User guide

Once the SHIELD components are installed and configured, the components are ready to use and/or to access. This guide provides pointers on how to access each component.

The following components are described:

• vNSF Ecosystem
  • vNSF Store
  • vNSF Orchestrator
• Trusted Infrastructure
  • Trust Monitor
• Big Data Analytics
  • Security Dashboard
• Infrastructure
  • Big Data cluster
  • VIM for the VNFs
  • NFVO
  • SDN controller

vNSF Ecosystem

vNSF Store

1. The component is running at "http://$host_ip:5050" (where "$host_ip" is the IP of the node where the component runs)
2. There is no GUI served. REST-enabled clients (e.g., cURL) are the expected way to use
3. The list of available REST endpoints is defined in Swagger

vNSF Orchestrator

1. The component will typically run at "https://$host_ip:8443" (where "$host_ip" is the IP of the node where the component runs, and where HTTP/HTTPS and the port are configurable).
2. There is no GUI served. REST-enabled clients (e.g., cURL) are the expected way to use.
   Swagger documentation is shown directly when accessing the endpoint via a browser
3. The list of available REST endpoints is defined in Swagger

Trusted Infrastructure

Trust Monitor

1. The component runs at "https://$host_ip:443" (where "$host_ip" is the IP of the node where the component runs).
2. There is no GUI served. REST-enabled clients (e.g., cURL) are the expected way to use.
   Django REST interface is shown when accessing the endpoint via a browser
3. The list of available REST endpoints is defined in Django and below:
   • Status information on the application: GET on https://$host_ip:443/status/
   • Registration of a node: https://$host_ip:443/register_node/
     • POST with body: '{"distribution": "", "hostName": "", "driver":"OAT/OpenCIT/HPESwitch", "address": "xxx.xxx.xxx.xxx"}'
     • DELETE with body: '{"hostName": ""}'
   • Attestation of a node: https://$host_ip:443/attest_node/
     • GET to https://$host_ip:443/nfvi_pop_attestation_info?node_id= or to https://$host_ip:443/nfvi_attestation_info/
     • POST with body: '{"node_list" : [{"node" : ""}]}'

Big Data Analytics

Security Dashboard

1. The component runs at "http://$host_ip/#/shield/home/dashboard" (where "$host_ip" is the IP of the node where the component runs). Read more on the Dashboard design
2. A GUI is served. Browsers are the expected way to use
3. The GUI operates with multiple users. Below you can find a reference:
   • SHIELD Administrator: performs all the Operations & Maintenance (O&M) tasks available for a SHIELD instance, having the highest level of privileges granted to a user. It is the user that can create SecaaS clients and onboard NSs.

     username: admin
     password: adminpass
     client: default

   • SecaaS Administration: performs all the O&M tasks associated with a specific SecaaS client, having the highest level of privileges granted to a user tasked with managing a SecaaS client. Can select the NSs to use for the client.

     username: shield.client.admin
     password: pass
     client: shield-uw

   • Developer: can submit vNSFs for onboarding into the platform. It is also the role with the least privileges granted in the entire platform.

     username: shield.developer
     password: pass
     client: shield-developers

Infrastructure

Big Data cluster

1. The tool runs at "http://$host_ip:7180/cmf/services/10/instances" (where "$host_ip" is the IP of the node where the component runs)
2. A GUI is served. Browsers are the expected way to use

VIM for the VNFs

OpenStack Ocata

1. The tool will typically run at "https://$host_ip/auth/login/?next=" (where "$host_ip" is the IP of the node where the tool runs, and where HTTP/HTTPS is configurable)
2. A GUI is served. Browsers are the expected way to use

vim-emu

1. The tool connects Docker with some emulated OpenStack APIs, so it is reachable by the typical Docker commands (e.g., "docker ps -a")
2. No GUI is served. CLI is the expected way to use

NFVO

OSM release FIVE

1. The tool runs at "http://$host_ip/auth/?next=/" (where "$host_ip" is the IP of the node where the tool runs)
2. A GUI is served. Browsers, CLI and REST-enabled clients (e.g., cURL) are the expected way to use
3. The GUI operates with multiple users. The default one is:

   username: admin
   password: admin

SDN controller

1. The tool runs at "http://$host_ip:8181/index.html#/login" (where "$host_ip" is the IP of the node where the tool runs)
2. A GUI is served. Browsers, CLI (via Karaf) and REST-enabled clients (e.g., cURL) are the expected way to use
3. The list of available REST endpoints is defined in "http://$host_ip:8181/apidoc/explorer/index.html". Some examples below:
   • Get flows from the operational endpoint:

     curl -v --user "admin":"admin" -H "Accept:application/json" http://$host_ip:8181/restconf/operational/opendaylight-inventory:nodes/node/openflow:112591078470795328/flow-node-inventory:table/0

   • Get flows from the config endpoint:

     curl -v --user "admin":"admin" -H "Accept:application/json" http://$host_ip:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:112591078470795328/table/0

   • Push flows to the config endpoint:

     curl -v --user "admin":"admin" -H "Accept:application/xml" -H "Content-type: application/xml" -X PUT -d 'L2switch-00030984765436309012480065535NORMAL100004200000020640' http://$host_ip:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:112713206571380736/flow-node-inventory:table/0/flow/L2switch-0

4. The GUI operates with a default user:

   username: admin
   password: admin