Context Navigation

Changes between Version 23 and Version 24 of OperationalMonitoring/DatastorePolling

-                      v23
+                      v24
 == Security ==
+Access to the local datastore is restricted through the use of certificates enabling an SSL connection.  When a new request comes in,  the following occurs:
+Access to the local datastore is restricted through the use of certificates enabling an SSL connection.  Anyone running a collector or testing to see if their datastore is responding properly to queries will need a tool certificate.  To get a tool certificate, follow [http://groups.geni.net/geni/wiki/GENIDeveloper/ToolCertificates these instructions].  We suggest using a key without a passphrase for convenience.  A passphrase-less key has a high enough level of security for our purposes.  For the tool name, use collector.
+  When a new request comes in,  the following occurs:
  * The webserver makes sure the SSL certificate is signed by a GENI trust anchor.  The local datastore webserver is configured to do this check.
  * The certificate is passed along to the application which parses out the URN.
+ * The certificate is passed along to the application which parses out the Subject Alternative Name URN.
  * Last, the URN is checked to see if it is on the whitelist (those with permission to access operational data).
  * The request is answered as outlined above on this page.