Sun Fire B10p SSL Proxy Blade Administration Guide

Sun Fire B10p SSL Proxy Blade Administration Guide

817-0826-11

Contents

Declaration of Conformity

Regulatory Compliance Statements

Safety Agency Compliance Statements

1. Product Overview

Hardware and Software Overview

Software Architecture

Command Line and Console Interfaces

Application Software

Hardware and Software Requirements

Product Features

Supported Protocols

The Role of the SSL Proxy Blade

Topology Fundamentals

The Role of the B10p SSL Proxy Blade

Failover Alternatives

Why VLANs are Required for the Sun Fire B10p SSL Proxy Blade

System Integration

2. Installing the Blade and Setting Up the System

Installing the Blade

small space To Install the Blade

Location of Ports

Connecting to the 10/100/1000BASE-T Data Network Ports

Serial Port Pin Numbers

Powering On the SSL Proxy Blade

Powering Off the SSL Proxy Blade

Powering Off With an Orderly Shut Down of the SSL Software

small space Forcing the Power Off

small space Powering Off an SSL Proxy Blade Without Requiring the Confirmation Prompt

small space Powering an SSL Proxy Blade Down to Standby Mode to Save Power

small space Powering Off an SSL Proxy Blade Before Removal

Upgrading the Sun Fire B10p SSL Proxy Blade Software

3. Initial Configuration

Initializing the SSL Proxy Blade

small space To Initialize the SSL Proxy Blade

small space To Create Keys and Certificates

small space To Create Services for the Servers

small space To Verify and Save the Configuration

small space To Set Up a Telnet Session

4. Setting Up Sun Fire Blades for Load Balancing SSL Traffic

Setting Up for Load Balancing SSL Traffic

Setting Up the Sun Fire B10n Content Load Balancing Blade

small space To Configure the Network Interface and VLAN

small space To Configure the SSL Proxy Blade

small space To Verify the SSL Proxy Blade Configuration on the B10n Content Load Balancing Blade

small space To Configure a Layer 7 SSL Service on a B10n Content Load Balancing Blade

Setting Up the SSL Proxy Blade

small space To Access the SSL Proxy Blade Console

small space To Set Up the SSL Proxy Blade

Setting Up the Router

Setting Up the Sun Fire B1600 Switch

small space To Get to the Sun Fire B1600 Switch Console

small space To Set Up the Sun Fire B1600 Switch

small space To Create VLANs

Setting Up Sun Fire B100s Solaris Server Blades

Setting Up Clients/External Routers

5. Command-Line Interface

Command-Line Interface Basics

User Access Commands

Concurrent User Commands

Global Commands

Global Command Examples

System State Commands

Commands and Processing States

SSL Traffic Commands

TCP Port Numbers

small space To Display the Current TCP Port Settings

small space To Set the TCP Port Numbers

small space To Show HTTPS Forwarding

small space To Set HTTPS Forwarding

Traffic Port Network Settings

small space To Display the Current Link Settings

small space To Set the Link Availability for Ports

Network Interfaces

small space To Display the Current Interface Settings

small space To Display the Current Router Information

Configuration Storage

Configuration Management Commands

small space To Display Differences Between Configurations

small space To Reset the Default Configuration Settings

small space To Reset the Configuration

small space To Save the Configuration

Import and Export

small space To Export the Active Configuration Using FTP

small space To Export the Active Configuration Using TFTP

small space To Import the Active Configuration Using FTP

small space To Import the Active Configuration Using TFTP

Keys and Certificates

small space To Create a Self-Signed Certificate.

small space To Create a CA-Signed Certificate.

small space To Import a Certificate From a Server

Certificate Formats

Certificate Management Commands

small space To Display Information About Keys

small space To Create a Key

small space To Delete a Key

small space To Import a Key Using FTP

small space To Import a Key Using TFTP

small space To Import a Key

small space To Export a Key Using FTP

small space To Export a Key Using TFTP

small space To Export a Key

small space To Create a Certificate

small space To Import a Certificate Using FTP

small space To Import a Certificate Using TFTP

small space To Import a Certificate

small space To Export a Certificate Using FTP

small space To Export a Certificate Using TFTP

small space To Export a Certificate

Setting Default Information for Certificates

small space To Display the Default Settings for Creating Certificates

small space To Set the Default Certificate Parameters

Creating a Certificate Signing Request (CSR)

small space To Create A Certificate Signing Request

small space To Export a Certificate Signing Request Using FTP

small space To Export a Certificate Signing Request Using TFTP

small space To Export a Certificate Signing Request

Service Commands

small space To Create a Service

small space To Delete a Service

small space To Display Current Services

small space To Display Available Ciphers

DNS Name for a Service

small space To Create a New Service With a DNS Name (IP=0.0.0.0)

small space To Display DNS Server Settings

small space To Set the DNS Server Settings

small space To Send a ping Request

small space To Display the Serial Port Settings

small space To Set the Number of Lines for a Telnet Session

small space To View the Global Accumulated Statistics

small space To View the Global Detailed Statistics

small space To View the Service Statistics

small space To Reset the Statistics

Event Logging Commands

Log Destination

6. Upgrading the Application Software and the BSC Firmware

Software Architecture

Setting Up a TFTP Server

small space To Set Up a TFTP Server

Upgrading the Application Software From a VLAN-Capable Server

Executing Boot Upload Commands

small space To Execute Boot Upload Commands Using an FTP Server

small space To Execute Boot Upload Commands Using a TFTP Server

Verifying the Upgrade

Reverting to a Previous Software Version

boot activate

boot upload-tftp

Upgrading the Application Software From a non-VLAN-Capable Server

small space To Update the Image From a Non-VLAN-Capable Server

Upgrading the BSC Firmware

A. Security Primer

Symmetric Key Encryption

Public Key Encryption

Secure Socket Layer

SSL Accelerators

Sessions Per Second

Concurrent Sessions

Bulk Encryption Data Rate

Authenticated Software Upgrades

SSL Proxy Blade Security Features

Tamper Protection

Configuration Back Up

Supported Ciphers

B. Application Notes

Web Server Configuration

Redundant Systems

Fail Over Unit Setup

C. Requesting a Certificate

Managing Keys and Certificates

Key Management Features

D. Boot Information

E. SSL Statistics

Persistence of Statistics Counters

Statistics Counters Important to SSL Proxy Blade

SSL Connection vs. SSL Session

Session ID Reuse

Variable Descriptions

Transactions Per Second (TPS)

Concurrent Connections

SSL Handshakes With Reused Session IDs

Number of Dropped Reuse ID Requests (Persistent)

F. Troubleshooting

SSL Proxy Blade Troubleshooting Information Sources

Basic Troubleshooting Principles

Most Common Problems for the SSL Proxy Blade

G. Alphabetical Command Reference

Copyright © 2004, Sun Microsystems, Inc. All rights reserved.