Hi Richard,
Please read: http://docs.cloudstack.apache.org/en/4.11.2.0/adminguide/hosts.html#security
4.11.2 is out, please consider using it instead of 4.11.1 as it has several bugfixes etc.
In short, with all of your KVM hosts up and connected to mgmt server, first change the auth strictness global setting to true, then using API secure the hosts using the provisionCertificate API. In the UI, go to your hosts that don't show up as secure and click on the key button (a new button) to secure the host which calls the provisionCertificate API as well.
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Richard Persaud <***@macys.com>
Sent: Monday, November 26, 2018 8:19:56 PM
To: ***@cloudstack.apache.org
Subject: RE: secure hosts communications
Thank you, Rohit.
I am using 4.11.1 with a full KVM environment. They are showing unsecure with strictness set to true.
What configuration needs to be adjusted to have the KVM hosts show secure?
Regards,
Richard Persaud
From: Rohit Yadav <***@shapeblue.com>
Sent: Saturday, November 24, 2018 2:02 PM
To: ***@cloudstack.apache.org
Subject: Re: secure hosts communications
â EXT MSG:
Richard,
Starting 4.11, agent and management servers will use an in-built CA framework to secured hosts. Only in case of KVM hosts you may see an insecure state, otherwise all KVM hosts (agents) and SSVM/CPVM agents will by default in Up state will be secured. There is an auth strictness setting that should be true.
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Richard Persaud <***@macys.com<mailto:***@macys.com>>
Sent: Saturday, November 24, 2018 4:21:24 AM
To: ***@cloudstack.apache.org<mailto:***@cloudstack.apache.org>
Subject: secure hosts communications
Hello,
Is there straight-forward to enable secure communications between the management and the hosts?
I have looked at many documentations but am still unable to get the hosts to show a "secure" state.
Regards,
Richard Persaud
***@shapeblue.com<mailto:***@shapeblue.com>
www.shapeblue.com<https://isolate.menlosecurity.com/0/eJyrViotylGyUsooKSmw0tcvLy_XK85ILEhNyilN1UvOz1XSUSrKV7Iy1FEqyUwBqjM0MFaqBQDf4BCe>
Amadeus House, Floral Street, London WC2E 9DPUK
@shapeblue
* This is an EXTERNAL EMAIL. Stop and think before clicking a link or opening attachments.
***@shapeblue.comÂ
www.shapeblue.com
Amadeus House, Floral Street, London WC2E 9DPUK
@shapeblue