Versions Compared

Version Old Version 1 New Version 2
Changes made by

MS

MS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Abiquo customers generally know how to best secure their environment and configure certificates for secure connections.

You can run Abiquo over HTTP to communicate between its appliances when its internal connections are inside the same infrastructure/datacenter network.

However, your users will usually connect over HTTPS and if you have remote datacenters, then the remote services will usually also connect over HTTPS.

...

.

And if you want users to be able to upload or download templates, then this requires a direct connection to the Appliance Manager remote service, which must be made with HTTPS. (Note that TLS with a self-signed certificate is preconfigured on the Abiquo Monolithic Server).

You should also use this configuration where the Abiquo remote services will connect to the Abiquo Server over the internet.

See Configure Abiquo Tomcat with HTTPS for Remote RS.

The following sections summarize how the certificates are configured in Abiquo.

...

Abiquo UI

The Apache web server (HTTPD) uses the certificate for the Abiquo User Interface on the Abiquo API/UI or UI server.

...

If you have remote RS servers,which means remote services in remote locations, or to allow Abiquo to upload and download templates, you will also need to import this certificate into the Java keystore.

...

Remote RS

If you have remote datacenters that will communicate over the internet, or require extra security on the application layer, and more secure communications over and above using firewalls at both ends, you can secure connections for the remote services in remote sites (remote RS servers) by implementing TLS over HTTP, and configure the Catalina connector for Tomcat to use TLS/HTTPS.

You will also need to import the remote RS certificate into the Java keystores of the API/UI servers so the API/UI can connect via HTTPS to the RS.

See Configure Abiquo Tomcat with HTTPS for Remote RS.

To quickly check this certificate, for example, on the API server, use the following command.

Code Block
breakoutModewide
[root@abicloud ~]# keytool -list -keystore /usr/java/default/jre/lib/security/cacerts -alias remoters.example.com
Enter keystore password:  
remoters.example.com, Dec 12, 2019, trustedCertEntry,
Certificate fingerprint (SHA1): AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA

...

Adding Remote RS with TLS in Abiquo

Generally, under this configuration, the following remote services should be added to Abiquo:

...