Manuals / Brands / Computer Equipment / Software / HP / Computer Equipment / Software

HP VAN SDN Controller Software Products 5.14.2Recommended administrative rules

1 133

Download 133 pages, 3.82 Mb

15.Update opt/sdn/virgo/bin/dmk.sh to insert environment variables that set the sdnjar_trust.jks values in the controller.

a.Under the line containing “XX-HeadDumpPath...” add

—DSDN.trustpas=<NEWPASS4SIGN>.

b.Restart the Keystone service (sudo service keystore restart).

16.Restart the controller.

5.14.2Recommended administrative rules

Observing these rules can help to prevent unauthorized access to the controller:

•Do not enable shell history on your controller.

•Do not allow other users besides sdn and sdnadmin to have access to your controller system.

•Do not store your authentication token in plain text, such as a non-encrypted cookie.

•Do not use self-signed certificates in a production environment.

• Do not alter contents under /opt/sdn/Cassandra and /opt/sdn/Hazelcast.

•Do not delete any of the following iptables rules as shown below: iptables –L Chain INPUT (policy ACCEPT)

Table 1 IP tables Rules

Target	prot opt source	Destination
REJECT	tcp --anywhere	anywhere tcp dpt:5700 reject-with icmp-port-unreachable

ACCEPT	tcp – 127.0.0.0/8	anywhere tcp dpt:9160

REJECT	tcp --anywhere	anywhere tcp dpt:9160 reject-with icmp-port-unreachable

ACCEPT	tcp – 127.0.0.0/8	anywhere tcp dpt:7199

REJECT	tcp --anywhere	anywhere tcp dpt:7199 reject-with icmp-port-unreachable

72 SDN Controller authentication

Contents

Page Page Contents Page 5 SDN Controller authentication 7 Team configuration 8 Regional configuration 9 Backing up and restoring Page 1 Introduction 1.1 Supported switches and OpenFlow compatibility 2 Understanding the embedded applications 2.1 Link manager 2.2Node manager 2.3 Path daemon Page 2.4 Path diagnostics 2.5 Topology manager 2.6Topology viewer 3 Navigating the controller user interface 3.1Starting the SDN controller console UI 3.2About the user interface 3.2.1 Banner 3.3 Navigation menu 3.4SDN User window 3.4.1 User window screen details 3.4.2 Expanding the SDN user window 3.5Alerts screen 3.5.3 Alert notification counter 3.5.4 Alerts screen details 3.5.5 Viewing the ten most sever recent active alerts 3.5.6Acknowledging an alert 3.5.7 Deleting an alert 3.5.8Configuring the alert policies 3.6 Applications screen 3.6.3 Obtaining applications from the HP SDN AppStore 3.6.4Adding or upgrading an application 3.6.5Disabling (stopping) or enabling (starting) an application 3.7Configurations screen 3.7.2Summary of configurable controller components Page Page Page Page 3.7.3 Configurations screen details 3.7.4Modifying a component configuration 3.8Audit log screen 3.9 Licenses screen 3.10 Support logs screen 3.10.2 Support logs screen details 3.10.3 Configuring the support log queue size 3.10.4 Configure signed application zip file verification 3.11 OpenFlow monitor screen 3.11.2 OpenFlow monitor screen details 3.11.3 Discovering changes in the topopology 3.11.4 Viewing information about a specific device 3.12 OpenFlow topology screen Page Page Page Page 3.13 OpenFlow trace display 3.13.2 OpenFlow trace display details 3.13.3 Starting, stopping, or clearing OpenFlow trace 3.13.4Displaying trace event details 3.13.5Exporting the OpenFlow trace log 3.13.6Filtering the OpenFlow trace log in a CSV file 3.13.7 Changing the OpenFlow trace interval 3.14OpenFlow classes display 3.14.2 Controller enforcement levels for OpenFlow classes 3.14.3OpenFlow classes display details 3.15 Packet listeners display 4 License Registration and Activation 4.1 Overview 4.2 Preparing for license registration 4.3 Registering and activating a license 4.4 Registering your license and obtaining a license key Page Page Page Page 4.5 Activating a license on the controller 4.6 Managing licenses Page Page Page 5 SDN Controller authentication 5.1 SDN Controller security guidelines 5.2 SDN Controller authentication 5.3Creating SDN Controller keystore and truststore 5.4 SDN Controller keystore and truststore locations and passwords 5.5 Configuration encryption 5.6 Openflow Controller TLS 5.7 REST authentication 5.7.1 Openstack Keystone 5.8 Controller code verification 5.9 Revoking Trust 5.10 SDN administrative REST API 5.11 Virgo admin UI access 5.12 Virgo console access 5.13 JMX console 5.14 Security practices 5.14.2Recommended administrative rules 6 Hybrid mode for controlling packet-forwarding 6.1 Overview 6.2Viewing and changing the hybrid mode configuration 6.3 Coordinating controller hybrid mode and OpenFlow switch settings 6.3.2 Configuring controller settings to support hybrid mode Page 6.4 Controller packet-forwardingwhen hybrid mode is disabled 6.4.1 Controller packet forwarding when hybrid mode is enabled 6.4.2 Learning more about hybrid mode 7 Team configuration 7.1 High availability 7.2 Team management 7.3Requirements for controller teams 7.4 Configuring a controller team 7.4.2Configuration procedure Page 7.5Displaying team configuration 7.6Disbanding a team 7.7 Controller fault tolerance 7.8Error log for team configuration 7.8.1 Team alias node 8 Regional configuration 8.1 Overview 8.2 Creating a region 8.3 Aquiring a region UID 8.4 Updating a region 8.5 Refreshing a region 8.6 Deleting a region 9 Backing up and restoring 9.1 Backing up a controller 9.1.2Backing up a controller 9.1.3Downloading a backup from the controller to another location 9.1.4Recommended backup practices 9.2 Restoring a controller from a backup Page 9.3Distributed (team) backing up and restoring 9.4 Backing up and restoring the keystone configuration and database 10 Requirements for applications 10.1 Application requirements 10.2Application descriptor file mandatory attributes 10.3Application descriptor optional attributes 10.4 Application zip file content criteria 10.5 Application state and OSGi artifacts Page 11 Troubleshooting 11.1 License troubleshooting 11.2 Host location not learned by controller 11.3 Unexpected network or service problems 11.4 Application management exceptions 11.5 Performance testing 11.6Application management errors 11.7 Path diagnostic application via REST command line API Page Page Page Page 12 Support and other resources 12.1Gather information before contacting an authorized support representative 12.2How to contact HP 12.3Get connected to the HP SDN online user forum 12.4 Software technical support and software updates 12.5 Related information 13 Documentation feedback A cURL commands A.1 Export audit log data as a CSV file A.2 Licensing actions A.2.2 Activating a license on the controller A.2.3 Uninstalling licenses to prepare for transfer Page A.3 Application manager actions A.3.2 Listing information about an application A.3.3 Getting application health status A.3.4 Uploading an application (new or upgrade) A.3.5 Installing a new application A.3.6 Upgrading an application A.3.7 Disabling an application A.3.8 Enabling an application A.3.9 Removing a staged application A.3.10 Deleting an application B Scripts B.1 Configuring a controller team B.2 Backing up a controller team Page Page Page Page B.3 Restoring a controller team Page Page Page Page Index