Radware s AppDirector. And. SAP Enterprise Portal and Composite Applications Server. Integration Guide

Similar documents
Converged Application Server and Radware AppDirector Solution Guide

Radware AppDirector Load Balancing Microsoft LCS servers, LCS Director and LCS Access Proxy Servers.

AppDirector and AppXcel With Oracle Application Server 10g Release 3 ( ) - Oracle SOA Suite Enterprise Deployment

Radware's Application Front End solution for Microsoft Exchnage 2003 Outlook Web Access (OWA)

Deployment Guide AX Series with Oracle E-Business Suite 12

Oracle E-Business Suite 11i with Cisco ACE Series Application Control Engine Deployment Guide, Version 1.0

AppDirector Redundancy Mechanism

Deployment Guide. Blackboard Learn +

DEPLOYMENT GUIDE. Deploying F5 for High Availability and Scalability of Microsoft Dynamics 4.0

HP Load Balancing Module

Oracle 10g Application Server Suite Deployment with Cisco Application Control Engine Deployment Guide, Version 1.0

F5 BIG-IQ Centralized Management: Local Traffic & Network. Version 5.2

Load Balancing Microsoft IIS. Deployment Guide v Copyright Loadbalancer.org

Brocade Virtual Traffic Manager and Parallels Remote Application Server

DEPLOYMENT GUIDE Version 1.0. Deploying F5 with Oracle Fusion Middleware WebCenter 11gR1

BIG-IQ Centralized Management: ADC. Version 5.0

DEPLOYMENT GUIDE DEPLOYING F5 WITH ORACLE ACCESS MANAGER

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

Overview. ACE Appliance Device Manager Overview CHAPTER

Configuring Virtual Servers

BlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0. Administration Guide

Manage Your Inventory

System Description. System Architecture. System Architecture, page 1 Deployment Environment, page 4

Load Balancing Microsoft Sharepoint 2010 / Deployment Guide v Copyright Loadbalancer.org, Inc

Microsoft Exchange Server 2013 and 2016 Deployment

BIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0

DEPLOYMENT GUIDE A10 THUNDER ADC FOR EPIC SYSTEMS

Alteon Virtual Appliance (VA) version 29 and

VMware Horizon View Deployment

Quick Start Guide, Cisco ACE 4700 Series Application Control Engine Appliance

Load Balancing Technology White Paper

Vendor: Citrix. Exam Code: 1Y Exam Name: Citrix NetScaler 10.5 Essentials and Networking. Question Question 160

DEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP Access Policy Manager with IBM, Oracle, and Microsoft

High Availability Synchronization PAN-OS 5.0.3

A10 Thunder ADC with Oracle E-Business Suite 12.2 DEPLOYMENT GUIDE

Cisco Wide Area Application Services: Secure, Scalable, and Simple Central Management

Finding Support Information for Platforms and Cisco IOS Software Images

Using ANM With Virtual Data Centers

vserver vserver virtserver-name no vserver virtserver-name Syntax Description

Peplink Balance Multi-WAN Routers

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

DEPLOYMENT GUIDE Version 1.1. Deploying F5 with IBM WebSphere 7

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0. Feature and Technical Overview

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide

HP Load Balancing Module

Configuring VIP and Virtual Interface Redundancy

BlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0. Feature and Technical Overview

HP VPN Firewall Appliances

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Access Policy Manager with Oracle Access Manager

Abstract. Avaya Solution & Interoperability Test Lab

User Guide TL-R470T+/TL-R480T REV9.0.2

Load Balancing Bloxx Web Filter. Deployment Guide v Copyright Loadbalancer.org

Unified Load Balance. User Guide. Issue 04 Date

Monitoring WAAS Using WAAS Central Manager. Monitoring WAAS Network Health. Using the WAAS Dashboard CHAPTER

DEPLOYMENT GUIDE HOW TO DEPLOY MICROSOFT SHAREPOINT 2016 WITH A10 THUNDER ADC

What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1

F5 Networks F5LTM12: F5 Networks Configuring BIG-IP LTM: Local Traffic Manager. Upcoming Dates. Course Description. Course Outline

DPX8000 Series Deep Service Switching Gateway User Configuration Guide Probe Service Board Module v1.0

Configuring Cache Services Using the Web Cache Communication Protocol

Configuring SAP Targets and Runtime Users

EdgeConnect for Amazon Web Services (AWS)

Cisco TelePresence VCS Cluster Creation and Maintenance

Viewing System Status, page 404. Backing Up and Restoring a Configuration, page 416. Managing Certificates for Authentication, page 418

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

Deployment Guide Apr-2019 rev. a. Array Networks APV/vAPV Series ADCs and eclinicalworks Application Servers

DPtech IPS2000 Series Intrusion Prevention System User Configuration Guide v1.0

Etanova Enterprise Solutions

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

DEPLOYMENT GUIDE. Load Balancing VMware Unified Access Gateway

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Load Balancing Microsoft IIS. Deployment Guide v Copyright Loadbalancer.org, Inc

Setting up Microsoft Exchange Server 2016 with Avi

Configuring Real Servers and Server Farms

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

RELEASE NOTES: Web OS Great America Parkway Santa Clara, CA Phone Nortel

Configuration Guide TL-ER5120/TL-ER6020/TL-ER REV3.0.0

Deploying F5 with Microsoft Active Directory Federation Services

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Access Policy Manager v with Oracle Access Manager

Load Balancing Microsoft AD FS. Deployment Guide v Copyright Loadbalancer.org

Gigabit SSL VPN Security Router

WhatsConnected v3.5 User Guide

VMware Enterprise Systems Connector Installation and Configuration. JULY 2018 VMware Identity Manager 3.2 VMware Identity Manager VMware AirWatch 9.

Novell Access Manager

Secure and Optimize Application Delivery, Performance, and Reliability

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP System v9.x with Microsoft IIS 7.0 and 7.5

DEPLOYMENT GUIDE DEPLOYING THE BIG-IP SYSTEM WITH BEA WEBLOGIC SERVER

Load Balancing Censornet USS Gateway. Deployment Guide v Copyright Loadbalancer.org

Configuring High Availability (HA)

Configuring the Cisco APIC-EM Settings

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

HP Network Node Manager 9: Getting Started. Manage your network effectively with NNMi. Marius Vilemaitis. J enterprise PUBLISHING MUMBAI BIRMINGHAM

Blue Coat ProxySG First Steps Transparent Proxy Deployments SGOS 6.7

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

LDAP Directory Integration

Cisco Expressway Cluster Creation and Maintenance

Introduction to Change and Configuration Management

WhatsConfigured v3.1 User Guide

Manage Your Inventory

Transcription:

Radware s AppDirector And SAP Enterprise Portal and Composite Applications Server Integration Guide Products: Radware AppDirector Software: AppDirector version 2.14.01 Platform: On-Demand Switch II http://www.radware.com/products/applicationdelivery/appdirector/default_techspec.aspx SAP NetWeaver 7.0-1 -

Table of Contents Joint Solution Overview... 3 SAP NetWeaver 7.0 Overview... 3 Diagram 1.0 SAP NetWeaver 7.0 Architecture... 3 Architecture of the SAP NetWeaver Application Server... 5 Diagram 2.0 - Load balancing between many SAP NetWeaver AS instances... 5 Diagram 3.0 - SAP NetWeaver AS Architecture... 6 Radware AppDirector Overview... 8 Deployment Notes... 9 AppDirector and SAP Architecture... 9 Table 1 AppDirector Configuration... 10 Diagram 4.0 - AppDirector and SAP Reference Architecture... 11 Diagram 5.0 - AppDirector and SAP Testing Topology... 12 Primary Portal AppDirector Configuration... 13 Network Configuration... 14 Farm Configuration... 14 Servers Configuration... 14 HTTP Policy Configuration... 15 SSL Policy Configuration... 15 Layer 4 Configuration... 16 AppDirector Health Monitoring... 16 NAT Configuration... 17 General Redundant Configuration Notes... 17 Primary Portal AppDirector VRRP Configuration... 17 Mirroring Configuration... 18 Auto-Generate the Portal Backup AppDirector Configuration... 19 Setting up basic IP connectivity on the Backup AppDirector... 19 Auto Generating the Backup Configuration from the Primary AppDirector... 19 Upload the Backup Configuration file to the device... 20 Primary Composite AppDirector Configuration... 21 Network Configuration... 22 Farm Configuration... 22 Servers Configuration... 23 HTTP Policy Configuration... 23 SSL Policy Configuration... 23 Layer 7 Configuration... 24 Layer 4 Configuration... 26 AppDirector Health Monitoring... 26 NAT Configuration... 27 General Redundant Configuration Notes... 28 Primary Composite AppDirector VRRP Configuration... 28 Mirroring Configuration... 29 Auto-Generate the Backup Composite AppDirector Configuration... 29 Setting up basic IP connectivity on the Backup AppDirector... 29 Auto Generating the Backup Configuration from the Primary AppDirector... 30 Upload the Backup Configuration file to the device... 30 Appendix 1 Portal AppDirector Configuration File... 31 Appendix 2 Composite AppDirector Configuration File... 33 Appendix 3 Certificates and Keys... 35-2 -

Joint Solution Overview The Radware and SAP joint solution ensures SAP customers solution resilience, efficiency, scale and security. AppDirector provides advanced health monitoring to avoid system down time and advanced traffic management to deliver a best of breed subsystem. With a pay as you grow platform licensing model, AppDirector ensures long term investment protection facilitating incremental growth demanded by today s business. SAP NetWeaver 7.0 Overview NetWeaver is essentially the integrated stack of SAP technology products. The SAP Web Application Server (sometimes referred to as WebAS) is the runtime environment for the SAP applications all of the mysap Business Suite solutions (SRM, CRM, SCM, PLM, ERP) run on SAP WebAS. Diagram 1.0 SAP NetWeaver 7.0 Architecture - 3 -

Process Integration The SAP NetWeaver Process Integration (SAP NetWeaver PI) provides enterprise-class, service-oriented architecture (SOA) middleware to perform application-to-application (A2A) and business-to-business (B2B) integration, and to accelerate composite application development. SAP NetWeaver Application Server is a component of the NetWeaver solution which works as a web application server to SAP solutions. Features and functions of SAP NetWeaver AS include: Security Supports state-of-the-art Internet security standards such as HTTPS, Secure Sockets Layer (SSL), and Lightweight Directory Access Protocol (LDAP). SAP NetWeaver AS provides secure communication among all client and server components, authentication and single sign-on capabilities, central user administration, digital certificates, digital signatures, and auditing capabilities. Persistence layer support Supports platform-independent Web services and business applications, along with standards-based development built on technologies such as J2EE and ABAP. SAP NetWeaver AS works with all open technology platforms including leading hardware, operating systems, and databases based on open standards. Open SQL for Java enables developers to access a relational database in a portable and efficient manner. Deployment Includes integrated deployment capabilities to run applications and a repository to manage versions. SAP NetWeaver AS also provides a file storage medium that combines flexible use of the local file system with secure and efficient storage of a relational database on a central server. Scalability, performance, and high availability Enables scalable, high-performance business processes, primarily through sophisticated, business-driven caching and dispatching techniques. SAP NetWeaver AS provides high performance through its architecture along with proven SAP transaction capabilities in a distributed environment. The component ensures high availability by automatic distribution of requests to other SAP NetWeaver Application Server instances, should one server be unavailable. Software logistics and life-cycle management Provides sophisticated change management and transport services support not only in initial implementation of an application, but also through continuous changes resulting from business or organizational changes, or implementation of additional functions. Comprehensive software logistics for development, test, and production landscape are prerequisites for continuous enterprise operations. - 4 -

Architecture of the SAP NetWeaver Application Server The SAP NetWeaver Application Server is the central foundation for the entire SAP software stack. It also provides a platform for other NetWeaver components (Portal, XI, and so on), as well as for ABAP and Java applications. The full J2EE standard is supported. The SAP NetWeaver Application Server is the further development of the SAP Web Application Server. Diagram 2.0 - Load balancing between many SAP NetWeaver AS instances SAP Server Scaling An SAP system consists of several application server instances, as well as one or more databases. SAP application server s scale by separating functions into a Central Service and Dialog Instance. The Central Service contains the Message and Enqueue servers and is responsible for queuing and database locks, while the Dialog Instances perform the actual processing of the application. There is a single Central Service; it cannot process any dialog requests. For high availability, it is deployed in active/standby mode using the clustering software of the underlying platform. Processing capacity is increased by adding Dialog Instances and this is where load-balancing applies. - 5 -

Note: Classic SAP is not load-balanced by the ADC. Instead, it is load-balanced by the message server itself using a redirect approach. A typical process proceeds as follows: A SAPGUI client connects directly to the message server. The message server replies back to the client with an IP address and port for the best server instance. The SAPGUI client connects to the DI directly. A dialog instance consists of the following components: The Internet Communication Manager (ICM) sets up the connection to the Internet. It can process both server and client Web requests. It supports the protocols HTTP, HTTPS, and SMTP. The SAP Web AS may be a Web server or a client (see SAP Web Application Server: Web Server or Web Client) The dispatcher distributes the requests to the work processes. If all the processes are occupied the requests are stored in the dispatcher queue. The Work Processes execute ABAP or Java programs. The SAP Gateway makes the RFC interface between the SAP instances available (within an SAP System and beyond system boundaries). The Message Server exchanges messages and balances the load in the SAP system. In the J2EE component of the SAP NetWeaver AS there are also components Java Dispatcher, Server Process and Software Deployment Manager For more information see Java Cluster Architecture. Diagram 3.0 - SAP NetWeaver AS Architecture - 6 -

SAP NetWeaver Portal offers a single point of access to SAP and non-sap information sources, enterprise applications, information repositories, databases and services - all integrated into a single user portal experience. SAP NetWeaver Portal provides you the tools to manage and analyze this knowledge, and to share and collaborate on the basis of it. The SAP NetWeaver Portal also delivers collaboration features that enable individuals, teams, and interested parties to work closely together towards common goals. SAP Composite Application Framework provides an environment for the design and use of SAP xapps and composite applications that comply with Enterprise Services Architecture. SAP Composite Application Framework comprises design tools, methodologies, services and processes, an abstraction layer for objects, and user interface and process pattern libraries. SAP Discovery system for Service-Oriented Architecture (SOA) is a preconfigured and preinstalled SAP landscape. It allows you to create prototype applications using preconfigured, pre-populated software. The components in this system span the SAP ERP application and the SAP NetWeaver technology platform. The SAP Discovery system can be integrated and managed by SAP software. This tool is for evaluating composite applications within the context of your own businesses and industries. - 7 -

Radware AppDirector Overview Radware s AppDirector is an intelligent application delivery controller (ADC) that provides scalability and application-level security for service infrastructure optimization, fault tolerance and redundancy. Radware combined its next-generation, OnDemand Switch multi-gigabit hardware platform with the powerful capabilities of the company s APSolute operating system classifier and flow management engine. The result AppDirector enables accelerated application performance; local and global server availability; and application security and infrastructure scalability for fast, reliable and secure delivery of applications over IP networks. AppDirector is powered by the innovative OnDemand Switch platform. OnDemand Switch, which has established a new price/performance standard in the industry, delivers breakthrough performance and superior scalability to meet evolving network and business requirements. Based on its on demand, pay-as-you-grow approach, no forklift upgrade is required even when new business requirements arise. This helps companies guarantee short-term and long-term savings on CAPEX and OPEX for full investment protection. Radware s OnDemand Switch enables customers to pay for the exact capacity currently required, while allowing them to scale their AppDirector throughput capacity and add advanced application-aware services or application acceleration services on demand to meet new or changing application and infrastructure needs. And it does it without compromising on performance. AppDirector lets you get the most out of your service investments by maximizing the utilization of service infrastructure resources and enabling seamless consolidation and high scalability. AppDirector s throughput licensing options allows pay as you grow investment protection. Make your network adaptive and more responsive to your dynamic services and business needs with AppDirector s fully integrated traffic classification and flow management, health monitoring and failure bypassing, traffic redirection, bandwidth management, intrusion prevention and DoS protection. For more information, please visit: http://www.radware.com/ - 8 -

Deployment Notes Persistence For performance reasons you may want to use the cookie provided by SAP. In this deployment we use insert and remove cookie set in extended farms. SAP sets a number of cookies for various purposes, the saplb_* cookie is set by SAP specifically for load-balancers. saplb_<group_id>=(<instance_id>)[<node_id>]. Here, the cookie value also helps to verify which server instance and physical node you are connected to. For more information, refer to the following URL: http://help.sap.com/saphelp_erp2005vp/helpdata/en/f2/d7914b8deb48f090c0343 ef1d907f0/frameset.htm SSL Configuration on AppDirector See the configuration section for SSL Policy. See appendix 3 for an explanation of Certificates, Keys and how to generate a Certificate request Note: This is a self signed certificate, in a production environment you would use a certificate signed from a CA (Certificate Authority) like VeriSign. AppDirector and SAP Architecture Key features implemented on the AppDirector to support this solution: Service health monitoring Layer 7 Header and Body modifications Cookie based Persistence SSL Offloading Caching Compression Client NAT TCP Multiplexing VRRP - 9 -

Primary AppDirector SAP Portal SAP Server Name Service Port Network IP Address Portal_svr1 web 50000 10.2.1.33 Portal_svr2 web 50200 10.2.1.33 VIP SAP Portal_VIP virtual IP web 50001 10.2.1.75 Nat Address Client Nat Address 10.2.1.74 Primary AppDirector Routing table and interface IP s interface subnet Network IP Address Gateway G-1 255.255.255.0 10.2.1.254 Subnet G-1 255.255.255.0 10.2.1.0 Management Interface MNG-1 255.255.255.0 192.168.1.50 G-1 Interface G-1 255.255.255.0 10.2.1.73 Backup AppDirector SAP Portal Routing table and interface IP s interface subnet Network IP Address Gateway G-1 255.255.255.0 10.2.1.254 Subnet G-1 255.255.255.0 10.2.1.0 Management Interface MNG-1 255.255.255.0 192.168.1.51 G-1 Interface G-1 255.255.255.240 10.2.1.72 Primary AppDirector SAP Composite Server SAP Server Name Service Port Network IP Address Portal_svr1 web 50000 10.2.0.33 Portal_svr2 web 50200 10.2.0.33 VIP SAP Portal_VIP virtual IP web 50001 10.2.0.75 Nat Address Client Nat Address 10.2.0.74 Primary AppDirector Routing table and interface IP s interface subnet Network IP Address Gateway G-1 255.255.255.0 10.2.0.254 Subnet G-1 255.255.255.0 10.2.0.0 Management Interface MNG-1 255.255.255.0 192.168.0.50 G-1 Interface G-1 255.255.255.0 10.2.0.73 Backup AppDirector SAP Composite Server Routing table and interface IP s interface subnet Network IP Address Gateway G-1 255.255.255.0 10.2.0.254 Subnet G-1 255.255.255.0 10.2.0.0 Management Interface MNG-1 255.255.255.0 192.168.0.51 G-1 Interface G-1 255.255.255.240 10.2.0.72 Table 1 AppDirector Configuration - 10 -

Diagram 4.0 - AppDirector and SAP Reference Architecture - 11 -

Diagram 5.0 - AppDirector and SAP Testing Topology Testing was conducted by SAP's Enterprise Services Community (ES Community). The ES Community created the ENL, a controlled lab environment for the testing of networking products in a production-grade enterprise SOA environment. The ENL is based on the SAP Discovery Server, a collection of common business scenarios, in the form of composite applications. HP LoadRunner virtual user sessions executed the predefined workflows and a Shunra WAN Emulator allowed network quality to be varied for each test. For the test setup we used two AppDirectors, one in front of the Enterprise Portal and on in front of the Composite Servers. Note: Load-balancing SAP is focused on web transactions (not SAPGUI or RFC). Traffic Flow to the SAP Enterprise Portal Enterprise Portal is client-server traffic, the client DNS request resolves to a virtual IP (VIP) address located on the AppDirector. The AppDirector then distributes the load to real servers using a configured server selection method such as least amount of users. For persistency requirements once a client session is directed to a server AppDirector inserts a cookie referencing that server in the response to the client, then based on the cookie all subsequent requests are sent to that same server. Health probes are used to take non-responsive servers out of rotation. - 12 -

A web client directs HTTPS traffic toward the VIP address of 10.2.1.75 configured on the AppDirector, TCP port 50001. The AppDirector terminates the HTTPS traffic distributes the load to a real server over HTTP on port 50000 or port 50200 depending on the server selected. Primary Portal AppDirector Configuration Using a serial cable and a terminal emulation program, connect to the AppDirector. The default console port settings are: - Bits per Second: 19200 - Data Bits: 8 - Parity: None - Stop Bits: 1 - Flow Control: None 1. Using the following Command line, assign the management IP address 192.168.1.50 / 24 to interface MNG-1 (Dedicated Management Interface) of the AppDirector: net ip-interface create 192.168.1.50 255.255.255.0 MNG-1 -pa 192.168.1.51 2. Using a browser, connect to the management IP Address of the AppDirector (192.168.1.50) via HTTP or HTTPS. The default username and password are radware and radware. Failure to establish a connection may be due to the following: - Incorrect IP Address in the browser - Incorrect IP Address or default route configuration in the AppDirector - Failure to enable Web Based Management or Secure Web Based Management in the AppDirector - If the AppDirector can be successfully pinged, attempt to connect to it via Telnet or SSH. If the pinging or the Telnet/SSH connection are unsuccessful, reconnect to the AppDirector via its console port. - 13 -

Network Configuration 1. Configure the AppDirector interface G1 for IP 10.2.1.73/24 in Router -> IP Router -> Interface Parameters with these parameters: - IP Address = 10.2.1.73 - Network Mask = 255.255.255.0 - Interface = G1 - Peer Address = 10.2.1.72 2. Configure the AppDirector default route for IP 10.2.1.254 in Router -> Routing with these parameters: - Next Hop = 10.2.1.254 - Interface = G1 Farm Configuration 1. Create a farm named Portal in AppDirector -> Farms -> Farm Table with these parameters: - Farm Name = Portal - Aging Time = 180 - Session mode = RemoveOnSessionEnd-ServerPerSession - Dispatch Method = Fewest Number of Users - Connectivity checks = No Checks 2. Enable Insert Cookie for HTTP Persistency for Portal Farm in AppDirector -> Farms -> Extended Parameters. - Insert Cookie for HTTP Persistency = Enabled - Client NAT Address Range = 10.2.1.74 - Close Session At Aging = Enabled Servers Configuration Note: The configuration was setup to use SSL offloading and configure the servers to run over HTTP on port 50000 and 50200. 1. Create a server named Portal_svr1 and attach it to the farm portal in AppDirector -> Servers -> Application Servers -> Table with these parameters: - Farm Name = portal - Server Address = 10.2.1.33 - Server Name = Portal_svr1-14 -

- Server Port = 50000 - Client NAT = Enable - Client NAT Address Range = 10.2.1.74 2. Create a server named Portal_svr2 and attach it to the farm portal in AppDirector -> Servers -> Application Servers -> Table with these parameters: - Farm Name = portal - Server Address = 10.2.1.33 - Server Name = Portal_svr2 - Server Port = 50200 - Client NAT = Enable - Client NAT Address Range = 10.2.1.74 HTTP Policy Configuration AppDirector -> L4 Traffic Redirection -> HTTP Policy with these parameters: - Policy name = SAP - Multiplex Back-End connections = Enabled SSL Policy Configuration Note: Configures in the SSL policy a reference is made to the radware pre-configured certificate, but you can import a certificate or create a new certificate in AppDirector. For more information on exporting, importing, or creating a certificate, see Appendix 3 or the AppDirector User Guide. Create an SSL policy in AppDirector -> L4 Traffic Redirection -> SSL Policy with these parameters: - Policy name = SAP - Certificate = radware - Listening Server Port = 80 - Backend SSL State = Disabled - 15 -

Layer 4 Configuration For the testing topology we were setup to listen on port 50001, this is the port that the Application Server would listen on if it were configured for SSL. The reason we set our VIP to port 50001 was to accommodate the Load Runner Scripts. Under normal deployments you would use the well known ports in our case port 443. Create a Layer 4 policy for HTTPS Traffic named Portal_VIP in AppDirector -> Layer 4 Traffic Redirection -> Layer 4 Policies with these parameters: - Virtual IP = 10.2.1.75 - L4 Protocol = TCP - L4 Port = 50001 - L4 Policy Name = Portal_VIP - Application = HTTPS - Farm Name = portal AppDirector Health Monitoring 1. Enable Health Monitoring in Health Monitoring -> Global Parameters. Health Check 2. Create a check for Portal_svr1 server IP address 10.2.1.33 in Health Monitoring -> Check Table: - Check name = Portal_svr1 - Method = HTTP - Dest IP = 10.2.1.33 - Dest Port = 50000 3. Create a check for Portal_svr2 server IP address 10.2.1.33 in Health Monitoring -> Check Table: - Check name = Webmail_svr2 - Method = HTTP - Dest IP = 10.2.1.33 - Dest Port = 50200-16 -

Health Check Binding 4. Bind the check portal_svr1 to Farm Webmail - Farm portal - 10.2.1.33-50000 in Health Monitoring -> Binding Table. 5. Bind the check portal_svr2 to Farm portal - 10.2.1.33-50200 in Health Monitoring -> Binding Table. NAT Configuration 1. Enable Client NAT from Global Parameters in AppDirector -> NAT -> Client NAT -> Global Parameters 2. Create the Client NAT intercept range in AppDirector -> NAT -> Client NAT -> Intercept Addresses with these parameters: - From Client IP = 1.1.1.1 - To Client IP = 254.254.254.254 3. Create the Client NAT address range in AppDirector -> NAT -> Client NAT -> NAT Addresses with these parameters: - From Client IP = 10.2.1.74 - To Client IP = 10.2.1.74 Note: You may need to add additional Client NAT addresses in order to scale to your client connection requirements. You can handle up to 65,000 connections per IP. This completes configuration of the Primary AppDirector. General Redundant Configuration Notes For complete high-availability, Radware encourages implementing pairs of AppDirector units in an Active / Backup configuration. If your implementation of this architecture includes only a single AppDirector, then it is unnecessary to follow the steps in this section. Primary Portal AppDirector VRRP Configuration 1. Enable VRRP in Redundancy -> Global Configuration with these parameters: - IP Redundancy Admin Status = VRRP - Interface Grouping = Enable - ARP with interface grouping = Send - 17 -

- Backup Fake ARP = Enable - Backup Interface Grouping = Enable 2. Create Virtual Router interfaces in Redundancy -> VRRP -> Virtual Routers with these parameters: - IF Index = G-1 - VR ID = 1 - Priority = 255 (Highest number is Active device) - Primary IP = 10.2.1.73 - Leave all other options as default 3. Create Associated IP Addresses in Redundancy -> VRRP -> Associated IP Addresses with these parameters: - IF Index G-1, VR ID 1, Associated IP 10.2.1.75 (VIP) - IF Index G-1, VR ID 1, Associated IP 10.2.1.73 (G-1) - IF Index G-1, VR ID 1, Associated IP 10.2.1.74 (Client NAT) 4. Go to Redundancy -> VRRP -> Virtual Routers and on the Virtual Router Table under VRID s Up/Down select All Up and click on the Set button to enable all Virtual Routers. 5. Make certain that the State of this VR is displayed as Master in the Virtual Router table. Mirroring Configuration 1. Enable Mirroring in Redundancy -> Mirroring -> Active Device Parameters with these parameters: - Client Table Mirroring = Enable - Session Id Table Mirroring = Enable 2. Add Mirror device in Redundancy -> Mirroring -> Mirror Device Parameters with the following parameter: - Mirror Device IP = 10.2.1.72 Note: This sets the Backup AD target address used for mirror traffic. - 18 -

Auto-Generate the Portal Backup AppDirector Configuration Once the Backup AppDirector is configured for basic IP connectivity and is available to the network, simply export the Backup Configuration file from the Primary AppDirector and upload it to the Backup AppDirector. The steps are defined below. Setting up basic IP connectivity on the Backup AppDirector Using a serial cable and a terminal emulation program, connect to the AppDirector. The default console port settings are: - Bits per Second: 19200 - Data Bits: 8 - Parity: None - Stop Bits: 1 - Flow Control: None 1. Using the following Command line, assign the management IP address 192.168.1.51 / 24 to interface MNG-1 (Dedicated Management Interface) of the AppDirector: net ip-interface create 192.168.1.51 255.255.255.0 MNG-1 -pa 192.168.1.50 2. Using a browser, connect to the management IP Address of the AppDirector (192.168.1.51) via HTTP or HTTPS. The default username and password are radware and radware. Auto Generating the Backup Configuration from the Primary AppDirector 1. From the web interface menu of the Primary AppDirector, select File ->Configuration -> Receive from Device to display the Download Configuration File page enter with these parameters: - Configuration Type - Regular 2. On the Configuration File Download page, choose the necessary parameters as shown below: - Configuration Type Backup (Active-Backup) 3. Click the Set button to launch save file window. 4. Click the SAVE button to save the file to a local directory. - 19 -

Upload the Backup Configuration file to the device From the web interface menu of the Backup AppDirector, select File -> Configuration -> Send to Device. On the Configuration File Upload page choose the necessary parameters as shown below: - Upload Mode Replace configuration file - Configuration file Clicking the Browse button and navigate to the updated configuration file. Click the Set button to upload the configuration. This completes redundancy configuration on the Portal Backup AppDirector. - 20 -

Traffic Flow to the Composite Applications Servers The Composite Server is application-to-application web services traffic. This request resolves to a VIP address on the AppDirector which in turn load-balances the request to a real server. Typically this web services request is a single request and therefore persistence is not required. Persistence can be provisioned in the same way as client-to-server sessions the HTTP header for web services requests contains the saplb_* cookie and will also accept inserted cookies. When the SAP Enterprise Portal makes web requests to the Composite Application servers on behalf of the client the Enterprise Portal HTTPS request is directed toward the VIP address of 10.2.0.75 configured on the AppDirector, TCP port 50001. The AppDirector terminates the HTTPS traffic distributes the load to a real server over HTTP on port 50000 or port 50200 depending on the server selected. Primary Composite AppDirector Configuration Using a serial cable and a terminal emulation program, connect to the AppDirector. The default console port settings are: - Bits per Second: 19200 - Data Bits: 8 - Parity: None - Stop Bits: 1 - Flow Control: None 1. Using the following Command line, assign the management IP address 192.168.1.50 / 24 to interface MNG-1 (Dedicated Management Interface) of the AppDirector: net ip-interface create 192.168.0.50 255.255.255.0 MNG-1 -pa 192.168.0.51 2. Using a browser, connect to the management IP Address of the AppDirector (192.168.0.50) via HTTP or HTTPS. The default username and password are radware and radware. Failure to establish a connection may be due to the following: - Incorrect IP Address in the browser - Incorrect IP Address or default route configuration in the AppDirector - Failure to enable Web Based Management or Secure Web Based Management in the AppDirector - If the AppDirector can be successfully pinged, attempt to connect to it via Telnet or SSH. If the pinging or the Telnet/SSH connection are unsuccessful, reconnect to the AppDirector via its console port. - 21 -

Network Configuration 1. Configure the AppDirector interface G1 for IP 10.2.0.73 in Router -> IP Router -> Interface Parameters with these parameters: - IP Address = 10.2.0.73 - Network Mask = 255.255.255.0 - Interface = G1 - Peer Address = 10.2.0.72 2. Configure the AppDirector default route for IP 10.2.0.254 in Router -> Routing with these parameters: - Next Hop = 10.2.0.254 - Interface = G1 Farm Configuration 1. Create a farm named CE in AppDirector -> Farms -> Farm Table with these parameters: - Farm Name = CE - Aging Time = 180 - Session mode = RemoveOnSessionEnd-ServerPerSession - Dispatch Method = Fewest Number of Users - Connectivity checks = No Checks 2. Enable Insert Cookie for HTTP Persistency for Portal Farm in AppDirector -> Farms -> Extended Parameters. - Insert Cookie for HTTP Persistency = Enabled - Client NAT Address Range = 10.2.0.74 - Close Session At Aging = Enabled - 22 -

Servers Configuration Note: The configuration was setup to use SSL offloading and configure the servers to run over HTTP on port 50000 and 50200. 1. Create a server named CE_svr1 and attach it to the farm portal in AppDirector -> Servers -> Application Servers -> Table with these parameters: - Farm Name = CE - Server Address = 10.2.0.33 - Server Name = CE_svr1 - Server Port = 50000 - Client NAT = Enable - Client NAT Address Range = 10.2.0.74 2. Create a server named CE_svr2 and attach it to the farm portal in AppDirector -> Servers -> Application Servers -> Table with these parameters: - Farm Name = CE - Server Address = 10.2.0.33 - Server Name = CE_svr2 - Server Port = 50200 - Client NAT = Enable - Client NAT Address Range = 10.2.0.74 HTTP Policy Configuration Create an HTTP policy AppDirector -> L4 Traffic Redirection -> HTTP Policy with these parameters: - Policy name = SAP - Multiplex Back-End connections = Enabled SSL Policy Configuration Note: Configures in the SSL policy a reference is made to the radware pre-configured certificate, but you can import a certificate or create a new certificate in AppDirector. For more information on exporting, importing, or creating a certificate, see the AppDirector User Guide. - 23 -

Create an SSL policy in AppDirector -> L4 Traffic Redirection -> SSL Policy with these parameters: - Policy name = SAP - Certificate = radware - Listening Server Port = 80 - Backend SSL State = Disabled Layer 7 Configuration Under Layer 7 Method Table Create a Layer 7 Method for SAP Composite server. 1. Create a Layer 7 Method for SAP Composite server named sapc in AppDirector -> Layer 7 Farm Selection -> Methods with these parameters: - Method Name = sapc - Method Type = Advanced URL Modification - Protocol = HTTPS - Port = 50001 - Hostname Action Type = Replace - Hostname = sapc 2. Create a Layer 7 Method for SAP Composite server named vsv20000_50000 in AppDirector -> Layer 7 Farm Selection -> Methods with these parameters: - Method Name = vsv20000_50000 - Method Type = Advanced URL Condition - Protocol = HTTP - Port = 50000 - Hostname Match Type = Equal - Hostname = vsv20000 3. Create a Layer 7 Method for SAP Composite server named vsv20000_50200 in AppDirector -> Layer 7 Farm Selection -> Methods with these parameters: - Method Name = vsv20000_50200 - Method Type = Advanced URL Condition - Protocol = HTTP - Port = 50200-24 -

- Hostname Match Type = Equal - Hostname = vsv20000 4. Create a Layer 7 Method for SAP Composite server named Accept_Encoding in AppDirector -> Layer 7 Farm Selection -> Methods with these parameters: - Method Name = Accept_Encoding - Method Type = Header Field - Argument - Header = Accept-Encoding SAP Composite Server requires header and body modifications to change embedded URI strings from the server and listening port to the VIP and port the client made the original request to. Under Layer 7 Server Modification Table Create modification rules. SAP Composite Server by default compresses the content and in order to make the necessary header and body modifications the Accept_Encoding header needs to be remove from the original request to turn off compression. This will allow the content to be seen in an un-obfuscated form. 5. Create a Layer 7 modification to remove the Accept_Encoding header in AppDirector -> Layer 7 Modification -> Rule with these parameters: - Name = Accept_Encoding - Farm Name = CE - Index = 5 - Modification Scope = Header only - Direction = Request - Modification Type = Remove - Match Condition = Accept_Encoding 6. Create a Layer 7 modification to replace the server Host Name and Port with the VIP and Port in AppDirector -> Layer 7 Modification -> Rule with these parameters: - Name = SAPC - Farm Name = CE - Index = 10 - Modification Scope = Header and Body - 25 -

- Direction = Reply - Header and Body Modification = sapc - Header and Body Condition = vsv20000_50000 7. Create a Layer 7 modification to replace the server Host Name and Port with the VIP and Port in AppDirector -> Layer 7 Modification -> Rule with these parameters: - Name = SAPC2 - Farm Name = CE - Index =20 - Modification Scope = Header and Body - Direction = Reply - Header and Body Modification = sapc - Header and Body Condition = vsv20000_50200 Layer 4 Configuration Create a Layer 4 policy for HTTPS Traffic named CE_VIP in AppDirector -> Layer 4 Traffic Redirection -> Layer 4 Policies with these parameters: - Virtual IP = 10.2.0.75 - L4 Protocol = TCP - L4 Port = 50001 - L4 Policy Name = CE_VIP - Application = HTTPS - Farm Name = portal AppDirector Health Monitoring 1. Enable Health Monitoring in Health Monitoring -> Global Parameters. Health Check 2. Create a check for CE_svr1 server IP address 10.2.0.33 in Health Monitoring -> Check Table: - Check name = CE_svr1 - Method = HTTP - Dest IP = 10.2.0.33 - Dest Port = 50000-26 -

- Interval = 10 - Timeout = 5 - Arguments for HTTP Method - Path = /irj/portal 3. Create a check for CE_svr2 server IP address 10.2.0.33 in Health Monitoring -> Check Table: - Check name = CE_svr2 - Method = HTTP - Dest IP = 10.2.0.33 - Dest Port = 50200 - Interval = 10 - Timeout = 5 - Arguments for HTTP Method - Path = /irj/portal Health Check Binding 4. Bind the check CE_svr1 to Farm CE - 10.2.0.33-50000 in Health Monitoring -> Binding Table. 5. Bind the check CE_svr2 to Farm CE - 10.2.0.33-50200 in Health Monitoring -> Binding Table. NAT Configuration 1. Enable Client NAT from Global Parameters in AppDirector -> NAT -> Client NAT -> Global Parameters 2. Create the Client NAT intercept range in AppDirector -> NAT -> Client NAT -> Intercept Addresses with these parameters: - From Client IP = 1.1.1.1 - To Client IP = 254.254.254.254 3. Create the Client NAT address range in AppDirector -> NAT -> Client NAT -> NAT Addresses with these parameters: - From Client IP = 10.2.0.74 - To Client IP = 10.2.0.74-27 -

Note: You may need to add additional Client NAT addresses in order to scale to your client connection requirements. You can handle up to 65,000 connections per IP. This completes configuration of the Primary AppDirector. General Redundant Configuration Notes For complete high-availability, Radware encourages implementing pairs of AppDirector units in an Active / Backup configuration. If your implementation of this architecture includes only a single AppDirector, then it is unnecessary to follow the steps in this section. Primary Composite AppDirector VRRP Configuration 1. Enable VRRP in Redundancy -> Global Configuration with these parameters: - IP Redundancy Admin Status = VRRP - Interface Grouping = Enable - ARP with interface grouping = Send - Backup Fake ARP = Enable - Backup Interface Grouping = Enable 2. Create Virtual Router interfaces in Redundancy -> VRRP -> Virtual Routers with these parameters: - IF Index = G-1 - VR ID = 1 - Priority = 255 (Highest number is Active device) - Primary IP = 10.2.0.73 - Leave all other options as default 3. Create Associated IP Addresses in Redundancy -> VRRP -> Associated IP Addresses with these parameters: - IF Index G-1, VR ID 1, Associated IP 10.2.0.75 (VIP) - IF Index G-1, VR ID 1, Associated IP 10.2.0.73 (G-1) - IF Index G-1, VR ID 1, Associated IP 10.2.0.74 (Client NAT) 4. Go to Redundancy -> VRRP -> Virtual Routers and on the Virtual Router Table under VRID s Up/Down select All Up and click on the Set button to enable all Virtual Routers. - 28 -

5. Make certain that the State of this VR is displayed as Master in the Virtual Router table. Mirroring Configuration 1. Enable Mirroring in Redundancy -> Mirroring -> Active Device Parameters with these parameters: - Client Table Mirroring = Enable - Session Id Table Mirroring = Enable 2. Add Mirror device in Redundancy -> Mirroring -> Mirror Device Parameters with the following parameter: - Mirror Device IP = 10.2.0.72 Note: This sets the Backup AD target address used for mirror traffic. Auto-Generate the Backup Composite AppDirector Configuration Once the Backup AppDirector is configured for basic IP connectivity and is available to the network, simply export the Backup Configuration file from the Primary AppDirector and upload it to the Backup AppDirector. The steps are defined below. Setting up basic IP connectivity on the Backup AppDirector Using a serial cable and a terminal emulation program, connect to the AppDirector. The default console port settings are: - Bits per Second: 19200 - Data Bits: 8 - Parity: None - Stop Bits: 1 - Flow Control: None 1. Using the following Command line, assign the management IP address 192.168.0.51 / 24 to interface MNG-1 (Dedicated Management Interface) of the AppDirector: net ip-interface create 192.168.0.51 255.255.255.0 MNG-1 -pa 192.168.0.50 2. Using a browser, connect to the management IP Address of the AppDirector (192.168.0.51) via HTTP or HTTPS. The default username and password are radware and radware. - 29 -

Auto Generating the Backup Configuration from the Primary AppDirector 1. From the web interface menu of the Primary AppDirector, select File ->Configuration -> Receive from Device to display the Download Configuration File page enter with these parameters: - Configuration Type - Regular 2. On the Configuration File Download page, choose the necessary parameters as shown below: - Configuration Type Backup (Active-Backup) 3. Click the Set button to launch save file window. 4. Click the SAVE button to save the file to a local directory. Upload the Backup Configuration file to the device From the web interface menu of the Backup AppDirector, select File -> Configuration -> Send to Device. On the Configuration File Upload page choose the necessary parameters as shown below: - Upload Mode Replace configuration file - Configuration file Clicking the Browse button and navigate to the updated configuration file. Click the Set button to upload the configuration. This completes redundancy configuration on the Backup Composite AppDirector. - 30 -

Appendix 1 Portal AppDirector Configuration File!!Device Configuration!Date: 01-10-2010 03:17:34!DeviceDescription: AppDirector with Cookie Persistency!Base MAC Address: 00:03:b2:3d:dc:00!Software Version: 2.14.00DL (Build date Jul 21 2010, 18:50:33,Build#45)!APSolute OS Version: 10.31-08.06DL(9):2.06.10!Configuration Type: regular!!! The following commands will take effect only! once the device has been rebooted!! manage snmp versions-after-reset set "v1 & v2c & v3" appdirector global accel-engine-status set Enabled!! The following commands take effect immediately! upon execution!! net ip-interface create 10.2.1.73 255.255.255.0 G-1 net ip-interface create 192.168.1.50 255.255.255.0 MNG-1 health-monitoring check create portal_svr1 -id 6 -m HTTP -p 50000 -a \ PATH=/irj/portal MTD=G PRX=N NOCACHE=N AUTH=B C1=200 -d 10.2.1.33 health-monitoring check create portal_svr2 -id 7 -m HTTP -p 50200 -a \ PATH=/irj/portal MTD=G PRX=N NOCACHE=N AUTH=B C1=200 -d 10.2.1.33 redundancy mode set VRRP appdirector farm table setcreate portal -at 180 -cm "No Checks" -sm RemoveOnSessionEnd-SPS appdirector farm table setcreate portal_ping -cm "No Checks" appdirector farm server table create portal 10.2.1.33 50000 -sn Portal_svr1 -id 0 -cn Enabled -nr 10.2.1.74 appdirector farm server table create portal 10.2.1.33 50200 -sn Portal_svr2 -id 2 -cn Enabled -nr 10.2.1.74 appdirector farm server table create portal_ping 10.2.1.33 None -sn Portal_PING -id 8 -cn Enabled -nr 10.2.1.74 appdirector l7 farm-selection method-table setcreate Auto-G_Cookie_porta \ -cm "Set Cookie" -ma KEY=hoyD9dg3n7 VAL=$Dyn_Cookie_Value P=/ appdirector l7 farm-selection method-table setcreate Auto-G_RCookie_port -cm Cookie -ma KEY=hoyD9dg3n7 redundancy interface-group set Disabled redundancy mirror main client-status set Enabled redundancy mirror address setcreate 10.2.1.72 redundancy backup-in-vlan set "Forward Traffic" appdirector farm connectivity-check httpcode setcreate portal "200 - OK" appdirector farm connectivity-check httpcode setcreate portal_ping "200 - OK" redundancy backup-fake-arp set Enabled appdirector farm extended-params set portal -nr 10.2.1.74 -sc Enabled -ic "Enable and remove cookie on return path" appdirector farm extended-params set portal_ping -nr 10.2.1.74 appdirector nat client address-range setcreate 10.2.1.74 -t 10.2.1.74 appdirector nat client range-to-nat setcreate 10.2.1.1 -t 10.2.1.254 redundancy backup-interface-group set Enabled system internal appdirector full-session-id-table setcreate portal 0 TCP \ -k hoyd9dg3n7 -l Cookie -t 180 -d "No Learning" -fl 1 appdirector l4-policy ssl-policy create SAP -c radware -r Enabled appdirector l4-policy compression create SAP -pe Hardware appdirector l4-policy caching create SAP appdirector l4-policy http-policy create SAP -m Enabled appdirector l4-policy table create 10.2.1.75 TCP 50001 0.0.0.0 Portal_VIP -fn portal -ta HTTPS -sl SAP -ht SAP appdirector l4-policy table create 10.2.1.75 ICMP Any 0.0.0.0 portal_ping -fn portal_ping -ta PING redundancy vrrp automated-config-update set Enabled appdirector l7 modification table setcreate Auto-G_Cookie_porta -i 0 -f portal -d Reply -am Auto-G_Cookie_porta appdirector l7 modification table setcreate Auto-G_RCookie_port -i 0 -f portal -ac Remove -mm Auto-G_RCookie_port redundancy mirror main sid-status set Enabled redundancy global-configuration failure-action set Ignore health-monitoring binding create 6 0 health-monitoring binding create 7 2 health-monitoring status set Enabled health-monitoring response-level-samples set 0 redundancy vrrp virtual-routers create G-1 1 -p 255 -pip 10.2.1.73 redundancy vrrp associated-ip create G-1 1 10.2.1.75 redundancy vrrp associated-ip create G-1 1 10.2.1.74 redundancy vrrp associated-ip create G-1 1 10.2.1.73 manage user table create radware -pw GndridF04zNWSGOrZjKFV78REiEra/Qm manage telnet status set enable manage telnet server-port set 23 manage web status set enable manage ssh status set enable manage secure-web status set enable redundancy arp-interface-group set Send net l2-interface set 100001 -ad Up net l2-interface set 100063 -ad Up net l2-interface set G-3 -ad Up net l2-interface set G-1 -ad Down redundancy vrrp global-advertise-int set 0 manage snmp groups create SNMPv1 public -gn initial manage snmp groups create SNMPv1 ReadOnlySecurity -gn InitialReadOnly manage snmp groups create SNMPv2c public -gn initial manage snmp groups create SNMPv2c ReadOnlySecurity -gn InitialReadOnly manage snmp groups create UserBased radware -gn initial manage snmp groups create UserBased ReadOnlySecurity -gn InitialReadOnly manage snmp access create initial SNMPv1 noauthnopriv -rvn iso -wvn iso -nvn iso - 31 -

manage snmp access create InitialReadOnly SNMPv1 noauthnopriv -rvn ReadOnlyView manage snmp access create initial SNMPv2c noauthnopriv -rvn iso -wvn iso -nvn iso manage snmp access create InitialReadOnly SNMPv2c noauthnopriv -rvn ReadOnlyView manage snmp access create initial UserBased authpriv -rvn iso -wvn iso -nvn iso manage snmp access create InitialReadOnly UserBased authpriv -rvn ReadOnlyView manage snmp views create iso 1 manage snmp views create ReadOnlyView 1 manage snmp views create ReadOnlyView 1.3.6.1.4.1.89.2.7.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.18.1.1 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.15.1.2.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.4.1.89.35.1.61 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.4 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.5 -cm excluded manage snmp notify create alltraps -ta v3traps manage snmp global engine-id set 80000059030003b23ddc00 manage snmp users create radware -cf 0.0 -ap MD5 -akc \ 54118f8ecffedac7e39d16b7c9cab095 -pp DES -pkc 54118f8ecffedac7e39d16b7c9cab095 manage snmp target-address create v3mngstations -tl v3traps -p radware-authpriv manage snmp target-parameters create public-v1 -d SNMPv1 -sm SNMPv1 -sn public -sl noauthnopriv manage snmp target-parameters create public-v2 -d SNMPv2c -sm SNMPv2c -sn public -sl noauthnopriv manage snmp target-parameters create radware-authpriv -d SNMPv3 -sm UserBased -sn radware -sl authpriv manage snmp community create public -n public -sn public manage telnet session-timeout set 5 manage telnet auth-timeout set 30 system diagnostics policies setcreate SAP system diagnostics capture output file set "RAM Drive" system diagnostics capture output term set Disabled system diagnostics capture point set Both appdirector global connectivity-check tcp-timeout set 3 redundancy force-down-ports-time set 0 system diagnostics capture traffic-match-mode set "Inbound and Outbound" performance accel-engine configuration measuring-period set 20 performance accel-engine configuration web-refresh-period set 240 security certificate table \ Name: radware \ Type: certificate \ -----BEGIN CERTIFICATE----- \ MIIB0zCCAX0CAh4PMA0GCSqGSIb3DQEBBAUAMHQxCzAJBgNVBAYTAlVTMRAwDgYD \ VQQIEwdSYWR3YXJlMRAwDgYDVQQHEwdSYWR3YXJlMRIwEAYDVQQDEwkxMC4yLjEu \ NzMxEDAOBgNVBAoTB1JhZHdhcmUxGzAZBgNVBAsTElJhZHdhcmUgd2ViIHNlcnZl \ cjaefw0xmdewmdewmza2ntjafw0xmtewmdewmza2ntjamhqxczajbgnvbaytalvt \ MRAwDgYDVQQIEwdSYWR3YXJlMRAwDgYDVQQHEwdSYWR3YXJlMRIwEAYDVQQDEwkx \ MC4yLjEuNzMxEDAOBgNVBAoTB1JhZHdhcmUxGzAZBgNVBAsTElJhZHdhcmUgd2Vi \ IHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDAtfJmP0FHT4xkIYDdjuN+ \ 0taiE6qSr5G2NmpIr4hRJxbAwyBaaYM0xCxAgxl/bc0dvIkHA6y3b8OiEORA1D7t \ AgMBAAEwDQYJKoZIhvcNAQEEBQADQQC2EJMHsrLoyYPGbuTF7aJrMbPBJ6Mviy4p \ slrr1iodwwj3bpi5ppqo+l9fzm1736wsqloebutbcxrgebzrwaec \ -----END CERTIFICATE----- \ Name: rdwrhmm \ Type: certificate \ -----BEGIN CERTIFICATE----- \ MIIB8zCCAZ0CAnP5MA0GCSqGSIb3DQEBBAUAMIGDMQswCQYDVQQGEwJVUzEQMA4G \ A1UECBMHUmFkd2FyZTEQMA4GA1UEBxMHUmFkd2FyZTEaMBgGA1UEAxMRUlcgU1NM \ IG1vbml0b3JpbmcxEDAOBgNVBAoTB1JhZHdhcmUxIjAgBgNVBAsTGVJhZHdhcmUg \ SGVhbHRoIE1vbml0b3JpbmcwHhcNMTAxMDAxMDMwNjUzWhcNMTExMDAxMDMwNjUz \ WjCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB1JhZHdhcmUxEDAOBgNVBAcTB1Jh \ ZHdhcmUxGjAYBgNVBAMTEVJXIFNTTCBtb25pdG9yaW5nMRAwDgYDVQQKEwdSYWR3 \ YXJlMSIwIAYDVQQLExlSYWR3YXJlIEhlYWx0aCBNb25pdG9yaW5nMFwwDQYJKoZI \ hvcnaqebbqadswawsajbaloahak2erxjergrzbzbzjdtoty5uo+muxgu9hswiemm \ LpNdd1f4XahnR/ot3IRkkpCUxcA91uwlq102R0AhmNkCAwEAATANBgkqhkiG9w0B \ AQQFAANBAIfce5b52vKO/sU8InSLW2K/bZ/KcddmAavfs6uXpzfha0+QJUr7Whxi \ PQ9lIMS7s82LJ2VSZItfsxpkqpMNQi8= \ -----END CERTIFICATE-----!File Signature: 4004d69ff64fd7936a18f55040643ee1-32 -

Appendix 2 Composite AppDirector Configuration File!!Device Configuration!Date: 01-10-2010 02:23:44!DeviceDescription: AppDirector with Cookie Persistency!Base MAC Address: 00:03:b2:3d:dc:00!Software Version: 2.14.00DL (Build date Jul 21 2010, 18:50:33,Build#45)!APSolute OS Version: 10.31-08.06DL(9):2.06.10!Configuration Type: regular!!! The following commands will take effect only! once the device has been rebooted!! manage snmp versions-after-reset set "v1 & v2c & v3" appdirector global accel-engine-status set Enabled!! The following commands take effect immediately! upon execution!! net ip-interface create 10.2.0.73 255.255.255.0 G-1 -pa 10.2.0.72 net ip-interface create 192.168.1.50 255.255.255.0 MNG-1 health-monitoring check create CE_svr1 -id 0 -m HTTP -p 50000 -a \ PATH=/irj/portal MTD=G PRX=N NOCACHE=N AUTH=B C1=200 -d 10.2.0.33 health-monitoring check create CE_svr2 -id 1 -m HTTP -p 50200 -a \ PATH=/irj/portal MTD=G PRX=N NOCACHE=N AUTH=B C1=200 -d 10.2.0.33 health-monitoring check create CE_svr1 -id 2 -m HTTP -p 50200 -a \ PATH=/irj/portal MTD=G PRX=N NOCACHE=N AUTH=B C1=200 -d 10.2.0.33 net route table create 10.2.1.0 255.255.255.0 10.2.0.15 -i G-1 net route table create 0.0.0.0 0.0.0.0 10.2.0.254 -i G-1 redundancy mode set VRRP appdirector farm table setcreate CE -at 180 -cm "No Checks" -sm RemoveOnSessionEnd-SPS appdirector farm table setcreate CE_Ping -cm "No Checks" -sm RemoveOnSessionEnd-SPS appdirector farm server table create CE 10.2.0.33 50000 -sn CE_svr1 -id 0 -cn Enabled -nr 10.2.0.74 appdirector farm server table create CE 10.2.0.33 50200 -sn CE_svr2 -id 1 -cn Enabled -nr 10.2.0.74 appdirector farm server table create CE_Ping 10.2.0.33 None -sn CE_Ping -id 2 -cn Enabled -nr 10.2.0.74 appdirector l7 farm-selection method-table setcreate Auto-G_Cookie_CE -cm \ "Set Cookie" -ma KEY=bD4vlQwHCm VAL=$Dyn_Cookie_Value P=/ appdirector l7 farm-selection method-table setcreate Auto-G_RCookie_CE -cm Cookie -ma KEY=bD4vlQwHCm appdirector l7 farm-selection method-table setcreate sapc_50000 -cm Text -ma TXT=http://vsv20000:50000 appdirector l7 farm-selection method-table setcreate sapc_50200 -cm Text -ma TXT=http://vsv20000:50200 appdirector l7 farm-selection method-table setcreate sapc_50001 -cm Text -ma TXT=https://sapc:50001 appdirector l7 farm-selection method-table setcreate vsv20000_50000 -cm \ "Advanced URL Condition" -po 50000 -hn vsv20000 -hnm Equal appdirector l7 farm-selection method-table setcreate vsv20000_50200 -cm \ "Advanced URL Condition" -po 50200 -hn vsv20000 -hnm Equal appdirector l7 farm-selection method-table setcreate sapc -cm \ "Advanced URL Modification" -pr HTTPS -po 50001 -hn sapc -hna Replace appdirector l7 farm-selection method-table setcreate Accept_Encoding -cm "Header Field" -ma HDR=Accept-Encoding redundancy interface-group set Disabled redundancy mirror main client-status set Enabled redundancy mirror address setcreate 10.2.0.72 redundancy backup-in-vlan set "Forward Traffic" appdirector farm connectivity-check httpcode setcreate CE "200 - OK" appdirector farm connectivity-check httpcode setcreate CE_Ping "200 - OK" redundancy backup-fake-arp set Enabled net next-hop-router setcreate 10.2.0.254 -id 3 -fl 1 appdirector farm nhr setcreate 0.0.0.0 -ip 10.2.0.254 -fl 1 appdirector farm extended-params set CE -nr 10.2.0.74 -ic \ "Enable and remove cookie on return path" -st Enabled -ns "100 - Continue" appdirector nat client address-range setcreate 10.2.0.74 -t 10.2.0.74 appdirector nat client range-to-nat setcreate 10.2.0.1 -t 10.2.0.254 appdirector nat client range-to-nat setcreate 10.2.1.1 -t 10.2.1.254 redundancy backup-interface-group set Enabled system internal appdirector full-session-id-table setcreate CE 0 TCP -k bd4vlqwhcm -l Cookie -d "No Learning" -fl 1 appdirector segmentation nhr-table setcreate DefaultNHR -ip 10.2.0.254 -fl 1 appdirector l4-policy ssl-policy create SAP -c radware -r Enabled appdirector l4-policy compression create SAP -m 1 -M 2 -pe Hardware -b None appdirector l4-policy caching create SAP appdirector l4-policy http-policy create SAP -m Enabled appdirector l4-policy table create 10.2.0.75 TCP 50001 0.0.0.0 CE_VIP -fn CE -ta HTTPS -sl SAP -ht SAP appdirector l4-policy table create 10.2.0.75 ICMP Any 0.0.0.0 CE_Ping -fn CE_Ping -ta PING redundancy vrrp automated-config-update set Enabled appdirector l7 modification table setcreate Auto-G_Cookie_CE -i 0 -f CE -d Reply -am Auto-G_Cookie_CE appdirector l7 modification table setcreate Auto-G_RCookie_CE -i 0 -f CE -ac Remove -mm Auto-G_RCookie_CE appdirector l7 modification table setcreate SAPC -i 10 -f CE -d Reply -sc "Header And Body" -hbc vsv20000_50000 -hbm sapc appdirector l7 modification table setcreate SAPC2 -i 20 -f CE -d Reply -sc "Header And Body" -hbc vsv20000_50200 -hbm sapc appdirector l7 modification table setcreate Accept-Encoding -i 5 -f CE -ac Remove -mm Accept_Encoding redundancy mirror main sid-status set Enabled redundancy global-configuration failure-action set Ignore health-monitoring binding create 1 1 health-monitoring binding create 2 0 health-monitoring status set Enabled health-monitoring response-level-samples set 0 redundancy vrrp virtual-routers create G-1 1 -p 255 -pip 10.2.0.73 redundancy vrrp associated-ip create G-1 1 10.2.0.75 redundancy vrrp associated-ip create G-1 1 10.2.0.74-33 -

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback