Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP VAN SDN Controller Software Products
71727374757677787980
15. Update opt/sdn/virgo/bin/dmk.sh to insert environment variables that set the
sdnjar_trust.jks values in the controller.
a. Under the line containing “XX-HeadDumpPath...” add
DSDN.trustpas=<NEWPASS4SIGN>.
b. Restart the Keystone service (sudo service keystore restart).
16. Restart the controller.
5.14.2 Recommended administrative rules
Observing these rules can help to prevent unauthorized access to the controller:
Do not enable shell history on your controller.
Do not allow other users besides sdn and sdnadmin to have access to your controller system.
Do not store your authentication token in plain text, such as a non-encrypted cookie.
Do not use self-signed certificates in a production environment.
Do not alter contents under /opt/sdn/Cassandra and /opt/sdn/Hazelcast.
Do not delete any of the following iptables rules as shown below:
iptables L Chain INPUT (policy ACCEPT)
Table 1 IP tables Rules
Destinationprot opt sourceTarget
anywhere tcp dpt:5700 reject-with icmp-port-unreachabletcp --anywhereREJECT
anywhere tcp dpt:9160tcp – 127.0.0.0/8ACCEPT
anywhere tcp dpt:9160 reject-with icmp-port-unreachabletcp --anywhereREJECT
anywhere tcp dpt:7199tcp – 127.0.0.0/8ACCEPT
anywhere tcp dpt:7199 reject-with icmp-port-unreachabletcp --anywhereREJECT
72 SDN Controller authentication