HP Distributed Cloud Networking manual Post-install Security Tasks

Page 39

#--------------------------------------------------

echo "BGP Configuration"

#--------------------------------------------------

exit all configure

router bgp

connect-retry 2 min-route-advertisement 1 outbound-route-filtering

extended-community send-orf

exit

exit

group "internal" type internal neighbor <ip-address>

family vpn-ipv4

exit

neighbor <ip-address> family evpn

exit

exit

no shutdown

exit

exit

exit all

Post-install Security Tasks

After installing the HP VSC software, there are a number of tasks that should be performed to secure the system. Most of these tasks are obvious, but worth mentioning as a reminder.

Change HP VSC “admin” password

By default, the HP VSC administrator username and password are “admin”. Finding the default credentials for most systems and software is not difficult and is an easy security exploit.

Centralized HP VSC authentication and authorization

The HP VSC software is based on DCNOS and inherits many of the platform and security features supported in DCNOS. Rather than rely on users defined locally on each VRS, RADIUS and TACACS+ can be used to centralize the authentication and authorization for VRS administrative users.

Post-install Security Tasks

39

Page 38 Page 40
Image 39
Page 38 Page 40
Contents HP Distributed Cloud Networking 3.0.R2 Installation Guide Warranty Table of Contents HP VRS and VRS-G Software Installation Documentation feedback Appendix Emulated Ethernet NIC Notes Audience About This GuideHP DCN Overview HP DCN Overview and InfrastructureHP Virtualized Services Directory HP DCN Infrastructure Requirements and Recommendations HP DCN Installation OverviewInstallation Setup HP VSD Hardware and Software Requirements HP DCN Software InstallationHP VSD Installation Overview Installation TypesReinstalling HP VSD Installation MethodsHP VSD Installation Using QCow2 Image Set Up Appliance VMsTo change the root password, on each node, run Verify the appliance VMs are running Connect to Appliance VMsConfigure Networking Configure DNS ServerPing the gateway in this example, 192.168.100.1. ping Verify the DNS reverse named file records as follows Set up forward DNS records as followsInstall HP VSD using qcow2 Configure NTP ServerHP VSD Installation Using ISO Disc Image Set Up VM for ISOInstall VSD on Node Configure Networking, DNS, and NTP Install HP VSD Using ISOExtract and Mount ISO Image Xmpp Import Certificates on the ServersExample of Load Balancer Configuration If you are using an Ldap store, see Using an Ldap StoreLdap Store HP VSC Software Installation HP VSC Installation NotesHP VSC Software Installation Procedure on KVM Copy HP VSC disks for libvirt access For single disk deployment useFor legacy two disk deployment use Emulated Disks Notes Emulated Ethernet NIC Notes HP VSC Software Installation Procedure on VMwareInstalling HP VSC on Esxi Using OVA HP VSC Software Installation Procedure on VMware HP VSC Software Installation HP VSC Software Installation Procedure on VMware HP VSC Update HP VSC configuration and rebootHP VSC Boot Options File Configuration HP VSC Basic ConfigurationSistency file .ndx which will preserve system Dns‐domain dns‐name no dns‐domain To check connectivity To enable index persistence, the command isSystem-level HP VSC Configuration HP VSC System and Protocol ConfigurationNTP Servers and Time Zone In-band and Loopback IP Interfaces HP VSC Software Installation Post-install Security Tasks TCP Tftp HP VRS and VRS-G Software Installation VRS and VRS-G Installation OverviewPreparing the Hypervisor This section contains Installing the VRS or VRS-G SoftwareInstall dependencies for Rhel VRS on RhelIf you have modified /etc/default/openvswitch, restart Install the VRS package for RhelVRS on Ubuntu 12.04 LTS with Ubuntu 12.04 Cloud Packages RebootInstall dependencies Install the following packages using dpkgThis section contains the following subsections Installing the VRS Kernel Module for Mpls over GRERestart the VRS service VRS-G on Rhel or UbuntuTo verify which kernel is currently running Installing VRS Kernel Module On RhelInstall dependencies for Dkms Reboot to pick up correct kernelVerify that the VRS processes restart correctly Configuring and Running VRS or VRS-GInstalling VRS Kernel Module On Ubuntu To customize, use scripts that you run after bootupPrerequisites Creating the dVSwitchVMware VRS VM Deployment IntroductionVSwitch1 Verifying the Creation of the dVSwitchVSphere vSwitch Configurations VSwitch0Deployment of dVRS Information NeededVerifying Deployment Additional Verification Deployment of dVRSClean Install on XenServer VRS Installation on Citrix XenServerIntroduction Block Remove stock openvswitchInstall in the following order Ensue, with the following errorInstallation Reboot XenServerVerification Upgrade Existing dVRS Installation on XenServer Ensure that the xenmon to OVS socket is upGives hpManagedNetworks Uuid = HPNetUUID Verify HPManagedNetwork is created Ensure that all packages are installedRoot 15072 0.0 0.0 4032 772 hvc0 + 1545 Standby Controller Running and Configuring VRSSpecifying the Active and Standby HP VSCs Active ContollerVRS Installation on Citrix XenServer Gather information before contacting an authorized support How to contact HPSoftware technical support and software updates Support and Other ResourcesRelated information Related information Support and Other Resources Documentation feedback Appendix Emulated Ethernet NIC Notes Modify the eth0 configurationEdit or create the br0 configuration
Top Page Image Contents