Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

OpenStack - Security Professionals Information Exchange

1,834
views

Published on

A presentation to the Security Professionals Information Exchange in Calgary on Nov. 24, 2011.

A presentation to the Security Professionals Information Exchange in Calgary on Nov. 24, 2011.

Published in: Technology, News & Politics

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,834
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
53
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Infrastructure as a Service An Introduction to OpenStack
  • 2. Agenda
    • Introductions
    • Cybera
    • Infrastructure as a Service
    • OpenStack
    • Security Landscape
    • Other Technologies
    • Methodologies
    • Questions
  • 3. Tech Adoption Curve
  • 4. Amazon Web Services
  • 5. OpenStack
    • “ To produce the ubiquitous Open Source cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable.”
  • 6. OpenStack Object Storage
  • 7. OpenStack Object Storage Architecture
  • 8. OpenStack Image Service
  • 9. OpenStack Compute
  • 10. OpenStack Compute Architecture
  • 11. OpenStack Compute Architecture
  • 12. OpenStack Compute Architecture
  • 13. OpenStack Security Fundamentals
    • Keypairs
      • Allows ssh access to your instance
      • Name
      • Public key
      • Private key
      • 1024 bit
      • “ Injected” into VM
    • Security Groups
      • Firewall
      • Name
      • Port
      • IP range
      • Protocol
      • Live outside VM
  • 14. OpenStack Security Fundamentals
    • HTTPS
    • VLANManager mode
      • VLAN and bridge for each project
      • Requires a switch that supports VLAN tagging
      • Private IPs that are only accessible from inside the VLAN
    • Floating IPs
    • VPN
      • A special VPN instance (cloudpipe) needs to be created
      • Certificate and key for the user to access the VPN
      • Haven’t put this to use yet
  • 15. Open Security Architecture: Cloud Computing Pattern
    • Cloud Computing Pattern
    • Controls
  • 16. IaaS Security Best Practices
    • AWS Security Best Practices
      • Protect your data in transit
      • Protect your data at rest
      • Protect your AWS credentials
      • Manage multiple Users and their permissions with IAM
      • Secure your application
  • 17. IaaS Security Best Practices
    • Twenty Rules for Amazon Cloud Security
      • Encrypt all network traffic.
      • Use only encrypted file systems for block devices and non-root local devices.
      • Encrypt everything you put in S3 using strong encryption…
    • Key Security Issues for the Amazon Cloud
      • Amazon is in control of your data.
      • The Amazon S3 cloud storage infrastructure is weakly secured.
      • Perimeter security in the cloud is very different…
  • 18. OpenStack Vulnerability Management
    • wiki.openstack.org/VulnerabilityManagement
    • The OpenStack vulnerability management team is responsible for coordinating the progressive disclosure of a vulnerability.
    • Classification
      • Critical, Normal, Low
    • Process
      • From encrypted email
      • From Launchpad bug entry
      • Coordinated disclosure
  • 19. OpenStack Community
  • 20. OpenStack Projects
    • DAIR
      • www.canarie.ca/en/dair-program/about
      • github.com/canarie/dair
    • Cloud-Enabled Space Weather Platform
      • www.ceswp.ca
    • NeCTAR
      • www.nectar.org.au
  • 21. Other Technologies
    • Virtual Computing Lab
    • StarCluster
    • Moodle
    • Nagios & collectd
    • Puppet
    • KVM
    • Python & Django
    • Groovy & Grails
    • Git
    • Ubuntu & CentOS
    • NoMachine
  • 22. DevOps
    • In a DevOps environment, developers and sysadmins build relationships, processes, and tools that allow them to better interact and ultimately better service the customer.
    • DevOps is also more than just software deployment – it’s a whole new way of thinking about cooperation and coordination between the people who make the software and the people who run it.
    • Infrastructure as Code
  • 23. Scrum
    • Agile
    • Iterative (sprints)
    • Focused on delivery and feedback
    • Customer collaboration
  • 24. Tech Radar
  • 25. Confucius Sez “ Real knowledge is to know the extent of one’s ignorance.”
  • 26. Questions?
    • slideshare.net/cybera/openstack-security-professionals-information-exchange
    • cybera.ca
    • cybera.ca/tech-radar
    • cybera.ca/tech-radar/getting-started-with-cloud-openstack-cybera
    • groups.google.com/group/cybera-tech-radar