4 Using the controller with a remote Keystone server

This chapter describes how to install the controller for use in an environment that employs a remote Keystone server. However, in most cases, Hewlett-Packard recommends using the controller with a local Keystone server installation instead. (See “Installing a new controller with a local Keystone server” (page 9).) Using a remote Keystone server involves security implications that should be discussed with your system administrator before proceeding.

CAUTION: The HP VAN SDN Controller does not support role based authentication. Thus, when using a remote keystone server, any successful login grants the user ADMIN access to the controller, which can result in unauthorized persons receiving ADMIN access.

NOTE: Downloading the controller software package as described under “Downloading the controller software” (page 7) is required before using this chapter.

This procedure assumes that the Keystone server you will use is installed and configured on a remote machine. For information on configuring a remote Keystone server, see the OpenStack Keystone documentation at http://docs.openstack.org/developer/keystone/.

The configured keystone server must be accessible and responsive to basic Keystone REST API queries.

The controller supports v2.0 of the Keystone REST API.

Although the HP VAN SDN Controller operates with the Folsom, Grizzly, Havana, or Icehouse releases of OpenStack Keystone, HP recommends that you use the Icehouse version with release

2.4of the controller. If you use Grizzly, Havana, or Icehouse, set the provider type for the server to UUID, as described below.

Where a command in this procedure is shown with multiple lines, the line breaks are inserted at the points where a space occurs in the actual command.

4.1 Setting the provider type to UUID on the remote Keystone server

If the provider type on the remote Keystone server is already set to UUID, skip this section and go to “Unpacking the controller software on your local machine” (page 14).

NOTE: On the machine running the remote Keystone server, the provider type must be set to UUID to support operation with the HP VAN SDN Controller. If the PKI provider type is required on the remote Keystone server to support other applications, then that server will not support controller operation. In this case, do either of the following:

Install the server on the same machine as the controller (recommended). (See “Installing a new controller with a local Keystone server” (page 9) instead of continuing in this chapter.

Select another machine on which to install and configure the remote Keystone server, then continue in this section.

UUID is the default provider type for the Folsom release of Keystone. However, if the remote machine supporting your Keystone server is running the Grizzly, Havana, or Icehouse version of Keystone (which all use the PKI provider type), edit the /etc/keystone/keystone.conf file on your Keystone server by adding the following line to set UUID as the provider type:

provider=keystone.token.providers.uuid.Provider

NOTE: The PKI provider type is not currently supported on the HP VAN SDN Controller.

For example, in the Icehouse version of Keystone, you would use a file editor to insert the above command in the [token] section of the file, as shown in the boldface entry, below:

4.1 Setting the provider type to UUID on the remote Keystone server 13

Page 12 Page 14
Page 13
Image 13
HP VAN SDN Controller Software Products manual Using the controller with a remote Keystone server
Page 12 Page 14

VAN SDN Controller Software Products specifications

HP VAN SDN Controller Software Products represent a significant advancement in network management by leveraging software-defined networking (SDN) principles. These products aim to centralize control of network resources, provide enhanced automation, and simplify network management, which can dramatically improve the overall performance and agility of data centers.

One of the main features of HP VAN SDN Controller is its ability to enable an application-centric network environment. By separating the control plane from the data plane, network administrators can gain a holistic view of the entire network. This separation allows for dynamic reconfiguration of network devices and sets the stage for the development of innovative applications that can respond to real-time network conditions.

The controller supports OpenFlow as its primary protocol, ensuring interoperability with a wide range of network devices from different vendors. This compatibility facilitates a heterogeneous network environment, allowing organizations to transition to SDN at their own pace without needing to replace all existing hardware. It also promotes vendor diversity, reducing the risk of vendor lock-in.

HP VAN SDN Controller features robust security capabilities, including support for micro-segmentation, which helps in isolating critical components within the network. This layer of security can safeguard sensitive data and protect against threats, ensuring that only authorized traffic is allowed within designated network segments.

Another key characteristic is the controller's emphasis on automation and orchestration. Through APIs and built-in tools, network policies can be defined and applied consistently across the entire network. This intelligent automation reduces the potential for human error and accelerates the implementation of networking changes, enabling organizations to adapt quickly to evolving business needs.

The HP VAN SDN Controller also incorporates advanced analytics capabilities that provide real-time visibility into network performance. These analytics can help in troubleshooting, forecasting capacity needs, and optimizing resource utilization, contributing to improved operational efficiency and reduced downtime.

Furthermore, the scalable architecture of the HP VAN SDN Controller makes it suitable for various environments, from small enterprises to large-scale data centers. The product supports multi-tenancy, allowing multiple virtual networks to coexist on the same infrastructure, which can be ideal for service providers and organizations operating within cloud environments.

In summary, HP VAN SDN Controller Software Products deliver a powerful suite of features and technologies that enhance network control, security, automation, and scalability, positioning organizations to leverage the full potential of software-defined networking.
Top Page Image Contents