Re: secure hosts communications

Tue, 27 Nov 2018 00:49:50 -0800 

Hi Richard,


Please read: 
http://docs.cloudstack.apache.org/en/4.11.2.0/adminguide/hosts.html#security


4.11.2 is out, please consider using it instead of 4.11.1 as it has several 
bugfixes etc.

In short, with all of your KVM hosts up and connected to mgmt server, first 
change the auth strictness global setting to true, then using API secure the 
hosts using the provisionCertificate API. In the UI, go to your hosts that 
don't show up as secure and click on the key button (a new button) to secure 
the host which calls the provisionCertificate API as well.


- Rohit

<https://cloudstack.apache.org>



________________________________
From: Richard Persaud <richard.pers...@macys.com>
Sent: Monday, November 26, 2018 8:19:56 PM
To: users@cloudstack.apache.org
Subject: RE: secure hosts communications

Thank you, Rohit.

I am using 4.11.1 with a full KVM environment. They are showing unsecure with 
strictness set to true.

What configuration needs to be adjusted to have the KVM hosts show secure?

Regards,

Richard Persaud

From: Rohit Yadav <rohit.ya...@shapeblue.com>
Sent: Saturday, November 24, 2018 2:02 PM
To: users@cloudstack.apache.org
Subject: Re: secure hosts communications

⚠ EXT MSG:

Richard,


Starting 4.11, agent and management servers will use an in-built CA framework 
to secured hosts. Only in case of KVM hosts you may see an insecure state, 
otherwise all KVM hosts (agents) and SSVM/CPVM agents will by default in Up 
state will be secured. There is an auth strictness setting that should be true.



- Rohit

<https://cloudstack.apache.org>



________________________________
From: Richard Persaud 
<richard.pers...@macys.com<mailto:richard.pers...@macys.com>>
Sent: Saturday, November 24, 2018 4:21:24 AM
To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>
Subject: secure hosts communications

Hello,

Is there straight-forward to enable secure communications between the 
management and the hosts?

I have looked at many documentations but am still unable to get the hosts to 
show a "secure" state.

Regards,

Richard Persaud


rohit.ya...@shapeblue.com<mailto:rohit.ya...@shapeblue.com>
www.shapeblue.com<https://isolate.menlosecurity.com/0/eJyrViotylGyUsooKSmw0tcvLy_XK85ILEhNyilN1UvOz1XSUSrKV7Iy1FEqyUwBqjM0MFaqBQDf4BCe>
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue




* This is an EXTERNAL EMAIL. Stop and think before clicking a link or opening 
attachments.

rohit.ya...@shapeblue.com 
www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue

Reply via email to