26 • Installation HP NonStop SSL Reference Manual
Installing a Secure Tunnel for ODBC/MX
Note 1: The configuration for ODBC/MX differs from the configuration for ODBC/MP. This section describes the
configuration for ODBC/MX; please see the prior section for the configuration for ODBC/MP.
Note 2: NonStop ODBC/MX uses multiple port numbers to create connections between the ODBC/MX clients and the
NonStop server. HP NonStop SSL is aware of that and "multiplexes" many connections over a single IP connection
between the clients and the NonStop server. That has two benefits:
- only a single port needs to be open at the firewall.
- the configuration of HP NonStop SSL becomes easier.
To install HP NonStop SSL to encrypt an Open Database Connectivity ODBC/MX connection, you will need to perform
the following steps:
1. On the NonStop server, install an HP NonStop SSL ODBC/MX server proxy (ODBCMXS) process for the
target ODBC/MX server process.
2. On the workstation, install RemoteProxy and configure it to route plain ODBC/MX connections to the HP
NonStop SSL ODBCMXS process.
3. Re-configure the ODBC/MX driver on your workstation to connect to RemoteProxy.
To Install an HP NonStop SSL ODBCMXS process for ODBC/MX
1. Determine the ODBC/MX server process you want to install the secure proxy for and find out the TCP/IP
process and port number it is listening on. Note that ODBC/MX consists of multiple server processes; you
should look for the port number of the ODBC/MX Association server. This is the MXCS port number you
configure in the ODBC/MX client configuration (only!). We will assume a value of 18888 here.
2. Select a port number that will be used for SSL ODBC/MX connections, e.g. 28888
3. At your TACL prompt, run the HP NonStop SSL SETUP macro:
> VOLUME $SYSTEM.ZNSSSL
> RUN SETUP
4. Select "ODBC/MX SERVER" as run mode and follow the installation instructions.
Enter the TCPIP process name for the subnet the ODBC/MX Association server runs on. Note that the
SUBNET and TARGETSUBNET parameters will be set to the process name you provided here. Next, enter the
listening port number as determined in (2) above for incoming SSL-encrypted ODBC/MX client connections.
Note that you will not be prompted for a TARGETPORT because it will be determined automatically based on
the client side configuration.
Finally the SETUP macro will create a configuration file (e.g. ODBSCF0) and an SCF IN file for the
installation as persistent process (e.g. ODBSIN0).
5. Edit the HP NonStop SSL ODBCMXS configuration file (e.g. ODBSCF0) to configure any additional
parameters, if desired. Be careful with the additional parameter "TARGETHOST" that can be used to route
outgoing traffic to another host.
For security reasons, you should specify the "local loopback address" (127.0.0.1) as TARGETHOST since this
avoids that unencrypted data traverses the network. The TARGETHOST parameter will default to "127.0.0.1" if
omitted. In some cases it might be desired to handle incoming connections (originating e.g. from RemoteProxy)
on a specific subnet and route the outgoing connections (to the ODBC/MX Association server) to another
subnet. In that case you can set the SUBNET (incoming) and TARGETSUBNET (outgoing) parameter value to
the respective process name. If TARGETSUBNET is omitted it defaults to the value of SUBNET.
6. Install the ODBCMXS proxy persistent process, e.g.
> SCF /IN ODBSIN0/
7. Start the HP NonStop SSL ODBCMXS persistent process, e.g.
To Next Page
Loading...
Need help?
General