This section describes the steps to prepare your NonStop system for the iTP Secure WebServer. The iTP Secure WebServer is set up to come up out-of-box and run on TCP/IP process $ZTC0, using a port that is configured during the installation process. You can use multiple TCP/IP processes in the same iTP Secure WebServer environment.
1. Verify that the OSS environment is active. Use the STATUS command to determine that the OSS File Manager process $ZFMnn and the OSS Pipe Server process $ZPPnn (where nn is a processor number) are running on each of your processors.
2. Verify that the TCP/IP subsystem is running. Using SCF, verify that the host name and host ID are specified. For more information, see the TCP/IP Configuration and Management Manual.
3. If you intend to use the TCP/IPv6 or IP CIP for iTPWebServer operations, review the following information:
Running the iTP Secure WebServer relies on the properly configured TCP/IPv6 or IP CIP environment. Every processor specified in the Server CPUS command (in the httpd.config configuration file) needs to be enabled to run TCP/IPv6 or IP CIP. In other words, the TCP6MAN needs to be properly configured and run. As a result, there is a TCP6MON (the monitor process) running on every processor specified in the Server's CPUS command. In the configuration phase of the startup, the iTP Secure WebServer will validate the existence of these processes. Also, at least one TCP6SAM (TCP socket access point) process must be running. If not all these processes are running, the Auto-Accept feature will not be used. The iTP Secure WebServer will fall back to using the conventional support for TCP/IP.
For information about configuring for TCP/IPv6 or IP CIP and LAN adapters, see Cluster I/O
Protocols (CIP) Configuration and Management Manual.
The access list of the SAC needs to include all processors designed to run httpd servers. You must verify the configurations, because the list now should contain more processors. In
conventional TCP/IP, a TCP/IP process is usually running on two processors a primary and a backup.
For TCP/IPv6 or IP CIP, if the application is running on all the other 14 processors, and then all of those need to be TCP/IPv6 or IP CIP-enabled and must be in the access list.
TCP/IPv6 or IP CIP-enabled means that a TCP6MON process must be running on that processor. For the httpd servers to function properly, all these processes must be in place. Socket errors will be reported if a TCP6MON is not running on a processor that attempts to run an httpd process. If the bind request fails, the httpd server is designed to retry the request. Repeated bind failures might indicate that a processor is not TCP/IPv6 or IP CIP-enabled.
NOTE: The following conditions are applicable for TCP/IPv6 and IP CIP. • Use One TCP6SAM Process
Check that there is one TCP6SAM process pair running on any two processors in the system. HP recommends that you use only one TCP6SAM process pair - even where you are using more than one IP address. Unlike the conventional TCP/IP processes, one TCP6SAM process can provide socket interfaces for all IP addresses configured in the TCP/IPv6 or IP CIP environment. If you use more than one, two httpd servers might attempt access to the same port and therefore generate EADDRINUSE socket errors.
• Use Static Servers
HP recommends that you run as many static servers as you might need. Creating dynamic servers is known to be expensive and will severely affect response time - especially for the request waiting for the dynamic server to be created. In addition, dynamic servers can drop one or two connections when the Deletedelay effect occurs. Because all the httpd servers are designed to run on high PIN, creating more servers at the startup should not create a resource problem.
• Specify a Larger Tandem_Receive_Depth
The range is 1 to 255. The default is 50. Selecting a larger number prevents extra pathsends and possible socket migration. When the connection request is sent to a server that is not running on the same processor as the original listening agent, a socket migration occurs and a performance penalty is incurred. A larger number also prevents the creation of dynamic servers. Creating an additional httpd server on a processor that already has a number of httpd servers running is neither going to help distribute the load nor improve performance. The load distribution has now been moved down to the adapter level by use of the round-robin filter. Additional processes can create more dispatching costs for the processor.
• Specify the -address Command in All Accept Directives
You should use the -address command in all Accept directives. Unlike the conventional TCP/IP processes TCP6SAM allows the httpd servers to interface with all subnets configured in the TCP/IPv6 or IP CIP environment. The "accept ALL IP addresses" is literally ALL IP addresses defined in the entire system. This might be more than you expected.
• Rebalancing Servers Across processors
When a processor is brought down,PATHMON is likely to restart a number of static servers on other processors to keep the number of static servers as specified in the NUMSTATIC server attribute. When the processor is reloaded,PATHMON will not automatically rebalance its servers among the processors. If there are extensive reloads you might want to rebalance manually - using actions ranging from a simple stopping of one or two servers, to a complete
restart of the iTPWebServer. Again, this behavior is not new to the PATHWAY system, it just might be more obvious when everything from application to transport is vertically aligned. • You Can No Longer Use Restarth
Because the new product architecture no longer has a distributor working as a buffer zone between the incoming connection requests and the httpd servers, new servers cannot successfully bind to a local port unless the older httpd servers cease their operations. Therefore, if you are using TCP/IPv6 or IP CIP, the -restarth option is no longer supported.
4. If you do not have Domain Name Server (DNS) running on your network, configure and run DNS. You start DNS when you start TCP/IP. The out-of-box start-up requires that the host name be fully qualified to match the DNS entry. You should the host ID using the IP address defined for host name.
5. When you configure DNS, you must modify the file,$SYSTEM.ZTCPIP.RESCONFfor IPv4 addresses,$SYSTEM.ZTCPIP.IPNODESfor IPv6 addresses, to point to the DNS name server you are using. For information about starting DNS, see the TCP/IP Configuration and
Management Manual.
6. For security, you should add a super ID (for example, super.webmastr) configured for the OSS environment, and you should use this super ID instead of super.super when installing the software.
7. Log on to the newly created super ID before installing the iTP Secure WebServer software: TACL> LOGON super.webmastr