Changes between Version 23 and Version 24 of OperationalMonitoring/DatastorePolling
- Timestamp:
- 04/30/14 15:53:15 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
OperationalMonitoring/DatastorePolling
v23 v24 57 57 == Security == 58 58 59 Access to the local datastore is restricted through the use of certificates enabling an SSL connection. When a new request comes in, the following occurs: 59 Access to the local datastore is restricted through the use of certificates enabling an SSL connection. Anyone running a collector or testing to see if their datastore is responding properly to queries will need a tool certificate. To get a tool certificate, follow [http://groups.geni.net/geni/wiki/GENIDeveloper/ToolCertificates these instructions]. We suggest using a key without a passphrase for convenience. A passphrase-less key has a high enough level of security for our purposes. For the tool name, use collector. 60 61 When a new request comes in, the following occurs: 60 62 61 63 * The webserver makes sure the SSL certificate is signed by a GENI trust anchor. The local datastore webserver is configured to do this check. 62 * The certificate is passed along to the application which parses out the URN.64 * The certificate is passed along to the application which parses out the Subject Alternative Name URN. 63 65 * Last, the URN is checked to see if it is on the whitelist (those with permission to access operational data). 64 66 * The request is answered as outlined above on this page.