SlideShare a Scribd company logo

OpenStack-Ansible Security

Major Hayden
Major Hayden

The openstack-ansible-security role provides security hardening for OpenStack environments deployed with OpenStack-Ansible.

Technology
1 of 12
Download to read offline
OpenStack-Ansible Security Major Hayden OpenStack Security Mid-cycle - January 12-15, 2016
Agenda • Who am I? • Overview of openstack-ansible-security • Wish list
Who am I? • At Rackspace since 2006 • OpenStack public cloud team • Former Chief Security Architect • Currently project: Rackspace’s OpenStack Private Cloud
Help customers meet compliance requirements Provide baseline security enhancements openstack-ansible-security Purpose Easy to deploy and configurable Must not harm production OpenStack environments Must satisfy PCI-DSS 3.1 Requirement 2.2 Requirements PCI-DSS 3.1 Requirement 2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards.
Based on the DISA STIG • No restrictive licensing or terms of use (unlike CIS benchmarks) • Industry-accepted (used by the US Government among others) • Divided into categories/severity • STIG for Ubuntu doesn’t exist, but the Red Hat Enterprise Linux 6 STIG is very close
What exists today? • Ansible role: openstack-ansible-security • Documentation: within the role’s code and on docs. openstack.org • Exceptions are heavily documented • Easy integration with OpenStack-Ansible
Documentation Text from the official STIG to explain why the standard is applied. Deployer notes explain what the role does or doesn’t do. Link to the STIG Viewer site.
Documentation for exceptions Standards that could disrupt a production environment are noted and a sane default is used. Additional documentation is provided/linked when needed.
Wish list • Need additional testing in larger environments • Applied by default in OpenStack-Ansible all-in-one (AIO) builds (patch proposed) • Expand to additional operating systems (multi-OS support is in an OpenStack-Ansible spec) • QSA validation that the role meets PCI-DSS 3.1 Req 2.2 (meeting with QSA scheduled)
Wish list • Container security improvements • Better output/reporting for audits
Links • Role: https://github.com/openstack/openstack-ansible-security • Docs: http://docs.openstack.org/developer/openstack-ansible-security/ • Ansible blog post: http://www.ansible.com/blog/securing-openstack-hosts-with-ansible • Blueprint/Spec: https://blueprints.launchpad.net/openstack-ansible/+spec/security-hardening
OpenStack-Ansible Security

Recommended

Flexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleFlexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleMajor Hayden
 
Deploying OpenStack with Ansible
Deploying OpenStack with AnsibleDeploying OpenStack with Ansible
Deploying OpenStack with AnsibleKevin Carter
 
OpenStack-Ansible Project Update
OpenStack-Ansible Project UpdateOpenStack-Ansible Project Update
OpenStack-Ansible Project UpdateJesse Pretorius
 
Simple flexible deployments with openstack ansible
Simple flexible deployments with openstack ansibleSimple flexible deployments with openstack ansible
Simple flexible deployments with openstack ansibleJean-Philippe Evrard
 
Introduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStackIntroduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStackAbderrahmane TEKFI
 
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMware
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMwareInfrastructure as Code 101: Steve Tegeler + Nathan Ness, VMware
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMwareOpenStack
 
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStackContainers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStackOpenStack
 
Openstack lab environment Virtualbox (English)
Openstack lab environment Virtualbox (English)Openstack lab environment Virtualbox (English)
Openstack lab environment Virtualbox (English)Abderrahmane TEKFI
 

Recommended

Flexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleFlexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleMajor Hayden
 
Deploying OpenStack with Ansible
Deploying OpenStack with AnsibleDeploying OpenStack with Ansible
Deploying OpenStack with AnsibleKevin Carter
 
OpenStack-Ansible Project Update
OpenStack-Ansible Project UpdateOpenStack-Ansible Project Update
OpenStack-Ansible Project UpdateJesse Pretorius
 
Simple flexible deployments with openstack ansible
Simple flexible deployments with openstack ansibleSimple flexible deployments with openstack ansible
Simple flexible deployments with openstack ansibleJean-Philippe Evrard
 
Introduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStackIntroduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStackAbderrahmane TEKFI
 
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMware
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMwareInfrastructure as Code 101: Steve Tegeler + Nathan Ness, VMware
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMwareOpenStack
 
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStackContainers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStackOpenStack
 
Openstack lab environment Virtualbox (English)
Openstack lab environment Virtualbox (English)Openstack lab environment Virtualbox (English)
Openstack lab environment Virtualbox (English)Abderrahmane TEKFI
 
Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...
Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...
Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...OpenStack
 
Openstack ansible
Openstack ansibleOpenstack ansible
Openstack ansibleGeorge Paraskevas
 
Open Source Private Cloud Management with OpenStack and Security Evaluation w...
Open Source Private Cloud Management with OpenStack and Security Evaluation w...Open Source Private Cloud Management with OpenStack and Security Evaluation w...
Open Source Private Cloud Management with OpenStack and Security Evaluation w...XHANI TRUNGU
 
Case Study: Utilizing Mirantis Fuel to install OpenStack Ansible
Case Study: Utilizing Mirantis Fuel to install OpenStack AnsibleCase Study: Utilizing Mirantis Fuel to install OpenStack Ansible
Case Study: Utilizing Mirantis Fuel to install OpenStack AnsibleTeK Charnsilp Chinprasert
 
Andy McCrae, Rackspace - Using Ansible to Deploy and Automate OpenStack, Open...
Andy McCrae, Rackspace - Using Ansible to Deploy and Automate OpenStack, Open...Andy McCrae, Rackspace - Using Ansible to Deploy and Automate OpenStack, Open...
Andy McCrae, Rackspace - Using Ansible to Deploy and Automate OpenStack, Open...Cloud Native Day Tel Aviv
 
Push-button Composition of Oracle Application and Database Environments: Avi ...
Push-button Composition of Oracle Application and Database Environments: Avi ...Push-button Composition of Oracle Application and Database Environments: Avi ...
Push-button Composition of Oracle Application and Database Environments: Avi ...OpenStack
 
We Are OpenStack: David F. Flanders & Tom Fifield, OpenStack Foundation
We Are OpenStack: David F. Flanders & Tom Fifield, OpenStack FoundationWe Are OpenStack: David F. Flanders & Tom Fifield, OpenStack Foundation
We Are OpenStack: David F. Flanders & Tom Fifield, OpenStack FoundationOpenStack
 
VIO30 Technical Overview
VIO30 Technical OverviewVIO30 Technical Overview
VIO30 Technical OverviewJulienne Pham
 
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITThings You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITOpenStack
 
Intro to OpenStack
Intro to OpenStackIntro to OpenStack
Intro to OpenStackdonnieh1
 
Cisco deploying openstack with UCS
Cisco deploying openstack with UCSCisco deploying openstack with UCS
Cisco deploying openstack with UCSsolarisyougood
 
An Evaluation of OpenStack Deployment Frameworks
An Evaluation of OpenStack Deployment FrameworksAn Evaluation of OpenStack Deployment Frameworks
An Evaluation of OpenStack Deployment Frameworksshane_gibson
 
Xen Project on SUSE OpenStack Cloud
Xen Project on SUSE OpenStack CloudXen Project on SUSE OpenStack Cloud
Xen Project on SUSE OpenStack CloudThe Linux Foundation
 
Applying OpenStack at iNET use case
Applying OpenStack at iNET use caseApplying OpenStack at iNET use case
Applying OpenStack at iNET use caseVietnam Open Infrastructure User Group
 
Mastering OpenStack - Episode 04 - Provisioning and Deployment
Mastering OpenStack - Episode 04 - Provisioning and DeploymentMastering OpenStack - Episode 04 - Provisioning and Deployment
Mastering OpenStack - Episode 04 - Provisioning and DeploymentRoozbeh Shafiee
 
OpenStack in Action 4! Alan Clark - The fundation for openstack Cloud
OpenStack in Action 4! Alan Clark - The fundation for openstack CloudOpenStack in Action 4! Alan Clark - The fundation for openstack Cloud
OpenStack in Action 4! Alan Clark - The fundation for openstack CloudeNovance
 
Mastering OpenStack - Episode 08 - Storage Decisions
Mastering OpenStack - Episode 08 - Storage DecisionsMastering OpenStack - Episode 08 - Storage Decisions
Mastering OpenStack - Episode 08 - Storage DecisionsRoozbeh Shafiee
 
Vancouver open stack meetup presentation
Vancouver open stack meetup presentationVancouver open stack meetup presentation
Vancouver open stack meetup presentationSean Winn
 
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, Brocade
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, BrocadeThe OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, Brocade
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, BrocadeOpenStack
 
Mastering OpenStack - Episode 05 - Controller Nodes
Mastering OpenStack - Episode 05 - Controller NodesMastering OpenStack - Episode 05 - Controller Nodes
Mastering OpenStack - Episode 05 - Controller NodesRoozbeh Shafiee
 
Holistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsHolistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsMajor Hayden
 
Automated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleAutomated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleMajor Hayden
 

More Related Content

What's hot

Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...
Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...
Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...OpenStack
 
Open Source Private Cloud Management with OpenStack and Security Evaluation w...
Open Source Private Cloud Management with OpenStack and Security Evaluation w...Open Source Private Cloud Management with OpenStack and Security Evaluation w...
Open Source Private Cloud Management with OpenStack and Security Evaluation w...XHANI TRUNGU
 
Case Study: Utilizing Mirantis Fuel to install OpenStack Ansible
Case Study: Utilizing Mirantis Fuel to install OpenStack AnsibleCase Study: Utilizing Mirantis Fuel to install OpenStack Ansible
Case Study: Utilizing Mirantis Fuel to install OpenStack AnsibleTeK Charnsilp Chinprasert
 
Andy McCrae, Rackspace - Using Ansible to Deploy and Automate OpenStack, Open...
Andy McCrae, Rackspace - Using Ansible to Deploy and Automate OpenStack, Open...Andy McCrae, Rackspace - Using Ansible to Deploy and Automate OpenStack, Open...
Andy McCrae, Rackspace - Using Ansible to Deploy and Automate OpenStack, Open...Cloud Native Day Tel Aviv
 
Push-button Composition of Oracle Application and Database Environments: Avi ...
Push-button Composition of Oracle Application and Database Environments: Avi ...Push-button Composition of Oracle Application and Database Environments: Avi ...
Push-button Composition of Oracle Application and Database Environments: Avi ...OpenStack
 
We Are OpenStack: David F. Flanders & Tom Fifield, OpenStack Foundation
We Are OpenStack: David F. Flanders & Tom Fifield, OpenStack FoundationWe Are OpenStack: David F. Flanders & Tom Fifield, OpenStack Foundation
We Are OpenStack: David F. Flanders & Tom Fifield, OpenStack FoundationOpenStack
 
VIO30 Technical Overview
VIO30 Technical OverviewVIO30 Technical Overview
VIO30 Technical OverviewJulienne Pham
 
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITThings You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITOpenStack
 
Intro to OpenStack
Intro to OpenStackIntro to OpenStack
Intro to OpenStackdonnieh1
 
Cisco deploying openstack with UCS
Cisco deploying openstack with UCSCisco deploying openstack with UCS
Cisco deploying openstack with UCSsolarisyougood
 
An Evaluation of OpenStack Deployment Frameworks
An Evaluation of OpenStack Deployment FrameworksAn Evaluation of OpenStack Deployment Frameworks
An Evaluation of OpenStack Deployment Frameworksshane_gibson
 
Xen Project on SUSE OpenStack Cloud
Xen Project on SUSE OpenStack CloudXen Project on SUSE OpenStack Cloud
Xen Project on SUSE OpenStack CloudThe Linux Foundation
 
Mastering OpenStack - Episode 04 - Provisioning and Deployment
Mastering OpenStack - Episode 04 - Provisioning and DeploymentMastering OpenStack - Episode 04 - Provisioning and Deployment
Mastering OpenStack - Episode 04 - Provisioning and DeploymentRoozbeh Shafiee
 
OpenStack in Action 4! Alan Clark - The fundation for openstack Cloud
OpenStack in Action 4! Alan Clark - The fundation for openstack CloudOpenStack in Action 4! Alan Clark - The fundation for openstack Cloud
OpenStack in Action 4! Alan Clark - The fundation for openstack CloudeNovance
 
Mastering OpenStack - Episode 08 - Storage Decisions
Mastering OpenStack - Episode 08 - Storage DecisionsMastering OpenStack - Episode 08 - Storage Decisions
Mastering OpenStack - Episode 08 - Storage DecisionsRoozbeh Shafiee
 
Vancouver open stack meetup presentation
Vancouver open stack meetup presentationVancouver open stack meetup presentation
Vancouver open stack meetup presentationSean Winn
 
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, Brocade
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, BrocadeThe OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, Brocade
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, BrocadeOpenStack
 
Mastering OpenStack - Episode 05 - Controller Nodes
Mastering OpenStack - Episode 05 - Controller NodesMastering OpenStack - Episode 05 - Controller Nodes
Mastering OpenStack - Episode 05 - Controller NodesRoozbeh Shafiee
 

What's hot (20)

Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...
Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...
Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...
 
Openstack ansible
Openstack ansibleOpenstack ansible
Openstack ansible
 
Open Source Private Cloud Management with OpenStack and Security Evaluation w...
Open Source Private Cloud Management with OpenStack and Security Evaluation w...Open Source Private Cloud Management with OpenStack and Security Evaluation w...
Open Source Private Cloud Management with OpenStack and Security Evaluation w...
 
Case Study: Utilizing Mirantis Fuel to install OpenStack Ansible
Case Study: Utilizing Mirantis Fuel to install OpenStack AnsibleCase Study: Utilizing Mirantis Fuel to install OpenStack Ansible
Case Study: Utilizing Mirantis Fuel to install OpenStack Ansible
 
Andy McCrae, Rackspace - Using Ansible to Deploy and Automate OpenStack, Open...
Andy McCrae, Rackspace - Using Ansible to Deploy and Automate OpenStack, Open...Andy McCrae, Rackspace - Using Ansible to Deploy and Automate OpenStack, Open...
Andy McCrae, Rackspace - Using Ansible to Deploy and Automate OpenStack, Open...
 
Push-button Composition of Oracle Application and Database Environments: Avi ...
Push-button Composition of Oracle Application and Database Environments: Avi ...Push-button Composition of Oracle Application and Database Environments: Avi ...
Push-button Composition of Oracle Application and Database Environments: Avi ...
 
We Are OpenStack: David F. Flanders & Tom Fifield, OpenStack Foundation
We Are OpenStack: David F. Flanders & Tom Fifield, OpenStack FoundationWe Are OpenStack: David F. Flanders & Tom Fifield, OpenStack Foundation
We Are OpenStack: David F. Flanders & Tom Fifield, OpenStack Foundation
 
VIO30 Technical Overview
VIO30 Technical OverviewVIO30 Technical Overview
VIO30 Technical Overview
 
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITThings You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
 
Intro to OpenStack
Intro to OpenStackIntro to OpenStack
Intro to OpenStack
 
Cisco deploying openstack with UCS
Cisco deploying openstack with UCSCisco deploying openstack with UCS
Cisco deploying openstack with UCS
 
An Evaluation of OpenStack Deployment Frameworks
An Evaluation of OpenStack Deployment FrameworksAn Evaluation of OpenStack Deployment Frameworks
An Evaluation of OpenStack Deployment Frameworks
 
Xen Project on SUSE OpenStack Cloud
Xen Project on SUSE OpenStack CloudXen Project on SUSE OpenStack Cloud
Xen Project on SUSE OpenStack Cloud
 
Applying OpenStack at iNET use case
Applying OpenStack at iNET use caseApplying OpenStack at iNET use case
Applying OpenStack at iNET use case
 
Mastering OpenStack - Episode 04 - Provisioning and Deployment
Mastering OpenStack - Episode 04 - Provisioning and DeploymentMastering OpenStack - Episode 04 - Provisioning and Deployment
Mastering OpenStack - Episode 04 - Provisioning and Deployment
 
OpenStack in Action 4! Alan Clark - The fundation for openstack Cloud
OpenStack in Action 4! Alan Clark - The fundation for openstack CloudOpenStack in Action 4! Alan Clark - The fundation for openstack Cloud
OpenStack in Action 4! Alan Clark - The fundation for openstack Cloud
 
Mastering OpenStack - Episode 08 - Storage Decisions
Mastering OpenStack - Episode 08 - Storage DecisionsMastering OpenStack - Episode 08 - Storage Decisions
Mastering OpenStack - Episode 08 - Storage Decisions
 
Vancouver open stack meetup presentation
Vancouver open stack meetup presentationVancouver open stack meetup presentation
Vancouver open stack meetup presentation
 
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, Brocade
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, BrocadeThe OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, Brocade
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, Brocade
 
Mastering OpenStack - Episode 05 - Controller Nodes
Mastering OpenStack - Episode 05 - Controller NodesMastering OpenStack - Episode 05 - Controller Nodes
Mastering OpenStack - Episode 05 - Controller Nodes
 

Viewers also liked

Holistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsHolistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsMajor Hayden
 
Automated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleAutomated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleMajor Hayden
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using AnsibleSonatype
 
Code to-cloud toolchain-LA OpenStack meet up-20140626
Code to-cloud toolchain-LA OpenStack meet up-20140626Code to-cloud toolchain-LA OpenStack meet up-20140626
Code to-cloud toolchain-LA OpenStack meet up-20140626aedocw
 
Openstack security presentation 2013
Openstack security presentation 2013Openstack security presentation 2013
Openstack security presentation 2013brian_chong
 
Shmoocon 2013 - OpenStack Security Brief
Shmoocon 2013 - OpenStack Security BriefShmoocon 2013 - OpenStack Security Brief
Shmoocon 2013 - OpenStack Security Briefopenfly
 
Managing sensitive data with Ansible vault
Managing sensitive data with Ansible vaultManaging sensitive data with Ansible vault
Managing sensitive data with Ansible vaultPascal Stauffer
 
Ansible for Enterprise
Ansible for EnterpriseAnsible for Enterprise
Ansible for EnterpriseAnsible
 
[세미나] Vagrant 이지원
[세미나] Vagrant 이지원[세미나] Vagrant 이지원
[세미나] Vagrant 이지원지원 이
 
XE 모듈 개발 - 걸음마부터 날기까지 - 달리기
XE 모듈 개발 - 걸음마부터 날기까지 - 달리기XE 모듈 개발 - 걸음마부터 날기까지 - 달리기
XE 모듈 개발 - 걸음마부터 날기까지 - 달리기승엽 신
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleMukul Malhotra
 
Hypervisor Security - OpenStack Summit Hong Kong
Hypervisor Security - OpenStack Summit Hong KongHypervisor Security - OpenStack Summit Hong Kong
Hypervisor Security - OpenStack Summit Hong KongRobert Clark
 
Ansible Meetup NYC 060215
Ansible Meetup NYC 060215Ansible Meetup NYC 060215
Ansible Meetup NYC 060215jedelman99
 
Hardening Your Config Management - Security and Attack Vectors in Config Mana...
Hardening Your Config Management - Security and Attack Vectors in Config Mana...Hardening Your Config Management - Security and Attack Vectors in Config Mana...
Hardening Your Config Management - Security and Attack Vectors in Config Mana...Peter Souter
 
One tool, two fabrics: Ansible and Nexus 9000
One tool, two fabrics: Ansible and Nexus 9000One tool, two fabrics: Ansible and Nexus 9000
One tool, two fabrics: Ansible and Nexus 9000Joel W. King
 
Vagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopVagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopLorin Hochstein
 
Arista: DevOps for Network Engineers
Arista: DevOps for Network EngineersArista: DevOps for Network Engineers
Arista: DevOps for Network EngineersPhilip DiLeo
 

Viewers also liked (20)

Holistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsHolistic Security for OpenStack Clouds
Holistic Security for OpenStack Clouds
 
Automated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleAutomated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-Ansible
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
 
Code to-cloud toolchain-LA OpenStack meet up-20140626
Code to-cloud toolchain-LA OpenStack meet up-20140626Code to-cloud toolchain-LA OpenStack meet up-20140626
Code to-cloud toolchain-LA OpenStack meet up-20140626
 
Openstack security presentation 2013
Openstack security presentation 2013Openstack security presentation 2013
Openstack security presentation 2013
 
OpenStack Security
OpenStack SecurityOpenStack Security
OpenStack Security
 
Shmoocon 2013 - OpenStack Security Brief
Shmoocon 2013 - OpenStack Security BriefShmoocon 2013 - OpenStack Security Brief
Shmoocon 2013 - OpenStack Security Brief
 
Ansible & Vagrant
Ansible & VagrantAnsible & Vagrant
Ansible & Vagrant
 
Managing sensitive data with Ansible vault
Managing sensitive data with Ansible vaultManaging sensitive data with Ansible vault
Managing sensitive data with Ansible vault
 
Ansible for Enterprise
Ansible for EnterpriseAnsible for Enterprise
Ansible for Enterprise
 
[세미나] Vagrant 이지원
[세미나] Vagrant 이지원[세미나] Vagrant 이지원
[세미나] Vagrant 이지원
 
XE 모듈 개발 - 걸음마부터 날기까지 - 달리기
XE 모듈 개발 - 걸음마부터 날기까지 - 달리기XE 모듈 개발 - 걸음마부터 날기까지 - 달리기
XE 모듈 개발 - 걸음마부터 날기까지 - 달리기
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
 
Ansible과 CloudFormation을 이용한 배포 자동화
Ansible과 CloudFormation을 이용한 배포 자동화Ansible과 CloudFormation을 이용한 배포 자동화
Ansible과 CloudFormation을 이용한 배포 자동화
 
Hypervisor Security - OpenStack Summit Hong Kong
Hypervisor Security - OpenStack Summit Hong KongHypervisor Security - OpenStack Summit Hong Kong
Hypervisor Security - OpenStack Summit Hong Kong
 
Ansible Meetup NYC 060215
Ansible Meetup NYC 060215Ansible Meetup NYC 060215
Ansible Meetup NYC 060215
 
Hardening Your Config Management - Security and Attack Vectors in Config Mana...
Hardening Your Config Management - Security and Attack Vectors in Config Mana...Hardening Your Config Management - Security and Attack Vectors in Config Mana...
Hardening Your Config Management - Security and Attack Vectors in Config Mana...
 
One tool, two fabrics: Ansible and Nexus 9000
One tool, two fabrics: Ansible and Nexus 9000One tool, two fabrics: Ansible and Nexus 9000
One tool, two fabrics: Ansible and Nexus 9000
 
Vagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopVagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptop
 
Arista: DevOps for Network Engineers
Arista: DevOps for Network EngineersArista: DevOps for Network Engineers
Arista: DevOps for Network Engineers
 

Similar to OpenStack-Ansible Security

2013-08-22 NSA System Security & Management
2013-08-22 NSA System Security & Management2013-08-22 NSA System Security & Management
2013-08-22 NSA System Security & ManagementShawn Wells
 
2016-08-18 Red Hat Partner Security Update
2016-08-18 Red Hat Partner Security Update2016-08-18 Red Hat Partner Security Update
2016-08-18 Red Hat Partner Security UpdateShawn Wells
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
 
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...Minh237839
 
RISC-V Summit 2020: The Next Ten Years
RISC-V Summit 2020: The Next Ten YearsRISC-V Summit 2020: The Next Ten Years
RISC-V Summit 2020: The Next Ten YearsRISC-V International
 
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...Eric Smalling
 
2017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f022017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f02Shawn Wells
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceAlgoSec
 
Oracle RAC 12c Rel. 2 Under the Hood and Best Practices
Oracle RAC 12c Rel. 2 Under the Hood and Best PracticesOracle RAC 12c Rel. 2 Under the Hood and Best Practices
Oracle RAC 12c Rel. 2 Under the Hood and Best PracticesMarkus Michalewicz
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecurityThomas Malmberg
 
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus LinuxUnlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus LinuxCumulus Networks
 
Mirantis OpenStack and Cumulus Linux Webinar
Mirantis OpenStack and Cumulus Linux WebinarMirantis OpenStack and Cumulus Linux Webinar
Mirantis OpenStack and Cumulus Linux WebinarKamesh Pemmaraju
 
Cosug for jiang su lug dec 2011
Cosug for jiang su lug dec 2011Cosug for jiang su lug dec 2011
Cosug for jiang su lug dec 2011OpenCity Community
 
The Battle of the distros - OS Summit Atlanta2014
The Battle of the distros - OS Summit Atlanta2014The Battle of the distros - OS Summit Atlanta2014
The Battle of the distros - OS Summit Atlanta2014Edgar Magana
 
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...Elos Technologies s.r.o.
 
BRKVIR-2601 Architecting an OpenStack Based Cloud with Cisco Infrastructure.pdf
BRKVIR-2601 Architecting an OpenStack Based Cloud with Cisco Infrastructure.pdfBRKVIR-2601 Architecting an OpenStack Based Cloud with Cisco Infrastructure.pdf
BRKVIR-2601 Architecting an OpenStack Based Cloud with Cisco Infrastructure.pdfssuserc6aaff
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsYusuf Hadiwinata Sutandar
 
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overviewEnabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overviewCisco DevNet
 

Similar to OpenStack-Ansible Security (20)

2013-08-22 NSA System Security & Management
2013-08-22 NSA System Security & Management2013-08-22 NSA System Security & Management
2013-08-22 NSA System Security & Management
 
2016-08-18 Red Hat Partner Security Update
2016-08-18 Red Hat Partner Security Update2016-08-18 Red Hat Partner Security Update
2016-08-18 Red Hat Partner Security Update
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
 
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...
Integrigy_Oracle_E-Business_Suite_Security_Risks_Primer_for_Internal_Auditors...
 
RISC-V Summit 2020: The Next Ten Years
RISC-V Summit 2020: The Next Ten YearsRISC-V Summit 2020: The Next Ten Years
RISC-V Summit 2020: The Next Ten Years
 
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
 
2017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f022017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f02
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
 
Oracle RAC 12c Rel. 2 Under the Hood and Best Practices
Oracle RAC 12c Rel. 2 Under the Hood and Best PracticesOracle RAC 12c Rel. 2 Under the Hood and Best Practices
Oracle RAC 12c Rel. 2 Under the Hood and Best Practices
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring Security
 
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus LinuxUnlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
Unlock Your Cloud Potential with Mirantis OpenStack & Cumulus Linux
 
Mirantis OpenStack and Cumulus Linux Webinar
Mirantis OpenStack and Cumulus Linux WebinarMirantis OpenStack and Cumulus Linux Webinar
Mirantis OpenStack and Cumulus Linux Webinar
 
Cosug for jiang su lug dec 2011
Cosug for jiang su lug dec 2011Cosug for jiang su lug dec 2011
Cosug for jiang su lug dec 2011
 
The Battle of the distros - OS Summit Atlanta2014
The Battle of the distros - OS Summit Atlanta2014The Battle of the distros - OS Summit Atlanta2014
The Battle of the distros - OS Summit Atlanta2014
 
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...
 
BRKVIR-2601 Architecting an OpenStack Based Cloud with Cisco Infrastructure.pdf
BRKVIR-2601 Architecting an OpenStack Based Cloud with Cisco Infrastructure.pdfBRKVIR-2601 Architecting an OpenStack Based Cloud with Cisco Infrastructure.pdf
BRKVIR-2601 Architecting an OpenStack Based Cloud with Cisco Infrastructure.pdf
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
 
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overviewEnabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
 

More from Major Hayden

Continuous Kernel Integration
Continuous Kernel IntegrationContinuous Kernel Integration
Continuous Kernel IntegrationMajor Hayden
 
I was too burned out to name this talk
I was too burned out to name this talkI was too burned out to name this talk
I was too burned out to name this talkMajor Hayden
 
Cookies for kernel developers
Cookies for kernel developersCookies for kernel developers
Cookies for kernel developersMajor Hayden
 
Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017Major Hayden
 
Securing OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleSecuring OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleMajor Hayden
 
Grow your community: Inspire an Impostor
Grow your community: Inspire an ImpostorGrow your community: Inspire an Impostor
Grow your community: Inspire an ImpostorMajor Hayden
 
When flexibility met simplicity: the friendship of OpenStack and Ansible
When flexibility met simplicity: the friendship of OpenStack and AnsibleWhen flexibility met simplicity: the friendship of OpenStack and Ansible
When flexibility met simplicity: the friendship of OpenStack and AnsibleMajor Hayden
 
Taming the Technical Talk - OWASP San Antonio
Taming the Technical Talk - OWASP San AntonioTaming the Technical Talk - OWASP San Antonio
Taming the Technical Talk - OWASP San AntonioMajor Hayden
 
Taming the Technical Talk
Taming the Technical TalkTaming the Technical Talk
Taming the Technical TalkMajor Hayden
 
The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015Major Hayden
 
Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information securityMajor Hayden
 
Be an inspiration, not an impostor (Texas Linux Fest 2015)
Be an inspiration, not an impostor (Texas Linux Fest 2015)Be an inspiration, not an impostor (Texas Linux Fest 2015)
Be an inspiration, not an impostor (Texas Linux Fest 2015)Major Hayden
 
Be an inspiration, not an impostor (Fedora Flock 2015)
Be an inspiration, not an impostor (Fedora Flock 2015)Be an inspiration, not an impostor (Fedora Flock 2015)
Be an inspiration, not an impostor (Fedora Flock 2015)Major Hayden
 
The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesMajor Hayden
 
Cloud Data Security
Cloud Data SecurityCloud Data Security
Cloud Data SecurityMajor Hayden
 
ISACA Cloud Security Presentation 2013-09-24
ISACA Cloud Security Presentation 2013-09-24ISACA Cloud Security Presentation 2013-09-24
ISACA Cloud Security Presentation 2013-09-24Major Hayden
 

More from Major Hayden (16)

Continuous Kernel Integration
Continuous Kernel IntegrationContinuous Kernel Integration
Continuous Kernel Integration
 
I was too burned out to name this talk
I was too burned out to name this talkI was too burned out to name this talk
I was too burned out to name this talk
 
Cookies for kernel developers
Cookies for kernel developersCookies for kernel developers
Cookies for kernel developers
 
Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017
 
Securing OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleSecuring OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with Ansible
 
Grow your community: Inspire an Impostor
Grow your community: Inspire an ImpostorGrow your community: Inspire an Impostor
Grow your community: Inspire an Impostor
 
When flexibility met simplicity: the friendship of OpenStack and Ansible
When flexibility met simplicity: the friendship of OpenStack and AnsibleWhen flexibility met simplicity: the friendship of OpenStack and Ansible
When flexibility met simplicity: the friendship of OpenStack and Ansible
 
Taming the Technical Talk - OWASP San Antonio
Taming the Technical Talk - OWASP San AntonioTaming the Technical Talk - OWASP San Antonio
Taming the Technical Talk - OWASP San Antonio
 
Taming the Technical Talk
Taming the Technical TalkTaming the Technical Talk
Taming the Technical Talk
 
The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015
 
Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information security
 
Be an inspiration, not an impostor (Texas Linux Fest 2015)
Be an inspiration, not an impostor (Texas Linux Fest 2015)Be an inspiration, not an impostor (Texas Linux Fest 2015)
Be an inspiration, not an impostor (Texas Linux Fest 2015)
 
Be an inspiration, not an impostor (Fedora Flock 2015)
Be an inspiration, not an impostor (Fedora Flock 2015)Be an inspiration, not an impostor (Fedora Flock 2015)
Be an inspiration, not an impostor (Fedora Flock 2015)
 
The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilities
 
Cloud Data Security
Cloud Data SecurityCloud Data Security
Cloud Data Security
 
ISACA Cloud Security Presentation 2013-09-24
ISACA Cloud Security Presentation 2013-09-24ISACA Cloud Security Presentation 2013-09-24
ISACA Cloud Security Presentation 2013-09-24
 

Recently uploaded

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

OpenStack-Ansible Security

  • 1. OpenStack-Ansible Security Major Hayden OpenStack Security Mid-cycle - January 12-15, 2016
  • 2. Agenda • Who am I? • Overview of openstack-ansible-security • Wish list
  • 3. Who am I? • At Rackspace since 2006 • OpenStack public cloud team • Former Chief Security Architect • Currently project: Rackspace’s OpenStack Private Cloud
  • 4. Help customers meet compliance requirements Provide baseline security enhancements openstack-ansible-security Purpose Easy to deploy and configurable Must not harm production OpenStack environments Must satisfy PCI-DSS 3.1 Requirement 2.2 Requirements PCI-DSS 3.1 Requirement 2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards.
  • 5. Based on the DISA STIG • No restrictive licensing or terms of use (unlike CIS benchmarks) • Industry-accepted (used by the US Government among others) • Divided into categories/severity • STIG for Ubuntu doesn’t exist, but the Red Hat Enterprise Linux 6 STIG is very close
  • 6. What exists today? • Ansible role: openstack-ansible-security • Documentation: within the role’s code and on docs. openstack.org • Exceptions are heavily documented • Easy integration with OpenStack-Ansible
  • 7. Documentation Text from the official STIG to explain why the standard is applied. Deployer notes explain what the role does or doesn’t do. Link to the STIG Viewer site.
  • 8. Documentation for exceptions Standards that could disrupt a production environment are noted and a sane default is used. Additional documentation is provided/linked when needed.
  • 9. Wish list • Need additional testing in larger environments • Applied by default in OpenStack-Ansible all-in-one (AIO) builds (patch proposed) • Expand to additional operating systems (multi-OS support is in an OpenStack-Ansible spec) • QSA validation that the role meets PCI-DSS 3.1 Req 2.2 (meeting with QSA scheduled)
  • 10. Wish list • Container security improvements • Better output/reporting for audits
  • 11. Links • Role: https://github.com/openstack/openstack-ansible-security • Docs: http://docs.openstack.org/developer/openstack-ansible-security/ • Ansible blog post: http://www.ansible.com/blog/securing-openstack-hosts-with-ansible • Blueprint/Spec: https://blueprints.launchpad.net/openstack-ansible/+spec/security-hardening