Discussion:
secure hosts communications
Richard Persaud
2018-11-23 22:51:24 UTC
Permalink
Hello,

Is there straight-forward to enable secure communications between the management and the hosts?

I have looked at many documentations but am still unable to get the hosts to show a "secure" state.

Regards,

Richard Persaud
Rohit Yadav
2018-11-24 19:01:44 UTC
Permalink
Richard,


Starting 4.11, agent and management servers will use an in-built CA framework to secured hosts. Only in case of KVM hosts you may see an insecure state, otherwise all KVM hosts (agents) and SSVM/CPVM agents will by default in Up state will be secured. There is an auth strictness setting that should be true.



- Rohit

<https://cloudstack.apache.org>



________________________________
From: Richard Persaud <***@macys.com>
Sent: Saturday, November 24, 2018 4:21:24 AM
To: ***@cloudstack.apache.org
Subject: secure hosts communications

Hello,

Is there straight-forward to enable secure communications between the management and the hosts?

I have looked at many documentations but am still unable to get the hosts to show a "secure" state.

Regards,

Richard Persaud


***@shapeblue.com 
www.shapeblue.com
Amadeus House, Floral Street, London WC2E 9DPUK
@shapeblue
Richard Persaud
2018-11-26 14:49:56 UTC
Permalink
Thank you, Rohit.

I am using 4.11.1 with a full KVM environment. They are showing unsecure with strictness set to true.

What configuration needs to be adjusted to have the KVM hosts show secure?

Regards,

Richard Persaud

From: Rohit Yadav <***@shapeblue.com>
Sent: Saturday, November 24, 2018 2:02 PM
To: ***@cloudstack.apache.org
Subject: Re: secure hosts communications

⚠ EXT MSG:

Richard,


Starting 4.11, agent and management servers will use an in-built CA framework to secured hosts. Only in case of KVM hosts you may see an insecure state, otherwise all KVM hosts (agents) and SSVM/CPVM agents will by default in Up state will be secured. There is an auth strictness setting that should be true.



- Rohit

<https://cloudstack.apache.org>



________________________________
From: Richard Persaud <***@macys.com<mailto:***@macys.com>>
Sent: Saturday, November 24, 2018 4:21:24 AM
To: ***@cloudstack.apache.org<mailto:***@cloudstack.apache.org>
Subject: secure hosts communications

Hello,

Is there straight-forward to enable secure communications between the management and the hosts?

I have looked at many documentations but am still unable to get the hosts to show a "secure" state.

Regards,

Richard Persaud


***@shapeblue.com<mailto:***@shapeblue.com>
www.shapeblue.com<https://isolate.menlosecurity.com/0/eJyrViotylGyUsooKSmw0tcvLy_XK85ILEhNyilN1UvOz1XSUSrKV7Iy1FEqyUwBqjM0MFaqBQDf4BCe>
Amadeus House, Floral Street, London WC2E 9DPUK
@shapeblue




* This is an EXTERNAL EMAIL. Stop and think before clicking a link or opening attachments.
Rohit Yadav
2018-11-27 08:49:16 UTC
Permalink
Hi Richard,


Please read: http://docs.cloudstack.apache.org/en/4.11.2.0/adminguide/hosts.html#security


4.11.2 is out, please consider using it instead of 4.11.1 as it has several bugfixes etc.

In short, with all of your KVM hosts up and connected to mgmt server, first change the auth strictness global setting to true, then using API secure the hosts using the provisionCertificate API. In the UI, go to your hosts that don't show up as secure and click on the key button (a new button) to secure the host which calls the provisionCertificate API as well.


- Rohit

<https://cloudstack.apache.org>



________________________________
From: Richard Persaud <***@macys.com>
Sent: Monday, November 26, 2018 8:19:56 PM
To: ***@cloudstack.apache.org
Subject: RE: secure hosts communications

Thank you, Rohit.

I am using 4.11.1 with a full KVM environment. They are showing unsecure with strictness set to true.

What configuration needs to be adjusted to have the KVM hosts show secure?

Regards,

Richard Persaud

From: Rohit Yadav <***@shapeblue.com>
Sent: Saturday, November 24, 2018 2:02 PM
To: ***@cloudstack.apache.org
Subject: Re: secure hosts communications

⚠ EXT MSG:

Richard,


Starting 4.11, agent and management servers will use an in-built CA framework to secured hosts. Only in case of KVM hosts you may see an insecure state, otherwise all KVM hosts (agents) and SSVM/CPVM agents will by default in Up state will be secured. There is an auth strictness setting that should be true.



- Rohit

<https://cloudstack.apache.org>



________________________________
From: Richard Persaud <***@macys.com<mailto:***@macys.com>>
Sent: Saturday, November 24, 2018 4:21:24 AM
To: ***@cloudstack.apache.org<mailto:***@cloudstack.apache.org>
Subject: secure hosts communications

Hello,

Is there straight-forward to enable secure communications between the management and the hosts?

I have looked at many documentations but am still unable to get the hosts to show a "secure" state.

Regards,

Richard Persaud


***@shapeblue.com<mailto:***@shapeblue.com>
www.shapeblue.com<https://isolate.menlosecurity.com/0/eJyrViotylGyUsooKSmw0tcvLy_XK85ILEhNyilN1UvOz1XSUSrKV7Iy1FEqyUwBqjM0MFaqBQDf4BCe>
Amadeus House, Floral Street, London WC2E 9DPUK
@shapeblue




* This is an EXTERNAL EMAIL. Stop and think before clicking a link or opening attachments.

***@shapeblue.com 
www.shapeblue.com
Amadeus House, Floral Street, London WC2E 9DPUK
@shapeblue

Loading...