Table of Contents
Advertisement
7 Security............................................................................................................110
SDN Controller authentication .........................................................................................................110
Changing the default controller keystore and truststore to use CA signed certificates....................110
SDN Controller keystore and truststore locations and passwords ..................................................112
Encryption ........................................................................................................................................112
Built-in OpenFlow controller..............................................................................................................113
Creating a keystore and truststore for OpenFlow switch communication...................................113
Built-in OpenFlow controller keystore and truststore locations and passwords..........................113
REST authentication.........................................................................................................................114
OpenStack Keystone used for user and token management......................................................115
UUID Authentication....................................................................................................................115
PKI Authentication.......................................................................................................................116
Local vs Remote Keystone..........................................................................................................116
Keystone controller configuration................................................................................................117
Security .......................................................................................................................................117
Role-Based Access Control (RBAC)...........................................................................................118
Assigning a user to a role.......................................................................................................118
API access requires authentication.............................................................................................120
Service and admin tokens ..........................................................................................................120
Controller code verification ..............................................................................................................121
Adding certificates to the jar-signing truststore ..........................................................................121
Running the SDN Controller Without Jar-Signing Validation ......................................................121
Revoking Trust .................................................................................................................................122
Revoking trust via truststore .......................................................................................................122
Revoking trust via CRL ...............................................................................................................122
SDN administrative REST API .........................................................................................................122
Virgo admin UI access via localhost only.........................................................................................123
Virgo console access disabled by default.........................................................................................123
JMX console enabled for local access only......................................................................................123
Creating the Cassandra keystore and truststore..............................................................................124
Cassandra keystore and truststore locations and passwords .........................................................125
Security procedure ...........................................................................................................................125
Security best practices......................................................................................................................126
8 Configuring OpenFlow instances....................................................................128
Configuring OpenFlow Instances with Multiple VLANs ...................................................................128
Configuring OpenFlow Instances with Single VLAN Identifier..........................................................128
Configuring OpenFlow instances to enable MAC group matching...................................................132
MAC group matching...................................................................................................................132
Switches that support MAC group tables and MAC group matching..........................................132
Configuration rules for OpenFlow instances and MAC groups...................................................132
Enabling or disabling MAC group matching on an OpenFlow instance......................................132
Prerequisites..........................................................................................................................132
Enabling MAC groups............................................................................................................133
Disabling MAC groups...........................................................................................................133
9 Backing up and restoring ................................................................................134
Backing up and restoring Best Practices..........................................................................................134
Backing up a controller ....................................................................................................................134
Backup operation ........................................................................................................................135
Backing up a controller ...............................................................................................................136
Downloading a backup from the controller to another location ..................................................136
Recommended backup practices ...............................................................................................137
Restoring a controller from a backup ...............................................................................................137
Restore operation .......................................................................................................................137
System restore requirements .....................................................................................................138
6
Contents
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the HPE VAN SDN Controller 2.7 and is the answer not in the manual?
Questions and answers