Hp E Commerce Xml Director Sa8250 Users Manual Senior Technical Writer
2015-01-05
: Hp Hp-E-Commerce-Xml-Director-Sa8250-Users-Manual-155735 hp-e-commerce-xml-director-sa8250-users-manual-155735 hp pdf
Open the PDF directly: View PDF 
.
Page Count: 394
| Download | |
| Open PDF In Browser | View PDF |
KSHFRPPHUFH
[POGLUHFWRUVHUYHU
DSSOLDQFHVD
XVHUJXLGH
© Copyright 2001 Hewlett-Packard Company. All rights reserved.
Hewlett-Packard Company
3000 Hanover Street
Palo Alto, CA 94304-1185
Publication Number
5971-3003
March 2001
Disclaimer
The information contained in this document is subject to change without notice.
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY
KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not
be liable for errors contained herein or for incidental or consequential damages
in connection with the furnishing, performance, or use of this material.
Hewlett-Packard assumes no responsibility for the use or reliability of its
software on equipment that is not furnished by Hewlett-Packard.
Warranty
A copy of the specific warranty terms applicable to your Hewlett-Packard
products and replacement parts can be obtained from http://www.hp.com/
serverappliances/support/.
*Other brands and names are the property of their respective owners.
Contents
Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Introduction to the SA8250. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Benefits of the SA8250. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Typographic Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Chapter 2: Theory of Operations . . . . . . . . . . . . . . . . . . . . . . 11
General Operating Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
XML Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
XML Expression Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
XML Data Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Commands and Operators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Boolean Operators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Function Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
XML Pattern Creation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
XML Pattern Matching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
CONTENTS
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
MIME Content Type Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
URL Encoded MIME Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Multipart MIME Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Document Number Specification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Content Transfer Encoding Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Signed-Only S/MIME Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
XML “Well formed” errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
XML default special case . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Layer 4 (HOT) Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Layer 7 (RICH) Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Out-of-Path Return (OPR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
FTP Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Sticky Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Sticky Persistence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Sticky-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
SSL and Sticky . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Server-timeout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Grouping Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
SSL Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
SSL Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Application Message Traffic Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
HTTPS Redirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Client Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
HTTP Header Option Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Load Balancing Across Multiple Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Balancing Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Response-time Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Primary and Backup Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Server Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Source Address Preservation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Multi-hop Source Address Preservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
RICH expressions in XML patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Order of RICH expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Routing with Dual Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Prioritization and Policy Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Routing Method for VIP Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Error Detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
ii
Contents
Server Status Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
HTTP Error Detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Serial Cable Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Serial Cable Failover Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Replicating the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Chapter 3: Boot Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Using the Boot Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Accessing the Boot Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Interrupting the Bootup Sequence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Using the Run Time CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Boot Monitor Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Chapter 4: Graphical User Interface . . . . . . . . . . . . . . . . . . . . 79
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Logon Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Logging on to the GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Topology Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Using the Topology Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Purposes of the Topology Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Topology Screen Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Topology Screen Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Window Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Policy Manager Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Policy Manager Controls and Displays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Policy Manager Toolbar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Policy Manager’s Pop-up Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Policy Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Creating Policy Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Throttling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Deleting Policy Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Creating Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Additional Service Tab Controls and Displays . . . . . . . . . . . . . . . . . . . . . . . . . 92
iii
CONTENTS
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Balance Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
XML Service Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Deleting Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
XML Server Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Deleting Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Administration Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Settings Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Software Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
System Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Agent Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Users Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Routing Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
System Role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Active Routing Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
RIP Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
OSPF Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Security Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Source IP Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Access Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
GUI Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
CLI Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
SNMP Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Multi-Site Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Logging Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Specifying System Log Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Viewing the Log File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Configuration Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Saving Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Restoring Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Deleting Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Copying Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Viewing Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Resetting the Factory Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Sending and Retrieving Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Tools Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
iv
Contents
Ether . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Netstat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Nslookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Trace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Statistics Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Statistics Screen Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Statistics Box. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Graph Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Selection List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Window Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Graphing Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Chapter 5: Command Line Interface . . . . . . . . . . . . . . . . . . . 153
CLI Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Secure Shell Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Pipes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Categorical List of CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Global System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Admin Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
File Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
IRV Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
GUI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Policy Group Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Service Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
SSL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
v
CONTENTS
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Run-Time CLI Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Global System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Admin Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
File Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
IRV Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
GUI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Policy Group Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
SSL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Chapter 6: Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
SA8250 Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Scenario 1: Load Balancing a Web Site with Two Servers and the SA8250 in Inline
Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Prerequisites for Scenario 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Procedure for Scenario 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Scenario 2: Load Balancing Servers with Source Address Preservation . . . . . . 241
Prerequisites for Scenario 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Procedure for Scenario 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Scenario 3: Routing Outbound Data Away from the SA8250 for OPR . . . . . . . 244
Prerequisites for Scenario 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Procedure for Scenario 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Scenario 4: Content Routing using RICH only. . . . . . . . . . . . . . . . . . . . . . . . . . 247
Prerequisites for Scenario 4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Procedure for Scenario 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Scenario 5: Using SSL Acceleration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Procedure for Scenario 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Scenario 6: Content Routing using RICH and XML expressions . . . . . . . . . . . . 255
Using the default special case . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Scenario 7: Using CRLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
vi
Contents
Prerequisites for Scenario 7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Procedure for Scenario 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Chapter 7: SNMP Support . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Standards Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
MIB Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Supported MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Where to find MIB Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Trap Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Standard SNMP Traps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Displaying SNMP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Configuring Community Authentication and Security Parameters . . . . . . . . . . . 272
Configuring Trap Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Configuring Other SNMP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Chapter 8: Software Updates . . . . . . . . . . . . . . . . . . . . . . . . 275
Updating Your System Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Multiple Software Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Software Image Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Saving Your Current Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Downloading and Installing the Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Rebooting with the New Image and Verifying Installation . . . . . . . . . . . . . . . . . 278
Upgrading Under Serial Cable Failover Configuration . . . . . . . . . . . . . . . . . . . . 279
Appendix A: Security Configuration. . . . . . . . . . . . . . . . . . . 281
Recommended Security Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Appendix B: SSL Configuration . . . . . . . . . . . . . . . . . . . . . . 283
Obtaining Keys and Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Copying and Pasting Keys and Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Obtaining a Certificate from Verisign or another CA . . . . . . . . . . . . . . . . . . . . . 285
Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Importing Keys into the SA8250 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Importing Certificates into the SA8250 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Creating a new Key/Certificate on the SA8250. . . . . . . . . . . . . . . . . . . . . . . . . . 288
vii
CONTENTS
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Using Global Site Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Generating a Client CA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Generating a CRL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Revoking a Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Using Ciphers with the SA8250 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
HTTP Header Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Appendix C: Failover Method Dependencies . . . . . . . . . . . . 297
Failover Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Appendix D: Configuring Out-of-Path Return . . . . . . . . . . . 301
Configure OPR for Windows* 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Set the Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Configure OPR for Windows* NT* . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Set the Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Run a Web Service on the Loopback Interface Using IIS 3.0 . . . . . . . . . . . . 321
Run a Web Service on the Loopback Interface Using IIS 4.0 . . . . . . . . . . . . 322
Configuring OPR for a UNIX-based Apache Web Server . . . . . . . . . . . . . . . . . . . . 323
Appendix E: Diagnostics & Troubleshooting . . . . . . . . . . . . 325
Running Diagnostics on the SA8250 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Diagnostic LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Power Indication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Boot-time LED Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Run time LED Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Run time Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Appendix F: Cleaning the Dust Filter . . . . . . . . . . . . . . . . . . 335
Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Cleaning Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
viii
Contents
Regulatory Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Taiwan Class A EMI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
VCCI Class A (Japan). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
VCCI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Australia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
FCC Part 15 Compliance Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Canada Compliance Statement (Industry Canada) . . . . . . . . . . . . . . . . . . . . . . . . . . 340
CE Compliance Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
CISPR 22 Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
WARNING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
AVERTISSEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
WARNUNG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
AVVERTENZA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
ADVERTENCIAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Wichtige Sicherheitshinweise. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Software License Agreement . . . . . . . . . . . . . . . . . . . . . . . . . 349
Mozilla* and expat* License Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
MOZILLA PUBLIC LICENSE, Version 1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Support Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Support for your SA8250 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
U.S. and Canada. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Europe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Asia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Latin America . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
Other Countries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
ix
CONTENTS
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Notes
x
Introduction
Introduction to the SA8250
The HP e-Commerce/XML Director Server Appliance SA8250
provides the flexibility to classify and load balance Extensible
Markup Language (XML) traffic according to content and distribute
it according to user-defined parameters. The SA8250 makes it easy
to use the most appropriate resources at the datacenter to handle
incoming requests.
The SA8250 is positioned in the network in front of the web,
application, or business-to-business (B2B) XML servers, where it
senses and parses XML messages or transaction data. It routes client
data to the most appropriate server, based on rules that have been preconfigured for each web server. The most common application is a
B2B environment where the client will often be another server or
application.
CHAPTER 1
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
The SA8250 also provides reliable URL- and port-based load
balancing, failover, and policy-based management to your eCommerce site, web site, or Intranet. The SA8250 adds the ability to
look into the data beyond the URL, and is the best load balancing
solution available for the reasons shown in this table.
Feature
Description
Reliability
The SA8250 provides 7 x 24 uptime through failover systems and
the inherent robustness of leading network protocols.
Fault Resistance
The SA8250-managed configurations offer many features and
capabilities that improve the availability and reliability of serverbased services.
Policy-based
Management
The SA8250 allows system administrators to implement classes of
service, assign priority levels, and set target response times.
Intelligent Content
Routing
The SA8250 takes application-aware routing to a new level with
the ability to segment Internet content according to the requested
URL and embedded XML data.
Error Recovery
Application intelligence allows the SA8250 to understand and
correct transport-related application errors transparently to the end
user.
Secure Sockets Layer
Acceleration
The SA8250 can offload encrypted web traffic (HTTPS) providing
a significant performance improvement over web server based
Secure Sockets Layer (SSL) processing.
SA8250 Features
Assumptions
This document assumes that you are a network administrator and that
you have at least a basic understanding of the following:
2
•
XML usage and syntax
•
Networking concepts and terminology
•
Network topologies
•
Networks and IP routing
CHAPTER 1
Benefits of the SA8250
Benefits of the SA8250
This table lists the benefits of the SA8250.
Benefit
Description
Distribute XML traffic
among multiple servers
according to content
The SA8250 analyzes and intelligently distributes XML traffic.
The SA8250 categorizes XML traffic by content according to
user-crafted rules, and then distributes it among multiple servers,
thus allowing network resources to be used in a manner consistent
with your corporate goals.
Substantial performance
boost and reliability for
e-Commerce
The SA8250 increases the speed, scalability, and reliability of
multi-server e-Business sites. It regains the speed lost by servers
processing secure transactions by delivering faster SSL
processing. It integrates SSL processing with XML traffic
management technology, eliminating errors and improving Quality
of Service (QoS). This unique capability ensures that customers
working with sensitive information or business-to-business
transactions online receive timely responses, do not see error
messages, and are confident that delivery of their information is
kept private.
SSL acceleration
Some e-Commerce sites suffer dramatic performance degradation
as secure transactions increase. Using patent-pending technology
to perform cryptographic processing offloaded from the server, the
SA8250 can support up to 1200 SSL connections per second.
The SA8250 enables e-Commerce sites to transact secure business
and deliver sensitive information quickly, and confidentially. It
performs all key management and encryption. The result is a
tremendous performance boost for heavily trafficked e-Commerce
sites.
Substantial economic
benefits
The SA8250 improves customer satisfaction by improving the
response time for secure transactions. This means that eCommerce sites can now enjoy the benefits provided by having
secure transactions participate in layer 7 intelligent traffic
management. This creates substantial economic savings for eCommerce sites through improved customer satisfaction, lower
cost of ownership, and reduced server provisioning requirements.
Benefits
3
CHAPTER 1
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Benefit
Description
SSL acceleration and
intelligent traffic
management benefits
Performance degrades dramatically as more customers access a
site in SSL mode, frustrating the very customers who are
attempting to make a purchase. The SA8250 is essential to
providing high performance and superior levels of service when
building reliable, scalable, and secure e-Commerce sites.
Off-loading SSL handling from e-Commerce servers improves
overall site performance and customer response time
Accelerated SSL processing eliminates over-provisioning capacity
Lower processing demands on the server creates greater capacity
for your e-Commerce site
Drop-in installation avoids impacting your mission critical eCommerce servers
Response-time based prioritized service for secure transactions
Improved responsiveness, reliability, and QoS for secure
transactions means delivering the highest levels of support for
paying customers
Ensures that e-Commerce merchants are always open for business
by preventing “Server Too Busy” and “File Not Found” errors,
even for secure transactions
Patent pending
intelligent XML content
routing for secure
transactions
The SA8250 implements intelligent traffic management for secure
transactions, dramatically improving an e-Commerce site’s
responsiveness, reliability, and QoS. While typical traffic
management devices make decisions based only on information at
Layer 4 in the network stack, the SA8250 is the only XML
appliance that combines Layer 4 through 7 (application/content)
awareness to speed up response times and eliminate error
messages for secure transactions. It keeps e-Commerce sites open
for business, even during back-end transaction problems or content
glitches.
Benefits (continued)
4
CHAPTER 1
Benefits of the SA8250
Benefit
Description
Intelligent session
recovery for secure
transactions
The SA8250 provides Intelligent Session Recovery technology for
secure transactions. By monitoring content within the response
sent back by the server, Intelligent Session Recovery detects
HTTP 400, 500, or 600 series errors, transparently rolls back the
session, and redirects the transaction to another server until the
request is fulfilled.
Response-time base
prioritized service for
secure transactions
The SA8250 enables system administrators to implement varying
classes of service, assign priority levels, and set target response
times for secure transactions. The SA8250 continually measures
the response times of each class of service group and assigns
incoming requests to the server that can fulfill those requests
within the predefined response time. If the response time exceeds
the predefined threshold, requests designated as high priority
receive preference over those of lower priority. The SA8250
offers predictable performance for high-priority secure requests.
Benefits (continued)
5
CHAPTER 1
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Specifications
This table lists the specifications for the SA8250.
Specification
Description
Servers supported
Any Web server (Apache, Microsoft, Netscape, etc.)
Most operating systems, including UNIX*, Solaris*, Windows
NT*, BSD*/BSDI*, AIX*, etc.
Any server hardware (SUN, HP, IBM, Compaq, SGI, etc.)
No practical limit on number of servers
System administration
Command line interface (CLI)
Web-based graphical user interface (GUI)
SNMP monitoring (MIB II and Private MIB)
Dynamic configuration through password-protected serial console,
telnet, SSH v1, and SSH v2
Performance
Rated up to 1200 HTTPS connections/sec, 2500 RICH (Layer 7)
HTTP connections/sec, 6600 HOT (Layer 4) connections/sec,
95 Mb/sec
Layer 7 traffic management
Patent-pending technology offloads all cryptographic processing
from server
Dimensions
Mounting: Standard 19-inch rack mount
Height: 3.5 inches (8.9 cm)
Width: 17 inches (43.2 cm)
Depth: 20.16 inches (51.21 cm)
Weight
24 pounds (10.89 kg)
Specifications
6
CHAPTER 1
Specifications
Specification
Description
Interface connections
Dual 10/100 Ethernet
TTY Serial - console
Failover port
Transparent operation
Supports single or multiple Virtual IP (VIP) addresses per domain
Priority classes
Application/protocol types supported: HTTP, HTTPS, FTP,
NNTP, or any TCP port
Patent pending XML and
intelligent content
routing
Content: URL, file types such as *.GIF, file paths such as
\ads\, and file names such as index.html
Transactions: Transaction types such as *.CGI
XML patterns: Defined by RICH (Layer 7) and XML expressions,
in the form: */order.asp & //From[id=”acme”]
Intelligent session
recovery
Automatically resubmits requests
Traps 400, 500, and 600 series errors for HTTP and HTTPS
Response-time based
Sets and enacts target response times
priority for secure and
non-secure transactions Directs data based on class priority and target response times
Real-time performance monitoring
Automatic server weighting and tuning
Server-state aware (“sticky”) based on source IP, SSL session ID,
or HTTP cookie
System fault tolerance
and failover
Single site, single or multiple connections
Automatic detection of status change and health of servers
Intelligent Resource Verification (IRV)
Specifications (continued)
7
CHAPTER 1
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Specification
Description
Security features
supported
RSA, RC2, RC4, DES, Triple DES, IDEA, Blowfish, MD5, SHA
SSL v2 and v3 for transaction security
SSH for secure Command Line Interface (up to 168 bit)
IP filtering
Serial port logon
Specifications (continued)
8
CHAPTER 1
Typographic Conventions
Typographic Conventions
The following typographic conventions are used throughout this
manual.
NOTE: This is an
example of a note.
NOTES clarify a point, emphasize vital information, or describe
options, alternatives, or shortcuts. Except for tables, notes are always
found in the left margin.
CAUTION: This is an
example of a caution.
CAUTIONS are designed to prevent possible mistakes that could
result in injury or equipment damage. Except for tables, cautions are
always found in the left margin.
NUMBERED LISTS indicate step-by-step procedures that you must
follow in numeric order, even if only one step is listed:
1. This is the first step.
2. This is the second step.
3. This is the third step, etc.
BULLETED LISTS indicate options or features available to you:
•
A feature or option
•
Another feature or option, etc.
ITALICS are used for emphasis or to indicate onscreen controls:
4. To edit the configuration settings, press the Configure tab.
COMMANDS are shown in the following ways:
•
Any command or command response text that appears on the
terminal is presented in the courier font.
•
Any text that you need to type at the command line appears in
bold courier, for example:
HP SA8250/config/policygroup#create gold
•
Angled brackets (< >) designate where you enter variable
parameters
•
Straight brackets ([ ]) show parameter choices, separated by
vertical bars
•
Braces ({ }) show optional commands and parameters
9
CHAPTER 1
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
•
10
Vertical Bars ( | ) separate the choices of input parameters within
straight brackets. You can choose only one of the set of choices
separated by vertical bars. Do not include the vertical bar in the
command.
Theory of
Operations
General Operating Principles
This chapter discusses the general operating principles of the HP eCommerce/XML Director Server Appliance SA8250. For details
about the complete SA8250 command set, see Chapter 5. For
information about completing specific tasks, see Chapter 6.
CHAPTER 2
XML
Operations
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
The SA8250 provides a powerful means of using eXtensible Markup
Language (XML) technology to facilitate B2B transactions. In
addition to its XML capability, the SA8250 provides Layer 4 (HOT)
services, Layer 7 (RICH) services, and Secure Sockets Layer (SSL)
acceleration.
The SA8250 accepts user-created rules regarding the content of
information transmitted in XML documents, and uses the rules to
route the information to the appropriate data center resources.
Before you can configure the SA8250, you must first obtain the
following information:
•
Which of the several common formats or varieties of XML will
be used in the client application
•
Which elements, attributes, or data in the anticipated XML traffic
represent the significant markers by which value is determined
You control the XML functionality using the XML Server Tab of
Policy Manager screen in the Graphical User Interface (GUI, Chapter
4), or the Command Line Interface (CLI, Chapter 5), as demonstrated
in this chapter. The SA8250 manages XML traffic using the “XML
expression,” a definition of one or more patterns that describe
specific conditions to be compared with incoming XML data.
Patterns are assigned only to servers identified by their IP address and
port. When a match between a pattern and the incoming data occurs,
the SA8250 routes that data to the desired server for fulfillment.
12
CHAPTER 2
XML Operations
XML Expression Syntax
This table lists the valid XML expression syntax for the SA8250.
These are described in more detail on the following pages.
Expression
Syntax
XML Expression
PathExpression
PathExpression
Path | PathExpression BooleanOperator PathExpression |
‘(‘ PathExpression ‘)’
Path
( ‘/’ | ‘//’ ) Element + Filter ?
Filter
‘[‘ FilterExpression ‘]’
FilterExpression
(Element | Attribute | Function Call) (ComparisonOperator
Value )? | ‘(‘ FilterExpression ‘)’ | FilterExpression
BooleanOperator FilterExpression
Value
Literal | Number
Number
Integer | Decimal
ComparisonOperator
‘>’ | ‘<‘ | ‘=’ | ‘!=’ | ‘>=’ | ‘<=’
BooleanOperator
‘and’ | ‘or’
FunctionCall
FunctionName ‘(‘ ( Argument ( ‘,’ Argument )* )? ‘)’
FunctionName
‘starts-with’ | ‘contains’ | ‘translate’
Attribute
‘@’ ( AttributeName | ‘*’ )
Element
ElementName | ‘*’
XML Expression Syntax
13
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
XML Data Model
For standard SA8250 operations, XML data consists of three
hierarchical components or nodes:
NOTE: We indented
XML commands for ease
of reading in this
document. However, the
leading spaces or tabs
are not significant.
•
Elements (data types)
•
Attributes (subcategories of a data type or element)
•
Text (specific data such as names, addresses, and quantities)
The relevant content of an XML document is defined within these
three components. This example shows a block of incoming XML
text as received by the SA8250:
MedCo
5
13280 Evening Creek Dr
San Diego
California
92128
Where:
•
employee, name, id, benefits, grade, address,
street, city, state, and zip are elements of the XML
document.
•
lastName, firstName, and initial are attributes of the
name element.
•
eid and jobClass are attributes of the id element.
•
13280 Evening Creek Dr, San Diego, California,
and 92128 are text components of the street, city,
state, and zip elements, respectively.
XML expressions configured in the SA8250 are matched against
items as shown above and routed for fulfillment according to server
assignments.
14
CHAPTER 2
XML Operations
Commands and Operators
The SA8250 uses an XML Path Language (XPath) subset.
XML patterns are created in the CLI or GUI using a set of commands,
operators, and comparison operators with XML elements, attributes,
and text components. Patterns take the form of a “path,” similar to
the “expressions” used in configuring the SA8250 for HTTP parsing
as described later in this chapter.
NOTE: For a detailed
description of XML
commands, see Chapter
5.
A path consists of a sequence of one or more XML elements
separated by single or double slashes (/ or //). The first element is also
preceded by single or double slashes. These slashes are step
operators and are used to select elements relative to the context node,
as described in this table.
Operator
Name
Description
/
child operator
Selects all immediate children of the context node
//
descendant operator
Selects elements anywhere under the context node
XML Step Operators
The comparison operators are described in this table.
Operator
Name
Description
=
Equal
Returns true if any values of the nodes specified in the pattern equals
to a given value
!=
Not equal
Returns true if at least one value of the nodes specified in the
patterns does not equal to a given value
<
Less than
Returns true if at least one value of the nodes specified in the
patterns is less than the specified value
<=
Less than or
equal to
Returns true if at least one value of the nodes specified in the
patterns is less than or equal to the specified value
>
Greater than
Returns true if at least one value of the nodes specified in the
patterns is greater than the specified value
>=
Greater than
or equal to
Returns true if at least one value of the nodes specified in the
patterns is greater than or equal to the specified value
XML Comparison Operators
15
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Each element together with the operator selects a set of nodes in the
XML data tree relative to a context node. This set of nodes must
match the name of the element specified in a step. Every path starts
with the root node as the first context node. Nodes selected in a step
form the set of context nodes for the following step.
You can specify an element as “*”, which selects any element relative
to the context node. You can also specify an optional filter at the end
of a path to further refine XML data stream parsing.
Using the “employee” from the earlier XML data example, an XML
pattern on the SA8250 might look like this:
* & //address[zip > 90000]
where:
•
* is a Layer 7 (RICH) wildcard expression
•
//address[zip > 90000] is an XML expression
For more information on XML patterns, see “XML Pattern Creation”
later in this chapter.
Because the server is configured for any zip codes greater than 90000,
and John K. Smith’s zip code is 92128, the SA8250 directs his
employee data to that server.
You can specify an attribute as @AttributeName, or @* to select any
attribute relative to the context node.
Filters are identified by a FilterExpression enclosed within square
brackets, [ ]. They define a pattern within a pattern following this
general structure:
( (’/’ | ’//’) Element )?
[ FilterExpression ]
Filter expressions are applied to every element returned by the
preceding path pattern. They return a Boolean TRUE if the server is
a valid choice, or FALSE if that server will not be used.
An element or attribute by itself inside a filter expression specifies an
existence test. For example:
//a[b or @c]
16
CHAPTER 2
XML Operations
The operative component of a FilterExpression is a comparison
expression or any FunctionCall expression that returns a string value,
which compares either an element or an attribute against a specified
value. An element in a FilterExpression refers to the child element of
the context node, while an attribute refers to the attribute of the
context node.
Comparison expression syntax:
(Element | Attribute | FunctionCall)
ComparisonOperator Value
FunctionCall expression syntax:
FunctionName ’(’ (Argument (’,’ Argument)*)? ’)’
For more information on Function Calls, see “Function Calls” later in
this chapter.
You can combine comparison expressions and the FunctionCall
expression with Boolean operators and parentheses to create complex
filter expressions, as shown in this table.
Sample Pattern
Description
//employee[grade=5]
Matches if an employee element with a child element grade
value equal to 5
//name[@lastName=
”Smith”]
Matches if a name element with an attribute lastName=Smith
//employee[grade=5] and Matches if an employee element with a child element grade
//grade[@title=
value equal to 5 and a child element with an attribute
”manager”]
title=”manager”
Comparison Expression Samples
17
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Boolean Operators
Boolean operators are logical operators between expressions. These
operators are used in the PathExpression and the FilterExpression:
•
BooleanOperator
•
BooleanOperator
This table shows two Boolean operators.
Operator
Name
Description
and
Logical AND operator
Performs a logical AND operation
or
Logical OR operator
Performs a logical OR operation
Boolean Operators
This table shows examples of Boolean operators.
Sample Pattern
Description
//benefits[@status and
medicalCarrier]
Matches if there is a benefits element, a status attribute, and a
medicalCarrier child element. status and medicalCarrier are
associated with the benefits element.
//benefits[@status or
medicalCarrier]
Matches if there is a benefits element, a status attribute, or a
medicalCarrier child element. status and medicalCarrier are
associated with the benefits element.
//benefits or //grade
Matches if there is a benefits or grade element
Boolean Expression Samples
18
CHAPTER 2
XML Operations
Function Calls
A FunctionCall expression is evaluated by using the FunctionName
to identify a supported function, evaluating each of the arguments if
needed, and calling the function passing the required arguments. It is
an error if the number of arguments is wrong or if an argument is not
of the required type. The result of the FunctionCall expression is the
result returned by the function. A FunctionCall can only be specified
within a FilterExpression.
This table describes the three supported string functions.
Function
Description
starts-with(value,
substring)
The starts-with function test whether the string value of value starts the
specified substring. value can be either an element, attribute, or function
call that returns a string value. substring must be a literal value enclosed
in single or double quotes. A Boolean value of TRUE or FALSE is
returned.
contains(value,
substring)
The contains function tests whether value contains the specified
substring. value can be either an element, attribute, or function call that
returns a string value. substring must be a literal value enclosed in single
or double quotes. A Boolean value of TRUE or FALSE is returned.
translate(value,
fromString,
toString)
The translate function replaces characters in the value string if they
appear in the fromString with the corresponding characters in the
toString. If a character appears in fromString but not in the
corresponding position in toString, the character will be dropped from
the value string. The result string is returned. value can be either an
element, attribute, or function call that returns a string value. Both
fromString and toString have to be a literal value enclosed in single or
double quotes.
Function Calls
19
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
This table shows function call samples.
Sample Pattern
Description
//employee/name[startswith(@lastName,”S”)]
Matches if there is an employee element with a name child element
that has a lastName attribute value starting with “S”
//id[contains(@eid,
“456”)]
Matches if there is an id element with the value of an eid attribute
containing “456”
//id[contains(translate
(@jobClass,’abcdefghijk
lmnopqrstuvwxyz’,
‘ABCDEFGHIJKLMNOP
QRSTUVWXYZ’),
‘SYSTEM ENGINEER’)]
Matches if there is an id element with the value of a jobClass
attribute containing “System Engineer.” All characters in the
jobClass attribute are converted to uppercase before being passed
to the contains function.
Function Call Samples
20
CHAPTER 2
XML Operations
Values
Values are used to specify the right operand of a comparison
expression, and can be either a literal (such as a string) or a number.
A literal has to be enclosed either in single or double quotes. If the
literal string contains a single quote, double quotes should be used to
enclose the string. If the literal string contains double quotes, single
quotes should be used to enclose the string. Character references
(both decimal and hexadecimal format) and predefined entities as
described in the XML specification can be used within the literal
string.
The string value of the left operand is obtained for literal equality
comparisons. If an element is specified for the left operand, only
elements without a child element should be used. Although the upper
level elements are not supported, this generally is not a problem,
since in most cases only the lowest level element contains text values.
A number can be either a decimal number or an integer. Numbers
should not be enclosed in quotes. If a number is enclosed in quotes,
it is treated as a literal. A number can be signed by proceeding it with
a ’+’ or ’-’ sign. A decimal number must contain only one decimal
point with at least one digit.
A numeric comparison is either an equality comparison with a
numeric right operand or a non-equality comparison. Both the value
of the left and right operands, if needed, are converted to numeric
values before a numeric comparison is made. If the value cannot be
converted to a number, the comparison returns false.
21
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
XML Pattern Creation
XML-related commands are issued at the /xmlpattern level of the
CLI, below the server port level. For example:
…/server/10.1.1.1/port/80/xmlpattern#
create */order.asp & doc=3 & //From[id="Acme"]
NOTE: Case is
significant for text
elements like “Acme.”
Incoming text using
“acme” (all lowercase)
does not match, unless
you use the translate()
function to convert text
case.
where:
•
*/order.asp is the Layer 7 (RICH) expression
•
doc=3 is the third document in a multipart or URL encoded
message. For more information, see “Document Number
Specification” later in this chapter.
•
//From[id=”Acme”] is the XML expression.
It is imperative that XML commands be written as shown above, with
spaces on either side of all ampersands (&) used to separate the RICH
expression, document number (if used), and XML expression (if
used). Failure to do so results in an error.
Once created, XML patterns receive index numbers and are stored in
a list. You can display this list by typing the info command:
…/server/10.1.1.1/port/80/xmlpattern#info
This results in a list of expressions by their index number.
XML commands can also be entered and managed using the Policy
Manager screen of the Graphical User Interface. For more
information, see Chapter 4.
For more information on XML commands, see Chapter 5.
22
CHAPTER 2
XML Operations
XML Pattern Matching
Please refer to this example XML command throughout this
discussion:
create */order.asp & doc=3 & //From[id="Acme"]
The SA8250 attempts to find XML pattern matches in the following
sequence:
1. RICH expression matches. If the RICH expression
(*/order.asp) does not match, the document number and
XML expression are ignored.
NOTE: We recommend
using the same document
number in all XML
patterns with the same
RICH expression for a
service. If you specify
different document
numbers for each XML
pattern of the same RICH
expression, it could cause
degraded performance,
because a different XML
document has to be
parsed for each XML
pattern to be matched.
2. Optional document number matches. doc=3 instructs the
SA8250 to use the third document for matching against the XML
expression. If the third document is missing, or is not an XML
document, the data is treated as a non-XML document and
directed to the first matching RICH expression server.
For more information on the document number, see “Document
Number Specification” later in this chapter.
3. Optional XML expression matches. If both the RICH and XML
expressions match, the SA8250 directs the client data to the
server matching the XML expression (//From[id=”Acme”]).
4. If only the RICH expression matches, or the XML expression is
missing, the SA8250 either directs the client data to a default
server, or returns an HTTP error 503, “No Servers Available”
message to the client. This depends upon the SA8250’s
configuration.
For information on how to configure a default server, see Chapter
4.
For more information on RICH expressions, see “RICH
expressions in XML patterns” later in this chapter.
If any server in a service has undefined XML expressions, that server
will be used for any XML data sent to that service, regardless of
content. To prevent this, ensure that you define XML expressions on
all servers within a service.
23
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
MIME Content Type Support
Multipurpose Internet Mail Extension (MIME) values in the
“Content-Type” HTTP header are recognized by the SA8250 and
handled accordingly. This is primarily to support multipart and URL
encoded messages which can contain multiple documents in the
message body. The “Content-Type” header has the following format:
Content-Type: /
[ ; ] *
The media type and subtype, the charset parameter, and the
boundary parameter are recognized. The boundary parameter is
only used for multipart messages.
The charset Parameter
The optional charset parameter in the “Content-Type” header is used
to identify the character set used for the XML document. If encoding
is also specified in the prolog of the XML document, the charset
parameter in the “Content-Type” header is used instead. Any
unrecognizable charset or encoding causes the SA8250 to treat the
document as non-XML. Valid character sets include:
24
•
UTF-8
•
UTF-16
•
US-ASCII
•
ISO-8859-1
CHAPTER 2
XML Operations
Media Type and Subtype
This table lists the recognized media type and subtypes. The media
types listed are the currently defined types registered with the IANA
(Internet Assigned Number Authority). The SA8250 cannot
recognize all possible media subtypes, because many of them are
proprietary.
Media Type
Media Subtype
How it is processed by the SA8250
text
xml
Treated as XML
other subtypes
Check if XML
voice-message
Treated as non-XML
encrypted
Treated as non-XML
other subtypes
Extract individual part and classify
xml
Treated as XML
x-www-form-urlencoded
Extract individual field value, check if XML
pkcs7-mime/x-pkcs7-mime
Treated as non-XML
other subtypes
Check if XML
rfc822
Parse initial rfc822 header and classify
partial
Treated as non-XML
other subtypes
Check if XML
any subtypes
Treated as non-XML
multipart
application
message
any other
media type
Media Types and Subtypes
Media type recognition allows the XML engine to determine the
format of the message and the type of content being embedded. If a
media subtype is “xml,” the document is treated as an XML
document without further examination. If a media type indicates
explicitly non-XML, such as audio, video, or image, the document is
treated as non-XML.
25
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
URL Encoded MIME Processing
Messages with a “application/x-www-form-urlencoded” media type
are URL encoded messages in a special format that contains a set of
field names and values, with the values encoded. This shows how the
body of an URL encoded message is formatted:
=[ & =
] *
Each encoded value is potentially an XML document, and is referred
to as a document in the context of document selection. Each encoded
value is extracted from the message body and decoded before being
checked for XML data and matched against the XML expressions.
There can be multiple fields, and thus multiple potential XML
documents, in a URL encoded message. The first XML document is
used for pattern matching, unless a document number is specified, as
described in “Document Number Specification” later in this chapter.
Multipart MIME Processing
Multipart messages contain multiple body parts. Each body part is
preceded with a boundary string specified in the boundary parameter
in the “Content-Type” header. The body of each body part can be
optionally preceded with its own MIME headers. Each body part
contains a separate document and is extracted individually before any
XML parsing is made. If the boundary parameter is missing for a
multipart message, the message will be treated as a non-XML,
because there is no way to interpret the body of the message. This is
an example of a simple 2-part multipart message:
POST /Order.asp HTTP/1.0
Content-Type: multipart/mixed;
boundary = “Body Part Boundary”
Content-Length: 2048
--Body Part Boundary
Content-Type: text/xml
Content of Document 1
--Body Part Boundary
Content-Type: image/jpeg
Content of Document 2
--Body Part Boundary--
26
CHAPTER 2
XML Operations
Multipart messages can also be nested:
POST /Order.asp HTTP/1.0
Content-Type: multipart/mixed;
boundary = “Body Part Boundary”
Content-Length: 2048
--Body Part Boundary
Content-Type: multipart/related;
boundary = “Nested Body Part Boundary”
--Nested Body Part Boundary
Content-Type: text/xml
Content of Document A
--Nested Body Part Boundary
Content-Type: text/xml
Content of Document B
--Nested Body Part Boundary---Body Part Boundary
Content-Type: text/xml
Content of Document C
--Body Part Boundary--
The first body part that contains an XML document is used for pattern
matching, unless a specific document number is specified.
Document Number Specification
NOTE: To maximize
performance, the
document number of all
XML patterns with the
same RICH expression
should be consistent on
all servers.
Since both URL encoded and multipart messages can contain
multiple XML documents, the document number specifes which
document is used for matching against a specific XML expression.
An incorrect match results if the wrong XML document is specified.
An example is shown in the “XML Pattern Matching” earlier in this
chapter.
Documents are counted as they are encountered sequentially in the
message body. If they are nested in a multipart message body, as
shown above, the innermost document is counted first. The
document number is used only for multipart and URL encoded
messages, and is ignored otherwise. If the document number is not
specified, the first XML document will be used for the pattern
matching.
Valid document numbers are integers from 1 to 99.
27
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Content Transfer Encoding Support
NOTE: The ContentTransfer-Encoding
header is not an HTTP
header, and can only be
specified in a MIME
header (in the header of
an embedded body part).
Message bodies can be encoded so that they do not cause any problem
for some of the protocol transfer gateways, especially when sending
binary data. Even though HTTP is able to handle binary data, many
applications still encode certain types of the messages. This is
especially true if the encoding is being done at an application layer
that is unaware of the transport protocol being used.
There are basically two common transfer encoding schemes: quotedprintable, and base64. Quoted-printable encodes non-printable
ASCII and non-ASCII characters into the corresponding hexadecimal
representation, while base64 uses a 64-character set to encode the
data.
Both the quoted-printable and base64 values in the “Content-transferencoding” header are recognized. The encoded document is decoded
according the encoding scheme, before any XML document test and
pattern matching are made. The original message is not modified
with respect to content-transfer-encoding.
Signed-Only S/MIME Support
S/MIME messages can be either encrypted or signed-only messages.
For encrypted messages, the format can be either multipart/
encrypted, or application/pkcs7-mime with enveloped-data
or encrypted-data. Encrypted messages are not supported, and are
treated as non-XML.
For signed-only messages, 2 formats can be used: multipart/
signed or application/pkcs7-mime with signed-data. The
multipart/signed format is supported, because the signed data
content looks like a normal Multipart MIME body part. The
application/pkcs7-mime format is not supported, and messages
in this format are treated as non-XML.
28
CHAPTER 2
XML Operations
XML “Well formed” errors
If the SA8250 detects punctuation or syntax errors in an incoming
XML data stream, it can be configured to send an error message to the
sending client (the default setting), or to direct the client data to
servers matching the RICH expression, effectively ignoring the
incoming XML data.
XML default special case
If a server is configured as the default in the SA8250, and none of the
XML expressions match the incoming data stream, the SA8250
directs the client to the default server, provided the RICH expression
matches. This feature specifes which server handles the transactions
if there are no matches for the XML expressions.
If the SA8250 is not programmed with a default server, and if none
of the XML expressions match the incoming data, the SA8250
returns HTTP error 503, “No Servers Available” to the client.
If the RICH expression does not match, the XML expression is
ignored and the SA8250 returns HTTP error 503, “No Servers
Available” to the client.
To set the default server using the Graphical User Interface (GUI),
see Chapter 4.
To set the default server using the Command Line Interface (CLI),
see Chapter 5.
29
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Services
NOTE: The sample
commands used in this
chapter are meant as
examples only.
30
Services are the virtual resources that the SA8250 provides to
network clients. Services are defined by their Virtual Internet
Protocol (VIP) address and virtual port number. The SA8250 load
balances network client requests for a service by receiving requests
from the user and directing them for fulfillment to the most
appropriate resource in the provider’s server farm. Services are
defined and created within Policy Groups (see “Prioritization and
Policy Groups” later in this chapter) and are managed using the
following commands:
config policygroup service create
vip port {type [TCP | UDP |
RICH_HTTP]} {sticky [disable| src-ip |
cookie]} {sticky-timeout } {backups
[enable | disable]} {response }
{priority } {balancing [load | robin]}
{server-timeout }
config policygroup service delete [
| -all ]
config policygroup service
{enable} | {disable} | {balancing [robin |
load]} | {sticky [disable | src-ip | cookie]}
| {sticky-timeout } {backups [enable
| disable]} | {response } |
{dup-syn } | {priority } |
{server-timeout }
CHAPTER 2
Services
Layer 4 (HOT) Services
HOT services provide the fastest brokered performance and are
available on the SA8250. HOT services are defined in full by their
Virtual IP address (VIP) and port number.
In HOT or “Brokered” mode, the SA8250 performs Network Address
Translation (NAT) on all packets passing through the connection.
NAT changes the destination IP address and port of incoming packets
to those of the selected fulfillment server. The source IP address is
modified to be that of the SA8250.
Fulfillment servers can be addressable by IP address, and thus can be
on either local or wide area networks.
By default, in HOT mode the fulfillment server sees all connections
as coming from the SA8250 rather than from the client's address. In
some environments, it may be preferable to have the fulfillment
server see the requests as they were coming directly from the client.
Source Address Preservation (SAP) on the SA8250 allows this to
happen. For more details, see Source Address Preservation later in
this chapter.
Layer 7 (RICH) Services
The SA8250 allows more flexible service fulfillment for RICH (Realtime Intelligent Content Handling) services. The service type
“RICH_HTTP” is available on the SA8250 and enables it to make
fulfillment decisions based on the URL content of each client HTTP
request. RICH services also include advanced error detection, and
automatic resubmission of HTTP requests under most error
conditions.
As with HOT services above, fulfillment servers can be addressable
by IP address, and thus can be on either local or wide area networks.
XML services are configured as RICH services.
31
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Out-of-Path Return (OPR)
NOTE: OPR is not
applicable to Layer 7
services.
Ordinarily, the SA8250 processes all traffic in both directions
between clients and the server farm. Viewing the server return traffic
helps the SA8250 accurately determine server response times and
handle HTTP errors. Often, the volume of data sent from the server
to the client is much larger than the traffic from client to server. In
such situations, you can use OPR mode to increase performance.
You enable OPR by typing this command:
config policygroup service server
port mode opr
Each server for which OPR is enabled must have its loopback
interface configured to identify itself as the VIP of the brokered
service. This allows the server to respond directly to the client. The
server’s loopback interface, or an equivalent interface that will not
respond to Address Resolution Protocol (ARP) requests, must be
configured before setting up the SA8250 for OPR. For more
information, see Appendix D.
FTP
Limitations
This table lists those limitations of FTP on the SA8250.
Mode
Active FTP
Passive FTP
HOT
No
Yes
HOT with SAP
Yes
Yes (see below)
OPR
No
No
FTP Limitations
HOT with SAP does not change the server’s IP address during Passive
FTP because the server is making the connection directly to the client,
using its real IP address. If the server’s IP address is not a "real" IP
address, this mode will not work.
32
CHAPTER 2
Sticky Options
Sticky Options
Some services operate best if all requests from a specific client during
a single session are directed to the same fulfillment server. For
example, if the server maintains a local database of client activity or
context (shopping cart, registration info, navigation history, etc.), it is
important that subsequent client requests go to the server with these
database records. The SA8250's “sticky” options allow this to occur.
Sticky is available in the two modes shown in this table.
Mode
Description
Source IP
address
(“src-ip”)
Requests from a given IP address are directed to a
single server.
Cookie
The requesting browser is given a cookie, which
subsequently identifies it as a unique requestor to
be directed to a single server. This method uniquely
identifies the client even if the request passes
through a proxy server. RICH service is required.
Sticky Modes
Sticky source IP for SSL uses the SSL session ID for stickiness
instead of the source IP of the client.
Both HTTP and HTTPS services can be RICH. However, incoming
RICH SSL connections will always be decrypted and sent on to the
fulfillment servers in clear text. Sticky cookie must be used when the
clients need to remain stuck to the same server between HTTPS and
HTTP.
There is no sticky cookie requirement for HTTPS traffic.
Each brokered service can be configured with sticky cookie, sticky
IP, or no sticky option enabled. When a sticky option is configured,
all client requests (identified according to the enabled sticky mode)
during a session are routed to the same fulfillment server. When the
sticky option is disabled, the SA8250 determines the best fulfillment
server for each client request and directs them accordingly.
33
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Sticky Persistence
For source-ip based sticky, the relationship between the client IP
address and the fulfillment server remains in effect for the entire time
the SA8250 is online or until the sticky timeout value expires. In the
event of failover, the sticky relationship is lost. Cookie sticky remains
in effect while the browser is running or until the sticky timeout value
expires. Since the browser maintains the cookie, cookie sticky is
maintained in the event of failover. The system clocks on both
SA8250s must be synchronized for failover handling to work. You do
this by enabling Network Time Protocol (NTP) using the Boot
Monitor. The administrator can control the length of time a server is
forced to handle serial requests from a single client using the sticky
timeout value.
Sticky-timeout
NOTE: All cookie sticky
RICH services will be
stuck to the same server
for the duration of the
sticky timeout value.
The SA8250 treats the timeout differently for cookie versus sourceip sticky. With source-ip sticky, the timeout is reset with every
connection from the client (so that the timeout is effectively an "idle
time"). With cookie sticky, the timeout starts with the first
connection from the client to the server, and never gets reset. When
the cookie expires, even if actively being used, the next connection
will be load balanced to a new server.
We recommend that you set the cookie sticky timeout value to at least
1.5 times the maximum amount of time a user will expect to be stuck
to a server. If you are uncertain of the exact setting, we recommend
using 43200 seconds (12 hours) as the default.
SSL and Sticky
SSL (Secure Sockets Layer, or HTTPS) enabled services can also be
made sticky by specifying “sticky cookie” or “sticky src-ip” on the
CLI. For SSL services, sticky cookie behaves exactly as it does for
ordinary HTTP services. Source IP sticky uses the SSL session ID to
maintain server context. The server relationship will not survive
failover. As with sticky cookie, use of the session ID uniquely
identifies the client even if the request passes through a proxy server.
34
CHAPTER 2
SSL Acceleration
Server-timeout
A server timeout, which causes a change in servers, can appear as a
cookie sticky state change. The recommended value for server
timeout is at least 1.5 times the maximum server response time.
We recommend that you use 120 seconds as the default.
Grouping Services
NOTE: RICH is required
for sticky service
grouping.
The SA8250’s sticky capabilities can ensure that all service requests
from the same user are routed to the same server. Enabling sticky
cookie on multiple services ensures that requests from the same client
will be routed to the same fulfillment server for the duration of the
sticky relationship. Of course the server must be able to fulfill all
service requests to have a true one-to-one client-server relationship.
SSL
Acceleration
The SA8250 is a powerful addition to any web site desiring high
security levels. It was specifically created to manage secure traffic
going to and from critical applications. It handles SSL traffic into and
out of the customer’s environment, as well as providing load
balancing, fault management, and error recovery.
The SA8250 includes cryptographic software features and hardwarebased acceleration. It provides up to 1200 SSL (HTTPS) connections
per second, far exceeding the performance of even the most powerful
web servers on the market today.
The SA8250 allows users to off load SSL processing from their back
end servers, and at the same time achieve full-featured traffic
management. In a SA8250 environment, all encrypted traffic—
required by e-Commerce applications—is handled at the SA8250.
The interaction between the SA8250 and the servers is done in the
clear, allowing load balancing and session management.
SSL processing is enabled by assigning an RSA private key (a public
encryption key algorithm invented in 1977) and an X.509 certificate
to a Layer 7 service. The SA8250 Command Line Interface (CLI)
creates or imports keys and certificates when you define a service.
Once the key and certificate are in place, secure HTTP (HTTPS)
requests are decrypted and passed on to the web server. The SA8250's
dual NIC and packet filtering capabilities can be used to isolate the
web servers from the Internet, further preventing unauthorized
access.
35
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
SSL
Fundamentals
SSL involves an interchange of keys used both to authenticate the
parties and to provide information to securely encrypt confidential
data. The keys distributed in this medium are “one way,” or
asymmetric. That is, they can only be used to encrypt confidential
data, and only the “owner” of the public key can decrypt the data once
it is encrypted using the public key information. SSL assures the three
benefits shown in this table.
Benefit
Description
Authenticity
Verifies the identities of the two parties
Privacy
None other than the transacting parties can access
the information being exchanged.
Integrity
The message cannot be altered in transit between
the two parties by a third party without the
alteration being detected.
SSL Benefits
To establish a secure session with a server, the client sends a “hello”
message to which the server responds with its certificate and an
encryption methodology. The client then responds with an encrypted
random challenge, which is used to establish the session keys. This
method allows two parties to quickly establish each others’ identities
and establish a secure connection.
Several encryption methods are employed. Common ones are DES,
3DES, RC2, and RC4. Key size can be varied to determine the level
of security desired. A longer key is more secure.
The SA8250 supports all common keys and ciphers, as well as the
following encryption methods: DES, DES3, and RC2 & RC4. The
SA8250 includes a licensed version of the RSA code embedded in the
security module as well. The device's session management software
has been certified by prominent security agencies and meets all
standards for SSL traffic.
The SA8250 handles all the handshaking, key establishment, and
bulk encryption for SSL transactions. Essentially, the SA8250 is a
full-featured, SSL-enabled web server. Traditionally, these functions
are performed either at the server level, by web servers generally
providing SSL functionality by way of standalone software
components, or by embedded encryption software.
36
CHAPTER 2
SSL Fundamentals
The SA8250 places encryption processing on the network side, thus
eliminating the need for processing on the servers. The servers never
see any of the SSL connection dialogue or the encrypted data. This
removes a substantial processing load from the servers allowing
improved response times and greater availability of system resources.
Server
Server
ed
Tr
af
fic
Server
En
cr
yp
t
1.
2.
3.
4.
5.
Client connects to server
Server responds with certificate
Client encrypts random key
Server generates working key
Session established
Client
Server
SA8250
Client
Server
Server
1. Client connects to SA8250 with ClientHello
(includes ciphers supported)
2. SA8250 responds with SSL ServerHello
(includes selected cipher & session ID)
3. SA8250 sends certificate for server
4. Client sends ClientKeyExchange message;
includes PK (session key)
5. SA8250 and client send ChangeCipherSpec
message to indicate readiness
6. SA8250 and client send "finished" messages;
includes hash of whole conversation
7. Encrypted data sent to SA8250, decrypted and
forwarded to least busy server
8. Clear response sent to SA8250, encrypted and
sent to client.
Basic SSL Operations
37
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Application Message Traffic Management
The SA8250 was developed to perform load balancing in SSL
environments. The SA8250 allows users to load balance based on
application content (Layer 7, or RICH mode), as well as server
address and port (Layer 4, or HOT mode). SSL management is
handled independently of RICH mode processing. That is, once a
session is established and the message is decrypted, it is passed to the
SA8250’s RICH processing component. This allows even SSL traffic
to take full advantage of the features of the device, including error
recovery and session rollback.
The SA8250 allows non-encrypted traffic to be processed
independently of SSL traffic. The advantage of this is that it permits
load balancing (in either HOT or RICH mode) configuration on a per
virtual IP address, thus allowing you to isolate the impact of the SSL
processing. Many users tune their sites for maximum performance by
assigning HOT load balancing to all traffic except SSL.
One of other advantages of the SA8250 is its ability to recognize SSL
session IDs. This permits “sticky” (or persistent) sessions to be
established on a given server.
HTTPS Redirect
If desired, you can specify a page to return to the client if a successful
session cannot be negotiated because the client does not support the
required cipher suite. The SA8250 accomplishes this by sending an
HTTP 302 “redirect” message back to the client in the case of a cipher
negotiation failure. For example: The server supports 128-bit
encryption, but the client’s software is only capable of 40-bit
encryption.
The CLI parameter redirectpage= sets which page the
client is redirected to.
where is the fully qualified location of the page. For
example: redirectpage=http://www.companyname.com/
error.html.
The default configuration file setting is: redirectpage=none.
38
CHAPTER 2
SSL Fundamentals
Fulfillment of each virtual service is load balanced across a number
of real servers depending on the load balancing algorithm chosen.
Servers capable of fulfilling requests for a service are identified and
managed with the following commands:
config policygroup service server
create port
config policygroup service server
delete port
If you make an error while creating the policygroup, you must delete
it and create a new policygroup.
Client Authentication
By default, the SA8250 does not authenticate client identities;
however you can configure services to request client certificates for
the purpose of verifying identities. When you enable this feature, the
SA8250 verifies that client certificates are signed by a known
Certificate Authority (CA).
Issued client certificates are expected to be in use for their entire
validity period. The CA periodically issues a signed data structure,
called a Certificate Revocation List (CRL), containing the serial
numbers of all expired certificates. You can configure the SA8250 to
obtain and use a CRL using LDAP, HTTP, or FTP protocols. The
SA8250 first verifies a client certificate against the installed CA
certificate, and then looks up its serial number in the installed CRL.
If the serial number exists in the CRL, the SA8250 returns a message
to the client indicating that the client’s certificate was revoked, and
the client connection is terminated.
39
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
HTTP Header Option Fields
The SA8250 can make the IP address of a requesting client available
to a fulfillment server by constructing a custom HTTP header option,
with the client’s IP as the value:
HP_SOURCE_IP:
SSL-related HTTP header option fields are only used by the SA8250
with any SSL service. The HP_CIPHER_USED header option is
used whenever HP_SOURCE_IP is used, to provide the name of the
SSL-cipher negotiated between the SA8250 and the client:
HP_CIPHER_USED:
These two header fields are used only by the SA8250 when client
authentication is in use:
HP_CLIENT_CERTIFICATE:
HP_SESSION_ID:
Because a client certificate contains information useful for client/user
authorization, the SA8250 inserts the client certificate in the request
header before sending the request to the server. The server can then
extract the certificate from the request header and use it for
authorization or other purposes.
The client certificate is inserted in the request header only once per
session. Requests following the initial request will be sent to the
server with only the SSL-session-id in the header. The SSL-sessionid is unique for each session and allows the server to work with
multiple sessions. The client certificate is inserted in the request
header with a new SSL-session-id only when the client certificate has
been re-negotiated between the SA8250 and the client:
•
New Session/Initial Request: The SA8250 sends both the
HP_CLIENT_CERTIFICATE and HP_SESSION_ID header
options.
•
Existing Session/Subsequent Requests: The SA8250 sends
only the HP_SESSION_ID header option.
The use of header option fields is an efficient way of supplying
information to the server about the client. To ease the use of this
important feature, the SA8250 allows customization of all the above
header option field names. For more information, see Chapter 5.
40
CHAPTER 2
Load
Balancing
Across
Multiple
Servers
Load Balancing Across Multiple Servers
Balancing Algorithms
The SA8250 provides a choice of load balancing algorithms.
Services can be separately configured to load balance using a roundrobin or a response time algorithm. In most networks, the best
performance results from use of the response time algorithm. Under
this algorithm, the SA8250 measures the response time of each
request to each server in the server farm. It then balances requests to
the service among the servers, sending more requests to the fastest
servers and fewer to the slower ones, thus optimizing the average
response time.
In cases where OPR is used in unpredictable WAN environments,
response time metrics may be obscured by WAN latency variance. In
these situations, round-robin load balancing can provide equal
distribution of client requests to each fulfillment server.
The balancing algorithm is specified with this command:
config policygroup service
balancing [robin | load]
Response-time Metrics
For both balancing algorithms, servers can be assigned target
response times. These values indicate the desired average response
time for requests for specified services to be fulfilled, and instructs
the SA8250 to use alternate resources for fulfillment if the average
response time exceeds target response time. Target response time is
controlled with this command:
config policygroup service
response
If the servers do not meet the specified response time threshold,
backup servers, if available and enabled, are activated. In addition,
the servers providing lower priority services are throttled if the
response time is still not being met (if throttle is enabled in the
policygroup). Both mechanisms are available for both of the loadbalancing algorithms.
41
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Primary and Backup Servers
Each server is identified as either a Primary or Backup for a given
service. Primary servers are always considered first for request
fulfillment. By default, Backup servers are considered for use only if
a primary server goes down, though they can optionally be
configured for use to maintain target response times. A server’s type
is established with this command:
config policygroup service server
port type [primary | backup]
Backup servers are enabled to maintain target response times with
this command:
config policygroup service backups
[enable | disable]
Server
Configuration
Options
Source Address Preservation
By default, brokered service requests arriving at a fulfillment server
appear to the server as requests originating from the SA8250.
Consequently, server log files record the SA8250 as the source of
these requests. When Source Address Preservation (SAP) is enabled
however, the SA8250 preserves the original source addresses of
requests delivered to the server farm. If you use the log files from
your server farm to gather information based on client source
addresses, use Source Address Preservation. SAP is controlled with
this command:
config policygroup service server
port mode sap
NOTE: For the SA8250
to operate in SAP mode,
the default gateway for
each SAP-enabled server
must be set to the
SA8250’s physical IP
address, not the VIP.
SAP cannot be used in WAN or multiple router LAN environments.
To use SAP, each server must be configured so that its default
gateway is set to the physical IP address of the SA8250, thus there can
be no routers between the SA8250 and the fulfillment servers.
Limitations of SAP mode operation:
•
The client machine cannot be on the same subnet as the SA8250.
•
The SA8250 and server must be on the same subnet.
When SAP is enabled, serial cable failover is the only failover option
— routing failover is not available.
42
CHAPTER 2
Server Configuration Options
Multi-hop Source Address Preservation
It is possible in sophisticated network topologies to require requests
to pass through two SA8250s. In such configurations, the SA8250
topologically closest to the clients must be configured with the Multihop Source Address Preservation (MSAP) feature enabled.
MSAP allows requests to pass through two cascaded SA8250s in
different geographical areas. Enabling MSAP ensures that the actual
IP addresses of requesting clients, rather than the virtual IP address of
the SA8250 that delivered the request, are recorded in the server logs.
This is similar to SAP (described in the preceding section), however
this feature allows SA8250s to be geographically-dispersed:
6DQ'LHJR
&OLHQW
6$
ZLWK06$3
(QDEOHG
%RVWRQ
6$
ZLWK06$3
'LVDEOHG
6HUYHU
MSAP on a Geographically-Dispersed Network
NOTE: MSAP must be
disabled (the default).
In the figure above, a client in San Diego sends a request to a
fulfillment server in Boston. MSAP is enabled on SA8250 Broker 1,
and Server 1’s default route is set to SA8250 Broker 2. The SA8250
Broker 2 doesn’t need SAP enabled for this service, since SAP is
automatically used on MSAP requests from SA8250 Broker 1. In this
configuration, the San Diego client's IP address will be preserved in
the Boston fulfillment servers' logs. To enable MSAP, type this
command:
config policygroup service server
port msap enable
43
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
RICH expressions in XML patterns
Layer 7 RICH_HTTP service configurations use rich expressions to
assign particular classes of URLs to particular servers for fulfillment.
RICH expressions are used, for example, to distinguish content
requested by clients performing online transactions, from content
typically requested by casual browsers. In this way, users performing
online transactions are given higher priority access to server
resources (and better response times) than other users.
Each server listed for fulfillment of a RICH_HTTP service can be
configured to serve any number of specific rich expressions. This is a
list of applicable expressions:
•
File type expressions, such as *.gif, or */index.html
•
Path expressions, such as /home/*, or /home/images/*, or
/home/images/a*.
•
Unique file expressions, such as /index.html
•
Wildcard expression, such as *.
•
Negation expressions, such as !*.gif or !*/index.html
RICH and XML expressions are managed with these commands:
config policygroup service server
port xmlpattern create
config policygroup service server
port xmlpattern delete
config policygroup service server
port xmlpattern info
For more details on these commands, see Chapter 5.
44
CHAPTER 2
Server Configuration Options
Order of RICH expressions
When using expressions in Layer 7 (RICH) operations, the order of
expressions is significant only when the not (!) operator is used.
Expressions are described in this table.
Expression
Yields
!*.gif
All non-GIF files
*.jpg
All JPG files
!/home/*
No matches
Order of Expressions
Three rules for expressions:
•
The “*” and “!” are allowed in RICH expressions, but they can
only exist at the beginning or end of the expression.
•
A positive RICH expression is required after a negative RICH
expression, otherwise the negative expression has no effect.
•
Negative RICH expressions can be used alone, but not in XML
patterns.
45
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Routing with
Dual Interfaces
Because the SA8250 has two network interfaces, it can act as a router
in some contexts. This means that it can route between two subnets.
To do this, you must designate the SA8250 as the default gateway for
your fulfillment servers. Routes to the inside subnet are not
advertised to the outside router, but host routes are advertised to the
VIPs. Packets destined for defined VIPs are always routed through
the SA8250 to the server-side subnet. Other packets are forwarded
through the SA8250 only when the security mode is set to OPEN or
when set to CUSTOM and IP Forwarding is turned on. The SA8250’s
routing capabilities vary depending on which routing and failover
methods are used. For more details about these variations and their
relationships to routing and failover configurations, see Appendix C.
NOTE: The SA8250
cannot route multiple
subnets on one interface.
This table lists terms that are pertinent to SA8250 routing.
Term
Description
Brokered
subnet
The SA8250 interface attached to the side of the
physical network on which client requests arrive.
Server-side
subnet
The SA8250 interface attached to the side of the
physical network that includes the fulfillment
servers.
“Outside”
device
The router or switch one hop from the SA8250 on
the brokered subnet
“Inside”
device
The router or switch one hop from the SA8250 on
the server-side subnet
Routing Terms
46
CHAPTER 2
Prioritization and Policy Groups
This figure shows an example of the SA8250 routing topology.
%URNHUHG
6XEQHW
5RXWHU
³2XWVLGH´
5RXWHU
6HUYHUVLGH
6XEQHW
6$
6HUYHU
+XERU
6ZLWFK
6HUYHU
³,QVLGH´+XE
RU6ZLWFK
6HUYHU
SA8250 Routing Topology
Prioritization
and Policy
Groups
Policy groups are containers used to organize services. Service
prioritization uses policy group information to make decisions about
which services should get more or less server resources. Although
the assignment of services to policy groups can be arbitrarily
determined by the operator, effective use requires that each policy
group contain services related by their shared use of server resources.
Services and servers are assigned to Policy Groups at their time of
creation. This is a list of policy group management commands:
config policygroup create
config policygroup delete
config policygroup throttle [enable |
disable]
The policy group framework allows the prioritization of categories of
client requests. Each service defined in a policy group is assigned a
priority within that group and a target response time. When the
average response time of a service exceeds its target response time,
that service is allocated, on the basis of its priority, a greater share of
common server resources to attempt to bring response time back
within the target range (this assumes that the throttling option is
enabled for the policy group).
47
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Server 1:
HTTP
SA8250
Server 2:
HTTPS
Server 3:
HTTP/HTTPS
VIP: 10.2.2.4
HTTPS: 10 ms
HTTP: 10 ms
Target Response Time Satisfied
For example, the services HTTP and HTTPS are both assigned to a
single policy group. HTTPS is designated the highest priority service,
and HTTP the second priority. The SA8250 monitors the response
time of each service, and if necessary re-prioritizes server resources
of subordinate services to keep the response time for the highest
priority service within the specified range. The figure above shows a
policy group with services sharing a defined VIP, two services, and
their associated target response times. When the average response
time of HTTPS is less than or equal to 10ms, Server 1 fulfills HTTP
requests, Server 2 fulfills HTTPS requests, and Server 3 fulfills both
HTTP and HTTPS requests. The figure on the next page illustrates
server utilization after HTTPS response time exceeds 10 ms.
48
CHAPTER 2
Prioritization and Policy Groups
Server 1:
HTTP
SA8250
Server 2:
HTTPS
Server 3:
HTTP
VIP: 10.2.2.4
HTTPS: 12 ms
HTTP: 10 ms
Target Response Time Exceeded
Upon noticing a break in the target response time threshold, the
SA8250 scans the policy group’s active service and server pools for
shared resources. In this example, both the HTTP and HTTPS
services use Server 3. To provide the greatest server resources for the
highest priority service, shared resources are eliminated from
subordinate service pools (although each service will always have at
least one point of fulfillment). For example, in the figure above, new
HTTP connections are no longer sent to Server 3 in an effort to
guarantee the target response time for HTTPS. Server 3 will again
serve HTTP when target response times are met.
49
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Routing
Method for VIP
Addresses
After setting up a service, you must configure the SA8250 to route the
VIP address to the Internet. There are two possibilities:
•
In single SA8250 installations, “Standalone” mode is preferred
as it allows the VIP to be ARP-accessible from the router.
•
If there are multiple address spaces (such as a SA8250 on the
10.x.x.x network and a VIP on the 209.x.x.x), then a routing
protocol might be the best method to advertise the VIP. When
configuring routing on the SA8250, always match the router's
configuration. The SA8250 can be programmed to use RIP v1,
RIP v2, or OSPF.
For example (standalone mode):
HP SA8250#config route
HP SA8250/config/route#info
Route configuration:
---------------------------Broker role: standalone
RIP Info:
Active:no
Version:2
OSPF Info:
Active:
Area:
Hello interval:
Router dead interval:
Authentication type:
Authentication key:
50
no
backbone
10
40
simple
CHAPTER 2
Error
Detection
Error Detection
The SA8250 is capable of recognizing and reacting to server error
conditions, detecting non-responsive (comatose) servers, and
directing traffic to alternate resources until the server is back in
operation. The SA8250 can also capture many HTTP errors before
they reach the client, and redirect the request to an alternate server.
Server Status Detection
The SA8250 uses multiple means to monitor the status of the
fulfillment servers. The Intelligent Resource Verification (IRV)
module periodically pings the servers to verify that they are alive. The
SA8250 also monitors a “dup-syn” interval to calculate packet loss
rate.
Intelligent Resource Verification
When the IRV module pings a server and receives no response, it tries
to connect to each port on which the suspect server is configured to
listen. If the SA8250 itself does not receive a response from a given
port, then that server/port combination is declared dead. If the server
maintains network connectivity and responds positively to IRV
pings, but its ports stop responding, then the dup-syn interval
threshold (described below) is used to decide if the server is declared
dead.
Dup-syn Interval
The SA8250 dynamically calculates the threshold for the acceptable
number of dropped packets within a given interval. If at any time in
this interval the number of dropped packets exceeds this threshold,
the server is considered dead. After the specified time value has
expired the lost packet (or dup-syn) count is divided by two and the
time interval starts again. In this way, some history information is
kept between time intervals.
The dup-syn interval for this threshold is established with the dupsyn CLI command, and ranges in value from 1000 to 2,147,483,647
microseconds. The default time interval value is 500,000
microseconds (one half second), which is appropriate for most
environments. By lowering or raising this value, you render the
SA8250 respectively less or more sensitive to dropped packets, and
less or more likely to declare a server dead. The volume of network
traffic must be taken into account when setting the dup-syn interval.
Higher volumes of traffic require a shorter dup-syn interval to avoid
mistakenly declaring a server dead due to network congestion.
51
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
The dup-syn command uses the following syntax:
config policygroup service dup-syn
HTTP Error Detection
The SA8250 offers HTTP error detection for RICH services. When
HTTP error detection is enabled, the SA8250 scans the headers of
server responses for errors. If an HTTP error is found, the original
request is rerouted to another server for fulfillment, transparently to
the client. This process continues until a server responds without an
error, or all applicable servers have been tried. Conversely, if HTTP
error detection is disabled, the error is returned directly to the client.
HTTP error detection for errors 401-405 and 500-503 (as defined in
the HTTP specification) is configured with this command:
config policygroup service server
port http [enable | disable]
The SA8250 extends standard HTTP error handling by allowing the
server to return a special 606 error code. Detection and handling of
606 errors is configured separately. In this way, standard errors may
be passed to the client while 606 errors are handled transparently by
the system. If 606 error handling is enabled, the SA8250 scans for an
HTTP 606 response code. If the response code is found and another
server is available to handle the request, it is sent automatically. This
process continues until a server responds without an error, or until all
applicable servers have been tried.
The HTTP header for 606 handling is of the form: “HTTP/1.0 606
Error.” Users can generate this response through a variety of methods
including CGI and nph scripts. Consult your web server
documentation for information about generating custom error
messages.
config policygroup service server
port 606 [enable | disable]
52
CHAPTER 2
Serial Cable
Failover
NOTE: DHCP is not
available when serial
cable failover is enabled.
NOTE: You can log on to
the Backup SA8250, but
the full command set is
not available.
Serial Cable Failover
The SA8250 offers two failover methods:
•
Router Failover (including OSPF, RIPv1 and RIPv2), and
•
Serial Cable Failover
When serial cable failover is configured, the Primary and Backup
SA8250s communicate heartbeat, configuration, and status
information using the included null modem serial cable. The Backup
SA8250 assumes control from the Primary when any of the following
occur:
•
The Backup SA8250 does not detect the Primary SA8250's
heartbeat within the timeout period (the default is 3 seconds).
•
The Primary SA8250's Ethernet interface becomes inactive. For
example, if the Ethernet cable is disconnected.
•
The Primary SA8250 experiences an internal software error.
Both the Primary and Backup SA8250s need to know their own
identity and the “Online Identity” by address and name to satisfy
internal communication parameters. The SA8250s' own names and
the shared online identity are automatically entered into their host
files during failover configuration. If Dual NIC is enabled, the
identities for both the Outside (network-side) and Inside (server-side)
NICs are shared.
For information on failover method dependencies, see Appendix C.
Serial Cable Failover Configuration
NOTE: Before
configuring serial cable
failover, both the primary
and backup SA8250s
must be configured with
the setup command.
For more information,
see Chapter 3.
The following procedures are used to configure the Primary and
Secondary SA8250s for serial cable failover operation.
Configure the Primary SA8250
1. Connect the two SA8250s using their failover ports using the
provided null modem serial cable.
2. Reboot the SA8250 that will be the Primary and press a key at
the prompt to enter the Boot Monitor.
3. At the prompt, type this command:
monitor>failover
53
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
NOTE: The Online IP
Address is the address
used by the SA8250 that is
currently accepting
connections — this can be
either the Primary or the
Backup SA8250 (though
it is typically the
Primary). The Online IP
Address is the address by
which you can access the
Online SA8250 using
telnet for administration.
4. For single NIC operation, follow the prompts as shown:
Set failover method (None, Serial, Route)
[ ] ---> serial
Checking for failover unit...
Failover unit not detected or may not be
configured.
Is this machine Primary or Backup? [Primary]--->
Enter the Network’s Online IP Address
--->10.6.3.200
Enter Network’s Online Hostname ---> netonline
Serial failover successfully configured
If Dual NIC operation is enabled, failover configuration looks
like this example:
monitor>failover
Set failover method (disabled, serial, route)
[disabled] --->serial
Disabling DHCP to allow serial failover.
Checking for failover unit...
Failover unit not detected or may not be
configured.
Is this machine Primary or Backup? [Primary]--->
Enter the Network side Online IP Address
[10.6.3.200] --->
Enter the Server side Online IP Address
[10.6.4.200] --->
Enter the Network side Online hostname
[netonline] --->
Enter the Server side Online hostname --->
servonline
Serial failover successfully configured
54
CHAPTER 2
Serial Cable Failover
5. Save the Primary configuration.
monitor>save
List of currently saved configuration files(s).
You may save over an existing configuration file
or enter a new name.
File name
---------active.cfg
backup.cfg
cris.cfg
‘active.cfg’ is the last booted configuration.
Enter configuration file name (- to cancel):
[active.cfg] --->
Configuration has been saved.
6. Boot the SA8250.
monitor>boot
Do you really want to continue boot? [y]
--->
Boot which configuration? [active.cfg]
--->
Please stand by, the system is being booted.
.... Done
Login>
55
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Configure the Backup SA8250
1. Reboot the SA8250 that will be the Secondary and press a key at
the prompt to enter the Boot Monitor.
2. At the prompt, type this command:
monitor>failover
3. Follow these prompts:
Specify failover method (disabled, serial,
route) [ ] --->s
Checking for failover unit...
Failover unit detected
-------------------------Version : 2.3
Type
: PRIMARY
State
: ONLINE
Name
: online13
IP
: 13.1.1.20
Mac
: 0:1:c9:ed:a6:fb
NOTE: Use the same
Online IP Address and
name for the Backup
SA8250 as the Primary
(these appear by default).
Is this machine Primary or Backup? [Backup]
--->
Enter Online IP Address [13.1.1.20] --->
Enter Online Name [online13] --->
Serial failover successfully configured
monitor>
4. Save the Backup configuration.
monitor>save
List of currently saved configuration file(s).
You may save over an existing configuration file
or enter a new name.
File name
---------active.cfg
backup.cfg
cris.cfg
‘active.cfg’ is the last booted configuration.
Enter configuration file name (- to cancel):
[active.cfg] --->
Configuration has been saved.
56
CHAPTER 2
Serial Cable Failover
5. Boot the SA8250.
monitor>boot
... current configuration ...
... list of saved configuration files ...
Boot configuration file name? [active.cfg]
--->
Do you really want to boot ‘active.cfg’? [y]
--->
Please stand by, the system is being booted.
Replicating the Configuration
The active configuration is replicated upon changes to the Backup
SA8250 from the Primary. For most configurations, faults are
detected within 3 seconds, and the Backup is fully online within 25
seconds. The latter interval increases as the number of services
increases.
Status Information
You can display information about the SA8250s’ function and
failover status either via the Command Line Interface or the GUI.
Below are the commands to display status information followed by a
list of status messages and their explanations.
1. Log in to the SA8250.
2. At the CLI prompt, type this command:
HP SA8250>info
57
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
The status appears on the last line of the info command’s output.
A description of the status message is shown in this table.
Failover Status Message
Description
The broker is ONLINE, and
serial failover is NONE
(disabled).
One of the SA8250s is configured
for either “none” or “route”
failover.
The broker is PRIMARY and
ONLINE, the remote's serial
failover is NONE (disabled).
One of the SA8250s is configured
for either “none” or “route”
failover.
The broker is PRIMARY and Normal Serial Failover Operation
ONLINE, the remote's state is
READY.
The broker is BACKUP and
READY, and the remote's
state is ONLINE.
The broker is PRIMARY and
NIC_FAILED, and the
remote's state is ONLINE.
Ethernet cable disconnected, or
cable, NIC, or HUB port failure
The broker is BACKUP and
ONLINE, and the remote's
state is NIC_FAILED.
The broker is PRIMARY and
ONLINE, the connection to
the remote has TIMED OUT.
The serial cable connecting the
SA8250s is disconnected
The broker is BACKUP and
IP_IN_USE_ERROR, the
connection to the remote has
TIMED OUT.
Status Message Descriptions
58
CHAPTER 2
NOTE: The notation,
PRIMARY/BACKUP
indicates that either
“PRIMARY” or
“BACKUP” will be
displayed.
Serial Cable Failover
The Failover Status messages in this table are not specific to the
Primary or Backup SA8250s.
Failover Status Message
Description
The broker is PRIMARY/
BACKUP and
WAITING_FOR_SYNC
One of the SA8250s has been
restarted. This status persists
while the configuration files are
loaded from the online SA8250.
The time this state persists
depends on the number of VIPs
and services configured.
The broker is PRIMARY/
BACKUP and
CONFIGURATION_
ERROR
Both SA8250s are configured as
Primary or as Backup. Neither
SA8250 will come online until
this condition is corrected
The broker is PRIMARY/
The online IP address is missing
BACKUP and DNS_FAILED from both the local host file and
the DNS server.
The broker is PRIMARY/
BACKUP and
CORE_APP_FAILED.
Indeterminate error. Use an earlier
working configuration. If the
condition persists, contact
Customer Support for assistance.
The broker is PRIMARY/
BACKUP and
RICH_APP_FAILED.
Additional Status Message Descriptions
59
CHAPTER 2
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Notes
60
Boot Monitor
Using the Boot Monitor
CAUTION: After
configuring the SA8250
with the Boot Monitor,
you must enable Autoboot
with the autoboot
command or the SA8250
will not operate.
The HP e-Commerce/XML Director Server Appliance SA8250’s
Boot Monitor configures boot options and manage boot configuration
files. Typically, you will use the Boot Monitor only during the initial
configuration or after major reconfigurations, if the latter becomes
necessary. You can manage day-to-day operations using the
Graphical User Interface (GUI, Chapter 4) or the Command Line
Interface (CLI, Chapter 5).
General categories of tasks performed by the Boot Monitor:
•
Configure and display boot options, including the configuration
file
•
Manage the boot configuration file system
•
Configure and change IP parameters
CHAPTER 3
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
System
Requirements
Accessing the
Boot Monitor
You can use any terminal or workstation with a terminal emulator to
run Boot Monitor, provided the terminal has the following features:
•
9600 bits per second, 8 data bits, 1 stop bit no parity, no flow
control (9600-8-N-1)
•
A terminal emulation program, such as HyperTerminal*
•
Cable and connector to match the male DTE connector (DB-9)
You can access the Boot Monitor in either of the two ways described
below.
Interrupting the Bootup Sequence
1. Interrupt the SA8250's bootup sequence by pressing a key at the
following prompt:
Press any key to stop autoboot.
In a few seconds the following prompt displays, confirming that
the Boot Monitor is running:
monitor>
Using the Run Time CLI
1. Type this command at the prompt:
HP SA8250#config sys autoboot disable
2. Type this command at the prompt:
HP SA8250#reboot
The monitor> prompt displays, confirming that the Boot
Monitor is running.
62
CHAPTER 3
Using the Boot Monitor
Boot Monitor
Commands
autoboot
This section lists and describes all Boot Monitor commands available
on the SA8250.
Enables or disables the Autoboot function. If Autoboot is enabled
(the default), the SA8250 prompts you to press a key during restart to
enter the Boot Monitor command line interface. If you ignore the
prompt, restart finishes with the SA8250 in normal operating mode.
If Autoboot is disabled, the restart sequence ends by displaying the
Boot Monitor interface.
Example:
monitor>autoboot
Enable Autoboot? (yes,no) [yes] --->
boot
Boots the device with a specific configuration. Variations on the use
of the reboot command are shown in this section.
Reboot with No Configuration Changes
NOTE: The first boot
after a factory_reset
command or a new
installation will prompt
you for the root
password.
1. Type the boot command.
The Boot Monitor displays the current configuration and prompts
you for confirmation:
Current active configuration
---------------------------Product:
HP SA8250
Version:
2.7
Patch Level:
0.0
Build:
12
Current time:
Tue Sep 12 17:02:05 2000
Hostname:
CSLab7k
------------Network side NIC:
IP Address:
10.6.3.21
Netmask:
255.255.255.0
MAC address:
0:a0:c9:ed:6c:cc
------------Service side NIC:
IP Address
10.6.5.21
Netmask:
255.255.255.0
MAC address:
0:d0:b7:6:c1:85
-------------
63
CHAPTER 3
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Default Gateway:
10.6.3.1
Domain:
None
Primary name server:
None
DHCP:
Disabled
Failover mode:
Disabled
Network NIC setup:
Auto
Server NIC setup:
Auto
NTP:
Disabled
Autoboot:
Disabled
Static Routes:
None
RICH_Biased:
Enabled
Do you really want to boot active.cfg? [y] --->
2. To boot to the normal operational prompt, type y.
3. To return to the monitor> prompt, type n.
Reboot with Configuration Changes
When you use the boot command after changing the SA8250’s
configuration, you are presented with a number of options. With
these you can use the changed configuration, revert to the last saved
configuration, or choose among a list of previously saved
configurations. Procedures for choosing among these options are
organized within three groups described in this section.
1. Type the boot command.
2. The Boot Monitor displays the changed configuration
information and prompts you to save the new configuration:
Current active configuration
---------------------------Product:
HP SA8250
Version:
2.7
Patch Level:
0.0
Build:
12
Current time:
Tue Sep 12 17:02:05 2000
Hostname:
CSLab7k
------------Network side NIC:
IP Address:
10.6.3.21
Netmask:
255.255.255.0
MAC address:
0:a0:c9:ed:6c:cc
-------------
64
CHAPTER 3
Using the Boot Monitor
Service side NIC:
IP Address
10.6.5.21
Netmask:
255.255.255.0
MAC address:
0:d0:b7:6:c1:85
------------Default Gateway:
10.6.3.1
Domain:
None
Primary name server:
None
DHCP:
Disabled
Failover mode:
Disabled
Network NIC setup:
Auto
Server NIC setup:
Auto
NTP:
Disabled
Autoboot:
Disabled
Static Routes:
None
RICH_Biased:
Enabled
The configuration has changed, save it? [y] --->
First Options:
1. If you accept the default, y, the system saves the configuration as
either active.cfg or the last loaded filename.
Configuration file name? [active.cfg] --->
NOTE: This list includes
backup.cfg, a backup
of the most recently
booted configuration.
This file is automatically
created when you change
the configuration and
save.
2. You can either accept the default, active.cfg, or enter a new
filename. The system then saves the file and presents a list of all
saved files.
Select a boot configuration from the following
files.
active.cfg
backup.cfg
Boot configuration file name? [active.cfg] --->
3. You can accept the default, active.cfg, or select another
previously saved configuration. No matter which file you select,
the configuration file you are about to boot is displayed to ensure
that the last file displayed is the configuration that is booted.
4. If you accept the default, y, the system boots to the normal
operational prompt, if you type n, it returns to the monitor>
prompt.
65
CHAPTER 3
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Second Options:
1. If you choose not to save the modified file, the system displays a
warning that it is reverting to the previously booted
configuration:
Warning: The current configuration has NOT been
saved and will not be booted. Reverting to last
saved active.cfg.
2. If there are no additional saved configurations then the system
prompts you to confirm that want to boot the last saved
configuration, which will always be active.cfg.
Do you really want to boot active.cfg? [y] --->
3. If you accept the default, y, the system boots to the normal
operational prompt. If you type n, it returns to the monitor>
prompt.
Third Options:
1. If there are any previously saved configurations on the system,
you are offered a choice of configuration files to boot from.
Select a boot configuration from the following
files.
active.cfg
backup.cfg
Boot configuration file name? [active.cfg] --->
2. You can accept the default, active.cfg, or select another
previously saved configuration. If you select active.cfg, the
configuration is not redisplayed. If you select a file other than
active.cfg, the file’s contents are displayed to ensure that the
last file displayed is the configuration that is booted.
3. If you accept the default, y, the system boots to the normal
operational prompt. If you type n, it returns to the monitor>
prompt.
66
CHAPTER 3
Using the Boot Monitor
delete
Deletes the specified configuration file.
Example:
monitor>delete
Select a configuration to delete from the
following files.
Note: You cannot delete the active
configuration file active.cfg.
File name
-------------active.cfg
backup.cfg
cris.cfg
‘active.cfg’ is the last booted configuration.
Enter the configuration filename to delete:
--->broker1.cfg
broker1.cfg successfully deleted.
dhcp
Enables or disables the SA8250’s use of DHCP. When DHCP is
enabled, the SA8250 receives its configuration parameters from the
DHCP server at startup. When DHCP is disabled (the default setting),
the SA8250 ignores the DHCP server, and so it must be manually
configured at restart. Respond to the prompt with y to enable, or n to
disable.
Example:
monitor> dhcp
Enable DHCP (yes, no)? [no] --->
dir
Displays the list of saved boot configuration files.
67
CHAPTER 3
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
dns
Sets the domain and (optionally) nameserver(s). The system prompts
you for the required information.
Example:
monitor> dns
Would you like to configure DNS (yes, no)?
[no] --->
monitor>dns
Would you like to configure DNS (yes, no)?
[no] --->yes
Enter Domain name (‘-’ to cancel)
--->mydomain.com
Enter the IP Address of the Primary name server
(‘-’ to cancel) --->10.6.3.5
Specify additional name server
( to end ) --->10.6.3.10
Specify additional name server
( to end ) --->
dual
Sets single or dual NIC operation.
Example:
monitor>dual
Enable dual NIC operation (yes, no) [no] --->
68
CHAPTER 3
factory_reset
NOTE: The first boot
after a factory_reset
command or a new
installation will prompt
you for the root
password. Also, the
factory_reset
command does not delete
saved configuration files.
Using the Boot Monitor
Resets the SA8250 to its factory defaults, as listed in this table.
Parameter
Setting
All added user accounts
Deleted
Policy groups, services, and servers
Deleted
Route parameters
Deleted
CLI parameters
Deleted
IP address
Deleted
Default route
Deleted
Hostname
Deleted
Domain
Deleted
Name servers
Deleted
DHCP
Disabled
Dual NIC
Disabled
Failover mode
Disabled
Autoboot
Disabled
Autoboot timeout
5 seconds
Added hosts in the host file
Deleted
New root password on next boot
Forced
Rich bias
Enabled
Static routes
Deleted
Factory Defaults
69
CHAPTER 3
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
failover
Sets the SA8250’s failover method. Three failover options are
available:
•
disabled: no failover method will be used
•
serial: serial cable failover will be used
•
route: router failover will be used
Example:
monitor>failover
Specify failover method (disabled, serial,
route): [disabled] --->serial
Checking for failover unit...
Failover unit not detected or may not be
configured.
Is this machine Primary or Backup?
[Primary] --->
Enter the Network side Online IP Address
--->10.6.3.200
Enter the Server side Online Address
--->10.6.5.200
Enter the Network side Online hostname
--->net-onlinehost
Enter the Server side Online hostname
--->serv-onlinehost
Serial failover successfully configured
gateway
Specifies the default gateway.
Example:
monitor>gateway
Enter default gateway: --->10.6.3.1
help
Lists all Boot Monitor commands, or optionally displays syntax for a
specified command.
Example:
gateway
interface
70
Set default gateway
Configure network interface card
CHAPTER 3
Using the Boot Monitor
host
Sets the SA8250’s host name.
Example:
monitor>host
Enter the hostname you would like to assign to
the Network NIC: --->CSLab7k
info
interface
Displays the current boot configuration.
Configures Ethernet port parameters (replaces the nic command).
Compatibility with some older switches, hubs, or routers, may
require that you manually specify the Ethernet speed and duplex
mode of the SA8250's network interface card.
Single NIC configuration example:
monitor>interface
Auto configure the network NIC speed and duplex
(yes,no)? [yes] --->no
1 - 100BaseTx
2 - 10BaseTx
Select Media Type (1 or 2): [1] --->2
Use Full Duplex? [n] --->n
Dual NIC configuration example:
monitor>interface
Auto configure the
duplex (yes,no)?
Auto configure the
duplex (yes,no)?
ip
Network side NIC speed and
[yes] --->
Server side NIC speed and
[yes] --->
Sets the SA8250's IP address.
Example:
monitor>ip
Enter the IP address for the Network side NIC
[10.6.3.21] --->
Enter the IP address for the Server side NIC
[10.6.5.21] --->
71
CHAPTER 3
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
load
Loads a previously saved configuration file into memory.
Example:
monitor>load
Select a configuration file to load from the
following files.
File name
-------------active.cfg
backup.cfg
cris.cfg
‘active.cfg’ is the last booted configuration.
Enter the configuration filename to load
(- to cancel): [active.cfg] --->
Configuration loaded: active.cfg
netmask
Sets the netmask.
Example:
monitor>netmask
Enter Netmask for
[255.255.255.0]
Enter Netmask for
[255.255.255.0]
rich-bias
Network side NIC
--->
Service side NIC
--->
Optimizes RICH_HTTP service performance. If your RICH_HTTP
service responses consist mostly of files greater than 8K, the enabled
(default) setting of rich_bias will optimize performance. If your
site is experiencing performance problems and the RICH_HTTP
service responses are less than 8K, you should disable rich_bias.
This command has no effect on SSL terminated connections.
Example:
monitor>rich_bias
Unit is currently ‘RICH_Biased’, change it
(yes, no) [no] --->yes
RICH_Biased (enable, disable) [enable]
--->disable
72
CHAPTER 3
Using the Boot Monitor
save
Saves the current configuration. Changes made during the current
Boot Monitor session are lost unless you use the save command.
Example:
monitor>save
List of currently saved configuration file(s).
You may save over an existing configuration file
or enter a new name.
File name
------------active.cfg
bckup.cfg
cris.cfg
‘active.cfg’ is the last booted configuration.
Enter configuration file name (- to cancel):
[active.cfg] --->-Configuration save canceled!
settime
Set the SA8250’s system date and time. If you select NTP, you will
be prompted for the IP address of the NTP server(s) you want to use.
If you set the date manually, you will be prompted for the date in 24hour format.
Example, with NTP:
monitor>settime
Use NTP? [enable] --->
Enter IP address of NTP server or to
end: --->209.218.240.1
Enter IP address of NTP server or to
end: --->209.218.240.238
Enter IP address of NTP server or to
end: --->
Example 1, without NTP (manual setting)
NOTE: Example 1 is for
setting the time using
Greenwich Mean Time
(GMT). For example, the
GMT-14 timezone is
GMT minus 14 hours.
monitor>settime
Use NTP? [disable] --->
Select TIMEZONEs to list (GMT, US, Other or q to
quit: [GMT] --->GMT
73
CHAPTER 3
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Select a TIMEZONE from the ‘GMT’ list.
1) GMT-14
4) GMT-11
7) GMT-8
10)GMT-5
13)GMT-2
16)GMT+1
19)GMT+4
22)GMT+7
25)GMT+10
2) GMT-13
5) GMT-10
8) GMT-7
11)GMT-4
14)GMT-1
17)GMT+2
20)GMT+5
23)GMT+8
26)GMT+11
3) GMT-12
6) GMT-9
9) GMT-6
12)GMT-3
15)GMT
18)GMT+3
21)GMT+6
24)GMT+9
27)GMT+12
Select a number between 1 and 27
(q to quit)--->2
Selected TIMEZONE ‘GMT-13’
The current time is now: Fri Sep 29 05:38:38
GMT-13 2000
Enter the year (YYYY): [2000] --->
Enter the month (MM): [09] --->
Enter the day (DD): [29] --->
Enter the hour (HH): [05] --->
Enter the minute (MM): [38] --->
Enter the seconds (SS): [38] --->
Fri Sep 29 05:38:38 GMT-13 2000
Example 2, without NTP (manual setting):
NOTE: Example 2 is for
setting the time using
United States time (US).
monitor>settime
Use NTP? [disable] --->
Select TIMEZONEs to list (GMT, US, Other or q to
quit: [GMT] --->US
Select a TIMEZONE from the ‘US’ list.
1) Alaska
2) Aleutian
3) Arizona
4) Central
5) Eastern
6) Hawaii
7) Indiana-East 8) Indiana-Starke 9) Michigan
10)Mountain
11)Pacific
12)Somoa
Select a number between 1 and 12
(q to quit): [11}--->5
74
CHAPTER 3
Using the Boot Monitor
Selected TIMEZONE ‘Eastern’
The current time is now: Sat Oct 28 23:59:42
2000
Enter the year (YYYY): [2000]--->
Enter the month(MM): [10]--->
Enter the day (DD): [28]--->29
Enter the hour (HH): [23]--->01
Enter the minute (MM): [59]-->57
Enter the seconds (SS): [39]--->
Sun Oct 29 01:57:39 EDT 2000
Example 3, without NTP (manual setting):
NOTE: Example 3 is for
setting the time using any
timezone OTHER THAN
GMT or US.
monitor>settime
Use NTP? [disable] --->
Select TIMEZONEs to list (GMT, US, Other or q to
quit: [GMT] --->O
Select a TIMEZONE from the ‘Other’ list.
1) Bangkok
4) Berlin
7) Hongkong
10)London
13)Paris
16)Prague
19)Stockholm
22)Zulu
2) Belfast
5) Brussels
8) Israel
11)Madrid
14)Poland
17)Rome
20)Turkey
23)Zurich
3) Belgrade
6) Copenhagen
9) Japan
12)Manila
15)Portugal
18)Singapore
21)Warsaw
Select a number between 1 and 23 (q to quit):
[10]--->22
Selected TIMEZONE ‘Zulu’
The current time is now: Wed Jan 10 10:32:22 UTC
2001
Enter the year (YYYY): [2001]--->
Enter the month(MM): [01]--->
Enter the day (DD): [10]--->
Enter the hour (HH): [10]--->
Enter the minute (MM): [32]-->
Enter the seconds (SS): [22]--->
Wed Jan 10 10:32:22 UTC 2001
75
CHAPTER 3
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
setup
Starts the SA8250’s setup procedure. The system displays prompts
for all inputs necessary to initialize it.
Example:
monitor>setup
Enable dual NIC operation(yes,no)? [no] ---> yes
Autoconfigure the Network side NIC speed and
duplex? (yes,no)? [yes] --->
Autoconfigure the Server side NIC speed and
duplex? (yes,no)? [yes] --->
DHCP is disabled for dual NIC operation.
Enter the hostname you would like to assign to
the Network NIC: --->CSLab7k
Enter the IP address for the Network side NIC
--->10.6.3.21
Enter the IP address for the Server side NIC
--->10.6.5.21
Enter the Netmask for the Network side NIC
--->255.255.255.0
Enter the Netmask for the Server side NIC
--->[255.255.255.0] --->255.255.255.0
Enter default gateway: --->10.6.3.1
Would you like to configure DNS (yes, no)? [no]
--->DNS not configured.
Specify failover method (disabled, serial,
route): [disabled] --->
Set Autoboot? (yes,no) [no] --->
76
CHAPTER 3
static_routes
Using the Boot Monitor
Deletes and adds any number of static IP routes. Shows the current
static IP routes (if any) when the function is entered. You are
prompted for the destination and gateway IP addresses. The info
command will show any static IP routes that are known to the Boot
Monitor, and factory_reset will remove all static IP routes as
part of its cleanup.
Example:
monitor>static_routes
Static Route information.
Enter Static route (1) dest
quit): --->10.7.16.5
Enter Static route (1) gate
quit): --->10.8.15.40
Enter Static route (2) dest
quit): --->10.7.18.50
Enter Static route (2) gate
quit): --->10.8.15.40
Enter Static route (3) dest
quit): --->q
{2} Static Route(s).
version
IP(- to del, q to
IP(- to del, q to
IP(- to del, q to
IP(- to del, q to
IP(- to del, q to
Displays the software version information.
Example:
monitor>version
Product:
Version:
Patch Level:
Build:
HP SA8250
2.8
0.1
8
77
CHAPTER 3
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Notes
78
Graphical User
Interface
Before You Begin
NOTE: Some functions
and features, such as
expressions, are not
available in the GUI.
The HP e-Commerce/XML Director Server Appliance SA8250 has
features and functions that are controlled through either the browserbased Graphical User Interface (GUI), as discussed in this chapter, or
the Command Line Interface (CLI), as discussed in chapter 5.
In order to use the inside IP or inside online IP for administration, the
client must be on the same subnet as the inside interface, or must have
an alternate path back through the outside interface.
To type all XML commands and configurations, see the Policy
Manager screen, later in this chapter.
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Logon Screen
To access the various GUI services available to you on the SA8250,
you must first log on to the system as described in this section.
Logging on to
the GUI
NOTE: If Internet
Explorer* 5.01 is your
browser, you must add a
trailing slash (/) to the
URL, as shown in step
(2). Also, the default GUI
port (1095) can be
changed. For details, see
“GUI Tab” later in this
chapter.
1. Launch your browser.
2. In your browser’s Address or Location field, type the SA8250’s
address and specify port 1095. For example:
http://system_name:1095/
where system_name is the actual name or IP address of your
SA8250.
3. Press Enter.
The Logon screen displays.
Logon Screen
80
CHAPTER 4
NOTE: The factory
default for both the user
name and password is
admin (lowercase
required). To change
them, see “Users Tab”
later in this chapter.
Logon Screen
4. In the space provided, type your User name.
5. In the space provided, type your Password.
6. Click Logon.
The Topology screen displays, as shown on the next page. The
number of server icons varies, depending upon your network
configuration.
81
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Topology Screen
Topology Screen
Using the
Topology
Screen
82
Purposes of the Topology Screen
•
Displays a graphical representation of the current topological
relationships between the SA8250 and network servers. The
SA8250’s status and Serial Cable failover, if configured, are also
reflected here.
•
Serves as a gateway to the Administration and Policy Manager
screens, and the Configuration and Tools screens.
CHAPTER 4
Topology Screen
Topology Screen Toolbar
Located at the top left of the window, the toolbar’s buttons are
described below.
Back
Administration
Configuration
Policy
Manager
Tools
Log File
Statistics
Topology Screen Toolbar
•
Back returns you to the previous screen. From the Topology
screen, this will log you off the system and return you to the
logon screen.
•
Configuration displays the Configuration Screen
•
Administration displays the Administration Screen
•
Tools displays the Tools Screen
•
Policy Manager displays the Policy Manager Screen
•
Statistics displays the Statistics Screen
•
Log File displays the SA8250's log file.
Online Help
Located at the top right of the window, the Help button is shown
below. Click Help to display the online help file.
Online Help Button
83
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Topology Screen Elements
This figure shows how the SA8250 is represented onscreen by a
horizontal "rack unit" icon.
SA8250 Icon
•
Right-clicking on the SA8250 icon displays a popup menu that
can take you to other screens.
•
Double-clicking the SA8250 icon takes you to the Policy
Management screen by default, but this can be changed in the
Administration screen later in this chapter.
This figure shows how servers are represented onscreen by vertical
"tower case" icons.
Server Icon
84
•
Right-clicking on a server icon displays a popup menu that can
take you to other screens.
•
Double-clicking the server icon takes you to the Statistics screen
by default, but this can be changed in the Administration screen
later in this chapter.
CHAPTER 4
Topology Screen
Window Controls
To resize the Topology screen elements, click and drag the slider
control located in the upper right hand corner of the screen.
Slider Control
•
Moving the slider control to the far right, as shown in the figure
above, for the largest display.
•
Moving the slider control to the far left results in the smallest
display.
•
You can also resize the Topology screen elements by rightclicking on the background of the screen and making your
selection from the popup menu.
Background Zoom and Refresh Control
•
Zoom In enlarges the display and is the equivalent of moving the
slider control to the right.
•
Zoom Out reduces the display and is the equivalent of moving the
slider control to the left.
•
Refresh Display updates the Topology screen.
85
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Policy Manager Screen
When you double-click a SA8250 icon in the Topology screen (or
right-click and select Policy Management), the Policy Manager
screen displays.
Policy Manager Screen
The Policy Manager consists of a series of screens with multiple tabs
that includes the controls used in the implementation of Policies. The
discrete items created, altered, and deleted in the course of Policy
management are listed below:
86
•
Policy Groups
•
Services
•
Servers
CHAPTER 4
Policy
Manager
Controls and
Displays
Policy Manager Screen
The Policy Manager screen contains two main regions:
•
Policies, on the left side of the Policy Manager screen
•
Details, on the right side of the Policy Manager screen
You can adjust the relative sizes of the Policies and Details displays
by clicking and dragging the vertical line between the panels. The
Policies display includes existing Policy Groups, Services, and
Servers, reflecting the previously mentioned hierarchy. The Details
display includes controls and status displays relating to the item
selected in the Policies display, and changes according to the type
(Policy Group, Service, or Server) of the item selected. If a Service or
Server is selected, then the Details screen contains two tabs, each
containing related controls.
The three types of items form a hierarchy: policy groups contain
Services. Services in turn contain Servers. A lower hierarchy item
cannot be created unless its immediately superior type exists, that is,
a policy group must exist before you can create a Service, and a
Service must exist before you can create a Server.
Policy
Manager
Toolbar
The Policy Manager toolbar contains three buttons for creating Policy
Groups, Services and Servers, and one button to delete the currently
selected item, regardless of its type. The toolbar's buttons are enabled
or disabled (dimmed) according to the type of item selected in the
Policies display.
New
Policy
Group
New
Server
New
Service
Delete
Selected
Item
Policy Manager Toolbar
87
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Policy
Manager’s
Pop-up Menu
You can display the Policy Manager’s pop-up menu by right-clicking
in the Policies display.
Display
Commands
Sort
Commands
Create/
Delete
Commands
Policy Manager’s Pop-up Menu
Policy Groups
Services are virtual resources provided to a client. However, Services
can exist only in the context of Policy Groups. Policy Groups are
regarded as containers used to organize Services. Therefore, before
Services can be defined, Policy Groups must be created to contain
them.
The Policy Manager's Policy Group Details screen provides two
functions:
88
•
Naming of newly created Policy Groups
•
Enabling or disabling of the selected Policy Group's throttling
function
CHAPTER 4
Policy Manager Screen
Creating Policy Groups
You can create Policy Groups in either of two ways:
1. In the left of the Policy Manager toolbar, click New Policy
Group, or
2. Right-click to display the menu, then select the New Policy
Group command.
A new Policy Group icon and the Detail screen displays in the
Policies.
Adding a New Policy Group
3. In the Policy Group Name field, type a name for the new Policy
Group. Policy Group names must adhere to the following
conventions:
NOTE: The names of
existing Policy Groups
cannot be changed.
•
From 1 to 25 characters in length
•
Any alphanumeric character
•
Other eligible characters include hyphens ("-"), periods ("."), and
underscores ("_")
•
Spaces must not be used.
Within these restrictions, the naming of Policy Groups is at your
discretion, though convenient naming schemes might include
serial names ("Group1," "Group2," etc.), or names that reflect a
Policy Group’s content, such as "e-CommerceGrp" or
"HTTP_Group."
4. To accept the specified name, click Apply. The new Policy
Group's new name displays in the Policies display.
When the new Policy Group name displays, New Service
becomes available. This reflects the fact that Services cannot be
created unless at least one Policy Group already exists.
89
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Throttling
When throttling is enabled, requests to eligible servers in lowerpriority services are stopped until response times of higher priority
services are met, or all eligible servers have been throttled. An
eligible server is one that is shared by both higher and lower priority
services. Throttling affects all services within a Policy Group.
To enable or disable throttling for the selected Policy Group, follow
these steps:
1. Select the Enable Server Throttling check box.
2. Click Apply.
Deleting Policy Groups
To delete a Policy Group, follow these steps:
1. In the Policies display, click to select the name of the Policy
Group to be deleted.
2. In the Policy Manager toolbar, click Delete (X), or right-click to
display the menu and click the Delete Selected Item command.
90
CHAPTER 4
Services
Policy Manager Screen
Once a Policy Group exists, you can create Services.
Creating Services
To create a Service, follow these steps:
1. In the Policies display, click to select a Policy Group.
2. In the Policy Manager toolbar, click New Service, or right-click
in the Policies display and select New Service from the pop-up
menu.
The Service Details tab displays in the Details for the service.
Service Details Tab
NOTE: All fields in steps
(3) through (6) become
read-only after the
service is created.
3. In the Service Name field, type a name for the service.
4. From the Service Type pull-down menu, click the desired Service
type. The choices are HOT TCP (the default), or RICH_HTTP.
5. From the Virtual IP pull-down menu, click the desired Virtual IP
(VIP) address. If there are no VIPs in the menu, or if the desired
one is absent, type it in.
91
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
NOTE: The VIP/port
combination must be
unique.
6. In the Port field, type a port number. This is the listening port for
incoming connections, and you can select port numbers between
1 and 65535.
7. When you have finished filling in the fields in the Service Details
tab, click Apply.
The Policies display now reflects the name of the new Service
below the name of the Policy Group from which it was created.
Additional Service Tab Controls and Displays
This table lists items that can be changed after the Service has been
created.
Control or Display
Description
Enabled
Select this check box to activate the selected Service. Clear the check
box to disable the Service.
Priority
Services within a single Policy Group can be prioritized. The SA8250
assures more server resources to Services with high priority numbers
than to those with lower numbers. The Priority setting is an integer
from 1 (highest priority) to 5 (lowest priority), and the default is 1.
Duplicate SYN
Timeout
This value is the time interval (in microseconds) after which the
fulfillment server is declared dead if the dynamically calculated
number of duplicate SYNs (lost packets) to that server is detected. You
can specify a value from 1000 to 2,147,483,647, and the default is
500,000.
Server Timeout
(RICH Only)
This value is the time interval (in seconds) during which a server must
respond before it is declared dead. If the server fails to respond before
the end of timeout interval, the outstanding request is passed to another
server. This value is only available for RICH_HTTP services.
Enable Backup
Servers
This check box enables or disables servers designated as type
"Backup" to come on line if necessary to assure target response times.
For more details about servers, see “Servers” later in this chapter.
Insert Source IP in
HTTP Header
(RICH only)
This check box specifies whether or not the Source IP address is
embedded within the HTTP header information.
Additional Service Tab Controls and Displays
92
CHAPTER 4
Policy Manager Screen
Control or Display
Description
Sticky Mode
The SA8250 is configured to maintain a session’s state so that serial
requests from a single client are allocated to the same server. This is
called a "sticky" port. This setting may be disabled, based on Source
IP, or based on a Cookie:
Source IP: Source IP sticky mode uses the client’s source IP address
to identify a series of requests to be directed to a single server.
Note: If using SSL services, the SSL session ID maintains a sticky
relationship when Source IP sticky is selected.
Cookie: In cases where requests come through a proxy server, all
requests display to originate from that server’s IP address, thus IP
address is of no use in identifying individual requestors. Cookie sticky
mode provides an active method of identifying requestors in such
situations. When Cookie sticky mode is enabled, a cookie is given to
requesting browsers. Subsequent requests from clients who have
received cookies contain identifying information allowing the SA8250
to direct them to a single server. Cookie mode is available only for
RICH_HTTP.
Sticky Timeout
The current software version for the SA8250 treats the timeout
differently for cookie versus Source IP sticky. With Source IP sticky,
the timeout is reset with every connection from the client (so that the
timeout is effectively an "idle time"). With cookie sticky, the timeout
starts with the first connection from the client to the server, and never
gets reset. When the cookie expires, even if actively being used, the
next connection will be load balanced to a new server.
Workaround: We recommend that you set the cookie sticky timeout
value to at least 1.5 times the maximum amount of time a user will
expect to be stuck to a server. The default is 90 seconds.
Protocol
This read-only field displays the protocol of the Service (TCP).
Status
This read-only field displays the status of the selected Service
("Active" or "Inactive").
Additional Service Tab Controls and Displays (continued)
93
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Balance Strategy
HOT Services are assigned server resources according to either of
two Balance Algorithms.
1. Click the Balance Strategy tab of the Service Details screen to
display the Balance Algorithm controls.
Service Balance Strategy Tab
Two Balance Algorithms are available:
•
Response Time: Requests for a Service using the Response
Time algorithm are forwarded to the server that can fulfill them
within the shortest time.
•
Round Robin: Requests for a Service using the Round Robin
algorithm are distributed evenly among the available servers.
2. From the pull-down menu, click to select the desired Balance
Algorithm for the Service selected in the Policies display. If you
select Response Time, type a value (in milliseconds) in the Max
response time (ms) field.
94
CHAPTER 4
Policy Manager Screen
XML Service Tab
This screen controls how the SA8250 reacts to incorrect syntax or
punctuation errors it detects in the incoming client data.
1. Click the XML tab of the Service Details screen.
XML Services Tab
2. To enable the client error messages (HTTP 403, “POST data was
not well formed”), check the Return “Well Formed” Errors to
User checkbox. This is the default setting.
3. To disable this feature, uncheck the Return “Well Formed”
Errors to User checkbox. When disabled, no HTTP error
messages are sent, but the SA8250 directs the data to servers that
match the RICH expression, effectively ignoring the XML
expression.
4. Click Apply.
95
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Deleting Services
To delete a Service:
1. In the Tree, click select the name of the Service to delete.
2. In the Policy Manager toolbar, click Delete, or right-click to
display the menu and click the Delete Selected Item command.
96
CHAPTER 4
Servers
Policy Manager Screen
After you create Services, you must designate, or "create" Servers to
fulfill client requests for Services. As Services must exist within
Policy Groups, a Server (for example, a fulfillment host) must be
mapped to a Service.
To create Servers, follow these steps:
1. In the Policies tree, click an existing Service.
2. In the Policy Manager toolbar, click Create Server, or right-click
in the Policies display and click New Server from the pop-up
menu.
The Server Details tab displays in the Details screen:
The Policy Manager’s Server Detail Screen
3. In the Server Name field, type an IP address or server name
known to the SA8250 via DNS or static host table. This value
cannot be changed after the server is created.
4. If appropriate, edit the Port field. The default value is the port
number of the Service under which this Server displays in the
Tree. This value cannot be changed after the server is created.
97
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
5. From the drop down menu, click to select the desired Type:
NOTE: OPR cannot be
used in conjunction with
Services of type
RICH_HTTP.
•
Primary: Primary servers are immediately available to
accept client requests forwarded from the SA8250.
•
Backup: Backup servers are sent requests under only two
circumstances: First, when the primary servers are unable to
meet the configured target response times a backup server
may be used if and only if "backups" is enabled for this
service. Second, backup servers are given requests when a
primary server is unavailable. As primary servers become
inactive, backup servers are brought into service to handle
requests.
•
Disabled: Renders the server unavailable to accept client
requests.
6. From the drop down menu, click to select the desired Mode. This
command enables or disables Source Address Preservation
(SAP) on the named server. When Out-of-Path Return (OPR) is
enabled, the user-designated server port is ignored and the
configured service server port is used. By default, SAP is enabled
(and cannot be disabled) when OPR is in effect.
For more details about SAP and OPR, see Chapter 2.
7. Check the appropriate RICH control checkboxes:
98
•
Multi-hop Source Address Preservation: It is possible in
sophisticated network topologies to require that requests pass
through two cascaded SA8250s. In such configurations, the
SA8250 topologically closest to the clients must be configured
with the MSAP feature enabled. In most configurations, the
default setting (MSAP disabled) must be used.
•
606 Error Detection: "606" is a user-defined error code, that is,
you can specify an application level error as a "606 error" so it is
detectable by the SA8250. When 606 Error Detection is enabled,
requests that generate a 606 error are rerouted, transparently to
the client, to the next available server. When disabled, the error is
sent back to the requesting client.
•
HTTP Error Detection: When HTTP Error Detection is
enabled, requests that generate HTTP errors 401-405 and 500503 are rerouted, transparently to the client, to the next available
server. When disabled, these errors are sent back to the
requesting client.
CHAPTER 4
Policy Manager Screen
XML Server Tab
This screen defines the RICH and XML expressions that the SA8250
will look for in the incoming client data.
For more details on XML expressions, see Chapter 2.
Programming RICH and XML expressions
To program the RICH and XML expressions, follow these steps:
1. From the Server Details screen, click the XML tab.
This figure shows the XML Server Tab display.
1. Type the Layer 7
(RICH) expression here
2. Type the optional
document number here
3. Type the XML
expression here
4. Click the checkbox
to add the RICH and
XML expressions to
the list
5. Click Apply to add
your expressions to
the configuration
RICH and XML
expression list
RICH and XML
expression list
controls (Edit,
Copy, Paste, Delete)
XML Server Tab
99
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
NOTE: If the RICH
Expression field is blank,
XML expressions will be
ignored. If desired, you
can type an asterisk (*) as
a wildcard in the RICH
Expression field to accept
all RICH expressions
Also, you cannot use the
vertical bar ( | ) or the
carat (^) in XML
expressions.
2. In the RICH Expression field, type a valid RICH expression.
3. (Optional) In the Doc # field, type a valid document number if
using multipart or URL-encoded messages. The entry must be
an integer, and the valid range is from 1 to 99. If a document is
not specified, the SA8250 starts with the first XML document in
the message.
4. In the XML Expression field, type a valid XML expression.
5. To the right of the XML Expression field, click the checkbox.
Your RICH and XML expressions are added to the list.
6. Repeat steps (2) through (5) above as needed.
7. When you have finished adding expressions to the list, add the
expressions to the SA8250’s configuration by clicking Apply.
For more XML expression examples, see Chapter 6.
XML Default Special Case
We recommend programming the SA8250 with one of your servers
set to the default special case.
Typing the XML Default Special Case
The advantage of this is that if no XML expressions match, the client
is directed to the server you chose as the default server.
If no default servers exist, and no RICH or XML expressions match,
the client will receive a “Server not found” error from the SA8250.
100
CHAPTER 4
Policy Manager Screen
XML Syntax Checking
The SA8250 includes a syntax checker to ensure that XML
expressions you type are understood by the system. If your syntax is
incorrect, as in the case of a missing double quote (“) or an incorrect
document number, an error message is displayed.
GUI XML Syntax Error Window
The error message will tell you the location of the first error. In the
figure above, a closing double quote was missing in the second
character position of an XML expression.
Deleting Servers
To delete a Server:
1. In the Tree, click the name of the Server to delete.
2. In the Policy Manager toolbar, click Delete, or right-click to
display the menu and click Delete Selected Item.
101
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Administration Screen
The Administration Screen is a set of ten tabs containing the
functions used to manage the SA8250. Each tab includes controls
and displays related to a specific category of administration tasks.
Administration Screen — Settings Tab
Settings Tab
The Settings tab includes controls used to set the following:
•
102
System ID: Edit this field to set the unit identifier. The SA8250s
are shipped with the unit serial number in this field. You can use
this control to change the identifier if your site requires alternate
asset tracking information. The new ID can be an alphanumeric
value from 1 to 64 characters. To change this value, type the
desired identifier, and then click Apply.
CHAPTER 4
Administration Screen
•
Server Verification Interval: Edit this field to change the
interval in seconds at which servers are "pinged" to verify they
are available and able to handle traffic requests. For more
details, see Chapter 5. The valid range for this field is 0 to 99999.
A value of 0 disables IRV.
In addition to the above controls, the Settings tab also contains
the following read-only displays:
Software Tab
•
System Name: Displays the name given the SA8250 in its initial
configuration.
•
MAC Address: Displays the SA8250's Media Access Control
address.
•
Status: The Status field displays information about the
SA8250's function and failover status. For more details about
status messages, see Chapter 2.
The Software tab contains controls and displays allowing you to
perform the following tasks:
•
Specify image category as either System software or Agent
Software. Agent software lists software components other than
the SA8250 system image that may be installed on the unit, such
as the HP Multi-Site Traffic Director Server Appliance SA9200
agent.
•
View the list of currently installed system software images (the
SA8250 can have up to five system images installed).
•
View the list of currently installed agent software images (the
SA8250 can have up to four agents installed in addition to those
accompanying each system software image).
•
Specify which of the installed software images is to be active.
•
Install or update software images.
•
Delete software images.
•
Enable or disable Passive FTP.
•
FTP or TFTP new Multi-Site Agents to the SA8250.
103
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Administration Screen — Software Tab (System Software View)
System Software
The SA8250 provides sufficient local storage for five software
images (though at any time, only one image is active and executing.)
The "System Software" area of the Software tab displays the list of
currently installed system images, including the following details for
each:
104
•
Image index number
•
"Active" status (yes/no)
•
Product name
•
Product version number
•
Patch number
•
Build number
CHAPTER 4
Administration Screen
Agent Software
The SA8250 can interface with other HP Server Appliances by using
Agent Software images. The SA8250 provides sufficient local
storage for at least five Agent software images (though at any time,
only one image is enabled). To display the "Agent Software" area of
the Software tab, click Agent Software, which displays the list of
currently installed Multi-Site Director Agent images:
Software Tab in Agent Software View
Details displayed for each Agent include:
•
Image index number
•
"Active" status (yes/no)
•
Product version number
•
Patch number
•
Build number
•
Compatible Multi-Site Traffic Director version number
105
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Specifying the Active System Software Image
To change the active system image:
1. Click System Software.
2. In the System Software box, click the image you want to activate.
3. Click Boot.
The SA8250 warns you that it will reboot.
Boot Warning Window
NOTE: You can also
perform a soft reboot of
the SA8250 by selecting
the currently active
software image and
clicking Boot.
4. Click Yes.
As the SA8250 reboots, it prompts you to close your browser
window.
Reboot Screen
5. You must close all browser windows to ensure your browser uses
the newly activated Administration Application.
6. Wait three to five minutes for the SA8250 to finish rebooting,
and then run the administration application.
7. Go to the Software tab of the Administration screen and verify
that the "Active" column of the selected image displays yes.
106
CHAPTER 4
Administration Screen
Installing Software Images
You can download and install new system and agent software images
for the SA8250 using the controls in the Update Software box at the
bottom of the Software tab.
Downloading a System Software Update
NOTE: A key is not
required to obtain Agent
Software.
1. To download the new image, contact HP Customer Support or
your System Administrator to obtain the URL, Key, User, and
Password information.
For more details about software installation and updates, see
Chapter 8.
Deleting Software Images
To delete a software image from the list of installed images:
1. In the Software View box, click the software type to be deleted.
2. In the Installed Software box, click the image to be deleted.
3. Click Delete. The SA8250 prompts you to confirm that you want
to delete the selected image.
Delete Image Confirmation (System View)
107
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
4. Click Yes.
If you selected Agent Software, you are prompted to confirm the
deletion.
Delete Image Confirmation (Agent View)
5. Click Yes.
108
CHAPTER 4
Users Tab
Administration Screen
The Users tab contains controls and displays allowing you to perform
the following tasks:
•
Add users
•
Modify user permissions and passwords
•
Delete users
•
View the user names and permissions of all authorized users
•
View the user names and permissions of all users currently
logged on
•
Promote your permissions level
•
Log off all other users currently logged on
Administration Screen — Users Tab
List of All Users
The Add/Delete Users box contains a list of all users allowed to log
on to the SA8250.
109
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Adding Users
To add a user:
1. In the User Name field, type the new user’s User Name.
2. In the Password field, type the new user’s password.
3. In the Confirm Password field, re-enter the password.
4. In the User Permissions box, select the appropriate permission
level: Read-only, Read-write, Read-write-all. Users with Readwrite-all permissions can add, modify, and delete other user
logon entries.
5. Click Add.
6. Verify that the new user’s name and permission level displays in
the "All User" list.
Editing User Profiles
To modify existing users’ permissions and passwords:
1. In the All Users List at the upper right sector of the tab, click the
user you want to modify.
2. If you are changing the password, type the new password in the
Password field, and then retype it in the Confirm Password field.
3. Click Change.
4. If you are changing the user’s permissions, click the appropriate
button in the User Permissions box.
5. Click Change.
Deleting Users
To delete a user:
1. In the User List, click the user you want to delete.
2. Below the list, click Delete.
3. Verify that the deleted user’s name no longer displays in the list.
Current User’s Information
The left-hand side of the "Current Logon" box at the bottom of the
Users tab displays the name and permissions of the user currently
logged on to this session. The log on time and date also display in this
area of the tab.
110
CHAPTER 4
Administration Screen
Demotion and Promotion of Your Permissions
NOTE: Use Promote
with care. If you promote
your permissions, be
aware that conflicts may
arise among multiple
users who have ReadWrite-All permission. For
example, administrative
changes you make may be
overwritten by another
user.
If a user with Read-Write or Read-Write-All permission logs on
while another user with Read-Write or Read-Write-All permission is
logged on, the SA8250 "demotes" the later user’s permissions to
Read-only. The system informs the demoted user of their status.
Demoted Notification
The demoted Read-Write-All user can restore his or her original
permission level by clicking Promote in the User tab. This button is
located in the Current Logon box at the tab’s lower left.
List of Logged-On Users
The right hand side of the "Current Logon" box at the bottom of the
Users tab displays a list of all currently logged on users, their log on
times, their permissions, and their log on method (either the
Command Line Interface or the GUI).
Logoff All Other Users
NOTE: Use Logoff All
Users with care, as it can
leave the system in an
ambiguous state. For
example, if a user is in the
process of performing a
Restore operation, and
another user logs them off
before the Restore
completes, the system is
left in an unknown state.
Users with Read-Write-All permission can click Logoff All Users at
the Users tab’s lower right to end the sessions of all other users
currently logged on. This logs off all other administrative users from
the SA8250. Users logged on using the GUI who are logged off in this
manner will see this message in their browser window.
Logoff by Another User
111
CHAPTER 4
Routing Tab
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
The Administration screen’s Routing tab manages the following:
•
System Role
•
Active Routing Protocol
•
OSPF Protocol
•
RIP Protocol
The Administration Screen’s Routing Tab
112
CHAPTER 4
Administration Screen
System Role
The choice of System Role (or simply "role") depends in part on your
network’s topology and on the number of SA8250s installed. A single
SA8250’s role must be "Standalone." If two SA8250s are employed,
and you intend to use serial cable failover you must designate both
SA8250s as "standalone." If two SA8250s are employed, and you
intend to use Router Failover, one must be designated as the
"Primary" and the other as the "Backup." In such cases, the primary
SA8250 accepts all client requests and routes them according to its
configuration while the backup SA8250 monitors the primary and
comes online if the primary fails.
The system roles are defined in this table.
Failover Method
System Role
for SA8250
#1
System Role
for SA8250
#2
N/A (Single-SA8250
Installation)
Standalone
N/A
Router Failover
Primary
Backup
Serial Cable Failover
Standalone
Standalone
Disabled
Standalone
Standalone
System Roles
To select the SA8250’s System Role:
1. In the System Role box, click the appropriate button.
Active Routing Protocol
The SA8250 needs to know what your network’s active routing
protocol is (either OSPF or RIP).
1. In the Active Routing Protocol box, click the appropriate radio
button.
RIP Protocol
If your network’s active routing protocol is RIP, click the appropriate
button in the RIP Protocol box to specify the applicable RIP version.
113
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
OSPF Protocol
NOTE: Unless the
config route
protocol command is
set to ospf, OSPF
protocol is not active.
For more information,
see Chapter 5.
NOTE: The Router Dead
value must be at least four
times the Hello interval.
The Router tab’s OSPF Protocol box specifies the following values:
•
OSPF Area: This value must be set to the same OSPF area as the
ingress router to which the SA8250 is talking. This can be the
keywords "backbone" or “Default,” an integer, or dotted decimal
format (xxx.xxx.xxx.xxx). The integer range is from 0 to
2,147,483,647, and the default is Default.
•
Hello Interval: The number of seconds between hello packets
sent on this interface. This value must match the hello interval of
the ingress router. The valid range is from 1 to 65,535, and the
default is 10.
•
Router Dead Interval: The number of seconds the SA8250's
OSPF neighbors should wait before assuming this OSPF SA8250
is down. This value must match the router dead interval of the
ingress router. The valid range is from 1 to 2,147,483,647, and
the default is 40.
Authentication type and key are security mechanisms to
guarantee that routing information is exchanged only with trusted
routers. The type and key together comprise the "authentication
scheme." An OSPF Area can have only one OSPF
Authentication scheme.
NOTE: Both sides of the
OSPF connection must
use the same
authentication type and
key and key ID if
applicable.
114
•
Authentication Type: Specifies the type of OSPF authentication.
To disable OSPF authentication, click None. To enable Simple
password authentication, click Simple and then proceed to the
Authentication Key field. To enable MD5 authentication, click
MD5, then enter an authentication key and key id.
•
Authentication Key: A user-specified string (excluding double
quotes and spaces) used as an authentication password. The
authentication key is from 1 to 8 characters for Simple
authentication, and 1 to 16 characters for MD5 authentication.
•
Confirm Authentication Key: Re-enter the Authentication Key to
verify it to the SA8250.
•
Key ID: MD5 key id, an integer from 1 to 255. MD5
authentication provides a stronger level of security for OSPF
users.
CHAPTER 4
Security Tab
Administration Screen
The security screen implements IP Packet Forwarding (IPFW)
security policies. Three modes are available:
•
Closed mode disables all remote administration capabilities.
•
Open mode enables all remote administration capabilities,
SA9200 agent traffic, and IP Forwarding.
•
Custom mode specifies filtering of traffic based on traffic port
and source IP address.
The Administration Screen’s Security Tab
115
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Source IP Filtering
The Security Tab’s Source IP dialog box filters administration access
by source IP address. This dialog box contains a pair of buttons and
combo box. To allow any IP address to perform administrative tasks,
click Allow Any. To filter by source IP, click Allow List and type the
IP addresses and/or subnets allowed administrative access into the IP
Addresses/Subnets list. Subnets are specified in "slash" notation
(such as 209.218.0.0/16). Click the check icon to add the contents of
the text field into the list. You can delete an item from the list by
clicking the item to delete and clicking the "X" icon.
Access Options
When the Custom security mode is enabled, you can choose among
the access options in the Access security box. To enable an option,
select the corresponding check box and verify that a check mark
displays. To disable, click again to clear the check mark. Available
options are listed below:
116
•
CLI (SSH) Enable "Secure Shell," that is, secure access to the
unit's Command Line Interface. Secure Shell operates like an
ordinary telnet session, but adds encryption.
•
CLI (telnet) Enable standard unencrypted telnet access to the
unit's Command Line Interface.
•
GUI Enable administration using the unit's Graphical User
Interface.
•
SNMP Enable administration of the unit using SNMP (Simple
Network Management Protocol).
•
Multi-Site Traffic Director Server Appliance SA9200 Agent.
Permit or deny traffic to the SA9200 port.
•
IP Forwarding. Permit or deny traffic to specific servers. IP
forwarding allows administrative access to servers at their real IP
addresses via the SA8250. For more details, see Chapter 2.
CHAPTER 4
GUI Tab
Administration Screen
The GUI tab configures the following aspects of the SA8250’s
Graphical User Interface (GUI):
•
Server port on which the GUI is accessible from the browser
•
Response Timeout Value
•
Choice of result from double-clicking the SA8250 icon in the
Topology Screen
•
Choice of result from double-clicking the Server icon in the
Topology Screen
The Administration Screen’s GUI Tab
NOTE: After changing
this setting your browser
disconnects. You must
restart your browser and
connect it to the new port
to resume using the
administration
application.
•
Admin HTTP Server Port: Edit this field to designate the port on
which the SA8250's GUI application listens. To change this
value, type the desired port number and click Apply. Valid ports
are any unused ports between 1 and 65535. The default is port
1095.
117
CHAPTER 4
118
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
•
The Broker Response timeout (sec): This field specifies, in
seconds, the time the GUI will wait for a response from the
SA8250 before timing out. This value must be an integer
between 0 and 120. A value of 0 disables timeout. The default
value is 30.
•
The Double-click Broker topology icon displays: The drop down
menu specifies the destination within the GUI after doubleclicking a SA8250 icon in the topology screen.
•
The Double-click Server topology icon displays: The drop down
menu specifies the destination within the GUI after doubleclicking a Server icon in the topology screen.
CHAPTER 4
CLI Tab
Administration Screen
The CLI tab configures the following aspects of the SA8250’s
Command Line Interface:
•
SSH Port
•
Telnet Port
•
Telnet Sessions
•
Timeout
•
Prompt
•
Login Attempts
•
Enable "more" for screen paging
•
Lines per screen
The Administration Screen’s CLI Tab
•
The CLI (SSH) Port field specifies the secure telnet port on
which the CLI runs. Valid ports are port 22 (the default) or any
unused port between 1024 and 65535.
119
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
•
The CLI (telnet) Port field specifies the standard (unencrypted)
telnet port on which the CLI runs. Valid ports are port 23 (the
default) or any port between 1024 and 65535.
•
The Telnet Sessions field specifies the maximum number of
concurrent inbound remote CLI logon sessions allowed. This
value must be an integer between 1 and 8. The default is 3.
•
Use the Timeout field to set or change the idle timeout period
before automatic logoff for CLI sessions. This feature is disabled
by setting the timeout value to "0." This timeout period is
expressed in seconds (0, or 30 to 65535). The default is 900
seconds (15 minutes).
•
Use the Prompt field to set or change the root level prompt. The
default prompt is an abbreviation of the product's name, for
example: "HP SA8250."
•
The Login Attempts field specifies the maximum allowable
number of failed login attempts before closing the connection.
The valid range is from 1 to 30.
•
Use 'more' for screen paging. When this box is not checked, the
CLI outputs a continuous scrolling display. When the box is
checked, the CLI scrolls one page at time.
•
When more is selected, the Lines per screen field becomes
available. Use this field to specify the number of lines more
displays at a time.
1. Click Apply.
120
CHAPTER 4
SNMP Tab
Administration Screen
The SNMP tab includes controls for the SA8250’s Simple Network
Management Protocol (SNMP) agent.
Administration Screen’s SNMP Tab
SNMP Agent
The SNMP agent allows network management applications to
monitor and retrieve the SA8250’s status and statistics via SNMP.
NOTE: Ensure that the
SA8250’s IP Filtering
security mechanism
allows IP access to
SNMP, otherwise SNMP
requests will not pass
through the filter.
The SNMP Agent Start check box enables or disables the SA8250’s
SNMP agent. The default is Enabled.
•
Use the SNMP Port: field to specify the port on which the
SA8250 receives SNMP requests. Allowable port numbers are
161 (the default) or any unused ports 5020 through 65535.
•
Use the Trap Port: field to specify the port on which the SA8250
sends SNMP traps. Allowable port numbers are 162 (the default)
or any unused ports 5020 through 65535.
121
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
•
System Location: corresponds to the MIB variable sysLocation
in MIB-II. System Location (sysLocation) is the physical
location of this SA8250. By default, sysLocation is NULL.
•
System Contact: corresponds to the MIB variable sysContact in
MIB-II. System Contact (sysContact) is the name of the
administrator of this SA8250. By default, sysContact is NULL.
•
System Name: corresponds to the MIB variable sysName in
MIB-II. System Name (sysName) is the name of this SA8250.
By default, sysName is the hostname of the SA8250.
The Community Strings box contains community strings accepted by
the SA8250 on incoming SNMP requests. Up to ten community
strings can be configured for use by the SA8250. Each community
string can have read-only (ro) or read-write (rw) privilege, and can be
configured for use by a specific IP address or all IP addresses. When
the value "any" is used for , the community string can be
used by all IP addresses.
For example, the string:
community=test ip=209.218.240.5 rights=ro
creates the community string test with read-only privilege. SNMP
read-only requests using community string test are accepted only
from IP address 209.218.240.5.
By default, the following community strings are defined:
public ro "any"
private rw "any"
The Trap Receivers box contains the IP addresses to which the
SA8250 will send traps. The SA8250 SNMP can send trap
notifications to up to ten configured trap receivers. Each IP address
configured as a trap receiver is associated with a community string,
which is included in traps sent to that IP address.
For example, the string:
ip=209.218.240.5 community=NOC1
causes traps to be sent to IP address 209.218.240.5, and causes the
SA8250 SNMP agent to put the community string, NOC1 in the trap
sent to that address.
122
CHAPTER 4
Multi-Site Tab
Administration Screen
This tab contains controls for setting the port that communicates with
the HP Multi-Site Traffic Director Server Appliance SA9200.
Administration Screen Multi-Site Tab
To specify the Multi-Site Agent’s port:
1. In the Agent Port field, type that port number. Valid range is
from 1 to 65535, and 1999 is the default. We recommend using
ports 1024 and higher.
2. Click Apply.
123
CHAPTER 4
Logging Tab
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
The Logging tab specifies (or filters) the kinds of information written
to the SA8250’s log file. This file records operational events for
troubleshooting information. You can enable or disable the logging
of specific types of information, and specify the log file size.
Administration Screen’s Logging Tab
Specifying System Log Parameters
1. In the System Log Levels box, select the check boxes for those
types of system information you want the log file to reflect. To
record all available information types, click Select All.
2. In the System Log File box, type the size of the log file. Valid
range is from 1,024 to 600,000 bytes, and 600,000 is the default.
3. Click Apply.
124
CHAPTER 4
Administration Screen
Viewing the Log File
1. To view the log file, click View Log.
The System Log File displays.
The Logging Tab’s File Contents Window
The File Contents window’s Actions menu contains two items:
•
Filter
•
Mail To...
125
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
The Log File Filter dialog box filters the view of the log displayed in
the File Contents window.
Log File Filter Window
1. Select or clear the appropriate check boxes to specify the types or
categories of messages you want to display.
2. Click Apply, or Cancel to abort.
Use the Mail Log File dialog box to email the contents of the log file.
Log Mail To Window
1. In the Enter Email Address field, type the email address to which
you want to send the log file.
2. In the Enter Mail Host field, type the name or IP address of your
network’s outgoing mail (SMTP) server.
3. Click OK, or Cancel to abort.
126
CHAPTER 4
Configuration Screen
Configuration Screen
The Configuration screen saves, restores, sends, and receives
SA8250 configuration information in individual ASCII files. You can
save configuration files on the SA8250 and send them to a remote
TFTP server or retrieve them. The Configuration screen also has a
provision for restoring the factory default configuration.
Configuration Screen
Saving
Configuration
Files
To save the SA8250’s current configuration to a file:
1. In the Configuration Name field, type a filename.
Valid characters include letters, digits, (-), (_), and (.). File
names cannot begin with the (.) character.
2. Click Save.
3. Verify that the new file’s name displays in the Saved
Configurations list.
127
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Restoring
Configuration
Files
To restore a configuration file:
1. In the Saved Configurations list, click the name of the file you
wish to restore.
2. Click Restore.
The system prompts you to confirm the operation.
NOTE: Username
commands are not valid
in configuration files.
The save config and
restore config operations
do not include username
data. Use the
Administration Screen’s
Users Tab to specify
users.
Restore Confirmation Window
3. To finish the restore operation, click Yes, or No to abort.
Deleting
Configuration
Files
To delete a configuration file:
1. In the Saved Configurations list, click the name of the file you
want to delete.
2. Click Delete.
The system prompts you to confirm the operation.
Delete Confirmation Window
3. To delete the file, click Yes, or No to abort.
128
CHAPTER 4
Copying
Configuration
Files
Configuration Screen
To copy an existing configuration file under a new name:
1. In the Saved Configurations list, click the name of the file you
wish to copy.
2. Click Copy.
The system prompts you for a file name.
Copy New Filename Window
Valid characters are letters, digits, (-), (_), and (.). File names
cannot begin with the (.) character.
3. To complete the operation, click OK, or Cancel to abort.
129
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Viewing
Configuration
Files
To prevent certificates and keys from being displayed or transmitted
as plain text across the network, the View Configuration File function
has been disabled.
1. In the Saved Configurations list, click the name of the file whose
contents you want to view.
2. Click View>>. The right hand panel of the Configuration screen
displays this message:
The View operation is not permitted on this
device for security reasons. Please use the CLI
to view configuration files.
Viewing a Configuration File (Disabled)
130
CHAPTER 4
Resetting the
Factory
Configuration
Configuration Screen
This command resets the SA8250 to its original factory
configuration. Reset deletes all policy groups, services, and servers.
Original factory settings are listed in this table.
Type
Parameter
Default Setting
Route
Role
Standalone
Protocol
None
OSPF-area
Backbone
Hello interval
10 seconds
Dead interval
40 seconds
RIP version
2.0
Static routes
static_route
None
RICH Bias
rich_bias
Enabled
HTTPS Redirect
Redirect
None
CLI
CLI SSH-port
22
CLI port
23
Prompt
Product name
Maximum telnet sessions
3
Scrolling
Disabled
Idle timeout
900 seconds
Maximum login attempts
3
sysContact
NULL
sysName
Host name of the unit
sysLocation
NULL
SNMP
Factory Configuration
131
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Type
Parameter
Default Setting
GUI
broker-action
0 (Policy Manager)
server-action
1 (Statistics)
acl
Cleared
custom access-control
Disabled
custom forwarding
Disabled
custom ssh
Enabled
custom telnet
Disabled
custom gui
Disabled
custom snmp
Disabled
security mode
Closed
Security
Factory Configuration (continued)
To restore the factory default configuration:
1. Click Reset.
The system prompts you to confirm the operation.
Reset Confirmation Window
2. To confirm the operation, click Yes, or No to abort.
132
CHAPTER 4
Sending and
Retrieving
Configuration
Files
Configuration Screen
By default, configuration files are saved on the SA8250 itself. You
can also send them to and retrieve them from remote TFTP servers.
To send a configuration file to a remote TFTP server:
1. In the Saved Configurations list, click the name of the file you
want to send.
2. In the Send/Receive Configuration box, click Put.
3. In the tftp Host field, type the name of the host where you will
send the file.
4. Optional: In the Remote Directory field, type the directory of
the remote host where you want to save the file.
5. Click Transfer.
To retrieve a configuration file from a remote TFTP server:
1. In the Send/Receive Configuration box, click Get.
2. In the tftp Host field, type the name of the host where you will
retrieve the file.
3. In the Remote File field, type the name of the file you want to
retrieve.
4. Click Transfer.
133
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Tools Screen
The SA8250’s Tools screen provides the following network
diagnostic tools for your convenience:
•
ARP
•
Ether
•
Ping
•
Netstat
•
Nslookup
•
Reboot
•
Trace
•
Traceroute
Tools Screen (defaults to ARP)
134
CHAPTER 4
ARP
Tools Screen
Displays the SA8250’s Address Resolution Protocol (ARP) table. To
use the command:
1. From the Command menu, click arp.
2. Click Run.
After a few seconds, the ARP information displays in the Results
window.
ARP Results
3. To clear the Results window, click Clear.
135
CHAPTER 4
Ether
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Displays the Ethernet interface values. To use the command:
1. From the Command menu, click ether.
2. Click Run.
The Ethernet interface information displays in the Results
window.
Ether Results
3. To clear the Results window, click Clear.
136
CHAPTER 4
Ping
Tools Screen
Ping tests the network connection to another networking device by
sending five ICMP packets from the SA8250 to the target device,
which if it receives them, sends a reply. When the SA8250 receives
the reply, it displays a message reflecting the response time from the
target device. If the SA8250 receives no reply, it displays a message
indicating that the target device is not responding.
To "ping" a network device:
1. From the Command menu, click ping.
2. In the Parameters field, type the host name or IP address of the
target device.
3. Click Run.
After a few seconds, the Ping information displays in the Results
window.
Ping Results
4. To clear the Results window, click Clear.
137
CHAPTER 4
Netstat
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Displays the SA8250’s routing tables. To use the command:
1. From the Command menu, click netstat.
2. (Optional) In the Parameter field, type any parameter from the
options/variables in this table.
Parameter
Description
-I
Can be exp0 or exp1 for dual-homed device
-i
Displays the interface configuration information
-is
Displays the interface statistics
-n
Do not use DNS to resolve IP addresses
-p
Where protocol can be either ip, icmp, igmp,
tcp, or udp
-r
Displays the forwarding table
-rs
Displays the forwarding table statistics
-s
Displays the protocol statistics
none
Displays the active network connections
Netstat Command Parameters
3. Click Run.
After a few seconds, the routing tables display in the Results
window, as shown on the next page.
138
CHAPTER 4
Tools Screen
Netstat -is Results
4. To clear the Results window, click Clear.
139
CHAPTER 4
Nslookup
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Identifies the IP address of a given host, or the host name of a given
IP address. You can use this tool to determine whether the SA8250
can resolve a host name or address, or to get the IP address of a
machine of which you know only the host name. To use the
command:
1. From the Command menu, click nslookup.
2. In the Parameters field, type the host name or IP address of the
target device.
3. Click Run.
After a few seconds, the nslookup information displays in the
Results window.
Nslookup Results
4. To clear the Results window, click Clear.
140
CHAPTER 4
Reboot
Tools Screen
The Reboot command reboots the SA8250. This command requires
no parameters, and when executed prompts for confirmation.
Reboot Confirmation
1. To reboot click Yes, or No to abort.
As the SA8250 reboots, it prompts you to close your browser
window.
Reboot Notification
2. Close all browser windows to ensure that your browser uses the
newly activated administration application.
3. Wait a few minutes (typically three to five) for the SA8250 to
finish rebooting before running the administration application.
141
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Trace
The trace command captures traffic on a network that matches the
given expression. The trace output can be helpful for
troubleshooting network problems.
NOTE: By default,
trace will automatically
exit after 60 seconds. If
the GUI is configured for
a shorter timeout, the
trace information may
be lost. For more details,
see “GUI Tab” in this
chapter.
Syntax:
trace [-aefnNpqStvxX] [-c ]
[-i ] [-s ] [-T ]
-F [-P] -w -H
-D
Switches enclosed in brackets [] are optional. The -w, -F, -H, and -D
switches are required. A complete listing of the switches for the
trace command is found in the table on the next page.
Example:
This command TFTPs my.filter from dhcp8/var/tftpboot/
my.filter to the SA8250, captures five packets (using the
expressions in the my.filter file), and then writes the packet
information to the fred.dump file. Because of the -P switch, the
filter file is not deleted.
trace -c 5 -w fred.dump -F my.filter -H dhcp8
-D /var/tftpboot -P
If the -P switch is not used, the filter file is deleted.
142
CHAPTER 4
Tools Screen
Switch
Description
-a
Attempt to use the DNS to convert address to names
-c
Exit after receiving packets
-D
The TFTP path directory information. Required parameter.
-e
Print the link-level header on each dump line
-f
Print “foreign” Internet addresses numerically, rather than
symbolically
-F
The filter expression file. If this file does not exist on the SA8250,
it is TFTPed from the TFTP host (see the -D and -H options).
Required parameter.
-H
The TFTP host information. Required parameter.
-i
Specify an interface to capture packets from (exp0 or exp1 for
dual-homed devices)
-n
Don't convert addresses to names
-N
Don't print domain name qualification of host names
-p
Change the interface to promiscuous mode (every packet is
captured)
-P
Preserves the filter expression file on the SA8250 for future use, so
that it is not TFTPed after the first use.
-q
Output less protocol information
-s
Capture (snapshot length) bytes of data from each
packet rather than the default of 76 bytes
-S
Output absolute rather than relative TCP sequence numbers
-t
Don't output a timestamp on each dump line
-tt
Output an unformatted timestamp on each dump line
Switches for the Trace Command
143
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Switch
Description
-T
Force packets selected by to be interpreted as the
specified
-v
Slightly more verbose output
-vv
Even more verbose output
-w
The trace output file. Required parameter.
-x
Output each packet in hex
-X
Output each packet in hex and ASCII
Switches for the Trace Command (continued)
The table on the next page lists the primitives for the
filter expression file (-F ).
144
•
If the filter expression file is empty, all packets on the net will be
captured.
•
The primitives can be combined using parentheses
and '!' or 'not', '&&' or 'and', and '||' or 'or'.
CHAPTER 4
Tools Screen
Expression
Evaluation
dst host
True if the IP destination field of the packet is
src host
True if the IP source field of the packet is
host
True if either the IP source or destination field of the packet is
ether dst
True if the ethernet destination address is
ether src
True if the ethernet source address is
ether host
True if either the ethernet source or destination address is
gateway
True if the packet used as a gateway
dst net
True if the IP destination address of the packet has a network
number of
src net
True if the IP source address of the packet has a network number
of
net
True if the IP source or destination address of the packet has a
network number of
net mask
True if the IP address matches with the specific netmask
net /
True if the IP address matches a netmask bits wide
dst port
True if the packet is IP/TCP and has a destination port value of
src port
True if the packet has a source port value of
port
True if either the source port value or destination port has a value
of
ip proto
True if the packet is an ip packet of protocol type ,
where can be "ICMP" or "TCP"
ether broadcast
True if the packet is an ethernet broadcast packet
ip broadcast
True if the packet is an IP broadcast packet
Filter Expression File Primitives
145
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Traceroute
The Traceroute command displays the route that packets travel to the
specified network device. To trace the route from the SA8250 to
another device:
1. From the Command menu, click traceroute.
2. In the Parameters field, type the host name or IP address of the
target device.
3. Click Run.
After a few seconds, the Traceroute information displays in the
Results window.
Traceroute Results
4. To clear the Results window, click Clear.
146
CHAPTER 4
Statistics Screen
Statistics Screen
The SA8250 provides a screen where you can view four different
statistical categories, in a variety of graphical display formats, at the
levels of Device, Service, and Server. Statistical data series are
defined in the main Screen, and subsequently displayed in a separate
window.
The four statistical categories for SA8250s are listed below:
•
Average Connections per Second
•
CPU Utilization
•
Open Connections
•
The SA8250’s Uptime
For services and servers, the available statistics are listed below:
NOTE: Statistics for
open connections in
RICH mode are not
available.
•
Average Response Time (ms)
•
Average Connections per Second
•
Open Connections
•
Service or Server Uptime
To display the Statistics screen:
1. In the Topology screen's toolbar, click the Statistics icon.
Statistics
Screen
Controls
The Statistics Screen, on the next page, is divided into the four
sections or functional areas below:
•
Statistics Box
•
Graph Options
•
Selection List
•
Window Options
•
Selection buttons (the arrows between the Statistics Box and the
Selection List). These are for selecting statistical categories to be
displayed.
•
Graph button to launch the graph display window.
147
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Selection List
Statistics Box
Selection Buttons
(Arrow Buttons)
Graph Options
Graph Button
Window Options
Statistics Screen
Statistics Box
The Statistics box contains controls for you to select the statistics you
want to view graphically, as well as the graph format in which you
want those statistics displayed.
148
•
Type: This pull-down list specifies the type of statistics that are
available: System, Server, or Service.
•
Items: Select the specific System, Services, or Servers whose
statistics you wish to view. You can select multiple like items
from this list.
CHAPTER 4
NOTE: Statistics for
open connections in
RICH mode are not
available.
Statistics Screen
•
Available Statistics: In this graphical display, you can specify
which of the available statistics you want to view. These include
Average Response Time, Average Connections per Second, CPU
Utilization, Open Connections, and Uptime. The available
statistics will depend on your selection from the Type pull-down
list. You can select multiple items in this list.
Graph Options
The Graph Options box contains two controls:
•
Style: This drop down list specifies the style of the graph used to
display the selected statistics for this data series. Available styles
are Plot, Scatter Plot, Bar, Stacking Bar, Area, and Stacking
Area. The style selected in this list applies to each statistical
category at the time it is selected with the right arrow button as
described above.
•
Legend: After the Legend check box is selected, a legend
displays at the bottom of the Graph window for this data series.
This legend identifies each selected statistical category by color
and symbol as it displays on the graph. When disabled, the
legend does not display and the graph display expands to fill the
legend area. It is enabled by default.
To define a statistical data series, follow these steps:
1. Click the type of item whose statistics you want to display
(System, Server, Service).
2. Click the specific item(s).
3. Click the desired statistic.
4. Click the graph type (Plot, Scatter Plot, Bar, etc.).
5. Click the right arrow selection button to the right of the Statistics
box.
6. Verify that your selections display in the Selection list (to the
right of the Statistics box).
7. Repeat steps (1) through (6) above to graph more statistics, if
needed.
149
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Selection List
The Selection List reflects the item (System, Server, Service),
statistical category, and graph type of each defined data series. These
display in the List’s three columns, described below:
•
Items: The specific System, Server, or Service selected in the
Statistics box's Items list.
•
Statistics: The statistical category selected in the Statistics box's
Available Statistics list.
•
Graph Type: The graph type name selected in the Graph
Options' Style drop down menu.
Window Options
The Window Options box includes these controls:
NOTE: Statistics
gathering generates
network overhead, and
increasing the refresh
rate (that is, lowering the
Refresh Intervals value)
increases that overhead.
150
•
Single Graph: Displays all data series in a single composite
graph.
•
Multiple Graphs: Displays each data series in its own graph.
•
X Gridlines: Displays the graph's vertical grid lines (the default
is enabled).
•
Y Gridlines: Displays the graph's horizontal grid lines (the
default is enabled).
•
Refresh Interval(s): The refresh or update rate of the graph in
seconds (the default is five seconds).
•
Maximum Data Points: The number of data points displayed in
the graph. After the maximum number of data points is
displayed, new data points are added to the right of the graph and
the oldest data point is displaced off the left side of the graph.
The graph can display between 1 and 1000 data points, and the
default is 100.
CHAPTER 4
Statistics Screen
Graphing Statistics
NOTE: The graph
parameters, including the
Legend checkbox, can be
changed on the fly, but
the results will not be
displayed in the graph
window (in the figure at
right) until you stop and
restart the graph process
from the Statistics Screen.
1. After you’ve entered the desired parameters into the Statistics
Screen, display the graph (or graphs, if you’ve defined multiple
data series and have enabled Multiple Graphs) by clicking Graph
at the bottom of the Statistics Screen.
Graph Window with Bar Display
The meaning of the graph depends upon the items and statistics
that you have selected. For example, the graph above shows a
bar display of CPU Utilization for one system (SA8250) only.
Although the image is grey scaled in this text, each plot displays
in a unique color identified at the bottom of the graph.
You can use this information to compare performance of multiple
servers in relation to a service and adjust the Max Response Time
for the servers if needed.
151
CHAPTER 4
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Notes
152
Command Line
Interface
CLI Introduction
The HP e-Commerce/XML Director Server Appliance SA8250 can
be fully configured using the Command Line Interface (CLI). The
CLI is accessible by using either the Telnet or the serial port.
Commands exist in a logical hierarchy.
Secure Shell
Support
The SA8250 provides secure shell (SSH) versions 1 and 2 support.
NOTE: The secure shell
is available only when
administering the SA8250
over your network.
1. Launch your SSH client and connect to the SA8250’s IP address.
To use the secure shell:
2. Log on to the secure shell using admin for both the user ID and
password. You can use the change_password command,
discussed in this chapter, to change the CLI password.
CHAPTER 5
Online Help
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
The SA8250 provides online CLI command help in six forms:
1. Type help to describe help features.
2. Type help commands to display the list of commands you can
enter at the current prompt.
3. Type help ttychars to display a list of special terminal
editing characters.
4. Type help for a description of a specific
command or, if relevant, a list of sub-commands you can enter
from within .
5. Type ? to display a path list of commands and parameters
available from the current prompt or forward.
6. Typing ? or help as one of a command’s parameters, that is,
?, displays help regarding the parameters available
for .
Pipes
Any command’s output can be "piped" using the ’|’ symbol with
"grep" or "more."
•
Redirecting a command to more pages that command's output
regardless of the config cli more setting.
•
Redirecting a command to grep displays only the command
output's lines that contain the word specified after grep to be
displayed.
HP SA8250#info | grep SNMP
The above command filters the output of the info command using
grep such that only lines containing "SNMP" are displayed.
•
Pipes to grep can be cascaded.
HP SA8250/config/policygroup/test/service#
info | grep Primary | grep serv1.com
The above command displays only lines containing "Primary"
AND "serv1.com."
•
The output of a command can be redirected to both grep and
more, but the pipe to more must be the last pipe present.
HP SA8250/config/policygroup/test/service#
info | grep Primary | grep serv1.com | more
154
CHAPTER 5
Syntax
Syntax
CLI examples in this chapter use the syntax found in this table.
Syntax
Description
Angled brackets
(< >)
Designates where you enter variable
parameters
Straight brackets
([ ])
Choices of parameters appear between straight
brackets, separated by vertical bars.
Braces ({ })
Optional commands or parameters appear
between braces.
Boldface
Commands that you enter after the CLI prompt
appear in boldface type. The prompt appears in
normal typeface to distinguish it from the
command text.
Vertical bar ( | )
Separates choices of input parameters within
straight brackets. You can choose only one of
the set of choices separated by vertical bars (do
not include the vertical bar in the command).
CLI Command Syntax
155
CHAPTER 5
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Categorical List of CLI Commands
This section lists the SA8250’s CLI commands by functional
category. For more complete details regarding CLI commands, see
“Run-Time CLI Command Reference” later in this chapter.
Global System
Commands
?
!, !!
Tab key
arp
back, ..
box, top, toplevel
exit, logout, quit
ether
force-rwa
halt
help
history
info
list
logout, exit, quit
netstat {options}
nslookup
ping
quit, exit, logout
reboot
remove
reset
top, box, toplevel
toplevel, box, top
trace
traceroute
who
Admin
Commands
config admin info
config admin port
156
CHAPTER 5
File Management Commands
File
Management
Commands
cat
copy
dir
get
put
remove
restore
restore-verbose
save
CLI
Commands
config
config cli delete
config cli info
config cli login-attempts
config cli more [enable | disable]
config cli port
config cli prompt
config cli screenlines
config cli ssh-port
config cli telnet-sessions
config cli timeout
config cli username password
level
config cli users
IRV
Commands
config irv
config irv info
config irv
GUI
Commands
config
config
config
config
gui
gui
gui
gui
broker-action
info
response-timeout
server-action
157
CHAPTER 5
HP e-Commerce/XML Director Server Appliance SA8250 User Guide
Routing
Commands
config route ospf-area [backbone | ]
config route ospf-hello
config route ospf-dead
config route ospf-authtype [none | simple
ospf-authkey | md5 [ospf-authkey
md5 keyid ]
config route protocol [rip | ospf | none]
config route rip-version
config route role [standalone | primary |
backup]
Policy Group
Commands
config policygroup create
config policygroup delete | -all
config policygroup service
header-names [certificate |
cipher-used | source-ip
| ssl-id ]
config policygroup throttle [enable |
disable]
Service
Commands
config policygroup service create
vip port {type
[TCP | UDP | RICH_HTTP]} {sticky [disable|
src-ip | cookie]} {sticky-timeout }
{backups [enable | disable]} {response
} {priority } {balancing
[load | robin]} {server-timeout }
config policygroup service delete
[ | -all ]
config policygroup service
{enable} {disable} {balancing [robin | load]}
{sticky [disable | src-ip | cookie]}
{sticky-timeout } {backups [enable |
disable]} {response } {dup-syn
} {priority }
{server-timeout }
config policygroup service header
config policygroup service headernames [certificate | cipher-used
| source-ip | ssl-id ]
config policygroup service
xml-well-formed (enabled | disabled)
158
CHAPTER 5
Server Commands
Server
Commands
config policygroup service server
create port {type [primary |
backup | disabled]} {mode [brokered | sap |
opr]} {msap [enable | disable]}{606 [enable |
disable]} {http [enable | disable]}
config policygroup service
server delete port | -all
config policygroup service server
port {mode [brokered | sap |
opr]} {type [primary | backup]{msap [enable |
disable]}{606 [enable | disable]} {http
[enable | disable] {xmlpattern create
| xmlpattern delete | xmlpattern info}
System
Commands
config sys
config sys autoboot [enable | disable]
config sys hosts info
config sys hosts delete
config sys hosts add alias
{alias2 alias3
alias4 alias5