HP VAN SDN Controller Software Products manual Using the controller with a remote Keystone server

Page 13

4 Using the controller with a remote Keystone server

This chapter describes how to install the controller for use in an environment that employs a remote Keystone server. However, in most cases, Hewlett-Packard recommends using the controller with a local Keystone server installation instead. (See “Installing a new controller with a local Keystone server” (page 9).) Using a remote Keystone server involves security implications that should be discussed with your system administrator before proceeding.

CAUTION: The HP VAN SDN Controller does not support role based authentication. Thus, when using a remote keystone server, any successful login grants the user ADMIN access to the controller, which can result in unauthorized persons receiving ADMIN access.

NOTE: Downloading the controller software package as described under “Downloading the controller software” (page 7) is required before using this chapter.

This procedure assumes that the Keystone server you will use is installed and configured on a remote machine. For information on configuring a remote Keystone server, see the OpenStack Keystone documentation at http://docs.openstack.org/developer/keystone/.

The configured keystone server must be accessible and responsive to basic Keystone REST API queries.

The controller supports v2.0 of the Keystone REST API.

Although the HP VAN SDN Controller operates with the Folsom, Grizzly, Havana, or Icehouse releases of OpenStack Keystone, HP recommends that you use the Icehouse version with release

2.4of the controller. If you use Grizzly, Havana, or Icehouse, set the provider type for the server to UUID, as described below.

Where a command in this procedure is shown with multiple lines, the line breaks are inserted at the points where a space occurs in the actual command.

4.1 Setting the provider type to UUID on the remote Keystone server

If the provider type on the remote Keystone server is already set to UUID, skip this section and go to “Unpacking the controller software on your local machine” (page 14).

NOTE: On the machine running the remote Keystone server, the provider type must be set to UUID to support operation with the HP VAN SDN Controller. If the PKI provider type is required on the remote Keystone server to support other applications, then that server will not support controller operation. In this case, do either of the following:

Install the server on the same machine as the controller (recommended). (See “Installing a new controller with a local Keystone server” (page 9) instead of continuing in this chapter.

Select another machine on which to install and configure the remote Keystone server, then continue in this section.

UUID is the default provider type for the Folsom release of Keystone. However, if the remote machine supporting your Keystone server is running the Grizzly, Havana, or Icehouse version of Keystone (which all use the PKI provider type), edit the /etc/keystone/keystone.conf file on your Keystone server by adding the following line to set UUID as the provider type:

provider=keystone.token.providers.uuid.Provider

NOTE: The PKI provider type is not currently supported on the HP VAN SDN Controller.

For example, in the Icehouse version of Keystone, you would use a file editor to insert the above command in the [token] section of the file, as shown in the boldface entry, below:

4.1 Setting the provider type to UUID on the remote Keystone server 13

Image 13
Contents HP VAN SDN Controller 2.4 Installation Guide Acknowledgments Contents Documentation feedback Support and other resourcesBefore installing the controller Controller authenticationGetting Started Controller LicensingHP VAN SDN Controller installation overview HPN Networking support site Downloading the controller softwareNext steps Installing the Keystone server Installing a new controller with a local Keystone server~$ sudo apt-get update ~$ sudo apt-get update ~$ sudo apt-get install keystone~$ sudo service sdnc status Installing and verifying the controllerUnpacking the controller software ~$ sudo dpkg -l hp-sdn-ctl~$ sudo /opt/sdn/admin/configlocalkeystone Configuring a user on a local Keystone serverRoles sdn-admin and sdn-user ~$ unset httpsproxy httpproxyUpgrading the controller from version 2.3 to version ~$ sudo apt-get install -f~$ sdnc start/running, process nnnn Provider=keystone.token.providers.uuid.Provider Using the controller with a remote Keystone serverProvider=keystone.token.providers.uuid.Provider Unpacking the controller software on your local machineOpen the file at /etc/sdn/sdnctl.conf ADMINTOKEN= AUTHENDPOINT= TRUSTSTOREPASS= TRUSTSTORE=~ $ ntpdc -c peers Verifying the NTP configurationUsing the controller console UI Access a controller interfaceOperating the HP VAN SDN Controller Response similar to the following appears Changing a user passwordRelated documentation Obtaining a software licenseUninstalling the controller Uninstalling the controller and the Keystone serverUninstalling the Keystone server ~$ sudo dpkg -P hp-sdn-ctlSDN Controller service Sdnc failed to start TroubleshootingProblem description SolutionInstall verification command shows incorrect output Controller installation failedNTP not operating Local Keystone server installation failureWrong provider type PKI on the Keystone server Noproxy=SERVERIP,IPCd /opt/sdn/cassandra/bin Controller ceases to operate when running Network ProtectorCaServer.sh start CaServer.sh statusChecking status of Cassandra daemon Cassandra is running Software technical support and software updates How to contact HPSupport and other resources Get connected to the HP SDN online user forumWarranty Obtaining software updatesRelated information Care PacksDocumentation feedback
Related manuals
Manual 17 pages 18.36 Kb Manual 7 pages 57 Kb

VAN SDN Controller Software Products specifications

HP VAN SDN Controller Software Products represent a significant advancement in network management by leveraging software-defined networking (SDN) principles. These products aim to centralize control of network resources, provide enhanced automation, and simplify network management, which can dramatically improve the overall performance and agility of data centers.

One of the main features of HP VAN SDN Controller is its ability to enable an application-centric network environment. By separating the control plane from the data plane, network administrators can gain a holistic view of the entire network. This separation allows for dynamic reconfiguration of network devices and sets the stage for the development of innovative applications that can respond to real-time network conditions.

The controller supports OpenFlow as its primary protocol, ensuring interoperability with a wide range of network devices from different vendors. This compatibility facilitates a heterogeneous network environment, allowing organizations to transition to SDN at their own pace without needing to replace all existing hardware. It also promotes vendor diversity, reducing the risk of vendor lock-in.

HP VAN SDN Controller features robust security capabilities, including support for micro-segmentation, which helps in isolating critical components within the network. This layer of security can safeguard sensitive data and protect against threats, ensuring that only authorized traffic is allowed within designated network segments.

Another key characteristic is the controller's emphasis on automation and orchestration. Through APIs and built-in tools, network policies can be defined and applied consistently across the entire network. This intelligent automation reduces the potential for human error and accelerates the implementation of networking changes, enabling organizations to adapt quickly to evolving business needs.

The HP VAN SDN Controller also incorporates advanced analytics capabilities that provide real-time visibility into network performance. These analytics can help in troubleshooting, forecasting capacity needs, and optimizing resource utilization, contributing to improved operational efficiency and reduced downtime.

Furthermore, the scalable architecture of the HP VAN SDN Controller makes it suitable for various environments, from small enterprises to large-scale data centers. The product supports multi-tenancy, allowing multiple virtual networks to coexist on the same infrastructure, which can be ideal for service providers and organizations operating within cloud environments.

In summary, HP VAN SDN Controller Software Products deliver a powerful suite of features and technologies that enhance network control, security, automation, and scalability, positioning organizations to leverage the full potential of software-defined networking.