|
|
HOB SSL Gateway NBIPGW08OverviewThe NBIPGW08 gateway runs under Sun Solaris. The NBIPGW08 gateway uses SSL encryption at one end (the client side) and converts to unencrypted format at the other end (the server side). The NBIPGW08 gateway can be used only on the server side. You can also use NBIPGW08 in the "demilitarized zone." PrerequisitesThe NBIPGW08 gateway runs as a 32-bit program. It runs only on Sun Ultra 64-bit processors and uses XTI. The NBIPGW08 gateway is started as a process in a Unix shell. For this reason, when there are a large number of connections, the process must be able to open a large number of sockets. For Solaris, the default configuration pre-defines only 256 file descriptors. It is possible to check the number file descriptors with the command "ulimit -a". The value is returned and displayed under "nofiles(descriptors)". Before starting the redirector, the user has to set the number of descriptors based on the number of connections required. This is done using the command "ulimit -n xxxx". Important! Please note that the file descriptors can only be increased up to a "hard" limit. The system administrator must set this limit system-wide in the file "/etc/system" using the following values: set rlim_fd_max=32768 # system-wide hard limit for file descriptors (max. 65535) set rlim_fd_cur=1024 # system-wide soft limit Attention: Setting "set rlim_fd_cur" to a value higher than 1024 can lead to problems, e.g., the license daemon can no longer be started. For this reason, before starting the redirector, increase the number of file descriptors, e.g., using the command "ulimit -n 16000".
UsageNBIPGW08 reads its configuration parameters from an .ini-file. The .ini-file can be edited with any usual ASCII-editor. Please note that this .ini file must observe the conventions for .ini files under Windows NT. When NBIPGW08 is started, the first parameter specifies the name of the .ini-file. Example:NBIPGW08 xyz.ini The .ini file can contain several sections whose name start with SSLGATE and specify the parameters of the connections to the clients and to the servers. Each section contains the following parameters:
The ini file may contain an additional section GENERAL that contains the following paramerter: LISTEN_ERROR=IGNORE/WAIT/ABEND
Example1: The first example shows the usage as gateway with SSL and without Load Balancing function. [SSLGATE001] [GENERAL] Example2: The second example shows the usage as gateway with SSL and Load Balancing function. The IP addresses of the servers may also be entered numeric. [SSLGATE001] The second example shows the usage as gateway with SSL and Load Balancing function. In this case the names of the servers are used as IP adresses. [SSLGATE001] Example4: The fourth example shows the usage as gateway with SSL function on a multi-homed system (that has several IP addresses), e.g. if more than one network adapter is used.. [SSLGATE001] Example5: This example shows the usage as gateway with SSL and Load Balancing function - broadcast. [SSLGATE001] Example6: This example shows the usage as a "mixed" gateway with both functions (including and without load balancing) [SSLGATE001]
| ||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||