Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Abiquo customers generally know how to best secure their environment and configure certificates for secure connections.

You can run Abiquo over HTTP to communicate between its appliances when its internal connections are inside the same infrastructure/datacenter network.

However, your users will usually connect over HTTPS and if you have remote datacenters, then the remote services will usually also connect over HTTPS.

Abiquo UI

The Apache web server (HTTPD) uses the certificate for the Abiquo User Interface on the Abiquo API/UI or UI server.

On the API/UI server, the certificate files would typically be found in this folder /etc/pki/tls/certs.

You configure this certificate for the Apache Web Server in the /etc/httpd/conf.d/abiquo.conf file, which contains the configuration for the Abiquo website/VirtualHost.

To quickly check this certificate, use the following command.

[root@abicloud ~]# keytool -list -keystore /usr/java/default/jre/lib/security/cacerts -alias abicloud.example.com
Enter keystore password:  
abicloud.example.com, Dec 11, 2022, trustedCertEntry,
Certificate fingerprint (SHA1): AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA

If you have remote RS servers, which means remote services in remote locations, to allow Abiquo to upload and download templates, you will also need to import this certificate into the Java keystore.

Remote RS

If you have remote datacenters that will communicate over the internet, or require extra security on the application layer, and more secure communications over and above using firewalls at both ends, you can secure connections for the remote services in remote sites (remote RS servers) by implementing TLS over HTTP, and configure the Catalina connector for Tomcat to use TLS/HTTPS.

You will also need to import the remote RS certificate into the Java keystores of the API/UI servers so the API/UI can connect via HTTPS to the RS.

See Configure Abiquo Tomcat with HTTPS for Remote RS.

To quickly check this certificate, for example, on the API server, use the following command.

[root@abicloud ~]# keytool -list -keystore /usr/java/default/jre/lib/security/cacerts -alias remoters.example.com
Enter keystore password:  
remoters.example.com, Dec 12, 2019, trustedCertEntry,
Certificate fingerprint (SHA1): AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA

Adding Remote RS with TLS in Abiquo

Generally, under this configuration, the following remote services should be added to Abiquo:

  • Appliance manager from the API/UI server on port 443/tcp with the connector defined on the UI server

  • Business process manager from remote V2V server on port 8010/tcp

  • Other remote services from the remote RS server on port 8009/tcp

  • No labels

Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved