This document provides an introduction to OpenStack and discusses infrastructure as a service (IaaS). It outlines the OpenStack architecture including object storage, image service, and compute components. It also covers OpenStack security fundamentals like keypairs, security groups, and floating IPs. The document discusses IaaS security best practices and OpenStack vulnerability management. It lists some OpenStack projects and other related technologies.

1. Infrastructure as a Service An Introduction to OpenStack

2. Agenda Introductions Cybera Infrastructure as a Service OpenStack Security Landscape Other Technologies Methodologies Questions

3. Tech Adoption Curve

4. Amazon Web Services

5. OpenStack “ To produce the ubiquitous Open Source cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable.”

6. OpenStack Object Storage

7. OpenStack Object Storage Architecture

8. OpenStack Image Service

9. OpenStack Compute

10. OpenStack Compute Architecture

11. OpenStack Compute Architecture

12. OpenStack Compute Architecture

13. OpenStack Security Fundamentals Keypairs Allows ssh access to your instance Name Public key Private key 1024 bit “ Injected” into VM Security Groups Firewall Name Port IP range Protocol Live outside VM

14. OpenStack Security Fundamentals HTTPS VLANManager mode VLAN and bridge for each project Requires a switch that supports VLAN tagging Private IPs that are only accessible from inside the VLAN Floating IPs VPN A special VPN instance (cloudpipe) needs to be created Certificate and key for the user to access the VPN Haven’t put this to use yet

15. Open Security Architecture: Cloud Computing Pattern Cloud Computing Pattern Controls

16. IaaS Security Best Practices AWS Security Best Practices Protect your data in transit Protect your data at rest Protect your AWS credentials Manage multiple Users and their permissions with IAM Secure your application

17. IaaS Security Best Practices Twenty Rules for Amazon Cloud Security Encrypt all network traffic. Use only encrypted file systems for block devices and non-root local devices. Encrypt everything you put in S3 using strong encryption… Key Security Issues for the Amazon Cloud Amazon is in control of your data. The Amazon S3 cloud storage infrastructure is weakly secured. Perimeter security in the cloud is very different…

18. OpenStack Vulnerability Management wiki.openstack.org/VulnerabilityManagement The OpenStack vulnerability management team is responsible for coordinating the progressive disclosure of a vulnerability. Classification Critical, Normal, Low Process From encrypted email From Launchpad bug entry Coordinated disclosure

19. OpenStack Community

20. OpenStack Projects DAIR www.canarie.ca/en/dair-program/about github.com/canarie/dair Cloud-Enabled Space Weather Platform www.ceswp.ca NeCTAR www.nectar.org.au

21. Other Technologies Virtual Computing Lab StarCluster Moodle Nagios & collectd Puppet KVM Python & Django Groovy & Grails Git Ubuntu & CentOS NoMachine

22. DevOps In a DevOps environment, developers and sysadmins build relationships, processes, and tools that allow them to better interact and ultimately better service the customer. DevOps is also more than just software deployment – it’s a whole new way of thinking about cooperation and coordination between the people who make the software and the people who run it. Infrastructure as Code

23. Scrum Agile Iterative (sprints) Focused on delivery and feedback Customer collaboration

24. Tech Radar

25. Confucius Sez “ Real knowledge is to know the extent of one’s ignorance.”

26. Questions? slideshare.net/cybera/openstack-security-professionals-information-exchange cybera.ca cybera.ca/tech-radar cybera.ca/tech-radar/getting-started-with-cloud-openstack-cybera groups.google.com/group/cybera-tech-radar