Manuals / Brands / Computer Equipment / Software / HP / Computer Equipment / Software

HP VAN SDN Controller Software Products 5.13 JMX console, 5.14 Security practices, 5.14.1Security procedure

1 133

Download 133 pages, 3.82 Mb

5.13 JMX console

The JMX console is only enabled for local access. This is used by the controller for metering and can also be used for debugging.

To enable JMX console remote access, edit /opt/sdn/virgo/bin/dmk.sh. The following line determines whether JMX allows remote access or not:

-Dcom.sun.management.jmxremote.local.only=true \

Any changes to this file require a controller restart to recognize the change.

5.14 Security practices

5.14.1Security procedure

1.Update the following passwords:

•Keystore

•Truststore

•Jarsigning

•Admin Token

•Service Token

•Authentication Manager

2.Log into http://<cont_IP>:/8443/sdu/ui as the SDN user.

3.Select Configurations.

4.Select the component com.hp.sdn.ctl.of.impl.AuthenticationManager.

5.Select Modify.

6.Set the AdminToken to the newly chosen Keystore (authentication) admin token.

7.Set the ServiceToken to the newly chosen internal communication secret.

8.Set the KeystorePass to the value that you will be using to secure the SSL Keystore.

9.Set the TruststorePass to the value that you will be using to secure the SSL Truststore.

10.Update the Keystore Admin Token in the file etc/keystore/keystore.conf.

Change the Admin Token from admin_token=ADMIN to admin_token=<AdminTokenSetInControllerConf>.

11.Update the Keystore password to match the password changed in Step 1 using the following: keytool-storepasswd-storepassskyline-new<KeystorePassFromControllerConfig>-keystore/opt/sdn/admin/keystore.

12.Update the Keystore’s internal serverkey to match the keystore’s password using the following:

keytool-keypasswd-alias serverkey-storepass <KeystorePassFromControllerConfig>-keystore skyline-new <KeystorePassFromControllerConfig>-keystore/opt/sdn/admin/keystore.

13.Update the Truststore password to match the Truststore password in Step 1 using the following:

keytool-storepasswd-storepass skyline-new foobar-keystore/opt/sdn/admin/truststore.

14.Update the jar signing keystore password (named sdnjar_trust.jks) using the following:

keytool-storepasswd-storepass skyline-new <newpass4sign>-keystore/opt/sdn/admin/sdnjar_trust.jks.

This password does not have to match the others.

5.13 JMX console 71

Contents

Page Page Contents Page 5 SDN Controller authentication 7 Team configuration 8 Regional configuration 9 Backing up and restoring Page 1 Introduction 1.1 Supported switches and OpenFlow compatibility 2 Understanding the embedded applications 2.1 Link manager 2.2Node manager 2.3 Path daemon Page 2.4 Path diagnostics 2.5 Topology manager 2.6Topology viewer 3 Navigating the controller user interface 3.1Starting the SDN controller console UI 3.2About the user interface 3.2.1 Banner 3.3 Navigation menu 3.4SDN User window 3.4.1 User window screen details 3.4.2 Expanding the SDN user window 3.5Alerts screen 3.5.3 Alert notification counter 3.5.4 Alerts screen details 3.5.5 Viewing the ten most sever recent active alerts 3.5.6Acknowledging an alert 3.5.7 Deleting an alert 3.5.8Configuring the alert policies 3.6 Applications screen 3.6.3 Obtaining applications from the HP SDN AppStore 3.6.4Adding or upgrading an application 3.6.5Disabling (stopping) or enabling (starting) an application 3.7Configurations screen 3.7.2Summary of configurable controller components Page Page Page Page 3.7.3 Configurations screen details 3.7.4Modifying a component configuration 3.8Audit log screen 3.9 Licenses screen 3.10 Support logs screen 3.10.2 Support logs screen details 3.10.3 Configuring the support log queue size 3.10.4 Configure signed application zip file verification 3.11 OpenFlow monitor screen 3.11.2 OpenFlow monitor screen details 3.11.3 Discovering changes in the topopology 3.11.4 Viewing information about a specific device 3.12 OpenFlow topology screen Page Page Page Page 3.13 OpenFlow trace display 3.13.2 OpenFlow trace display details 3.13.3 Starting, stopping, or clearing OpenFlow trace 3.13.4Displaying trace event details 3.13.5Exporting the OpenFlow trace log 3.13.6Filtering the OpenFlow trace log in a CSV file 3.13.7 Changing the OpenFlow trace interval 3.14OpenFlow classes display 3.14.2 Controller enforcement levels for OpenFlow classes 3.14.3OpenFlow classes display details 3.15 Packet listeners display 4 License Registration and Activation 4.1 Overview 4.2 Preparing for license registration 4.3 Registering and activating a license 4.4 Registering your license and obtaining a license key Page Page Page Page 4.5 Activating a license on the controller 4.6 Managing licenses Page Page Page 5 SDN Controller authentication 5.1 SDN Controller security guidelines 5.2 SDN Controller authentication 5.3Creating SDN Controller keystore and truststore 5.4 SDN Controller keystore and truststore locations and passwords 5.5 Configuration encryption 5.6 Openflow Controller TLS 5.7 REST authentication 5.7.1 Openstack Keystone 5.8 Controller code verification 5.9 Revoking Trust 5.10 SDN administrative REST API 5.11 Virgo admin UI access 5.12 Virgo console access 5.13 JMX console 5.14 Security practices 5.14.2Recommended administrative rules 6 Hybrid mode for controlling packet-forwarding 6.1 Overview 6.2Viewing and changing the hybrid mode configuration 6.3 Coordinating controller hybrid mode and OpenFlow switch settings 6.3.2 Configuring controller settings to support hybrid mode Page 6.4 Controller packet-forwardingwhen hybrid mode is disabled 6.4.1 Controller packet forwarding when hybrid mode is enabled 6.4.2 Learning more about hybrid mode 7 Team configuration 7.1 High availability 7.2 Team management 7.3Requirements for controller teams 7.4 Configuring a controller team 7.4.2Configuration procedure Page 7.5Displaying team configuration 7.6Disbanding a team 7.7 Controller fault tolerance 7.8Error log for team configuration 7.8.1 Team alias node 8 Regional configuration 8.1 Overview 8.2 Creating a region 8.3 Aquiring a region UID 8.4 Updating a region 8.5 Refreshing a region 8.6 Deleting a region 9 Backing up and restoring 9.1 Backing up a controller 9.1.2Backing up a controller 9.1.3Downloading a backup from the controller to another location 9.1.4Recommended backup practices 9.2 Restoring a controller from a backup Page 9.3Distributed (team) backing up and restoring 9.4 Backing up and restoring the keystone configuration and database 10 Requirements for applications 10.1 Application requirements 10.2Application descriptor file mandatory attributes 10.3Application descriptor optional attributes 10.4 Application zip file content criteria 10.5 Application state and OSGi artifacts Page 11 Troubleshooting 11.1 License troubleshooting 11.2 Host location not learned by controller 11.3 Unexpected network or service problems 11.4 Application management exceptions 11.5 Performance testing 11.6Application management errors 11.7 Path diagnostic application via REST command line API Page Page Page Page 12 Support and other resources 12.1Gather information before contacting an authorized support representative 12.2How to contact HP 12.3Get connected to the HP SDN online user forum 12.4 Software technical support and software updates 12.5 Related information 13 Documentation feedback A cURL commands A.1 Export audit log data as a CSV file A.2 Licensing actions A.2.2 Activating a license on the controller A.2.3 Uninstalling licenses to prepare for transfer Page A.3 Application manager actions A.3.2 Listing information about an application A.3.3 Getting application health status A.3.4 Uploading an application (new or upgrade) A.3.5 Installing a new application A.3.6 Upgrading an application A.3.7 Disabling an application A.3.8 Enabling an application A.3.9 Removing a staged application A.3.10 Deleting an application B Scripts B.1 Configuring a controller team B.2 Backing up a controller team Page Page Page Page B.3 Restoring a controller team Page Page Page Page Index