Citrix Systems 4.2 manual Changing the Default Password Encryption

Page 63

Changing the Default Password Encryption

VPN password

User API secret key

VNC password

CloudPlatform uses the Java Simplified Encryption (JASYPT) library. The data values are encrypted and decrypted using a database secret key, which is stored in one of CloudPlatform’s internal properties files along with the database password. The other encrypted values listed above, such as SSH keys, are in the CloudPlatform internal database.

Of course, the database secret key itself can not be stored in the open – it must be encrypted. How then does CloudPlatform read it? A second secret key must be provided from an external source during Management Server startup. This key can be provided in one of two ways: loaded from a file or provided by the CloudPlatform administrator. The CloudPlatform database has a configuration setting that lets it know which of these methods will be used. If the encryption type is set to “file,” the key must be in a file in a known location. If the encryption type is set to “web,” the administrator runs the utility com.cloud.utils.crypt.EncryptionSecretKeySender, which relays the key to the Management Server over a known port.

The encryption type, database secret key, and Management Server secret key are set during CloudPlatform installation. They are all parameters to the CloudPlatform database setup script (cloudstack-setup-databases). The default values are file, password, and password. It is, of course, highly recommended that you change these to more secure keys.

5.4.6. Changing the Default Password Encryption

Passwords are encoded when creating or updating users. The default preferred encoder is SHA256. It is more secure than MD5 hashing, which was used in CloudPlatform 3.x. If you take no action to customize password encryption and authentication, SHA256 Salt will be used.

If you prefer a different authentication mechanism, CloudPlatform provides a way for you to determine the default encoding and authentication mechanism for admin and user logins. Two configurable lists are provided: userPasswordEncoders and userAuthenticators. userPasswordEncoders allow you

to configure the order of preference for encoding passwords, and userAuthenticator allows you to configure the order in which authentication schemes are invoked to validate user passwords.

The following method determines what encoding scheme is used to encode the password supplied during user creation or modification.

When a new user is created, the user password is encoded by using the first valid encoder loaded as per the sequence specified in the UserPasswordEncoders property in

the ComponentContext.xml or nonossComponentContext.xml files. The order of authentication schemes is determined by the UserAuthenticators property in the same files. If Non-OSS components, such as VMware environments, are to be deployed, modify the UserPasswordEncoders and UserAuthenticators lists in the nonossComponentContext.xml file. For OSS environments, such as XenServer or KVM, modify the ComponentContext.xml file. It is recommended to make uniform changes across both the files.

When a new authenticator or encoder is added, you can add them to this list. While doing so, ensure that the new authenticator or encoder is specified as a bean in both the files. The administrator can change the ordering of both these properties as desired to change the order of schemes. Modify the following list properties available in client/tomcatconf/nonossComponentContext.xml.in or

client/tomcatconf/componentContext.xml.in as applicable, to the desired order:

<property name="UserAuthenticators">

<list>

55

Image 63
Contents Page Page Concepts Upgrade InstructionsInstallation Getting More Information and HelpInstalling XenServer for CloudPlatform 101 User InterfaceSteps to Provisioning Your Cloud Infrastructure Installing KVM for CloudPlatform 111 Installing VMware for CloudPlatform 117Bare Metal Installation 135 Installing Oracle VM OVM for CloudPlatform 155 Network Setup 161Choosing a Deployment Architecture 157 Additional Installation Options 183 Amazon Web Service Interface 177Viii Chapter Getting More Information and HelpAdditional Documentation Available Citrix Knowledge Center Contacting SupportPage Multiple Hypervisor Support What Is CloudPlatform?Concepts What Can CloudPlatform Do?Deployment Architecture Overview Cloud Infrastructure Overview Management Server OverviewMore Information Networking OverviewFor more details, see , Network Setup Page Cloud Infrastructure Concepts About RegionsAbout Zones Cloud Infrastructure Concepts About Pods About Clusters About Primary Storage About HostsAbout Physical Networks About Secondary StorageBasic Zone Network Traffic Types Basic Zone Guest IP Addresses Advanced Zone Network Traffic TypesAdvanced Zone Guest IP Addresses A zone that uses advanced networking Advanced Zone Public IP AddressesSystem Reserved IP Addresses All zonesPage Upgrade Instructions Upgrade from 3.0.x toHypervisor Description Systemvmtemplate-2013-06-12-master-kvm.qcow2.bz2 Upgrade from 3.0.x to # service cloud-usage stop Copy the *.rpmnew file to create a new file. For example Iii. Update the existing password with the encrypted one Vii. Confirm that the table is updated Start the agent XenServer or KVM Upgrade from 2.2.x to Hypervisor Description Systemvmtemplate-2013-06-12-master-kvm.qcow2.bz2 Upgrade Name=rhel63 Baseurl=url-of-your-rhel6.3-repo Upgrade the host operating system from Rhel 6.0 to Copy the *.rpmnew file to create a new file. For example Update the agent software Restart libvirtd XenServer or KVM Upgrade from 2.1.x to Upgrading and Hotfixing XenServer Hypervisor HostsUpgrading to a New XenServer Version Upgrade Instructions Applying Hotfixes to a XenServer Cluster Command displays the Uuid of the update file Page Page Installation Overview of Installation StepsWho Should Read This Host/Hypervisor System Requirements Minimum System RequirementsCloudPlatform Hypervisor Compatibility MatrixRhel Management Server Installation Management Server Installation OverviewPrepare the Operating System Edit the NTP configuration file to point to your NTP server Install the Management Server on the First Host Install the Database on the Management Server Node Install and Configure the DatabaseRestart the MySQL service Install the Database on a Separate Node # yum install mysql-server # chkconfig --level 35 mysqld on About Password and Key Encryption Changing the Default Password Encryption Prepare NFS Shares Using a Separate NFS ServerUsing the Management Server As the NFS Server Edit the /etc/sysconfig/nfs file Perform the steps in .4.2, Prepare the Operating System Prepare and Start Additional Management ServersManagement Server Load Balancing Source Port Destination Port Protocol Persistence Required? Prepare the System VM TemplateSetting Configuration Parameters Installation Complete! Next StepsAbout Configuration Parameters Field Value Setting Global Configuration Parameters Setting Local Configuration ParametersGranular Global Configuration Parameters Between 0 and 1, of allocated Allocators will disable that pool Field Value Page End Users UI Overview User InterfaceSupported Browsers Log In to the UILogging In as the Root Administrator Root Administrators UI OverviewUsing SSH Keys for Authentication Changing the Root PasswordCreating an Instance from a Template that Supports SSH Keys Creating the SSH Keypair Output is something similar to what is given belowLogging In Using the SSH Keypair Resetting SSH KeysCreating an Instance Page Overview of Provisioning Steps Steps to Provisioning Your Cloud InfrastructureFirst Region The Default Region Adding Regions optionalAdding a Region Adding Third and Subsequent Regions Deleting a Region Adding a Zone Create a Secondary Storage Mount Point for the New ZoneSteps to Add a New Zone Network Offering Description Basic Zone ConfigurationPage Steps to Provisioning Your Cloud Infrastructure Advanced Zone Configuration Steps to Provisioning Your Cloud Infrastructure Page Steps to Provisioning Your Cloud Infrastructure NFS Vmfs Adding a PodAdding a Cluster Add Cluster KVM or XenServerAdd Cluster OVM Add Cluster vSphere VMware Cluster Size LimitAdding a vSphere Cluster Page Steps to Provisioning Your Cloud Infrastructure Adding a Host Adding a Host XenServer, KVM, or OVMRequirements for XenServer, KVM, and OVM Hosts Warning KVM Host Additional Requirements Adding a XenServer, KVM, or OVM HostAdding a Host vSphere Adding Primary StorageAdding Secondary Storage Adding an NFS Secondary Staging Store for Each Zone Initialize and Test Page 100 System Requirements for XenServer Hosts Installing XenServer for CloudPlatformTime Synchronization XenServer Installation StepsConfigure XenServer dom0 Memory Username and Password Installing XenServer for CloudPlatformInstall CloudPlatform XenServer Support Package CSP LicensingGetting and Deploying a License Primary Storage Setup for XenServer ISCSI Multipath Setup for XenServer Optional Configuring Multiple Guest Networks for XenServer Optional Physical Networking Setup for XenServerNIC Bonding for XenServer Optional Separate Storage Network for XenServer OptionalCreating a Public Bond on the First Host in the Cluster Management Network BondingCreating a Private Bond on the First Host in the Cluster Public Network BondingAdding More Hosts to the Cluster Complete the Bonding Setup Across the Cluster110 System Requirements for KVM Hosts Installing KVM for CloudPlatformSystem Requirements for KVM Hypervisor Hosts Supported Operating Systems for KVM HostsInstall and configure the Agent Installing the CloudPlatform Agent on a KVM HostInstalling KVM for CloudPlatform Physical Network Configuration for KVM Time Synchronization for KVM Hosts Primary Storage Setup for KVM OptionalPage 116 Hardware requirements Installing VMware for CloudPlatformSystem Requirements for vSphere Hosts Software requirementsInstalling VMware for CloudPlatform VCenter Server requirementsOther requirements VCenter Requirement Value Preparation Checklist for VMwareVCenter Checklist Networking Checklist for VMwarePhysical Host Networking VSphere Installation StepsESXi Host setup Configure Virtual SwitchConfigure vCenter Management Network Configure NIC Bonding for vSphereIncreasing Ports Prerequisites and Guidelines About Cisco Nexus 1000v Distributed Virtual SwitchNetwork Requirements Value Nexus 1000v Virtual Switch PreconfigurationPreparation Checklist Nexus vSwitch Requirements ValueCreating a Port Profile VSM Configuration Value Parameters Value NotesAdding Vlan Ranges Assigning Physical NIC AdaptersEnabling Nexus Virtual Switch in CloudPlatform Configuring Nexus 1000v Virtual Switch in CloudPlatformParameters Description Removing Nexus Virtual Switch About VMware Distributed Virtual SwitchPrerequisites and Guidelines Preparation Checklist Fields Name Description Enabling Virtual Distributed Switch in CloudPlatform Vmware.use.dvswitchVmware.use.nexus.vswitch Parameters Configuring Distributed Virtual Switch in CloudPlatformEnable iSCSI initiator for ESXi hosts Storage Preparation for vSphere iSCSI onlyAdd iSCSI target Add Hosts or Configure Clusters vSphere Create an iSCSI datastoreMultipathing for vSphere Optional 134 Bare Metal Installation About Bare Metal Kickstart InstallationBare Metal Host System Requirements Provisioning a Bare Metal Host with Kickstart Limitations of Kickstart Baremetal InstallationSet Up Ipmi Bare Metal InstallationInstall the PXE and Dhcp Servers Enable PXE on the Bare Metal HostSet Up a File Server Output should show the following services running Create a Bare Metal Compute Offering Create a Bare Metal ImageCreate a Bare Metal Network Offering Set Up the Security Group Agent OptionalFor example, if the RPMs are in the following directory Add a Bare Metal Zone Optional Set Bare Metal Configuration ParametersAdd a Bare Metal Host Add a Bare Metal ClusterAdd the PXE Server and Dhcp Server to Your Deployment Create a Bare Metal Template Test Bare Metal Installation Provision a Bare Metal InstanceExample CentOS 6.x Kickstart File Example Fedora 17 Kickstart File Example Ubuntu 12.04 Kickstart File 150 Registering a UCS Manager Using Cisco UCS as Bare Metal Host CloudPlatformAssociating a Profile with a UCS Blade Disassociating a Profile from a UCS Blade 154 System Requirements for OVM Hosts Installing Oracle VM OVM for CloudPlatformOVM Installation Overview Installing OVM on the HostsPrimary Storage Setup for OVM Set Up Hosts for System VMsInstalling Oracle VM OVM for CloudPlatform Small-Scale Deployment Choosing a Deployment ArchitectureChoosing a Deployment Architecture Large-Scale Redundant SetupSeparate Storage Network Multi-Node Management ServerMulti-Site Deployment 160 Network Setup Networking Feature Basic Network Advanced NetworkBasic and Advanced Networking Dell Example Hardware ConfigurationNetwork Setup Vlan Allocation ExampleCisco Layer-2 SwitchGeneric Firewall Provisions Hardware FirewallExternal Guest Firewall Integration for Juniper SRX Optional Ge-0/0/3 unit Guidelines External Guest Firewall Integration for Cisco Vnmc OptionalPrerequisites Adding a Vnmc Instance Using Cisco ASA 1000v ServicesAdding an ASA 1000v Instance Reusing ASA 1000v Appliance in new Guest Networks Creating a Network Offering Using Cisco ASAExternal Guest Load Balancer Integration Optional Topology Requirements Security RequirementsRuntime Internal Communications Requirements Guest Network Usage Integration for Traffic Sentinel Guest.vlan.bits Maximum Running VMs per Maximum Zone VLANs Setting Zone Vlan and Running VM Maximums176 Amazon Web Services EC2 Compatible Interface Amazon Web Service InterfaceAWS API User Setup Steps Soap Only Amazon Web Service InterfaceAWS API User Registration AWS API Command-Line Tools Setup EC2 command Soap / Rest call CloudPlatform API callSupported AWS API Calls Architecture, use Keys Pairs EC2 command Soap / Rest call CloudPlatform API call Steps to Install the Usage Server Additional Installation OptionsInstalling the Usage Server Optional Requirements for Installing the Usage ServerDatabase Replication Optional Additional Installation OptionsRestart MySQL Failover
Related manuals
Manual 6 pages 23.94 Kb Manual 272 pages 63.23 Kb

4.2 specifications

Citrix Systems, a leading provider of virtualization solutions and cloud computing technologies, released version 4.2 of its popular software, Citrix XenApp, which was previously known as Presentation Server. This version marked a significant evolution in providing users with remote access to applications and desktops, emphasizing simplicity, performance, and security.

One of the standout features of Citrix XenApp 4.2 is its improved application streaming capabilities. This technology allows applications to be delivered to users in real-time, reducing the need for extensive local installations and enhancing the user experience. With application streaming, administrators can efficiently manage applications on a central server while ensuring that users have immediate access to the necessary tools.

Another highlight of this version is the enhanced security measures put in place to protect sensitive data. Citrix XenApp 4.2 includes support for SSL encryption, providing a secure communication channel for data transmitted between the server and clients. This is particularly crucial for businesses that need to comply with strict data protection regulations. Additionally, the integration of endpoint security features ensures that unauthorized access to applications is minimized.

Performance enhancements are also a critical focus in this release. Citrix optimized the delivery of applications over various network conditions, ensuring that users experience minimal latency regardless of their location. This was achieved through the incorporation of SmartAccess and SmartControl technologies, which allow administrators to set policies based on user roles, device types, and network conditions. This level of granularity enables organization-wide security without compromising on usability.

The user experience was further improved with a revamped interface, making it easier for end-users to access their applications and data. Simplified menus, clear navigation paths, and the ability to customize user settings contributed to a more efficient workflow, allowing users to focus on their tasks rather than struggling with the software.

Finally, Citrix XenApp 4.2 was designed to be highly scalable. Organizations of all sizes could deploy this solution to deliver applications efficiently, adapting to their specific needs as their user base grows or changes. This flexibility is crucial for businesses looking to future-proof their IT investments while maintaining optimal performance.

In summary, Citrix XenApp 4.2 stands out with its enhanced application streaming, robust security features, improved performance under varying conditions, user-friendly interface, and scalability, making it an ideal choice for organizations seeking to leverage virtualization for remote access to applications and desktops.