Sun Microsystems 4000 manual

Page 1

Sun™ Crypto Accelerator 4000 Board Installation and User’s Guide

Sun Microsystems, Inc.

4150 Network Circle

Santa Clara, CA 95054 U.S.A. 650-960-1300

Part No. 817-0431-10

May 2003, Revision A

Send comments about this document to: docfeedback@sun.com

Page 1 Page 2
Image 1
Page 1 Page 2
Contents Page Please Recycle Product Family Name Sun Crypto Accelerator 4000 Fiber X4012A European UnionEN 609502000, 3rd Edition IEC 609502000, 3rd Edition Supplementary InformationSafety Page FCC Class a Notice Regulatory Compliance StatementsFCC Class B Notice ICES-003 Class B Notice Avis NMB-003, Classe B ICES-003 Class a Notice Avis NMB-003, Classe aBsmi Class a Notice Page Contents Configuring Driver Parameters Installing the Sun Crypto Accelerator 4000 BoardContents Page Contents Diagnostics and Troubleshooting 119 134 SpecificationsThird Party License Terms Manual Pages Zeroizing the Hardware Frequently Asked QuestionsTables 108 106123 137144 141145 146Page How This Book Is Organized PrefaceSolaris Hardware Platform Guide Using Unix CommandsShell Prompts Typographic ConventionsSun Welcomes Your Comments Accessing Sun Documentation OnlineKey Protocols and Interfaces Product FeaturesSupported Applications Key FeaturesSupported Cryptographic Protocols Cryptographic Algorithm Acceleration Diagnostic SupportSupported Cryptographic Algorithms 1IPsec Cryptographic Algorithms3Supported SSL Algorithms Bulk Encryption# touch /etc/opt/SUNWconn/cryptov2/sslreg # rm /etc/opt/SUNWconn/cryptov2/sslregIPsec Hardware Acceleration Hardware OverviewLED Displays Sun Crypto Accelerator 4000 MMF Adapter4Front Panel Display LEDs for the MMF Adapter 2Sun Crypto Accelerator 4000 UTP Adapter Sun Crypto Accelerator 4000 UTP Adapter5Front Panel Display LEDs for the UTP Adapter Load Sharing Dynamic Reconfiguration and High AvailabilityRequired Patches Hardware and Software RequirementsApache Web Server Patch 6Hardware and Software RequirementsSolaris 9 Patches Solaris 8 PatchesThere are currently no required Solaris 9 patches Page Handling the Board Installing the Sun Crypto Accelerator 4000 BoardTo Install the Hardware Installing the BoardOk show-devs Ok cd /pci@8,600000/network@1 Ok .properties To Install the Software Installing the Sun Crypto Accelerator 4000 Software# mount -F hsfs -o ro /dev/dsk/c0t6d0s2 /cdrom 1Files in the /cdrom/cdrom0 Directory VCA AdministrationVCA Firmware Install the required software packages by typing Installing the Optional Packages# prtdiag # modinfo grep Crypto2Sun Crypto Accelerator 4000 Directories Directories and FilesEncrypted keys Apache configuration supportApplication executables Development Application Support librariesTo Remove the Software Removing the SoftwarePage Configuring Driver Parameters 1vca Driver Parameter, Status, and Descriptions Driver Parameter Values and DefinitionsAdvertised Link Parameters 2Operational Mode Parameters 3Read-Write Flow Control Keyword Descriptions Flow Control Parameters4Gigabit Forced Mode Parameter Gigabit Forced Mode ParameterInterpacket Gap Parameters 5Parameters Defining enable-ipg0and ipg0 Random Early Drop Parameters Interrupt Parameters7describes the receive interrupt blanking values 7RX Blanking Register for Alias ReadWhen Fifo threshold is greater than 6,144 bytes 9PCI Bus Interface Parameters PCI Bus Interface ParametersSetting Parameters Using the ndd Utility Setting vca Driver ParametersTo Specify Device Instances for the ndd Utility Use the instance number to select the deviceDevice remains selected until you change the selection Noninteractive and Interactive ModesTo modify a parameter value, use the -setoption # ndd -set /dev/vcaN parameter value# ndd /dev/vcaN Ndd utility then prompts you for the name of the parameter# ndd /dev/vca Setting Autonegotiation or Forced ModeSet the adv-autoneg-capparameter to To Disable Autonegotiation Mode# ndd -set /dev/vcaNadv-autoneg-cap To Set Driver Parameters Using a vca.conf File Setting Parameters Using the vca.conf FileRefer to the online manual pages for pathtoinst4 # grep vca /etc/driveraliases vca pci108e,3de810Device Path Name Following is an example vca.conf file Example vca.conf File11Local Link Network Device Parameters Ok boot netspeed=1000,duplex=half,link-clock=master Ok boot netspeed=100,duplex=halfOk boot netspeed=10 Ok boot netspeed=10,duplex=autoCryptographic Driver Statistics Refer to the Ieee 802.3 documentation for further details13describes the Ethernet driver statistics Ethernet Driver Statistics13Ethernet Driver Statistics 14TX and RX MAC Counters 14describes the transmit and receive MAC countersTx-underrun 16Read-Only vca Device Capabilities 15Current Ethernet Link Properties17describes the read-only link partner capabilities Reporting the Link Partner Capabilities17Read-Only Link Partner Capabilities Ethernet Transmit Counters 18Driver-Specific ParametersEthernet Receive Counters As superuser, type the kstat vcaN command To Check Link Partner Settings# kstat vcaN Configuring the Network Host Files Network ConfigurationLocate the correct vca interfaces and instance numbers Instance number in the previous example is# Internet host table Localhost Zardoz Loghost Zardoz-11 # cat /etc/hostsPage $ PATH=$PATH/opt/SUNWconn/bin $ export Path Using vcaadmModes of Operation Vcaadm command-line syntax is1shows the options for the vcaadm utility File Mode Single-Command Mode$ vcaadm -s secofficer create user webadmin $ vcaadm show userLogging In and Out With vcaadm Interactive Mode$ vcaadm -f deluser.scr -y Logging In to a New Board Logging In to a Board With vcaadm# vcaadm -h hostname Logging In to a Board With a Changed Remote Access KeyLogging Out of a Board With vcaadm Vcaadm prompt in Interactive mode is displayed as followsFollowing table describes the vcaadm prompt variables 2vcaadm Prompt Variable DefinitionsVcaadm connect host hostname dev vca2 3connect Command Optional ParametersWebadmin Entering Commands With vcaadmTom VcaadmvcaN@hostname, secofficer set ? Getting Help for CommandsQuitting the vcaadm Program in Interactive Mode Create a keystore name Refer to Naming Requirements on Select Fips 140-2 mode or non-FIPS modeVerify the configuration information Enter the path and password to the backup file Managing Keystores With vcaadm Password RequirementsNaming Requirements 5Password Requirement Settings Setting the Password RequirementsPopulating a Keystore With Security Officers Populating a Keystore With Users Listing Users and Security Officers Changing PasswordsEnabling or Disabling Users To enable an account, enter the enable user commandDeleting Security Officers Deleting UsersBacking Up the Master Key Locking the Keystore to Prevent Backups Managing Boards With vcaadm Setting the Auto-Logout TimeVcaadmvcaN@hostname, secofficer show status Board Status Displaying Board StatusLoading New Firmware Resetting a Sun Crypto Accelerator 4000 BoardKey Types Rekeying a Sun Crypto Accelerator 4000 BoardZeroizing a Sun Crypto Accelerator 4000 Board Using the vcaadm diagnostics CommandVcaadmvcaN@hostname, secofficer diagnostics Vcadiag command-line syntax isFollowing is an example of the -Doption 1shows the options for the vcadiag utilityFollowing is an example of the -Foption # vcadiag -D vca0Following is an example of the -Qoption Following is an example of the -KoptionFollowing is an example of the -Roption Following is an example of the -ZoptionPage Administering Security for Sun ONE Web Servers Concepts and Terminology Token Files Tokens and Token FilesEnabling and Disabling Bulk Encryption Following is an example of the contents in a token filePasswords Configuring Sun ONE Web Servers1Passwords Required for Sun ONE Web Servers Populating a Keystore Refer to Using vcaadm onTo Populate a Keystore Populate the board’s keystore with usersOverview for Enabling Sun ONE Web Servers Create a user with the create user commandExit vcaadm Installing Sun ONE Web Server Installing and Configuring Sun ONE Web ServerTo Install Sun ONE Web Server Response provides the URL for connecting to your servers Start the Sun ONE Web Server 4.1 Administration ServerTo Create a Trust Database Select OK# /opt/SUNWconn/bin/iplsslcfg Type 0 to quit To Generate a Server CertificateCreate Trust Database page is displayed Select the Cryptographic Module you want to use This password is the usernamepassword Table2Requestor Information Fields To Install the Server Certificate To Configure the Sun ONE Web Server Configuring Sun ONE Web Server 4.1 for SSLFill out the form to install your certificate 3Fields for the Certificate to InstallSet encryption to On Web server is now configured to run in secure modeUsr/iplanet/servers Create the trust database for the web server instance Start the Sun ONE Web Server 6.0 Administration Server# /usr/iplanet/servers/https-admserv/start # /opt/SUNWconn/crypto/bin/iplsslcfg To Generate a Server Certificate Create Trust Database window is displayed 4Requestor Information Fields To Install the Server Certificate 5Fields for the Certificate to Install Configuring Sun ONE Web Server 6.0 for SSLSelect the OK button to apply these changes Page 111 Create an httpd configuration file To Enable the Apache Web ServerEnabling the Board for Apache Web Servers Enabling Apache Web ServersCreate an RSA keypair for your system Select 1 to configure your Apache Web Server to use SSLChoose a base name for the key material Creating a CertificateProvide a key length between 512 and 2048 bits Create your PEM pass phraseTo Create a Certificate Modify the /etc/apache/httpd.conf file as directed Select 0 to quit when you finish with apsslcfg Start the Apache Web Server Copy your certificate request with the headers from# /usr/apache/bin/apachectl start SunVTS Diagnostic Software Diagnostics and TroubleshootingPage As superuser, start SunVTS To Perform vcatest# /opt/SUNWvts/bin/sunvts Page Test Parameter Options for vcatest Vcatest Command-Line Syntax2describes the vcatest subtests To Perform netlbtest To Perform nettest VcaN up inet ip-addressplumb Diagnostics and Troubleshooting # kstat Vca0 Using kstat to Determine Cryptographic ActivityPerforming the Ethernet FCode Self-Test Diagnostic Using the OpenBoot Prom FCode Self- TestOk setenv auto-boot? false Shut down the systemPerform the self-test using the test command Reset the systemOk reset-all Ok show-netsReset and reboot the system Set the auto-boot?configuration parameter to trueType the following If the test passes, you see the following messagesShow-devs Troubleshooting the Sun Crypto Accelerator 4000 BoardProperties Watch-net Sun Crypto Accelerator 4000 MMF Adapter ConnectorsTable A-1SC Connector Link Characteristics Ieee P802.3z Figure A-1Sun Crypto Accelerator 4000 MMF Adapter ConnectorPerformance Specifications Physical DimensionsPower Requirements Environmental Specifications Interface SpecificationsTable A-5Interface Specifications Table A-6Environmental SpecificationsTable A-7Cat-5 Connector Link Characteristics Figure A-2Sun Crypto Accelerator 4000 UTP Adapter ConnectorTable A-10Power Requirements Table A-9Performance SpecificationsTable A-12Environmental Specifications Table A-11Interface SpecificationsPage SSL Configuration Directives for Apache Web Servers Table B-1SSL Protocols Preceding statement is equivalent to SSL Aliases Table B-4Special Characters to Configure Cipher Preference Default value of cipher-specisTable B-3SSL Aliases Table B-5SSL Verify Client Levels Context Global, virtual hostTable B-6SSL Log Level Values Table B-7Available SSL Options Options are listed and described in Table B-7Opt/SUNWconn/cryptov2/include Page Software Licenses Page Appendix D Software Licenses Third Party License Terms Openssl License IssuesOriginal SSLeay License Modssl License Appendix D Software Licenses Page Table E-1Sun Crypto Accelerator 4000 Online Manual Pages Man -M /opt/SUNWconn/manKcl2 device driver is a multithreaded loadable kernel module Zeroizing the Hardware Page Reconnect to Sun Crypto Accelerator 4000 board with vcaadm Page Frequently Asked Questions # chmod 400 password.conf Reboot the system Enter the following commandEnter the following command at the OBP prompt Boot the operating environmentHow Do I Self-Sign a Certificate for Testing? Extension IndexAdvertised link parameters Commands Failsafe mode Page Pause capability Rx-intr-pktsparameter, 25 Command-line syntax, 123 test parameter optionsVca driver Vca.conf file, example URLWatch-netcommand Zeroize command, 163 zeroizing the hardware
Related manuals
Manual 334 pages 12.65 Kb Manual 72 pages 39 Kb Manual 28 pages 54.7 Kb

4000 specifications

Sun Microsystems, a pivotal player in the computing industry during the late 20th and early 21st centuries, was renowned for its innovative hardware and software solutions. Among its notable offerings were the Sun-6000, Sun-5000, and Sun-4000 series, powerful workstations and servers designed for a range of enterprise-level applications.

The Sun-6000 series, introduced in the early 1990s, marked a significant advancement in computing performance. These systems were built on the SPARC architecture, which facilitated high levels of processing power and multitasking capabilities. One of the main features of the 6000 series was its scalability, allowing organizations to increase their processing power by adding more modules. It also offered robust graphics performance, making it ideal for scientific visualization and complex data analysis.

Next in line was the Sun-5000 series. Launched shortly after the 6000 series, the 5000 line was celebrated for its reliability and ease of management. This series emphasized a balanced architecture, which combined processing capabilities with ample memory and storage options. Key characteristics included support for multiple processors, leading to improved performance for demanding applications. Additionally, the 5000 systems featured advanced input/output capabilities, ensuring fast data transfers—crucial for database applications and web servers.

Finally, the Sun-4000 series targeted businesses seeking affordable yet potent computing solutions. These servers boasted a modular design, allowing for easy upgrades and maintenance. The 4000 series was particularly notable for its support for various operating systems, including SunOS and Solaris. These systems were engineered to handle a range of workloads, from enterprise resource planning to web hosting, while still fitting into a value-driven budget.

Across all three series, Sun Microsystems prioritized compatibility and integration, ensuring that each system offered seamless connectivity with Sun's software solutions and third-party applications. Their commitment to open standards and interoperability set them apart in the competitive landscape of enterprise computing. Additionally, the use of high-quality components lent the systems durability, making them a wise investment for organizations looking to future-proof their IT infrastructure.

In summary, the Sun-6000, 5000, and 4000 series exemplified Sun Microsystems' ethos of innovation and reliability. These powerful systems catered to diverse business needs, setting benchmarks in performance and functionality that continue to influence modern computing.
Top Page Image Contents