Infrastructure as a Service An Introduction to OpenStack
Agenda <ul><li>Introductions </li></ul><ul><li>Cybera </li></ul><ul><li>Infrastructure as a Service </li></ul><ul><li>Open...
Tech Adoption Curve
Amazon Web Services
OpenStack <ul><li>“ To produce the ubiquitous Open Source cloud computing platform that will meet the needs of public and ...
OpenStack Object Storage
OpenStack Object Storage Architecture
OpenStack Image Service
OpenStack Compute
OpenStack Compute Architecture
OpenStack Compute Architecture
OpenStack Compute Architecture
OpenStack Security Fundamentals <ul><li>Keypairs </li></ul><ul><ul><li>Allows ssh access to your instance </li></ul></ul><...
OpenStack Security Fundamentals <ul><li>HTTPS </li></ul><ul><li>VLANManager mode </li></ul><ul><ul><li>VLAN and bridge for...
Open Security Architecture: Cloud Computing Pattern <ul><li>Cloud Computing Pattern </li></ul><ul><li>Controls </li></ul>
IaaS Security Best Practices <ul><li>AWS Security Best Practices </li></ul><ul><ul><li>Protect your data in transit </li><...
IaaS Security Best Practices <ul><li>Twenty Rules for Amazon Cloud Security </li></ul><ul><ul><li>Encrypt all network traf...
OpenStack Vulnerability Management <ul><li>wiki.openstack.org/VulnerabilityManagement </li></ul><ul><li>The OpenStack vuln...
OpenStack Community
OpenStack Projects <ul><li>DAIR </li></ul><ul><ul><li>www.canarie.ca/en/dair-program/about </li></ul></ul><ul><ul><li>gith...
Other Technologies <ul><li>Virtual Computing Lab </li></ul><ul><li>StarCluster </li></ul><ul><li>Moodle </li></ul><ul><li>...
DevOps <ul><li>In a DevOps environment, developers and sysadmins build relationships, processes, and tools that allow them...
Scrum <ul><li>Agile </li></ul><ul><li>Iterative (sprints) </li></ul><ul><li>Focused on delivery and feedback </li></ul><ul...
Tech Radar
Confucius Sez “ Real knowledge is to know the extent of one’s ignorance.”
Questions? <ul><li>slideshare.net/cybera/openstack-security-professionals-information-exchange </li></ul><ul><li>cybera.ca...
Upcoming SlideShare
Loading in …5
×

OpenStack - Security Professionals Information Exchange

2,238 views

Published on

A presentation to the Security Professionals Information Exchange in Calgary on Nov. 24, 2011.

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,238
On SlideShare
0
From Embeds
0
Number of Embeds
18
Actions
Shares
0
Downloads
62
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

OpenStack - Security Professionals Information Exchange

  1. 1. Infrastructure as a Service An Introduction to OpenStack
  2. 2. Agenda <ul><li>Introductions </li></ul><ul><li>Cybera </li></ul><ul><li>Infrastructure as a Service </li></ul><ul><li>OpenStack </li></ul><ul><li>Security Landscape </li></ul><ul><li>Other Technologies </li></ul><ul><li>Methodologies </li></ul><ul><li>Questions </li></ul>
  3. 3. Tech Adoption Curve
  4. 4. Amazon Web Services
  5. 5. OpenStack <ul><li>“ To produce the ubiquitous Open Source cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable.” </li></ul>
  6. 6. OpenStack Object Storage
  7. 7. OpenStack Object Storage Architecture
  8. 8. OpenStack Image Service
  9. 9. OpenStack Compute
  10. 10. OpenStack Compute Architecture
  11. 11. OpenStack Compute Architecture
  12. 12. OpenStack Compute Architecture
  13. 13. OpenStack Security Fundamentals <ul><li>Keypairs </li></ul><ul><ul><li>Allows ssh access to your instance </li></ul></ul><ul><ul><li>Name </li></ul></ul><ul><ul><li>Public key </li></ul></ul><ul><ul><li>Private key </li></ul></ul><ul><ul><li>1024 bit </li></ul></ul><ul><ul><li>“ Injected” into VM </li></ul></ul><ul><li>Security Groups </li></ul><ul><ul><li>Firewall </li></ul></ul><ul><ul><li>Name </li></ul></ul><ul><ul><li>Port </li></ul></ul><ul><ul><li>IP range </li></ul></ul><ul><ul><li>Protocol </li></ul></ul><ul><ul><li>Live outside VM </li></ul></ul>
  14. 14. OpenStack Security Fundamentals <ul><li>HTTPS </li></ul><ul><li>VLANManager mode </li></ul><ul><ul><li>VLAN and bridge for each project </li></ul></ul><ul><ul><li>Requires a switch that supports VLAN tagging </li></ul></ul><ul><ul><li>Private IPs that are only accessible from inside the VLAN </li></ul></ul><ul><li>Floating IPs </li></ul><ul><li>VPN </li></ul><ul><ul><li>A special VPN instance (cloudpipe) needs to be created </li></ul></ul><ul><ul><li>Certificate and key for the user to access the VPN </li></ul></ul><ul><ul><li>Haven’t put this to use yet </li></ul></ul>
  15. 15. Open Security Architecture: Cloud Computing Pattern <ul><li>Cloud Computing Pattern </li></ul><ul><li>Controls </li></ul>
  16. 16. IaaS Security Best Practices <ul><li>AWS Security Best Practices </li></ul><ul><ul><li>Protect your data in transit </li></ul></ul><ul><ul><li>Protect your data at rest </li></ul></ul><ul><ul><li>Protect your AWS credentials </li></ul></ul><ul><ul><li>Manage multiple Users and their permissions with IAM </li></ul></ul><ul><ul><li>Secure your application </li></ul></ul>
  17. 17. IaaS Security Best Practices <ul><li>Twenty Rules for Amazon Cloud Security </li></ul><ul><ul><li>Encrypt all network traffic. </li></ul></ul><ul><ul><li>Use only encrypted file systems for block devices and non-root local devices. </li></ul></ul><ul><ul><li>Encrypt everything you put in S3 using strong encryption… </li></ul></ul><ul><li>Key Security Issues for the Amazon Cloud </li></ul><ul><ul><li>Amazon is in control of your data. </li></ul></ul><ul><ul><li>The Amazon S3 cloud storage infrastructure is weakly secured. </li></ul></ul><ul><ul><li>Perimeter security in the cloud is very different… </li></ul></ul>
  18. 18. OpenStack Vulnerability Management <ul><li>wiki.openstack.org/VulnerabilityManagement </li></ul><ul><li>The OpenStack vulnerability management team is responsible for coordinating the progressive disclosure of a vulnerability. </li></ul><ul><li>Classification </li></ul><ul><ul><li>Critical, Normal, Low </li></ul></ul><ul><li>Process </li></ul><ul><ul><li>From encrypted email </li></ul></ul><ul><ul><li>From Launchpad bug entry </li></ul></ul><ul><ul><li>Coordinated disclosure </li></ul></ul>
  19. 19. OpenStack Community
  20. 20. OpenStack Projects <ul><li>DAIR </li></ul><ul><ul><li>www.canarie.ca/en/dair-program/about </li></ul></ul><ul><ul><li>github.com/canarie/dair </li></ul></ul><ul><li>Cloud-Enabled Space Weather Platform </li></ul><ul><ul><li>www.ceswp.ca </li></ul></ul><ul><li>NeCTAR </li></ul><ul><ul><li>www.nectar.org.au </li></ul></ul>
  21. 21. Other Technologies <ul><li>Virtual Computing Lab </li></ul><ul><li>StarCluster </li></ul><ul><li>Moodle </li></ul><ul><li>Nagios & collectd </li></ul><ul><li>Puppet </li></ul><ul><li>KVM </li></ul><ul><li>Python & Django </li></ul><ul><li>Groovy & Grails </li></ul><ul><li>Git </li></ul><ul><li>Ubuntu & CentOS </li></ul><ul><li>NoMachine </li></ul>
  22. 22. DevOps <ul><li>In a DevOps environment, developers and sysadmins build relationships, processes, and tools that allow them to better interact and ultimately better service the customer. </li></ul><ul><li>DevOps is also more than just software deployment – it’s a whole new way of thinking about cooperation and coordination between the people who make the software and the people who run it. </li></ul><ul><li>Infrastructure as Code </li></ul>
  23. 23. Scrum <ul><li>Agile </li></ul><ul><li>Iterative (sprints) </li></ul><ul><li>Focused on delivery and feedback </li></ul><ul><li>Customer collaboration </li></ul>
  24. 24. Tech Radar
  25. 25. Confucius Sez “ Real knowledge is to know the extent of one’s ignorance.”
  26. 26. Questions? <ul><li>slideshare.net/cybera/openstack-security-professionals-information-exchange </li></ul><ul><li>cybera.ca </li></ul><ul><li>cybera.ca/tech-radar </li></ul><ul><li>cybera.ca/tech-radar/getting-started-with-cloud-openstack-cybera </li></ul><ul><li>groups.google.com/group/cybera-tech-radar </li></ul>

×