Manuals / Brands / Computer Equipment / Software / HP / Computer Equipment / Software

HP VAN SDN Controller Software Products 5.5 Configuration encryption, 5.6 Openflow Controller TLS, 5.6.1 Creating Openflow Controller keystore and truststore

1 133

Download 133 pages, 3.82 Mb

Figure 41 Components that reference controller keystore and truststore

The values for keystore and keystore.password contain the keystore location and encrypted keystore password respectively. The values for truststore and truststore.password contain the truststore location and encrypted truststore password respectively.

5.5 Configuration encryption

Sensitive information such as tokens and passwords are stored encrypted on the SDN Controller. However, to encrypt and decrypt these properties, the controller requires a master key that is passed into the controller upstart script via an environment variable. To change the default master key (recommended):

1.First, stop these services: sudo service sdnc stop sudo service sdna stop

2.Then change the default master key:

sudo /opt/sdn/admin/sdnpass old_master_key new_master_key

5.6 Openflow Controller TLS

The Openflow controller component relies on PKI to establish mutual trust (2-way SSL) between itself and the Openflow switches that it manages. It is recommended that the Openflow keystore and truststore used for Openflow switch communication be separate from the SDN Controller’s keystore and truststore used for north-bound communication.

5.6.1 Creating Openflow Controller keystore and truststore

The process for creating the Openflow keystore and truststore is similar to the steps outlined under “Creating SDN Controller keystore and truststore” (page 63), and therefore is not repeated here. The store names for both the Openflow keystore/truststore and the SDN Controller’s keystore/truststore should be different. Please note that both the Controller and Device certificates

5.5 Configuration encryption

65

Contents

Page Page Contents Page 5 SDN Controller authentication 7 Team configuration 8 Regional configuration 9 Backing up and restoring Page 1 Introduction 1.1 Supported switches and OpenFlow compatibility 2 Understanding the embedded applications 2.1 Link manager 2.2Node manager 2.3 Path daemon Page 2.4 Path diagnostics 2.5 Topology manager 2.6Topology viewer 3 Navigating the controller user interface 3.1Starting the SDN controller console UI 3.2About the user interface 3.2.1 Banner 3.3 Navigation menu 3.4SDN User window 3.4.1 User window screen details 3.4.2 Expanding the SDN user window 3.5Alerts screen 3.5.3 Alert notification counter 3.5.4 Alerts screen details 3.5.5 Viewing the ten most sever recent active alerts 3.5.6Acknowledging an alert 3.5.7 Deleting an alert 3.5.8Configuring the alert policies 3.6 Applications screen 3.6.3 Obtaining applications from the HP SDN AppStore 3.6.4Adding or upgrading an application 3.6.5Disabling (stopping) or enabling (starting) an application 3.7Configurations screen 3.7.2Summary of configurable controller components Page Page Page Page 3.7.3 Configurations screen details 3.7.4Modifying a component configuration 3.8Audit log screen 3.9 Licenses screen 3.10 Support logs screen 3.10.2 Support logs screen details 3.10.3 Configuring the support log queue size 3.10.4 Configure signed application zip file verification 3.11 OpenFlow monitor screen 3.11.2 OpenFlow monitor screen details 3.11.3 Discovering changes in the topopology 3.11.4 Viewing information about a specific device 3.12 OpenFlow topology screen Page Page Page Page 3.13 OpenFlow trace display 3.13.2 OpenFlow trace display details 3.13.3 Starting, stopping, or clearing OpenFlow trace 3.13.4Displaying trace event details 3.13.5Exporting the OpenFlow trace log 3.13.6Filtering the OpenFlow trace log in a CSV file 3.13.7 Changing the OpenFlow trace interval 3.14OpenFlow classes display 3.14.2 Controller enforcement levels for OpenFlow classes 3.14.3OpenFlow classes display details 3.15 Packet listeners display 4 License Registration and Activation 4.1 Overview 4.2 Preparing for license registration 4.3 Registering and activating a license 4.4 Registering your license and obtaining a license key Page Page Page Page 4.5 Activating a license on the controller 4.6 Managing licenses Page Page Page 5 SDN Controller authentication 5.1 SDN Controller security guidelines 5.2 SDN Controller authentication 5.3Creating SDN Controller keystore and truststore 5.4 SDN Controller keystore and truststore locations and passwords 5.5 Configuration encryption 5.6 Openflow Controller TLS 5.7 REST authentication 5.7.1 Openstack Keystone 5.8 Controller code verification 5.9 Revoking Trust 5.10 SDN administrative REST API 5.11 Virgo admin UI access 5.12 Virgo console access 5.13 JMX console 5.14 Security practices 5.14.2Recommended administrative rules 6 Hybrid mode for controlling packet-forwarding 6.1 Overview 6.2Viewing and changing the hybrid mode configuration 6.3 Coordinating controller hybrid mode and OpenFlow switch settings 6.3.2 Configuring controller settings to support hybrid mode Page 6.4 Controller packet-forwardingwhen hybrid mode is disabled 6.4.1 Controller packet forwarding when hybrid mode is enabled 6.4.2 Learning more about hybrid mode 7 Team configuration 7.1 High availability 7.2 Team management 7.3Requirements for controller teams 7.4 Configuring a controller team 7.4.2Configuration procedure Page 7.5Displaying team configuration 7.6Disbanding a team 7.7 Controller fault tolerance 7.8Error log for team configuration 7.8.1 Team alias node 8 Regional configuration 8.1 Overview 8.2 Creating a region 8.3 Aquiring a region UID 8.4 Updating a region 8.5 Refreshing a region 8.6 Deleting a region 9 Backing up and restoring 9.1 Backing up a controller 9.1.2Backing up a controller 9.1.3Downloading a backup from the controller to another location 9.1.4Recommended backup practices 9.2 Restoring a controller from a backup Page 9.3Distributed (team) backing up and restoring 9.4 Backing up and restoring the keystone configuration and database 10 Requirements for applications 10.1 Application requirements 10.2Application descriptor file mandatory attributes 10.3Application descriptor optional attributes 10.4 Application zip file content criteria 10.5 Application state and OSGi artifacts Page 11 Troubleshooting 11.1 License troubleshooting 11.2 Host location not learned by controller 11.3 Unexpected network or service problems 11.4 Application management exceptions 11.5 Performance testing 11.6Application management errors 11.7 Path diagnostic application via REST command line API Page Page Page Page 12 Support and other resources 12.1Gather information before contacting an authorized support representative 12.2How to contact HP 12.3Get connected to the HP SDN online user forum 12.4 Software technical support and software updates 12.5 Related information 13 Documentation feedback A cURL commands A.1 Export audit log data as a CSV file A.2 Licensing actions A.2.2 Activating a license on the controller A.2.3 Uninstalling licenses to prepare for transfer Page A.3 Application manager actions A.3.2 Listing information about an application A.3.3 Getting application health status A.3.4 Uploading an application (new or upgrade) A.3.5 Installing a new application A.3.6 Upgrading an application A.3.7 Disabling an application A.3.8 Enabling an application A.3.9 Removing a staged application A.3.10 Deleting an application B Scripts B.1 Configuring a controller team B.2 Backing up a controller team Page Page Page Page B.3 Restoring a controller team Page Page Page Page Index