’s
network ports to the same
switch, hub, or router.
Doing so creates a
feedback loop that
adversely effects network
bandwidth.

3. Connect the provided power cable to the back of the unit. (There
is no power switch.) Under normal circumstances, the SA7100/
SA7120 requires approximately 30 seconds to boot. When the
boot is complete, the unit’s Power LED is steadily illuminated.
(If the Power LED is not steadily illuminated, see Chapter 9,
“Troubleshooting,” to rectify before proceeding to Step 3.)
4. The Inline LED should be either steadily illuminated or blinking
(to indicate Inline mode). If it is not, press the Bypass switch on
the device’s front panel to enable Inline mode.

7

CHAPTER 2

HP e-Commerce Server Accelerator SA7100/7120 User Guide

5. At this point both the Network and Server LEDs should be
steadily illuminated. If not, please see Chapter 9,
“Troubleshooting.”
HP e-Commerce Server Accelerators

Hub/Router/Switch

Server

Network Connections

Status Check

Before proceeding to the Admin Terminal Connection section, take a
moment to verify that the SA7100/SA7120 is correctly connected.

Network and Server LEDs
Verify that the Network and Server LEDs are both illuminated. If one
or both are not, refer to the Troubleshooting section at the end of this
chapter.

Inline LED
A blinking Inline LED indicates that the system is online in Fail-safe
mode. Refer to the Troubleshooting section at the end of this chapter
or Appendix B, “Failure/Bypass Modes.”

8

CHAPTER 2

Installing the SA7100/SA7120 Free-Standing or in a Rack

Admin
Terminal
Connection

Run HyperTerminal* or a similar terminal emulator on your PC. The
steps below are illustrative of HyperTerminal*. Other terminals will
require different procedures.
1. Use the serial cable provided with the SA7100/SA7120 to connect the device’s serial port (the left-hand serial port labeled
“Console”) to the serial port of any terminal. (A PC running Windows* HyperTerminal* is used here as an example.)

Power Error Overload Activity
(green) (red) (amber) (green)

Console

Aux Console

Network Link Inline
(green)
(green)

Network Link
(RJ45)

Server Link
(green)

Server Link
(RJ45)

Front Panel Connectors and LEDs
2. Type an appropriate name in the Name field of the Connection
Description window (e.g., “Configuration”), and then click the
OK button. The Phone Number panel appears.
3. In the Connect Using… field specify “COM1” (or the serial port
through which the PC is connected to the SA7100/SA7120 if
different from COM1).
4. Click the OK button. The COM1 Properties panel appears. Set
the values displayed here to 9600, 8, none, 1, and none.
5. Click the OK button.

HyperTerminal*
Paste
Operations

If you’re using HyperTerminal* you must make the following
configuration change:
1. In the File menu, click Properties.
2. Click the Settings tab.
3. Click the ASCII Setup button.
4. Change the values of Line and Character delay from 0 to at least
1 millisecond.

9

CHAPTER 2

HP e-Commerce Server Accelerator SA7100/7120 User Guide

5. Click OK to exit ASCII Setup.
6. Click OK to exit Connection Properties.

Troubleshooting
Server and Network LEDs
If either the Network or Server LED fails to illuminate using either
straight-through or crossover network cables, the problem may be
elsewhere in the network. Verify by wiring around the SA7100/
SA7120.

Inline LED
The Fail-through switch allows you to control what happens in the
event of a failure. It is located in a recess between the Network and
Server connectors. Use a small screwdriver or paper clip to
manipulate the switch. The two options are:
•

Allow traffic to flow through the SA7100/SA7120 unprocessed.
(Fail-through mode, indicated by a steadily illuminated Inline
LED.)

•

Block traffic flow through the SA7100/SA7120 entirely. (Failsafe mode, indicated by a blinking Inline LED.)

Please see Appendix B for a table describing all permutations of LED
operation.

Continuing
Configuration

10

This concludes basic configuration of the SA7100/SA7120. To
configure the unit for production please continue with Chapter 3,
Theory of Operations, or Chapter 4, Scenarios.

Theory of Operation

Security
The HP e-Commerce Server Accelerator SA7100/SA7120 offers
Remote Management capability. This feature requires that the
SA7100/SA7120’s network interface be assigned an IP address, thus
security becomes a matter for your attention. If you intend to manage
your SA7100/SA7120 from a remote location, be sure to read the
section, “Access Control” in Chapter 6.

Single Server Acceleration
Typically, SA7100/SA7120 supports the SSL processing needs of a
single server. This is the simplest and most common configuration.
The SA7100/SA7120 is connected to the network between the router
and the server.

CHAPTER 3

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Ideally, the SA7100/SA7120 is installed in the network in such a way
as to minimize network latency.

HP e-Commerce Server Accelerator
SA7100/7120

Router
Single Server

SA7100/SA7120 in Single Server Configuration

Multiple Servers
Given the SSL processing power of the SA7100/SA7120, multiple
servers can be supported. In this configuration, the SA7100/SA7120
sits between the router and the switch. SSL traffic intended for these
servers is intercepted and other traffic is passed through.
Server 1

Server 2
Router

hub/switch
Server 3
HP e-Commerce Server Accelerator
SA7100/7120

SA7100/SA7120 in Multiple Server Configuration

12

CHAPTER 3

Working with Internet Traffic Management (ITM) Devices

Working with Internet Traffic Management (ITM)
Devices
The SA7100/SA7120 is compatible with Internet Traffic
Management (ITM) devices. In such environments, the SA7100/
SA7120 lies between the router and the ITM device, or between the
ITM device and the server. ITM devices distribute workload across
multiple servers and redirect traffic based on content.

Positioning
SA7100/
SA7120
between ITM
Device and
Client Network

If the ITM device supports layer 7 traffic management, URLs must
be readable (that is, unencrypted). Therfore, in environments
performing layer 7 load balancing, it is recommended that the
SA7100/SA7120 be placed between the ITM device and the client
network.

HP e-Commerce Server Accelerator SA7100/7120

Server 1

Server 2
Router
Server 3

Internet
ITM Device

Client

SA7100/SA7120 Between Router and ITM Device

13

CHAPTER 3

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Positioning
SA7100/
SA7120
between ITM
Device and
Server

Router

If security considerations require limited network access to clear text,
the SA7100/SA7120 should be placed between the ITM device and
the server.

ITM Device

HP e-Commerce Server Accelerator
SA7100/7120s

Internet

Client
Servers

NOTE: The illustrated
configuration precludes
layer 7 load balancing
because secure traffic
through the ITM device is
encrypted.

SA7100/SA7120s Between ITM Device and Servers

Multiple SA7100/SA7120s and Cascading
Processing
Scalability and
Cascading

14

The SA7100/SA7120’s capabilities are scalable by chaining, or
“cascading,” multiple SA7100/SA7120s together. In such
configurations, each unit’s server side connector is wired to the
network side connector of the next SA7100/SA7120 in line. The last
SA7100/SA7120 in line is connected to the server, switch, or ITM
device.

CHAPTER 3

Spilling and
Throttling

Multiple SA7100/SA7120s and Cascading Processing

When the SA7100/SA7120’s “spill” option is enabled, if a given
SA7100/SA7120 cannot process a request within a specified interval,
the request is passed on, still encrypted, to the next SA7100/SA7120
in line. The last SA7100/SA7120 on the server side can also be
enabled to spill to the server. Spilling is performed dynamically on a
connection-by-connection basis. (See spill command, Chapter 5,
“Command Reference.”) If spill is disabled, the SA7100/SA7120
“throttles,” that is, will not accept incoming requests when it becomes
overloaded.

HP e-Commerce Server Accelerator SA7100/7120s

Hub/Router/Switch
Server

Cascaded SA7100/SA7120s

Availability

When a SA7100/SA7120 fails or is set to Bypass mode while Failthrough is enabled, the SA7100/SA7120’s network side and server
side network adapters are directly connected, allowing traffic to pass
through to the next device until the failed unit is brought back into
service. This feature eliminates a single point of failure and provides
a high level of availability, should there be a failure. In installations
with multiple SA7100/SA7120s, the next unit in the cascade picks up
the encryption/decryption workload, while in single SA7100/SA7120
configurations, the server assumes the load. See “Failure/Bypass
Modes” in Appendix B for more information.

15

CHAPTER 3

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Keys and Certificates
WARNING: The
SA7100/SA7120 comes
with default keys and
certificates for test
purposes. Certificates for
production use should be
obtained from a
recognized certificate
authority.

A necessary part of the SA7100/SA7120 configuration is the use of
keys and certificates. A key is a set of numbers used to encrypt or
decrypt data. A certificate is a “form” that identifies a server or user.
The certificate contains information about your company as well as
information from a third party that verifies your identity.
There are three ways to obtain keys and certificates:
•

Obtaining a certificate from VeriSign* or other Certificate
Authority (or “CA”)

•

Using an existing key/certificate

•

Creating a new key/certificate on the SA7100/SA7120

Cutting and Pasting with HyperTerminal*
Cutting and pasting is an integral part of the next several procedures.
Below are procedures for cutting and pasting in HyperTerminal*. If
you use some other terminal program, consult that product’s
documentation for appropriate procedures.
To copy an item (key, certificate signing request, etc.) from
HyperTerminal*:
1. Open the HyperTerminal* window.
2. Click and drag to select the item.
3. After the item is selected, open the Edit menu and click Copy (or
type ).
4. Open the window where you will paste the data, and position the
cursor at the appropriate point.
5. In the Edit menu, click Paste (or type ).
To paste an item (key, certificate signing request, etc.) into
HyperTerminal*:
1. Display the item in the appropriate application window, then
click and drag to select the item.
2. Once the item is selected, click the Edit menu and select Copy
(or type ).

16

CHAPTER 3

Keys and Certificates

3. Move to the HyperTerminal* window, and position the cursor at
the appropriate point.
4. Pull down the Edit menu, and select Paste to Host (or type
).

Obtaining a
Certificate
from VeriSign*
or Other
Certificate
Authority

Use the create key command to create your key and the create sign
command to create a signing request to be sent to VeriSign* or other
CA for authentication. The CA will return it in approximately one to
five days. After you have received the certificate, use the import cert
command to import it into the SA7100/SA7120.
The fields input to create a signing request are called collectively a
Distinguished Name (DN). For optimal security, one or more fields
must be modified to make the DN unique.

Procedure
Create a key:
1. Type the create key command at the prompt:
HP SA7120> create key
Key strength (512/1024) [512]:
New keyID [001]: mywebserver
Keypair was created for keyID: mywebserver

2. Create a Certificate Signing Request:
HP SA7120> create sign mywebserver

You are about to be asked to enter information
that will be incorporated into your
certificate request. The "common name" must be
unique. For other fields, you could use
default values.

Certifying authorities have specific guidelines on how to answer each
of the questions. These guidelines may vary by certifying authority.
Please refer to the guidelines of the certifying authority to whom you
submit your Certificate Signing Request (CSR). Please keep the
following in mind when entering the information that will be
incorporated into your certificate request:
•

Country code: This is the two-letter ISO abbreviation for your
country (for example, US for the United States).

•

State or Province: This is the name of the state or province
where your organization’s head office is located. Please enter the
full name of the state or province. Do not abbreviate.
17

CHAPTER 3

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

•

Locality: This is usually the name of the city where your
organization’s head office is located.

•

Organization: This should be the organization that owns the
domain name. The organization name (corporation, limited
partnership, university, or government agency) must be
registered with some authority at the national, state, or city level.
Use the legal name under which your organization is registered.
Please do not abbreviate your organization’s name and do not use
any of the following characters: < > ~ ! @ # $ % ^ * / \ ( ) ?.

•

Organizational unit: This is normally the name of the
department or group that will use the certificate.

•

Common name: The common name is the “fully qualified
domain name,” (or FQDN) used for DNS lookups of your server
(for example, www.mysite.com). Browsers use this information
to identify your Web site. Some browsers will refuse to establish
a secure connection with your site if the server name does not
match the common name in the certificate. Please do not include
the protocol specifier “http://” or any port numbers or path names
in the common name. Do not use wildcard characters such as * or
?, and do not use an IP address.

•

E-mail address: This should be the e-mail address of the
administrator responsible for the certificate.

3. Export the Certificate Signing Request (CSR).
In this example, xmodem is used to send the CSR to a PC connected
to the console port.
HP SA7120> export sign mywebserver
Export protocol: (xmodem, ascii) [ascii]:x

Use Ctrl-x to kill transmission
Beginning export...
Export successful!
HP SA7120>

To submit the CSR to a certifying authority, paste it into the field
provided in the authority’s online request form. Remember to include
the “-----BEGIN CERTIFICATE REQUEST-----” and “-----END
CERTIFICATE REQUEST-----” lines.
Typically, the CSR will look something like this:
-----BEGIN CERTIFICATE REQUEST----MIIBnDCCAQUACQAwXjELMAkGA1UEBhMCQ0ExEDOABgNVBAgT
B09udGFayW8xEDAOBgNVBAcTB01vbnRyYWwxDDAKBgNVBAoT
18

CHAPTER 3

Keys and Certificates

A0tGQzEdMBsGA1UEAxMUd3d3Lmlsb3ZlY2hpY2tlbi5jb20w
gZ0wDQYJKoZIhvcNAQEBBQADgYsAMIGHAoGBALmJA2FLSGJ9
iCF8uwfPW2AKkyyKoe9aHnnwLLw8WWjhl[ww9pLietwX3bp6
Do87mwV3jrgQ1OIwarj9iKMLT6cSdeZ0OTNn7vvJaNv1iCBW
GNypQv3kVMMzzjEtOl2uGl8VOyeE7jImYj4HlMa+R168AmXT
82ubDR2ivqQwl7AgEDoAAwDQYJKoZIhvcNAQEEBQADgYEAn8
BTcPg4OwohGIMU2m39FVvh0M86ZBkANQCEHxMzzrnydXnvRM
KPSE208x3Bgh5cGBC47YghGZzdvxYJAT1vbkfCSBVR9GBxef
6ytkuJ9YnK84Q8x+pS2bEBDnw0D2MwdOSF1sBb1bcFfkmbpj
N2N+hqrrvA0mcNpAgk8nU=
-----END CERTIFICATE REQUEST-----

4. When the CA returns the certificate, import it into the SA7100/
SA7120. Use the import cert command, with the KeyID. As
with the import key, choose an import protocol for importing the
key. Use p for paste. After the paste is finished, add three periods
to display the command line.
HP SA7120> import cert mywebserver
keyid is mywebserver;
Import protocol: (paste, xmodem) [paste]:

Type or paste in date, end with ... alone on line
-----BEGIN CERTIFICATE----MIIDKDCCAtKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnDEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQ4wDAYDVQQHEwVQ
b3dheTEaMBgGA1UEChMRQ29tbWVyY2Ug
.
.
.
-----END CERTIFICATE----- 
... 
Import successful!
HP SA7120>

5. Create mapping for Server 1. Use the create map command to
specify the server IP address, ports, and keyID.
HP SA7120> create map
Server IP (0.0.0.0): 10.1.1.30
SSL (network) port [443]: 
Cleartext (server) port [80]: 
KeyID to use for mapping: mywebserver

6. Save the configuration when the server has been mapped.
HP SA7120> config save
Saving configuration to flash...
Configuration saved to flash
HP SA7120>
19

CHAPTER 3

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Using an Existing Key/Certificate

Exporting a
Key/Certificate
from a Server

This method is used when it is important that the existing keys and
certificates are used.

NOTE: Currently there
is no published method
for extracting private
keys from Microsoft* IIS
or Netscape* servers.

Consult your server software documentation for detailed instructions
on how to export keys and certificates. Once you have exported the
keys and certificates, use the import key and import cert commands
to paste the keys and certificates into your SA7100/SA7120. Some
general instructions are provided below for the Apache* Web Server.

Apache* Interface to Open SSL* (mod_ssl)
For key:
1. Look in $APACHEROOT/conf/httpd.conf for location of *.key
file.
2. Copy and paste the key file.
For certificate:
1. Look in $APACHEROOT/conf/httpd.conf for location of *.crt
file (certificate).
2. Copy and paste the certificate file.

Apache SSL*
For key:
1. Look in $APACHESSLROOT/conf/httpd.conf for location of
*.key file.
2. Copy and paste the key file.
For certificate:
1. Look in $APACHESSLROOT/conf/httpd.conf for location of
*.cert file.
2. Copy and paste the certificate file.

20

CHAPTER 3

Keys and Certificates

Stronghold*
For key:
1. Look in $STRONGHOLDROOT/conf/httpd.conf for location of
*.key file.
2. Copy and paste the key file.
For certificate:
1. Look in $STRONGHOLDROOT/conf/httpd.conf for location of
*.cert file.
2. Copy and paste the certificate file.

Importing into the SA7100/SA7120
1. Use the import key command with the keyID, and choose an
import protocol for importing the key. In this case, use the default
to “paste.” When the paste is finished, add a line break followed
by three periods to display the command line.
HP SA7120> import key mywebserver
Import protocol: (paste, xmodem) [paste]:

Type or paste in date, end with ... alone on line
-----BEGIN RSA PRIVATE KEY----MIIBOgIBAAJBALGOlBH14vIdtfuA+UnyRIoKya13ey8mj3GD
QakdwoDJALu+jtcC
.
.
.
S9dPdwp6zctsZeztn/ewPeNamz3q8QoEhY8CawEA
-----END RSA PRIVATE KEY-----
... 
Import successful!
HP SA7120>

2. Use the import cert command with the keyID. As with import
key, choose an import protocol for importing the key. Use the
default to “paste.” When the paste is finished, add a line break
followed by three periods to display the command line.
HP SA7120> import cert mywebserver
keyid is mywebserver;
Import protocol: (paste, xmodem) [paste]:

Type or paste in date, end with ... alone on line

21

CHAPTER 3

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

-----BEGIN CERTIFICATE----MIIDKDCCAtKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnDEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQ4wDAYDVQQHEwVQ
b3dheTEaMBgGA1UEChMRQ29tbWVyY2Ug
.
.
.
-----END CERTIFICATE----- 
... 
Import successful!
HP SA7120>

3. Create a server mapping. Use the create map command to
specify the server IP address, ports, and keyID.
HP SA7120> create map
Server IP (0.0.0.0): 10.1.1.30
SSL (network) port [443]: 
Cleartext (server) port [80]: 
KeyID to use for mapping: mywebserver

4. Save the configuration when the server has been mapped.
HP SA7120> config save
Saving configuration to flash...
Configuration saved to flash
HP SA7120>

Creating a new
Key/Certificate
on the SA7100/
SA7120

Use the create key and create cert commands to create new keys and
certificates for SA7100/SA7120 operation. This procedure can be
used when there are no existing keys and certificates on the server.
The advantage is that this method is very fast, but a CA has not signed
the certificates.
The fields input to create a certificate are called a Distinguished
Name (DN). For optimal security, one or more fields must be
modified to make the DN unique.

Procedure
1. Create a key as follows:
HP SA7120> create key
Enter the key strength [512,1024]: 512
New keyID [001]: mywebserver
Keypair was created for keyID: mywebserver

2. Enter the create cert command with the keyID
HP SA7120> create cert mywebserver
You are about to be asked to enter information…
22

CHAPTER 3

Keys and Certificates

Enter the information for the certificate, as prompted:
•

Country

•

State

•

Locality

•

Organization

•

Organization unit

•

Common name (for example, www.myserver.com)

•

E-mail address

3. Create a server mapping. Use the create map command to
specify the server IP address, ports, and keyID.
HP SA7120> create map
Server IP (0.0.0.0): 10.1.1.30
SSL (network) port [443]: 
Cleartext (server) port [80]: 
KeyID to use for mapping: mywebserver

4. Save the configuration when the server has been mapped.
HP SA7120> config save
Saving configuration to flash...
Configuration saved to flash
HP SA7120>

Global Site
Certificates

Overview

NOTE: The SA7100/
SA7120 supports only one
root CA certificate per
mapping. However,
multiple intermediate CA
certificates per single
mapping are supported.

Four types of certificates are involved in the following discussion:
•

Root Certificate. The certificate of a trusted CA such as
VeriSign.*

•

Server Certificate. Loaded on the server. Can be either selfgenerated or received from a CA such as VeriSign*. Interacts
with requesting browser’s root certificate to establish encryption
level.

•

Global Site Certificate. An extended server certificate. Allows
128-bit encryption for export-restricted browsers.

•

Intermediate certificate authority (CA) Certificate. A certificate
“signed,” that is, authenticated, by a recognized CA such as
VeriSign*, and used to validate a global site certificate. Called an
“intermediate CA certificate” in the following discussion.
23

CHAPTER 3

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Export versions of Internet Explorer* and Netscape* Communicator
use 40-bit encryption to initiate connections to SSL servers. Upon
receiving a client request, the server responds by sending a digital
certificate. If this certificate is a conventional server certificate (that
is, not a global site certificate), browser and server complete the SSL
handshake and use a 40-bit key to encrypt application data. If the
server responds to a requesting browser with a global site certificate,
the client automatically renegotiates the connection to use 128-bit
encryption.
A global site certificate is validated by an accompanying intermediate
CA certificate. (Such pairs are called “chained certificates.”)
Examples of intermediate CA certificates include Microsoft SGC
Root* and VeriSign Class 3*. When a requesting browser receives a
global site certificate along with an intermediate CA certificate, the
browser’s root certificate is used to validate the intermediate CA
certificate, which in turn is used to validate the global site certificate,
thus letting the browser know that it can renegotiate the connection to
use 128-bit encryption.

Global Site Certificate Paste Procedure
If you wish to use a global site certificate, you must import both the
global site certificate and its accompanying intermediate CA
certificate. Both certificates must be chained together in a single file.
Use the import cert command to import either single or chained
certificates. In the latter case, paste the server’s global site certificate
first, followed by the intermediate CA certificate. Follow the
intermediate CA certificate by typing three periods on a new line.
Example:
HP SA7120> import cert 
Import protocol: (paste, xmodem) [paste]:
Type or paste in data, end with ... alone on line

NOTE: There must be no
white space before,
between, or after
certificates, and the
“Begin...” headers and
“End...” trailers must all
be retained.

24

-----BEGIN CERTIFICATE----MIIFZTCCBM6gAwIBAgIQCTN2wvQH2CK+rgZKcTrNBzANBgkq
hkiG9w0BAQQFADCBujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1
c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4x
MzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
:
dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlz
aWduLmNvbS9DUFMg
SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBW
ZXJpU2lnbjAeFw05
OTExMTEwMDAwMDBaFw0wMDExMTAyMzU5NTlaMIHHMQswCQYD

CHAPTER 3

Keys and Certificates

VQQGEwJVUzETMBEG
-----END CERTIFICATE---------BEGIN CERTIFICATE----MIIEMTCCA5qgAwIBAgIQI2yXHivGDQv5dGDe8QjDwzANBgkq
hkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMO
VmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi
bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
HhcNOTcwNDE3MDAwMDAwWhcN
:
OTk3IFZlcmlTaWduMA0GCSqGSIb3DQEBAgUAA4GBALiMmMMr
SPVyzWgNGrN0Y7uxWLaYRSLsEY3HTjOLYlohJGyawEK0Rak6
+2fwkb4YH9VIGZNrjcs3S4bmfZv9jHiZ/4PC/
NlVBp4xZkZ9G3hg9FXUbFXIaWJwfE22iQYFm8hDjswMKNXRj
M1GUOMxlmaSESQeSltLZl5lVR5fN5qu
-----END CERTIFICATE-----
...
Import successful!
HP SA7120>

25

CHAPTER 3

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Redirection: Clients and Unsupported Ciphers
NOTE: The user must
provide the redirect URL
and ensure that it is
available, as well as
define the content of the
redirect page.

WARNING: If the
redirect URL causes a
client to access the same
SA7100/SA7120 mapping
that invoked the
redirection an infinite
loop condition will occur.

When a client that does not support the selected cipher suite attempts
to connect to the SA7100/SA7120, the default behavior is to reject the
connection, resulting in the client system reporting a fatal error.
However, the SA7100/SA7120 allows you to specify a “redirect
address” where you can provide clients with additional information.
The set redirect command allows you to specify a redirect Web
address for any Map ID. The show redirect command displays any
redirect addresses currently configured.
HP SA7120> list map
Map

Net

Ser

Cipher

Re-

Client

ID KeyID Server IP Port Port Suites

direct Auth

== ===== ========= ==== ==== ======

=====

====

1

default Any

443

80

all(v2+v3) n

n

2

sample 10.1.2.5 443

80

med(v2+v3) n

n

HP SA7120> set redirect 2
Enter a redirect URL at following prompt
e.g. http://www.e-comm_site.com/somebrowser.html
Enter redirect URL []:http://www.ecomm_site.com/cipher_info.html
HP SA7120> list map
Map
Net Ser Cipher ReClient
ID KeyID Server IP Port Port Suites direct Auth
== ===== ========= ==== ==== ====== ===== ====
1 default Any
443 80
all(v2+v3) n
n
2 sample 10.1.2.5 443 80
med(v2+v3) y
n
HP SA7120> show redirect 2
Redirect URL for map 2 is set: http://www.ecomm_site.com/cipher_info.html

To disable a redirect URL for a mapping:
HP SA7120> set redirect 2 none
HP SA7120> show redirect 2
Redirect URL for map 2 is not set

26

CHAPTER 3

Client Authentication

Client Authentication
By default, the SA7100/SA7120 does not authenticate client
identities, however specific map IDs can be configured to request
client certificates for the purpose of verifying identities. When this
feature is enabled, the SA7100/SA7120 verifies that client
certificates are signed by a known CA. This feature is controlled by
the import client_ca command.
Example:
First, use the list map command to display the current map IDs and
their configurations including, in the last column, Client
Authentication, enabled (y) or disabled (n).
HP SA7120> list map
Map
Net Ser Cipher ReClient
ID KeyID Server IP Port Port Suites direct Auth
== ===== ========= ==== ==== ====== ===== ====
1 default Any
443 80 all(v2+v3) n
n
2 sample 10.1.2.57 443 80 med(v2+v3) n
n

Next, import the client CA certificate for Map ID 2.
HP SA7120> import client_ca 2
Import protocol: (paste, xmodem) [paste]:

Type or paste in data, end with ... alone on line
-----BEGIN CERTIFICATE----MIIDxzCCAzCgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBpDEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQ
BgNVBAcTCVNhbiBEaWVnbzEUMBIGA1UE
.
.
.
XcCabZcfBRuYcZeUoNrGUl8tD80jp2YNG1vidgLEaD1YCli5
I9/mNrcB25mSfdAR
/08ROTMxm4VKOSA=
-----END CERTIFICATE-----
...

27

CHAPTER 3

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Verify the import by using the list map command again. Note that the
Client Auth column now shows client authentication for Map ID 2
enabled.
HP SA7120> list map
Map
Net Ser Cipher ReClient
ID KeyID Server IP Port Port Suites direct Auth
== ===== ========= ==== ==== ====== ===== ====
1 default Any
443 80 all(v2+v3) n
n
2 sample 10.1.2.57 443 80 med(v2+v3) n
y

Clients connecting to “map 2” are required to present a client
certificate signed by the CA whose certificate was imported above. If
they do not present a properly signed certificate, their connection
attempt is refused.

Creating a
Client CA
Certificate
using
OpenSSL*
NOTE: Generate the
client CA certificate:
NOTE: In this example,
ca_cert.pem is your
trusted CA and signing
certificate.

There are software packages available that handle the details of client
certificate generation, however, you can implement them manually.
The following example illustrates the appropriate steps using
OpenSSL*:
1. Generate the key pair for the client CA:
openssl genrsa -out ca_key.pem 1024

To acquire a copy of OpenSSL* for your environment, access the
OpenSSL* Web site at www.openssl.org.
openssl req -new -x509 -config hp.cnf -key
ca_key.pem -days 365 -out ca_cert.pem

2. Using the import client_ca command, import ca_cert.pem
For each client:
1. Generate a key pair:
openssl genrsa -out key.pem 1024

2. Generate a certificate signing request:
openssl req -new -config hp.cnf -days 365
-key key.pem -out csr.pem

28

CHAPTER 3

SSL Processing

3. Sign the client certificate signing request with the client CA
certificate:
openssl x509 -req -CAcreateserial -CAkey
ca_key.pem -CA ca_cert.pem -days 365 -in csr.pem
-out cert.pem

4. Combine the key.pem and cert.pem keys into one file by
typing this command:
cat key.pem cert.pem > all.pem

5. Convert to p12 format by typing this command:
openssl pkcs12 -export -in all.pem -out
.p12 - name “MY NAME”

The output file .p12 will be imported into the browser as a
personal certificate.

SSL Processing
The SA7100/SA7120 handles several SSL protocols, for example,
HTTPS (which is the default). For security purposes, you can block
access to specified IPs or ports (see “Blocking” section). Traffic that
is not mapped or blocked flows through transparently. Supported
protocols are listed below. (Ports listed are “well-known” port
assignments. Any available port may be used.)

Server
Assignment
(“Mapping”)

•

HTTPS 443 (default)

•

IMAPS 993

•

POP3S 995

•

SMTPS 465

•

NNTPS 563

•

LDAPS 636

Keypairs and their associated certificates are referenced by a keyID.
A server is identified by a unique combination of server IP and
network port. Mapping is the process of associating a keyID with a
server (using server IP, network port, and server port). The SA7100/
SA7120 supports two types of mapping:
•

Automapping

•

Manual mapping

29

CHAPTER 3

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Automapping
NOTE: Remember to
save the configuration
(with the config save
command) after making
mapping changes.

Automapped entries are identified by a server IP address of zero
(0.0.0.0). When a server IP address of zero is specified, the SA7100/
SA7120 intercepts packets to any server IP address with the matching
network ports. As with any mapping entry, the combination of server
IP address and network port must be unique.
The initial configuration for the SA7100/SA7120 provides an
automapping entry for network port 443 and server port 80. This is
associated with the internally generated default keypair and
certificate with the keyID of “default.” Under this initial
configuration, automapping occurs on any server with this network
port (443) when traffic is routed through the SA7100/SA7120.

Automapping with user-specified key and
certificate
When a user-specified key and certificate are to be automapped, the
user can replace the initial automapping entry with the create map
command. By specifying the same unique identifier (server IP of
0.0.0.0, and network port of 443) with a user-generated keyID, the
user can overwrite the initial automapping entry. (The key and
certificate may be obtained through any of the methods described
previously in this chapter.)

Automapping with multiple port combinations
The user can specify multiple automapping entries when the network
port is unique. For example, a user might specify, in addition to the
initial network (443) and server (80) port combination, a combination
of network (8010) and server (80) port.

Deleting automapping entries
Any automapping entry can be deleted, but if the initial automapping
is deleted and no other mapping entry is specified, the SA7100/
SA7120 automatically recreates the initial automapping entry. Either
replace the initial automapping entry or create another mapping/
automapping entry and then delete the initial automapping entry
using the delete map command.

30

CHAPTER 3

SSL Processing

Manual mapping
The user can create (with the create map command) one or more
mapping entries for individual servers. This is the only way to specify
unique keyIDs for each server. Normally, when manual mapping is
performed, the initial automapping entry is deleted, but this is not a
requirement.

Combining automapping and manual mapping
NOTE: If both manual
mappings and applicable
automappings are
available, the SA7100/
SA7120 always uses the
manual mapping.

Any combination of automapping and manual mapping entries, up to
a total of 1000, can be used provided the server IP address and
network port combinations are unique. Several of the scenarios in
Chapter 4 include step-by-step mapping procedures.

Blocking

For security purposes, the SA7100/SA7120 allows the blocking of
particular IP addresses and ports. IP/port combinations can be
blocked on the basis of:

NOTE: Blocking
operations apply to both
TCP and UDP traffic.

•

Specific IP, specific port

•

Subnet, specific port

•

All IPs, specific port

Specific IP, Specific Port
To block a specific server IP and specific port combination:
1. Type the create block command.
2. Type the IP address.
3. Press Enter to accept the default IP mask.
4. Type the specific port.
5. Press Enter to accept the default port mask.
Example:
HP SA7120> create block
Client IP to block [0.0.0.0]: 10.1.2.1
Client IP mask [0.0.0.0]: 255.255.255.255
Server IP to block [0.0.0.0]: 20.1.2.1
Server IP mask [0.0.0.0]: 255.255.255.255
Server Port to block: 80
Server Port mask [0xffff]:
31

CHAPTER 3

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Use the show block command to verify:
HP SA7120> show block
-------blocks :
--------(1) block 10.1.2.1 255.255.255.255 20.1.2.1
255.255.255.255 80 0xffff

Subnet, Specific Port
To block a subnet, and specific port combination:
1. Specify a subnet, using 0 as the address’s final octet. (In the
example below, all IPs from “10.1.2.x” to “20.1.2.x” are blocked
on port 80.)
2. Type the subnet mask, with 0 indicating the portion of the IP
address to be ignored.
3. Type the specific port.
4. Press Enter to accept the default port mask.
Example:
HP SA7120> create block
Client IP to block [0.0.0.0]: 10.1.2.0
Client IP mask [0.0.0.0]: 255.255.255.0
Server IP to block [0.0.0.0]: 20.1.2.0
Server IP mask [0.0.0.0]: 255.255.255.0
Server Port to block: 80
Server Port mask [0xffff]:

Use show block to verify:
HP SA7120> show block

----------blocks :
----------(1) block 10.1.2.0 255.255.255.0 20.1.2.0
255.255.255.0 80 0xffff
-----------

All IPs, Specific Port
To block a specific port on all IP addresses:
1. Type all zeroes as the IP address to be blocked.
2. Type all zeroes as the IP wildcard mask to be blocked.
3. Type the specific port.
32

CHAPTER 3

SSL Processing

4. Press Enter to accept the default port mask.
Example:
HP SA7120> create block
Client IP to block [0.0.0.0]: 
Client IP mask [0.0.0.0]: 
Server IP to block [0.0.0.0]:
Server IP mask [0.0.0.0]:
Server Port to block: 80
Server Port mask [0xffff]:

5. Use the show block command to confirm the block:
HP SA7120> show block

----------blocks :
----------(1) block
0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 80 0xffff
-----------

Delete a Block
The example below illustrates how to delete a subnet block. Type the
delete block command with the block ID (block ID is 1 in the
example):
1. Use the show block command to identify the block to be deleted.
HP SA7120> show block

----------blocks :
----------(1) block 10.1.2.1 255.255.255.255 20.1.2.1
255.255.255.255 80 0xffff
-----------

2. Use the delete block command followed by the block ID to
delete the block.
HP SA7120> delete block 1

33

CHAPTER 3

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Failure Conditions, Fail-safe, and Fail-through
During any failure condition of the SA7100/SA7120, unprocessed
data packets can either pass through or not, depending on whether
Fail-safe or Fail-through mode is enabled. The Fail-through switch is
by default in Fail-safe mode, meaning that during a failure no data
packets will pass from one side of the SA7100/SA7120 to the other.
For details, see “Failure/Bypass Modes” in Appendix B.

34

Scenarios
This section contains scenarios illustrating examples of HP eCommerce Server Accelerator SA7100/SA7120 configurations:
•

Scenario 1: Single server

•

Scenario 2: Multiple servers

•

Scenario 3: Multiple SA7100/SA7120s, cascaded

•

Scenario 4: Different ingress and egress routers

•

Scenario 5: Configuring a Firewall

CHAPTER 4

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Scenario 1—Single Server
This scenario describes a typical configuration of a SA7100/SA7120
with one server, using either automapping or manual configuration/
mapping. This scenario describes the fastest way to get up and
running with a SA7100/SA7120.

HP e-Commerce Server Accelerator

Router
Single Server

Single SA7100/SA7120, Single Server Installation

Procedure for
Scenario 1

Automapping
1. Physically connect the SA7100/SA7120 to the router and to one
server.
2. Initiate HTTPS traffic to the server. The SA7100/SA7120
monitors traffic and uses the initial mapping (with associated
default key and certificate) to decrypt HTTPS traffic and pass
clear text HTTP traffic to the server.

Manual Configuration
1. Perform the installation as described in Chapter 2. Access the
SA7100/SA7120 command prompt.
2. Acquire the appropriate keys and certificates following the
procedure in the “Keys and Certificates” section in Chapter 3.
3. Create a mapping for the server. Use the create map command
to specify the server IP address, ports, and keyID.
HP SA7120> create map
Server IP (0.0.0.0): 10.1.1.30
SSL (network) port [443]: 
Cleartext (server) port [80]: 
KeyID to use for mapping: myserver
36

CHAPTER 4

Scenario 1—Single Server

4. You can delete the default mapping. After the user has manually
created the mapping, the default mapping can be deleted. In this
case, delete MapID number 1. MapID number 2 becomes
MapID number 1 when the default is deleted.
HP SA7120> delete map 1
HP SA7120> list maps
Map
Net Ser Cipher Re- Client
ID KeyID Server IP Port Port Suites direct Auth
== ===== ========= ==== ==== ====== =====
====
1 myserver 10.1.1.30 443 80 med(v2+v3) n
n
HP SA7120>

5. Save the configuration when the server has been mapped.
HP SA7120> config save
Saving configuration to flash...
Configuration saved to flash
HP SA7120>

37

CHAPTER 4

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Scenario 2—Multiple Servers
This scenario shows how to configure two or more servers.

Router

HP e-Commerce Server Accelerator
Hub/switch

Server 1
10.1.1.30

Server 2
10.1.1.31

Single SA7100/SA7120, Multiple Server Installation

Procedure for
Scenario 2

1. Perform the installation as described in Chapter 2. Access the
SA7120 command prompt.
2. Acquire the appropriate keys and certificates following the
procedure in the Keys and Certificates section in Chapter 3.
3. Create a mapping for Server 1. Use the create map command to
specify the server IP address, ports, and keyID.
HP SA7120> create map
Server IP: 10.1.1.30
SSL (network) port [443]: 
Cleartext (server) port [80]: 
KeyID to use for mapping: myserver

4. Create a mapping for Server 2. As in the previous step, use the
create map command to specify the server IP address, ports for
the second server, and the keyID.
HP SA7120> create map
Server IP: 10.1.1.31
SSL (network) port [443]: 
Cleartext (server) port [80]: 
KeyID to use for mapping: myserver2

5. Use the list map command to view the mapping. (Multiple keys
and certificates can also be imported and each mapped to
individual servers. If you do this, at least one field in the
certificate information—usually the common name—must be
unique.)
HP SA7120> list map
38

CHAPTER 4

Scenario 2—Multiple Servers

Map
Net Ser Cipher
ReID KeyID
Server IP
Port Port Suites
== =====
=========
==== ==== ============
1 default
Any
443 80
all(v2+v3) n
2 myserver 10.1.1.30 443 80
med(v2+v3) n
3 myserver2 10.1.1.31 443 80
med(v2+v3) n
HP SA7120>

Client
direct Auth
====== ====
n
n
n

6. After you have manually created a mapping, the default
mapping can be deleted. In this case, delete MapID number 1.
MapID number 2 becomes MapID number 1 when the default is
deleted.
HP SA7120> delete map 1
HP SA7120> list map
Map
Net Ser Cipher Re- Client
ID KeyID
Server IP Port Port Suites direct
Auth
== =====
========= ==== ==== ====== =====
====
1 myserver 10.1.1.30 443 80
med(v2+v3) n
n
2 myserver2 10.1.1.31 443 80
med(v2+v3) n
n
HP SA7120>

7. To configure a third or fourth web server to operate with the
SA7100/SA7120, repeat the steps above, specifying a different
IP address for each server.
8. Save the configuration when mapping is completed for the
server(s).
HP SA7120> config save
Saving configuration to flash...
Configuration saved to flash
HP SA7120>

39

CHAPTER 4

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Scenario 3—Multiple SA7100/SA7120s,
Cascaded
This scenario shows how to cascade SA7100/SA7120s for additional
performance and availability. The same procedures apply that were
performed in Scenario 3. In addition, the complete configuration of
the first SA7100/SA7120 is exported to the second SA7100/SA7120
in line.

Initial
Configuration

•

Two or more SA7100/SA7120s must be physically installed on
the same network. To cascade multiple SA7100/SA7120s,
connect from the server port of the first SA7100/SA7120 to the
network port of the next SA7100/SA7120 in line, and then again
connect from the server port to the network port of the next
SA7100/SA7120 in line, or to the server. (See Chapter 2 for more
information.)

•

On the first SA7100/SA7120, the set spill enable command is
used to enable spilling so that the next SA7100/SA7120 in line
can handle the overflow. Spill is then enabled for each
subsequent SA7100/SA7120, except the last one. Do not
configure the last SA7100/SA7120 to spill to the server.

•

The first SA7100/SA7120 should be fully configured; any
necessary keys, certificates or maps must exist. The complete
configuration is exported from the first, then imported to the next
SA7100/SA7120 in line. This procedure is repeated for any
additional SA7100/SA7120s in line.
HP e-Commerce Server Accelerators

Hub/Router/Switch
Server

Multiple (Cascaded) SA7100/SA7120s

40

CHAPTER 4

Procedure for
Scenario 3

Scenario 3—Multiple SA7100/SA7120s, Cascaded

1. Configure the SA7100/SA7120 farthest from the server as
described in any of the preceding scenarios. Remain connected to
that specific SA7100/SA7120 for the export configuration
procedure.
2. At the command prompt, type the set spill enable command.
This allows overflow traffic to be transferred to the second
SA7100/SA7120 for processing.
3. Save configuration.
HP SA7120> config save
Saving configuration to flash...
Configuration saved to flash
HP SA7120>

4. Export the configuration. Use the export config command.
Choose xmodem mode to export.
HP SA7120> export config
Export protocol: (xmodem, ascii) [ascii]: xmodem

Beginning export...

5. Select Receive from the HyperTerminal* Transfer menu.
6. Type or use the Browse button to specify the directory in which
you want to place the received file.
7. Select xmodem as the receiving protocol.
8. Click the Receive button.
9. Specify a filename for the received file and click OK. The
operation concludes and the normal prompt reappears.
Use Ctrl-X to kill transmission
Export successful!
HP SA7120>

10. Connect to the second SA7100/SA7120 (“Device 2”), either
through the console connection or another window (if both are
connected to the same PC).
11. Press the Bypass button on Device 2’s front panel to put the
machine in bypass mode.
12. Import the configuration. Use the import config command to
begin the process. Select xmodem and press Enter to begin the
import process.
HP SA7120> import config
Import protocol: (paste, xmodem) [paste]: xmodem

41

CHAPTER 4

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide


Use Ctl-X to cancel upload

13. Select Send from the HyperTerminal* Transfer menu.
14. Type or use the Browse button to specify the file to send.
15. Select xmodem as the sending protocol.
16. Click the Send button. The transfer completes and then you are
prompted to verify that you want to install this configuration.
Do you want to install this config ? [y]:

17. After verification (y) or refusal (n), the prompt reappears.
HP SA7120>

18. Change Device 2’s IP address using the set ip command.
HP SA7120> set ip
Enter IP Address (’none’ to delete) [10.1.2.65]:
1.1.1.1
Enter Netmask (’none’ to delete)
[255.255.255.0]: 2.2.2.2

19. Save the configuration.
HP SA7120> config save
Saving configuration to flash...
Configuration saved to flash
HP SA7120>

20. Press the Bypass button on Device 2’s front panel to put the
machine in inline mode.
21. Repeat steps 11-20 for any additional SA7100/SA7120s. On the
last SA7100/SA7120 in the chain, disable spilling with the set
spill disable command.

42

CHAPTER 4

Scenario 4—Different Ingress and Egress Routers

Scenario 4—Different Ingress and Egress
Routers
This scenario describes the configuration of a SA7100/SA7120 when
the ingress and egress traffic paths are different. This scenario
includes:

Client

•

One or more servers

•

One or more cascaded SA7100/SA7120s

•

One or more ingress routers

•

One egress router

Ingress Router

Switch

HP e-Commerce Server
Accelerator

Egress Router
Server

Installation with Ingress and Egress Routers

Procedure for
Scenario 4

1. Configure your SA7100/SA7120 (as described in any of the
previous scenarios).

NOTE: Execute an “arp
–a” (or equivalent
command for your OS) on
the server to display the
MAC address of the
default gateway. This is
the address you should
use.

2. Determine the MAC address of the egress router through which
you want to route outbound traffic.
3. At the CLI prompt, enter the default egress router.
HP SA7120> set egress_mac 00:11:22:33:44:55
Egress MAC set to 00:11:22:33:44:55
HP SA7120> config save
Saving configuration to flash...
Configuration saved to flash
HP SA7120>

4. To reverse this process:
HP SA7120> set egress_mac none

43

CHAPTER 4

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Scenario 5—Configuring a Firewall
This scenario describes the recommended network configuration to
allow a SA7100/SA7120 to provide SSL services for a single server
that also serves plain-text HTTP documents. Actual procedures for
adjusting the firewall and server configurations vary widely
depending upon the products used, so the steps outlined here are
necessarily approximations and must be adjusted as required by the
particulars of your environment. Please consult your server and
firewall documentation for additional information.

HP e-Commerce Server Appliance SA7100/SA7120

Firewall
Server

Single SA7100/SA7120 configured with single server and firewall

Server
Configuration

Servers providing both HTTP and HTTPS services typically have
two instances of the Web Server process configured:
•

One listening on the standard HTTP port of 80, providing
unencrypted access to non-sensitive information, and

•

Another listening on port 443 providing access to SSL encrypted
sensitive information.

Port Number

Connection Type

Content Served

80

HTTP

Non-sensitive

443

HTTPS

Sensitive

For the SA7120 to provide SSL services, the web server process
providing port 443 services requires two modifications.

44

CHAPTER 4

Scenario 5—Configuring a Firewall

•

First, because the SA7120 performs all of the SSL processing,
the web server process must be configured to expect only
standard HTTP (unencrypted) connections, even for sensitive
content.

•

Second, the web server process must be configured to listen for
these HTTP connections on a port other than the standard
HTTPS port (443). In this scenario we configure the port 443
service to listen on port 81.

Port Number

Connection Type

Content Served

80

HTTP

Non-sensitive

81

HTTP

Sensitive

SA7120 Configuration
The SA7120 must be configured to intercept HTTPS connections on
port 443 and forward them to the server. In the preceding section, we
configured the server to provide access to sensitive data through port
81, so that should be the clear text port when creating a server
assignment (or “map”) on the SA7120. Perform the following steps
to create the server assignment:
1. Perform the installation as described in Chapter 2 and access the
command line prompt.
2. Acquire the appropriate keys and certificates following the
procedure in the “Keys and Certificates” section in Chapter 3.
3. Create a mapping for the server. Use the create map command
to specify the server IP address, ports, and keyID.
HP SA7120> create map
Server IP (0.0.0.0): 10.1.1.30
SSL (network) port [443]: 
Cleartext (server) port [80]: 81
KeyID to use for mapping: serv1

45

CHAPTER 4

NOTE: The device
automatically adjusts the
list of MapIDs as they
are created and deleted,
thus MapID 2 becomes
MapID 1 when the default
(the original MapID 1) is
deleted.

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

4. Once a user-created server assignment exists, the default
mapping can be deleted. In this example, delete MapID number
1.
HP SA7120> > delete map
HP SA7120> list maps
Map
Net
ID KeyID Server IP Port
== ===== ========= ====
1 serv1 10.1.1.30 443
HP SA7120>

1
Ser
Port
====
80

Cipher
Suites
==========
med(v2+v3)

Redirect
=====
n

Client
Auth
====
n

5. Save the configuration.
HP SA7120> config save
Saving configuration to flash...
Configuration saved to flash
HP SA7120>

Firewall Configuration
Absent a firewall, outside clients would be able to connect to services
on the web server and possibly gain access to sensitive data—on port
80 using HTTP to access non-sensitive data, on port 443 using
HTTPS to access sensitive data, and on port 81 using HTTP to access
that same sensitive data. Obviously, allowing access to sensitive data
over an unencrypted connection on port 81 is not desirable.
Consequently a firewall should be configured to prevent such access.
NOTE: In this
configuration, the
firewall may occasionally
report the blocking of
outbound packets from
the Server on port 81.
This is normal—a sideeffect of the varying
latencies characteristic of
Internet traffic—and does
not indicate a problem
with the configuration

46

Port

Access

80

Allowed

443

Allowed

All Others

Denied

Command
Reference

The HP e-Commerce Server Accelerator SA7100/SA7120 is fully
configurable through the Command Line Interface (CLI). The CLI is
accessible through both the console and aux console RS232 ports or
remotely via Telnet and SSH.

Online Help
The SA7100/SA7120 provides online help with the following
options:
•

Type help to display a summary of commands.

•

Type help  (or ? ) for a
description of a specific command or, if relevant, a list of
subcommands you can enter from within .

•

Type help usage (or ? )to display all commands
and their usage.

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

•

Type tty_char to display a list of special terminal editing
characters.

Command Line Interface
The CLI handles all user interactions on the console and auxiliary
console RS232 ports. One instance per port runs at all times.

User
Authentication

To gain access to the CLI, the user must first be authenticated by
providing a password at the logon banner prompt. The logon banner
provides build version information and the serial number.

Command Line
Prompt

The standard command line prompt for the SA7120 is:
HP SA7120>

The prompt for the SA7100 is:
HP SA7100>

The prompt can be changed with the set prompt command.

Syntax

The CLI uses the following syntax:

Symbol

Significance

Angled Brackets (<>)

Angled brackets designate where you type variable parameters.

Straight Brackets ([ ])

Choices of parameters appear between straight brackets, separated
by vertical bars.

Braces ({})

Optional commands or parameters appear between braces.

Boldface

Commands shown as they are typed after the CLI prompt appear
in boldface type. (The prompt appears in normal typeface to
distinguish it from the command text.)

Vertical Bar ( | )

Separates choices of input parameters within straight brackets.
You can choose only one of a set of choices separated by the
vertical bar. (Do not include the vertical bar in the command.)

48

CHAPTER 5

Abbreviation
to Uniqueness

Command Line Interface

It is not always necessary to type the entire command. CLI commands
can be abbreviated to uniqueness. For example, “del” as show below
is sufficient to represent the delete command:
HP SA7120> del
Usage: delete item [arg]
block
blockID
cert
keyID
client_ca mapID
key
keyID
logs
logID|all
map
mapID
patch
permit
permitID
sign
keyID
snmp_community
trap_community

However, “sh” as shown below, is not an abbreviation to uniqueness
in that it does not distinguish between show and showsnmp.
HP SA7120> sh

The solitary letter “e” in the context of the next example, (i.e.,
preceded by “ssh”), uniquely indicates ssh enable.
HP SA7120> set ssh e
SSH Service started.

49

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Input Editing Commands
Moving the
Insertion Point
Command

Description

ctrl-b

Move back one character.

ctrl-f

Move forward one character.

ctrl-a

Move to the start of the current line.

ctrl-e

Move to the end of the line.

ctrl-l

Clear the screen and redraw the current line, leaving the current
line at the top of the screen.

Command
History

A history of recently executed commands is stored in a buffer and can
be accessed with the following commands:

Command

Description

ctrl-p

Move “up” through the history list

ctrl-n

Move “down” through the history list

ctrl-r

(Reverse-search-history) Search backward starting at the current
line and moving up incrementally through the command history.

ctrl-s

(Forward-search-history) Search forward starting at the current
line and moving down incrementally through the command
history.

50

CHAPTER 5

Command Line Interface

Cutting Text
Command

Description

ctrl-d

Delete the character underneath the cursor.

ctrl-k

Delete the text from the current cursor position to the end of the
line.

ctrl-u

Delete backward from the cursor to the beginning of the current
line.

ctrl-w

Delete the word behind the cursor, using white space as a word
boundary.

ctrl-y

Paste text that has been cut using any of the four above deletion
commands.

backspace/del

Delete the character to the left of the cursor.

51

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command Summary
This section contains a high-level view of the SA7100/SA7120’s
command structure. Details appear in the Command Reference.
Command

Command Options

bypass
config

default
compare
reset
save

create

block
cert 
key 
map
permit
sign 

delete

block 
cert 
client_ca 
key 
logs
map 
patch
permit 
sign 
snmp_community
trap_community

exit
export

key 
cert 
sign 
log 
config

factory_default
help

52

help
help 
help usage

CHAPTER 5

Command Summary

Command

Command Options

import

cert 
client_ca 
config
key 
patch
upgrade

inline
list

blocks
filters (shows blocks and permits)
keys
logs
maps
permit
monitoring
procs
snmp_community
system
trap_community

nic
password
reboot

53

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Command Options

set

alarms 
cache 
ciphers 
ciphers  default
client_tmo 
date
defcert
egress_mac x:x:x:x:x:x
egress_mac none
ether
idleto 
ip  
kstrength
max_remote_sessions<0-5>
monitoring 
monitoring_interval 
monitoring_fields 
more
ovl_window 
prompt
redirect 
redirect  none
route x.x.x.x
rsc_window 
serial
server_tmo 
ssh 
ssh_port 
spill 
system
telnet 
telnet_port 
utl_highwater 
utl_lowwater 
utl_window 

54

CHAPTER 5

Command Summary

Command

Command Options

show

alarms
blocks
cache
ciphers 
cert 
client_ca 
client_tmo
config
config default
config saved
date
defcert
egress_mac
ether
filters
idleto
info
ip
key 
kstrength
logs
map
max_remote_sessions
monitoring
monitoring_interval
monitoring_fields
more
ovl_window
permits
rsc_window
redirect 
route
serial
server_tmo
ssh
ssh_port
sign 
spill
status 
telnet

55

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Command Options

show

telnet_port
utl_highwater
utl_lowwater
utl_window

setsnmp

snmp 
snmp_community
snmp_port 
snmp_info
sys_contact
sys_location
sys_name
trap_authen 
trap_community
trap_port 

showsnmp

snmp
snmp_community
snmp_info
snmp_port
sys_contact
sys_location
sys_name
trap_authen
trap_community
trap_port

status

line
realtime
alarms


tty_char

56

CHAPTER 5

Command Reference

Command Reference
Help
Commands
Command

Description

help

Display the list of available commands.

help 

Display usage for a single command.

help usage

Display all commands and their usage.

tty_char

View the available list of keyboard shortcut commands.

Status
Command
Command

Description

status

Display device statistics. Several modes are available, as described
below. (Default: realtime.)
Syntax:
HP SA7120> status 

where:
 specifies a line-oriented display of statistics.
 specifies that statistics be displayed in realtime.
 shows current alarm events.
 shows statistics and alarm events in log file.

57

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

SSL
Commands
Command

Description

create key

Create a new keypair and associate it with a Key ID.
Example:
HP SA7120> create key
Key strength (512/1024) [512]: 1024
New keyID [001]:
Keypair was created for keyID: 001.
HP SA7120>

delete key

Delete a specified keypair for a given Key ID.
Syntax:
HP SA7120> delete key 

where  is the Key ID whose associated keypair you
want to delete.
import key

Import a keypair for the specified Key ID.
Syntax:
HP SA7120> import key 

where  is the ID of the keypair you want to import.

58

CHAPTER 5

Command Reference

Command

Description

export key

Export a keypair for a specified Key ID (ASCII or xmodem).
Syntax:
HP SA7120> export key 
Export protocol: (xmodem, ascii) [ascii]:

Press any key to start, then again when
done...
-----BEGIN RSA PRIVATE KEY----MIIBOgIBAAJBALqeajCDgfa8fY8FROLi0B8fVp3m4EI
2MpOzKvEKKe6Kk5pDBkH83tUBkssGBtbnDYHkiAyGzA
.
.
.
UFFSNgBRvbkiNvaNiVqKeutwDEhgCL0PDueo
-----END RSA PRIVATE KEY-----
HP SA7120>

where  is the identifier of the keypair you want to
export.
show key

Display the expanded keypair (including PEM format) for a
specified Key ID. If no Key ID is specified, displays all keys.
Syntax:
HP SA7120> show key 

where  is the Key ID whose associated keypair you
want to view.
list keys

List available Key IDs.
Example:
HP SA7120> list keys

001
default
HP SA7120>

59

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Description

create cert

Create a new certificate for a specified Key ID.
Syntax:
HP SA7120> create cert 

where  is the Key IDfor which you want to create a
certificate.
delete cert

Delete the certificate associated with a specified Key ID.
Syntax:
HP SA7120> delete cert 

where  is the Key ID whose associated certificate you
want to delete.
import cert

Import a certificate to associate with a specified Key ID.
Syntax:
HP SA7120> import cert 

where  is the Key ID whose associated certificate you
want to import.
export cert

Export the certificate for a specified Key ID.
Syntax:
HP SA7120> export cert 

where  is the Key ID whose associated certificate you
want to export.

60

CHAPTER 5

Command Reference

Command

Description

show cert

Display the expanded certificate (including PEM format)
associated with a specified Key ID. If no Key ID is specified,
displays all certificates.
Syntax:
HP SA7120> show cert 

where  is the Key ID whose associated certificate you
want to view.
set ciphers

Establish the list of ciphers and cipher strengths that will be
recognized by the specified Map ID.
Syntax:
HP SA7120> set ciphers 
1 - all
2 - high
3 - medium
4 - low
5 - export only
6 - Customized Ciphers
Select cipher strength [1]: 1
1 - SSLv2
2 - SSLv3
3 - SSLv2 and SSLv3
Select ciphers from SSL version [3]: 2
HP SA7120>

where mapID is the identifier of the mapping whose ciphers you
want to set.

61

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Description

set redirect

Set an alternative address to which a client is directed in the event
it doesn’t support the specified Map ID’s selected cipher suites.
Syntax:
HP SA7120> set redirect  [none]
Enter redirect URL []: 

where  is the Map ID for which you want to define a
redirect URL, and  is the Web address to which you want
to redirect clients that don’t support the selected cipher suites.
Enter the optional parameter [none] to disable an existing
redirect URL for the specified Map ID.
show redirect

Displays the alternative address, if one is configured for the
specified Map ID, to which a client is directed in the event it
doesn’t support the selected cipher suite.
Syntax:
HP SA7120> show redirect 

where  is the Map ID whose redirect URL you want to
display. If no redirect address is defined, a command line message
informs you of the fact:
HP SA7120> show redirect 1
Redirect URL for map 1 is not set.
HP SA7120>

show client_ca

Displays the expanded client certificate (including PEM format)
associated with the specified Map ID. If no client certificate has
been imported this command displays a message to that effect. If
no Map ID is specified, all client certificates are displayed.
Syntax:
HP SA7120> show client_ca 

where  is the mapID number of the key whose imported
client certificate you want to display.

62

CHAPTER 5

Command Reference

Command

Description

import client_ca

If you want to authenticate a client, use this command to import
the trusted CA’s certificate. When enabled, clients without
certificates or with invalid certificates are refused connection.
Syntax:
HP SA7120> import client_ca 
Import protocol: (paste, xmodem) [paste]:

Type or paste in data, end with ... alone on
line

(certificate pasted here...)
...
where  is the mapID number with which the client
certificate will be associated.
delete client_ca

Deletes the client certificate associated with the specified Map
ID.
Syntax:
HP SA7120> delete client_ca 

where  is the mapID number whose associated client
certificate you wish to delete.
create sign

Create the signing request for a specified Key ID.
Syntax:
HP SA7120> create sign 

where  is the Key ID number of the Key for which you
want to create a signing request.

63

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Description

delete sign

Delete the signing request for a specified Key ID.
Syntax:
HP SA7120> delete sign 

where  is the Key ID number of the Key whose signing
request you want to delete.
export sign

Export signing request (PEM format) for specified Key ID.
Syntax:
HP SA7120> export sign 

where  is the Key ID number of the Key whose signing
request you want to export.
show sign 

Display expanded signing request (PEM format) for specified
Key ID. If no Key ID is specified, all signing requests are
displayed.
Syntax:
HP SA7120> show sign 

where  is the Key ID number of the key whose signing
request you want to display.

64

CHAPTER 5

Command Reference

Command

Description

set defcert

Set the default certificate creation information. For example,
country, state, city, organization, organization unit, issuer name,
and issuer e-mail address. You can change all, some or none of
the fields. Press Enter to accept a default and move to the next
field.
Example:
HP SA7120> set defcert
Country name [US]:
State [California]:
City [Palo Alto]:
Organization [Hewlett-Packard Company]:
Organization unit [Server Appliances
Division]:
Issuer name [www.hp.com]:
Issuer email address [support@hp.com]:
Make changes [y]:
Changes applied
HP SA7120>

show defcert

Display the default certificate creation information.
Example:
HP SA7120> show
Country
:
State
:
City
:
Organization :
Unit
:
Name
:
Email
:

defcert
US
California
Palo Alto
Hewlett-Packard Company
Server Appliances Division
www.hp.com
support@hp.com

HP SA7120>

65

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Description

set kstrength

Set the default key strength. Usable values are 512 or 1024. The
default value is 512.
Syntax:
HP SA7120> set kstrength <512 | 1024>

where <512> allows you to specify low key strength and
<1024> allows you to specify high key strength.
show kstrength

Display the default key strength value.
Example:
HP SA7120> show kstrength
Default key strength: 512

set client_tmo

Interval that the connection between the client and server can
remain idle (i.e., no data crosses the connection in either
direction) following a client request.
Syntax:
HP SA7120> set client_tmo 

where  is a value in seconds between 5 and 36000.
show client_tmo

Displays the currently specified client timeout value.
Example:
HP SA7120> show client_tmo
Client timeout is 5 seconds
HP SA7120>

66

CHAPTER 5

Command Reference

Command

Description

set server_tmo

Limits the period of time to establish a connection with the server.
If the connection is not established within the specified time, the
client request is rejected.
NOTE: Typical causes for server timeout include: server
powered off, server not accessible, application is not available on
the specified port.
Syntax:
HP SA7120> set server_tmo 

where  is a value in seconds between 5 and 36000.
show server_tmo

Displays the currently specified server timeout value.
Example:
HP SA7120> show server_tmo

Server timeout [secs]: 5
HP SA7120>

Port Mapping
Commands

These commands are used to execute the operations described in
Chapter 3’s Mapping and Blocking sections.

Command

Definition

create block

Create a block to preclude access to specified IP addresses or
through specified ports. A single IP, a single port, or all ports can
be blocked. If fewer than all ports are to be blocked, you must
repeat the create block command for each one.
Example:
HP SA7120> create block
Client IP to block [0.0.0.0]: 10.1.2.1
Client IP mask [0.0.0.0]: 255.255.0.0
Server IP to block [0.0.0.0]: 20.1.2.1
Server IP mask [0.0.0.0]: 255.255.0.0
Server Port to block: 80
Server Port mask [0xffff]:
HP SA7120>
67

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Definition

delete block

Delete a block specified by index number. Use show block (see
below) to correlate existing blocks with their numbers.
Example:
HP SA7120> delete block 1
HP SA7120>

show block

Display all existing blocks.
Example:
HP SA7120> show block
-------blocks :
--------(1) block 10.1.2.1 255.255.0.0 20.1.2.1
255.255.0.0 80 0xffff
----------

create permit

Create a configuration allowing a specified user access to specified
servers and ports, and/or denying the specified user access to
specified servers and ports.
Example:
HP SA7120> create permit
Client IP to permit [0.0.0.0]:10.1.2.1
Client IP mask [0.0.0.0]:255.255.0.0
Server IP to permit [0.0.0.0]:20.1.2.1
Server IP mask [0.0.0.0]:255.255.0.0
Server Port to permit: 443
Server Port mask [0xffff]:
HP SA7120>

delete permit

Delete a permit specified by index number. Use show permit (see
below) to correlate existing permits with their numbers.
Example:
HP SA7120> delete permit 1
HP SA7120>

68

CHAPTER 5

Command Reference

Command

Definition

show permit

Display permits currently in force.
Example:
HP SA7120> show permit
-------permits :
--------(1) permit 10.1.2.1 255.255.0.0 20.1.2.1
255.255.0.0 443 0xffff
---------HP SA7120>

create map

Create a mapping that associates server IP, SSL port, clear text
port, and Key ID.
Example:
HP SA7120> create map
Server IP (0.0.0.0): 1.1.1.1
SSL (network) port [443]: 443
Cleartext (server) port [80]: 8080
KeyID to use for mapping: 4
HP SA7120>

NOTE: The Key ID used with a new mapping must exist prior to
executing create map. Use create key to create a new Key ID. Also,
a certificate must be associated with the key ID prior to using the
mapping. (See Chapter 3 for details.)
delete map 

Delete a mapping.
NOTE: All MapIDs of a higher number than the one specified for
deletion are decremented by one when this command is executed.
Syntax:
HP SA7120> delete map 

where  is the Map ID of the mapping you want to delete.
show map

Display all mappings. (Same as list maps.)

69

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Definition

list maps

List all mappings. (Same as show map.)
Example:
HP SA7120> list maps
Map
ID KeyID Server IP
== ===== =========
1 default Any
2 sample 1.1.2.5

Net
Port
====
443
443

Ser
Port
====
80
80

Cipher
ReClient
Suites
direct Auth
======
===== ====
all(v2+v3) n
n
med(v2+v3) n
n

HP SA7120>

Operational
Commands
Command

Description

bypass

Enables bypass mode, in which traffic flows through SA7100/
SA7120 without being processed. See Failure/Bypass Modes in
WARNING: Do not issue
Appendix B for details. See the inline command below for
the bypass command from a
reversing bypass.
remote management session
(Telnet or SSH). Doing so
Example:
will result in an immediate
HP SA7120> bypass
disconnect from the
SA7100/SA7120.
The LED labeled “inline” on the SA7120’s front panel turns off
when bypass is enabled.
NOTE: The SA7100/SA7120 can be placed in bypass mode
simultaneously with the bypass switch and the CLI’s bypass
command. When this occurs, you must use both the bypass switch
and the CLI’s insert command to return the unit to inline mode.

70

CHAPTER 5

Command Reference

Command

Description

inline

Enables inline mode, in which the SA7100/SA7120 processes
traffic normally. (As opposed to bypass mode, in which traffic may
flow through the device unprocessed.)
Example:
HP SA7120> inline

The LED labeled “inline” on the SA7100/SA7120’s front panel is
illuminated when inline mode is enabled.
NOTE: Other factors may preclude the use of inline mode. See
Failure/Bypass Modes in Appendix B.
set route

Specify the address of the router or gateway through which the
SA7100/SA7120 communicates with the Internet.
Syntax:
HP SA7120> set route
Enter Default Route (’none’ to delete) [none]:
255.255.255.001
HP SA7120>

show route

Display the currently specified address of the router or gateway
through which the SA7100/SA7120 communicates with the
Internet.
Syntax:
HP SA7120> show route
Default Route: 255.255.255.001
HP SA7120>

71

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Description

set spill

Allows you to enable or disable spill mode. “Spill” is used to
offload processing of a request, when the SA7100/SA7120 has
reached a specified queue threshold, to a secondary SA7100/
SA7120 or to the server.
Example:
HP SA7120> set spill enable

Verify spill setting with the show spill command:
HP SA7120> show spill
Spill on overload: enabled
HP SA7120>

show spill

Display spill setting (enabled or disabled).
Example:
HP SA7120> show spill
Spill on overload: disabled

reboot

Reboots the SA7100/SA7120.
WARNING: Any configuration changes made during the current
CLI session will be lost upon rebooting. Refer to the config save
command for details regarding saving configuration changes.
Example:
HP SA7120> reboot
Are you sure you want to reboot [n]: y
System rebooting...done

(System reboots, eventually prompting you for your password.)

72

CHAPTER 5

Command Reference

Remote
Management
Commands
Command

Description

list procs

List all processes associated with the CLI and remote management
commands (inetd, telnetd, sshd2, and snmpd).
Example:
HP SA7120> list procs
PID:
40
PID:
41
HP SA7120>

set ip

PROG: cli
PROG: cli

Assign an IP address and netmask to the SA7100/SA7120’s
network interface for Telnet and SSH sessions.
CAUTION: The assignment of an IP address introduces security
issues. Please refer to the “Access Control” section of Chapter 6.
NOTE: To disable a currently configured IP, use set ip followed
by none.
Example:
HP SA7120> set ip
Enter IP Address (’none’ to delete)
[10.1.2.124]:
Enter Netmask [255.255.0.0]:

set
max_remote_sessions

Set the maximum allowed number of concurrently running Telnet
and SSH sessions.
Syntax:
HP SA7120> set max_remote_sessions <0-5>

where <0-5> is the maximum number of remote sessions you
want to allow. Default: 5.

73

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Description

set telnet

Enables or disables Telnet sessions. When this command is set to
“enable” and an IP address is assigned to the SA7100/SA7120’s
network interface, you can access the device’s CLI via remote
Telnet session. When disabled, the device refuses Telnet
connections. The console prompts for any missing parameters.
Default: disable.
Syntax:
HP SA7120> set telnet enable
Need an IP address to start Telnet service.
Enter IP Address [209.218.240.67]: 10.1.2.124
Need a netmask to start Telnet service.
Enter Netmask [255.255.255.0]:
Optional Default Route to start Telnet service.
Enter Default Route (’none’ to delete) [none]:
Telnet Services started.
HP SA7120>

show telnet

Displays current Telnet status: enabled or disabled.
Example:
HP SA7120> show telnet

Telnet: enabled
set telnet_port

Set the port on which Telnet connections are accepted. (Default
port: 23.)
Syntax:
HP SA7120> set telnet_port 

where  is the number of the port to which Telnet sessions
will connect.
show telnet_port

Display the port on which Telnet sessions are currently accepted.
Example:
HP SA7120> show telnet_port
Telnet Port Number: 23

74

CHAPTER 5

Command Reference

Command

Description

set ssh

Enable or disable Secure Shell (SSH) sessions. When this
command is set to “enable” and an IP address is assigned to the
SA7100/SA7120’s network interface, you can access the device’s
CLI via remote SSH session. When disabled, the device refuses
SSH connections. Default: disable.
Syntax:
HP SA7120> set ssh 

show ssh

Display current SSH status: enabled or disabled.
Example:
HP SA7120> show ssh

SSH: disabled
set ssh_port

Set the port on which SSH connections are accepted. (Default port:
22.)
Syntax:
HP SA7120> set ssh_port 

where  is the number of the port to which SSH sessions
will connect.
show ssh_port

Display port on which SSH sessions are currently accepted.
Example:
HP SA7120> show ssh_port
SSH Port Number: 22

setsnmp

Enable or disable the SNMP agent. When enabled, you can set
configure SNMP information and parameters (see setsnmp
snmp_info, below) for the SA7100/SA7120. Default: disable.
Syntax:
HP SA7120> setsnmp 

showsnmp snmp

Displays the current status of the SNMP agent: enabled or
disabled.
Example:
HP SA7120> showsnmp snmp
SNMP: Enabled

75

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Description

setsnmp snmp_info

Set the following SNMP information and parameters:
•

SNMP port (Default: 161)

•

SNMP trap port (Default: 162)

•

Contact person

•

System name

•

System location

Example:
HP SA7120> setsnmp snmp_info
SNMP Port
[161]: 161
SNMP Trap Port [162]: 162
Contact Person
[]: support
System Location
[]:Palo Alto
System Name
[]: SA7120

showsnmp snmp_info

Display the currently effective SNMP information and parameters.
Example:
HP SA7120> showsnmp snmp_info
SNMP Port Number
: 161
SNMP Trap Port Number: 162
SNMP System Contact : support
SNMP System Name
: SA7120
SNMP System Location : Palo Alto
System IP Address
: 10.1.2.124
System Netmask
: 255.255.255.0
Default Route
: None

setsnmp
snmp_community

Set SNMP community strings.
Example:
HP SA7120> setsnmp snmp_community
IP []:xxx.xxx.xxx.xxx
Community String []:

76

CHAPTER 5

Command Reference

Command

Description

list snmp_community

Display currently configured SNMP community strings.
Example:
HP SA7120> list snmp_community
<2> Current SNMP Community String(s):
1.) IP:
0.0.0.0 => String:
public
2.) IP:
0.0.0.0 => String:
private

delete snmp_community Delete SNMP community strings.

Example:
HP SA7120> delete snmp_commmunity
SNMP Community String(s) Deletion.
<2> Current Available SNMP Community
1.) IP:
0.0.0.0 => String:
2.) IP:
0.0.0.0 => String:
Enter number (1 to 2) to delete (q to
Enter number (1 to 2) to delete (q to

setsnmp trap_authen

String(s):
public
private
quit) [1]: 2
quit) [1]: q

When enabled, the SNMP manager receives traps upon failed
authentication attempts.
Example:
HP SA7120> setsnmp trap_authen 

shownmp trap_authen

Displays current status of trap authentication trap.
Example:
HP SA7120> showsnmp trap_authen
Trap Authentication: enabled

setsnmp
trap_community

Sets SNMP trap community strings.
Example:
HP SA7120> setsnmp trap_community
SNMP Trap Community String(s) Setting.
Enter a SNMP Trap Community IP (q to quit): 0.0.0.0
Enter a SNMP Trap Community String (q to quit):
private
Enter a SNMP Trap Community IP (q to quit): 0.0.0.0
Enter a SNMP Trap Community String (q to quit):
public
Enter a SNMP Trap Community IP (q to quit): q

77

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Description

list trap_community

Display SNMP trap community strings.
Example:
HP SA7120> list trap_community
SNMP Trap Community String(s) information.
<2> Current SNMP Trap Community String(s):
1.) IP:
0.0.0.0 => String: public
2.) IP:
0.0.0.0 => String: private

delete trap_community

Delete SNMP trap community strings.
Example:
HP SA7120> delete trap_community
SNMP Trap Community String(s) Deletion.
<2> Current Available SNMP Trap Community
String(s):
1.) IP:
0.0.0.0 => String:
public
2.) IP:
0.0.0.0 => String:
private
Enter number (1 to 2) to delete (q to quit) [1]: 2
Enter number (1 to 2) to delete (q to quit) [1]: q

78

CHAPTER 5

Command Reference

Alarms and
Monitoring
Commands
Command

Description

set alarms

Enable all or a selection of the SA7120’s alarms.
Syntax:
HP SA7120> set alarms


where
all enables all five of the SA7120’s alarms.
esc enables the Encryption Status Change Alarm.
rsc enables the Refused SSL Connection Alarm
utl enables the Utilization Threshold Alarm
ovl enables the Overload Alarm
nls enables the Network Link Status Alarm
To disable all alarms, use none:
Example:
HP SA7120> set alarms all
HP SA7120> show alarms
Alarms set: esc rsc utl ovl nls

show alarms

Display the list of currently enabled alarms.
Example:
HP SA7120> set alarms none
HP SA7120> show alarms
Alarms set:

NOTE: When no alarms are set (i.e., when none is specified in set
alarms), the display shows an empty field.
set rsc_window

Set interval (window) at which the device checks for refused SSL
connections and, if any are detected, issues an RSC Alarm.
(Range: 5-65000 seconds, default: 15)
Syntax:
HP SA7120> set rsc_window 

where  is the number of seconds of the desired interval.

79

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Description

show rsc_window

Display current Refused SSL Connections Alarm interval.
Syntax:
HP SA7120> show rsc_window
Check for refused SSL connections [secs]:

set utl_window

Set interval (window) at which the device checks for exceeded
utilization thresholds (CPU load, Connections per Second, or Total
Open Connections) and, if any are detected, issues a Utilization
Threshold Alarm. (Range: 5-65000 seconds, default: 15)
NOTE: The data collected for utilization threshold metrics tends
to be bursty, so a smoothing algorithm is used to prevent
continuous alarms. The utilization window is a user-specified
sliding interval during which data is collected and averaged.
Consequently, shorter intervals are likely to result in some
extraneous alarms.
NOTE: See also set utl_highwater and set utl_lowwater.
Syntax:
HP SA7120> set utl_window 

where  is the number of seconds of the desired interval.
set utl_highwater

Set the Utilization Threshold Alarm high-water value. Expressed
as a percentage, the high-water value represents the highest CPU
utilization, Connections per Second, or Total Open Connections
required to trigger a UTL Alarm. (Range: 2-100%, default: 90)
NOTE: See also set utl_window and set utl_lowwater.
Syntax:
HP SA7120> set utl_highwater <%>

where <%> is the percentage defining the upper threshold of CPU
utilization, Connections per Second, or Total Open Connections
required to trigger a Utilization Threshold Alarm.

80

CHAPTER 5

Command Reference

Command

Description

set utl_lowwater

Set the Utilization Threshold Alarm low-water value. Expressed as
a percentage, the low-water value represents the lowest CPU
utilization, Connections per Second, or Total Open Connections
required to trigger a UTL Alarm. (Range: 1-99%, default: 60)
NOTE: See also set utl_window and set utl_highwater.
Syntax:
HP SA7120> set utl_lowwater <%>

where <%> is the percentage defining the lower threshold of CPU
utilization, Connections per Second, or Total Open Connections
required to trigger a Utilization Threshold Alarm.
show utl_window

Display the current Utilization Threshold Alarm window.
Example:
HP SA7120> show utl_window
Utilization window set [secs]: 10.

show utl_highwater

Display the Utilization Threshold Alarm’s current upper threshold.
Example:
HP SA7120> show utl_highwater
Utilization High water mark [%]: 80

show utl_lowwater

Display the Utilization Threshold Alarm’s current lower threshold.
Example:
HP SA7120> show utl_lowwater
Utilization Low water mark [%]: 60

set ovl_window

Set interval (window) at which the device checks for overloads
resulting in the device executing a spill or throttle and, if any are
detected, issues an Overload Alarm. (Range: 5-65000, default: 15)
Syntax:
HP SA7120> set ovl_window 10

81

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Description

show ovl_window

Display the current Overload Alarm window.
Example:
HP SA7120> show ovl_window
Check for overload conditions [sec]: 10

Configuration
Commands
Command

Description

show config

Display current volatile configuration settings.
Example:
HP SA7120> show config
# default config file created on Tues July 25
06:56:46 2000

(Configuraton parameters are displayed here...)
HP SA7120>

show config saved

Display saved non-volatile configuration settings.
Example:
HP SA7120> show config saved
Saved configuration
===================

(Configuraton parameters are displayed here...)
HP SA7120>

82

CHAPTER 5

Command Reference

Command

Description

show config default

Display default configuration settings. These are values used when
factory default commands are executed.
Example:
HP SA7120> show config default
Default configuration
=====================
conlog 0xffffffef
ilog 0xffffffff
trace 0xfffff3dd
media auto
logport tty01
cache 3
server_tmo 5
client_tmo 30
serverif exp1
netif exp0
map 0.0.0.0 443 80 default
kpanic reboot
monitoring_interval 15
monitoring_fields 0x1F
alarm_mask 0x00000000
ovl_window 15
rsc_window 15
utl_window 15
utl_highwater 90
utl_lowwater 60
idle 300
kstrength 512
con_speed 9600
con_bits 8
con_stop 1
con_parity n
max_remote_sessions 5
trap_authen 1
defcert_cname US
defcert_state California
defcert_city San Diego
defcert_orgname Company Name
defcert_orgunit Company Division
defcert_name www.company.com
defcert_email support@company.com
prompt HP SA7120>
HP SA7120>

83

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Description

config compare

Display differences between saved and current configuration. For
optimal flexibility in configuration and testing, the SA7100/
SA7120 supports both “current” (volatile) and “saved” (nonvolatile) configurations. The config compare command displays
the differences, if any, between the two configurations.
Example:
HP SA7120> config compare

Only in /keys: 4
HP SA7120>

config reset

Restore saved configuration.
WARNING: Executing this command causes the system to reboot.
Example:
HP SA7120> config reset
Reverting to saved configuration
Reset (y/n) [n]: y
Reset to saved configuration
System rebooting...

config default

Clears current and saved configurations and restores factory
defaults.
WARNING: Executing this command causes the system to reboot.
Example:
HP SA7120> config default
Reset to factory default configuration [n]: y
Reset to factory defaults
System rebooting...

config save

Save the current configuration to the flash (non-volatile) memory.
Example:
HP SA7120> config save
Saving configuration to flash...
Configuration saved to flash
HP SA7120>

84

CHAPTER 5

Command Reference

Command

Description

export config

Export all configuration, key, sign and certificate information
(ASCII, xmodem).

WARNING: Do not edit an
Example:
exported configuration file.

HP SA7120> export
Export protocol:
Press any key to
done...
# default config
06:56:46 2000

config
(xmodem, ascii) [ascii]:
start, then again when
file created on Fri Jul 28

(...configuration specifics are displayed...)
HP SA7120>

import config

Import a configuration file (paste, xmodem).
Example:
HP SA7120> import config
Import protocol: (paste, xmodem) [paste]:
Type or paste in data, end with ... alone on
line
.
.
.
Do you want to install this config ? [y]: n
HP SA7120>

85

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Description

import upgrade

Import a complete software release. (See Chapter 8 for details
regarding software updates.)
Example:
HP SA7120> import upgrade
Import protocol: (xmodem) [xmodem]:
Start xmodem upload now
Use Ctl-x to cancel upload
Verifying upgrade image...
upgrade image valid

version x.x, build xxx
Continue with the upgrade? [n]:y
NOTE: All saved logs will be deleted and the system will reboot
upon sucessful completion of the upgrade.
import patch

Import a partial software upgrade
Example:
HP SA7120> import patch
Enter patch name [80.patch] 
Import protocol: (xmodem)
[xmodem]:
Start xmodem upload now
Use Ctl-x to cancel upload

Patch: Imported.
list system

Displays the device’s CPU, memory and crypto card information.
HP SA7120> list system
=================================================
SYSTEM INFO
=================================================
* CPU
: Pentium II (498 MHz)
* Real MEM : 536870912 (512.00 MB)
* Crypto
: 3

86

CHAPTER 5

Command Reference

Command

Description

factory_default

Returns to factory configuration settings.
Example:
HP SA7120> factory_default
Reset to default configuration [n]: y
Reset to factory defaults
System rebooting...done
T944 V2.31 DXC.
..
868242+361188O/S running

Generating 512 bit default key
Generating default certificate
Saving default key/cert to flash
Restricted Rights Legend
(...copyright and version information displayed here...)
Serial 0:a0:a5:11:4:9d
password:

Administration
Commands
Command

Description

password

Set the password.
Example:
HP SA7120> password
Old password:
Enter new admin password (5 chars
Retype new password:
admin Password changed...
HP SA7120>

min.):

87

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Description

show info

Display software version information.
Example:
HP SA7120> show info
============================================
=== hp e-commerce server accelerator sa7120
=== Copyright (c) 2001 Hewlett-Packard
Company
===
=== Version 2.3.2, Build xx
============================================

set date

Set the date and time.
WARNING: Execution of this command reboots the SA7100/
SA7120.
Example:
HP SA7120> set date
Year [2000]:
Month [2]:
Day [16]:
Hour (24 hour clock) [15]:
Minute [10]:
The system must reboot for changes to take
affect. Reboot [y]: n
HP SA7120>

show date

Displays current date and time.

set egress_mac

Allows the configuration of a SA7100/SA7120 when the ingress
and egress traffic paths are different. (See Chapter 4, Scenario 4.)

88

CHAPTER 5

Command Reference

Command

Description

set ether

Specify ethernet settings.
Example:
HP SA7120> set ether
1 - auto
2 - 10baseT, half duplex
3 - 10baseT, full duplex
4 - 100baseTX, half duplex
5 - 100baseTX, full duplex
Select media type [1]:
Media set to auto
HP SA7120>

show ether

Display ethernet settings.
Example:
HP SA7120> show ether
Ethernet media set to auto
HP SA7120>

set idleto

Set the console idle interval. After  minutes absence of
keyboard activity, the user is automatically logged off.
Syntax:
HP SA7120> set idleto 

where  is a value in minutes from 0 to 525600. A value of “0”
specifies that the console never goes idle.
show idleto

Display console timeout.
Example:
HP SA7120> show idleto
Idle timeout is 5 minutes
HP SA7120>

set more

Set the page length of the console display. Default is 300.
Syntax:
HP SA7120> set more 

where  is the desired number of lines. Valid inputs are 0 (to
disable), or 23 or greater.
89

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Description

show more

Display the current setting for the console display’s page length.
Default is 300.
Example:
HP SA7120> show more

Set 23 lines per page
nic

Allows you to set the network interface card configuration.
Example:
HP SA7120> nic
1 - auto
2 - 10baseT, half duplex
3 - 10baseT, full duplex
4 - 100baseTX, half duplex
5 - 100baseTX, full duplex
Select media type [1]:

set prompt

Change the prompt from “HP SA7120>” to the desired prompt.
Example:
HP SA7120> set prompt
Prompt [HP SA7120> ]: 
HP SA7120>

set serial

Allows user to set the console port to monitor the CLI or the output
logging, and set the speed, data bits, stop bits, and parity bits. The
aux console port is fixed at 115200, 8, 1, N. This command returns
the user to the “password” prompt after setting the console port.
Example:
HP SA7120> set serial
Baud rate (9600/115200) [9600]: 
Data bits (7/8) [8]: 
Stop bits (1/2) [1]: 
Parity (n/e/o) [n]: 
Set serial parameters [y]: 
HP SA7120>

90

CHAPTER 5

Command Reference

Command

Description

show serial

Display console serial parameters.
Example:
HP SA7120> show serial
Speed: 9600
Bits: 8
Stop bits: 1
Parity: n
HP SA7120>

exit

Log the user out of the CLI. If the current configuration has
changed, the user is allowed to save the current configuration as
the active configuration.
Example:
HP SA7120> exit
Exiting CLI...
.
.
.
password:

Logging
Commands
Command

Description

export log

Export a saved log/trace file.

NOTE: Log files referred
to here are not humanreadable.

Syntax:
HP SA7120> export log 

where  is the ID of the specific log you want to export.
Example:
HP SA7120> export log a
Export protocol: (xmodem) [xmodem]:
Use Ctrl-X to kill transmission
Beginning export...

91

CHAPTER 5

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Command

Description

delete log

Delete saved log/trace files from /flash/logs.
Syntax:
HP SA7120> delete log  | all

where  is the ID of the specific log you want to delete,
and all deletes all logs.
list logs

92

List all log files.

Remote
Management

Overview
The current software release allows you to remotely manage the
SA7100/SA7120. Remote management is available via three
protocols:

NOTE: Remote
management functions
can be enabled and
configured only through
the local serial console.

•

Telnet

•

Secure Shell (SSH)

•

SNMP

When enabled, remote management allows you to access the device’s
Command Line Interface (CLI) from Telnet or SSH sessions running
on remotely located machines. Up to five remote sessions can be
configured, including both Telnet and SSH sessions (Default: 5).
Before you can use the device’s remote management function, you
must enable and configure it at the local serial console. Remote
management requires that the device’s network interface be assigned
an IP address.
Remote SNMP management is supported to the extent of allowing
control of the System group of MIB-II.

CHAPTER 6

Limitations

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Note that several CLI capabilities available at the local console are
unavailable in remote sessions. These are:
•

Assignment of an IP address to the SA7100/SA7120’s network
interface

•

Enable/disable Telnet, SSH, or SNMP

•

Change Telnet, SSH, or SNMP ports

•

Set maximum number of Telnet or SSH sessions

•

If import or export operations are carried out while any of the
device’s monitors are enabled, the monitors’ periodic output will
be inserted into the data flow of the import or export.
Workaround: Before performing an import or export operation,
turn off all monitors:
HP SA7120> set monitoring disable

The CLI commands that control remote management potentially
affect the device’s configuration files, thus if a remote management
configuration is to persist across a shutdown/startup of the device,
you must follow remote management configuration with the CLI
command config save. This ensures that the configuration will be
restored upon startup.

Remote
Management
CLI
Commands

Remote management is enabled or disabled and configured by using
a series of CLI commands available only at the local serial console.
The exact sequence varies depending on the type and configuration
of the remote session you want to enable. (Usage is detailed in
subsequent sections.) These commands are:
General:
•

set ip   assigns an IP address and netmask to the
SA7100/SA7120’s network interface.

•

set max_remote_sessions <1-5> sets the maximum allowed
number of concurrently running Telnet and SSH sessions.
Telnet-specific:

94

•

set telnet enable|disable enables or disables Telnet sessions.

•

show telnet displays current Telnet status: enabled or disabled.

•

set telnet_port  sets the Telnet port. (Default: 23.)

CHAPTER 6

Overview

•

show telnet_port displays current Telnet port.
SSH-specific:

•

set ssh enable|disable enables or disables SSH sessions.

•

show ssh displays current SSH status: enabled or disabled.

•

set ssh_port  sets the SSH port. (Default: 22.)

•

show ssh_port displays current SSH port.
SNMP-specific:

•

setsnmp snmp enable|disable enables or disables SNMP
management.

•

showsnmp snmp displays current SNMP status: enabled or
disabled.

•

setsnmp snmp_info sets the following SNMP information and
parameters:
•

SNMP port (Default: 161)

•

SNMP trap port (Default: 162)

•

SNMP agent IP address

•

Contact person

•

System name

•

System location

•

showsnmp snmp_info displays current SNMP information and
parameters.

•

setsnmp snmp_community sets SNMP community strings.

•

list snmp_community displays SNMP community strings.

•

delete snmp_community deletes SNMP community strings.

•

setsnmp trap_community sets SNMP permission strings.

•

list trap_community displays SNMP permission strings.

•

delete trap_community deletes SNMP permission strings.

95

CHAPTER 6

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Remote Telnet Sessions
NOTE: The default
password for Telnet
sessions is admin.

This section contains procedures for accessing the SA7100/SA7120’s
CLI via remote Telnet session.

Local Serial
Console

Assign an IP address to the SA7100/SA7120’s network interface
using the following procedure:
HP SA7120> set ip
Enter IP [10.1.2.56]: 10.1.1.1
Enter Netmask [255.255.255.0]:

Verify the IP and netmask (optional):
HP SA7120> show ip
System IP Address : 10.1.1.1
System Netmask
: 255.255.255.0
HP SA7120>

Enable remote Telnet sessions:
HP SA7120> set telnet enable

Configure the network route:
HP SA7120> set route
Enter Default Route (’none’ to delete)
[10.1.1.1] : 

Verify the route configuration (optional):
HP SA7120> show route
Default Route : 10.1.1.1

Delete a route configuration (optional):
HP SA7120> set route none

NOTE: To ensure that
this remote management
configuration persists
across a device shutdown
and startup, run the
config save command.

96

Remote Telnet management is now enabled and configured on the
SA7100/SA7120. Now you can access the CLI from a remote Telnet
session.

CHAPTER 6

Remote
Console,
Telnet
NOTE: If other remote
sessions are already
running and the new one
exceeds the number
allowed as configured
with the set
max_remote_sessions
command, the CLI
displays the message,
“Max Remote Session
Limit of (5) exceeded!”
Either close a session, or
increase the maximum
number allowed.

Changing the
Telnet Port

Remote Telnet Sessions

With remote Telnet enabled on the SA7100/SA7120, use the
following procedure to access it’s CLI:

Unix-prompt> telnet 10.1.1.1
Trying 10.1.1.1...
Connected to 10.1.1.1.
Escape character is ’^]’.
.
.
.
Serial 0:a0:a5:11:4:2e
password:

After you enter your password, the Telnet session displays the
SA7100/SA7120’s CLI. From this point, you can manage the device
as you would from the local serial console, minus the few disallowed
commands listed in the “Limitations” section near the beginning of
this chapter.
The Telnet port is set and displayed by using the CLI commands set
telnet_port  and show telnet_port.
These commands are available only at the local serial console and
when the remote management is enabled. By default, the Telnet port
number is 23.
To set the Telnet port:
HP SA7120> set telnet_port 230

To display the Telnet port:
HP SA7120> show telnet_port
Telnet Port Number: 230

97

CHAPTER 6

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Disabling
Telnet

Telnet sessions are disabled at the SA7100/SA7120’s local serial
console. To disable, follow the steps below:
HP SA7120> set telnet disable

To verify Telnet disable:
HP SA7120> show telnet

Telnet: disable

To ensure that Telnet sessions remain disabled across a device
shutdown and startup, run the config save command.

Remote SSH Sessions
NOTE: The default user
name and password for
SSH sessions are admin.

This section contains procedures for accessing the SA7100/SA7120’s
CLI via remote Secure Shell (SSH) session. The table below
illustrates ciphers supported by the domestically available SA7120
under SSH1 and SSH2. The export version of the product supports
only the SSH2 cipher DES.

Cipher

SSH1

SSH2

3DES, DES, Blowfish

3DES, Twofish, RC4,
“None”

MAC

MD5, “None”
Supported Ciphers

Local Serial
Console

Assign an IP address to the SA7100/SA7120’s network interface
using the following procedure:
HP SA7120> set ip
Enter IP [10.1.2.56]: 10.1.1.1
Enter Netmask [255.255.255.0]:

Verify the IP and netmask (optional):
HP SA7120> show ip
System IP Address: 10.1.1.1
System Netmask: 255.255.255.0.

Enable remote SSH sessions:
HP SA7120> set ssh enable

98

CHAPTER 6

Remote SSH Sessions

Configure the network route:
HP SA7120> set route
Enter Default Route (’none’ to delete)
[10.1.1.1] : 

Verify the route configuration (optional):
HP SA7120> show route
Default Route : 10.1.1.1

Delete a route configuration (optional):
HP SA7120> set route none

NOTE: To ensure that
this remote management
configuration persists
across a device shutdown
and startup, run the
config save command.

Remote SSH management is now enabled and configured on the
SA7100/SA7120. Now you can access the CLI from a remote SSH
session.

Remote
Console, SSH

With remote SSH enabled on the SA7100/SA7120, use the following
procedure to access it’s CLI:

NOTE: If other remote
sessions are already
running and the new one
exceeds the number
allowed as configured
with the set
max_remote_sessions
command, the CLI
displays the message,
“Max Remote Sesion
Limit of (5) exceeded!”
Either close a session, or
increase the maximum
number allowed.

After you enter your password, the SSH session displays the SA7100/
SA7120’s CLI. From this point, you can manage the device as you
would from the local serial console, minus the few disallowed
commands listed in the “Limitations” section near the beginning of
this chapter.

Unix-prompt> ssh -1 admin 10.1.1.1
.
.
.
Serial 0:a0:a5:11:4:2e
password:

99

CHAPTER 6

Changing the
SSH Port

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

The SSH port is set and displayed by using the CLI commands set
ssh_port  and show ssh_port.
These commands are available only at the local serial console and
when the remote management is enabled. By default, the SSH port
number is 22.
To set the SSH port:
HP SA7120> set ssh_port 220

To display the SSH port:
HP SA7120> show ssh_port
SSH Port Number: 220

Disabling SSH

SSH sessions are disabled at the SA7100/SA7120’s local serial
console. To disable, follow the steps below:
HP SA7120> set ssh disable

To verify SSH disable:
HP SA7120> show ssh

SSH: disable

To ensure that SSH sessions remain disabled across a device
shutdown and startup, run the config save command.

SNMP
The HP e-Commerce Server Accelerator SA7100/SA7120 has a
fully compliant, embedded SNMP agent that supports SNMPv1 and
SNMPv2c requests. In addition to standard MIB-II, HP private
enterprise MIBs provide the following capabilities:

100

•

Monitor the health of the SA7100/SA7120’s hardware and
network links

•

Monitor the flags used to enable and disable alarms and monitors

•

Monitor the SA7100/SA7120’s load as indicated by CPU
utilization, connection count, and connections per second

•

Monitor status and performance of SSL encryption and
decryption functions

•

Monitor overloads, spills, and throttles

CHAPTER 6

SNMP

Standards
Compliance

The SA7100/SA7120 SNMP agent is bilingual and can support both
SNMPv1 and SNMPv2c requests. HP private enterprise MIB files are
compliant with SMIv2 as specified in RFC 1902. SET operations are
not allowed for any private MIB objects for the SA7100/SA7120,
although you can change MIB variable values by way of commands
issued on the CLI.

HP MIB Tree

The figure below illustrates the top level of HP’s MIB tree.

HP’s MIB Tree (top level)
101

CHAPTER 6

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

All HP enterprise MIBs and MIB objects are defined under the
mib2ext branch of the tree. All system object IDs that identify
products are defined under the hpServerAppliancesSystem
branch of the tree.

Supported MIBs
Management Information Base-II (MIB-II)
HP Enterprise MIBs:
hpserver-header.my
hpssl-appliance-mib.my

Where to find MIB Files
Electronic copies of the HP MIB files used by the SA7100/SA7120
are shipped with the product on CD-ROM.
Write access through SNMP SET is not allowed for any MIB
variables or SNMP groups. An SNMP SET on any group returns an
error.
The standard SNMP traps, coldStart, warmStart,
authenticationfailure, linkUp and linkDown are
supported.
hpserver-header.my
hpserver-header.my contains all the system object IDs defined
for HP products. All system object IDs are defined under the
hpServerAppliancesSystem branch of the hp tree.

Enterprise
Private MIB
Summary

102

Following is a summary of the SA7100/SA7120 private MIB:
mode
inline(1): Device is configured to accelerate
SSL traffic
bypass(2): Device is configured to pass through
all SSL traffic
failMode
safe(1): Two ethernet segments fail open,
stopping traffic
through(2): Two ethernet segments fail shorted,
allowing traffic to continue
spillMode
throttle(1): Device will throttle SSL
connections when utilization reaches 100%

CHAPTER 6

SNMP

spill(2): Device will spill SSL connections when
utilization reaches 100%
sslSessionCache
enabled(1): SSL session caching is turned on
disabled(2): SSL session caching is turned off
restarts
Number of times the system has restarted
appLastRestart
The value of sysUpTime at the time the last
restart of the application process happened
encryptionAlarm
enabled(1): Encryption status change alarm is
turned on
disabled(2): Encryption status change alarm is
turned off
sslConnectionAlarm
enabled(1): SSL connection alarm is turned on
disabled(2): SSL connection alarm is turned off
thresholdAlarm
enabled(1): Threshold alarm is turned on
disabled(2): Threshold alarm is turned off
overloadAlarm
enabled(1): Overload alarm is turned on
disabled(2): overload alarm is turned off
linkStatusAlarm
enabled(1): Network link status alarm is turned
on
disabled(2): Network link status alarm is turned
off
encryptProcessingState
on(1): SSL processing on
off(2):SSL processing halted
encryptProcessingStateReason
normal(1): Normal
hardware(2): Change caused by hardware fault
consoleBypass(3): Bypass mode enabled at
console
consoleInline(4): Inline mode enabled at
console
frontPanelBypass(5): Bypass mode enabled at
front panel
frontPanelInline(6): Inline mode enabled at
front panel
serverInterfaceState
State of the server-side interface
103

CHAPTER 6

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

networkInterfaceState
State of the network-side interface
utilWindow
Sliding window (in seconds) to calculate average
connections, CPU utilization, and active
connnection rates
cpuUtil
CPU utilization percentage (0-100)
cpuUtilNetwork
CPU utilization percentage processing network
traffic (0-100)
cpuUtilProxy
CPU proxy utilization percentage (0-100)
cpuUtilHiWater
CPU utilization high water mark (2-100)
cpuUtilLoWater
CPU utilization low water msrk (1-99)
cpuUtilState
When CPU utilization exceeds the hi water mark,
CPU utilization state is in alert and is not
returned to normal until the lo water threshold
is crossed
sslCps
SSL connections per second
sslCpsMaximum
Maximum SSL connection rate in connections per
second since (re)start
sslCpsHiWater
SSL connections per second high water mark
sslCpsLoWater
SSL connections per second low water mark
sslCpsState
When SSL connections per second exceeds the hi
water mark, sslCpsState is in alert and is not
returned to normal until the lo water threshold
is crossed
sslConnCnt
Current number of concurrent open SSL
connections
sslConnCntMaximum
Maximum number of concurrent open SSL
connections since (re)start
sslConnTotal
Total number of SSL connections processed
sslConnCntHiWater
104

CHAPTER 6

SNMP

Concurrent open SSL connection count high water
mark
sslConnCntLoWater
Concurrent open SSL connection count low water
mark
sslConnCntState
When concurrent open SSL connection count
exceeds the hi water mark, sslConnCntState is in
alert and is not returned to normal until the lo
water threshold is crossed
encryptedBps
Encryption rate in bytes per second
encryptedBpsMaximum
Maximum encryption rate in bytes per second
since (re)start
encryptedBytesTotalMb
Total number of megabytes of data encrypted
decryptedBps
Decryption rate in bytes per second
decryptedBpsMaximum
Maximum decryption rate in bytes per second
since (re)start
decryptedBytesTotalMb
Total number of megabytes of data decrypted
sslOverloadInterval
The periodic interval (in seconds) used when
counting the number of spilled or throttled SSL
connections. If any SSLconnections were spilled
or throttled in the lastsslOverloadInterval, a
trap is generated. If sslOverloadInterval is 0,
no trap is generated
throttlesPerSec
Number of throttles per second
throttlesPerSecMaximum
Maximum number of throttles per second since
(re)start
throttlesTotal
Total number of throttles since (re)start
throttles
Total number of throttles in the last
sslOverloadInterval
spillsPerSec
Number of spills per second
spillsPerSecMaximum
Maximum number of spills per second since
(re)start
105

CHAPTER 6

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

spillsTotal
Total number of spills since (re)start
spills
Number of spills in the last sslOverloadInterval
refusedSslInterval
The periodic interval (in seconds) used when
counting the number of refused SSL connections.
If any SSL connections were refused in this time
interval, a trap is generated.
cipherSuiteMismatch
Number of refused SSL connections in the last
refusedSslInterval which are due to inability of
the client and server to agree upon a cipher
suite
clientCertAuthFail
Number of refused SSL connections in the last
refusedSslInterval which are due to
authentication failure of the client
certificate

Trap Summary

The following list summarizes the traps generated by the SA7100/
SA7120. For details about a particular trap, please read the
description of each MIB above, or read the documentation within the
MIB file. Traps are generated by SNMP.

Standard SNMP Traps
coldStart
warmStart
authenticationFailure
linkUp
linkDown

Private Traps in the HP private MIB
(hpssl-appliance-mib.my)
encryptionStopped
Alert issued whenever the device stops
processing SSL traffic
encryptionResumed
Resumes processing traffic after having been
stopped
serverInterfaceStateChanged
The server-side interface state changed
networkInterfaceStateChanged
The network-side interface state changed
106

CHAPTER 6

SNMP

cpuUtilAlert
The device has exceeded the CPU utilization high
water threshold
cpuUtilNormal
CPU utilization back to normal levels
sslCpsAlert
The device has exceeded the SSL connections per
second high water threshold
sslCpsNormal
The SSL connections per second processed by the
device is back to normal levels
sslConnCntAlert
The device has exceeded the open SSL connection
count high water threshold
sslConnCntNormal
The open SSL connection count of the device is
back to normal levels
sslConnectionRefusedMismatch
SSL connections were refused in the past
sslRefusedInterval due to cipher suite
negotiation
failuresslConnectionRefusedAuthFail
SSL connections were refused in the past
sslRefusedInterval due to authentication failure
of the client certificate
sslOverloadSpills
SSL connections were spilled in the past
sslOverloadInterval
sslOverloadThrottles
SSL connections were throttled in the past
sslOverloadInterval
appRestartAlert
SSL processing application has restarted

Enabling
SNMP

Enabling and disabling SNMP is accomplished with the CLI
command, setsnmp snmp enable|disable. Operational status can be
verified using showsnmp snmp.
Examples:
HP SA7120> setsnmp snmp enable
HP SA7120> showsnmp snmp

SNMP: enable
HP SA7120> setsnmp snmp disable
HP SA7120> showsnmp snmp
SNMP: disable
107

CHAPTER 6

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Specifying SNMP Information
Configurable SNMP parameters can be set collectively using the
setsnmp snmp_info command as illustrated below:
HP SA7120> setsnmp snmp_info
SNMP Port
[161]: 161
SNMP Trap Port [162]: 162
Contact Person
[]: support
System Location
[]:
System Name
[]: SA7120

Current values of SNMP parameters are displayed using the
shownmp snmp_info command:
HP SA7120> showsnmp snmp_info
SNMP Port Number
: 161
SNMP Trap Port Number: 162
SNMP System Contact : support
SNMP System Name
: SA7120
SNMP System Location :
System IP Address: x.x.x.x
System Netmask: y.y.y.y
Default Route: z.z.z.z

You can also configure SNMP information elements individually
using the following commands:
•

setsnmp snmp_port sets the SNMP port

•

setsnmp trap_port sets the SNMP trap port

•

setsnmp sys_contact sets the contact person

•

setsnmp sys_name sets the system name

•

setsnmp sys_location sets the system location

Correspondingly, the values set with the above commands are
displayed using the commands:

108

•

showsnmp snmp_port

•

showsnmp trap_port

•

showsnmp sys_contact

•

showsnmp sys_name

•

showsnmp sys_location

CHAPTER 6

SNMP

Community String
Use CLI commands setsnmp snmp_community, list
snmp_community and delete snmp_community to set, list, and
delete SNMP community strings.
HP SA7120> setsnmp snmp_community
SNMP Community String(s) Setting.
<2> Current SNMP Community String(s):
1.) IP: 1.1.1.1 => String: 1.1.1.2 => Rights: read
2.) IP: 1.1.1.3 => String: 1.1.1.4 => Rights: read
Enter a SNMP Community IP (q to quit) [1.1.1.4]:
1.1.1.5
Enter a SNMP Community String (q to quit)
[1.1.1.5]: 1.1.1.6
Enter a SNMP Community IP (q to quit) [1.1.1.1]: q
HP SA7120>
HP SA7120> list snmp_community
SNMP Community String(s) information.
<2> Current SNMP Community String(s):
1.) IP: 1.1.1.1 => String: 1.1.1.2 => Rights: read
2.) IP: 1.1.1.3 => String: 1.1.1.4 => Rights: read
3.) IP: 1.1.1.5 => String: 1.1.1.6 => Rights: read
HP SA7120>
HP SA7120> delete snmp_community
SNMP Community String(s) Deletion.
<2> Current Available SNMP Community String(s):
1.) IP: 1.1.1.1 => String: 1.1.1.2 => Rights: read
2.) IP: 1.1.1.3 => String: 1.1.1.4 => Rights: read
3.) IP: 1.1.1.5 => String: 1.1.1.6 => Rights: read
Enter number (1 to 2) to delete (q to quit) [1]: 2
Enter number (1 to 2) to delete (q to quit) [1]: q
HP SA7120>

Trap Community String
Use CLI commands setsnmp trap_community, list
trap_community and delete trap_community to set, display, and
delete trap community strings.
HP SA7120> setsnmp trap_community
SNMP Trap Community String(s) Setting.
Enter a SNMP Trap Community IP (q to quit): 0.0.0.0
Enter a SNMP Trap Community String (q to quit): private
Enter a SNMP Trap Community IP (q to quit): 0.0.0.0

109

CHAPTER 6

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Notes

110

Alarms and
Monitoring

Overview
The HP e-Commerce Server Accelerator SA7100/SA7120 supports:
•

Alarms that can be sent to the console upon pre-designated
events

•

Periodic status-monitoring reports

Both alarms and monitor reports are single lines of text. Both can be
written either to the local administration console or to remote
management sessions (Telnet or Secure Shell only). On the display,
alarms are prefaced by the letter “A,” and monitor reports with the
letter “M.” Both have timestamps.

CHAPTER 7

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Alarms can be configured to immediately notify the user of the
following conditions:
•

Encryption Status change

•

Refused SSL connections

•

Utilization (Threshold) alarms

•

Overload alarms

•

Network Link Status

All alarms are disabled by default and may be enabled in any
combination.
Alarm format:
A:mm/dd/yyyy hh:mm:ss
ALARM_CODE:MODIFIER:EXTENDED_DATA:/*message*/

Where:
A: Identifies the message as an alarm (as
opposed to a monitor report).
mm/dd/yyyy hh:mm:ss The timestamp.
ALARM_CODE: The alarm type:
[ESC|RSC|UTL|OVL|NLS].
MODIFIER: The alarm modifier, a code identifying
the event that triggered the alarm.

NOTE: The Encryption
Status Change alarm
(ESC) does not display
extended data.

EXTENDED_DATA: Any additional relevant data.
/*message*/: Human-readable text description of
the alarm.

The CLI commands for alarm configuration are:
Command

Parameters

Default

set alarm

all, esc, rsc, utl, ovl, nls none

show alarm
For example:
HP SA7120> set alarm
Usage: set alarms [args]
all => All alarms turned on.
esc => Encryption status change alarm.
nls => Network link status alarm.
none => All alarms turned off (disabled).
ovl => Overload alarm.

112

CHAPTER 7

Alarm Types

rsc => Refused SSL conections alarm.
utl =>
Utilization threshold alarm.
HP SA7120> set alarm all
HP SA7120> show alarm
Alarms set: esc rsc utl ovl nls.
HP SA7120> set alarm none
HP SA7120> show alarm
Alarms set:

Alarm Types
The configurable alarm types are detailed in separate sections below.

ESC:
Encryption
Status Change
Alarm

When enabled, an alarm is issued when the device is changed
between INLINE and BYPASS modes. This change can be made
from the CLI using the commands inline or bypass, or at the device’s
front panel by pressing the BYPASS button.
Format:
A:mm/dd/yyyy hh:mm:ss ESC:HDWR|CONB|CONI|FNTB|
FNTI|APPR:/*message*/

Where:
A: identifies the message as an alarm.
mm/dd/yyyy hh:mm:ss is the timestamp.
ESC: identifies the message as an Encryption
Status Change Alarm.

Alarm Modifiers and Messages:
HDWR:
CONB:
CONI:
FNTB:
FNTI:
APPR:

RSC: Refused
SSL
Connections

indicates
indicates
indicates
indicates
indicates
indicates

crypto card failure
console-controlled bypass
console-controlled inline
front panel-controlled bypass
front panel-controlled inline
application restart

When enabled, an alarm is generated whenever SSL connections are
refused for cipher suite mismatch or client certificate authentication
failure during the current user-specified period (5 to 65000 seconds,
default: 15 seconds). The total number of refused SSL connections is
reported along with the reason for refusal. This alarm can be enabled
or disabled at the CLI.

113

CHAPTER 7

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Format:
A:mm/dd/yyyy hh:mm:ss
RSC:CSMM|CCAF:XXX:
/*message*/

Where:
A: identifies the message as an alarm.
mm/dd/yyyy hh:mm:ss is the timestamp.
RSC: identifies the message as an Refused SSL
Connections Alarm.

Alarm Modifiers and Messages
CSMM: Cipher suite mismatch
CCAF: Client certificate authenticate failure

Extended Data
XXX: An integer value indicating the number of
refused SSL connections that occurred in the
current alarm period.

RSC Alarm CLI Commands
To set Refused SSL Connections Alarm time window:
set rsc_window  (Range: 5-65000,
default: 15)

To display Refused SSL Connections Alarm time window
show rsc_window

Examples:
HP SA7120> set rsc_window 10
HP SA7120> show rsc_window
Check for refused SSL connections [secs]: 10

114

CHAPTER 7

UTL:
Utilization
Threshold
Alarm

Alarm Types

This alarm monitors three utilization threshold values:
•

CPU

•

Connections per Second

•

Total Open Connections

When enabled, an alarm is issued whenever any of the utilization
values exceeds its high-water mark, or, having exceeded the highwater mark, drops below the low-water mark. The user defines the
high and low-water marks. By default, the high-water mark is 90%
and the low-water mark is 60%.
The data collected for utilization threshold metrics tends to be bursty,
so a smoothing algorithm is used to prevent continuous alarms.The
utilization window is a user-specified sliding interval during which
data is collected and averaged. Consequently, shorter intervals are
likely to result in some extraneous alarms. The interval can be set
from 5 to 65000 seconds (default: 15).
Format:
A:mm/dd/yyyy hh:mm:ss
UTL:ALRT|NMRL:CPU|CON|CPS:/*message*/

Where:
A: identifies the message as an alarm.
mm/dd/yyyy hh:mm:ss is the timestamp.
UTL: identifies the message as an Utilization
Threshold Alarm.

Alarm Modifiers and Messages
ALRT: Message: [CPU|Open connections|CPS] exceed
high water mark
NMRL: Message: [CPU|Open connections|CPS] drop
below low water mark

Extended Data
CPU: Indicates that CPU Utilization triggered
the alarm.
CON: Indicates that Total Active Connections
triggered the alarm.
CPS: Indicates that Connections per Second
triggered the alarm.

115

CHAPTER 7

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

UTL Alarm CLI commands
To set Utilization Threshold Alarm time window:
set utl_window  (Range: 5-65000,
default: 15)

To set Utilization Threshold Alarm high-water value:
set utl_highwater  (Range: 2-100,
default: 90)

To set Utilization Threshold Alarm low-water value:
set utl_lowwater  (Range: 1-99,
default: 60)

To display current settings:
show utl_window
show utl_highwater
show utl_lowwater

Examples:
HP SA7120> set utl_window 10
HP SA7120> show utl_window
Utilization Window set [secs]: 10
HP SA7120> set utl_highwater 80
HP SA7120> show utl_highwater
Utilization High water mark [%]: 80
HP SA7120> set utl_lowwater 60
HP SA7120> show utl_lowwater
Utilization Low water mark [%]: 60

OVL: Overload
Alarm
WARNING: This alarm
indicates loss of encryption/decryption. (Normal
SSL operation resumes
when the alarm ceases.)

When enabled, an alarm is issued upon occurence of overloads
resulting in spills or throttles during the current user-configured
alarm period (5 to 65000 seconds, default: 15 seconds).
Format:
A:mm/dd/yyyy hh:mm:ss
OVL:SPIL|THRT:XXX:
/*message*/

Where:
A: identifies the message as an alarm.
mm/dd/yyyy hh:mm:ss is the timestamp.
OVL: identifies the message as an Overload
Alarm.

116

CHAPTER 7

Alarm Types

Alarm Modifiers and Messages
SPIL: indicates overload resulting in a spill.
Message: Spill mode.
THRT: indicates overload resulting in a
throttle. Message: Throttle mode.

Extended Data
XXX: An integer value indicating the total
number of overload events that occurred during
the most recent alarm period.

OVL Alarm CLI Commands
To set Overload Alarm time window:
HP SA7120> set ovl_window  (Range: 565000, default: 15)

To display Overload Alarm time window:
HP SA7120> show ovl_window

Examples:
HP SA7120> set ovl_window 10
HP SA7120> show ovl_window
Check for overload conditions [sec]: 10

NLS: Network
Link Status
Alarm

An alarm is issued whenever the Network or Server link status is
changed.
Format:
A:mm/dd/yyyy hh:mm:ss
NLS:NETL|SVRL:LNKD|10HDX|10FDX|100HDX|100FDX:/
*message*/

Where:
A: identifies the message as an alarm.
mm/dd/yyyy hh:mm:ss is the timestamp.
NLS: identifies the message as a Network Link
Status Alarm.

Alarm Modifiers and Messages
NETL: indicates the network port status.
Message: [No carrier|10Mb/s|100Mb/s][half
duplex|full duplex]
SVRL indicates the server port status. Message:
[No carrier|10Mb/s|100Mb/s] [half duplex|full
duplex]
117

CHAPTER 7

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Extended Data
LINKD: indicates no carrier.
10HDX: indicates 10Mb/s, half duplex.
10FDX: indicates 10Mb/s, full duplex.
100HDX: indicates 100Mb/s, half duplex.
100FDX: indicates 100Mb/s, full duplex.

Alarm Logging
The SA7100/SA7120 maintains a circular buffer of alarms issued.
The most recent alarms, as well as historical logs generated and saved
as a result of exceptional conditions, are viewable at the console or in
Telnet or Secure Shell (SSH) remote sessions. Viewing the current
alarms results in an immediate dump of the alarm buffer.
The historical logs consist of a snapshot of the information retrievable
via the status line command followed by a dump of the alarm buffer
existing at the time of the exceptional condition.
These alarms can be viewed on the console using the CLI command,
status alarms. Additionally, any logs generated and saved as a result
of an exceptional condition are viewable by using the CLI command,
status . (A list of the viewable log files is displayed
using the list logs command.)
Alarms can be echoed to the console by enabling the monitoring
function. Monitoring reports are disabled by default, and are enabled
with the set monitoring  command. The
monitoring application is aware of the port on which the enable
command arrives, and accordingly sends reports to that same port,
thus monitoring reports are displayed on the same console from
which the feature is enabled.
Below are examples of the CLI commands for log viewing, the
defaults, and ranges where applicable:

Example: list logs command:
HP SA7120> list logs
20000727_145544

118

CHAPTER 7

Alarm Logging

Example: status command
HP SA7120> status 20000727_145544
================= STATE ====================
Boot time:
Thu Jul 27 14:54:21
2000
Curr time:
Thu Jul 27 14:55:43
2000
Restarts:
3
KTR Mask:
0xFFFFF3DD
Total Connections:
0
Active Connections:
0, 0 (cur, max)
Connections/Second:
0, 0 (cur, max)
Util Status:
Secure Bytes Read:
Plain Bytes Read:
Secure Bytes Wrote:
Plain Bytes Wrote:
Bytes Allocated to dbufs:
Bytes Per dbuf:
Spill Mode:
Transactions Spilled:
Times Thottled Accepts:
Bypass Mode:
L&M board status:
(0x00000060)
Network NIC:
Duplex

0
0
0
0
0
0
disable
0
0
disable
RESPEND

INLINE

100baseTX Half
(0x00000026

0x00000003 0x00000026)
Server NIC:
0x00000001 0x00000023)
Network LED:
Server LED:
Next heartbeat deadline:
SSL Caching:

No carrier
(0x00000023
on
off
never
Enabled.

--------------- Configuration -------------conlog 0xffffffef
ilog 0xffffffff
trace 0xfffff3dd
media auto
logport tty01
cache 3
119

CHAPTER 7

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

server_tmo 5
client_tmo 30
serverif exp1
netif exp0
map 0.0.0.0 443 80 default
kpanic reboot
monitoring_interval 0
monitoring_fields 0x1f
alarm_mask 0x0000001f
ovl_window 15
rsc_window 15
utl_window 15
utl_highwater 90
utl_lowwater 60
idle 300
kstrength 512
con_speed 9600
con_bits 8
con_stop 1
con_parity n
defcert_cname US
defcert_state California
defcert_city San Diego
defcert_orgname Company Name
defcert_orgunit Company Division
defcert_name www.company.com
defcert_email support@company.com
prompt HP SA7120>
trap_authen
remote_if exp0
ip 10.1.11.34
netmask 255.255.0.0
A:07/27/2000 14:54:47:NLS:SVRL:NC:/* Server port
status, No carrier */
A:07/27/2000 14:54:41:NLS:SVRL:100FDX:/* Server
port status, 100Mb/s, full dupl/
A:07/27/2000 14:54:21:NLS:NETL:100HDX:/* Network
port status, 100Mb/s, half dup/
A:07/27/2000 14:54:21:NLS:SVRL:NC:/* Server port
status, No carrier */
A:01/01/1970 00:00:00:ESC:APPR:3:/* Application
Restarted */

120

CHAPTER 7

Monitoring

Example: status alarms command
HP SA7120> status alarms
A:07/27/2000 14:57:05:ESC:CONI:/* Console inline
*/
A:07/27/2000 14:57:05:NLS:NETL:100HDX:/* Network
port status, 100Mb/s, half dup/
A:07/27/2000 14:57:01:ESC:CONB:/* Console bypass
*/
A:07/27/2000 14:57:01:NLS:NETL:NC:/* Network port
status, No carrier */
A:07/27/2000 14:56:51:NLS:SVRL:NC:/* Server port
status, No carrier */
A:07/27/2000 14:56:46:NLS:SVRL:100FDX:/* Server
port status, 100Mb/s, full dupl/
A:07/27/2000 14:56:30:ESC:CONI:/* Console inline
*/
A:07/27/2000 14:56:30:NLS:NETL:100HDX:/* Network
port status, 100Mb/s, half dup/
A:07/27/2000 14:56:29:NLS:NETL:NC:/* Network port
status, No carrier */
A:07/27/2000 14:56:29:NLS:SVRL:NC:/* Server port
status, No carrier */
HP SA7120>

Monitoring
Monitoring
Reports

A monitoring report is one line of user-configurable text displayed at
the console at a user-configurable interval of between five and 65000
seconds. The interval default is 15 seconds. Monitoring reports are
disabled by default, and are enabled with the set monitoring
 command. The monitoring application is aware of
the port on which the enable command arrives, and accordingly sends
reports to that same port, thus monitoring reports are displayed on the
same console from which the feature is enabled.

Report
Configuration

Report output begins with the letter “M” (for Monitor report, to
distinguish them from Alarm reports) and the timestamp. Other fields
are user-selectable via CLI commands (discussed below in
“Monitoring Reports CLI Commands”). The standard default fields
are mode, failmode, CPU, CPS, and OVRLD. Monitor reports are
disabled by default.

121

CHAPTER 7

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Monitor report format:
M:mm/dd/yyyy hh:mm:ss
mode:failmode:CPU;i,k,a:CPS;c,m,t:OVRLD;r,c,m,t:
NetIF;s:SvrIF;s:BES;c,m,t;BDS;c,m,t

Where:
M Monitor report
mm/dd/yyyy hh:mm:ss Timestamp
mode Bypass mode status [INLINE|BYPASS]
failmode Fail mode status [SAFE|THRU]
CPU;i,k,a CPU%; (i)dle, (k)ernel, (a)pplication
CPS;c,m,t SSL Connections per Second; (c)urrent,
(m)ax, (t)otal
OVRLD;r,c,m,t Overload events; (r)esponse
[SPIL|THRT], (c)urrent, (m)ax,
(t)otal
NetIF;s Net interface; (s)tatus
[NC|10HDX|10FDX|100HDX|100FDX]
SvrIF;s Svr interface; (s)tatus
[NC|10HDX|10FDX|100HDX|100FDX]
BES;c,m,t Bytes Encrypted per Second; (c)urrent,
(m)ax, (t)otal
BDS;c,m,t Bytes Decrypted per Second; (c)urrent,
(m)ax, (t)otal

Monitoring Reports CLI Commands
CLI commands for console monitoring, with defaults and ranges
where applicable are discussed below:
set monitoring_interval 
(Range: 5-65000; Default: 15 )
show monitoring_interval
set monitoring_fields 
Usage: set monitoring_fields [args]
all => All monitoring fields enabled.
cps => SSl connections per second.
cpu => CPU utilization.
dec => Decrypted Data throughput.
enc => Encrypted Data throughput.
failmode => Fail-safe or Fail-through mode.
link => Network and Server Link status.
mode => INLINE or BYPASS mode.
ovrld => Number of spills when spill is
enabled or throttles when spill is
disabled.
show monitoring_fields
122

CHAPTER 7

Monitoring

set monitoring enable|disable (Default: disable)
show monitoring

Examples:
HP SA7120> set monitoring_interval 15
HP SA7120> show monitoring_interval
Monitoring report interval [secs]: 15
HP SA7120> set monitoring disable
HP SA7120> show monitoring
Monitoring for this terminal: disabled
HP SA7120> set monitoring_fields all
HP SA7120> show monitoring_fields
Monitoring report fields: mode failmode cpu cps
ovrld link enc dec
HP SA7120> set monitoring enable
HP SA7120> show monitoring
Monitoring for this terminal: enabled
HP SA7120> set monitoring_fields
Select monitoring fields (all, mode, failmode,
cpu, cps, ovrld, link, enc,
dec) [all]: all
HP SA7120> show monitoring_fields
Monitoring report fields: mode failmode cpu cps
ovrld link enc
HP SA7120> set monitoring enable
HP SA7120> show monitoring
Monitoring for this terminal: enabled

123

CHAPTER 7

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Notes

124

Software Updates

Use the import upgrade command to upgrade your HP e-Commerce
Server Accelerator SA7100/SA7120 software. When you upgrade
your SA7100/SA7120 software, the configuration (including all
keys, certificates, and mapping) is saved. However, all log files are
cleared. The software is in the form of an image file (*.IMG).
Use the import patch command to install a patch to a current
software release. Patches typically effect fixes to minor software
issues. Customer Support can provide guidance regarding patches
appropriate to your system, if any.

CHAPTER 8

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Before
Upgrading

Monitoring output data can interfere with import/
export operations
If import or export operations are carried out while any of the
device’s monitors are enabled, the monitors’ periodic output will be
inserted into the data flow of the import or export. Workaround:
Before performing an import or export operation, turn off all
monitors:
HP SA7120> set monitoring disable

Details on the device’s monitoring functions are found in Chapter 6.

IP blocks may not persist across software upgrade
The device may, after the automatic reboot following an import
upgrade, experience a problem with reestablishing any IP blocks
created before the upgrade. If this is the case, the console displays a
message similar to either of the following examples:
Upgrading...
System rebooting...09/20 13:41:43 Build 122 Tue
Sep 19 02:40:36 PDT 2000 09/20 13:41:44 "block
9.8.7.6 255.255.255.255 99 0xffff" is incomplete
and ignored
Warning: "ciphers ALL:!ADH:!EDH" at line # 11
ignored.
Warning: "block 9.8.7.6 255.255.255.255 99
0xffff" at line # 30 ignored.
Do you want to install this config ? [y]:

Use the create block command to recreate any desired IP blocks after
the upgrade is complete:
HP SA7120> create block
Client IP to block [0.0.0.0]:
Client IP mask [0.0.0.0]:
Server IP to block [0.0.0.0]:
Server IP mask [0.0.0.0]:
Server Port to block:
Server Port mask [0xffff]:
HP SA7120>

126

CHAPTER 8

Using Windows* HyperTerminal*

Using Windows* HyperTerminal*
Command: import upgrade
Use the SA7100/SA7120’s aux console port, which defaults to 115.2
kbps, for greater speed. The import procedure (using xmodem)
requires approximately 7 minutes at 115.2 kbps.
1. Download the image file (.IMG) to the local PC.
2. Connect the serial cable from COM1 or COM2 to the SA7100/
SA7120 auxiliary console.
3. Log in to the SA7100/SA7120.
4. Type the import upgrade command. The command prompts for
xmodem. Press Enter to use the default (xmodem).
HP SA7120> import upgrade
Import protocol: (xmodem) [xmodem]: 
Start xmodem upload now
Use Ctl-X to cancel upload

5. In HyperTerminal*, click Send File from the Transfer menu,
select the file (you can type the filename or click the Browse
button to find the file), click to select the transfer protocol (1K
xmodem), and click Send.
Verifying upgrade image...
Upgrade image valid
=== Release x.x
=== Load xx, Fri Aug 25 05:31:51 2000

WARNING: All saved
logs will be deleted and
the system will reboot
upon successful
completion of the
upgrade.

6. Press y (for yes) at the “Continue with upgrade?” prompt.
Continue with upgrade? [n]: y
Upgrading...
System rebooting...done

Command: import patch
Use the SA7100/SA7120’s aux console port, which defaults to 115.2
kbps, for greater speed. The import procedure (using xmodem)
requires approximately 7 minutes at 115.2 kbps.
1. Download the patch file (.patch) to the local PC.
2. Connect the serial cable from COM1 or COM2 to the SA7100/
SA7120 auxiliary console.
3. Log in to the SA7100/SA7120.

127

CHAPTER 8

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

4. Type the import patch command. The command prompts for
xmodem. Press Enter to use the default (xmodem).
HP SA7120> import patch
Import protocol: (xmodem) [xmodem]: 
Start xmodem upload now
Use Ctl-X to cancel upload

5. In HyperTerminal*, click Send File from the Transfer menu,
select the file (you can type the filename or click the Browse
button to find the file), click to select the transfer protocol (1K
xmodem), and click Send.
Verifying patch image...
Patch successfully imported.

The patch becomes effective upon the next system reboot. Should a
patch fail upon import, the last successfully imported patch is
reapplied.

128

Troubleshooting

Item

Symptom

1

Server and/or
Network LEDs not
illuminated.

Probable
Cause
•

Unit is in
Bypass mode.

•

Improper
cabling.

Remedy

•

If the Inline LED is not illuminated
(solid or blinking) take the SA7100/
SA7120 out of Bypass mode by
either pressing the Bypass switch on
the unit’s front panel or using the
CLI’s inline command.

•

Depending on what type of
equipment the SA7100/SA7120 is
connected to, either straight-through
or crossover Cat-5 network cables
are required for both Network and
Server ports. Switch out the
different cable types at each port
until both Network and Server LEDs
are illuminated.

CHAPTER

9

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Item

Symptom

2

Non-SSL data does
not pass through
SA7100/SA7120.

3

4

130

Web pages are not
completely
displayed, or an
error message such
as, “Document
Contains No Data”
appears.

SSL traffic does not
pass through
SA7100/SA7120

Probable
Cause

Improper cabling.

Remedy

•

Refer to Item 1 in this table.

•

If both Network and Server LEDs
are illuminated, configure the
SA7100/SA7120 to Fail-through
mode (see Appendix B) and place
the unit in Bypass mode. This
effectively bypasses the SA7100/
SA7120, so if the problem persists
its origin is elsewhere in the
network.

The client timeout
value is too small.

Increase the interval with the
following command:

“Client timeout” is
the interval that the
connection
between the client
and server can
remain idle (i.e., no
data crosses the
connection in
either direction)
following a client
request.
•

Improper
mappings.

•

Improper
cabling.

HP SA7120> set client_tmo


where  is the interval in seconds.
The default is five seconds. The
recommended value is 1.5 times the
longest server response time.

•

See Mapping in Chapter 3.

•

See Item 1 in this table.

CHAPTER

9

Troubleshooting

Item

Symptom

Probable
Cause

Remedy

5

Error message:
The page cannot be
displayed.

The digital
certificate and/or
private key is
corrupt.

Use the default key and certificate, or
create new key and unsigned
certificate. Try the page again.
If the error no longer appears, recreate
your private key and certificate
signing request (CSR) and resubmit to
the certificate authority to get a new
certificate.

6

Error message
indicates that the
browser does not
recognize the
signer of this
certificate after
loading global
server ID.

The intermediate
certificate is not
installed or is
installed
improperly.

See Global Site Certificates in
Chapter 3 for correct procedures.

131

CHAPTER

9

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Item

Symptom

Probable
Cause

Remedy

7

Error message:
Server/Network
media mismatch

Server and
network ports
have
autonegotiated to
different media
settings.

Use the status command to determine
the media settings:
HP SA7120> status
.
.
Network port 100baseTX Full
Duplex
Server port 10baseT, Half
Duplex

Then use the nic command to force
common media attributes, e.g.:
HP SA7120> nic
1 - auto
2 - 10baseT, half duplex
3 - 10baseT, full duplex
4 - 100baseTX, half duplex
5 - 100baseTX, full duplex
Select media type [1] 2

In the example above, 2 is the correct
choice because the setting must reflect
the “least common denominator” of
both media speed and duplex attribute,
i.e., the server port is determinative
because it has both the lower speed
and lower (half) duplex attribute.

132

Front Panel

The following diagram shows the LEDs, buttons, switches and connections for the HP e-Commerce Server Accelerator SA7100/
SA7120. Note that there is no power switch or button. Power is applied to the device by connecting the power cable.
LEDs
Power
(green)

Error
(red)

Console
(CLI)

Overload Activity
(amber) (green)

Aux Console
(Diagnostics)

LEDs
Network Link Inline Server Link
(green)
(green)
(green)

Network Link
(RJ45)

Server Link
(RJ45)

Fail-through switch

Front Panel Connectors, Controls, and Indicators

Reset

Bypass

APPENDIX A

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Buttons and Switches
There are two buttons and one switch on the front panel of the
SA7100/SA7120.
Button/Switch

Action

Reset button

Press momentarily to issue a soft reset to the SA7100/SA7120.
Press for 5 seconds to reset the SA7100/SA7120 and restore the
factory defaults.

Bypass button

Press to physically force bypass mode (bypass SA7100/SA7120
processing).

Fail-through/
Fail-safe switch

Default: Fail-safe (up position), the network connection is broken
during a SA7100/SA7120 failure.
Fail-through (down position), the network connection is
maintained during a SA7100/SA7120 failure. Refer to Failure/
Bypass Modes in Appendix B for details.

Front Panel LEDs
The LED display provides high-level SA7100/SA7120 information.
There are seven LEDs on the SA7100/SA7120’s front panel, in two
groups of four and three, respectively.
LED
Power

Status
ON – Power is supplied to SA7100/SA7120.
OFF – No Power to SA7100/SA7120.

Error

ON – Error condition found.
OFF – Normal operation.

134

APPENDIX A

LED
Overload

Front Panel LEDs

Status
ON – SA7100/SA7120 is saturated with SSL requests. LED ranges
from dim flickering to bright steady, indicating low to high spillover.
Refer to the spill command for ways to offload requests to another
SA7100/SA7120.
OFF – Normal operation.

Activity

ON – SSL processing is being performed. Ranges from dim, when
processing loads are low to bright, when greater amounts of processing
are occuring.
OFF – No SSL processing is being performed.

Network Link

ON – Operational network connection.
OFF – No operational network connection.

Inline

BLINKING GREEN – Fail-safe mode, which is the default. In the event
of a SA7100/SA7120 failure, traffic will not pass through.

(See Appendix B, Failure/ STEADY GREEN – Fail-through mode, which allows traffic to pass
Bypass Modes)
even with SA7100/SA7120 failure.
OFF – SA7100/SA7120 is not operational, or is in Bypass mode.
Server Link

ON – Operational server connection.
OFF – No operational server connection.

135

APPENDIX A

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Connectors
The following table describes the SA7100/SA7120’s connectors.
Designator

Type

Purpose

Network

RJ45

100baseTX/10baseT connection to network (clients),
wired as a host port.

Server

RJ45

100baseTX/10baseT connection to server (or servers),
wired as a hub port.

Console

DB9

RS-232 DTE console port (9600 8, N, 1)

Aux Console

DB9

RS-232 DTE console port (115200, 8, N, 1) includes
kernel diagnostics at boot.

Power

136

Power input

Failure/Bypass
Modes

WARNING: Enabling
bypass mode will
instantly and without
warning terminate all
active remote
management sessions.

The HP e-Commerce Server Accelerator SA7100/SA7120 is
designed with the ability to automatically bypass e-Commerce traffic
in the event of a failure. If necessary, the user can force a bypass with
the Bypass button or from the command line interface using the
bypass command. There is also a security feature (Fail-through
switch). In the default Fail-safe position, this switch prevents traffic
from passing through unprocessed in the event of a failure or if
Bypass mode is manually activated.
The following discussion about the Bypass button and Fail-through
switch assumes that normal conditions for SA7100/SA7120
processing are in effect (i.e., the user has entered the appropriate CLI
commands to enable SA7100/SA7120 processing).

APPENDIX

B

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

LEDs
Inline
Network Link (green) Server Link

Network Link

Server Link

Reset

Bypass

Fail-Through switch

Front Panel Detail: Failure/Bypass Mode Controls and Indicators

Bypass Button
Forcing a bypass of the SA7100/SA7120 may be necessary when
certain actions must be performed offline (e.g., configuration
changes, entering certificates, or problem isolation).
To force a bypass of SA7100/SA7120 processing, push the Bypass
button ON. The Network Link, Inline, and Server Link LEDs are off
in Bypass mode. ON disables the SA7100/SA7120’s ability to
process e-Commerce traffic. The mode of the Fail-through switch
controls whether traffic continues to flow unprocessed between the
client and the server (discussed below).

Fail-through Switch (Security Level)
This switch allows the user to control what happens in the event of a
failure. It is located in a recess between the network link and server
link connectors. Use a small screwdriver or paper clip to manipulate
the switch. The two options are to either let traffic flow through the
SA7100/SA7120 in the event of a failure (or the Bypass Switch being
on) or to block traffic. When the switch is in Fail-through mode
(down position), traffic is allowed to pass through unprocessed in the
event of a failure of the SA7100/SA7120 or if the Bypass toggle is
ON.

138

APPENDIX

B

Fail-through Switch (Security Level)

During normal processing, the Inline (green) LED on the front panel
indicates whether e-Commerce traffic will pass through in the event
of a failure (depending on Fail-through switch state). Steady green or
blinking green both mean that the SA7100/SA7120 is processing
traffic; blinking green indicates traffic will be blocked if the SA7100/
SA7120 fails (Fail-safe mode), and steady green indicates traffic will
continue (unprocessed) in the event of a failure (Fail-through mode).
When the Inline LED is off, no SSL processing is taking place, which
means either no traffic is passing through (Fail-safe), or the traffic
that is passing through is unprocessed (Fail-through).
The following conditions and Inline LED behavior are possible with
the Fail-through switch and Bypass button:
Device Mode

Bypass
Button

Fail-through
Switch Mode

Traffic Status

Inline LED

Failed

N/A

Fail-safe (Up
position)

No traffic (either direction)

off

Failed

N/A

Fail-through
(Down
position)

Passes through unprocessed off

N/A

ON (Bypass)

Fail-safe (Up
position)

No traffic (either direction)

N/A

ON (Bypass)

Fail-through
(Down
position)

Passes through unprocessed off

Operational

OFF (Inline)

Fail-safe (Up
position)

Processing

Blinking green

Operational

OFF (Inline)

Fail-through
(Down
position)

Processing

Steady green

off

139

APPENDIX

B

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Notes

140

Supported Ciphers
The HP e-Commerce Server Accelerator SA7100/SA7120 supports
only RSA key exchange and authentication. Diffie-Hellman
(including Anonymous and Ephemeral) key exchange/authentication
and DSS authentication are not supported.
Use the set cipher command to specify the cipher. The command
prompts you for the cipher strength and SSL version level. Options
for these values are:

Cipher Strength
•

All - all supported ciphers (including export ciphers)

•

High - all ciphers with 168-bit encryption (Triple-DES)

•

Medium - all ciphers with 128-bit and higher encryption
(including High)

•

Low - all ciphers with 64-bit and higher encryption (including
Medium and High)

•

Export only - all export ciphers

APPENDIX C

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

SSL Version Level
•

SSLv2 - all SSL version 2.0 ciphers

•

SSLv3 - all SSL version 3.0 ciphers

•

SSLv2 and SSLv3 - all SSL version 2.0 and 3.0 ciphers

The default cipher value is all supported ciphers (both SSLv2 and
SSLv3).
The following table provides ciphers supported by the SA7100/
SA7120. Note that the export version of the software supports only
the ciphers marked “E” in the Profile column.
Name

Protocol Key
Exchange

Authentication Encryption
(key size)

DESCBC3SHA

SSLv3

RSA

RSA

3DES(168)

SHA1

H

IDEASSLv3
CBC-SHA

RSA

RSA

IDEA(128)

SHA1

M

RC4-SHA SSLv3

RSA

RSA

RC4(128)

SHA1

M

RC4-MD5 SSLv3

RSA

RSA

RC4(128)

MD5

M

DESSSLv3
CBC-SHA

RSA

RSA

DES(56)

SHA1

L

DESCBC3MD5

SSLv2

RSA

RSA

3DES(168)

MD5

H

IDEACBCMD5

SSLv2

RSA

RSA

IDEA(128)

MD5

M

142

Message
Profile (Hi/
Authentication Medium/
Low/
Export)

APPENDIX

C

SSL Version Level

Name

Protocol Key
Exchange

Authentication Encryption
(key size)

Message
Profile (Hi/
Authentication Medium/
Low/
Export)

RC2CBCMD5

SSLv2

RSA

RSA

RC2(128)

MD5

M

RC4-MD5 SSLv2

RSA

RSA

RC4(128

MD5

M

RC4-64MD5

SSLv2

RSA

RSA

RC4(64)

MD5

L

DESCBCMD5

SSLv2

RSA

RSA

DES(56)

MD5

L

SSLv3
EXPDESCBC-SHA

RSA(512)

RSA

DES(40)

SHA1

E

SSLv3

RSA(512)

RSA

RC2(40)

MD5

E

EXPSSLv3
RC4-MD5

RSA(512)

RSA

RC4(40)

MD5

E

SSLv2

RSA(512)

RSA

RC2(40)

MD5

E

EXPSSLv2
RC4-MD5

RSA(512)

RSA

RC4(40)

MD5

E

EXPRC2CBCMD5

EXPRC2CBCMD5

143

APPENDIX C

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Notes

144

Regulatory
Information

Taiwan Class A EMI Statement

APPENDIX D

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

VCCI Statement
Class A ITE

This is a Class A product based on the standard of the Voluntary
Control Council for Interference by Information Technology
Equipment (VCCI). If this equipment is used in a domestic
environment, radio disturbance may arise. When such trouble occurs,
the user may be required to take corrective actions.
Internal access to the device is intended only for qualified service
personnel.

FCC Part 15 Compliance Statement
This product has been tested and found to comply with the limits for
a Class A digital device pursuant to Part 15 of the FCC rules. These
limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial
environment.
This product generates, uses, and can radiate radio frequency energy
and, if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications.
However, there is no guarantee that interference will not occur in a
particular installation. If this equipment does cause harmful
interference to radio or television reception, which can be determined
by turning this equipment off and on, the user is encouraged to try to
correct the interference by one or more of the following measures:
•

Change the direction of the radio or TV antenna.

•

To the extent possible, relocate the radio, TV, or other receiver
away from the product.

•

Plug the product into a different electrical outlet so that the
product and the receiver are on different branch circuits.

If these suggestions don’t help, consult your dealer or an experienced
radio/TV repair technician for more suggestions.
146

APPENDIX D

Canada Compliance Statement (Industry Canada)

NOTE: This device complies with Part 15 of the FCC Rules.
Operation is subject to the following two conditions: (1) This
device may not cause harmful interference, and (2) this device must
accept any interference received, including interference that may
cause undesired operation.

CAUTION: If you make any modification to the equipment not
expressly approved by HP, you could void your authority to operate
the equipment.

Canada Compliance Statement (Industry
Canada)
Cet appareil numérique respecte les limites bruits radioélectriques
applicables aux appareils numériques de Classe A prescrites dans la
norme sur le matériel brouilleur: "Appareils Numériques", NMB-003
édictée par le Ministre Canadien des Communications.
This digital apparatus does not exceed the Class A limits for radio
noise emissions from digital apparatus set out in the
interference-causing equipment standard entitled: "Digital
Apparatus," ICES-003 of the Canadian Department of
Communications.

CE Compliance Statement
This HP e-Commerce Server Accelerator SA7100/SA7120 complies
with the EU Directive, 89/336/EEC, using the EMC standards
EN55022 (Class A) and EN55024:1998. This product also complies
with the EU Directive, 73/23/EEC, using the safety standard
EN60950.

147

APPENDIX D

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

CISPR 22 Statement
WARNING: This is a Class A product. In a domestic environment
this product may cause radio interference in which case the user may
be required to take adequate measures.

VCCI Class A (Japan)

Australia

WARNING

148

The system is designed to operate in a typical office environment.
Choose a site that is:
•

Clean and free of airborne particles (other than normal room
dust).

•

Well-ventilated and away from sources of heat including direct
sunlight.

•

Away from sources of vibration or physical shock.

•

Isolated from strong electromagnetic fields produced by
electrical devices.

APPENDIX D

AVERTISSEMENT

•

In regions that are susceptible to electrical storms, we
recommend you plug your system into a surge suppressor and
disconnect telecommunication lines to your modem during an
electrical storm.

•

Provided with a properly grounded wall outlet.

Do not attempt to modify or use the supplied AC power cord if it is
not the exact type required.
Ensure that the system is disconnected from its power source and
from all telecommunications links, networks, or modem lines
whenever the chassis cover is to be removed. Do not operate the
system with the cover removed.

AVERTISSEMENT
Le système a été conçu pour fonctionner dans un cadre de travail
normal. L’emplacement choisi doit être:
•

Propre et dépourvu de poussière en suspension (sauf la poussière
normale).

•

Bien aéré et loin des sources de chaleur, y compris du soleil
direct.

•

A l’abri des chocs et des sources de ibrations.

•

Isolé de forts champs magnétiques géenérés par des appareils
électriques.

•

Dans les régions sujettes aux orages magnétiques il est
recomandé de brancher votre système à un supresseur de
surtension, et de débrancher toutes les lignes de
télécommunications de votre modem durant un orage.

•

Muni d’une prise murale correctement mise à la terre.

Ne pas utiliser ni modifier le câble d’alimentation C. A. fourni, s’il ne
correspond pas exactement au type requis.
Assurez vous que le système soit débranché de son alimentation ainsi
que de toutes les liaisons de télécomunication, des réseaux, et des
lignes de modem avant d’enlever le capot. Ne pas utiliser le système
quand le capot est enlevé.

149

APPENDIX D

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

WARNUNG
Das System wurde für den Betrieb in einer normalen Büroumgebung
entwickelt. Der entwickelt. Der Standort sollte:
•

sauber und staubfrei sein (Hausstaub ausgenommen);

•

gut gelüftet und keinen Heizquellen ausgesetzt sein
(einschließlich direkter Sonneneinstrahlung);

•

keinen Erschütterungen ausgesetzt sein;

•

keine starken, von elektrischen Geräten erzeugten
elektromagnetischen Felder aufweisen;

•

in Regionen, in denen elektrische Stürme auftreten, mit einem
Überspannungsschutzgerät verbunden sein; während eines
elektrischen Sturms sollte keine Verbindung der
Telekommunikationsleitungen mit dem Modem bestehen;

•

mit einer geerdeten Wechselstromsteckdose ausgerüstet sein.

Versuchen Sie nicht, das mitgelieferte Netzkabel zu ändern oder zu
verwenden, wenn es sich nicht um genau den erforderlichen Typ
handelt.
Das System darf weder an eine Stromquelle angeschlossen sein noch
eine Verbindung mit einer Telekommunikationseinrichtung, einem
Netzwerk oder einer Modem-Leitung haben, wenn die
Gehäuseabdeckung entfernt wird. Nehmen Sie das System nicht ohne
die Abdeckung in Betrieb.

AVVERTENZA
Il sistema è progettato per funzionare in un ambiente di lavoro tipico.
Scegliere una postazione che sia:

150

•

Pulita e libera da particelle in sospensione (a parte la normale
polvere presente nell’ambiente).

•

Ben ventilata e lontana da fonti di calore, compresa la luce solare
diretta.

•

Al riparo da urti e lontana da fonti divibrazione.

•

Isolata dai forti campi magnetici prodotti da dispositivi elettrici.

APPENDIX D

ADVERTENCIAS

•

In aree soggette a temporali, è consigliabile collegare il sistema
ad un limitatore di corrente. In caso di temporali, scollegare le
linee di comunicazione dal modem.

•

Dotata di una presa a muro correttamente installata.

Non modificare o utilizzare il cavo di alimentazione in c. a. fornito
dal produttore, se non corrisponde esattamente al tipo richiesto.
Prima di rimuovere il coperchio del telaio, assicurarsi che il sistema
sia scollegato dall’alimentazione, da tutti i collegamenti di
comunicazione, reti o linee di modem. Non avviare il sistema senza
aver prima messo a posto il coperchio.

ADVERTENCIAS
El sistema está diseñado para funcionar en un entorno de trabajo
normal. Escoja un lugar:
•

Limpio y libre de partículas en suspensión (salvo el polvo
normal)

•

Bien ventilado y alejado de fuentes de calor, incluida la luz solar
directa.

•

Alejado de fuentes de vibración.

•

Aislado de campos electromagnéticos fuertes producidos por
dispositivos eléctricos.

•

En regiones con frecuentes tormentas eléctricas, se recomienda
conectar su sistema a un eliminador de sobrevoltage y
desconectar el módem de las líneas de telecomunicación durante
las tormentas.

•

Previsto de una toma de tierra correctamente instalada.

No intente modificar ni usar el cable de alimentación de corriente
alterna, si no se corresponde exactamente con el tipo requerido.
Asegúrese de que cada vez que se quite la cubierta del chasis, el
sistema haya sido desconectado de la red de alimentación y de todos
lo enlaces de telecomunicaciones, de red y de líneas de módem. No
ponga en funcionamiento el sistema mientras la cubierta esté quitada

151

APPENDIX D

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Wichtige Sicherheitshinweise
1. Bitte lesen Sie sich diese Hinweise sorgfältig durch.
2. Heben Sie diese Anleitung für den spätern Gebrauch auf.
3. Vor jedem Reinigen ist das Gerät vom Stromnetz zu trennen.
Vervenden Sie keine Flüssig- oder Aerosolreiniger. Am besten
dient ein angefeuchtetes Tuch zur Reinigung.
4. Um eine Beschädigung des Gerätes zu vermeiden sollten Sie nur
Zubehörteile verwenden, die vom Hersteller zugelassen sind.
5. Das Gerät is vor Feuchtigkeit zu schützen.
6. Bei der Aufstellung des Gerätes ist auf sichern Stand zu achten.
Ein Kippen oder Fallen könnte Verletzungen hervorrufen.
Verwenden Sie nur sichere Standorte und beachten Sie die
Aufstellhinweise des Herstellers.
7. Die Belüftungsöffnungen dienen zur Luftzirkulation die das
Gerät vor Überhitzung schützt. Sorgen Sie dafür, daß diese
Öffnungen nicht abgedeckt werden.
8. Beachten Sie beim Anschluß an das Stromnetz die
Anschlußwerte.
9. Die Netzanschlußsteckdose muß aus Gründen der elektrischen
Sicherheit einen Schutzleiterkontakt haben.
10. Verlegen Sie die Netzanschlußleitung so, daß niemand darüber
fallen kann. Es sollete auch nichts auf der Leitung abgestellt
werden.
11. Alle Hinweise und Warnungen die sich am Geräten befinden sind
zu beachten.
12. Wird das Gerät über einen längeren Zeitraum nicht benutzt,
sollten Sie es vom Stromnetz trennen. Somit wird im Falle einer
Überspannung eine Beschädigung vermieden.
13. Durch die Lüftungsöffnungen dürfen niemals Gegenstände oder
Flüssigkeiten in das Gerät gelangen. Dies könnte einen Brand
bzw. Elektrischen Schlag auslösen.
14. Öffnen Sie niemals das Gerät. Das Gerät darf aus Gründen der
elektrischen Sicherheit nur von authorisiertem Servicepersonal
geöffnet werden.

152

APPENDIX D

Wichtige Sicherheitshinweise

15. Wenn folgende Situationen auftreten ist das Gerät vom
Stromnetz zu trennen und von einerqualifizierten Servicestelle zu
überprüfen:
a. Netzkabel oder Netzstecker sint beschädigt.
b. Flüssigkeit ist in das Gerät eingedrungen.
c. Das Gerät war Feuchtigkeit ausgesetzt.
d. Wenn das Gerät nicht der Bedienungsanleitung ensprechend
funktioniert oder Sie mit Hilfe dieser Anleitung keine
Verbesserung erzielen.
e. Das Gerät ist gefallen und/oder das Gehäuse ist beschädigt.
f. Wenn das Gerät deutliche Anzeichen eines Defektes aufweist.
16. Bei Reparaturen dürfen nur Orginalersatzteile bzw. den
Orginalteilen entsprechende Teile verwendet werden. Der
Einsatz von ungeeigneten Ersatzteilen kann eine weitere
Beschädigung hervorrufen.
17. Wenden Sie sich mit allen Fragen die Service und Repartur
betreffen an Ihren Servicepartner. Somit stellen Sie die
Betriebssicherheit des Gerätes sicher.
18. Zum Netzanscluß dieses Gerätes ist eine geprüfte Leitung zu
verwenden, Für einen Nennstrom bis 6A und einem
Gerätegewicht größer 3kg ist eine Leitung nicht leichter als
H05VV-F, 3G, 0.75mm2 einzusetzen.

153

APPENDIX D

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Notes

154

Software License
Agreement
ATTENTION: USE OF THE SOFTWARE IS SUBJECT TO THE
HP SOFTWARE LICENSE TERMS SET FORTH BELOW. USING
THE SOFTWARE INDICATES YOUR ACCEPTANCE OF
THESE LICENSE TERMS. IF YOU DO NOT ACCEPT THESE
LICENSE TERMS, YOU MAY RETURN THE SOFTWARE FOR
A FULL REFUND. IF THE SOFTWARE IS BUNDLED WITH
ANOTHER PRODUCT, YOU MAY RETURN THE ENTIRE
UNUSED PRODUCT FOR A FULL REFUND.
HP SOFTWARE LICENSE TERMS
License Grant. HP grants you a license to Use one copy of the
Software. "Use" means storing, loading, installing, executing or
displaying the Software. You may not modify the Software or disable
any licensing or control features of the Software. If the Software is
licensed for "concurrent use", you may not allow more than the
maximum number of authorized users to Use the Software
concurrently.

APPENDIX E

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Ownership. The Software is owned and copyrighted by HP or its
third party suppliers. Your license confers no title or ownership and
is not a sale of any rights in the Software, its documentation or the
media on which they are recorded or printed. Third party suppliers
may protect their rights in the Software in the event of any
infringement.
Copies and Adaptations. You may only make copies or adaptations
of the Software for archival purposes or when copying or adaptation
is an essential step in the authorized Use of the Software on a backup
product, provided that copies and adaptations are used in no other
manner and provided further that Use on the backup product is
discontinued when the original or replacement product becomes
operable. You must reproduce all copyright notices in the original
Software on all copies or adaptations. You may not copy the
Software onto any public or distributed network.
No Disassembly or Decryption. You may not disassemble or
decompile the Software without HP’s prior written consent. Where
you have other rights under statute, you will provide HP with
reasonably detailed information regarding any intended disassembly
or decompilation. You may not decrypt the Software unless
necessary for the legitimate use of the Software.
Transfer. Your license will automatically terminate upon any
transfer of the Software. Upon transfer, you must deliver the
Software, including any copies and related documentation, to the
transferee. The transferee must accept these License Terms as a
condition to the transfer.
Termination. HP may terminate your license upon notice for failure
to comply with any of these License Terms. Upon termination, you
must immediately destroy the Software, together with all copies,
adaptations and merged portions in any form.
Export Requirements. You may not export or re-export the
Software or any copy or adaptation in violation of any applicable
laws or regulations.

156

APPENDIX E

U.S. Government Restricted Rights. The Software and any
accompanying documentation have been developed entirely at
private expense. They are delivered and licensed as "commercial
computer software" as defined in DFARS 252.227-7013 (Oct 1988),
DFARS 252.211-7015 (May 1991) or DFARS 252.227-7014 (Jun
1995), as a "commercial item" as defined in FAR 2.101(a), or as
"Restricted computer software" as defined in FAR 52.227-19 (Jun
1987)(or any equivalent agency regulation or contract clause),
whichever is applicable. You have only those rights provided for
such Software and any accompanying documentation by the
applicable FAR or DFARS clause or the HP standard software
agreement for the product involved.

157

APPENDIX E

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Mozilla* and expat* License Information
1. expat (http://www.jclark.com/xml/expat.html) is code used in the
SA7100/SA7120. The license governing the expat code is either
the Mozilla Public License (MPL) Version 1.1 or the GNU
General Public License.
2. The open source code has neither been modified by HewlettPackard nor have files been added to or deleted from the source
code by Hewlett-Packard. Hewlett-Packard’s code is simply
linked to the expat code through its API function call.
3. Requirements for distribution of expat: Executable distributions
must include: (i) a notice stating that the Source Code is
available under the terms of the MPL. (ii) Any related manuals/
documentation accompanying the product must include a copy of
the MPL, as shown below:

MOZILLA
PUBLIC
LICENSE,
Version 1.1

1. Definitions
1.0.1. “Commercial Use” means distribution or otherwise
making the Covered Code available to a third party.
1.1. “Contributor” means each entity that creates or contributes
to the creation of Modifications.
1.2. ''Contributor Version'' means the combination of the
Original Code, prior Modifications used by a Contributor, and
the Modifications made by that particular Contributor.
1.3. ''Covered Code'' means the Original Code or Modifications
or the combination of the Original Code and Modifications, in
each case including portions thereof.
1.4. ''Electronic Distribution Mechanism'' means a mechanism
generally accepted in the software development community for
the electronic transfer of data.
1.5. ''Executable'' means Covered Code in any form other than
Source Code.
1.6. ''Initial Developer'' means the individual or entity identified
as the Initial Developer in the Source Code notice required by
Exhibit A.

158

APPENDIX E

Mozilla* and expat* License Information

1.7. ’’Larger Work’’ means a work which combines Covered
Code or portions thereof with code not governed by the terms of
this License.
1.8. ’’License’’ means this document.
1.8.1. "Licensable" means having the right to grant, to the
maximum extent possible, whether at the time of the initial grant
or subsequently acquired, any and all of the rights conveyed
herein.
1.9. ’’Modifications’’ means any addition to or deletion from the
substance or structure of either the Original Code or any previous
Modifications. When Covered Code is released as a series of
files, a Modification is:
(a) Any addition to or deletion from the contents of a file
containing Original Code or previous Modifications.
(b) Any new file that contains any part of the Original Code
or previous Modifications.
1.10. ’’Original Code’’ means Source Code of computer software
code which is described in the Source Code notice required by
Exhibit A as Original Code, and which, at the time of its release
under this License is not already Covered Code governed by this
License.
1.10.1. "Patent Claims" means any patent claim(s), now owned
or hereafter acquired, including without limitation, method,
process, and apparatus claims, in any patent Licensable by
grantor.
1.11. ’’Source Code’’ means the preferred form of the Covered
Code for making modifications to it, including all modules it
contains, plus any associated interface definition files, scripts
used to control compilation and installation of an Executable, or
source code differential comparisons against either the Original
Code or another well known, available Covered Code of the
Contributor’s choice. The Source Code can be in a compressed or
archival form, provided the appropriate decompression or dearchiving software is widely available for no charge.
1.12. "You’’ (or "Your") means an individual or a legal entity
exercising rights under, and complying with all of the terms of,
this License or a future version of this License issued under
Section 6.1. For legal entities, "You’’ includes any entity which
controls, is controlled by, or is under common control with You.
159

APPENDIX E

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

For purposes of this definition, "control’’ means (a) the power,
direct or indirect, to cause the direction or management of such
entity, whether by contract or otherwise, or (b) ownership of
more than fifty percent (50%) of the outstanding shares or
beneficial ownership of such entity.
2. Source Code License.
2.1. The Initial Developer Grant.
The Initial Developer hereby grants You a world-wide, royaltyfree, non-exclusive license, subject to third party intellectual
property claims:
(a) under intellectual property rights (other than patent or
trademark) Licensable by Initial Developer to use, reproduce,
modify, display, perform, sublicense and distribute the
Original Code (or portions thereof) with or without
Modifications, and/or as part of a Larger Work; and
(b) under Patents Claims infringed by the making, using or
selling of Original Code, to make, have made, use, practice,
sell, and offer for sale, and/or otherwise dispose of the
Original Code (or portions thereof).
(c) the licenses granted in this Section 2.1(a) and (b) are
effective on the date Initial Developer first distributes
Original Code under the terms of this License.
(d) Notwithstanding Section 2.1(b) above, no patent license is
granted: 1) for code that You delete from the Original Code;
2) separate from the Original Code; or 3) for infringements
caused by: i) the modification of the Original Code or ii) the
combination of the Original Code with other software or
devices.
2.2. Contributor Grant.
Subject to third party intellectual property claims, each
Contributor hereby grants You a world-wide, royalty-free, nonexclusive license
(a) under intellectual property rights (other than patent or
trademark) Licensable by Contributor, to use, reproduce,
modify, display, perform, sublicense and distribute the
Modifications created by such Contributor (or portions
thereof) either on an unmodified basis, with other
Modifications, as Covered Code and/or as part of a Larger
Work; and
160

APPENDIX E

Mozilla* and expat* License Information

(b)under Patent Claims infringed by the making, using, or
selling of Modifications made by that Contributor either
alone and/or in combination with its Contributor Version (or
portions of such combination), to make, use, sell, offer for
sale, have made, and/or otherwise dispose of:
1) Modifications made by that Contributor (or portions
thereof); and 2) the combination of Modifications made by
that Contributor with its Contributor Version (or portions of
such combination).
(c) the licenses granted in Sections 2.2(a) and 2.2(b) are
effective on the date Contributor first makes Commercial Use
of the Covered Code.
(d) Notwithstanding Section 2.2(b) above, no patent license is
granted: 1) for any code that Contributor has deleted from the
Contributor Version; 2) separate from the Contributor
Version; 3) for infringements caused by: i) third party
modifications of Contributor Version or ii) the combination
of Modifications made by that Contributor with other
software (except as part of the Contributor Version) or other
devices; or 4) under Patent Claims infringed by Covered
Code in the absence of Modifications made by that
Contributor.
3. Distribution Obligations.
3.1. Application of License.
The Modifications which You create or to which You contribute
are governed by the terms of this License, including without
limitation Section 2.2. The Source Code version of Covered
Code may be distributed only under the terms of this License or a
future version of this License released under Section 6.1, and
You must include a copy of this License with every copy of the
Source Code You distribute. You may not offer or impose any
terms on any Source Code version that alters or restricts the
applicable version of this License or the recipients’ rights
hereunder. However, You may include an additional document
offering the additional rights described in Section 3.5.

161

APPENDIX E

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

3.2. Availability of Source Code.
Any Modification which You create or to which You contribute
must be made available in Source Code form under the terms of
this License either on the same media as an Executable version or
via an accepted Electronic Distribution Mechanism to anyone to
whom you made an Executable version available; and if made
available via Electronic Distribution Mechanism, must remain
available for at least twelve (12) months after the date it initially
became available, or at least six (6) months after a subsequent
version of that particular Modification has been made available
to such recipients. You are responsible for ensuring that the
Source Code version remains available even if the Electronic
Distribution Mechanism is maintained by a third party.
3.3. Description of Modifications.
You must cause all Covered Code to which You contribute to
contain a file documenting the changes You made to create that
Covered Code and the date of any change. You must include a
prominent statement that the Modification is derived, directly or
indirectly, from Original Code provided by the Initial Developer
and including the name of the Initial Developer in (a) the Source
Code, and (b) in any notice in an Executable version or related
documentation in which You describe the origin or ownership of
the Covered Code.
3.4. Intellectual Property Matters
(a) Third Party Claims. If Contributor has knowledge that a
license under a third party’s intellectual property rights is
required to exercise the rights granted by such Contributor
under Sections 2.1 or 2.2, Contributor must include a text file
with the Source Code distribution titled "LEGAL’’ which
describes the claim and the party making the claim in
sufficient detail that a recipient will know whom to contact. If
Contributor obtains such knowledge after the Modification is
made available as described in Section 3.2, Contributor shall
promptly modify the LEGAL file in all copies Contributor
makes available thereafter and shall take other steps (such as
notifying appropriate mailing lists or news groups)
reasonably calculated to inform those who received the
Covered Code that new knowledge has been obtained.
(b) Contributor APIs. If Contributor’s Modifications include
an application programming interface and Contributor has
knowledge of patent licenses which are reasonably necessary
162

APPENDIX E

Mozilla* and expat* License Information

to implement that API, Contributor must also include this
information in the LEGAL file.
(c) Representations. Contributor represents that, except as
disclosed pursuant to Section 3.4(a) above, Contributor
believes that Contributor’s Modifications are Contributor’s
original creation(s) and/or Contributor has sufficient rights to
grant the rights conveyed by this License.
3.5. Required Notices.
You must duplicate the notice in Exhibit A in each file of the
Source Code. If it is not possible to put such notice in a
particular Source Code file due to its structure, then You must
include such notice in a location (such as a relevant directory)
where a user would be likely to look for such a notice. If You
created one or more Modification(s) You may add your name as a
Contributor to the notice described in Exhibit A. You must also
duplicate this License in any documentation for the Source Code
where You describe recipients’ rights or ownership rights relating
to Covered Code. You may choose to offer, and to charge a fee
for, warranty, support, indemnity or liability obligations to one or
more recipients of Covered Code. However, You may do so only
on Your own behalf, and not on behalf of the Initial Developer or
any Contributor. You must make it absolutely clear than any such
warranty, support, indemnity or liability obligation is offered by
You alone, and You hereby agree to indemnify the Initial
Developer and every Contributor for any liability incurred by the
Initial Developer or such Contributor as a result of warranty,
support, indemnity or liability terms You offer.

163

APPENDIX E

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

3.6. Distribution of Executable Versions.
You may distribute Covered Code in Executable form only if the
requirements of Section 3.1-3.5 have been met for that Covered
Code, and if You include a notice stating that the Source Code
version of the Covered Code is available under the terms of this
License, including a description of how and where You have
fulfilled the obligations of Section 3.2. The notice must be
conspicuously included in any notice in an Executable version,
related documentation or collateral in which You describe
recipients’ rights relating to the Covered Code. You may
distribute the Executable version of Covered Code or ownership
rights under a license of Your choice, which may contain terms
different from this License, provided that You are in compliance
with the terms of this License and that the license for the
Executable version does not attempt to limit or alter the
recipient’s rights in the Source Code version from the rights set
forth in this License. If You distribute the Executable version
under a different license You must make it absolutely clear that
any terms which differ from this License are offered by You
alone, not by the Initial Developer or any Contributor. You
hereby agree to indemnify the Initial Developer and every
Contributor for any liability incurred by the Initial Developer or
such Contributor as a result of any such terms You offer.
3.7. Larger Works.
You may create a Larger Work by combining Covered Code with
other code not governed by the terms of this License and
distribute the Larger Work as a single product. In such a case,
You must make sure the requirements of this License are fulfilled
for the Covered Code.
4. Inability to Comply Due to Statute or Regulation
If it is impossible for You to comply with any of the terms of this
License with respect to some or all of the Covered Code due to
statute, judicial order, or regulation then You must: (a) comply
with the terms of this License to the maximum extent possible;
and (b) describe the limitations and the code they affect. Such
description must be included in the LEGAL file described in
Section 3.4 and must be included with all distributions of the
Source Code. Except to the extent prohibited by statute or
regulation, such description must be sufficiently detailed for a
recipient of ordinary skill to be able to understand it.

164

APPENDIX E

Mozilla* and expat* License Information

5. Application of this License
This License applies to code to which the Initial Developer has
attached the notice in Exhibit A and to related Covered Code.
6. Versions of the License.
6.1. New Versions.
Netscape Communications Corporation (’’Netscape’’) may
publish revised and/or new versions of the License from time to
time. Each version will be given a distinguishing version
number.
6.2. Effect of New Versions.
Once Covered Code has been published under a particular
version of the License, You may always continue to use it under
the terms of that version. You may also choose to use such
Covered Code under the terms of any subsequent version of the
License published by Netscape. No one other than Netscape has
the right to modify the terms applicable to Covered Code created
under this License.
6.3. Derivative Works.
If You create or use a modified version of this License (which
you may only do in order to apply it to code which is not already
Covered Code governed by this License), You must (a) rename
Your license so that the phrases ’’Mozilla’’, ’’MOZILLAPL’’,
’’MOZPL’’, ’’Netscape’’, "MPL", ’’NPL’’ or any confusingly
similar phrase do not appear in your license (except to note that
your license differs from this License) and (b) otherwise make it
clear that Your version of the license contains terms which differ
from the Mozilla Public License and Netscape Public License.
(Filling in the name of the Initial Developer, Original Code or
Contributor in the notice described in Exhibit A shall not of
themselves be deemed to be modifications of this License.)

165

APPENDIX E

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

7. DISCLAIMER OF WARRANTY.
COVERED CODE IS PROVIDED UNDER THIS LICENSE
ON AN "AS IS’’ BASIS, WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
WITHOUT LIMITATION, WARRANTIES THAT THE
COVERED CODE IS FREE OF DEFECTS,
MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR
NON-INFRINGING. THE ENTIRE RISK AS TO THE
QUALITY AND PERFORMANCE OF THE COVERED CODE
IS WITH YOU. SHOULD ANY COVERED CODE PROVE
DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL
DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME
THE COST OF ANY NECESSARY SERVICING, REPAIR
OR CORRECTION. THIS DISCLAIMER OF WARRANTY
CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE.
NO USE OF ANY COVERED CODE IS AUTHORIZED
HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
8. TERMINATION.
8.1. This License and the rights granted hereunder will terminate
automatically if You fail to comply with terms herein and fail to
cure such breach within 30 days of becoming aware of the
breach. All sublicenses to the Covered Code which are properly
granted shall survive any termination of this License. Provisions
which, by their nature, must remain in effect beyond the
termination of this License shall survive.
8.2. If You initiate litigation by asserting a patent infringement
claim (excluding declaratory judgment actions) against Initial
Developer or a Contributor (the Initial Developer or Contributor
against whom You file such action is referred to as "Participant")
alleging that:
(a) such Participant’s Contributor Version directly or
indirectly infringes any patent, then any and all rights granted
by such Participant to You under Sections 2.1 and/or 2.2 of
this License shall, upon 60 days notice from Participant
terminate prospectively, unless if within 60 days after
receipt of notice You either: (i) agree in writing to pay
Participant a mutually agreeable reasonable royalty for Your
past and future use of Modifications made by such
Participant, or (ii) withdraw Your litigation claim with respect
to the Contributor Version against such Participant. If within
60 days of notice, a reasonable royalty and payment
166

APPENDIX E

Mozilla* and expat* License Information

arrangement are not mutually agreed upon in writing by the
parties or the litigation claim is not withdrawn, the rights
granted by Participant to You under Sections 2.1 and/or 2.2
automatically terminate at the expiration of the 60 day notice
period specified above.
(b) any software, hardware, or device, other than such
Participant’s Contributor Version, directly or indirectly
infringes any patent, then any rights granted to You by such
Participant under Sections 2.1(b) and 2.2(b) are revoked
effective as of the date You first made, used, sold, distributed,
or had made, Modifications made by that Participant.
8.3. If You assert a patent infringement claim against Participant
alleging that such Participant’s Contributor Version directly or
indirectly infringes any patent where such claim is resolved (such
as by license or settlement) prior to the initiation of patent
infringement litigation, then the reasonable value of the licenses
granted by such Participant under Sections 2.1 or 2.2 shall be
taken into account in determining the amount or value of any
payment or license.
8.4. In the event of termination under Sections 8.1 or 8.2 above,
all end user license agreements (excluding distributors and
resellers) which have been validly granted by You or any
distributor hereunder prior to termination shall survive
termination.

167

APPENDIX E

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

9. LIMITATION OF LIABILITY.
UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL
THEORY, WHETHER TORT (INCLUDING NEGLIGENCE),
CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL
DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY
DISTRIBUTOR OF COVERED CODE, OR ANY SUPPLIER
OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON
FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR
CONSEQUENTIAL DAMAGES OF ANY CHARACTER
INCLUDING, WITHOUT LIMITATION, DAMAGES FOR
LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER
FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER
COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH
PARTY SHALL HAVE BEEN INFORMED OF THE
POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF
LIABILITY SHALL NOT APPLY TO LIABILITY FOR
DEATH OR PERSONAL INJURY RESULTING FROM SUCH
PARTY’S NEGLIGENCE TO THE EXTENT APPLICABLE
LAW PROHIBITS SUCH LIMITATION. SOME
JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
LIMITATION OF INCIDENTAL OR CONSEQUENTIAL
DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY
NOT APPLY TO YOU.
10. U.S. GOVERNMENT END USERS.
The Covered Code is a ’’commercial item,’’ as that term is defined
in 48 C.F.R. 2.101 (Oct. 1995), consisting of ’’commercial
computer software’’ and ’’commercial computer software
documentation,’’ as such terms are used in 48 C.F.R. 12.212
(Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R.
227.7202-1 through 227.7202-4 (June 1995), all U.S.
Government End Users acquire Covered Code with only those
rights set forth herein.

168

APPENDIX E

Mozilla* and expat* License Information

11. MISCELLANEOUS.
This License represents the complete agreement concerning
subject matter hereof. If any provision of this License is held to
be unenforceable, such provision shall be reformed only to the
extent necessary to make it enforceable. This License shall be
governed by California law provisions (except to the extent
applicable law, if any, provides otherwise), excluding its conflictof-law provisions. With respect to disputes in which at least one
party is a citizen of, or an entity chartered or registered to do
business in the United States of America, any litigation relating
to this License shall be subject to the jurisdiction of the Federal
Courts of the Northern District of California, with venue lying in
Santa Clara County, California, with the losing party responsible
for costs, including without limitation, court costs and reasonable
attorneys’ fees and expenses. The application of the United
Nations Convention on Contracts for the International Sale of
Goods is expressly excluded. Any law or regulation which
provides that the language of a contract shall be construed
against the drafter shall not apply to this License.
12. RESPONSIBILITY FOR CLAIMS.
As between Initial Developer and the Contributors, each party is
responsible for claims and damages arising, directly or indirectly,
out of its utilization of rights under this License and You agree to
work with Initial Developer and Contributors to distribute such
responsibility on an equitable basis. Nothing herein is intended or
shall be deemed to constitute any admission of liability.
13. MULTIPLE-LICENSED CODE.
Initial Developer may designate portions of the Covered Code as
“Multiple-Licensed.” “Multiple-Licensed” means that the Initial
Developer permits you to utilize portions of the Covered Code
under Your choice of the NPL or the alternative licenses, if any,
specified by the Initial Developer in the file described in Exhibit
A.
14. EXHIBIT A -Mozilla Public License.
“The contents of this file are subject to the Mozilla Public
License Version 1.1 (the "License"); you may not use this file
except in compliance with the License. You may obtain a copy of
the License at http://www.mozilla.org/MPL/.

169

APPENDIX E

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Software distributed under the License is distributed on an "AS
IS" basis, WITHOUT WARRANTY OF ANY KIND, either
express or implied. See the License for the specific language
governing rights and limitations under the License.
The Original Code is _________________________________.
The Initial Developer of the Original Code is _______________.
Portions created by _____________________ are Copyright ©
______ _______________________. All Rights Reserved.
Contributor(s): ______________________________________.
Alternatively, the contents of this file may be used under the
terms of the _____ license (the “[___] License”), in which case
the provisions of [______] License are applicable instead of
those above. If you wish to allow use of your version of this file
only under the terms of the [____] License and not to allow
others to use your version of this file under the MPL, indicate
your decision by deleting the provisions above and replace them
with the notice and other provisions required by the [___]
License. If you do not delete the provisions above, a recipient
may use your version of this file under either the MPL or the
[___] License."
[NOTE: The text of this Exhibit A may differ slightly from the
text of the notices in the Source Code files of the Original Code.
You should use the text of this Exhibit A rather than the text
found in the Original Code Source Code for Your Modifications.]

170

Support Services

Support for your SA7100/SA7120
U.S. and
Canada

For hardware service and telephone support, contact:
•

An HP-authorized reseller
or

•

HP Customer Support Center at 1-800-633-3600

APPENDIX F

Europe

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

For hardware service and telephone support, contact:
•

An HP-authorized reseller
or

•

One of the following HP Customer Support Centers:
Country and Number
Austria – 0660 6386
Belgium (Dutch) – 02 626 8806
Belgium (French) – 02 626 8807
Czech Republic – 420 2 613 07 310
Denmark – 3929 4099
English (non-UK) – +44 0870 842 2339
Finland – 02 03 47 288
France – 01 43 62 3434
Germany – 0180 525 8143
Greece – +30 (0) 16196411
Hungary – 36 1 382 1111
Ireland – 01 662 5525
Israel – 972 9 952 4848
Italy – 02 2 641 0350
Netherlands – 020 6068751
Norway – 22 11 6299
Poland – +48 22 8659800
Portugal – 21 317 6333
Russia – 7095 797 3520
South Africa RSA – 086 000 1030
Outside RSA – +27 11 258 9301
Spain – 902 321 123
Sweden – 08 619 2170
Switzerland – 084 880 1111
Turkey – 90 212 221 6969
United Kingdom – 0870 842 2339

134

APPENDIX F

Asia

Support for your SA7100/SA7120

For hardware service and telephone support, contact an HPauthorized reseller or one of these support centers:
Country and Number
Australia – 03-8877-8000
Hong Kong – 800-96-2598
India – 91-11-6826035
Indonesia – 0800-21511
Japan – 0120-220-119
Korea – +82-2-32700911
Malaysia – 60 3 2931811 or 1-800-881811
New Zealand –
Upper North Island – 09-356-6640
Lower North Island – 04-499-2026
South Island – 03-365-9805
People’s Republic of China – 86-8008105959
Philippines – 63 2 811-0643
Singapore – +65-2725300
Taiwan – +866-080-010055 / 886-2-7170055
Thailand – 66 2 6613891
Vietnam –
Hanoi – 84 4 9430101
Ho Chi Minh City – 84 8 8324155

Latin America

For hardware service and telephone support, contact an HPauthorized reseller or one of these support centers:
Country and Number
Argentina – (541) 4778-8380
Brazil –
Sao Paulo – (11) 3747-7799
All Others – 0800-15-77-51
Chile – 800-360-9999
Columbia – 9-800-91-9477
Guatemala – 1-800-999-5305
Mexico –
Ciudad de Mexico – 5258-9922
All Others – 800-472-6684
Peru – 0-800-10111
Puerto Rico – 1-877-232-0589
Venezuela –
Caracas – 207-8488
All Others – 800-47-777

135

APPENDIX F

Other
Countries

136

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

For hardware service, contact your local authorized reseller or HP
sales office. For telephone support, contact your authorized reseller.

Glossary

This section defines terms and acronyms used throughout the HP eCommerce Server Accelerator SA7100/SA7120 User Guide.
Bypass

User action causing traffic to bypass SA7100/SA7120 processing,
done either through the CLI bypass command or Bypass button on
the front panel of the SA7100/SA7120.

Cascading

A configuration of two or more SA7100/SA7120s serially connected
together to accommodate larger e-Commerce traffic processing
(CPS) loads.

Certificate

A digitally-signed token in an SSL-encrypted transaction containing
information including the issuer (Certificate Authority that issued the
certificate), the organization that owns the certificate, public key, the
validity period for the certificate, and the hostname.

Cipher

Any encryption algorithm, either symmetric or public key, operating
either as a data stream or divided into blocks.

DNS

Domain Name Server. A mechanism used in the Internet for
translating the names of host computers into addresses.

Flash

Permanent (non-volatile) storage for configuration changes.

GLOSSARY

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Fulfillment Server
HTTP
HTTPS
Inline
IP
IP Address
IP Service

Hypertext Transfer Protocol: the protocol used between a Web
browser and a server to request a document and transfer its contents.
HTTP exchanged over an SSL-encrypted session.
When the SA7100/SA7120 is able to process SSL traffic, the Inline
LED on the front panel is lit (blinking or steadily illuminated).
Internet Protocol
A unique identifier for a node on an IP network. Expressed in “dotted
decimal” notation. For example: 10.0.0.1.
A network-accessible, IP-accessible Application Protocol. For
example: HTTP, FTP, and the like.

Key

A public key and private key pair used to encrypt/decrypt messages.

Key Strength

Length, in bits, of keys used in data encryption or authentication. For
example: 56, 128, 512.

Keypair

176

A server that stores content used to satisfy user requests.

Matching public and private keys.

Load Balancing

The distribution of processing and communications activity across a
computer network so that no single device is overwhelmed. Load
balancing is particularly important for networks on which it is
difficult to predict the volume of requests likely to be issued to a
server. Busy Web sites typically employ two or more Web servers in
load balancing roles.

Port

In the context of TCP/IP sessions, a unique protocol-specific handle.

Private Key

The part of a key in a public key system that is kept secret and used
only by its owner. It is used for decrypting messages and for making
digital signatures.

Public Key

The part of a key in a public key system that is distributed widely, and
is not kept secure. Used for encryption or for verifying signatures.

Service

A service is an IP application paired with a port number. For
example: “HTTP:80.” This describes a service consisting of a
server's HTTP application listening on port 80. Another example of a
service: “FTP:21.”

GLOSSARY

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Signing Request
SNMP

SSL (Secure Socket
Layer)
VeriSign*

Required for a request for certificate authentication by a Certificate
Authority.
Simple Network Management Protocol. An application-layer Intenet
protocol by which multiple devices in a network can be monitored
and to some extent configured.
Protocol developed by Netscape for encrypted transmission over
TCP/IP networks, setting up a secure end-to-end link.
A well-known certificate authority.

177

GLOSSARY

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Notes

178

Index
A
Administration Commands 87
Alarms
Encryption status change 113
Logging 118
Network link status 117
Overload 116
Refused SSL connections 113
Utilization threshold 115
Automapping 30
Automapping with multiple port combinations 30
Automapping with user-specified key
and certificate 30
B
Blocking 31
All IPs, specific port 32
Delete block 33
Specific IP, specific port 31

Subnet IP, subnet mask, specific port
32
Bypass mode 137
C
Cascading 14, 40
Certificate Authority 17
Certificates 16
Ciphers 142
Combining automapping and manual
mapping 31
Commands for manipulating the history
50
config save 37, 39
Configuration Commands 70
Connectors 136
Cut and Paste 51
D
delete map 37, 39
Deleting a block 33

INDEX

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

E

Logging Commands 91

Egress routers 43
Encryption status change alarm 113

M

F
Failure/Bypass modes 137
Front panel LEDs 134

Manual mapping 30, 31
Mapping 29
Multiple 7100/7120s 40
Multiple servers 38
N

G
Getting Help 47
Global site certificates 23

Network connections 7
Network link status alarm 117
O

H
Help 47

Operational Commands 70
Overload alarm 116

I

P

Import
certificate 19, 21
import
key 38
Ingress routers 43
Input Editing Commands 50
Installation
Rack mounting 6
Values to know before you begin 5
Wiring connections 7

PassThrough switch 137
Port Mapping Commands 67

K
Keys 16
L
Logging alarms 118
180

R
Rack installation 6
Redirection for unsupported ciphers 26
Refused SSL connections alarm 113
Remote Management 93
CLI commands 94
Limitations 94
Telnet 96
Telnet, changing port 97
Telnet, enabling/disabling 98
Telnet, local console 96
Telnet, remote console 97
Remote SSH sessions 98

INDEX

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

S
Scenarios
Cascading Multiple 7100/7120s 40
Using the 7100/7120 43
Using the 7100/7120 with Multiple
Servers 38
Using the 7100/7120 with One Server 36
SNMP 100
Community string 109
Enabling 107
Private traps 106
Specifying information 108
Standard traps 106
Trap community string 109
Trap summary 106
software
license agreement 155
Spill enable 41
Spilling 15
SSL Commands 58
SSL Processing 29
Status Commands 57
Support 171
Asia 173
Europe 172
Latin America 174
Other Countries 174
US and Canada 171

U
Utilization threshold alarm 115

T
Telnet 96
Enabling/disabling 98
Throttling 15
Trap summary 106

181

INDEX

HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

Notes

182
Source Exif Data: 
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.4
Linearized                      : No
Modify Date                     : 2004:12:22 15:25:21-07:00
Create Date                     : 2001:03:20 11:43:11Z
Creator                         : FrameMaker 6.0
Page Count                      : 192
Page Mode                       : UseOutlines
Producer                        : Acrobat Distiller 4.05 for Windows
Mod Date                        : 2004:12:22 15:25:21-07:00
Creation Date                   : 2001:03:20 11:43:11Z
Metadata Date                   : 2004:12:22 15:25:21-07:00
EXIF Metadata provided by EXIF.tools

Navigation menu