Manualshelf

HP VAN SDN Controller Administrator Guide v3

ManualsBrandsHP ManualsSoftwareHP VAN SDN Controller Software Products
61626364656667686970
4.5 Configuration Encryption
Sensitive information such as tokens and passwords are stored encrypted on the SDN controller.
However, to encrypt and decrypt these properties, the controller requires a master key that is
passed into the controller upstart script via an environment variable. To change the default master
key (recommended):
1. First, stop these services:
sudo service sdnc stop
sudo service sdna stop
2. Then change the default master key:
sudo /opt/sdn/admin/sdnpass <old_master_key> <new_master_key>
4.6 Openflow Controller TLS
The Openflow controller component relies on PKI to establish mutual trust (2-way SSL) between
itself and the Openflow switches that it manages. It is recommended that the Openflow keystore
and truststore used for Openflow switch communication be separate from the SDN controller’s
keystore and truststore used for north-bound communication.
4.6.1 Creating Openflow Controller Keystore and Truststore
The process for creating the Openflow keystore and truststore is similar to the steps outlined under
Creating SDN Controller Keystore and Truststore, and therefore is not repeated here. The store
names for both the Openflow keystore/truststore and the SDN controller’s keystore/truststore should
be different. Please note that both the Controller and Device certificates must be signed by the
same CA, so that the TLS connection will be established. Please refer to your switch’s manual on
how to configure TLS on your switch.
4.6.2 Openflow Controller Keystore and Truststore Locations and Passwords
The Openflow Controller’s configurations for keystore/truststore are located in the
com.hp.sdn.ctl.of.impl.ControllerManager configuration. The keystore and keystore.password
properties capture the location of the keystore and the password of the keystore respectively.
Similarly, the truststore and truststore.password capture the location of the truststore and the
password of the truststore respectively.
Figure 71 Components that Reference OpenFlow Keystore and Truststore
68 SDN Controller Authentication