Intel A31032-001 Manuale utente

Categoria
Networking
Tipo
Manuale utente

Questo manuale è adatto anche per

Intel® NetStructure™
7110/7115
e-Commerce
Accelerator
Version 2.3
User Guide
A31032-001
Copyright
Copyright © 2000 Intel Corporation. All Rights Reserved.
This User Guide as well as the software described in it is furnished
under license and may only be used or copied in accordance with the
terms of the license. The information in this manual is furnished for
informational use only, is subject to change without notice, and
should not be construed as a commitment by Intel Corporation. Intel
Corporation assumes no responsibility or liability for any errors or
inaccuracies that may appear in this document or any software that
may be provided in association with this document.
Information in this document is provided in connection with Intel®
products. No license, express or implied, by estoppel or otherwise, to
any intellectual property rights is granted by this document. Except as
provided in Intel’s Terms and Conditions of Sale for such products,
Intel assumes no liability whatsoever, and Intel disclaims any express
or implied warranty, relating to sale and/or use of Intel® products
including liability or warranties relating to fitness for a particular
purpose, merchantability, or infringement of any patent, copyright or
other intellectual property right. Intel products are not intended for
use in medical, life saving, or life sustaining applications.
Intel may make changes to specifications and product descriptions at
any time, without notice.
Trademarks
Intel, NetStructure™ 7110 e-Commerce Accelerator, and
NetStructure™ 7115 e-Commerce Accelerator are trademarks of or
trademarks applied for by Intel Corporation.
§ Other product and corporate names may be trademarks of other
companies and are used only for explanation and to the owners’
benefit, without intent to infringe.
Intel Corporation
Network Equipment Division
13280 Evening Creek Drive
San Diego, California 92128-4102
USA
July 28, 2000 A31032-001
Table of Contents
Chapter 1: Introduction
About this User Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
New in This Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Who Should Use this Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
How to Use this Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Chapter 2: Installation and Initial Configuration
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Installing the 7110/7115 Free-Standing or in a Rack . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Rack Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Free-Standing Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Network Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Status Check. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
C O N T E N T S Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide
iv
Network and Server LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Inline LED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Admin Terminal Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
HyperTerminal§ Paste Operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Server and Network LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Continuing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Chapter 3: Theory of Operation
Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Single Server Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Multiple Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
Working with Internet Traffic Management (ITM) Devices . . . . . . . . . . . . . . . . . . 3-3
Positioning 7110/7115 between ITM Device and Client Network . . . . . . . . . . . 3-3
Positioning 7110/7115 between ITM Device and Server . . . . . . . . . . . . . . . . . . 3-4
Multiple 7110/7115s and Cascading Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Scalability and Cascading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Spilling and Throttling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Keys and Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Cutting and Pasting with HyperTerminal§ . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
Obtaining a Certificate from VeriSign§ or Other Certificate Authority . . . . . . . 3-7
Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7
Exporting a Key/Certificate from a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10
Apache Interface to Open SSL§ (mod_ssl). . . . . . . . . . . . . . . . . . . . . . . . . . 3-10
Apache SSL§. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11
Stronghold§. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12
Importing into the 7110/7115 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12
Creating a new Key/Certificate on the 7110/7115. . . . . . . . . . . . . . . . . . . . . . . 3-14
Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14
Global Site Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15
Global Site Certificate Paste Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16
Redirection: Clients and Unsupported Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17
Client Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18
Creating a Client CA Certificate using OpenSSL§ . . . . . . . . . . . . . . . . . . . . . . 3-20
SSL Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21
Table of Contents
v
Mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21
Automapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21
Automapping with user-specified key and certificate. . . . . . . . . . . . . . . . . . 3-22
Automapping with multiple port combinations . . . . . . . . . . . . . . . . . . . . . . 3-22
Deleting automapping entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22
Manual mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22
Combining automapping and manual mapping . . . . . . . . . . . . . . . . . . . . . . 3-23
Blocking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23
Specific IP, Specific Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23
Subnet IP, Specific Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24
All IPs, Specific Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24
Delete a Block. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25
Failure Conditions, Fail-safe, and Fail-through . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26
Chapter 4: Scenarios
Syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Scenario 1—Single Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Procedure for Scenario 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Automapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Manual Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Scenario 2—Multiple Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Procedure for Scenario 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Scenario 3—Multiple 7110/7115s, Cascaded. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
Assumptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
Procedure for Scenario 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Scenario 4—Different Ingress and Egress Routers . . . . . . . . . . . . . . . . . . . . . . . . 4-10
Procedure for Scenario 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
Chapter 5: Command Reference
Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Command Line Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Abbreviation to Uniqueness. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Moving the Insertion Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Cut and Paste . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
C O N T E N T S Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide
vi
Command Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Command Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11
Help Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11
Status Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11
SSL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12
Port Mapping Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22
Operational Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-25
Remote Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-27
Alarms and Monitoring Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-34
Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-38
Administration Commands
Logging Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-44
Chapter 6: Remote Management
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Limitations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Remote Management CLI Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Remote Telnet Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4
Local Serial Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4
Remote Console, Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5
Changing the Telnet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5
Disabling Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6
Remote SSh Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6
Local Serial Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6
Remote Console, SSh. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7
Changing the SSh Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7
Disabling SSh. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8
Standards Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9
Intel MIB Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9
Supported MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10
Where to find MIB Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10
Enterprise Private MIB Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11
Trap Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16
Standard SNMP Traps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16
Private Traps in ssl-appliance-mib.my . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16
Enabling SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17
Table of Contents
vii
Specifying SNMP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
Community String. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19
Trap Community String . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20
Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-21
Chapter 7: Alarms and Monitoring
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Alarm Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
ESC: Encryption Status Change Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
Alarm Modifiers and Messages: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
RSC: Refused SSL Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
Extended Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
RSC Alarm CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
UTL: Utilization Threshold Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5
Alarm Modifiers and Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5
Extended Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6
UTL Alarm CLI commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6
OVL: Overload Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7
Alarm Modifiers and Messages: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7
Extended Data: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7
OVL Alarm CLI Commands: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7
NLS: Network Link Status Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8
Alarm modifiers and messages: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8
Extended Data: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8
Alarm Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8
Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-13
Monitoring Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-13
Report Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-13
Monitoring Reports CLI Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-14
Chapter 8: Software Updates
Using Windows§ HyperTerminal§. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Using Unix§ ‘cu’ and uuencoded image file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
C O N T E N T S Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide
viii
Chapter 9: Troubleshooting
Appendix A: Front Panel
Buttons and Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2
Front Panel LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2
Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4
Appendix B: Failure/Bypass Modes
Bypass Button. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2
Fail-through Switch (Security Level) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2
Appendix C: Supported Ciphers
Cipher Strength. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-1
SSL Version Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2
Appendix D: Regulatory Information
Appendix E: Terms and Conditions and Software License
Glossary
Support Services
List of Figures
Mounting Bracket Orientation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Wiring Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Front Panel Connectors and LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
7110/7115 in Single Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
7110/7115 in Multiple Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
7110/7115 Between Router and ITM Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
7110/7115s Between ITM Device and Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Cascaded 7110/7115s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Single 7110/7115, Single Server Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Single 7110/7115, Multiple Server Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Multiple (Cascaded) 7110/7115s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Installation with Ingress and Egress Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
F I G U R E S Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide
xii
Intel’s MIB Tree (top level) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9
Front Panel Connectors, Controls, and Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
Front Panel Detail: Failure/Bypass Mode Controls and Indicators . . . . . . . . . . . . . B-2
Introduction
Congratulations on your choice of the Intel® NetStructure™ 7110/
7115 e-Commerce Accelerator. The processing of secure transactions
through Secure Socket Layer (SSL) can occupy up to 90% of even the
largest servers’ CPU power and can degrade response time
significantly. The 7110/7115 provides a completely transparent way
to increase the performance of Web sites for SSL transactions. The
7110/7115 is positioned in front of the server farm, where it intercepts
SSL transactions, processes them, and relays them to the servers. The
7110/7115 performs all encryption and decryption management in
this environment with a minimum of administrator interaction.
About this User Guide
This User Guide supports the Intel® NetStructure™ 7110 e-Com-
merce Accelerator and the Intel® NetStructure™ 7115 e-Commerce
Accelerator. By default this text refers to the product as “7110/7115.”
Where appropriate, the text refers to “7110” or “7115.” Additionally,
notes in the left-hand margin may be used to distinguish the two prod-
ucts. Illustrations of the command prompt use “
Intel 7115>.”
C H A P T E R 1 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide
1-2
New in This Release
New features in the Intel® NetStructure™ 7110/7115 e-Commerce
Accelerator include:
Improved performance: Threefold increase in SSL connections
processed per second—from 200 to 600 (7115 only)
More certificate mappings: Up to 1000 certificate mappings
supported
Remote Management:
Telnet—standard remote access to the Command Line
Interface (CLI) with new “Console Monitoring” features
SSh—complete, secure CLI access with new “Console
Monitoring” features
SNMP—Includes both Private Enterprise MIB and MIBII
functionality
Alarms: The 7110/7115 can be configured to display—at the
administration console or a remote management session (Telnet
and SSh)—autonomous one-line reports of the following
exceptional conditions:
Encryption status change
Refused SSL connections
Threshold alerts
Overload alerts
Network link status
C H A P T E R 1 Who Should Use this Book
1-3
Monitoring: Users can now configure the 7110/7115 to send
periodic multi-status reports to the administration console or a
remote management session (Telnet and SSh). Monitor reports
include such information as:
Inline/bypass mode
Failsafe/failthrough mode
•CPU status
SSL connections status
Network interface status
Server interface status
Rate of encryption/decryption
Who Should Use this Book
This User Guide is intended for administrators with the following
background:
Familiarity with networking concepts and terminology.
Basic knowledge of network topologies.
Basic knowledge of networks and IP routing.
Some knowledge of SSL, keys, and certificates.
Knowledge of Web servers.
Before You Begin
7110/7115 setup can be divided into three basic procedures:
Physically install single or multiple 7110/7115s with single or
multiple servers.
Configure your 7110/7115 in the Command Line Interface.
Identify existing certificates or obtain new ones you wish to use
in SSL operations.
C H A P T E R 1 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide
1-4
How to Use this Book
The information in this book is organized as follows:
Chapter 1: Introduction provides an introduction and overview
of the 7110/7115, and a summary of new features.
Chapter 2: Installation and Initial Configuration contains
installation and initial configuration procedures. (This material is
also discussed in the separate Quick Start Guide.)
Chapter 3: Theory of Operation explains the general principles
behind 7110/7115 operation.
Chapter 4: Scenarios provides examples of 7110/7115
configurations, together with specific procedures for their
implementation.
Chapter 5: Command Reference explains the Command Line
Interface (CLI), and lists the commands and their functions.
Chapter 6: Remote Management details how you can use Telnet,
Secure Shell (SSH), and SNMP to manage the 7110/7115 from
remote locations.
Chapter 7: Alarms and Monitoring explains the ways in which
you can configure the device to report information to you, either
routinely or as a result of abnormal events or conditions.
Chapter 8: Software Updates provides procedures for obtaining
7110/7115 system software updates.
Chapter 9: Troubleshooting is a table containing symptoms of
problems you may encounter with corresponding likely causes
and remedies.
Appendix A: Front Panel diagrams and explains the 7110/7115’s
front panel LEDs, buttons, and connections.
Appendix B: Failure/Bypass Modes explains how the 7110/7115
deals with failure conditions and details the bypass function.
Appendix C: Supported Ciphers lists the supported encryption
ciphers.
Appendix D: Regulatory Information provides information
regarding the 7110/7115s compliance with applicable
regulations.
C H A P T E R 1 How to Use this Book
1-5
Appendix E: Terms and Conditions contains the software license
and terms and conditions of user of this product.
Glossary defines terms appearing in this User Guide.
C H A P T E R 1 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide
1-6
Notes
Installation and Initial
Configuration
Intel® NetStructure™ 7110/7115 e-Commerce Accelerator
installation and initial configuration instructions are in this chapter.
Before You Begin
WARNING: Do not
remove the cover. There
are no user-servicable
parts inside.
Before you begin installation, you need the following:
IP address for 7110/7115 (only if you intend to use the Remote
Management)
IP addresses and ports of servers.
Keys/certificates. See Chapter 3 for information on obtaining
keys and certificates.
Network cables, such as straight-through and/or crossover
cables. (Procedures in the section,“Wiring Connections” in this
chapter will identify the types of cables you must use.) If you are
installing the 7110/7115 in a rack, you will also need:
Phillips screwdriver
Rack-mounting screws
C H A P T E R 2 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide
2-2
Installing the 7110/7115 Free-
Standing or in a Rack
The Intel® NetStructure™ 7110/7115 e-Commerce Accelerator is
physically installed in either of two ways:
In a standard 19” rack, cantilevered from the provided mounting
brackets
Free-standing on a flat surface with sufficient space for air-flow
Rack Installation
Rack mounting requires the use of the mounting brackets, and all four
of the included Phillips screws.
1. Locate the two mounting brackets and the four screws. (Two
screws for each bracket.)
2. Attach a mounting bracket to each side of the 7110/7115, using
two of the provided screws for each bracket. Use the holes near
the front of the 7110/7115’s sides. The brackets have both round
and oval holes; the flange with round holes attaches to the 7110/
7115, the oval holes to the rack.
Figure 2-1: Mounting Bracket Orientation
C H A P T E R 2 Installing the 7110/7115 Free-Standing or in a Rack
2-3
3. Position the 7110/7115 in the desired space of your 19” rack and
attach the front flange of each mounting bracket to the rack with
two screws each. (Rack-mounting screws are not provided.)
Free-Standing Installation
1. Attach the provided self-adhesive rubber feet to the 7110/7115’s
bottom.
2. Place the 7110/7115 on a flat surface and make sure that there is
adequate airflow surrounding the unit (allow at least one inch of
air space on all sides).
Network Connections
1. Use the “Network Cable Requirements” table near the beginning
of this guide to select and install the the appropriate cables.
NOTE: Never connect
both ports to the same
network segment (e.g., to
the same hub or switch).
Doing so creates a
feedback loop that
adversely effects network
bandwidth.
2. Connect the provided power cable to the back of the unit. (There
is no power switch.) Under normal circumstances, the 7110/7115
requires approximately 30 seconds to boot. When the boot is
complete, the unit’s Power LED is steadily illuminated. (If the
Power LED is not steadily illuminated, see Chapter 9,
“Troubleshooting.)
3. If the Inline LED is neither steadily illuminated or blinking, press
the Bypass switch.
4. At this point both the Network and Server LEDs should be
steadily illuminated. If not, please see Chapter 9,
“Troubleshooting.
Figure 2-2: Wiring Connections
Intel® NetStructure™ 7110/7115 e-Commerce Accelerators
Hub/Router/Switch
Server
C H A P T E R 2 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide
2-4
Status Check
Before proceeding to the PC Initialization section, take a moment to
verify that the 7110/7115 is correctly connected.
Network and Server LEDs
Verify that the Network and Server LEDs are both illuminated. If one
or both are not, refer to the Troubleshooting section at the end of this
chapter.
Inline LED
A blinking Inline LED indicates that the system is online in Fail-safe
mode. Refer the Troubleshooting section at the end of this chapter or
Appendix B, “Failure/Bypass Modes.”
Admin Terminal Connection
Run HyperTerminal§ or a similar terminal emulator on your PC. The
steps below are illustrative of HyperTerminal§. Other terminals will
require different procedures.
1. Use the serial cable provided with the 7110/7115 to connect the
device’s serial port (the left-hand serial port labeled “Console”)
to the serial port of any terminal. (A PC running Windows
HyperTerminal§ is used here as an example.)
Figure 2-3: Front Panel Connectors and LEDs
Network Link
(RJ45)
Server Link
(RJ45)
Network Link
(green)
Server Link
(green)
Console
Power Error Overload Activity
(green) (red) (amber) (green)
Inline
(green)
Aux Console
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154
  • Page 155 155
  • Page 156 156
  • Page 157 157
  • Page 158 158
  • Page 159 159
  • Page 160 160
  • Page 161 161
  • Page 162 162
  • Page 163 163
  • Page 164 164
  • Page 165 165
  • Page 166 166
  • Page 167 167
  • Page 168 168
  • Page 169 169
  • Page 170 170
  • Page 171 171
  • Page 172 172
  • Page 173 173
  • Page 174 174
  • Page 175 175
  • Page 176 176
  • Page 177 177
  • Page 178 178
  • Page 179 179
  • Page 180 180
  • Page 181 181
  • Page 182 182
  • Page 183 183
  • Page 184 184
  • Page 185 185
  • Page 186 186
  • Page 187 187
  • Page 188 188
  • Page 189 189
  • Page 190 190
  • Page 191 191
  • Page 192 192
  • Page 193 193
  • Page 194 194
  • Page 195 195
  • Page 196 196

Intel A31032-001 Manuale utente

Categoria
Networking
Tipo
Manuale utente
Questo manuale è adatto anche per

in altre lingue