Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    Authentication and Authorization in the Cloud CPE Solution

    The Cloud CPE solution uses OpenStack Keystone to authenticate and authorize Contrail Service Orchestration operations.

    • In a distributed deployment, the OpenStack Keystone resides on the Contrail Service Orchestration server in the central point of presence (POP).

      in this case, Installation of OpenStack Keystone occurs with the Contrail Service Orchestration installation, and you do not need to perform any subsequent configuration for OpenStack Keystone.

    • In a centralized deployment, you can use:
      • OpenStack Keystone in Contrail OpenStack on the Contrail Cloud Platform

        in this case, Installation of OpenStack Keystone occurs with the Contrail OpenStack installation, and you do not need to perform any subsequent configuration for OpenStack Keystone. This is the default method for a centralized deployment.

      • OpenStack Keystone on the Contrail Service Orchestration server in the central POP

        Use of this method provides enhanced security for your network because customers and Cloud CPE infrastructure components use separate OpenStack Keystone tokens. In this case, installation of OpenStack Keystone occurs with the Contrail Service Orchestration installation, and you must use Administration Portal or the API for post-installation configuration. Specifically, you must configure each virtualized infrastructure monitor (VIM) to include service profiles that specify settings to access to the infrastructure components, and then associate the service profile and VIM with each customer.

     

    Related Documentation

     

    Modified: 2017-02-05