Hitachi

JP1 Version 11 JP1/Performance Management - Agent Option for Service Response Description, User's Guide and Reference

HTTPS(PI_HTPS)

Organization of this page

Function

The HTTPS (PI_HTPS) record stores information about HTTPS service response time. This is a multi-instance record.

To Page Top

Default and changeable values

Item

Default value

Changeable

Collection Interval

360

Y

Collection Offset

0

Y

Log

No

Y

LOGIF

(Blank)

Y

Over 10 Sec Collection Time

No

N

To Page Top

ODBC key fields

PI_HTPS_MSR_COND_ID

To Page Top

Lifetime

None

To Page Top

Record size

To Page Top

Fields

View name

(Manager name)

Description

Summary rule

Format

Delta

Data source

Data Transfer Time

(DATA_TRANS_TIME)

Data transfer time (seconds) ((7) in Figure 10-5)

AVG

double

No

Probe Daemon

DNS Time

(DNS_TIME)

Data transfer time (seconds) ((4) in Figure 10-5)

AVG

double

No

Probe Daemon

HTTP Time

(HTTP_TIME)

HTTP time (seconds) ((3) in Figure 10-5)

AVG

double

No

Probe Daemon

Request Count

(REQ_COUNT)

Number of requests issued (count)

AVG

double

No

Probe Daemon

Server Processing Time

(SERV_PROCESS_TIME)

Server processing time (seconds) ((6) in Figure 10-5)

AVG

double

No

Probe Daemon

Setup Time

(SETUP_TIME)

Setup time (seconds) ((2) in Figure 10-5)

AVG

double

No

Probe Daemon

TCP Connection Time

(TCP_CON_TIME)

TCP connection time (seconds), including the time required for establishing an SSL connection ((5) in Figure 10-5)

AVG

double

No

Probe Daemon

Throughput

(THROUGHPUT)

Resource transfer throughput (bits/second). This is determined by the total size of resources and the data transfer time.

AVG

double

No

Probe Daemon

Total Amount of Data

(TOTAL_DATA_SIZE)

The total amount of data transferred between the HTTPS probe and the measurement-target server via the TCP connection (bytes). For the data transferred via an SSL-protected connection, the total amount of text data is calculated. The amount of data associated with server authentication for establishing an SSL connection and the amount of data associated with an SSL handshake are not included.

AVG

double

No

Probe Daemon

Total Resource Size

(TOTAL_RES_SIZE)

Size of acquired resources (bytes)

AVG

double

No

Probe Daemon

Total Response Time

(TOTAL_RESP_TIME)

Total response time (seconds) ((1) in Figure 10-5)

AVG

double

No

Probe Daemon
Note:

If the page to be measured contains embedded images and frames, and if the depth of measurement condition is 2 or greater, measurement is executed more than once. In such a case, the value of each item, except the throughput, is the sum of the results obtained by the multiple measurements.

The following figure shows the HTTPS sequence.

Figure 10‒5: HTTPS sequence

[Figure]

To Page Top

HTTPS operating environment and notes

An HTTPS probe establishes an SSL-protected connection with the server that provides the target service. Then the HTTPS probe issues an HTTP request to the URL specified on the connection, uses the GET method to acquire the page or the POST method to register data, and measures the response time. Note that when the SSL connection is established, server authentication is performed to confirm that the connection target is a reliable HTTP server.

The following describes, and provides notes on, an HTTPS operating environment.

Web authentication

The Basic Authentication method is used.

Cookie

PFM - Agent for Service Response accepts cookies based on Netscape Communication's specifications. The information sent as a cookie from the HTTP server is stored in the Cookie file that is created for each measurement condition. The Cookie files remain undeleted even after measurement is completed. If measurement cannot be performed correctly due to a change made to the contents of a measurement condition, delete the Cookie file for that measurement condition, which can be identified by the measurement condition ID. The following is the naming convention for Cookie files:

cookies_<measurement-condition-ID>

Cookie files are stored in the following folder:

installation-folder\agtv\probe\probedata\http

Program execution

Plug-ins, JavaScripts, and applets are downloaded but not executed.

Depth

For example, specifying a depth of 2 acquires the pages displayed in the resources and frames that are embedded in the page at the specified URL. No linked pages are acquired. PFM - Agent for Service Response repeats the acquisition of resources and frames embedded in the acquired page or frame as many times as the specified value.

For the embedded resources and frames, PFM - Agent for Service Response analyzes the acquired HTML, and acquires the resources and frames that are specified by the value of the tag and attribute shown in the table below.

Table 10‒15: Embedded resources and frames to be acquired

Tag name

Attribute name

applet

code

frame

src

iframe

src

img

src

script

src

Note that PFM - Agent for Service Response cannot acquire resources or frames from HTML files that are returned after being compressed or transformed by commands such as gzip or compress. Moreover, PFM - Agent for Service Response cannot acquire resources or frames from HTML files that have any attributes other than those listed in the above table. Such attributes include the archive attribute of the <applet> tag, which specifies a compressed file as the value of an attribute name.

Use of proxy

If acquiring the Web page specified by the URL and the embedded resources and frames involves use of a proxy for only part of the acquisition target, measurement cannot be performed.

Cipher strength

The table below shows the encryption types supported by the HTTPS probe. You cannot access a page protected with unsupported cipher strength.

Table 10‒16: Supported encryption types

Cryptographic algorithm

Key length

AES

256,128

AESGCM

256,128

Camellia

256,128

DES

56

IEDA

128

RC4

128

3DES

168

Hash algorithm that can be used for certificates

SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 and MD5 are supported as hash algorithms for certificate signatures and message digests. Use certificates that have been created by using one of the supported hash algorithms.

Server authentication

For server authentication, PFM - Agent for Service Response verifies the validity period of a server certificate sent from the HTTP server and confirms that the server certificate was issued from an authorized Certificate Authority. To verify the server certificate, the root certificate of either the Certificate Authority that issued the server certificate or its higher-level Certificate Authority is required. Because the root certificate has a validity period, you need to re-install the root certificate before it expires. If there is no root certificate or if the server certificate has expired, server authentication fails.

To install a root certificate, use the following procedure:

Acquire a root certificate:

Export a PEM root certificate from a Web browser. The following shows an example using Internet Explorer 8.

  1. Select Tools, Internet Options, and then click the Contents tab.

  2. Click the Certificate button. Then, in the dialog box that opens, click the Trusted Root Certification Authorities tab.

  3. In the list, select the root certificate of the Certificate Authority that issued the server certificate.

    To check the Certificate Authority that issued the server certificate, open the monitoring target Web page in Internet Explorer, and then click the key icon on the status bar. Then look at the information on the Details page.

  4. Click the Export button to start the certificate export wizard.

    Specify the settings as instructed by the export wizard.

    For the format of the exported file, select Base64 encoded X.509(.CER).

    For the file name, enter c:\cacert.cer. The extension .cer is automatically added.

Install the root certificate:

Change the extension of the exported root certificate (cacert.cer) to .pem, and then copy the file to installation-folder\agtv\probe\cert.

Note that the cacert.pem file can contain multiple root certificates. To add a root certificate to the existing cacert.pem file, use a text editor to copy the contents of the exported root certificate (from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----) to the cacert.pem file.

Client certificate

PFM - Agent for Service Response sends a client certificate to the HTTP server. The HTTP server then verifies the validity period and confirms that the client certificate was issued from an authorized Certificate Authority. The client certificate and the private key can be obtained in either of the following ways.

  • Obtained from a certification authority

  • Exported from the Internet Explorer used for accessing the monitoring-target Web site

The file containing the client certificate and private key must be stored under installation-folder\agtv\probe\cert. The file must be in Base64 encoded X.509 format. If the provided client certificate file is not in Base64 encoded X.509 format, use any tool to convert it to X.509 format.

The following shows how to export a client certificate and its private key by using Internet Explorer 8. Note that the client certificate to be exported must have been specified to allow export of the private key when they were imported to Internet Explorer.

  1. Start Internet Explorer, and select Tools, and then Internet Options.

    The Internet Options dialog box opens.

  2. Select the Contents tab, and then click the Certificates button.

    The Certificates dialog box opens.

  3. Select the Personal tab.

    The Personal page is displayed.

  4. Select the client certificate to be exported, and then click Export.

    The certificate export wizard starts. Export the certificate as instructed by the wizard.

    For Export Private Key, select Yes, export the private key.

    For the export file format, select Personal Information Exchange-PKCS#12(PFX).

    Clear the Enable strong protection check box.

    Enter any values for the password and file name.

  5. Convert the certificate format from PKCS#12 to Base64-encoded X.509.

    You can use any tool for conversion.

  6. Store the exported file under installation-folder\agtv\probe\cert.

RFC compliance

  • RFC1866: Hypertext Markup Language - 2.0

  • RFC2616: Hypertext Transfer Protocol - HTTP/1.1

  • RFC2396: Uniform Resource Identifiers (URI): Generic Syntax

  • RFC2818 HTTP over TLS

For the functions that are not compliance with RFCs and the restrictions, see the above notes.

To Page Top

Copyright (C) 2016, 2017, Hitachi, Ltd.

Copyright (C) 2016, 2017, Hitachi Solutions, Ltd.