Appdirector and Oracle Peoplesoft Hrms 9.1 PDF

Radwares AppDirector and Oracle PeopleSoft HRMS 9.
1
Implementation Guide
Products:
Radware AppDirector
Software: AppDirector version 2.11.22DL
Platform: On-Demand Switch II XL
Oracle PeopleSoft 9.1
-1-
Table of Contents
SOLUTION OVERVIEW .......................................................................................3
PEOPLESOFT 9.1 APPLICATION OVERVIEW ..................................................3
RADWARE APPDIRECTOR OVERVIEW ............................................................4
DEPLOYMENT NOTES........................................................................................4
Session Persistency .............................................................................................................................. 5
Domain Name and Host name for the site............................................................................................. 5
SSL Offloading.................................................................................................................................... 6
Idle Timeout ........................................................................................................................................ 7
APPDIRECTOR AND PEOPLESOFT 9.1 ARCHITECTURE...............................7
Diagram 1.0 PeopleSoft 9.1 and AppDirector Logical Topology ........................................................ 8
Tests Conducted for Solution Validation .............................................................................................. 9
Table 1.0 - Test Conducted for Solution Validation .............................................................................. 9
APPDIRECTOR CONFIGURATION FOR PEOPLESOFT 9.1 ...........................10
Table 2.0 Lab Configuration............................................................................................................ 10
Diagram 2.0 PeopleSoft 9.1 and AppDirector Lab Topology............................................................ 11
PRIMARY APPDIRECTOR CONFIGURATION .................................................11
IP Configuration ................................................................................................................................ 12
Farm Configuration............................................................................................................................ 14
Create Cache Policy........................................................................................................................... 15
Create Compression Policy ................................................................................................................ 16
Create SSL Certificate........................................................................................................................ 17
Create SSL Policy.............................................................................................................................. 18
Create Layer 4 Policy......................................................................................................................... 19
Configure L7 Persistency for the web farm......................................................................................... 20
Adding Servers to the Farm................................................................................................................ 21
Health Monitoring.............................................................................................................................. 23
Create the Health Monitoring Checks. ................................................................................................ 24
Binding Health Checks to Servers ...................................................................................................... 27
GENERAL REDUNDANT CONFIGURATION....................................................28
Primary AppDirector VRRP Configuration ........................................................................................ 28
Primary Virtual Routers ..................................................................................................................... 29
Primary Associated IP Addresses ....................................................................................................... 30
Primary Mirroring.............................................................................................................................. 32
Auto-Generate the Backup AppDirector Configuration.........................................................34
Setting up basic IP connectivity on the Backup AppDirector............................................................... 34
Auto Generating the Backup Configuration from the Primary AppDirector ......................................... 35
Upload the Backup Configuration file to the Backup AppDirector ...................................................... 36
Appendix 1 Primary AppDirector Configuration File ..........................................................38
Appendix 2 Backup AppDirector Configuration File...........................................................41
Appendix 3 Starting PeopleSoft HRMS ...............................................................................44
Appendix 4 Stop PeopleSoft HRMS.....................................................................................45
Appendix 5 PIA and load balancer checklist.......................................................................46
Appendix 6 Certificates and Keys .......................................................................................48
Appendix 7 HTTP redirect to HTTPS ...................................................................................49
Appendix 8 Test Plan ...........................................................................................................53
-2-
Solution Overview
The Radware and PeopleSoft joint solution ensures PeopleSoft 9.1 customers
solution resilience, efficiency and scale. Radwares AppDirector guarantees
PeopleSoft applications maximum availability, scalability, performance and
security, managing traffic for the web server content. AppDirector works in
conjunction with PeopleSoft 9.1 servers to offload resource intensive processing,
providing advanced health monitoring and avoiding system down time to deliver a
best of breed subsystem. With a pay as you grow platform licensing model,
AppDirector ensures long term investment protection facilitating incremental
growth demanded by todays Business. Diagram 2.0 is a logical depiction of the
intended deployment model.
PeopleSoft 9.1 Application Overview
Oracle's PeopleSoft Enterprise applications are designed to address the most

complex business requirements. They provide comprehensive business and
industry solutions, enabling organizations to significantly improve performance.
PeopleSoft Enterprise applications offer web services integration to fit seamlessly
into a heterogeneous applications environment and a broad choice of technology
infrastructure. Simple configuration ensures that the most unique customer
requirements can be met.
PeopleSoft provided human resource management systems (HRMS) and

customer relationship management (CRM) software, as well as software solutions
for manufacturing, financials, enterprise performance management, and student
administration to large corporations, governments, and organizations.
PeopleSoft's product suite runs over a web-centric design called Pure Internet
Architecture (PIA). This format allows all of a company's business functions to be
accessed and run on a web browser.
The architecture is built around PeopleSofts proprietary PeopleTools technology.

PeopleTools includes many different components used to create web-based
applications: a scripting language known as PeopleCode, design tools to define
various types of metadata, standard security structure, batch processing tools, and
the ability to interface with an SQL database. The metadata describes data for user
interfaces, tables, messages, security, navigation, portals, etc. This set of tools
allows the PeopleSoft suite to be platform independent.
For more information on PeopleSoft Enterprise, see
http://www.oracle.com/applications/peoplesoft-enterprise.html
-3-
Radware AppDirector Overview
Radwares AppDirector is an intelligent application delivery controller (ADC) that

provides scalability and application-level security for service infrastructure
optimization, fault tolerance and redundancy. Radware combined its
next-generation, OnDemand Switch multi-gigabit hardware platform with the
powerful capabilities of the companys APSolute operating system classifier
and flow management engine. The result AppDirector enables accelerated
application performance; local and global server availability; and application
security and infrastructure scalability for fast, reliable and secure delivery of
applications over IP networks.
AppDirector is powered by the innovative OnDemand Switch platform. OnDemand

Switch, which has established a new price/performance standard in the industry,
delivers breakthrough performance and superior scalability to meet evolving
network and business requirements. Based on its on demand, pay-as-you-grow
approach, no forklift upgrade is required even when new business requirements
arise. This helps companies guarantee short-term and long-term savings on
CAPEX and OPEX for full investment protection. Radwares OnDemand Switch
enables customers to pay for the exact capacity currently required, while allowing
them to scale their ADC throughput capacity and add advanced application-aware
services or application acceleration services on demand to meet new or changing
application and infrastructure needs. And it does it without compromising on
performance.
AppDirector lets you get the most out of your service investments by maximizing
the utilization of service infrastructure resources and enabling seamless
consolidation and high scalability. AppDirectors throughput licensing options
allows pay as you grow investment protection. Make your network adaptive and
more responsive to your dynamic services and business needs with AppDirectors
fully integrated traffic classification and flow management, health monitoring and
failure bypassing, traffic redirection, bandwidth management, intrusion prevention
and DoS protection.
For more information, please visit: http://www.radware.com/
Deployment Notes
The configuration of PeopleSoft HRMS 9.1 should be running PeopleTools version

8.48 or higher. The lab was configured with PeopleTools 8.50 and Oracle Data
Base 10G R2
This configuration currently only covers offloading SSL from the PeopleSoft Web
tier. You should continue to configure your PeopleSoft Application Tier to natively
support SSL according to the default instructions listed in the PeopleSoft
PeopleTools Installation guide.
-4-
See the LoadBalancing.pdf (Web Server only) in appendix 5 for PeopleSoft Load
balancing requirements, or see below for how to address PeopleSoft
requirements.
Session Persistency
In AppDirector we configured the Web Server farm for Cookie insertion and
removal to address the persistency requirements.
Session persistence is a requirement of PIA. The state information for the user
(such as PeopleCode variables and Page Processor state) is stored in the HTTP
Session. Without the state information, PIA cannot maintain continuity of the user's
dialog. This state information is sent to the Application Server for processing
subsequent requests.
Oracle/PeopleSoft uses the term "sticky sessions", which is synonymous of

"Session Persistence. Load Balancer vendors support different types of session
persistence including simple IP based persistence. However, Oracle/PeopleSoft
recommends Cookie based session persistence.
NOTE: When SSL is in use, it is recommended to terminate SSL at the load

balancer level and use HTTP from the load balancer to the Web servers.
Domain Name and Host name for the site
In weblogic.xml, ensure CookieDomain is set in all weblogic.xml. This value is

automatically set when entering the authentication domain during the PIA install. If
the authentication domain isn't set during PIA install, please reinstall PIA and set
authentication domain. You ca always change the domain by editing the
weblogic.xml file and modifying the parameter below.
<session-param>
<param-name>
CookieDomain
</param-name>
<param-value>
estuate.psft
</param-value>
For example estuate.psft is set as the CookieDomain.
The host name for the site was set to PS.estuate.psft, where PS is the host and
estuate.psft is the domain and this should resolve DNS to the VIP.
-5-
SSL Offloading
Modify the PeopleSoft configuration PSFT PIA (PeopleSoft Internet Architecture)

for AppDirector HTTPS header modification.
This will redirect connections that come in as HTTP and redirect the client to
request the connection using HTTPS.
1. Login into PeopleSoft PIA with admin userid/password (PS/PS)

url: http://peoplesoft2.estuate.psft/ps/signon.html
2. Navigate to Web Profile Configuration
Navigation Path:
MainMenu/PeopleTools/WebProfile/Web Profile Configuration
3. Search and Select DEV Web Profile Configuration or other profile that's
configured in configuration.properties
Go to Virtual Addressing tab
Enter Protocol : https
Save Profile
*** Recycle web server and application server after the WebProfile modification is
complete. (Please refer to Start_PeopleSoftWebAndAppServer.txt and
Stop_PeopleSoftWebAndAppServer.txt) in the Appendix.
SSL Configuration on AppDirector
See the configuration section for SSL Certificate and SSL Policy.
See appendix 6 for an explanation of Certificates, Keys and how to generate a
Certificate request.
-6-
Idle Timeout
The TCP Idle Timeout value on AppDirector should be set slightly longer then the
Connection Maximum Idle Time value for PeopleSoft (default 20 minutes), This
timeout setting specifies the amount of idle time a user connection will wait before
getting terminated by AppDirector.
Setting the Idle time is critical to this configuration. If the Connection Maximum Idle
Time is shorter than the AppDirector idle timeout value, a user may experience
occasional Server Busy errors after long periods of idle time.
Set the PIA "Inactivity Logout" in seconds to match HTTP timeout in minutes.
In PIA, navigate to "PeopleTools -> Web Profile -> Web Profile

Configurations". Search for webprofile. Click on "Security" tab. PIA timeout
is "Inactivity Logout" in seconds. Suppose "Inactivity Logout" = 1200
seconds.
In WebLogic, open web.xml file. This file can be found in the following
directory:
<PS_HOME>/webserv/<DOMAIN-NAME>/applications/peoplesoft/PORTA
L/WEB-INF/web.xml
WebLogic HTTP timeout appears in minutes:
<session-timeout>20</session-timeout>
In this example, ensure WebLogic HTTP timeout is 20 minutes to match
"Inactivity Logout" (1200 seconds).
AppDirector and PeopleSoft 9.1 Architecture
Key features implemented on the AppDirector to support this solution:
Service health monitoring

Layer 4 load balancing
Cookie based Persistence
SSL Offloading
Caching
Compression
VRRP
-7-
Diagram 1.0 PeopleSoft 9.1 and AppDirector Logical Topology
-8-
Tests Conducted for Solution Validation
The following tests were conducted to ensure the most appropriate solution was
defined and validated. All tests were successfully completed using the
AppDirector and Oracle PeopleSoft 9.1 configurations following Table 1.0.
See Appendix 8 for a full test plan description.
EBSO Basic Health Check
Test Case Status
PeopleSoft PIA Login Page PASS
PIA Home Page PASS
Update a Person access search Page PASS
Enter Search Criteria PASS
Change Biographical detail and save PASS
Query and Verify Saved detail PASS
Load Distribution
PeopleSoft Web Server Load Balance PASS
Persistency Check
PIA Web Server Session Persistence PASS
PIA Web Client Session Timeout PASS
Health Check
PIA App Server Failure/Health Check PASS
Acceleration Features
PIA Web Server Caching PASS
PIA Web Server Compression PASS
PIA Web Server SSL Offloading PASS
Table 1.0 - Test Conducted for Solution Validation
-9-
AppDirector Configuration for PeopleSoft 9.1
PeopleSoft Server Name Service Port Network IP Address

PS_N1 web 443 192.168.168.74
PS_N2 web 443 192.168.168.75
VIP
PeopleSoft virtual IP web 443 76.197.19.54
Primary AppDirector Routing table

and interface IPs interface subnet Network IP Address
Gateway G-1 255.255.255.240 76.197.19.62
Subnet G-11 255.255.255.0 192.168.168.0
Subnet G-1 255.255.255.240 76.197.19.48
Management Interface MNG-1 255.255.255.0 192.168.1.50
G-11 Interface G-11 255.255.255.0 192.168.168.3
G-1 Interface G-1 255.255.255.240 76.197.19.61
Backup AppDirector Routing table

and interface IPs interface subnet Network IP Address
Gateway G-1 255.255.255.0 76.197.19.62
Subnet G-11 255.255.255.0 192.168.168.0
Subnet G-1 255.255.255.240 76.197.19.48
Management Interface MNG-1 255.255.255.0 192.168.1.51
G-11 Interface G-11 255.255.255.0 192.168.168.2
G-1 Interface G-1 255.255.255.240 76.197.19.60
Table 2.0 Lab Configuration
- 10 -
Diagram 2.0 PeopleSoft 9.1 and AppDirector Lab Topology
Primary AppDirector Configuration
Using a serial cable and a terminal emulation program, connect to the AppDirector.
The default console port settings are:

Bits per Second: 19200
Data Bits: 8
Parity: None
Stop Bits: 1
Flow Control: None
- 11 -
1. Using the following Command line, assign management IP address
192.168.1.50 / 24 to interface 17 (Dedicated Management Interface) of the
AppDirector:
net ip-interface create 192.168.1.50 255.255.255.0 MNG-1 pa 192.168.168.51
Note: It may require deletion of a self-configured interface to create a new

interface in the same subnet (self-provisioned IP is 192.168.1.1/24) for MNG-1
2. Using a browser, connect to the management IP Address of the AppDirector

(192.168.1.50) via HTTP or HTTPS. The default username and password are
radware and radware.
Failure to establish a connection may be due to the following:

Incorrect IP Address in the browser
Incorrect IP Address or default route configuration in the AppDirector
Failure to enable Web Based Management or Secure Web Based
Management in the AppDirector
If the AppDirector can be successfully pinged, attempt to connect to it
via Telnet or SSH. If the pinging or the Telnet/SSH connection are
unsuccessful, reconnect to the AppDirector via its console port. Once
IP Configuration
1. From the menu, select Router IP Router Interface Parameters to

display the IP Interface Parameters page similar to the one shown below:
- 12 -
2. Click the Create button.
3. On the IP Interface Parameters Create page, enter the necessary parameters
as shown below:1
Note: The Peer Address is used to identify the backup AppDirector interface IP
and is referenced during automatic backup configuration file generation.
4. Click the Set button to save parameters.

5. On the IP Interface Parameters page, click the Create button to configure
another interface. enter the necessary parameters as shown below:
1
Items circled in red indicate settings that need to be entered or changed. Items not circled should
be left to default settings.
- 13 -
7. Verify that the new entries were created on the IP Interface Parameters page:
Farm Configuration
1. From the menu, select AppDirector Farms Farm Table to display the
Farm Table page similar to the one shown below:
- 14 -
3. On the Farm Table Create page, enter the necessary parameters as shown
below:
Note: The aging time is displayed in seconds and is set to just over 20 Minutes.
The PeopleSoft time out is set default for 20 Minutes.

5. Verify that the new entries are created on the Farm Table page:
Create Cache Policy
1. From the menu, select AppDirector Layer 4 Traffic Redirection

Caching Policy to display the AppDirector Caching Policy page similar to
the one shown below:
- 15 -
3. On the AppDirector Caching Policy Create page, enter the necessary
parameters as shown below.
4. Click the Set button to save the parameters.
Create Compression Policy
1. From the menu, select AppDirector Layer 4 Traffic Redirection

Caching Policy to display the AppDirector Caching Policy page similar to
the one shown below:
- 16 -
3. On the AppDirector Caching Policy Create page, enter the necessary
parameters as shown below.
Note: this version of hardware supports hardware compression.
Create SSL Certificate
Note: This is a self signed certificate, in a production environment you would use a
certificate signed from a CA (Certificate Authority) like VeriSign. See appendix 6
for an explanation of Certificates and how to generate a Certificate request.
You must log into the AppDirector through a secure connection (HTTPS) in order
to configure certificates.
1. From the menu, select Security Certificates Table to display the

Certificates Table page similar to the one shown below:

3. On the Certificates Table Create page, enter the necessary parameters as
shown below.
- 17 -
4. There will be a popup when you click on the Key Passphrase field, asking you
to enter in a Passphrase, as shown below.
Note: The Key Passphrase encrypts the key in storage and is required to export
the key from AppDirector. Since Private Keys are the most sensitive parts of PKI
data they must be protected by passphrase. The Passphrase should be at least 4
characters and is recommended to use stronger passphrases than that based on
letters, numbers and signs.
5. Click the Set button to save the Passphrase.

6. Click the Set button to save the Certificate parameters.
Create SSL Policy
1. From the menu, select AppDirector Layer 4 Traffic Redirection SSL

Policies to display the SSL Policies page similar to the one shown below:
- 18 -
3. On the SSL Policies Create page, enter the necessary parameters as shown
below.
Create Layer 4 Policy
Note: Please see Appendix 7 for instructions to show how to create a L7 Policy
that redirects all HTTP traffic to the same host name same URI over HTTPS. This
L7 Policy is a safety net; it catches the traffic that incorrectly comes in on HTTP
and redirects it to HTTPS. The Second option is to configure a L4 policy for HTTP
and point it at the PS_WEB_Farm and configure PeopleSoft to redirect the HTTP
request to HTTPS. This was described in the previous section Deployment Notes
1. From the menu, select AppDirector Layer 4 Traffic Redirection Layer 4

Policy Table to display the Layer 4 Policy Table page similar to the one
shown below:

3. On the Layer 4 Policy Table Create page, enter the necessary parameters as
shown below.
- 19 -
5. Verify that the new entries were created on the Layer 4 Policy Table page:
Configure L7 Persistency for the web farm
Persistence is handled at the web tier with cookie insertion and removal
configured in Extended Farm Parameters as seen below.
1. From the menu, select AppDirector Farms Extended Parameters to

display the Extended Farm Parameters page similar to the one shown.
- 20 -
2. Select the web server farm under the Farm Name to display the Extended
Farm Parameters Update page, enter the necessary parameters as shown
below:
Note: Close Session At Aging will reset sessions if still existing when their Aging
Time expires. This will ensure any clean-up of abandoned sessions which could
hold state on the servers inadvertently.
Note: Configuring Cookie Insertion for Web Service HTTP Persistence in the
Extended Farm Parameters Update page generates all of the L7 persistence
logic automatically from the single drop down menu. See Appendix 4 to view and
better understand the entries that auto generate to facilitate this function. Cookies
are inserted on reply and removed on request.
Adding Servers to the Farm
1. From the menu, select AppDirector Servers Application Servers

Table to display the Server Table page similar to the one shown below:
2. Click the Create button
- 21 -
3. On the Server Table Create page, enter the necessary parameters as shown
below:

5. On Server Table page Click the Create button to configure another server.
enter the necessary parameters as shown below:
- 22 -
7. Verify that the new entries were created on the Server Table page:
Health Monitoring
Create Health Checks
1. From the menu, select Health Monitoring Global Parameters to display

the Health Monitoring Global Parameters page.
2. On the Health Monitoring Global Parameters page, change the parameters
as shown below:
- 23 -
Create the Health Monitoring Checks.
1. From the menu, select Health Monitoring Check Table to display the
Health Monitoring Check Table page similar to the one shown below:

3. Create a health checks for HTTPS Web/Application servers. On the Health
Monitoring Check Table Create page, enter the necessary parameters as
shown below:
- 24 -
4. Before clicking the Set button, choose the button next to Arguments to
populate the specific settings for the rest of this check. Enter the information
below:
5. Click the Set button for the Method Arguments and click the Set button again in
the Health Monitoring Check Table Create window.
6. Create a second health check for HTTPS Web/Application servers. On the
Health Monitoring Check Table Create page, enter the necessary
parameters as shown below:
- 25 -
7. Before clicking the Set button, choose the button next to Arguments to
populate the specific settings for the rest of this check. Enter the information
below:
8. Click the Set button for the Method Arguments and click the Set button again in
the Health Monitoring Check Table Create window.
9. Verify the new entries were created on the Health Monitoring Check Table
- 26 -
The status of this check may display Unknown until the server replies
successfully to the AppDirectors check.
Binding Health Checks to Servers
1. Create the Health Monitoring Binding for the Servers

2. From the menu, select Health Monitoring Binding Table to display the
Health Monitoring Binding Table page similar to the one shown below:

4. Create the health check binding for the first web server. On the Health
Monitoring Binding Table Create page, enter the necessary parameters as
shown below:
- 27 -
6. Click the Create button to bind the second web server health check.
7. Create the health check binding for the second web server. On the Health
Monitoring Binding Table Create page, enter the necessary parameters as
shown below:

9. Verify that the new entries were created on the Health Monitoring Binding
Table page:
This completes the AppDirector Policy Configurations.
General Redundant Configuration
For complete high-availability, Radware encourages implementing pairs of

AppDirector units in an Active / Backup configuration. If your implementation of
this architecture includes only a single AppDirector, then it is unnecessary to follow
the steps in this section.
Primary AppDirector VRRP Configuration
1. From the menu, select Redundancy Global Configuration and set the
parameters as noted below:
- 28 -
2. Click the Set button to save these changes.
Primary Virtual Routers
1. From the menu, select Redundancy VRRP Virtual Routers to display

the Virtual Router Table page similar to the one shown below.

3. On the Virtual Router Table page, enter the necessary parameters as shown
below.
- 29 -
5. On the Virtual Router Table Create page, click the Create button to configure
another interface. enter the necessary parameters as shown below:
Note: 255 indicates that the Primary devices IP is the Virtual VRRP IP. As an
alternative you can create a floating IP or 3rd IP configuration using the L4 policy to
create a VRRP Virtual-interface. This IP will float between the AppDirectors and
will belong to the active AppDirector. This will allow you to access the primary
device when the backup is active.

7. Verify that the new entries were created on the Virtual Router Table page:
Primary Associated IP Addresses
1. From the menu, select Redundancy VRRP Associated IP Addresses

to display the Associated IP Addresses page similar to the one shown below:
- 30 -
3. On the Associated IP Addresses Create page, enter the necessary
4. Click the Set button to save the parameters

5. Follow steps 2-4 to create the associated IP Addresses 76.197.19.59((VIP), VR
ID = 1), 192.168.168.3 ((default gateway for the web servers), VR ID = 2).
6. Verify that the new entries were created on the Associated IP Addresses
page:
7. Go to Redundancy VRRP Virtual Routers and click on the link to If Index

G-1
8. Change the Admin Status from down to up, but leave all other settings
unchanged:
- 31 -
10. Or you can bring all the interfaces up by selecting VRIDs to All Up click the Set
button to save the parameters.
11. Make certain that the State of this VR is displayed as Master in the Virtual
Router table:
Primary Mirroring
1. Go to Redundancy Mirroring Active Device Parameters and set the

Client Table Mirroring status to enable:
- 32 -
Note: enable session-ID mirroring, if you are using the cookie-insertion feature.
The new cookie insertion feature uses dynamic session-ids.

3. From the menu, select Redundancy Mirroring Mirror Device
Parameters to display the Mirror Device Parameters page similar to the one
shown below.

5. On the Mirror Device Parameters page, enter the necessary parameters as
shown below:
Note: This sets the Backup AD IP used as the target address for mirroring traffic.
This completes the configuration of the Primary AppDirector.
- 33 -
Auto-Generate the Backup AppDirector Configuration
To create the Backup AppDirector configuration is very easy.

Once the Backup AppDirector is configured for basic IP connectivity and is
available to the network, simply export the Backup Configuration file from the
Primary AppDirector and upload it to the Backup AppDirector. The steps are
defined below.
Setting up basic IP connectivity on the Backup AppDirector
Using a serial cable and a terminal emulation program, connect to the AppDirector.
The default console port settings are:

Bits per Second: 19200
Data Bits: 8
Parity: None
Stop Bits: 1
Flow Control: None
1. Using the following Command line, assign management IP address

192.168.1.51 / 24 to interface MNG-1 (Dedicated Management Interface) of the
AppDirector:
net ip-interface create 192.168.1.51 255.255.255.0 MNG-1 -pa 192.168.1.50
2. Using a browser, connect to the management IP Address of the AppDirector

(192.168.1.53) via HTTP or HTTPS. The default username and password are
radware and radware.
Failure to establish a connection may be due to the following:
Incorrect IP Address in the browser

Incorrect IP Address or default route configuration in the AppDirector
Failure to enable Web Based Management or Secure Web Based
Management in the AppDirector
If the AppDirector can be successfully pinged, attempt to connect to it
via Telnet or SSH. If the pinging or the Telnet/SSH connection are
unsuccessful, reconnect to the AppDirector via its console port.
- 34 -
Auto Generating the Backup Configuration from the Primary AppDirector
1. From the web interface menu of the Primary AppDirector, select File
Configuration Receive from Device to display the Download
Configuration File page similar to the one shown below:
Note: Switch from the Backup to Primary AppDirector to auto-generate the

Backup configuration file.
2. On the Configuration File Download page, choose the necessary

- 35 -
3. Click the Set button to launch save file window.
4. Click the SAVE button to save the file to a local directory.
Upload the Backup Configuration file to the Backup AppDirector
1. From the web interface menu of the Backup AppDirector, select File
Configuration Send to Device to display the Configuration File Upload
page similar to the one shown below:
- 36 -
Note: Clicking the Browse button and navigate to the updated configuration file.
2. Click the Set button to upload the configuration. The Backup device will reboot
and be ready for use.
This completes the configuration of the Backup AppDirector.
- 37 -
Appendix 1 Primary AppDirector Configuration File
!
!Device Configuration
!Date: 19-05-2010 04:22:35
!DeviceDescription: AppDirector with Cookie Persistency
!Base MAC Address: 00:03:b2:4b:16:40
!Software Version: 2.11.22DL (Build date Mar 8 2010, 17:27:35,Build#2)
!APSolute OS Version: 10.31-07.01DLA(17):2.06.10
!
!
! The following commands will take effect only
! once the device has been rebooted!
!
system tune bridge-fft-table set 1024

system tune ip-fft-table set 240000
system tune arp-table set 1024
system tune client-table set 1200000
system tune routing-table set 512
system tune url-table set 256
system tune request-table set 5000
system tune nat-address-table set 4
system tune nat-ports-table set 64511
system tune session-id-table set 32000
system tune l3-client-table-size set 20
system tune outbound-nat-address set 0
system tune outbound-nat-ports set 64511
system tune outbound-intrcpt-tbl set 512
system tune radius-attribute-table set 1
system tune segments set 15
system tune l4-policy-table set 512
system tune static-dns-persistency set 5
system tune dynamic-dns-persistency set 10
manage snmp versions-after-reset set "v1 & v2c & v3"
statistics protocol status set Enabled
system tune session-pasv-protocols set 16
system tune session set 512
system tune session-resets set 100
appdirector global accel-engine-status set Enabled
!
! The following commands take effect immediately
! upon execution!
!
net ip-interface create 76.197.19.61 255.255.255.240 G-1 -pa 76.197.19.60

health-monitoring check create PS_N1 -id 15 -m HTTP -a \
PATH=/psp/ps/?cmd=login|HOST=192.168.168.74|C1=200|MTD=G|PRX=N|NOCACHE=N|AUTH=B| -d 192.168.168.74
\
net route table create 0.0.0.0 0.0.0.0 76.197.19.62 -i G-1
redundancy mode set VRRP
appdirector farm table setCreate PS_WEB_Farm -at 1260 -cm "No Checks" -sm RemoveOnSessionEnd-SPS
appdirector farm server table create PS_WEB_Farm 192.168.168.74 None -sn " PS_N1" -id 36 -sd "node 1"
appdirector l7 farm-selection method-table setCreate Auto-G_Cookie_PS_WE \
-cm "Set Cookie" -ma KEY=d6QlsE4K6n|VAL=$Dyn_Cookie_Value|P=/|
appdirector l7 farm-selection method-table setCreate Auto-G_RCookie_PS_W -cm Cookie -ma KEY=d6QlsE4K6n|
appdirector l7 farm-selection method-table setCreate ps.estuate.psft -cm URL -ma HN=ps.estuate.psft|P=/|
appdirector l7 farm-selection policy-table setCreate PS_HTTP_Redirect 0 \
-m1 ps.estuate.psft -pa RDRS=ps.estuate.psft|
redundancy interface-group set Enabled
appdirector nat server status set disable
redundancy mirror main client-status set Enabled
redundancy mirror address setCreate 76.197.19.60
statistics appdirector mode set Full
statistics appdirector flow-polling-time set 60
statistics appdirector health-polling-time set 60
redundancy backup-in-vlan set Disabled
appdirector farm connectivity-check httpcode setCreate PS_WEB_Farm "200 - OK"
appdirector nat server specific-nat-address set 0.0.0.0
redundancy backup-fake-arp set Enabled
net next-hop-router setCreate 76.197.19.62 -id 5 -fl 1
- 38 -
appdirector farm nhr setCreate 0.0.0.0 -ip 76.197.19.62 -fl 1
appdirector farm extended-params set PS_WEB_Farm -ic "Enable and remove cookie on return path"
appdirector nat client status set Disabled
redundancy backup-interface-group set Enabled
system internal appdirector full-session-id-table setCreate PS_WEB_Farm 0\
TCP -k d6QlsE4K6n -l Cookie -d "No Learning" -fl 1
appdirector segmentation nhr-table setCreate DefaultNHR -ip 76.197.19.62 -fl 1
appdirector l4-policy ssl-policy create PS_SSL -c PS_Cert
appdirector l4-policy compression create PS_Compression -pe Hardware
appdirector l4-policy caching create PS_Cache
appdirector l4-policy table create 76.197.19.54 TCP 443 0.0.0.0 PS_Web \
-fn PS_WEB_Farm -ta HTTPS -sl PS_SSL -co PS_Compression -ca PS_Cache
appdirector l4-policy table create 76.197.19.54 TCP 80 0.0.0.0 PS_redirect -po PS_HTTP_Redirect -ta HTTP
redundancy vrrp automated-config-update set Enabled
appdirector l7 modification table setCreate Auto-G_Cookie_PS_WE -i 0 -f \
PS_WEB_Farm -d Reply -am Auto-G_Cookie_PS_WE
appdirector l7 modification table setCreate Auto-G_RCookie_PS_W -i 0 -f \
PS_WEB_Farm -ac Remove -mm Auto-G_RCookie_PS_W
manage trap-logging status set Enabled
manage trap-logging file-size set 1000
manage trap-logging min-severity set Info
redundancy mirror main sid-status set Enabled
redundancy global-configuration failure-action set Ignore
health-monitoring binding create 15 36
health-monitoring status set enable
health-monitoring response-level-samples set 0
redundancy vrrp virtual-routers create G-1 1 -as Up -p 255 -pip 76.197.19.61
redundancy vrrp associated-ip create G-1 1 76.197.19.61
manage user table create radware -pw GndridF04zNWSGOrZjKFV78REiEra/Qm
manage telnet status set enable
manage telnet server-port set 23
manage web status set enable
manage ssh status set enable
manage secure-web status set enable
services dns client primary-server set 68.94.156.1
services dns client alt-server set 0.0.0.0
services dns client status set Enabled
redundancy arp-interface-group set Send
statistics protocol reporting set Disabled
statistics protocol period set 30
statistics protocol lifetime set 30
net l2-interface set 100001 -ad up
redundancy vrrp global-advertise-int set 0
manage snmp groups create SNMPv1 public -gn initial
manage snmp groups create SNMPv1 ReadOnlySecurity -gn InitialReadOnly
manage snmp groups create SNMPv2c public -gn initial
manage snmp groups create SNMPv2c ReadOnlySecurity -gn InitialReadOnly
manage snmp groups create UserBased radware -gn initial
manage snmp groups create UserBased ReadOnlySecurity -gn InitialReadOnly
manage snmp access create initial SNMPv1 noAuthNoPriv -rvn iso -wvn iso -nvn iso
manage snmp access create InitialReadOnly SNMPv1 noAuthNoPriv -rvn ReadOnlyView
manage snmp access create initial SNMPv2c noAuthNoPriv -rvn iso -wvn iso -nvn iso
manage snmp access create InitialReadOnly SNMPv2c noAuthNoPriv -rvn ReadOnlyView
manage snmp access create initial UserBased authPriv -rvn iso -wvn iso -nvn iso
manage snmp access create InitialReadOnly UserBased authPriv -rvn ReadOnlyView
manage snmp views create iso 1
manage snmp views create ReadOnlyView 1
manage snmp views create ReadOnlyView 1.3.6.1.4.1.89.2.7.2 -cm excluded
manage snmp views create ReadOnlyView 1.3.6.1.6.3.18.1.1 -cm excluded
manage snmp notify create allTraps -ta v3Traps
manage snmp global engine-id set 80000059030003b24b1640
manage snmp users create radware -cf 0.0 -ap MD5 -akc \
5efe7eb262018b74de977d1091aff3f9 -pp DES -pkc 5efe7eb262018b74de977d1091aff3f9
manage snmp target-address create v3MngStations -tl v3Traps -p radware-authPriv
manage snmp target-parameters create public-v1 -d SNMPv1 -sm SNMPv1 -sn public -sl noAuthNoPriv
manage snmp target-parameters create public-v2 -d SNMPv2c -sm SNMPv2c -sn public -sl noAuthNoPriv
manage snmp target-parameters create radware-authPriv -d SNMPv3 -sm UserBased -sn radware -sl authPriv
manage snmp community create public -n public -sn public
manage telnet session-timeout set 5
manage telnet auth-timeout set 30
system diagnostics policies setCreate all
- 39 -
system diagnostics capture output file set "RAM Drive and Flash"
system diagnostics capture output term set Disabled
system diagnostics capture point set Both
redundancy force-down-ports-time set 0
manage trap-logging power-supply-traps set enable
system diagnostics capture traffic-match-mode set "Inbound and Outbound"
appdirector global connectivity-check tcp-timeout set 3
security certificate table \
Name: PS_Cert \
Type: certificate \
-----BEGIN CERTIFICATE----- \
MIIBkzCB/QICQsQwDQYJKoZIhvcNAQEEBQAwEjEQMA4GA1UEAxMHUmFkd2FyZTAe \
Fw0xMDA0MzAyMTE0NTRaFw0xMTA0MzAyMTE0NTRaMBIxEDAOBgNVBAMTB1JhZHdh \
cmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALdIdq7FfTIXKQ6DCyn9K0DD \
6Oq8cus6UOteYjaR7Uh49ELGZzuWIa1anKVjroZivRNUo8imUnZoT2i05YjBeXA6 \
acXHX2R2zgcGcMfv9xo0/fT4P/kJwPZw1dlnE3taxJV3GoZesVzAwY1UN4HPBzRS \
YyyJssatz+QE+lRwibwFAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEALavtgqcgXqKF \
w5+A2F+7YIcTAUMb9iEErvfpOmWOhPnCYCTe85vGvWwKiblaX9dW3bMEY04iGASR \
8XlI2+2WVx2c9+bCOoeQvlkNEEl+WBMPODdtmvRo6sM64R3VXj1zUhlaT8SIauh1 \
3vfarEHxCz0jTJ7Q/OXrOgZ6rTBxMqU= \
-----END CERTIFICATE----- \
Name: radware \
Type: certificate \
MIIB2zCCAYUCAlwOMA0GCSqGSIb3DQEBBAUAMHgxCzAJBgNVBAYTAlVTMRAwDgYD \
VQQIEwdSYWR3YXJlMRAwDgYDVQQHEwdSYWR3YXJlMRYwFAYDVQQDEw0xNjkuMjU0 \
LjAuMjU0MRAwDgYDVQQKEwdSYWR3YXJlMRswGQYDVQQLExJSYWR3YXJlIHdlYiBz \
ZXJ2ZXIwHhcNMTAwMjA4MjEzNDI3WhcNMTEwMjA4MjEzNDI3WjB4MQswCQYDVQQG \
EwJVUzEQMA4GA1UECBMHUmFkd2FyZTEQMA4GA1UEBxMHUmFkd2FyZTEWMBQGA1UE \
AxMNMTY5LjI1NC4wLjI1NDEQMA4GA1UEChMHUmFkd2FyZTEbMBkGA1UECxMSUmFk \
d2FyZSB3ZWIgc2VydmVyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMXK79BTZAhS \
73YN8jMvODBAyVgooyBaW+itysolx9oBq2qRFvMJlagNihyIF1rd8WpUNwKCkXnP \
IBsU72iYQPkCAwEAATANBgkqhkiG9w0BAQQFAANBAGI8jmu64CMax9tU0Xyr0bqO \
EVszi5Vk2y0noebs6t8psMeC75qlDHeN3Lw2WBv/e26X1BEo3YoM9EVb3JNf4r8= \
Name: rdwrhmm \
Type: certificate \
MIIB8zCCAZ0CAkTnMA0GCSqGSIb3DQEBBAUAMIGDMQswCQYDVQQGEwJVUzEQMA4G \
A1UECBMHUmFkd2FyZTEQMA4GA1UEBxMHUmFkd2FyZTEaMBgGA1UEAxMRUlcgU1NM \
IG1vbml0b3JpbmcxEDAOBgNVBAoTB1JhZHdhcmUxIjAgBgNVBAsTGVJhZHdhcmUg \
SGVhbHRoIE1vbml0b3JpbmcwHhcNMTAwMjA4MjEzNDI4WhcNMTEwMjA4MjEzNDI4 \
WjCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB1JhZHdhcmUxEDAOBgNVBAcTB1Jh \
ZHdhcmUxGjAYBgNVBAMTEVJXIFNTTCBtb25pdG9yaW5nMRAwDgYDVQQKEwdSYWR3 \
YXJlMSIwIAYDVQQLExlSYWR3YXJlIEhlYWx0aCBNb25pdG9yaW5nMFwwDQYJKoZI \
hvcNAQEBBQADSwAwSAJBANWyhqErW6RxhMEjV51E9VaWSvsuIVeAbgGHpEnsxrGB \
4A5H5f9Fg+91WnqXHa0Hp5Iga0ZvoPEm7/KMCqfUYUECAwEAATANBgkqhkiG9w0B \
AQQFAANBAIB9/Uvd4268jZ4FqbKpWu7tzyUbcJ/Ejv08bwQJG9o7Pqh6kK9rnbdH \
CSlfBpt0ZK3TUd3HSsLuJuPZT03UyEY= \
-----END CERTIFICATE-----
!File Signature: 81d1fbe8b4819036121f8dfd1da24133
- 40 -
Appendix 2 Backup AppDirector Configuration File
!
!Device Configuration
!Date: 19-05-2010 04:25:06
!DeviceDescription: AppDirector with Cookie Persistency
!Base MAC Address: 00:03:b2:4b:16:40
!Software Version: 2.11.22DL (Build date Mar 8 2010, 17:27:35,Build#2)
!APSolute OS Version: 10.31-07.01DLA(17):2.06.10
!
!
! The following commands will take effect only
! once the device has been rebooted!
!
system tune bridge-fft-table set 1024

system tune ip-fft-table set 240000
system tune arp-table set 1024
system tune client-table set 1200000
system tune routing-table set 512
system tune url-table set 256
system tune request-table set 5000
system tune nat-address-table set 4
system tune nat-ports-table set 64511
system tune session-id-table set 32000
system tune l3-client-table-size set 20
system tune outbound-nat-address set 0
system tune outbound-nat-ports set 64511
system tune outbound-intrcpt-tbl set 512
system tune radius-attribute-table set 1
system tune segments set 15
system tune l4-policy-table set 512
system tune static-dns-persistency set 5
system tune dynamic-dns-persistency set 10
manage snmp versions-after-reset set "v1 & v2c & v3"
statistics protocol status set Enabled
system tune session-pasv-protocols set 16
system tune session set 512
system tune session-resets set 100
appdirector global accel-engine-status set Enabled
!
! The following commands take effect immediately
! upon execution!
!

net route table create 0.0.0.0 0.0.0.0 76.197.19.62 -i G-1
redundancy mode set VRRP
system mib2-name set AppDirector_peer
appdirector farm table setCreate PS_WEB_Farm -at 1260 -cm "No Checks" -sm RemoveOnSessionEnd-SPS
appdirector l7 farm-selection method-table setCreate Auto-G_Cookie_PS_WE \
-cm "Set Cookie" -ma KEY=d6QlsE4K6n|VAL=$Dyn_Cookie_Value|P=/|
appdirector l7 farm-selection method-table setCreate Auto-G_RCookie_PS_W -cm Cookie -ma KEY=d6QlsE4K6n|
appdirector l7 farm-selection method-table setCreate ps.estuate.psft -cm URL -ma HN=ps.estuate.psft|P=/|
appdirector l7 farm-selection policy-table setCreate PS_HTTP_Redirect 0 \
-m1 ps.estuate.psft -pa RDRS=ps.estuate.psft|
redundancy interface-group set Disabled
appdirector nat server status set disable
redundancy mirror backup status set Enabled
redundancy mirror main client-status set Disabled
redundancy mirror address setCreate 76.197.19.61
statistics appdirector mode set Full
statistics appdirector flow-polling-time set 60
statistics appdirector health-polling-time set 60
redundancy backup-in-vlan set Enabled
appdirector farm connectivity-check httpcode setCreate PS_WEB_Farm "200 - OK"
appdirector nat server specific-nat-address set 0.0.0.0
redundancy backup-fake-arp set Enabled
- 41 -
net next-hop-router setCreate 76.197.19.62 -id 5 -fl 1
appdirector farm nhr setCreate 0.0.0.0 -ip 76.197.19.62 -fl 1
appdirector farm extended-params set PS_WEB_Farm -ic "Enable and remove cookie on return path"
appdirector nat client status set Disabled
redundancy backup-interface-group set Enabled
system internal appdirector full-session-id-table setCreate PS_WEB_Farm 0\
TCP -k d6QlsE4K6n -l Cookie -d "No Learning" -fl 1
appdirector segmentation nhr-table setCreate DefaultNHR -ip 76.197.19.62 -fl 1
appdirector l4-policy ssl-policy create PS_SSL -c PS_Cert
appdirector l4-policy compression create PS_Compression -pe Hardware
appdirector l4-policy caching create PS_Cache
appdirector l4-policy table create 76.197.19.54 TCP 443 0.0.0.0 PS_Web \
-fn PS_WEB_Farm -ta HTTPS -rs Backup -sl PS_SSL -co PS_Compression -ca PS_Cache
appdirector l4-policy table create 76.197.19.54 TCP 80 0.0.0.0\
PS_redirect -po PS_HTTP_Redirect -ta HTTP -rs Backup
redundancy mirror main dns-status set Disabled
redundancy vrrp automated-config-update set Enabled
appdirector l7 modification table setCreate Auto-G_Cookie_PS_WE -i 0 -f \
PS_WEB_Farm -d Reply -am Auto-G_Cookie_PS_WE
appdirector l7 modification table setCreate Auto-G_RCookie_PS_W -i 0 -f \
PS_WEB_Farm -ac Remove -mm Auto-G_RCookie_PS_W
manage trap-logging status set Enabled
manage trap-logging file-size set 1000
manage trap-logging min-severity set Info
redundancy mirror main sid-status set Disabled
redundancy global-configuration failure-action set Ignore
health-monitoring status set enable
health-monitoring response-level-samples set 0
manage user table create radware -pw GndridF04zNWSGOrZjKFV78REiEra/Qm
manage telnet status set enable
manage telnet server-port set 23
manage web status set enable
manage ssh status set enable
manage secure-web status set enable
services dns client primary-server set 68.94.156.1
services dns client alt-server set 0.0.0.0
services dns client status set Enabled
redundancy arp-interface-group set Send
statistics protocol reporting set Disabled
statistics protocol period set 30
statistics protocol lifetime set 30
redundancy vrrp global-advertise-int set 0
manage terminal prompt set AppDirector_peer
manage snmp groups create SNMPv1 public -gn initial
manage snmp groups create SNMPv1 ReadOnlySecurity -gn InitialReadOnly
manage snmp groups create SNMPv2c public -gn initial
manage snmp groups create SNMPv2c ReadOnlySecurity -gn InitialReadOnly
manage snmp groups create UserBased radware -gn initial
manage snmp groups create UserBased ReadOnlySecurity -gn InitialReadOnly
manage snmp access create initial SNMPv1 noAuthNoPriv -rvn iso -wvn iso -nvn iso
manage snmp access create InitialReadOnly SNMPv1 noAuthNoPriv -rvn ReadOnlyView
manage snmp access create initial SNMPv2c noAuthNoPriv -rvn iso -wvn iso -nvn iso
manage snmp access create InitialReadOnly SNMPv2c noAuthNoPriv -rvn ReadOnlyView
manage snmp access create initial UserBased authPriv -rvn iso -wvn iso -nvn iso
manage snmp access create InitialReadOnly UserBased authPriv -rvn ReadOnlyView
manage snmp views create iso 1
manage snmp views create ReadOnlyView 1
manage snmp notify create allTraps -ta v3Traps
manage snmp global engine-id set 80000059030003b24b1640
manage snmp users create radware -cf 0.0 -ap MD5 -akc \
5efe7eb262018b74de977d1091aff3f9 -pp DES -pkc 5efe7eb262018b74de977d1091aff3f9
manage snmp target-address create v3MngStations -tl v3Traps -p radware-authPriv
manage snmp target-parameters create public-v1 -d SNMPv1 -sm SNMPv1 -sn public -sl noAuthNoPriv
manage snmp target-parameters create public-v2 -d SNMPv2c -sm SNMPv2c -sn public -sl noAuthNoPriv
manage snmp target-parameters create radware-authPriv -d SNMPv3 -sm UserBased -sn radware -sl authPriv
- 42 -
manage snmp community create public -n public -sn public
manage telnet session-timeout set 5
manage telnet auth-timeout set 30
system diagnostics policies setCreate all
system diagnostics capture output file set "RAM Drive and Flash"
system diagnostics capture output term set Disabled
system diagnostics capture point set Both
redundancy force-down-ports-time set 0
manage trap-logging power-supply-traps set enable
system diagnostics capture traffic-match-mode set "Inbound and Outbound"
appdirector global connectivity-check tcp-timeout set 3
security certificate table \
Name: PS_Cert \
Type: certificate \
MIIBkzCB/QICQsQwDQYJKoZIhvcNAQEEBQAwEjEQMA4GA1UEAxMHUmFkd2FyZTAe \
Fw0xMDA0MzAyMTE0NTRaFw0xMTA0MzAyMTE0NTRaMBIxEDAOBgNVBAMTB1JhZHdh \
cmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALdIdq7FfTIXKQ6DCyn9K0DD \
6Oq8cus6UOteYjaR7Uh49ELGZzuWIa1anKVjroZivRNUo8imUnZoT2i05YjBeXA6 \
acXHX2R2zgcGcMfv9xo0/fT4P/kJwPZw1dlnE3taxJV3GoZesVzAwY1UN4HPBzRS \
YyyJssatz+QE+lRwibwFAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEALavtgqcgXqKF \
w5+A2F+7YIcTAUMb9iEErvfpOmWOhPnCYCTe85vGvWwKiblaX9dW3bMEY04iGASR \
8XlI2+2WVx2c9+bCOoeQvlkNEEl+WBMPODdtmvRo6sM64R3VXj1zUhlaT8SIauh1 \
3vfarEHxCz0jTJ7Q/OXrOgZ6rTBxMqU= \
Name: radware \
Type: certificate \
MIIB2zCCAYUCAlwOMA0GCSqGSIb3DQEBBAUAMHgxCzAJBgNVBAYTAlVTMRAwDgYD \
VQQIEwdSYWR3YXJlMRAwDgYDVQQHEwdSYWR3YXJlMRYwFAYDVQQDEw0xNjkuMjU0 \
LjAuMjU0MRAwDgYDVQQKEwdSYWR3YXJlMRswGQYDVQQLExJSYWR3YXJlIHdlYiBz \
ZXJ2ZXIwHhcNMTAwMjA4MjEzNDI3WhcNMTEwMjA4MjEzNDI3WjB4MQswCQYDVQQG \
EwJVUzEQMA4GA1UECBMHUmFkd2FyZTEQMA4GA1UEBxMHUmFkd2FyZTEWMBQGA1UE \
AxMNMTY5LjI1NC4wLjI1NDEQMA4GA1UEChMHUmFkd2FyZTEbMBkGA1UECxMSUmFk \
d2FyZSB3ZWIgc2VydmVyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMXK79BTZAhS \
73YN8jMvODBAyVgooyBaW+itysolx9oBq2qRFvMJlagNihyIF1rd8WpUNwKCkXnP \
IBsU72iYQPkCAwEAATANBgkqhkiG9w0BAQQFAANBAGI8jmu64CMax9tU0Xyr0bqO \
EVszi5Vk2y0noebs6t8psMeC75qlDHeN3Lw2WBv/e26X1BEo3YoM9EVb3JNf4r8= \
Name: rdwrhmm \
Type: certificate \
MIIB8zCCAZ0CAkTnMA0GCSqGSIb3DQEBBAUAMIGDMQswCQYDVQQGEwJVUzEQMA4G \
A1UECBMHUmFkd2FyZTEQMA4GA1UEBxMHUmFkd2FyZTEaMBgGA1UEAxMRUlcgU1NM \
IG1vbml0b3JpbmcxEDAOBgNVBAoTB1JhZHdhcmUxIjAgBgNVBAsTGVJhZHdhcmUg \
SGVhbHRoIE1vbml0b3JpbmcwHhcNMTAwMjA4MjEzNDI4WhcNMTEwMjA4MjEzNDI4 \
WjCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB1JhZHdhcmUxEDAOBgNVBAcTB1Jh \
ZHdhcmUxGjAYBgNVBAMTEVJXIFNTTCBtb25pdG9yaW5nMRAwDgYDVQQKEwdSYWR3 \
YXJlMSIwIAYDVQQLExlSYWR3YXJlIEhlYWx0aCBNb25pdG9yaW5nMFwwDQYJKoZI \
hvcNAQEBBQADSwAwSAJBANWyhqErW6RxhMEjV51E9VaWSvsuIVeAbgGHpEnsxrGB \
4A5H5f9Fg+91WnqXHa0Hp5Iga0ZvoPEm7/KMCqfUYUECAwEAATANBgkqhkiG9w0B \
AQQFAANBAIB9/Uvd4268jZ4FqbKpWu7tzyUbcJ/Ejv08bwQJG9o7Pqh6kK9rnbdH \
CSlfBpt0ZK3TUd3HSsLuJuPZT03UyEY= \
-----END CERTIFICATE-----
!File Signature: 78c7f0287255999043abe3526d61ec60
- 43 -
Appendix 3 Starting PeopleSoft HRMS
Starting PeopleSoft HRMS 9.1 servers
1. Login to PeopleSoft machine as Administrator
2. Start/Command Prompt
Once in command prompt do the following.
3. cd\peoplesoft\pt850\appserv
4. This step will start the application server
psadmin
<Select 1 for Application Server>
<Select 1 for Administer a Domain>
<Select 1 for HR91>
<Select 1 for Boot this domain>
<Select 1 for Boot (Serial Boot))
Application server will start
Type q to exit until you get command prompt
5. This step will start Process scheduler

psadmin
<Select 2 for Process Scheduler>
<Select 1 for Start a Process Scheduler server>
<Select 1 for HR91>
Process scheduler will start
6. Start the Webserver
cd \peoplesoft\pt850\webserv\peoplesoft\bin
startpia
Will Start the Web Server
Past the following URL in web browser
http://localhost.radware.com/psp/ps/?cmd=login&languageCd=ENG
Login ID: PS
Password: PS
- 44 -
Appendix 4 Stop PeopleSoft HRMS
Stop PeopleSoft HRMS 9.1 servers
1. Login to PeopleSoft machine as Administrator
2. Start/Command Prompt
Once in command prompt do the following.
3. cd\peoplesoft\pt850\appserv
4. This step will stop the application server
psadmin
<Select 1 for Application Server>
<Select 1 for Administer a Domain>
<Select 1 for HR91>
<Select 2 for Domain shutdown menu>
5. This step will stop Process scheduler

psadmin
<Select 2 for Process Scheduler>
<Select 2 for Start a Process Scheduler server>
<Select 1 for HR91>
Process scheduler will Stop
6. Stop the Webserver
cd \peoplesoft\pt850\webserv\peoplesoft\bin
stoppia
Will Stop the Web Server
- 45 -
Appendix 5 PIA and load balancer checklist
For customers that use a load balancer, Oracle recommends using a cookie
(session) based load balancer for persistence.
1. Ensure all your webservers have the same cookie name in each weblogic.xml
file. This file can be found in the following directory:
<PS_HOME>/webserv/<DOMAIN-NAME>/applications/peoplesoft/PORTAL/WEB-INF/weblogic.xml
In this example, there's two webservers behind the load balancer. Therefore, verify
that your cookie names are the same:
weblogic.xml (webserver 1):

<session-param>
<param-name>CookieName</param-name>
<param-value>pststweb-7011-PORTAL-PSJSESSIONID</param-value>
</session-param>
weblogic.xml (webserver 2):

<session-param>
<param-name>CookieName</param-name>
<param-value>pststweb-7011-PORTAL-PSJSESSIONID</param-value>
</session-param>
Save both weblogic.xml files.
** If you're running Enterprise Portal and have content providers, please ensure
that all Enterprise Portal webserver cookie name are all exactly the same. The
content provider's webserver cookie names should have their own set of cookie
names. Therefore, both Portal and content should not have the exact same cookie
name. Suppose Enterprise Portal had 4 webservers and HR had 4 webservers. All
4 Enterprise Portal cookie names could be eportal-7011-PORTALPSJSESSIONID,
but all 4 HR cookie names could be hrms-7011-PORTAL-PSJSESSIONID.
2. In weblogic.xml, ensure CookieDomain is set in all weblogic.xml. This value is

automatically set when entering the authentication domain during the PIA
install. If the authentication domain isn't set during PIA install, please reinstall
PIA and set authentication domain.
<session-param>
<param-name>
CookieDomain
</param-name>
<param-value>
.company.com
- 46 -
</param-value>
3. In PIA, navigate to "PeopleTools -> Web Profile -> Web Profile Configurations".
Search for your Web Profile. Click on Virtual Address and populate your default
addressing. For example, suppose your end users access your load balancer
with the following URL:@ http://mycompany.com/ps/signon.html You would
need to set the following:
Default addressing Protocol: HTTP

Default addressing Name: mycompany.com
Default addressing Port: 80
* The above is an example. You'll need to populate with your load balancer info.
4. Please ensure PIA "Inactivity Logout" in seconds matches HTTP timeout in

minutes.
a) In PIA, navigate to "PeopleTools -> Web Profile -> Web Profile Configurations".
Search for webprofile. Click on "Security" tab. PIA timeout is "Inactivity Logout" in
seconds. Suppose "Inactivity Logout" = 1200 seconds.
b) In WebLogic, open web.xml file. This file can be found in the following directory:
<PS_HOME>/webserv/<DOMAIN-NAME>/applications/peoplesoft/PORTAL/WE
B-INF/web.xml WebLogic HTTP timeout appears in minutes:
<session-timeout>20</session-timeout>
In this example, ensure WebLogic HTTP timeout is 20 minutes to match "Inactivity

Logout" (1200 seconds). The Load Balancer's timeout should be higher than the
PIA "Inactivity Logout" timeout and webserver HTTP timeout. Please consult with
load balancer vendor to find out where to set load balancer timeout.
5. After updating weblogic.xml, web.xml and webprofile, you must bounce your
webservers.
- 47 -
Appendix 6 Certificates and Keys
Certificates
Certificates are digitally signed indicators which identify the server or user. They
are usually provided in the form of an electronic key or value. The digital certificate
represents the certification of an individual business or organizational public key
but can also be used to show the privileges and roles for which the holder has been
certified. It also includes information from a third party verifying identity.
Authentication is needed to ensure that users in a communication or transaction
are who they claim to be.
A basic certificate includes:

The certificate holders identity
The certificates serial number
The certificate holders expiry date
A copy of the certificate holders public key
The identity of the Certificate Authority (CA) and its digital signature to affirm the
digital certificate was issued by a valid agency.
Keys
A key is a variable set of numbers that the sender applies to decrypted data to
produce encrypted data, to be sent via the internet. Usually a pair of public and
private keys is used. A private key is kept secret and used, only by its owner, to
encrypt and decrypt data. A public key has a wide distribution and is not secret. It is
used for encrypting data and for verifying signatures. One key is used by the
sender to encrypt or interpret the data. The recipient also uses the key to
authenticate that the data comes from the sender.
The use of keys ensures that unauthorized personnel cannot decipher the data.
Only with the appropriate key can the information be easily deciphered or
understood. Stolen or copied data would be incomprehensible without the
appropriate key to decipher it and prevent forgery. AppDirector supports the
following key size lengths - 512, 1024 or 2048 bytes.
To create a Certificate Signing Request (CSR)
When a new Certificate is needed, this process should be followed

1. Create a certificate (see Certificates Table) and select CSR.
2. Complete the relevant fields (or update the defaults before you start)
3. Click OK. The Key and CSR are created
4. Move to the Export Certificates window. Export the CSR to file or Text and send
to a Certificate Signing Authority such as VeriSign.
5. After receiving the signed certificate back from CA, use the Import Certificates
window to import it into the CSR and convert it to a Key and a Certificate.
- 48 -
Appendix 7 HTTP redirect to HTTPS
The following instructions shows how to create a L7 Policy that redirects HTTP
traffic to same host name same URI over HTTPS. This L7 Policy is a safety net; it
catches the traffic that incorrectly comes in on HTTP and redirects it to HTTPS.
https://ps.estuate.psft/psp/ps/?cmd=login
Note: AppDirector needs to be configured with a L7 rule in order to identify the

HTTP traffic that needs to be converted to HTTPS.
Methods Table
A method is defined to identify the Host/URI that is used to identify the traffic that is
to be converted from HTTP to HTTPS.
The Methods are mapped to the three rules described above.
1. From the menu, select AppDirector Layer 7 Farm Selection Methods

to display the Methods Table page similar to the one shown below:

3. On the Methods Table Create page, enter the necessary parameters as
shown below:
4. Select the to enter in the arguments below:
- 49 -
Layer 7 Policy Table
1. From the menu, select AppDirector Layer 7 Farm Selection Policies to

display the Layer 7 Policies Table page similar to the one shown below:

3. On the Policy Table Create page, enter the necessary parameters as shown
below:
4. Select the to enter in the arguments below:
- 50 -
Note: HTTPS Redirect To (RDRS): AppDirector redirects the HTTP request to the
specified name or IP and modifies the request to an HTTPS request.
1. From the menu, select AppDirector Layer 4 Traffic Redirection Layer 4

Policy Table to display the Layer 4 Policy Table page similar to the one
shown below:

3. On the Layer 4 Policy Table Create page, enter the necessary parameters as
shown below.
- 51 -
- 52 -
Appendix 8 Test Plan
Test Case Action Expected Result Actual Result Status
- Open Browser Window

PeopleSoft PIA - Paste the following web URL PIA Login Page should Display PIA Login Page
Login Page https://ps.estuate.psft/ps/sign displayed
on.html
- Provide Login name as PS,
PIA Home Page Password : PS PeopleSoft HRMS Home Page HRMS Home Page
should Display after successful is displayed
Login
- Click on MainMenu
Update a Person - Click on Workforce Modify a Person Search Page Modify a Person
access search Administration should display Search Page
Page - Click on Personal Information displayed
- Click on Modify a Person
- Type letter S in Name field When you type letter

Enter Search - Choose a name from Popup S a popup with list of Pop with list of
Criteria - Click on Search names starting with names starting
S will appear. with S is displayed.
Person Detail with
Biographical Details Person Detail with
tab will display Biographical
details tab is
displayed
- Click on Community search

Change (hour glass) List of Value popup will display
Biographical detail - Change Birth Location
and save - Click Save Saved message displayed on top Save message
right displayed on top
right
- GO back to Modify a Person

Query and Verify search page by clicking on Biographical detail tab will Biographical detail
Saved detail Modify a Person (bread crum) display birth location. displayed birth
- Select the same person you location.
just saved
- Click on Search
- Biographical detail tab will
display the changed value

PeopleSoft Web - At least 4 users should log in to PIA Login Page should Display PIA Login page
Server Load the PIA displayed
Balance - Provide Login name and
password for the 4 different
instances with same user id
PIA Home Page should Display
password PS/PS.
after successful Login for all the Web Server 1 has
four users 2 users connected
and Web Server 2
has 2 users
connected
- Navigate to different pages in

PIA Web Server all four users PeopleSoft pages should display PIA Web Server
Session without any fault Sessions are
Persistence persistent based
on Radware
Inserted HTTP
session cookies
(Sticky Session)
PIA Web Server Sessions should

be persistent
Radware AD shows
all requests within
same session are
routed to same
Web Server.
- Bring down one webserver in

PIA App Server PeopleSoft 2 server Users should not get any errors PIA Home Pages
Failure/Health - Login with all 4 users are displayed after
Check successful Login
for all the 4 users
Radware AD shows
- 53 -
Not in Service for
PeopleSoft Server
2
- Login to PIA
PIA Web Client - Leave the session open for 20 PIA session will time out amd PIA home session
Session Timeout min display session timeout error timeout page
page will display after 20 mins of displayed after 20
idle time. mins of idle time.

PIA Web Server - Paste the following web URL PIA Login Page should Display PIA Login Page is
Caching https://ps.estuate.psft/ps/sign displayed
on.html
The AppDirector Cache Summery

- View AppDirector: Performance page should display the pages The AppDirector
> Acceleration > Cache > cached Cache Summery
Summery page displays the
- Clear Cache from browser and pages cached
login from a new browser
- View AppDirector: Performance
> Acceleration > Cache > The second time should show
Summery cached hits
- The second time
shows cached hits

Compression https://ps.estuate.psft/ps/sign displayed
on.html
The AppDirector Compression

- View AppDirector: Performance Summery page should display
> Acceleration > Compression the compression stats.
> Summery
The AppDirector
Compression
Summery page
displays the
compression stats.

SSL offloading https://ps.estuate.psft/ps/sign displayed
on.html
The AppDirector SSL Statistics

- View AppDirector: Performance Summery page should display The AppDirector
> Acceleration > SSL > the SSL stats. SSL Statistics
Statistics Summery Summery page
displays the SSL
stats.
- 54 -
Technical Support
Radware offers technical support for all of its products through the Radware
Certainty Support Program. Please refer to your Certainty Support contract, or the
Radware Certainty Support Guide available at:
http://www.radware.com/content/support/supportprogram/default.asp.
For more information, please contact your Radware Sales representative or:
U.S. and Americas: (866) 234-5763
International: +972(3) 766-8666
2008 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service
names are registered trademarks or trademarks of Radware in the U.S. and other countries. All
other trademarks and names are the property of their respective owners.
- 55 -

Appdirector and Oracle Peoplesoft Hrms 9.1 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Appdirector and Oracle Peoplesoft Hrms 9.1 PDF

Uploaded by

Copyright:

Available Formats

Radwares AppDirector and Oracle PeopleSoft HRMS 9.

Oracle PeopleSoft 9.1

PeopleSoft 9.1 Application Overview

Oracle's PeopleSoft Enterprise applications are designed to address the most

PeopleSoft provided human resource management systems (HRMS) and

The architecture is built around PeopleSofts proprietary PeopleTools technology.

For more information on PeopleSoft Enterprise, see

Radwares AppDirector is an intelligent application delivery controller (ADC) that

AppDirector is powered by the innovative OnDemand Switch platform. OnDemand

For more information, please visit: http://www.radware.com/

The configuration of PeopleSoft HRMS 9.1 should be running PeopleTools version

Oracle/PeopleSoft uses the term "sticky sessions", which is synonymous of

NOTE: When SSL is in use, it is recommended to terminate SSL at the load

Domain Name and Host name for the site

In weblogic.xml, ensure CookieDomain is set in all weblogic.xml. This value is

For example estuate.psft is set as the CookieDomain.

Modify the PeopleSoft configuration PSFT PIA (PeopleSoft Internet Architecture)

1. Login into PeopleSoft PIA with admin userid/password (PS/PS)

SSL Configuration on AppDirector

In PIA, navigate to "PeopleTools -> Web Profile -> Web Profile

AppDirector and PeopleSoft 9.1 Architecture

Key features implemented on the AppDirector to support this solution:

Service health monitoring

See Appendix 8 for a full test plan description.

EBSO Basic Health Check

Test Case Status

PeopleSoft PIA Login Page PASS

PIA Home Page PASS

Update a Person access search Page PASS

Enter Search Criteria PASS

Change Biographical detail and save PASS

Query and Verify Saved detail PASS

PIA Web Client Session Timeout PASS

PIA Web Server Compression PASS

PIA Web Server SSL Offloading PASS

Table 1.0 - Test Conducted for Solution Validation

PeopleSoft Server Name Service Port Network IP Address

Primary AppDirector Routing table

Backup AppDirector Routing table

Table 2.0 Lab Configuration

Primary AppDirector Configuration

The default console port settings are:

net ip-interface create 192.168.1.50 255.255.255.0 MNG-1 pa 192.168.168.51

Note: It may require deletion of a self-configured interface to create a new

2. Using a browser, connect to the management IP Address of the AppDirector

Failure to establish a connection may be due to the following:

1. From the menu, select Router IP Router Interface Parameters to

4. Click the Set button to save parameters.

4. Click the Set button to save parameters.

Create Cache Policy

1. From the menu, select AppDirector Layer 4 Traffic Redirection

4. Click the Set button to save the parameters.

Create Compression Policy

1. From the menu, select AppDirector Layer 4 Traffic Redirection

Note: this version of hardware supports hardware compression.

4. Click the Set button to save the parameters.

Create SSL Certificate

1. From the menu, select Security Certificates Table to display the

2. Click the Create button.

5. Click the Set button to save the Passphrase.

Create SSL Policy

1. From the menu, select AppDirector Layer 4 Traffic Redirection SSL

4. Click the Set button to save the parameters.