Configuring Ssh2 As A Generic Process; Choosing A Persistence Mechanism - HP NonStop SSH 544701-014 Reference Manual

Configuring SSH2 as a Generic Process

The following sample SCF commands can be used to configure a SSH2 server as a generic process:
ALLOW ALL ERRORS
ASSUME PROCESS $ZZKRN
ABORT #SSH2
DELETE #SSH2
ADD #SSH2, AUTORESTART 10,
HOMETERM $ZHOME,
PRIORITY 158,
PROGRAM $SYSTEM.COMFSSH2.SSH2,
DEFAULTVOL $SYSTEM.COMFSSH2,
NAME $SSH2,
STARTUPMSG "SERVER; PORT 22; SUBNET $ZTC01; LOGCONSOLE *;
LOGFILE SSHLOG ",
STARTMODE MANUAL,
USERID SUPER.SUPER ,
CPU FIRST
START #SSH2
INFO #SSH2
STATUS #SSH2
Before running SSH2 as a generic process, we recommend that you have a working RUN SSH2 command at the TACL
level. This command should be easy to convert to the respective SCF ADD command. For example, the SSH2 startup
line parameters are specified with the STARTUPMESSAGE parameter.
If running SSH2 as a generic process, we recommend that users send the SSH2 log output to a log file instead of writing
it to the home terminal, which is the default approach. In the example above, console logging is turned off, while log
messages are written to the SSHLOG file on the default volume.
If you want to configure multiple SSH2 servers listening on the same port with parallel library TCP/IP or TCP/IPV6
round-robin filtering, you should specify the filter key with the PTCPIPFILTERKEY configuration parameter.
(DEFINEs cannot be propagated to generic processes.) Likewise, you can use the TCPIPHOSTFILE,
TCPIPNODEFILE, and TCPIPRESOLVERNAME parameters to configure TCPIP settings, which are usually passed as
DEFINEs.
Please refer to the SCF Reference Manual for the Kernel Subsystem in the HP NonStop documentation set for further
details.

Choosing a Persistence Mechanism

Determining whether it is more effective to configure SSH2 as a NonStop process pair or as a generic process depends
on your system environment and the expected SSH transfer volume.
For an environment with low volumes of SSH traffic, it may be sufficient to run a single SSH2 process pair. However, if
you expect a higher traffic volume, you may want to distribute the CPU load across the available CPUs on your system.
This can be done by starting multiple SSH2 instances as described in the "Load Balancing" section above. Running
multiple SSH2 instances may have an influence on the fault-tolerance mechanism you choose. Following are key
considerations:
•
When running multiple process pairs of SSH2 listening on the same port, you should not start a primary SSH2
process in a CPU that is used as a backup process by another SSH process pair. If you do, there will be a
conflict with two processes trying to listen on the same port in case of failover. Consequently, the maximum
number of SSH2 process pairs listening on the same port is the number of CPUs on your system divided by two.
Furthermore, the CPU load generated by the SSH encryption would only be distributed across the primary
CPUs of the SSH2 instances.
•
When running SSH2 as a generic process, you can rely on the persistence manager to restart SSH2. It is not
necessary to start SSH2 as a process pair. Hence, if you want to distribute the load evenly across all processors,
HP NonStop SSH Reference Manual
&
&
&
&
&
&
&
&
&
&
Configuring and Running SSH2 • 121