Course Details

The course is providing practical knowledge on OpenStack and private cloud security. It starts from the introduction to the system, then the participants are getting practical knowledge on security in private clouds and securing OpenStack installation. During the course, each of the core OpenStack modules is presented, participants are building up virtual identity, image, network, compute and storage resources while discussing relevant security topics. Each participant is getting their own training environment with a complete OpenStack installation based on selected cloud architecture (eg. storage, networking). The training could be highly customized based on the needs of the client. Customization options The training can be contracted to 2 days, focusing on core aspects relevant for the customer. The training can be also extended regarding administrative, design, networking and/or troubleshooting topics concerning OpenStack deployments This course is available as onsite live training in USA or online live training. Read more Course Outline 1. Introduction to OpenStack History of the cloud and OpenStack Cloud features Cloud models private, public, hybrid on-premise, IaaS, PaaS, SaaS Public and private cloud deployments based on OpenStack Open source and commercial OpenStack distributions OpenStack deployment models OpenStack ecosystem Modules Underlying tools Integrations OpenStack lifecycle OpenStack certification 2. Cloud security and OpenStack Security domains in private clouds Threat classification and attack types System and network documentation System management Vulnerability management Configuration management and policies System backup and recovery Server hardening OpenStack Management interfaces Dashboard API SSH OOB Secure communication TLS and HTTPS Reference architectures 3. OpenStack architecture and security Keystone - Identity Service Keystone architecture Authentication and available backends Token types and token management Authorization in OpenStack - roles and oslo.policy Keystone resources - domains, projects, users Openrc and clouds.yaml - CLI clients configuration OpenStack service catalog Quota system in OpenStack Glance - Image Service Glance architecture Images adjusted to the cloud Adding new image Securing image service deployment Image metadata Neutron - Networking Service Neutron architecture Neutron service distribution Networks in OpenStack deployment Network isolation in Neutron Basic resources in Neutron Compute node networking Tenant (self-service) networks and subnets Routing for tenant networks (East-West routing) Provider networks Accessing external resources (North-South routing) Network namespaces Physical traffic in Neutron nodes Floating IPs Security Groups Role based access control (RBAC) Nova - Compute Service Nova architecture Hypervisors in the compute service QEMU vs. KVM Keypair management Flavour management Instance metadata Instance features Creating, verifying and managing virtual instance Inspecting VM at compute node Assigning Security Groups and Floating IPs Tapping into instance ports Anti-spoofing (port security) in OpenStack L3 virtual resources (router functions for instance traffic) Nova-scheduler - compute node selection Metadata service and configuration drive Instance migration Hardening compute service Cinder - Block Storage Service Cinder architecture Volume features Creating a volume Attaching and accessing the volume Storage backends - iSCSI, Ceph Volume wipe Barbican - Key Management Service Barbican architecture Storing passphrases Generating and storing symmetric encryption keys Volume encryption mechanisms Configuring Cinder storage type for volume encryption Limitations of volume encryption Storing X.509 certificate bundles 4. Other aspects related to architecture & security Tenant data privacy Instance security Oslo.policy - creating custom role and API authorization High Availability in OpenStack Requirements Basic networking knowledge Basic knowledge of cloud computing paradigm Practical knowledge of administering Linux operating systems 14 Hours Number of participants 4 Online Classroom Price per participant Open Training Courses require 5+ participants.