HP-UX 11i NSA HTTP frequently asked questions

1. What is HP-UX 11i NSA HTTP?
The HP-UX 11i NSA HTTP product enables NSA (Network Server Accelerator) functionality for HTTP (Hyper Text Transfer Protocol). NSA HTTP improves Web server performance by caching recently accessed Web pages in the kernel (i.e. inside your HP-UX 11i operating system).

2. Why should I use HP-UX 11i NSA HTTP?
NSA HTTP will improve your Web server’s performance by maintaining an in-kernel cache of recently accessed Web pages. With HP-UX 11i NSA HTTP activated, you will increase your Web server’s capacity to process HTML requests, and will service more content faster.

3. How does it work?
When a user requests an HTML page contained in the NSA HTTP cache, the page is served directly from the kernel (i.e. the operating system) and requires no Web server involvement. Serving Web pages from an in-kernel cache instead of passing the requests to a user-space Web server minimizes instruction processing, which results in tremendous performance improvement. Refer to the Network Server Accelerator HTTP Performance White Paper for more information.

4. On which HP-UX 11i versions is NSA HTTP supported?
NSA is supported on HP-UX 11i (B.11.11) and HP-UX 11i version 2 (B11.23). You can execute the “uname –a” command to determine which version of HP-UX 11i you are running.

Sample output on HP-UX 11i from this command contains B.11.11 string:
HP-UX 11i myhost B.11.11 U 9000/800 2003870107 unlimited-user license

Sample output on HP-UX 11i version 2 from this command contains B.11.23 string:
HP-UX 11i myhost B.11.23 U ia64 1778976783 unlimited-user license

5. Does HP-UX 11i version of NSA HTTP product work on HP-UX 11i version 2 system?
No. The HP-UX 11i (B.11.11) version of NSA HTTP is not operational in HP-UX 11i version 2 (B.11.23) environment. If you upgrade a system from B.11.11 to B.11.23, the old version of NSA HTTP needs to be removed from the system. This will be done automatically by the update-ux utility. The new NSA HTTP depot for HP-UX 11i version 2 can be downloaded for free from the HP Software Depot at http://www.software.hp.com/ (keyword NSAHTTP).

Before upgrading your system from B.11.11 to B.11.23 stop any Web services which are using NSA HTTP service. When your execute the update-ux utility it will remove the HP-UX 11i version of the NSA HTTP product from the system. After the update is completed, install the new NSA HTTP product for HP-UX 11i version 2 available from the HP Software Depot at http://www.software.hp.com/ (keyword NSAHTTP).

6. What products does HP-UX 11i NSA HTTP work with?
HP-UX 11i NSA HTTP works with any Web server supported on HP-UX 11i.

7. What customer documentation is available for HP-UX 11i NSA HTTP, and how can I find it? Go to http://docs.hp.com and scroll down to the "Internet and Security Solutions" topic. Then click on the Network Server Accelerator link. The following documentation is provided:

• Network Server Accelerator HTTP Performance White Paper
• HP-UX 11i NSA HTTP Release Notes (HP-UX 11i v1)
• HP-UX 11i version 2 NSA HTTP Release Notes (HP-UX 11i v2)

1. Where can I obtain HP-UX 11i NSA HTTP?
The HP-UX 11i NSA HTTP product can be downloaded from the HP Software Depot at http://software.hp.com. Search for the Network Server Accelerator product using the keyword NSAHTTP. “Network Server Accelerator (NSA HTTP)” link will take you to the product overview page. Click on the “receive for free” button to obtain the product. After completing and submitting the registration form, click on the link under “download software”' to transfer the software depot to your computer.

2. What is the cost?
The HP-UX 11i NSA HTTP product is available at no charge. You can download it for free.

3. Is there a trial version?
No, no trial version is available. The free software can be downloaded for any testing or experimental purposes.

1. What features does HP-UX 11i NSA HTTP support?
NSA HTTP for HP-UX 11i provides the following features:

• Superior Web server performance
• Network Server Accelerator capability available on a per-port basis
• HTTP in-kernel data caching
• HTTP protocol processing facility
• Virtual Web server support
• Binary format logging
• Log file format conversion utility

2. What standards does HP-UX 11i NSA HTTP support?
The HP-UX 11i NSA HTTP product supports RFC2616 (Hypertext Transfer Protocol – HTTP/1.1) and RFC1945 (Hypertext Transfer Protocol – HTTP/1.0).

3. What are the HP-UX 11i NSA HTTP limitations?
NSA HTTP cache size management is not currently integrated with the file system buffer cache. If the NSA HTTP product is installed, HP suggests that you verify and possibly decrease the size of the file system buffer cache. Refer to the "Limitations" section of the Release Notes for more details.

4. Where can I find more information?
The following documentation for the Network Server Accelerator is available at http://docs.hp.com on the "Internet and Security Solutions" page.

• Network Server Accelerator HTTP Performance White Paper
• HP-UX 11i NSA HTTP Release Notes (HP-UX 11i v1)
• HP-UX 11i version 2 NSA HTTP Release Notes (HP-UX 11i v2)

When you install NSA HTTP, the following product documentation is delivered with the NSA HTTP product:

• nsahttp(1) manual page (execute “man nsahttp” command to view the manual)
• NSA HTTP Release Notes (located at /usr/share/doc/RelNotes.nsahttp.txt)

1. What is the HP-UX 11i NSA HTTP support model?
NSA HTTP Release is supported by HP Worldwide Response Centers for customers with an HP-UX 11i support contract.

1. What are the system requirements?
HP-UX 11i NSA HTTP for HP-UX 11i requires:

• Hewlett-Packard PA-RISC-based system
• HP-UX 11i (B.11.11) operating environment
• PHNE_28089 (or greater), cumulative ARPA Transport patch for 11.11
• HP-UX 11i NSA HTTP Release Depot (B.11.11.01.01)
• Approximately 500 Kbytes of disk space

HP-UX 11i NSA HTTP for HP-UX 11i version 2 requires:

• HP Integrity Server or Workstation (Intel® Itanium®-based system), or HP 9000 Server (PA-RISC system)
• HP-UX 11i version 2 (B.11.23) operating environment
• HP-UX 11i version 2 NSA HTTP Release Depot (B.11.23.01.01)
• Approximately 500 Kbytes of disk space

2. What patches do I need?
NSA HTTP for HP-UX 11i requires PHNE_28089 (or its replacement) - cumulative ARPA Transport patch for 11.11. This patch must be installed on the system prior to installing the NSA HTTP software.

To verify if PHNE_28089 is already installed on the system, execute the following command:
swlist | grep PHNE_28089

No patches are required to install NSA HTTP product for HP-UX 11i version 2.

3. How can I determine which version of HP-UX 11i NSA HTTP is on my system?
You can execute the “swlist | grep NSAHTTP” command to display which NSA HTTP product version you are using.

The expected output on HP-UX 11i from this command is
NSAHTTP B.11.11.01.02 NSA HTTP Bundle for HP-UX 11i

The expected output on HP-UX 11i version 2 from this command is
NSAHTTP B.11.23.01.02 NSA HTTP Bundle for HP-UX 11i version 2

4. Does installing HP-UX 11i NSA HTTP require a kernel rebuild?
No. HP-UX 11i NSA HTTP includes a DLKM (Dynamically Loadable Kernel Module) which does not require a reboot as long as the module is not busy. Refer to the Release Notes for more details.

5. How long does it take to install?
Installing HP-UX 11i NSA HTTP is a simple process. Refer to the "Installing NSA HTTP" section of the HP-UX 11i NSA HTTP Release Notes for instructions. You can also read the installation steps when you are ready to download the product from software.hp.com.

6. Can I install HP-UX 11i NSA HTTP from SAM and how?
No, installation from SAM is not available. Use the “swinstall” utility to install the NSA HTTP product.

7. Can I update HP-UX 11i NSA HTTP on my system?
Yes. Installing a new version of HP-UX 11i NSA HTTP on a system will replace any existing NSA HTTP installation on the system.

8. How can I uninstall this product?
Refer to the "Deinstalling NSA HTTP" section of the HP-UX 11i NSA HTTP Release Notes for detailed deinstallation instructions. Information is also available at /usr/share/doc/RelNotes.nsahttp.txt on the system.

9. Is there a step-by-step installation guide for HP-UX 11i NSA HTTP?
Yes. Installation instructions are provided in the "Installing NSA HTTP" section of the HP-UX 11i NSA HTTP Release Notes. You can also read the installation steps when you are ready to download the product from software.hp.com.

1. What HP-UX 11i NSA HTTP parameters can or need to be configured?
You can use either the administrative utility or the configuration file provided with the NSA HTTP product to configure NSA HTTP. Refer to the Release Notes and the nsahttp(1) man page for more information. The NSA HTTP parameters that you can configure include:

• TCP port number for NSA registration and deregistration
• Maximum system memory usage for the URI data cache
• Idle HTTP TCP connection timeout value
• NSA HTTP cache entry timeout
• Maximum URI data size (maximum web page size) that can be cached by the NSA HTTP service
• HTTP access logging options
• Statistics collection
• Debug level for event logging

2. Are any new HP-UX 11i commands provided with the NSA HTTP product?
Yes. HP-UX 11i NSA HTTP provides the “nsahttp” administrative utility for configuring and displaying information about NSA HTTP. The “nsahttp” command is accompanied by the nsatthp(1) manual page (execute “man nsahttp” to view it) as well as described in detail in the NSA HTTP Release Notes.

3. What kernel parameters need to be configured?
In most cases – none. But if the NSA HTTP maximum cache size percentage plus the minimum file system buffer cache percentage is 100% or more, HP recommends that you decrease one of these parameters so their sum does not exceed 100%. Refer to the "Limitations" section of the Release Notes for more details.

4. Do I need to migrate NSA HTTP configuration files?
Migration may be required if you installed NSA HTTP B.11.11.01.02 on a system that contains a previous version of NSA HTTP product. In that case, you may need to migrate NSA HTTP configuration file /etc/rc.config.d/nsahttpconf. Migration is necessary only if you have customized /etc/rc.config.d/nsahttpconf in the past. Refer to the NSA HTTP Release Notes located at /usr/share/doc/RelNotes.nsahttp.txt for more information.

5. Is there a step-by-step configuration guide for HP-UX 11i NSA HTTP?
Yes. Configuration and activation instructions are provided in the HP-UX 11i NSA HTTP Release Notes, also available at /usr/share/doc/RelNotes.nsahttp.txt on the system.

1. What are the performance benefits of using HP-UX 11i NSA HTTP on my system?
HP-UX 11i NSA HTTP provides a new feature for the HTTP protocol: the ability to service URI requests from a data cache in the kernel. Because web page requests no longer have to be passed to a user space HTTP application, NSA HTTP will improve performance of your Web server for static web pages. More detailed information on the performance improvement with NSA HTTP is provided in the NSA HTTP White Paper.

2. How can I tune my Web server’s performance?
Modifying the following NSA HTTP operating parameters can help improve your Web server’s performance:

• Maximum NSA HTTP Cache Percentage
• Cache Entry Timeout
• Maximum URI Page Size

For best performance, an optimal value for each of these parameters must be found. Refer to the Network Server Accelerator HTTP Performance White Paper for detailed explanation of each of these parameters, and how they can be tuned to improve the Web server’s performance.

3. What dependencies affect HP-UX 11i NSA HTTP performance?
You should set the value of the Maximum NSA HTTP Cache Percentage in conjunction with the system buffer cache minimum percentage (dbc_min_pct). The sum of the NSA HTTP maximum cache size plus the value for the minimum file system buffer cache percentage should be no greater than 100%. This is explained in more detail in both the Release Notes and the NSA HTTP White Paper.

1. How can I verify NSA HTTP is properly installed?
First, execute the “swlist | grep NSAHTTP” command.

The expected output on HP-UX 11i from this command is
NSAHTTP B.11.11.01.02 NSA HTTP Bundle for HP-UX 11i

The expected output on HP-UX 11i version 2 from this command is
NSAHTTP B.11.23.01.02 NSA HTTP Bundle for HP-UX 11i version 2

Then, execute the “swverify NSAHTTP” command to make sure all components of the NSA HTTP product are properly installed on the system. If it displays a “Verification succeeded” statement, then all of the NSA HTTP product files are present on the system.

2. How can I verify if NSA HTTP is active?
a) Make sure the DLKM module delivered with NSA HTTP, nsamod, is loaded. On HP-UX 11i execute the “kmadmin -s” command, which should display:

Name            ID          Status             Type
nsamod        1            LOADED        STREAMS

Note that the status for nsamod must be LOADED. If it is not LOADED, execute “/sbin/init.d/nsahttp start” command to re-load the module. Note that the module ID may vary depending on whether any other DLKM modules are installed on the system.

On HP-UX 11i v2 execute the “kcmodule –q nsamod” command, which should display:

Module           State           Cause            Notes
nsamod         Loaded       Explicit           Auto-loadable, unloadable

Note that the state for nsamod must be loaded. If the state is not "loaded", execute the “kcmodule –s nsamod=loaded” command to re-load the module

b) Check if any nsad daemons are running by executing the command "ps –ef | grep nsad | grep –v grep”. The command is the same for both HP-UX 11i and 11i v2. There will be one nsad daemon for each port registered with the NSA HTTP service.

c) If the Web server registered with NSA HTTP is active, you can check how many requests NSA HTTP is servicing by entering the following command: “nsahttp –S on; nsahttp -s”. The first part of this command enables NSA HTTP to collect statistics; the second part of the command displays it. When NSA HTTP is active, this will display non-zero HTTP statistics.

3. How can I find out what ports NSA HTTP services?
You can execute the “nsahttp” command to display which TCP port numbers are registered with NSA HTTP. Once the Web Server listening on the same port number(s) is started, NSA HTTP service will automatically get activated.

In the following sample "nsahttp" command output (collected on HP-UX 11i), only TCP port 80 is registered with NSA HTTP:

Active NSA HTTP ports: 80
Max cache percentage: 50
Max URI data length: 1048576 bytes
Cache Timeout: 600 seconds
Persistent connection timeout: 600 seconds
Log file name: /var/nsa/nsahttp_log
Log file format: ASCII
NSA HTTP logging enabled
NSA HTTP statistics collection disabled

4. When troubleshooting HP-UX 11i NSA HTTP, what data should be collected?
a) Provide a step-by-step process to reproducing the problem, or what actions have led to the problem.

b) Collect outputs from the following commands:

• nsahttp
• nsahttp –s
• ps –ef | grep nsad | grep –v grep
• dmesg
• kmadmin –s (only if on HP-UX 11i)
• kcmodule –q nsamod (only if on HP-UX 11i version 2)
• kmadmin –v –s (only if on HP-UX 11i)
• kcmodule –v –q nsamod (only if on HP-UX 11i version 2)

• NSA HTTP configuration file /etc/rc.conf.d/nsahttpconf
• NSA HTTP access log files which have the <PID> (Process ID) extensions of the running nsad daemon processes. By default, they are located in the /var/nsa directory
• Syslog file /var/adm/syslog/syslog.log
• Crush dump(s) if available (located in the /var/adm/crash directory)