HP HPE VAN SDN Controller 2.7

To Next Page

To Previous Page

7 Security............................................................................................................110

SDN Controller authentication .........................................................................................................110

Changing the default controller keystore and truststore to use CA signed certificates....................110

SDN Controller keystore and truststore locations and passwords ..................................................112

Encryption ........................................................................................................................................112

Built-in OpenFlow controller..............................................................................................................113

Creating a keystore and truststore for OpenFlow switch communication...................................113

Built-in OpenFlow controller keystore and truststore locations and passwords..........................113

REST authentication.........................................................................................................................114

OpenStack Keystone used for user and token management......................................................115

UUID Authentication....................................................................................................................115

PKI Authentication.......................................................................................................................116

Local vs Remote Keystone..........................................................................................................116

Keystone controller configuration................................................................................................117

Security .......................................................................................................................................117

Role-Based Access Control (RBAC)...........................................................................................118

Assigning a user to a role.......................................................................................................118

API access requires authentication.............................................................................................120

Service and admin tokens ..........................................................................................................120

Controller code verification ..............................................................................................................121

Adding certificates to the jar-signing truststore ..........................................................................121

Running the SDN Controller Without Jar-Signing Validation ......................................................121

Revoking Trust .................................................................................................................................122

Revoking trust via truststore .......................................................................................................122

Revoking trust via CRL ...............................................................................................................122

SDN administrative REST API .........................................................................................................122

Virgo admin UI access via localhost only.........................................................................................123

Virgo console access disabled by default.........................................................................................123

JMX console enabled for local access only......................................................................................123

Creating the Cassandra keystore and truststore..............................................................................124

Cassandra keystore and truststore locations and passwords .........................................................125

Security procedure ...........................................................................................................................125

Security best practices......................................................................................................................126

8 Configuring OpenFlow instances....................................................................128

Configuring OpenFlow Instances with Multiple VLANs ...................................................................128

Configuring OpenFlow Instances with Single VLAN Identifier..........................................................128

Configuring OpenFlow instances to enable MAC group matching...................................................132

MAC group matching...................................................................................................................132

Switches that support MAC group tables and MAC group matching..........................................132

Configuration rules for OpenFlow instances and MAC groups...................................................132

Enabling or disabling MAC group matching on an OpenFlow instance......................................132

Prerequisites..........................................................................................................................132

Enabling MAC groups............................................................................................................133

Disabling MAC groups...........................................................................................................133

9 Backing up and restoring ................................................................................134

Backing up and restoring Best Practices..........................................................................................134

Backing up a controller ....................................................................................................................134

Backup operation ........................................................................................................................135

Backing up a controller ...............................................................................................................136

Downloading a backup from the controller to another location ..................................................136

Recommended backup practices ...............................................................................................137

Restoring a controller from a backup ...............................................................................................137

Restore operation .......................................................................................................................137

System restore requirements .....................................................................................................138

6 Contents

Main Page

HP HPE VAN SDN Controller 2.7 - Page 6

Table of Contents

Related product manuals