EP6.0 SP15 SSL Accelerator card setup

Hi
SAP support the use of SSL Accelerator cards as per OSS Note 686293.  However, I can find no details on the configuration of how to set them up for the use with the SAP web server used in the SAP Portal.  The products appear to provide support out of the box for mainstream we servers (MS IIS, Apache etc) but don't indicate how they need to be configured to be used with SAP.
Can anyone assist?  They're Cavium SSL Accelerator cards.
Regards
David

Just got the bad news from SAP Support.
Although the note indicates that EP6.0 supports the use of hw SSL accelerator cards - the note itself is "misleading".  The SSL Provider is part of the SAP sw shipment and there is no SAP ICC partner interface to certify the integration of SSL accelerators.  The only SAP solution for EP6.0 at this time is to use them in a SSL Reverse Proxy infont of the portal solution to offload the overhead of SSL before it hits the portal.  The reason I'm not using Webdispatcher is that I'm also trying to fulfill a requirement for standalone ITS on these same servers. Needless to say there are no dates set for when SSL Accelerator cards can be used with Netweaver stack DIRECTLY!!.
SAP support message below for completeness (from SAP AG Developement Manager so can be taken as gospel) - hope it saves someone else time if thinking of going down this route.   <u>Please post reward points if you have found this information useful!</u>
SAP Note 686293 is misleading. All releases of EP 6.0 do not support
SSL hardware accelerators.
The SSL provider is part of the SAP shipment and there is no SAP ICC
partner interface to certify the integration of SSL accelerators.
If you realy require SSL hardware accelerators you should use a
standalone solution (SSL reverse proxy) to terminate the SSL connection
in front of the EP system.
Regards
David Irwin

Similar Messages

  • Support of SSL acceleration card

    Hi all,
    Does weblogic support hardware card to accelerate SSL encryption without
    using
    a web server such as IIS or NES?
    Thanks for help,
    Cedric

    Look at http://www.internetweek.com/reviews00/rev111300.htm for a just-out
    review of what accelerators are out there. Some of them are separate
    appliances that decrypt the SSL traffic and forward it as clear text to the
    Weblogic. It may or may not be what you look for, though, but the review
    itself is worth reading.
    "Cedric Rochet" <[email protected]> wrote in message
    news:[email protected]..
    Hi all,
    Does weblogic support hardware card to accelerate SSL encryption without
    using
    a web server such as IIS or NES?
    Thanks for help,
    Cedric

  • SSL Acceleration between iPlanet and WLS

    I was wondering if anybody has successfully deployed a SSL accelerator card for SSL acceleration between iPlanet and WLS?

    This is a feature in the latest release, WebLogic Server 6.1.0
              <http://e-docs.bea.com/wls/docs61/////adminguide/nsapi.html#101168>. It is
              not available for WebLogic Server 5.1.0.
              Regards,
              -- Ian
              "Abhinandan" <[email protected]> wrote in message
              news:3ba5dfa9$[email protected]..
              > Can i get SSL communication between iPlanet and Weblogic 5.1? if yes then
              how??
              

  • What SSL accelerator and load-balancer does anyone recommend?

    Hi:
    I wanted to find out:
    Does anyone recommend SSL accelerator cards/boards or SSL accelerator appliances?
    What SSL accelerator and load balancer does aynone recommend to help 9iAS?

    Ana_Alm wrote:
    Hi there!
    I just downloaded and installed OS X Lion, and I'm loving it so far.
    However, I've seen that Mountain Lion will have some new features when it comes to social apps (what I call the ones that combine twitter, facebook, rss readers and so on).
    So, does anyone knows any cools apps for that? I'm currently using Socialite, that combines all those three, but it has a few issues I don't particularly like. Plus, I'm using Adium for a msn client. I'm also thinking about downloading that beta version of "Messages" that will be realeased on Mountain Lion.
    So, what do you think? Give me your ideas
    Thanks a lot in advance!
    As Mountain Lion has not been released to the public yet, then most of us have no idea which companies have updated the development of their Apps for  ML. It is in Development phase so any App you try is at your own risk.
    Good Luck
    Pete

  • Mod_ssl and accelerator cards

    As anyone configured mod_ssl to work with accelerator cards?
    We are using 9iAS on Sun Solaris and wish to use an accelrator
    card for SSL key manipulation.
    A question for Oracle, if we replace the provided mod_ssl binary
    with one we have compiled from the source available on the web
    whatis the effect on Oracle support?
    Regards
    Mike Bray

    Hi ibosie,
       I'm not sure exactly what you're asking but I don't think there's a required reference to anything you've mentioned. I keep my certs in my /System/Library/OpenSSL/certs directory but that's a matter of choice. As far as I know, all that matters is what file you provide as values of the SSLCertificateFile and SSLCertificateKeyFile properties in the VirtualHost block used to define your secure website in the httpd.conf file. (or file included from the httpd.conf file) Traditionally the SSLCertificateFile value points to a server.crt file and the SSLCertificateKeyFile value points to a server.key file.
       I don't what they're talking about in the security advise. The only file you have to protect is your private key; the rest you share freely. The private key should be in a directory owned by and readable only by root. However, that still has to be on the server.
       At least that's the way apache works traditionally. Maybe there's some way to keep the private key in a keychain. That would naturally be preferable; I just don't how to do it. Apple's web page, Creating Secure Transactions on Mac OS X server Using SSL, puts the key in a keychain but still uses a file for the web server.
    Gary
    ~~~~
       Q:   What's the difference betweeen USL and the Graf Zeppelin?
       A:   The Graf Zeppelin represented cutting edge technology for its time.

  • SSL Accelerated Services

    Hi All,
    I'm about to create the first SSL accelerated services for my customer and need to confirm a design point in advance of my deployment window.
    I have one *.xyz.com wildcard domain and server port and 2 certificates.  One of the certs is for an interim environment and the other for the main environment which is not yet live.  Can I associate both certificates to the same wildcard domain & port?  I'd ideally like to do this to allow for a seamless transition between the two environments or do I need to delete the interim cert and install the main one on the transition date?
    Thanks
    Claire

    I dont think you can associate both certificates to the same wild card domain & port. You can use one at a time.

  • WAAS statistics for SSL accelerated services

      Hi all,
    the customer has configured two SSL accelerated services on the core WAVEs. He would like to monitor both these services separatelly. He uses SSL accelerated report, but there is summary statistics from both services. Is possible to create an application per SSL service for the collection statistics? For example: when I will have two SSL accelerated services ssl1 and ssl2, is possible to monitor statistics for ssl1 and monitor statistics for ssl2?
    Thank you
    Roman

    I dont think you can associate both certificates to the same wild card domain & port. You can use one at a time.

  • Fine details of SSL Acceleration

    Hello all,
    I'm looking for someone to explain (or send a link) of the minute
    details of how a SSL Acceleration appliance works.
    Specifically I'm very curious about when the SSL handshake between the
    user and the appliance is done, how does the SSL accelerator pull
    secure pages that AREN'T encryted from the web-server.
    Also very interested in how the accelerator passes on IP information
    of the client to the web server for logging purposes.
    Thanks in advance!
    Kipp B.

    Look at http://www.internetweek.com/reviews00/rev111300.htm for a just-out
    review of what accelerators are out there. Some of them are separate
    appliances that decrypt the SSL traffic and forward it as clear text to the
    Weblogic. It may or may not be what you look for, though, but the review
    itself is worth reading.
    "Cedric Rochet" <[email protected]> wrote in message
    news:[email protected]..
    Hi all,
    Does weblogic support hardware card to accelerate SSL encryption without
    using
    a web server such as IIS or NES?
    Thanks for help,
    Cedric

  • How do I use an SSL Accelerator with iWS 6?

    I have an application that uses iWS 6 sp2 and iAS 6 sp4. The web server exposes a https port. I can get this port to work fine with a certificate requested against the internal module. When I use the module supplied by the SSL accelerator (Sun Crypto Accelerator 1) I can install and view a certificate, but I cannot start the web server. I get the following error in my logs:
    [18/Mar/2002:15:57:17] failure ( 2820): Invalid configuration: File /usr/local/iplanet/servers/https-www.exsel.org.uk/config/server.xml, line 22, column 390: SEC_ERROR_BAD_DER - Certificate is improperly DER encoded : unable to find certificate Server-Cert
    I can see a certificate by this name in the cerfticate database for the additional module. I can view it and it looks good (I'm generating my own certificates at the moment - so I know that the internal and external certificates were generated in the same way).
    Has anyone any experience of using this combination of things?

    I think you are getting your certificates crossed up some how. "Server-Cert" is normally the name of the internal certificate. See what the name of the one installed on your accelerator is and change the name in server.xml to match that. Be sure to backup up all your files first!

  • Can i expand the processor of mac pro w/ an acceleration card?

    Can i expand the processor of mac pro w/ an acceleration card?
    If yes, what is compatible w' mac pro (2007) duo dual core?
    Thanks

    Are you certain your work is compute-bound?
    Insufficient RAM memory or too much competition for too few drives causes a system to have unused processor power, but complete the work too slowly.

  • MULTIPLE LISTENER의 LOAD BALANCING 및 2개의 NETWORK CARD 사용 시 SETUP

    제품 : SQL*NET
    작성날짜 : 1997-11-24
    MULTIPLE LISTENER의 LOAD BALANCING 및 2개의 NETWORK CARD 사용 시 SETUP
    =====================================================================
    Oracle V7.3의 SQL*Net 2.3의 새로운 기능으로 여러 개의 Listener를 띄우면서
    상호 Load Balancing을 유지하는 기능을 소개하고자 한다.
    Load Balancing 기능을 이용하여 각각의 Listener와 Oracle Instance 간의
    Overloading을 줄일 수 있다.
    다음의 예는 하나의 장비 내에 2개의 Network Card가 있을 경우에 대해 setup을
    하는 방법이며 만일 하나의 Network Card가 있을 경우는 Host는 하나만 지정
    하면 된다.
    1. init<SID>.ora file을 지정할 Parameter
    MTS_MULTIPLE_LISTENERS=TRUE
    COMPATIBLE=7.3.2.0
    2. 예를 들어 Listener를 2개 사용하는 경우라면 initSID.ora에
    mts_dispatchers="tcp,10"
    mts_max_dispatchers=20
    mts_servers=20
    mts_max_servers=40
    mts_service=ORA73
    mts_listener_address="(address_list=
    (address=(protocol=tcp)(port=1621)(host=152.69.30.100))
    mts_listener_address="(address_list=
    (address=(protocol=tcp)(port=1622)(host=152.69.30.100))
    mts_listener_address="(address_list=
    (address=(protocol=tcp)(port=1623)(host=152.69.30.102))
    mts_listener_address="(address_list=
    (address=(protocol=tcp)(port=1624)(host=152.69.30.102))
    3. listener.ora file에 설정되는 내용은
    LISTENER1 =
    (ADDRESS_LIST =
    (ADDRESS =
    (PROTOCOL = tcp)
    (HOST = 152.69.30.100)
    (PORT=1621)
    (ADDRESS =
    (PROTOCOL = tcp)
    (HOST = 152.69.30.100)
    (PORT=1622)
    LISTENER2 =
    (ADDRESS_LIST =
    (ADDRESS =
    (PROTOCOL = tcp)
    (HOST = 152.69.30.102)
    (PORT=1623)
    (ADDRESS =
    (PROTOCOL = tcp)
    (HOST = 152.69.30.102)
    (PORT=1624)
    SID_LIST_LISTENER1 =
    (SID_LIST =
    (SID_DESC =
    (SID_NAME = ORA73)
    (ORACLE_HOME=/oracle2/ora73/app/oracle/product/7.3.2)
    SID_LIST_LISTENER2 =
    (SID_LIST =
    (SID_DESC =
    (SID_NAME = ORA73)
    (ORACLE_HOME=/oracle2/ora73/app/oracle/product/7.3.2)
    STARTUP_WAIT_TIME_LISTENER1 = 0
    STARTUP_WAIT_TIME_LISTENER2 = 0
    CONNECT_TIMEOUT_LISTENER1 = 0
    CONNECT_TIMEOUT_LISTENER2 = 0
    4. tnsnames.ora file에 설정되는 내용들
    * 다수의 port에 Random하게 접속하는 경우
    RANDOM =
    (DESCRIPTION_LIST =
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS =
    (PROTOCOL = TCP)
    (Host = 152.69.30.100)
    (Port = 1621)
    (CONNECT_DATA =
    (SID = ORA73)
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS =
    (PROTOCOL = TCP)
    (Host = 152.69.30.100)
    (Port = 1622)
    (CONNECT_DATA =
    (SID = ORA73)
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS =
    (PROTOCOL = TCP)
    (Host = 152.69.30.102)
    (Port = 1623)
    (CONNECT_DATA =
    (SID = ORA73)
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS =
    (PROTOCOL = TCP)
    (Host = 152.69.30.102)
    (Port = 1624)
    (CONNECT_DATA =
    (SID = ORA73)
    * 개개의 Port로 접속하는 경우
    TORA1 =
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS =
    (PROTOCOL = TCP)
    (Host =krrcsun)
    (Port = 1621)
    (CONNECT_DATA =
    (SID = ORA73)
    TORA2 =
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS =
    (PROTOCOL = TCP)
    (Host =krrcsun)
    (Port = 1622)
    (CONNECT_DATA =
    (SID = ORA73)
    TORA3 =
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS =
    (PROTOCOL = TCP)
    (Host =krrcsun)
    (Port = 1623)
    (CONNECT_DATA =
    (SID = ORA73)
    TORA4 =
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS =
    (PROTOCOL = TCP)
    (Host =krrcsun)
    (Port = 1624)
    (CONNECT_DATA =
    (SID = ORA73)
    5. 각각의 Listener를 띄우는 방법
    $ lsnrctl start LISTENER1
    $ lsnrctl start LISTENER2

  • Smart Card setup in 10.6.4

    Hello,
    I am working on an iMac running 10.6.4. I am trying to get a smartcard (Athena ASEKey USB Token) to be recognized by the system. Note: this smartcard is not for local system authentication. It is for authentication through a remote desktop connection to a Windows terminal server. I was able to get it working in 10.5.x without too much difficulty. The procedure for getting it working in 10.5.x was as follows:
    1. Modify /etc/authorization as specified in the Apple Smart Card Setup Guide.
    (This is available at Http://images.apple.com/server/macosx/docs/SmartCard_SetupGuide.pdf)
    2. Compile driver with Xcode
    3. Copy driver to /usr/libexec/SmartCardServices/drivers/
    4. Compile rdesktop 1.6.0 with smart card support
    I'm not sure what has changed in 10.6.x to cause this not to work. It appears as though the device is recognized as it appears in the System Profiler under USB when it is plugged in. Any insight will be greatly appreciated. Thank you!
    Message was edited by: NetAdmins

    I'm trying to make work my Smart Card either. I've looking around the web and seems a matter of luck - you have a combination system-hardware that works or not. People download drivers, installers, library stuff and the card remains away from here. Most of cases is only to access home banking, almost all require smart cards or you only can see, but not to touch.
    My VASCO DP905 is listed in USB devices at system profile. I'd install SCA packages from opensc as manufacturer says, but both browsers Safari and FireFox says Applet SmartCardX notinitiated (or notloaded in FF).
    In FireFox you can install the device "by hand", but still won't work. In Safari I don't know how to manage this kind stuff.
    It's amazing how hard is to make work such simple device, don't you think?

  • Can you help with Tiger Issues with sonnet accelerator card

    I am working on a G4 Quicksilver with a sonnet 1200/2M accelerator card. The system will not do software updates any more and Safari beachballs when your move from the start page to another URL. I have tried to install the original software but it refuses to complete the process. It begins to verify the disk then stops and says to try again.
    Any ideas?
    G4 Quicksilver   Mac OS X (10.4.4)  

    Hi justyouraveragemacguy;
    One of the other things I discovered about Norton Utilities before I gave them up for good was the fact that it is capable of making changes to your disk without even letting you know that it is going to do it. Once it had done that to the four disks on my system, they were so corrupt that I couldn't do anything with them at all.
    I called Symantec and verified that I had the correct version for the version of operating system I was running. Once that had been established they instructed me to get rid of all the disks because they were bad.
    Not being able to accept that all four disk would go bad in exactly the same way at the same time, I started reading about Norton Utilities here at this forum. It was suggested that I use DiskWarrior to repair the damage Norton had done. It took DW well over a day to repair my disks but it was able to return the disks to service, one of which I am still using to this day.
    Allan
    If you are interested in donating your spare CPU cycles to science, please try
    http://teammacosx.homeunix.com/index.html

  • HWIC wireless card setup and errors

    Hello all, I have a wireless card setup on my 1841 router and I am trying to get it to work with computer connected to it. I can connect fine and it routed to the internet and all of that, but the problem is that it keeps pushing out this error,
    "*Jan 16 04:53:39.402: *** Not encrypted dot1x packet from 0016.6f65.b176 has been discarded"
    Then after a few of those, the station gets removed from the wireless connection. Not sure where to go from here, I have WPA-psk setup on the router, the config for the interface looks like this...
    interface Dot11Radio0/1/0
    ip address 10.0.5.250 255.255.255.0
    ip helper-address 10.0.0.1
    ip nat inside
    ip virtual-reassembly
    encryption key 3 size 128bit ******** transmit-key
    encryption mode ciphers tkip wep128
    ssid ******
    max-associations 20
    authentication open
    authentication network-eap *******
    authentication key-management wpa optional
    guest-mode
    wpa-psk ascii 0 ****
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
    54.0
    power local cck 13
    station-role root
    Not sure what I am doing wrong here, can anyone help me please! Thanks,
    Kent

    Boy I hate to sound too desperate but please can someone help me here? I have no clue what to do next, any idea's suggestions anything! Or some input telling me I am not the only guy having this issue? something please?

  • SSL Accelerated Service and device groups

    I have a need to set up SSL accelerated services on a data center WAE and one edge WAE. In reading through the Cisco Wide Area Application Services SSL Application Optimiser Deployment Guide (2010), it states that best practice is to create an SSL device group and configure the SSL service and generate the keys through that group.
    Simple question:  Should only the data center WAE be placed in that group, or should also the edge WAE be in the group?  The devices are running 4.3.3.

    Only the data center wae's need to be placed in the SSL device group.
    Regards
    -Smita

Maybe you are looking for

  • Cannot see the system in sld

    Hi I just installed Web AS 7.0 and EP7.0 (NW2004s). The SLD is located in another system. While installing I choose the option <b>'conntect to the existing SDL'</b> but now after the installation I do not see the system I just installed in the SLD. A

  • Will notifications and messages pop up if iphone is on lost mode?

    My iphone was stolen and to protect my identity and everyone else I need to know if notifications, messeages, facebook messages etc... show up on the main screen if iphone is in lost mode?

  • Broadcasting empty work books

    Hello! I am using the Information Broadcasting services in SAP BI. Iu2019m sending a precalculation work books to the users. But Iu2019ve some trouble. The system is sending books if they also empty. For example DSO has 2 bus areas but Iu2019ve 3 tra

  • I can't access to my apple ID link in my iPad. How can I fix this?

    I can´t access to my apple ID link on my iPad. The link that appears at the top of the screen when you go into Settings - iTunes & App Stores. I want to change my Apple ID but I´m unable to access this link. I can´t access neither from the itunes sto

  • Ken Burns effect on imported iphoto photos

    Using iMovie 6 updated, when applying KB effect to iPhoto photos imported to either clip board or timeline, the photo renders to black on the timeline. I can import photos if I don't apply KB effect. What do I do? Go back to an earlier edition of iMo