Summary of the content on the page No. 1
Sun™ Crypto Accelerator 4000
Board Installation and User’s Guide
Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054 U.S.A.
650-960-1300
Part No. 817-0431-10
May 2003, Revision A
Send comments about this document to:docfeedback@sun.com
Summary of the content on the page No. 2
Copyright 2003 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. This product or document is distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Third-party software, including font technology, is copyrighted and licensed from Sun suppliers. Parts of the product may b
Summary of the content on the page No. 3
Declaration of Conformity (Fiber MMF) Compliance Model Number: Venus-FI Product Family Name: Sun Crypto Accelerator 4000 - Fiber (X4012A) EMC USA - FCC Class B This equipment complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: 1) This equipment may not cause harmful interference. 2) This equipment must accept any interference that may cause undesired operation. European Union This equipment complies with the following requirements of the EMC Directive 89
Summary of the content on the page No. 4
EC Type Examination Certificates: EN 60950:2000, 3rd Edition IEC 60950:2000, 3rd Edition Evaluated to all CB Countries UL 60950, 3rd Edition, CSA C22.2 No. 60950-00 Supplementary Information This product was tested and complies with all the requirements for the CE Mark. /S/ /S/ Dennis P. Symanski Pamela J Dullaghan Manager, Compliance Engineering Quality Program Manager Sun Microsystems, Inc. Sun Microsystems Scotland, Limited 4150 Network Circle, MPK15-102 Springfield, Linlithgow Santa Clara, C
Summary of the content on the page No. 5
EN61000-4-2 6 kV (Direct), 8 kV (Air) EN61000-4-3 3 V/m 80-1000MHz, 10 V/m 800-960 MHz and 1400-2000 MHz EN61000-4-4 1 kV AC and DC Power Lines, 0.5 kV Signal Lines, EN61000-4-5 2 kV AC Line-Gnd, 1 kV AC Line-Line and Outdoor Signal Lines, 0.5 kV Indoor Signal Lines > 10m. EN61000-4-6 3 V EN61000-4-11 Pass As information Technology Equipment (ITE) Class B per (as applicable): EN55022:1998/CISPR22:1997 Class B EN55024:1998 Required Limits: EN61000-4-2 4 kV (Direct), 8 kV (Air) EN61000-4-3 3 V/m E
Summary of the content on the page No. 6
vi Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003
Summary of the content on the page No. 7
Regulatory Compliance Statements Your Sun product is marked to indicate its compliance class: • Federal Communications Commission (FCC) — USA • Industry Canada Equipment Standard for Digital Equipment (ICES-003) — Canada • Voluntary Control Council for Interference (VCCI) — Japan • Bureau of Standards Metrology and Inspection (BSMI) — Taiwan Please read the appropriate section that corresponds to the marking on your Sun product before attempting to install the product. FCC Class A Notice This de
Summary of the content on the page No. 8
ICES-003 Class A Notice - Avis NMB-003, Classe A This Class A digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada. ICES-003 Class B Notice - Avis NMB-003, Classe B This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. viii Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003
Summary of the content on the page No. 9
BSMI Class A Notice The following statement is applicable to products shipped to Taiwan and marked as Class A on the product compliance label. ix
Summary of the content on the page No. 10
x Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003
Summary of the content on the page No. 11
Contents 1. Product Overview 1 Product Features 1 Key Protocols and Interfaces 1 Key Features 2 Supported Applications 2 Supported Cryptographic Protocols 2 Diagnostic Support 3 Cryptographic Algorithm Acceleration 3 Supported Cryptographic Algorithms 3 Bulk Encryption 4 Hardware Overview 5 IPsec Hardware Acceleration 5 Sun Crypto Accelerator 4000 MMF Adapter 6 LED Displays 6 Sun Crypto Accelerator 4000 UTP Adapter 7 LED Displays 8 Dynamic Reconfiguration and High Availability 9 Load Sharing 9 H
Summary of the content on the page No. 12
Required Patches 10 Apache Web Server Patch 10 Solaris 8 Patches 11 Solaris 9 Patches 11 2. Installing the Sun Crypto Accelerator 4000 Board 13 Handling the Board 13 Installing the Board 14 ▼ To Install the Hardware 14 Installing the Sun Crypto Accelerator 4000 Software 16 ▼ To Install the Software 16 Installing the Optional Packages 18 Directories and Files 19 Removing the Software 21 ▼ To Remove the Software 21 3. Configuring Driver Parameters 23 Sun Crypto Accelerator 4000 Ethernet Device Dri
Summary of the content on the page No. 13
Noninteractive and Interactive Modes 34 Setting Autonegotiation or Forced Mode 36 ▼ To Disable Autonegotiation Mode 37 Setting Parameters Using thevca.conf File 38 ▼ To Set Driver Parameters Using avca.conf File 38 Setting Parameters for All Sun Crypto Accelerator 4000vca Devices With thevca.conf File 39 ▼ To Set Parameters for All Sun Crypto Accelerator 4000vca Devices With thevca.conf File 40 Examplevca.conf File 40 Enabling Autonegotiation or Forced Mode for Link Parameters With the OpenBoot
Summary of the content on the page No. 14
Logging In to a New Board 59 Logging In to a Board With a Changed Remote Access Key 60 vcaadm Prompt 61 Logging Out of a Board Withvcaadm 61 Entering Commands Withvcaadm 63 Getting Help for Commands 64 Quitting thevcaadm Program in Interactive Mode 65 Initializing the Sun Crypto Accelerator 4000 Board Withvcaadm 65 ▼ To Initialize the Sun Crypto Accelerator 4000 Board With a New Keystore 66 Initializing the Sun Crypto Accelerator 4000 Board to Use an Existing Keystore 67 ▼ To Initialize the Sun
Summary of the content on the page No. 15
Displaying Board Status 77 Loading New Firmware 78 Resetting a Sun Crypto Accelerator 4000 Board 78 Rekeying a Sun Crypto Accelerator 4000 Board 79 Zeroizing a Sun Crypto Accelerator 4000 Board 80 Using thevcaadmdiagnostics Command 80 Usingvcadiag 81 5. Configuring Sun ONE Server Software for Use With the Sun Crypto Accelerator 4000 Board 85 Administering Security for Sun ONE Web Servers 85 Concepts and Terminology 86 Tokens and Token Files 87 Token Files 87 Enabling and Disabling Bulk Encryptio
Summary of the content on the page No. 16
Installing and Configuring Sun ONE Web Server 6.0 101 Installing Sun ONE Web Server 6.0 101 ▼ To Install Sun ONE Web Server 6.0 101 ▼ To Create a Trust Database 102 ▼ To Generate a Server Certificate 104 ▼ To Install the Server Certificate 107 Configuring Sun ONE Web Server 6.0 for SSL 108 ▼ To Configure the Sun ONE Web Server 6.0 108 6. Configuring Apache Web Servers for Use With the Sun Crypto Accelerator 4000 Board 111 Enabling the Board for Apache Web Servers 112 Enabling Apache Web Servers
Summary of the content on the page No. 17
▼ Performing the Ethernet FCode Self-Test Diagnostic 129 Troubleshooting the Sun Crypto Accelerator 4000 Board 132 show-devs 132 .properties 133 watch-net 134 A. Specifications 135 Sun Crypto Accelerator 4000 MMF Adapter 135 Connectors 135 Physical Dimensions 137 Performance Specifications 137 Power Requirements 137 Interface Specifications 138 Environmental Specifications 138 Sun Crypto Accelerator 4000 UTP Adapter 138 Connectors 138 Physical Dimensions 140 Performance Specifications 140 Power
Summary of the content on the page No. 18
E. Manual Pages 161 F. Zeroizing the Hardware 163 Zeroizing the Sun Crypto Accelerator 4000 Hardware to the Factory State 163 ▼ To Zeroize the Sun Crypto Accelerator 4000 Board With the Hardware Jumper 164 G. Frequently Asked Questions 167 How Do I Configure the Web Server to Startup Without User Interaction on Reboot? 167 ▼ To Create an Encrypted Key for Automatic Startup of Apache Web Servers on Reboot 167 ▼ To Create an Encrypted Key for Automatic Startup of Sun ONE Web Servers on Reboot 168
Summary of the content on the page No. 19
Tables TABLE 1-1 IPsec Cryptographic Algorithms 3 TABLE 1-2 SSL Cryptographic Algorithms 3 TABLE 1-3 Supported SSL Algorithms 4 TABLE 1-4 Front Panel Display LEDs for the MMF Adapter 6 TABLE 1-5 Front Panel Display LEDs for the UTP Adapter 8 TABLE 1-6 Hardware and Software Requirements 10 TABLE 1-7 Required Solaris 8 Patches for Sun Crypto Accelerator 4000 Software 11 TABLE 2-1 Files in the/cdrom/cdrom0 Directory 17 TABLE 2-2 Sun Crypto Accelerator 4000 Directories 19 TABLE 3-1 vca Driver Parame
Summary of the content on the page No. 20
TABLE 3-12 Cryptographic Driver Statistics 43 TABLE 3-13 Ethernet Driver Statistics 44 TABLE 3-14 TX and RX MAC Counters 45 TABLE 3-15 Current Ethernet Link Properties 47 TABLE 3-16 Read-Onlyvca Device Capabilities 47 TABLE 3-17 Read-Only Link Partner Capabilities 48 TABLE 3-18 Driver-Specific Parameters 49 TABLE 4-1 vcaadm Options 56 TABLE 4-2 vcaadm Prompt Variable Definitions 61 TABLE 4-3 connect Command Optional Parameters 62 TABLE 4-4 Security Officer Name, User Name, and Keystore Name Requ