This chapter introduces the Cisco Application Control Engine (ACE) XML Gateway. It covers the following topics:
•About the Cisco ACE XML Gateway
•System Administration Tools
•Set Up Overview
About the Cisco ACE XML Gateway
The Cisco ACE XML Gateway, a component of the Cisco Application Control Engine (ACE) family of products, brings application intelligence to the network. It enables efficient deployment of secure, reliable, and accelerated Web service environments based on XML (Extensible Markup Language) and SOAP, the standard-based protocol for exchanging XML documents.
An ACE XML appliance can operate as either a gateway or manager. An ACE XML Manager acts as the configuration and administration point for the ACE XML Gateway system, while a gateway applies the ACE XML policy to service traffic. An appliance can also be set for standalone operation, in which it acts as both gateway and manager. This is the configuration most often used for evaluation and development scenarios.
This guide describes how to set the operating mode for the ACE XML appliance, as well as initial setup and administration tasks.
For installation instructions, see the ACE XML Gateway Quick Start Guide. For information on how to configure the ACE XML Gateway policy—the set of rules and behaviors that controls traffic-handling at the system—see the Cisco ACE XML Gateway User's Guide.
Modifying the system in ways other than as described by the Cisco ACE XML Gateway documentation or as directed by Cisco support may lead to an unmaintainable and unsupported system. In particular, such changes may prevent software updates from working correctly and lead to hardware and software interoperability issues. These types of changes include operating system-level configuration changes, installation of unsupported third-party software, or the use of undocumented operating system tools or commands.
System Administration Tools
There are two primary user interface environments used to configure and manage the ACE XML Gateway:
•The appliance shell is the command-line interface for use by administrators and installers of the system. This is where you perform the initial configuration of the appliance. You can also manage disk space, start and restart processes, and set up hardware utilization.
•The ACE XML Manager web console is a browser-based interface used for the day-to-day management of the system. Console users develop Gateway policies, deploy them to the ACE XML Gateways, and monitor system and network status.
With a few exceptions, the tasks described in this document are performed from the shell. The Cisco ACE XML Gateway User Guide provides instructions that primarily involve the ACE XML Manager web console.
Set Up Overview
For each Cisco ACE XML Gateway and Manager appliance to be installed, you will need to take the following steps:
Step 1 Verify serial numbers on the hardware items received.
Step 2 Access the shell using a monitor and keyboard connected to the appliance or the serial port connection from a workstation.
For more information, see ACE XML Gateway Quick Start Guide.
Step 3 Log into the shell as the
For details, see "Logging In to the Appliance Shell" section on page 4-14.
Step 4 Change the root password from its default value.
Step 5 Configure network settings, including the IP address of the appliance, hostname, default gateway, and so on.
For details, see "Configuring the Appliance" section on page 5-18.
Step 6 Specify the operating mode of the appliance, either as a gateway, manager, or standalone machine.
For details, see "Standalone Mode" section on page 5-21, "Manager Mode" section on page 5-22, or "Gateway Mode" section on page 5-23.
Step 7 Ensure that the system clock is correctly set or configure the appliance to use a Network Time Protocol server.
In most cases, you should not need to set the system clock, as it is preset before delivery. However, if you need to adjust the system time or configure the machine to use an NTP server, see "Setting the System Clock" section on page 5-24.
Step 8 Optionally, configure SNMP settings.
For details, see Chapter 12, "Monitoring the ACE XML Gateway Remotely."
Step 9 Enable the hardware-based SSL acceleration if the appliance is equipped with this option.
For details, see "Enabling SSL Acceleration" section on page 9-53.
Step 10 Set up an nCipher security world hardware keystore if the appliance is equipped with these options.
For details, see Chapter 7, "Using Hardware Keystores and Security Worlds."
Step 11 Replace the default audit log signing credential.
For details, see "Changing the Audit Log Signing Credential" section on page 8-49.
Step 12 When you have completed these tasks for the appliances in your installation, restart all processes in your system.
For details, see "Restarting a Cluster" section on page 6-32.
Step 13 Optionally, use the shell interface to create accounts for additional administrators.
For details, see "Creating Appliance User Accounts" section on page 11-60.
Upon completion of these steps, the ACE XML appliance will be ready for use. By default, the ACE XML Gateway refuses all service traffic addressed to it. To expose services to consumers through the ACE XML Gateway, you must use the ACE XML Manager to develop and deploy a policy. For details, see the Cisco ACE XML Gateway User Guide.