Radware s AppDirector and Oracle E-Business Suite 12 Integration Guide

(1)

Radware’s AppDirector and Oracle E-Business Suite 12

Integration Guide

Products:

Radware AppDirector

Software: AppDirector version 2.10.00

Platform: On-Demand Switch II XL

(2)

Table of Contents

JOINT SOLUTION OVERVIEW ...3

E-BUSINESS SUITE OVERVIEW...3

Definitions as they apply to E-Business Suite...3

General Architecture of Oracle E-Business Suite Release 12 ...4

Diagram 1.0 - EBS General Architecture ...5

RADWARE APPDIRECTOR OVERVIEW...5

DEPLOYMENT NOTES ...6

E-Business Suite Modifications ...6

Table 1.0 - E-Business Suite Modifications...7

AppDirector Modifications ...7

APPDIRECTOR AND E-BUSINESS SUITE INTEGRATION ...8

Diagram 2.0 - E-Business Suite 12 and AppDirector Logical Topology ...9

Tests Conducted for Solution Validation and Result Summary ...9

Table 2.0 - Test Conducted for Solution Validation ...10

Diagram 3.0 - E-Business Suite 12 and AppDirector Physical Topology ...11

PRIMARY APPDIRECTOR CONFIGURATION ...11

IP Configuration...12

Farm Configuration ...15

Caching ...16

Create Cache URL Exceptions Rule-Lists ...17

Create Cache Policy ...18

Create Compression Policy...18

Create SSL Certificate ...19

Create SSL Policy...21

Create Layer 4 Policy...21

Configure L7 Persistency for the web farm ...24

Adding Servers to the Farm ...25

Health Monitoring...27

Create the Health Monitoring Checks. ...28

Binding Health Checks to Servers...30

GENERAL REDUNDANT CONFIGURATION NOTES ...31

Primary AppDirector VRRP Configuration ...31

Primary Virtual Routers...31

Primary Associated IP Addresses ...33

Primary Mirroring ...34

AUTO-GENERATE THE BACKUP APPDIRECTOR CONFIGURATION...36

Setting up basic IP connectivity on the Backup AppDirector ...36

Auto Generating the Backup Configuration from the Primary AppDirector...37

Upload the Backup Configuration file to the Backup AppDirector...38

APPENDIX...40

Appendix 1 - Primary AppDirector Configuration File...40

Appendix 2 - Backup AppDirector Configuration File ...43

Appendix 3 - Oracle Application Server Web Cache - Caching Rules ...47

(3)

Joint Solution Overview

The Radware and E-Business Suite joint solution ensures E-Business Suite 12.0 customer’s solution resilience, efficiency and scale. Radware’s AppDirector guarantees E-Business Suite applications maximum availability, scalability, performance and security, managing traffic for the web server content.

AppDirector works in conjunction with E-Business Suite 12.0 servers to offload resource intensive processing, providing advanced health monitoring and avoiding system down time to deliver a best of breed subsystem. With a pay as you grow platform licensing model, AppDirector ensures long term investment protection facilitating incremental growth demanded by today’s Business. Diagram 2.0 is a logical depiction of the intended deployment model.

E-Business Suite Overview

See Reference Doc ID: 380489.1

Definitions as they apply to E-Business Suite Tier

A tier is a logical grouping of services, potentially spread across more than one physical machine.

Client Tier

The client interface is provided through HTML for the HTML-based applications, and via a Java applet in a Web browser for the traditional Forms-based interface. In Oracle Applications Release 12, each user logs in to Oracle Applications through the E-Business Suite Home Page on a desktop client web browser. The E-Business Suite Home Page provides a single point of access to HTML-based applications, Forms-based applications, and Business Intelligence applications.

Application Tier

The application tier hosts the various services that process the business logic and manage communication between the desktop tier and the database tier. This tier runs the web server and the associated processes, concurrent processing server, Interaction and Oracle fulfillment server.

Database Tier

The database tier contains the Oracle database server which stores all the data maintained by Oracle Applications. This tier has the Oracle data server files and Oracle Applications database executables that physically store the tables, indexes, and other database objects in the system.

OPMN

Oracle Process Manager and Notification Server (OPMN) is installed and

configured on every tier designated to run the web application. OPMN provides an integrated way to manage all Oracle Application Server components. OPMN consists of two main pieces: the Process Manager and the Notification Server. The Process manager (PM) is the centralized process management mechanism in

(4)

Oracle Application Server and is used to manage all Oracle Application Server processes. The PM starts, restarts, stops, and monitors every process it manages. It also performs death-detection and automatic restart of the processes. Oracle Notification Server (ONS) is the transport mechanism for failure, recovery, startup, and other related notifications between components in Oracle Application Server.

OHS

Oracle HTTP Server (OHS) is installed and configured on every tier that is designated to run the web application. It provides the key infrastructure required for serving the static and dynamic content generated by Oracle E Business Suite products.

OC4J

Oracle Containers for J2EE (OC4J) is the core Java 2 Platform Enterprise Edition (J2EE) runtime component of Oracle Application Server. It is installed and

configured on every tier that is designated to run the web application. It is a fully J2EE 1.5 compliant container that runs on a standard file based JDK 1.5 Java Virtual Machine and provides complete support for Java Server Pages (JSP) , Servlets, Enterprise Java Beans (EJB), Web Services and all J2EE services.

Web Entry Point

Web Entry Point refers to the host name which is designated to be used by all users to access the Oracle E-Business Suite Release 12 system. By default, the web entry point is set to the hostname of the application server where Oracle E-Business Suite is installed. In the case where a load-balancer is used, the Web Entry Point becomes the virtual host name resolved to the virtual IP of the

load-balancer.

Session Persistence

Session Persistence is the act of keeping a specific user's traffic going to the same server that was initially hit when the site was contacted for the first HTTP

transaction. This is especially important for E-Business Suite as various modules bundled with the suite need to maintain session state. Session persistence is sometimes referred to as "server stickiness."

General Architecture of Oracle E-Business Suite Release 12

The Oracle E-Business Suite Release 12 architecture, as shown in the figure below, is a framework for multi-tiered, distributed computing that supports various Oracle Applications products. In this model, various servers are distributed among multiple levels, or tiers.

(5)

Diagram 1.0 - EBS General Architecture

A server is a process or group of processes that runs on a single machine and provides a particular class of functionality, often referred to as a service. For example, the Oracle HTTP server is a process that listens for and processes HTTP requests; a Concurrent Processing server is a server that process batch jobs submitted through concurrent requests.

The three-tier architecture that comprises an Oracle E-Business Suite installation is made up of:

1. The database tier, which supports and manages the Oracle database 2. The application tier, which supports and manages the various

Applications components, and is sometimes known as the middle tier 3. The client tier, which provides the user interface via a supported web

browser, either natively in HTML or via Forms running in the Sun Java Runtime Engine

For more information on Oracle E-Business Suite, see

http://www.oracle.com/applications/e-business-suite.html

Radware AppDirector Overview

Radware’s AppDirector is an intelligent application delivery controller (ADC) that provides scalability and application-level security for service infrastructure optimization, fault tolerance and redundancy. Radware combined its

next-generation, OnDemand Switch multi-gigabit hardware platform with the powerful capabilities of the company’s APSolute™ operating system “classifier”

(6)

and “flow management” engine. The result – AppDirector – enables accelerated application performance; local and global server availability; and application security and infrastructure scalability for fast, reliable and secure delivery of applications over IP networks.

AppDirector is powered by the innovative OnDemand Switch platform. OnDemand Switch, which has established a new price/performance standard in the industry, delivers breakthrough performance and superior scalability to meet evolving network and business requirements. Based on its on demand, “pay-as-you-grow” approach, no forklift upgrade is required even when new business requirements arise. This helps companies guarantee short-term and long-term savings on CAPEX and OPEX for full investment protection. Radware’s OnDemand Switch enables customers to pay for the exact capacity currently required, while allowing them to scale their ADC throughput capacity and add advanced application-aware services or application acceleration services on demand to meet new or changing application and infrastructure needs. And it does it without compromising on performance.

AppDirector lets you get the most out of your service investments by maximizing the utilization of service infrastructure resources and enabling seamless

consolidation and high scalability. AppDirector’s throughput licensing options allows pay as you grow investment protection. Make your network adaptive and more responsive to your dynamic services and business needs with AppDirector’s fully integrated traffic classification and flow management, health monitoring and failure bypassing, traffic redirection, bandwidth management, intrusion prevention and DoS protection.

For more information, please visit: http://www.radware.com/

Deployment Notes

E-Business Suite Modifications

In order for E-Business Suite to work with an AppDirector, there are several parameters that need to be defined. The Load Balancer Entry Point URL used to access the Applications logon page needs to be defined as a single entry point, the Application servers that are being load balanced need to be defined, the protocol, port and active web portal need to be defined on both Application Servers. The configuration file that needs to be modified is the Applications Context File. The servers Applications Context File is Located:

$INST_TOP/appl/admin/ VIS_narmada.xml

Use the AutoConfig Context Editor to set the configuration values in the applications context file on server 1 and 2. The table below describes how the context value should be changed when a load balancer is configured in front of application servers. For example:

(7)

Load Balancer Entry Point: AppDirector.estuate Application Server 1: narmada.estuate

Application Server 2: kavery.estuate Web Entry protocol: https

Application Tier Web Protocol: https Application Tier Web Port: 8010 Active Web Port:443

Context Variable Name

Context Variable Description

Old Context Value New Context Value

s_webentryprotocol

Protocol that desktop clients use to communicate with the entry point server

http https for AppDirector.estuate

s_webentryhost Name of the host that receives the first HTTP request from the desktop client

narmada on Application Server 1

kavery on Application Server 2

AppDirector as the web entry host for narmada and kaveri

s_webentrydomain Domain name of the host that receives the first HTTP request from the desktop client

estuate Estuate

s_active_webport Port on the web server or load balancer that listens for HTTP requests

8010 on narmada and kaveri

443 for AppDirector.estuate

s_login_page URL used to access the Applications logon page

http://narmada.estuate:80 10/OA_HTML/AppsLogin http://kaveri.estuate:8010/ OA_HTML/AppsLogin https://AppDirector.estuate/OA_HTML/Ap psLogin

s_external_url URL that third party tools use to connect to the E-Business Suite System. This is used only by the Oracle Web Services product. http://narmada.estuate:80 10/OA_HTML/AppsLogin http://kaveri.estuate:8010/ OA_HTML/AppsLogin https://AppDirector.estuate/OA_HTML/Ap psLogin

Table 1.0 - E-Business Suite Modifications

The values listed for the context variables in the table above should only be used as a reference to change your applications context file. It is possible that system administrators may have changed the default values to perform other advanced configurations. After completing the changes shown above, do the following:

1. Run the AutoConfig utility on all the application tier Servers 2. Restart application server processes

3. Test sign on from different entry points. AppDirector Modifications

The AppDirector was configured for SSL offload to accelerate SSL traffic and offload servers. AppDirector handles the SSL key negotiation with the client and encrypting and decrypting of communication. AppDirector serves as a proxy, terminating the SSL client sessions and opening a separate session to the

(8)

backend servers. SSL Offload is necessary to manipulate TLS components, L7 persistence would not work without SSL offload, as the data payload would be encrypted.

Farm aging time was tuned to just over 2 hours (7300) from default value for testing. This was to ensure that state entries would not be terminated prior to client aging time.

appdirector farm table setCreate "web server farm" -at 7300 -cm \ "No Checks" -sm RemoveOnSessionEnd-SPS

Reset of the sessions if still existing after the aging. This will ensure any clean-up of abandoned sessions which could hold state on the servers inadvertently.

appdirector farm extended-params set "web server farm" -sc Enabled -ic \ "Enable and remove cookie on return path"

AppDirector and E-Business Suite Integration

Key features implemented on the AppDirector to support this solution: • Service health monitoring

• Layer 7 load balancing • Caching

• Compression • TCP Multiplexing • SSL Offloading • VRRP

(9)

Diagram 2.0 - E-Business Suite 12 and AppDirector Logical Topology Tests Conducted for Solution Validation and Result Summary

The following tests were conducted to ensure the most appropriate solution was defined and validated. All tests were successfully completed using the

AppDirector and Oracle E-Business Suite 12 configurations following Table 2.0. See the embedded document on the following page for a full test plan description.

(10)

OracleEBS11i_validat ion-test-plan.doc

EBSO Basic Health Check

Test Case Status

EBS Web Login Page PASS

EBS Self-Service: Home Page PASS

EBS Application Manager Screen PASS

EBS Self-Service: Create a Purchase Requisition from iProcurement module PASS

EBS Self-Service: Query a purchase requisition PASS

EBS Forms Service: EBS Home Page PASS

EBS Forms Service: Create User PASS

EBS Forms Service: Query User record PASS

EBS Web Server PASS

Hardware Failure/Power down _PASS

Load Distribution

Test Case Status

EBS Web Server Load Balance PASS

Fail Over server

Test Case Status

EBS Web Server Failover PASS

Persistency Check

Test Case Status

EBS Web Server Session Persistence Enabled PASS

EBS Web Server Session Persistence Disabled PASS

EBS Web Client Session Timeout PASS

(11)

Diagram 3.0 - E-Business Suite 12 and AppDirector Physical Topology

Primary AppDirector Configuration

Using a serial cable and a terminal emulation program, connect to the AppDirector. The default console port settings are:

• Bits per Second: 19200 • Data Bits: 8

• Parity: None • Stop Bits: 1

(12)

1. Using the following Command line, assign management IP address

192.168.1.50 / 24 to interface MNG-1 (Dedicated Management Interface) of the AppDirector:

net ip-interface create 192.168.1.50 255.255.255.0 MNG-1 -pa 10.168.1.51

2. Using a browser, connect to the management IP Address of the AppDirector (192.168.1.50) via HTTP or HTTPS. The default username and password are “radware” and “radware”. HTTPS is recommended as it is required for

TLS/SSL configuration management which will be part of the configuration. Failure to establish a connection may be due to the following:

• Incorrect IP Address in the browser

• Incorrect IP Address or default route configuration in the AppDirector • Failure to enable Web Based Management or Secure Web Based

Management in the AppDirector

• If the AppDirector can be successfully pinged, attempt to connect to it via Telnet or SSH. If the pinging or the Telnet/SSH connection are unsuccessful, reconnect to the AppDirector via its console port. Once

IP Configuration

1. From the menu, select Router IP Router Interface Parameters to display the IP Interface Parameters page similar to the one shown below:

(13)

2. Click the Create button.

3. On the IP Interface Parameters Create page, enter the necessary parameters as shown below:1

4. Click the Set button to save parameters.

5. On the IP Interface Parameters page, click the Create button to configure another interface. enter the necessary parameters as shown below:

1_{Items circled in red indicate settings that need to be entered or changed. Items not circled should}

(14)

(15)

Farm Configuration

1. From the menu, select AppDirector Farms Farm Table to display the

Farm Table page similar to the one shown below:

3. On the Farm Table Create page, enter the necessary parameters as shown below:

Note: The following two farms, Server_53_Farm and Server_56_Farm were created for administrative and maintenance of the servers and are a one to one mapping of a server to a farm.

5. On Farm Table page Click the Create button to configure another farm. enter the necessary parameters as shown below:

(16)

7. On Farm Table page Click the Create button to configure another farm. enter the necessary parameters as shown below:

9. Verify that the new entries are created on the Farm Table page:

Caching

With caching there may be a need to create exceptions for certain URI’s. We had a need to create an exception for our deployment.

There is a Dashboard page used by EBS administrators to check the health and status of the EBS servers. On the page there are tabs that reference overview, performance, critical activities, diagnostics, business flows, security and software updates.

The issue with caching this page is that the URI looks the same to the cache no mater what tab is selected and therefore the page view never changes, it’s stuck on the cached page

You can create an exception in the AppDirector or Install and configure Oracle Application Server Web Cache and create the exception rule their (see appendix 3 Oracle Application Server Web Cache - Caching Rules for more details)

(17)

Create Cache URL Exceptions Rule-Lists

1. From the menu, select AppDirectorLayer 4 Traffic Redirection Cache

URL Exceptions Rule-Lists to display the Cache URL Exceptions

Rule-Lists page similar to the one shown below:

3. On the Cache URL Exceptions Rule-ListsCreate page, enter the necessary parameters as shown below.

Where the URL is: /OA_HTML/weboam/oam/oamApps$target=VIS

4. Click the Set button to save the parameters.

5. Verify that the new entries were created on the Cache URL Exceptions Rule-Lists page:

(18)

Create Cache Policy

1. From the menu, select AppDirector Layer 4 Traffic Redirection Caching Policies to display the Caching Policies page similar to the one shown below:

3. On the Caching Policies Create page, enter the necessary parameters as shown below.

4. Click the Set button to save the parameters. Create Compression Policy

1. From the menu, select AppDirector Layer 4 Traffic Redirection

Compression Policies to display the Compression Policies page similar to the one shown below:

(19)

3. On the Caching Policies Create page, enter the necessary parameters as shown below.

Note: Hardware compression is a hardware option that must be supported. 4. Click the Set button to save the parameters.

Create SSL Certificate

1. From the menu, select Security Certificates Table to display the

Certificates Table page similar to the one shown below:

3. On the Certificates Table Create page, enter the necessary parameters as shown below.

(20)

4. There will be a popup when you click on the Key Passphrase field, asking you to enter in a “Passphrase”, as shown below.

5. Click the Set button to save the Passphrase.

6. Click the Set button to save the Certificate parameters.

(21)

Create SSL Policy

1. From the menu, select AppDirector Layer 4 Traffic Redirection SSL Policies to display the SSL Policies page similar to the one shown below:

3. On the SSL Policies Create page, enter the necessary parameters as shown below.

Create Layer 4 Policy

1. From the menu, select AppDirector Layer 4 Traffic Redirection Layer 4 Policies to display the L4 Policies page similar to the one shown below:

3. On the L4 Policies Create page, enter the necessary parameters as shown below.

(22)

5. On L4 Policies page Click the Create button to configure another L4 Policy. Enter the necessary parameters as shown below:

Note: The following layer 4 policies, EBS_Server_53 and EBS_Server_56, were created for administrative and maintenance and are a one to one mapping of the VIP and servers.

(23)

7. On L4 Policies page Click the Create button to configure another L4 Policy. Enter the necessary parameters as shown below:

(24)

9. Verify that the new entries were created on the L4 Policies page:

Configure L7 Persistency for the web farm

Persistence is handled at the web tier with cookie insertion and removal

configured in Extended Farm Parameters as seen below.

1. From the menu, select AppDirector Farms Extended Parameters to display the Extended Farm Parameters page similar to the one shown.

2. Select the “web server farm” under the Farm Name to display the Extended

Farm Parameters Update page, enter the necessary parameters as shown

below:

Note: Close Session At Aging: will reset sessions if still existing when their

Aging Time expires. This will ensure any clean-up of abandoned sessions which could hold state on the servers inadvertently.

(25)

Note: Configuring Cookie Insertion for Web Service HTTP Persistence in the

Extended Farm Parameters Update page generates all of the L7 persistence

logic automatically from the single drop down menu. See Appendix 4 to view and better understand the entries that auto generate to facilitate this function. Cookies are inserted on reply and removed on request.

Adding Servers to the Farm

1. From the menu, select AppDirector Servers Application Servers Table to display the Server Table page similar to the one shown below:

2. Click the Create button

3. On the Server Table Create page, enter the necessary parameters as shown below:

5. On Server Table page Click the Create button to configure another server. enter the necessary parameters as shown below:

(26)

(27)

11. Verify that the new entries were created on the Server Table page:

Health Monitoring

1. From the menu, select Health Monitoring Global Parameters to display

the Health Monitoring Global Parameters page.

2. On the Health Monitoring Global Parameters page, change the parameters as shown below:

(28)

3. Click the Set button to save parameters. Create the Health Monitoring Checks.

1. From the menu, select Health Monitoring Check Table to display the

Health Monitoring Check Table page similar to the one shown below:

3. Create a set of health checks for the web servers. On the Health Monitoring

Check Table Create page, enter the necessary parameters as shown below:

4. Before clicking the Set button, choose the button next to Arguments to populate the specific logic settings related to the method for this check. 5. Enter the information below:

(29)

6. Click the Set button for the Method Arguments and click the Set button again in

the Health MonitoringCheck Table Create window.

7. Repeat the steps 5-10 to create the second server health check for web server web_56, host 10.10.10.56.

8. Verify the new entries were created on the Health Monitoring CheckTable

The status of this check may display “Unknown” until the server replies successfully to the AppDirector’s check.

(30)

Binding Health Checks to Servers

1. From the menu, select Health Monitoring Binding Table to display the

Health Monitoring Binding Table page similar to the one shown below:

3. Create the health check binding for the web servers. On the Health

Monitoring Binding Table Create page, enter the necessary parameters as

shown below:

5. Repeat the steps 2-5 to bind the second web server health check. Web_56: Farm web server farm - 10.10.10.56 – 8010.

6. Verify that the new entries were created on the Health Monitoring Binding Table page:

(31)

General Redundant Configuration Notes

For complete high-availability, Radware encourages implementing pairs of AppDirector units in an Active / Backup configuration. If your implementation of this architecture includes only a single AppDirector, then it is unnecessary to follow the steps in this section.

Primary AppDirector VRRP Configuration

1. From the menu, select AppDirector Redundancy Global Configuration

and set the parameters as noted below:

2. Click the Set button to save these changes. Primary Virtual Routers

1. From the menu, select AppDirector Redundancy VRRP Virtual Routers to display the Virtual Router Table page similar to the one shown below.

(32)

3. On the Virtual Router Table page, enter the necessary parameters as shown below.

5. On the Virtual Router TableCreate page, click the Create button to configure another interface. enter the necessary parameters as shown below:

(33)

Primary Associated IP Addresses

1. From the menu, select AppDirector Redundancy VRRP Associated IP Addresses to display the Associated IP Addresses page similar to the one shown below:

3. On the Associated IP Addresses Create page, enter the necessary parameters as shown below:

4. Click the Set button to save the parameters

5. Repeat the steps 2-4 to create the associated IP Addresses

76.197.19.55((VIP), VR ID = 1), 76.197.19.53((VIP), VR ID = 1) and

76.197.19.56((VIP), VR ID = 1). Also associate 10.10.10.1((default gateway for the web servers), VR ID = 2).

6. Verify that the new entries were created on the Associated IP Addresses

page:

7. Go to AppDirector Redundancy VRRP Virtual Routers and click on the link to If Index G-1

(34)

8. Raise all of the Virtual interfaces to up by selecting VRIDs to All Up click the

Set button to save the parameters.

9. Make certain that the State of this VR is displayed as Master in the Virtual Router table:

Primary Mirroring

1. Go to AppDirector Redundancy Mirroring Active Device Parameters and set the Client Table Mirroring status to enable:

(35)

3. From the menu, select AppDirector Redundancy Mirroring Mirror Device Parameters to display the Mirror Device Parameters page similar to the one shown below.

5. On the Mirror Device Parameters page, enter the necessary parameters as shown below:

Note: This sets the Backup AD IP used as the target address for mirroring traffic. 6. Click the Set button to save the parameters.

(36)

Auto-Generate the Backup AppDirector Configuration

To create the Backup AppDirector configuration is very easy.

Once the Backup AppDirector is configured for basic IP connectivity and is available to the network, simply export the Backup Configuration file from the Primary AppDirector and upload it to the Backup AppDirector. The steps are defined below.

Setting up basic IP connectivity on the Backup AppDirector

Using a serial cable and a terminal emulation program, connect to the AppDirector. The default console port settings are:

• Bits per Second: 19200 • Data Bits: 8

• Parity: None • Stop Bits: 1

• Flow Control: None

1. Using the following Command line, assign management IP address

192.168.1.51 / 24 to interface MNG-1 (Dedicated Management Interface) of the AppDirector:

net ip-interface create 192.168.1.51 255.255.255.0 MNG-1 -pa 192.168.1.50

2. Using a browser, connect to the management IP Address of the AppDirector (192.168.1.51) via HTTP or HTTPS. The default username and password are “radware” and “radware”.

Failure to establish a connection may be due to the following: • Incorrect IP Address in the browser

• Incorrect IP Address or default route configuration in the AppDirector • Failure to enable Web Based Management or Secure Web Based

Management in the AppDirector

• If the AppDirector can be successfully pinged, attempt to connect to it via Telnet or SSH. If the pinging or the Telnet/SSH connection are unsuccessful, reconnect to the AppDirector via its console port.

(37)

Auto Generating the Backup Configuration from the Primary AppDirector 1. From the web interface menu of the Primary AppDirector, select File

Configuration Receive from Device to display the Download

Configuration File page similar to the one shown below:

Note: Switch from the Backup to Primary AppDirector to auto-generate the Backup configuration file.

2. On the Configuration File Download page, choose the necessary parameters as shown below:

(38)

3. Click the Set button to launch save file window.

4. Click the SAVE button to save the file to a local directory.

Upload the Backup Configuration file to the Backup AppDirector 1. From the web interface menu of the Backup AppDirector, select File

Configuration Send to Device to display the Configuration File Upload

(39)

Note: Clicking the Browse button and navigate to the updated configuration file. 2. Click the Set button to upload the configuration. The Backup device will reboot

and be ready for use.

(40)

Appendix

Appendix 1 - Primary AppDirector Configuration File

!

!Device Configuration !Date: 13-06-2009 00:36:38

!DeviceDescription: AppDirector with Cookie Persistency !Base MAC Address: 00:03:b2:3d:dc:00

!Software Version: 2.10.00 (Build date Apr 7 2009, 22:33:12,Build#150) !APSolute OS Version: 10.31-03.05(40):2.06.09

! !

! The following commands will take effect only ! once the device has been rebooted!

!

system tune bridge-fft-table set 1024 system tune ip-fft-table set 240000 system tune arp-table set 1024 system tune client-table set 1200000 system tune routing-table set 512 system tune url-table set 256 system tune request-table set 5000 system tune nat-address-table set 4 system tune nat-ports-table set 64511 system tune session-id-table set 32000 system tune l3-client-table-size set 20 system tune outbound-nat-address set 1 system tune outbound-nat-ports set 64511 system tune outbound-intrcpt-tbl set 4 system tune radius-attribute-table set 1 system tune segments set 15

system tune l4-policy-table set 512 system tune static-dns-persistency set 5 system tune dynamic-dns-persistency set 10

manage snmp versions-after-reset set "v1 & v2c & v3" system tune session-pasv-protocols set 16

system tune session set 512 system tune session-resets set 100 !

! The following commands take effect immediately ! upon execution!

!

health-monitoring check create Web_53 -id 4 -m HTTP -p 8010 -a \

health-monitoring check create web_56 -id 8 -m HTTP -p 8010 -a \

net ip-interface create 10.10.10.1 255.255.255.0 G-11 -pa 10.10.10.2 net ip-interface create 76.197.19.61 255.255.255.240 G-1 -pa \ 76.197.19.63

net ip-interface create 192.168.1.50 255.255.255.0 MNG-1 -pa \ 192.168.1.51

net route table create 0.0.0.0 0.0.0.0 76.197.19.62 -i G-1 redundancy mode set VRRP

appdirector farm table setCreate "Server_53_Farm " -at 7300 appdirector farm table setCreate Server_56_Farm -at 7300

appdirector farm server table create "Server_53_Farm " 10.10.10.53 None \ -sn EBS_Server_53 -id 23

appdirector farm server table create Server_56_Farm 10.10.10.56 None -sn \ EBS_Server_56 -id 22

appdirector farm server table create "web server farm" 10.10.10.53 8010 \ -sn Web_Server_53 -id 27

(41)

appdirector l7 farm-selection method-table setCreate Auto-G_Cookie_web_s \ -cm "Set Cookie" -ma KEY=yI8cugcRkX|VAL=$Server_SID_Cookie|P=/|

appdirector l7 farm-selection method-table setCreate Auto-G_RCookie_web_ \ -cm Cookie -ma KEY=yI8cugcRkX|

redundancy interface-group set Enabled appdirector dns status set Disabled appdirector nat server status set disable

redundancy mirror main client-status set Enabled redundancy mirror address setCreate 76.197.19.63 appdirector dns two-records set Disabled

redundancy backup-in-vlan set Disabled

appdirector farm connectivity-check httpcode setCreate "web server farm"\ "200 - OK"

appdirector farm connectivity-check httpcode setCreate "Server_53_Farm "\ "200 - OK"

appdirector farm connectivity-check httpcode setCreate Server_56_Farm\ "200 - OK"

appdirector l7 server-persistency static-persist-table setCreate\ "web server farm" WGZaq0HAer0K -sa 10.10.10.53 -sp 8010 -fl 1 appdirector l7 server-persistency static-persist-table setCreate\ "web server farm" tEz9r2P2Ek9l -sa 10.10.10.56 -sp 8010 -fl 1 appdirector nat server specific-nat-address set 0.0.0.0

redundancy backup-fake-arp set Enabled

net next-hop-router setCreate 76.197.19.62 -id 10 -fl 1 appdirector farm nhr setCreate 0.0.0.0 -ip 76.197.19.62 -fl 1

appdirector nat client address-range setCreate 10.10.10.100 -t \ 10.10.10.100

appdirector nat client range-to-nat setCreate 10.10.10.50 -t 10.10.10.53 appdirector nat client status set Disabled

redundancy backup-interface-group set Enabled

system internal appdirector full-session-id-table setCreate\ "web server farm" 0 TCP -k yI8cugcRkX -l Cookie -fl 1 net vlan-tag-handling set Overwrite

appdirector nat outbound status set Disabled

appdirector segmentation nhr-table setCreate DefaultNHR -ip 76.197.19.62 \ -fl 1

appdirector l4-policy caching-url-rules-lists create\

EBS_App_Dashboard_VIS tabs -u /OA_HTML/weboam/oam/oamApps$target=VIS appdirector l4-policy ssl-policy create EBS -c ebs -lp 8010

appdirector l4-policy compression create EBS_Cache -pe Hardware

appdirector l4-policy caching create EBS_Cache -r EBS_App_Dashboard_VIS appdirector l4-policy table create 76.197.19.53 TCP Any 0.0.0.0\ EBS_Server_53 -fn "Server_53_Farm "

appdirector l4-policy table create 76.197.19.56 TCP Any 0.0.0.0\ EBS_Server_56 -fn Server_56_Farm

appdirector l4-policy table create 76.197.19.55 TCP 443 0.0.0.0 SecureEBS \ -fn "web server farm" -ta HTTPS -sl EBS -co EBS_Cache -ca EBS_Cache

redundancy vrrp automated-config-update set Enabled

appdirector l7 modification table setCreate Auto-G_Cookie_web_s -i 0 -f \ "web server farm" -d Reply -am Auto-G_Cookie_web_s

appdirector l7 modification table setCreate Auto-G_RCookie_web_ -i 0 -f \ "web server farm" -ac Remove -mm Auto-G_RCookie_web_

redundancy global-configuration failure-action set Ignore health-monitoring binding create 4 27

health-monitoring binding create 8 28 health-monitoring status set enable

health-monitoring response-level-samples set 0

redundancy vrrp virtual-routers create G-1 1 -as Up -p 255 -pip \ 76.197.19.61

redundancy vrrp associated-ip create G-1 1 76.197.19.61 redundancy vrrp associated-ip create G-1 1 76.197.19.55 redundancy vrrp associated-ip create G-11 2 10.10.10.1 redundancy vrrp associated-ip create G-1 1 76.197.19.53 redundancy vrrp associated-ip create G-1 1 76.197.19.56

manage user table create radware -pw GndridF04zNWSGOrZjKFV78REiEra/Qm manage telnet status set enable

(42)

manage telnet server-port set 23 manage web status set enable manage ssh status set enable manage secure-web status set enable

services dns client primary-server set 68.94.156.1 services dns client alt-server set 0.0.0.0

services dns client status set Enabled

services dns client static-table setCreate narmada.estuate -i \ 76.197.19.53

services dns client static-table setCreate kaveri.estuate -i \ 76.197.19.56

services dns client static-table setCreate appdirector.estuate -i \ 76.197.19.55

manage ftp server-port set 21 manage ftp status set enable

redundancy arp-interface-group set Send net l2-interface set 100001 -ad up net l2-interface set 100063 -ad up

redundancy vrrp global-advertise-int set 0

manage snmp groups create SNMPv1 public -gn initial

manage snmp groups create SNMPv1 ReadOnlySecurity -gn InitialReadOnly manage snmp groups create SNMPv2c public -gn initial

manage snmp groups create SNMPv2c ReadOnlySecurity -gn InitialReadOnly manage snmp groups create UserBased radware -gn initial

manage snmp groups create UserBased ReadOnlySecurity -gn InitialReadOnly manage snmp access create initial SNMPv1 noAuthNoPriv -rvn iso -wvn iso \ -nvn iso

manage snmp access create InitialReadOnly SNMPv1 noAuthNoPriv -rvn \ ReadOnlyView

manage snmp access create initial SNMPv2c noAuthNoPriv -rvn iso -wvn iso \ -nvn iso

manage snmp access create InitialReadOnly SNMPv2c noAuthNoPriv -rvn \ ReadOnlyView

manage snmp access create initial UserBased authPriv -rvn iso -wvn iso \ -nvn iso

manage snmp access create InitialReadOnly UserBased authPriv -rvn \ ReadOnlyView

manage snmp views create iso 1

manage snmp views create ReadOnlyView 1

manage snmp views create ReadOnlyView 1.3.6.1.4.1.89.2.7.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.18.1.1 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.15.1.2.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.4.1.89.35.1.61 -cm \ excluded

manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.4 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.5 -cm excluded manage snmp notify create allTraps -ta v3Traps

manage snmp global engine-id set 80000059030003b23ddc00 manage snmp users create radware -cf 0.0 -ap MD5 -akc \ 54118f8ecffedac7e39d16b7c9cab095 -pp DES -pkc \

54118f8ecffedac7e39d16b7c9cab095

manage snmp target-address create v3MngStations -tl v3Traps -p \ radware-authPriv

manage snmp target-parameters create public-v1 -d SNMPv1 -sm SNMPv1 -sn \ public -sl noAuthNoPriv

manage snmp target-parameters create public-v2 -d SNMPv2c -sm SNMPv2c -sn \ public -sl noAuthNoPriv

manage snmp target-parameters create radware-authPriv -d SNMPv3 -sm \ UserBased -sn radware -sl authPriv

manage snmp community create public -n public -sn public services auditing status set enable

manage telnet session-timeout set 5 manage telnet auth-timeout set 30

system diagnostics policies setCreate Login -i 2 -tr Disabled system diagnostics capture output file set "ram drive" system diagnostics capture output term set Disabled

system diagnostics trace-log output file set "ram drive and flash" system diagnostics trace-log output term set Disabled

system diagnostics trace-log output syslog set Disabled

system diagnostics trace-log modules set HMM -st Enabled -sev Info system diagnostics capture point set both

(43)

redundancy force-down-ports-time set 0

system diagnostics capture traffic-match-mode set "Inbound and Outbound" appdirector global connectivity-check tcp-timeout set 3

security certificate table \ Name: ebs \

Type: certificate \

---BEGIN CERTIFICATE--- \

MIIBrDCCARUCAjsBMA0GCSqGSIb3DQEBBAUAMB4xHDAaBgNVBAMTE2FwcGRpcmVj \ dG9yLmVzdHVhdGUwHhcNMDkwNTEzMjE1NjM5WhcNMTAwNTEzMjE1NjM5WjAeMRww \ GgYDVQQDExNhcHBkaXJlY3Rvci5lc3R1YXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN \ ADCBiQKBgQDOjLvulEWsrZnqSy4bX/EXzpAUXUJX8QW6HlBC0LSWKPFOdZadL2vu \ bUQNzpDDC2lYcTvqpsttxOAovz/LJFshmDLDGcQR4wVk6EhXMuKSbsLdCwLwhLBE \ dSR78hKpFNlEZ0sVgOAdtIdI+duyj+cwNBhr81/rqgLbHzp2OfPI9wIDAQABMA0G \ CSqGSIb3DQEBBAUAA4GBAFUoMefPH46+zAW3hl5PQnw4spgdbB6kYx350YDE9Oeq \ kyGPvFubNB+P6G7c+C7ToIcvrYSr778+8BAiPH5ZOKgOR1G1TuZ3W8IGOcbtbRyk \ 9jXel/an+3ytgMduTenIGGnW3jreF3VlDdquGxMqsF9xNaqDgokksPz9NVguLNKM \ ---END CERTIFICATE--- \

Name: radware \ Type: certificate \

MIIB1TCCAX8CAhKeMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRAwDgYD \ VQQIEwdSYWR3YXJlMRAwDgYDVQQHEwdSYWR3YXJlMRMwEQYDVQQDEwoxMC4xMC4x \ MC4xMRAwDgYDVQQKEwdSYWR3YXJlMRswGQYDVQQLExJSYWR3YXJlIHdlYiBzZXJ2 \ ZXIwHhcNMDkwNTEzMDUzNjI2WhcNMTAwNTEzMDUzNjI2WjB1MQswCQYDVQQGEwJV \ UzEQMA4GA1UECBMHUmFkd2FyZTEQMA4GA1UEBxMHUmFkd2FyZTETMBEGA1UEAxMK \ MTAuMTAuMTAuMTEQMA4GA1UEChMHUmFkd2FyZTEbMBkGA1UECxMSUmFkd2FyZSB3 \ ZWIgc2VydmVyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALBjDweCfhoVHE/CgoNa \ Ib87PK5dbEikaAQzJ2yhK+fHFfgqro5xKElXv3GJE7E+pxZxOsz2YAjgkJK9EE4z \ RaUCAwEAATANBgkqhkiG9w0BAQQFAANBAJw9yoPPd8dX6PXPhPP56JfmbvvPrZzk \ 5P4SASgQjccGEY6BhhNYAr++Iz/94CIdima3VrfHz+HQ3dSveYAAWv8= \

---END CERTIFICATE--- \ Name: rdwrhmm \

Type: certificate \

MIIB8zCCAZ0CAjQbMA0GCSqGSIb3DQEBBAUAMIGDMQswCQYDVQQGEwJVUzEQMA4G \ A1UECBMHUmFkd2FyZTEQMA4GA1UEBxMHUmFkd2FyZTEaMBgGA1UEAxMRUlcgU1NM \ IG1vbml0b3JpbmcxEDAOBgNVBAoTB1JhZHdhcmUxIjAgBgNVBAsTGVJhZHdhcmUg \ SGVhbHRoIE1vbml0b3JpbmcwHhcNMDkwNTEzMDUzNjI5WhcNMTAwNTEzMDUzNjI5 \ WjCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB1JhZHdhcmUxEDAOBgNVBAcTB1Jh \ ZHdhcmUxGjAYBgNVBAMTEVJXIFNTTCBtb25pdG9yaW5nMRAwDgYDVQQKEwdSYWR3 \ YXJlMSIwIAYDVQQLExlSYWR3YXJlIEhlYWx0aCBNb25pdG9yaW5nMFwwDQYJKoZI \ hvcNAQEBBQADSwAwSAJBAKparPI9S+NfFuNss3oRc8LOjk3P2HN9j7qG7/Y3NNj0 \ 4dBZzeqfoBfsDJGETshWIP51KXruegRjCvix++OepuUCAwEAATANBgkqhkiG9w0B \ AQQFAANBAE/tsy6YT6nxO/0cLCUy6kSLvWK/Y/tvn55TeutPjpBegsbqAAUlif9W \ KsH/haHEOfXEK8NmOa6BOS8ku488DKI= \ ---END CERTIFICATE---

!File Signature: 76bf772ea8d8ac2d2ca683f87b8dc9c4

Appendix 2 - Backup AppDirector Configuration File

!

!Device Configuration !Date: 13-06-2009 00:35:06

!DeviceDescription: AppDirector with Cookie Persistency !Base MAC Address: 00:03:b2:3d:dc:00

!Software Version: 2.10.00 (Build date Apr 7 2009, 22:33:12,Build#150) !APSolute OS Version: 10.31-03.05(40):2.06.09

! !

! The following commands will take effect only ! once the device has been rebooted!

!

system tune bridge-fft-table set 1024 system tune ip-fft-table set 240000 system tune arp-table set 1024

(44)

system tune client-table set 1200000 system tune routing-table set 512 system tune url-table set 256 system tune request-table set 5000 system tune nat-address-table set 4 system tune nat-ports-table set 64511 system tune session-id-table set 32000 system tune l3-client-table-size set 20 system tune outbound-nat-address set 1 system tune outbound-nat-ports set 64511 system tune outbound-intrcpt-tbl set 4 system tune radius-attribute-table set 1 system tune segments set 15

system tune l4-policy-table set 512 system tune static-dns-persistency set 5 system tune dynamic-dns-persistency set 10

manage snmp versions-after-reset set "v1 & v2c & v3" system tune session-pasv-protocols set 16

system tune session set 512 system tune session-resets set 100 !

! The following commands take effect immediately ! upon execution!

!

health-monitoring check create Web_53 -id 4 -m HTTP -p 8010 -a \

health-monitoring check create web_56 -id 8 -m HTTP -p 8010 -a \

net ip-interface create 10.10.10.2 255.255.255.0 G-11 -pa 10.10.10.1 net ip-interface create 76.197.19.63 255.255.255.240 G-1 -pa \ 76.197.19.61

net ip-interface create 192.168.1.51 255.255.255.0 MNG-1 -pa \ 192.168.1.50

net route table create 0.0.0.0 0.0.0.0 76.197.19.62 -i G-1 redundancy mode set VRRP

system mib2-name set AppDirector_peer

appdirector farm table setCreate "Server_53_Farm " -at 7300 appdirector farm table setCreate Server_56_Farm -at 7300

appdirector farm server table create "Server_53_Farm " 10.10.10.53 None \ -sn EBS_Server_53 -id 23

appdirector farm server table create Server_56_Farm 10.10.10.56 None -sn \ EBS_Server_56 -id 22

appdirector l7 farm-selection method-table setCreate Auto-G_Cookie_web_s \ -cm "Set Cookie" -ma KEY=yI8cugcRkX|VAL=$Server_SID_Cookie|P=/|

appdirector l7 farm-selection method-table setCreate Auto-G_RCookie_web_ \ -cm Cookie -ma KEY=yI8cugcRkX|

redundancy interface-group set Enabled appdirector dns status set Disabled appdirector nat server status set disable redundancy mirror backup status set Enabled redundancy mirror main client-status set Disabled appdirector dns two-records set Disabled

redundancy backup-in-vlan set Enabled

appdirector farm connectivity-check httpcode setCreate "web server farm"\ "200 - OK"

appdirector farm connectivity-check httpcode setCreate "Server_53_Farm "\ "200 - OK"

appdirector farm connectivity-check httpcode setCreate Server_56_Farm\ "200 - OK"

appdirector l7 server-persistency static-persist-table setCreate\ "web server farm" WGZaq0HAer0K -sa 10.10.10.53 -sp 8010 -fl 1

(45)

appdirector l7 server-persistency static-persist-table setCreate\ "web server farm" tEz9r2P2Ek9l -sa 10.10.10.56 -sp 8010 -fl 1 appdirector nat server specific-nat-address set 0.0.0.0

redundancy backup-fake-arp set Enabled

net next-hop-router setCreate 76.197.19.62 -id 10 -fl 1 appdirector farm nhr setCreate 0.0.0.0 -ip 76.197.19.62 -fl 1

appdirector nat client address-range setCreate 10.10.10.100 -t \ 10.10.10.100

appdirector nat client range-to-nat setCreate 10.10.10.50 -t 10.10.10.53 appdirector nat client status set Disabled

redundancy backup-interface-group set Enabled

system internal appdirector full-session-id-table setCreate\ "web server farm" 0 TCP -k yI8cugcRkX -l Cookie -fl 1 net vlan-tag-handling set Overwrite

appdirector nat outbound status set Disabled

appdirector segmentation nhr-table setCreate DefaultNHR -ip 76.197.19.62 \ -fl 1

appdirector l4-policy caching-url-rules-lists create\

EBS_App_Dashboard_VIS tabs -u /OA_HTML/weboam/oam/oamApps$target=VIS appdirector l4-policy ssl-policy create EBS -c ebs -lp 8010

appdirector l4-policy compression create EBS_Cache -pe Hardware

appdirector l4-policy caching create EBS_Cache -r EBS_App_Dashboard_VIS appdirector l4-policy table create 76.197.19.53 TCP Any 0.0.0.0\ EBS_Server_53 -fn "Server_53_Farm " -rs Backup

appdirector l4-policy table create 76.197.19.56 TCP Any 0.0.0.0\ EBS_Server_56 -fn Server_56_Farm -rs Backup

appdirector l4-policy table create 76.197.19.55 TCP 443 0.0.0.0 SecureEBS \ -fn "web server farm" -ta HTTPS -rs Backup -sl EBS -co EBS_Cache -ca \ EBS_Cache

redundancy mirror main dns-status set Disabled redundancy vrrp automated-config-update set Enabled

appdirector l7 modification table setCreate Auto-G_Cookie_web_s -i 0 -f \ "web server farm" -d Reply -am Auto-G_Cookie_web_s

appdirector l7 modification table setCreate Auto-G_RCookie_web_ -i 0 -f \ "web server farm" -ac Remove -mm Auto-G_RCookie_web_

redundancy mirror main sid-status set Disabled

redundancy global-configuration failure-action set Ignore health-monitoring binding create 4 27

health-monitoring binding create 8 28 health-monitoring status set enable

health-monitoring response-level-samples set 0

redundancy vrrp associated-ip create G-1 1 76.197.19.61 redundancy vrrp associated-ip create G-1 1 76.197.19.55 redundancy vrrp associated-ip create G-11 2 10.10.10.1 redundancy vrrp associated-ip create G-1 1 76.197.19.53 redundancy vrrp associated-ip create G-1 1 76.197.19.56

manage user table create radware -pw GndridF04zNWSGOrZjKFV78REiEra/Qm manage telnet status set enable

manage telnet server-port set 23 manage web status set enable manage ssh status set enable manage secure-web status set enable

services dns client primary-server set 68.94.156.1 services dns client alt-server set 0.0.0.0

services dns client status set Enabled

services dns client static-table setCreate narmada.estuate -i \ 76.197.19.53

services dns client static-table setCreate kaveri.estuate -i \ 76.197.19.56

services dns client static-table setCreate appdirector.estuate -i \ 76.197.19.55

manage ftp server-port set 21 manage ftp status set enable

redundancy arp-interface-group set Send net l2-interface set 100001 -ad up net l2-interface set 100063 -ad up

(46)

redundancy vrrp global-advertise-int set 0 manage terminal prompt set AppDirector_peer