NMX Manager (NMX-M) Documentation
NMX Manager (NMX-M) Documentation
Breadcrumbs

HTTPS/Authentication Mechanism

In NMX-M, security and user authentication are critical components achieved through the use of HTTPS and a Kong Basic Authentication mechanism. HTTPS (Hypertext Transfer Protocol Secure) is employed to protect data transmitted between clients (such as web browsers) and the server by encrypting this data using SSL/TLS protocols. HTTPS ensures that sensitive information, such as login credentials and personal details is safeguarded from interception or tampering by unauthorized parties. When a client connects to a server over HTTPS, the server presents a digital certificate verified by a trusted Certificate Authority (CA). This certificate authenticates the server's identity and establishes a secure connection, ensuring data integrity, confidentiality, and authentication. 

 In addition to HTTPS, our system utilizes a basic authentication approach with pre-defined users that are set upon installation. This provides a flexible and secure way to authenticate and authorize users interacting with our REST API. To implement this, we use the Kong API gateway as a reverse proxy, configured with Basic Authentication and ACL plugins. This setup allows Kong to authenticate users attempting to access specific resources using the existing user accounts on the system. 

 By combining HTTPS and a robust authentication mechanism, our system provides a secure and reliable environment for users, protecting their data and ensuring proper access controls. 

Authentication  

In NMX-M, there are two users configured for interacting with the API:  

  • ro-user 

  • rw-user 

 The password for each user is set during the NMX-M cluster installation process. Those users are configured in Kong’s basic authentication settings and applied to all routes. The login information is encrypted and kept in a dedicated PostgreSQL DB. 

Authorization 

Each user has its own ACL group configuration. 

Ready Only ACL Group 

This group includes the "ro-user" and grants access to read-only API endpoints. Any NMX API endpoint that uses the GET HTTP method can be accessed here. 

Relevant API Endpoints 

Group 

Operation 

Method 

URL 

KPI

Get KPI

GET

/nmx/v1/kpis

Metric 

Get Metrics

GET 

/nmx/v1/metrics

Services 

List NMX Services 

GET 

/nmx/v1/services 

Get NMX Service 

GET 

/nmx/v1/services/{id} 

Compute Nodes 

List Compute Nodes 

GET 

/nmx/v1/compute-nodes 

Get Compute Nodes Count 

GET 

/nmx/v1/compute-nodes/count 

Get Compute Node 

GET 

/nmx/v1/compute-nodes/{id} 

Switch Nodes 

List Switch Nodes 

GET 

/nmx/v1/switch-nodes 

Get Switch Nodes Count 

GET 

/nmx/v1/switch-nodes/count 

Get Switch Node 

GET 

/nmx/v1/switch-node/{id} 

Switches 

List Switches 

GET 

/nmx/v1/switches 

Get Switches Count 

GET 

/nmx/v1/switches/count 

Get Switch 

GET 

/nmx/v1/switches/{id} 

Chassis 

List Chassis 

GET 

/nmx/v1/chassis 

Get Chassis Count 

GET 

/nmx/v1/chassis/count 

Get Chassis 

GET 

/nmx/v1/chassis/{id} 

Ports 

List Ports 

GET 

/nmx/v1/ports 

Get Ports Count 

GET 

/nmx/v1/ports/count 

Get Port 

GET 

/nmx/v1/ports/{id} 

GPU 

List GPUs 

GET 

/nmx/v1/gpus 

Get GPU Count 

GET 

/nmx/v1/gpus/count 

Get GPU 

GET 

/nmx/v1/gpus/{id} 

Operations 

List Operations 

GET 

/nmx/v1/operations 

Get Operation 

GET 

/nmx/v1/operations/{id} 

Ready Write ACL Group 

Includes the "rw-user" and allows access to all API endpoints. Any NMX API endpoint, regardless of its HTTP method, can be accessed here. 

Relevant API Endpoints 

In addition to the above GET endpoints. 

Group 

Operation 

Method 

URL 

Services 

Add NMX Service 

POST 

/nmx/v1/services 

Delete NMX Service 

DELETE 

/nmx/v1/services/{id} 

Compute Nodes 

Update Compute Node 

PUT 

/nmx/v1/compute-nodes/{id} 

Switch Nodes 

Update Switch Node 

PUT 

/nmx/v1/switch-nodes/{id} 

Switches 

Update Switch 

PUT 

/nmx/v1/switches/{id} 

Chassis 

Update Chassis 

PUT 

/nmx/v1/chassis/{id} 

GPU 

Update GPU 

PUT 

/nmx/v1/gpus/{id} 

Operations 

Cancel Operation 

DELETE 

/nmx/v1/operations/{id} 

Examples 

Read Only Endpoint 

Postman 

Authorization settings tab: 

  1. Select type: Basic Auth 

  2. Username: rw-user ; Password: <password defined during cluster installation> 

  11.png

Terminal 

  1. In a terminal window, use "bash plus curl" to execute requests. 

  2. Run the following curl command, enter values for the various parameters.  

    curl -X 'GET' \ 
  'https://<ip_address>/nmx/v1/compute-nodes' \ 
  -u ro-user:ro-password


Read Write Endpoint 

Postman 

Authorization settings tab: 

  1. Select type: Basic Auth 

  2. Username: rw-user ; Password: <password defined during cluster installation> 

12.png

Example Request Body 

  1. Select Method: PUT 

  2. Select type: JSON 

  3. Fill in the request body details as seen below. 

13.png

Terminal 

  1. In a terminal window, use "bash plus curl" to execute requests. 

  2. Run the following curl command, and enter values for the various parameters.  

    curl -X 'PUT' \ 
  'https://<ip_address>/nmx/v1/compute-nodes/<id>' \ 
  -H 'accept: application/json' \ 
  -H 'Content-Type: application/json' \ 
  -u rw-user:rw-password \ 
  -d '{ 
  "Description": "Some New Description", 
  "Name": "Some New Name" 
}


Last updated: