CSS Sorry Server for HTTPS

Similar Messages

• Setting up Debian server for HTTP Dyn Streaming (without FMS)?

  Hi!
  Is it possible to set up a Debian server for Http Dynamic Streaming without Flash Media Server?
  (I realize that this means video on demand only, no live streaming!)
  Are there any walkthrouhgs or tutorials on how this can be done?
  Regards / Jonas

  I just found this tread, that answers my question:
  http://forums.adobe.com/thread/747115

• Sorry Server for CSS 11500

  Hi,
  I have a question regarding sorry server configuration on the CSS 11500 series.
  Is there a way for the sorry server to ignore the URL path and always send the user traffic to the "root" page (e.g. index.html) of the sorry server web server?
  The problem I have is the redirection of the "root" page (url "/") that is configured for the normal traffic is causing the sorry page not to work since the URL path ("/psp/CUSTOMER1/?cmd=login") does not exist on the sorry page web server:
  service Sorry-Server
    protocol tcp
    port 8000
    keepalive type tcp
    ip address 192.168.2.254
    active
  service server1
    ip address 192.168.2.101
    protocol tcp
    keepalive type tcp
    port 8080
    active
  service server2
    ip address 192.168.2.102
    protocol tcp
    keepalive type tcp
    port 8080
    active
  owner Customer1
    content Content1
      vip address 192.168.1.101
      port 80
      protocol tcp
      url "/*"
      balance aca
      advanced-balance arrowpoint-cookie
      flow-timeout-multiplier 6
      add service server1
      add service server2
      primarySorryServer Sorry-Server
      active
    content Content1-Redirect
      redirect "/psp/CUSTOMER1/?cmd=login"
      vip address 192.168.1.101
      port 80
      protocol tcp
      url "/"
      active
  Thanks in advance for your help!
  Best regards,
  Harry

  Hi again,
  During a maintenance window I made the following change and that made things a bit better:
  service Sorry-Server
    type redirect
    keepalive type none
    redirect-string "192.168.2.254:8000"
    active
  However, since the redirect string points to a private address, Internet users are not able to access the URL.
  As a work-around I sent the redirect to a new content rule with a public address and then configured a second sorry page server:
  service Sorry-Server
    type redirect
    keepalive type none
    redirect-string "sorry.example.com:8000"
    active
  service Sorry-Server-2
    ip address 192.168.2.254
    protocol tcp
    port 8000
    keepalive type tcp
    active
  owner Customer1
    content Content2
      vip address x.x.x.x
      add service Sorry-Server-2
      port 8000
      protocol tcp
      active
  Is there a better way to do this?
  Best regards,
  Harry

• CSS Sorry server requirements

  Folks,
  The documentation says that the sorry server concept will only work if the loadbalancing is done at layer 7. My question is why, why can't i see the sorry server redirect if all services are down when doing load balancing at Layer 3 or Layer 4?

  Hi,
  Can you point me to those docs. I believe sorry server should work regardless of which layer is the content rule configured to check.
  Actually this doc's example is layer 3:
  http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a0080093de8.shtml
  I will build a working config at layer 3 for you soon.

• Apache or Windows server for HTTP streaming

  Does is matter what HTTP server I use?
  In the process of upgrading from FMS 3.0 on Windows using IIS 5 to FMS 4.0. Will dynamic HTTP Streaming work from a Windows server?

  Hi,
  Thanks for your interest in HDS.
  HTTP Dynamic Streaming only works with Apache web server. The basic Apache web server is already bundled along with FMS from the 4.0 versions where the HTTP Dynamic streaming modules are loaded by default. Alternatively, any external apache installation also can be used, by copying the required module files and changing the configuration apache files to enable them..

• CSS Sorry Server subdirectory

  Is it possible to define a sorry service with a specific url without service type redirect ?
  I want to specify the url location of the sorry service page.
  Thanks

  you will need a redirect if you want to change the original request from the client.
  Or, if your sorryserver is configured to display the same page, whatever the client request, then you do not need the redirect.
  You just need a normal service.
  Regards,
  Gilles.

• Https serverfarm with http sorry server

  Hello all,
    I am having difficulty configuring a sorry server for an existing https serverfarm.  The sorry (backup) server is failing all connections and I think it's because I can not determine a way to differentiate ssl connections for the production serverfarm and non-ssl connections for the sorry server.  Here is the load balance policy:
    policy-map type loadbalance http first-match WWW-HTTPS-LBP
    class class-default
      serverfarm WWW-HTTPS backup WWW-OUTAGE
      action https-rewrite
      ssl-proxy client CLIENT-SSL-PROXY
    The WWW-HTTPS serverfarm is comprised of HTTPS real servers, hence the necessity of the ssl-proxy client; however, when the WWW-HTTPS serverfarm is offline, the ssl-proxy can't connect to the WWW-OUTAGE serverfarm as the real server in that farm is HTTP only.
    Has anyone run into this scenario before?

  The ssl-proxy client forces the connection on the backend (to the real server to be https).
  You should instead create a redirect serverfarm and use it to redirect the user to an http vserver where you can use your http serverfarm without the ssl-proxy client.
  Gilles.

• Specific logon Group for Http logins

  Hi
  I just wondering whether we can have Logon group in SMLG specifically for http logins to use only 3 app server out of 6.
  In my case,we have given one of the app server in the Iviews so all http logins goes to it, But as I see this server is idle most of the times and my other app servers are overloading and hanging sometimes so to allow GUI users on this and distribute http logins to use only 3 servers.
  And If I use the generic load balancing then all the request would come to Central instance and then go to app server,which I don't want because I restricted any users login to central instance .so What I am looking is, to distribute Http logins to 3 app servers only .
  Can this be acheived???
  Any ideas are welcome.
  Thanks

  Hello,
  you can create a logon group in SMLG with those 3 application servers, then set the flag ""Ext. RFC-enabled" in SMLG.
  If you use the Message server for Http load balancing you should activate the services sap/public/icf_info/logon_groups and sap/public/icf_info/urlprefix  in SICF transaction.
  You could as well assign specific logon groups to url's in transaction SICF.
  There are some restrictions when using the message server for Http load balancing (depending of your scenario), see SAP  Note 1040325. That's the reason is recommended to use SAP Webdispatcher
  http://help.sap.com/saphelp_nw04/helpdata/EN/de/89023c59698908e10000000a11402f/frameset.htm
  Kind regards,
  Mercedes

• CSS and a Sorry Server

  I have been trying to get my CSS 11506 to redirct to a Sorry Server when our content servers go offline. We thought that we had it working, but after some downtime it turned out that our configuration did not work.
  After extensive reading I can't figure out what is wrong with my config, or if the problem lies else where. I am attaching my config below, can anyone tell me if they see any problems with what I have or if there is something that I need to do in addition to what I have. Thank you for you help, here is the config:
  *************************** GLOBAL ***************************
  no restrict web-mgmt
  no restrict xml
  bypass persistence disable
  snmp community ******read-write
  snmp name "******"
  snmp contact "*******r"
  snmp location "CSS11056"
  snmp trap-host 10.20.1.4 ******
  dns primary 10.20.1.2
  ftp-record ******10.20.1.17 *** des-password
  ibfebcgg6aheuc4h1hfcqhpcubwdxcjb cssgui
  ip route 0.0.0.0 0.0.0.0 10.20.1.1 1 !
  *************************INTERFACE*************************
  interface 1/1
  phy 1Gbits-FD-sym !
  **************************CIRCUIT**************************
  circuit VLAN1
  router-discovery lifetime 1000
  ip address 10.20.1.4 255.255.255.0
  router-discovery
  **************************SERVICE**************************
  service Blade01
  ip address 10.20.1.60
  active
  service Blade02
  ip address 10.20.1.61
  active
  service Blade03
  ip address 10.20.1.62
  active
  service Blade04
  ip address 10.20.1.63
  active
  service sorry
  ip address 10.20.1.41
  active
  !*************************** OWNER***************************
  owner ***
  email-address ******
  content Content1
  vip address 10.20.1.80
  balance aca
  add service Blade01
  add service Blade02
  no persistent
  primarySorryServer sorry
  active
  content Content2
  vip address 10.20.1.81
  add service Blade03
  add service Blade04
  balance aca
  active
  !*************************** GROUP***************************
  group content1nat
  vip address 10.20.1.80
  add destination service Blade01
  add destination service Blade02
  add destination service sorry
  group content2nat
  add destination service Blade03
  add destination service Blade04
  vip address 10.20.1.81
  !**************************** ACL ****************************
  acl 10
  clause 5 permit any 10.20.1.60 destination content ****
  sourcegroup ****
  clause 6 permit any 10.20.1.61 destination content ICC/flippid
  sourcegroup Content1
  clause 99 permit any any destination any
  clause 2 permit any 10.0.0.0 destination content ****
  sourcegroup ****
  apply circuit-(VLAN1)
  clause 7 permit any 10.20.1.41 destination content ****
  sourcegroup Content1

  One problem I can see is that you don't have any keepalives configured under the services, so they will default to a Ping. As long as they respond to ping, it will keep traffic going to those servers.
  What services run on these Servers? We generally recommend you use as higher layer keepalive as possible, so if it is a web server for example, use a HTTP keepalive.
  Have a look here for more info:
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/content_lb/guide/KAL.html

• CSS 11051: Sorry Server receives request although the normal server is up

  Hello,
  my customer has configured a sorry for his server. If the normal server is down the Sorry Server receives the requests. That works fine. But if the normal server comes back the Sorry Server still receives some requests( 2 hours and more). Has anybody an idea what might be the reason for that ?
  regards
  Dietrich Schleyer
  content webserver
  add service server12
  vip address 10.40.52.20
  primarySorryServer server13
  protocol tcp
  port 80
  url "/*"
  no persistent
  active
  service server12
  ip address 10.40.52.12
  port 80
  protocol tcp
  keepalive type named applicationwww01
  active
  service server13
  ip address 10.40.52.13
  protocol tcp
  port 80
  keepalive type named applicationwww02
  active
  keepalive applicationwww01
  ip address 10.40.52.12
  port 80
  type http non-persistent
  uri "/test.html"
  frequency 10
  method get
  active
  keepalive applicationwww02
  ip address 10.40.52.13
  port 80
  uri "/test.html"
  frequency 10
  method get
  type http non-persistent
  active

  According to: http://www.cisco.com/warp/public/117/css_sorry_server.html “After the CSS 11000 directs requests to a primary sorry server, the switch will continue to use the primary sorry server even when the original server becomes functional. To force the connection back to the original server, you must suspend the primary sorry server or wait until the connection is dropped or times out. When a new session is initiated by the CSS 11000, the connection should go back to the original server.”

• CSS Load balancing for Exchange Server

  Hi,
  I have CSS configured in single arm and I have multiple servers configured for load balancing and it is working fine but when I am configuring Exchange server for load balancing I am facing problem and applications and printer/scanners are not able to send the email through the Virtual IP address configured for exchaneg server.
  But if we configured the real server IP in the printer/scanners they are able to send the email. While checking the logs on the exchange server, it is showing that request for the email so coming from the Exchange VIP configured in the CSS.
  I can telnet on port 25 on the VIP address (192.168.200.237). But unable to send the email through this VIP.
  Below is the configuration
  service ENOC_EXCHANGE-1
    ip address 192.168.200.235
    active
  service ENOC_EXCHANGE-2
    ip address 192.168.200.236
    active
  content EXCHANGE
      add service ENOC_EXCHANGE-2
      add service ENOC_EXCHANGE-1
      vip address 192.168.200.237
      active
  group EXCHANGE
    add destination service ENOC_EXCHANGE-1
    add destination service ENOC_EXCHANGE-2
    vip address 192.168.200.237
    active
  DC-CSS01# show rule GIT EXCHANGE
  Name:                EXCHANGE   Owner:                ENOC_GIT
  State:                 Active   Type:                     HTTP
  Balance:          Round Robin   Failover:                  N/A
  Persistence:          Enabled   Param-Bypass:         Disabled
  Session Redundancy:  Disabled
  IP Redundancy:    Not Redundant
  L3:         192.168.200.237
  L4:         Any/Any
  Url:       
  Redirect: ""
  TCP RST client if service unreachable: Disabled
  Rule Services & Weights:
  1: EXCHANGE-1-Alive, S-1
  2: EXCHANGE-2-Down, S-1
  =============================================================================
  Please let me know how to solve this problem. System team is saying with the physical IP address it is working fine problem with Load balancing. I have even tried with the
  Add service command in the group but didnt work for me. If i will remove the group command then I cant telnet on port 25.
  I think this is related to single arm modle or some wrong configuration for the NAT.
  Kindly assist me

  Hi
  Printers are on Vlan 80 ( gw is 192.168.80.1) and exange server is on vlan 200 (gw is 192.168.200.1) i have multiple vlan which will communcate with exchange.
  I hv other servers on 200 subnet which are working fine in load balancing.
  My CSS is single arm setup.
  Please assist
  Sent from Cisco Technical Support iPhone App

• Sorry Server Config for 11503

  I have added a service for the sorr server and I have added the name of the server SorryServer1 to the content rule. However when I suspend the content rule I get a Page Not diplayed instead of the redirect to the Sorry Server.
  The config has mulitple Content rules, I am currently only testing on one.
  Thanks

  Hi,
  if you suspend the whole content rule the sorry server can not do it's action as the rule is "down" you need do suspend all services except the sorry server.
  Kind Regards,
  Joerg
  PS
  For a HowTo and recommendations refer to http://www.cisco.com/en/US/partner/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00801579f2.html#1038009

• How the balance works for http/https in CSS?

  I want to understand how the balance works for http/https in the CSS.
  As per doc,
  - http/1.0=single URL per TCP connection
  - http/1.1=persistent connection.
  Q1. my understanding is http is stateless connection so needs TCP session for each URL. how the http/1.1 works with persistent. keep the same TCP session for a multiple URL request?
  Q2. https is using single URL and continue processing until terminate the https instead of open another URL in the middle of transaction. in this case, I think the client can stick into same service based on the assumption the CSS support persistent. if then, no advanced sticky(ex, srcip) required?
  Q3. looks below both are analogy. what's difference between them?
  - balance srcip(same src IP to the same service)
  - advanced-balance sticky-srcip
  Q4. what's balance decision mechanism for "balance roundrobin" to distribute evenly? ex, in case of multiple URL request coming from same client. evenly distribute URLs?
  Regards,

  Hello,
  first let me clarify 1 point.
  HTTP/HTTPS are standards that are defined in RFC.
  For HTTP/1.1 you can check the following RFC
  http://www.faqs.org/rfcs/rfc2616.html
  Therefore, the behavior of HTTP 1.1 is not defined by the CSS.
  Q1- HTTP/1.1 simply keeps 1 TCP connection to send a received mutiplie HTTP request/response.
  HTTP/1.0 will open 1 TCP connection for every HTTP request.
  Q2- HTTPS is just HTTP over SSL.
  So basically the same rule as above applies.
  HTTP/1.1 can use 1 SSL connection for many HTTP request/response while HTTP/1.0 will use 1 SSL connection for each HTTP request.
  Therefore, if you have customer using HTTP/1.0 you need some form of stickyness to guarantee that every connections will go to the same server.
  Even if only using HTTP/1.1 you may need stickyness.
  A user could disconnect and reconnect and require to be loadbalanced to the same server as before.
  Q3- There is a big different between balance srcip and sticky-srcip.
  The balance srcip simply hash the source ip address to find the destination server.
  The problem of this method is that the loadbalancing is not guarantee to be evenly distributed between the servers.
  With sticky-srcip, you use a normal balance method like round-robin, and then you create a sticky entry in a sticky table.
  Next time this user comes back we first check the sticky entry to find the destination server.
  The advantage is that it guarantess your users will be evenly distributed among the server.
  Q4- roundrobin is applied to connection - not url [by default].
  So if you have 2 users and they both open 1 connection, the CSS will send 1 connection to 2 different servers.
  So each server has 1 connection.
  If one user sens 10 URL and the other 1 sends only 1, one server will have 10 url to process while the other only one.
  That's if you are using HTTP/1.1 and use persistent mode on the CSS.
  You can break persistency and split the url.
  I run out of space and time to explain you everything.
  I suggest you go read the RFC or a book on HTTP.
  Also read the CSS configuration guide.
  There is much more you need to know if you want to take full advantage of the CSS like cookie, ssl offloading, L7 rules vs L3/4 rules, ...
  Regards,
  Gilles.

• Using a Single HTTP Server for Multiple APEX Instances

  Our company's DBA Manager has asked if it would be possible to externalize the HTTP server portion of APEX from the DB Servers. In other words, he would strongly prefer that the DB Servers *only* run Oracle Database software.
  We know that we can install the HTTP server on another box but, in thinking about how to do this, we were wondering if it is really necessary to create a separate HTTP server installation for each APEX instance. What we'd really like to do is have one HTTP server for all our our Dev boxes and several (but, not one to one) for each of our upper environments; staging, qa, prod, etc.
  Right now, each instance have a single dads.conf file on each DB box. So, if we we're to attempt to consolidate them, we'd need some way to embed multiple dads files and to associate each instance with the correct one.
  Has anyone ever done this or (preferably) have some examples?
  Thanks,
  -Joe

  Joe,
  I don´t know a specific reference for it, I remembered it because when I was looking the documentation on the site, I saw the reference "Support for multiple database connections" in the URL: APEX Listener New Features 2.0</title><meta name="Title" content="APEX Listener New Features 2.0…
  I´ve tried to use APEX listener some time ago, but in a earlier version together with glassfish. So, since for me was only one database, I created the necessary amount of DAD´s on my database, each one for a specific port.
  Check the link and you´ll see the same information I saw.
  Thanks.
  José Valdézio
  "Neo, everything that Oracle told me, became true, except extinguish bugs in a first release."

• Companion CDs for 64-bit Oracle HTTP Server for AIX5L(64 bit) required.

  I need Companion CDs for 64 bit Oracle HTTP Server for AIX5L(64 bit).
  I tried to install using
  as_ibm_aix_companion_101300_disk1.cpio & as_ibm_aix_companion_101300_disk2.cpio
  but when i checked the files present in <Oracle_Home>/ohs/lib , they are of 32-bit.
  Also i tried with Oracle 10.1.2.0.2 but still the server is installed as 32-bit.
  Is 64-bit Oracle HTTP Server supported on AIX5L(64 bit) ?
  If yes, then from where can i download the CDs?
  Any suggestions will be appreciated.

  Greetings,
  Try this link:
  http://www.oracle.com/technology/software/products/database/oracle10g/htdocs/10201aixsoft.html
  Regards,
  Bill Chadbourne