Securing RESTCONF using HTTPS
Security Considerations for Clustering
While OpenDaylight clustering provides many benefits including high availability, scale-out performance, and data durability, it also opens a new attack surface in the form of the messages exchanged between the various instances of OpenDaylight in the cluster. In the current OpenDaylight release, these messages are neither encrypted nor authenticated meaning that anyone with access to the management network where OpenDaylight exchanges these clustering messages can forge and/or read the messages. This means that if clustering is enabled, it is even more important that the management network be kept secure from any untrusted entities.(虽然OpenDaylight群集具有许多优点,包括高可用性,横向扩展性能和数据持久性,但它也以在群集中OpenDaylight的各个实例之间交换的消息的形式打开了新的攻击面。 在当前的OpenDaylight版本中,这些消息既未加密也不经过身份验证,这意味着有权访问OpenDaylight交换这些群集消息的管理网络的任何人都可以伪造和/或读取消息。 这意味着,如果启用了群集,则保持管理网络不受任何不受信任的实体的安全就显得尤为重要。)
What to Do with OpenDaylight
OpenDaylight (ODL) is a modular open platform for customizing and automating networks of any size and scale.(OpenDaylight(ODL)是一个模块化的开放平台,用于自定义和自动化任何大小规模网络。)