hungluong
diff --git a/‎manuals/user-guide/src/main/asciidoc/addons/defense4all.adoc‎
Lines changed: 276 additions & 1 deletion b/‎manuals/user-guide/src/main/asciidoc/addons/defense4all.adoc‎
Lines changed: 276 additions & 1 deletion
diff --git a/‎manuals/user-guide/src/main/resources/images/defense4all_overview.jpg‎
298 KB b/‎manuals/user-guide/src/main/resources/images/defense4all_overview.jpg‎
298 KB
@@ -1,4 +1,279 @@
 == Defense4All
 
-Chapter on Defense For All
+This chapter provides the following sections: +
+
+* <<Defense4All Overview>>
+* <<Defense4All User Interface>>
+* <<Configuring the FrameWork Environment>>
+* <<FrameWork Maintenance>>
+* <<FrameWork Reports>>
+* <<Configuring Defense4All Protected Objects (POs)>>
+* <<Defense4All Reports>>
+
+=== Defense4All Overview
+Defense4All is an SDN application for detecting and mitigating DDoS attacks. The figure below depicts the positioning of Defense4All in OpenDaylight environment. +
+image::defense4all_overview.jpg[Defense4All Overview]
+
+The application communicates with OpenDaylight Controller through the ODC north-bound REST API. 
+
+Through the REST API Defense4All performs the following tasks:
+
+. Monitoring behavior of protected traffic - the application sets flow entries in selected network locations to read traffic statistics for each of the PNs (aggregating statistics collected for a given PN from multiple locations).
+. Diverting attacked traffic to selected AMSs – the application set flow entries in selected network locations to divert traffic to selected AMSs. When an attack is over the application removes these flow entries, thus returning to normal operation and traffic monitoring.
+
+Defense4All can optionally communicate with the defined AMSs. For example: To dynamically configure them, monitor them or collect and act upon attack statistics from the AMSs. The API to AMS is not standardized, and in any case beyond the scope of the OpenDaylight work. 
+Defense4All contains a reference implementation pluggable driver to communicate with Radware’s DefensePro AMS. 
+
+The application presents its north-bound REST and CLI APIs to allow its manager to:
+
+Control and configure the application (runtime parameters, ODC connectivity, AMSs in domain, PNs, and so on.).
+Obtain reporting data – operational or security, current or historical, unified from Defense4All and other sources such as, ODC and AMSs).
+Defense4All provides unified management, reporting and monitoring.
+
+*Management* - Important part of Defense4All operation is to allow users simple “one touch” and abstracted provisioning of security services, for both detection and mitigation operations. The user needs to only specify simple security attributes.
+*Reporting and monitoring operations* - Important part of security services is a combination of (near) real-time logs for monitoring as well as historical logs for reporting. 
+Defense4All provides a unified interface for both purposes. The monitoring information is based on various events collected from Defense4All, AMSs and ODC, allowing rich and correlated view on events. 
+Logged event records can be operational or security related. The former includes failures and errors and informational logs. 
+The latter includes detections, attacks and attack mitigation lifecycles, traffic diversion information and periodic traffic averages. 
+All logs are persistent (stable storage and replication).
+
+== Defense4All User Interface
+This section describes how to configure the Defense4All Framework environment. +
+
+=== Configuring the FrameWork Environment
+
+To set Defense4All configuration parameters: +
+
+. From an Internet browser, go to http://<ip address>:8086/controlapps, where _<ip address>_ is the address for the host that is running Defense4All.
+. From the FrameWork Setup pane, select *Framework* > *Setup*.
+. Set the *Framework Control Network Address* to the IP address Defense4All uses to access the control network.
+. To the right of the SDN Controllers label, click *Add*.
+. In the Add SDN Controller pane, set the following parameters:
+
+[cols=*2,2a,^,options="header",width="75%"]
+|===
+|Parameter|Description 
+|Hostname |Name of the SDN Controller. This is the SDN Controller that supports OpenFlow network programming (OFC stands for OpenFlow Controller). 
+OpenDaylight Controller provides this flavor both for OpenFlow enabled network devices and other network devices with adequate plug-ins in the PFC. 
+|IP address|IP address of the SDN Controller. 
+|Port|Port number of the SDN Controller. 
+|Statistics Polling Interval|The frequency that the SDN Controller polls for statistics. 
+|Username|Username to log into the SDN Controller. 
+|Password|Password to log into the SDN Controller. 
+|Confirm Password |Confirmation of the password of the SDN Controller. 
+|===
+
+[start = 6]
+. Click Submit. +
+
+NOTE: The SDN controller cannot be changed or removed. Only one (1) SDN controller can be configured. To change the SDN controller, you must reset Defense4All to factory settings.
+. In the FrameWork Setup pane, to the right of the Attack Mitigation Systems (AMSs) label, click Add.
+. In the Add Attack Mitigation System (AMS) pane, set the following parameters:
+
+
+[cols=*2,2a,^,options="header",width="75%"]
+|===
+|Parameter|Description 
+|Name|AMS descriptive name.  
+|Brand|Select the AMS brand from the drop-down list. +
+
+Values: Radware DefensePro, Other + 
+
+Default: Radware + 
+
+*Note:* The Radware DefensePro device can be removed only when there are no active mitigations (traffic redirections to it).  
+|Version|AMS version. +
+
+*Note:* This parameter is only applicable to Radware DefensePro.  
+|IP Address| AMS IP address. + 
+
+*Note:* This parameter is only applicable to Radware DefensePro.  
+|Port|AMS port number. +
+
+*Note:* This parameter is only applicable to Radware DefensePro.  
+|Username|AMS username. + 
+
+*Note:* This parameter is only applicable to Radware DefensePro.  
+|Password|Password to log into the AMS. + 
+
+*Note:* This parameter is only applicable to Radware DefensePro.  
+|Confirm Password|Confirmation of the password of the AMS. +
+
+*Note:* This parameter is only applicable to Radware DefensePro.  
+|Health Check| Interval  Time in seconds.  + 
+
+*Note:* This parameter is only applicable to Radware DefensePro.
+Default: 60 seconds  
+|===
+--
+NOTE: Only relevant for DefensePro. Layer 2 Broadcast Destination MAC Address, Multicast Destination MAC Address, Unrecognized L2 Format, and TTL Less Than or Equal to 1 blocking must be configured to avoid Layer 2 loops. For more information, refer to the discussion on Packet Anomaly protection in the DefensePro User Guide. +
+--
+[start = 9]
+
+. Click *Submit*. +
+. In the FrameWork Setup pane, to the right of the *Net Nodes* label, click *Add*.
+. In the Add Net Node pane, set the following parameters:
+
++
+--
+[cols=*2,2a,^,options="header",width="75%"]
+|===
+|Parameter|  Description  
+|Name|  NetNode descriptive name.  
+|ID|  NetNode ID.  
+|Type (read-only)|  Default: Openflow  
+|SDN Node Mode (read-only)|  Default: sdnenablednative.  
+|Health Check Interval (read- only)|  Default: 60 seconds  
+|===
+--
++
+
+[Start = 12]
+
+. To the right of the *Protected Links* label, click Add. +
+. In the Add Protected Link pane, set the following parameters: +
++
+--
+[cols=*2,2a,^,options="header",width="75%"]
+|===
+|Parameter|  Description  
+|Incoming Traffic Port|The incoming traffic port number.  
+|Outgoing Traffic Port|The outgoing traffic port number.  
+|===
+--
++
+
+[Start = 14]
+. Click *OK*. 
+. To the right of the AMS Connections label, click *Add*.
+. In the Add AMS Connection pane, set the following parameters:
+
++
+--
+[cols=*2,2a,^,options="header",width="75%"]
+|===
+|Parameter|  Description  
+|Name|  AMS connection descriptive name.  
+|AMS Name|  AMS connection name.  
+|NetNode North Port|  NetNode NothPort.  
+|NetNode South Port|  NetNode South Port.  
+|AMS North Port|  AMS North Port.  
+|AMS South Port|  AMS South Port.  
+|===
+--
++
+
+[Start = 16]
+
+. Click *OK*.
+. In the Add Net Node pane, click *Submit*.
+
+=== FrameWork Maintenance
+
+This section describes how to run maintenance operations on Defense4All 
+
+* *Reset to Factory Settings* — If you want to reset Defense4All to its factory settings, at the bottom of the FrameWork Setup pane, click Reset to Factory Settings. 
+* *Restart Framework* — To manually restart Defense4All, at the bottom of the FrameWork Setup 
+pane, click Restart FrameWork. 
+
+=== FrameWork Reports
+
+You can generate reports containing syslog messages that have been saved over a period of time. 
+
+To generate FrameWork reports: + 
+
+. From an Internet browser enter the IP address for the host that is running Defense4All.
+. In the FrameWork Reports pane, select *Framework > Report*.
+. In the FrameWork Report pane, select one of the tabs:  +
+
+.. Query by Time Period +
+* In the *From* and *To* fields, select the appropriate dates to define the range of the query. 
+* Select the *Event Types* you want included in the report. 
+* Click *Run Query*. The results display at the bottom of the pane. 
+* Enter a file path in the *Filename* filed, and click *Export Query to File* to save the query to a file.
+
+.. Query by Last Number of Rows
+* In the *Number of Rows* field, enter the last number of rows in the database you want displayed in your report. 
+* Select the *Event Types* you want included in the report. 
+* Click *Run Query*. The results display at the bottom of the pane. You cannot save this query to a file 
+.. Cleanup +
+
+* In the *Delete events older than* field, enter a number of days. Events older than this number of days are deleted. 
+* Click *Submit*. The results display at the bottom of the pane. You cannot save this query to a file. 
+
+=== Configuring Defense4All Protected Objects (POs)
+
+This section describes how to configure Defense4All protected objects (POs). 
+
+To set up Defense4All protected objects (POs): +
+
+. From an Internet browser, enter the IP address for the host that is running Defense4All.
+. From the Defense4All Setup pane, select *Defense4All* > *Setup*.
+. To the right of the *Protected Objects (POs)* label, click *Add*.
+. In the Add Protected Object (PO) pane, set the following parameters:
+
+[cols=*2,2a,^,options="header",width="75%"]
+|===
+|Parameter|  Description  
+|Name|  Name of the PO. +
+Valid characters: A–Z, a–z, 0-9, _ +
+*NOTE:* A PO cannot be removed when under attack.  
+|IP Address|  IP address and net mask of the PO.  
+|===
+[start = 5]
+. Click Submit.
+
+=== Defense4All Reports
+
+You can generate reports containing syslog messages that have been saved over a period of time. +
+
+To generate Defense4All reports: +
+
+. From an Internet browser enter the IP address for the host that is running Defense4All.
+. In the Defense4All Reports pane, select *Defense4All* > *Report*.
+. In the Defense4All Reports pane, select one of the tabs:
+
+-Query by Time Period +
+
+* In the *From* and *To* fields, select the appropriate dates to define the range of the query. 
+* Select the *Event Types* you want included in the report. 
+* Click *Run Queryv*. The results display at the bottom of the pane. 
+* To save the query to a file, enter a file path in the *Filename* filed, and click *Export Query* to File. 
+
+-Query by Last Number of Rows +
+
+* In the *Number of Rows* field, enter the last number of rows in the database you want displayed in your report. 
+* Select the *Event Types* you want included in the report. 
+* Click *Run Query*. The results display at the bottom of the pane. You cannot save this query to a file.
+
+-Cleanup +
+
+* In the *Delete events older* than field, enter a number of days. Events older than this number of days are deleted. 
+* Click *Submit*. The results display at the bottom of the pane. You cannot save this query to a file. 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+