Course Outline

1. Introduction to OpenStack

  • History of the cloud and OpenStack
  • Cloud features
  • Cloud models
    • private, public, hybrid
    • on-premise, IaaS, PaaS, SaaS
  • Public and private cloud deployments based on OpenStack
  • Open source and commercial OpenStack distributions
  • OpenStack deployment models
  • OpenStack ecosystem
    • Modules
    • Underlying tools
    • Integrations
  • OpenStack lifecycle
  • OpenStack certification

2. Cloud security and OpenStack

  • Security domains in private clouds
  • Threat classification and attack types
  • System and network documentation
  • System management
    • Vulnerability management
    • Configuration management and policies
    • System backup and recovery
  • Server hardening
  • OpenStack Management interfaces
    • Dashboard
    • API
    • SSH
    • OOB
  • Secure communication
    • TLS and HTTPS
    • Reference architectures

3. OpenStack architecture and security

  • Keystone - Identity Service
    • Keystone architecture
    • Authentication and available backends
    • Token types and token management
    • Authorization in OpenStack - roles and oslo.policy
    • Keystone resources - domains, projects, users
    • Openrc and clouds.yaml - CLI clients configuration
    • OpenStack service catalog
    • Quota system in OpenStack
  • Glance - Image Service 
    • Glance architecture
    • Images adjusted to the cloud
    • Adding new image
    • Securing image service deployment
    • Image metadata
  • Neutron - Networking Service
    • Neutron architecture
    • Neutron service distribution
    • Networks in OpenStack deployment
    • Network isolation in Neutron
    • Basic resources in Neutron
    • Compute node networking
    • Tenant (self-service) networks and subnets
    • Routing for tenant networks (East-West routing)
    • Provider networks
    • Accessing external resources (North-South routing)
    • Network namespaces
    • Physical traffic in Neutron nodes
    • Floating IPs
    • Security Groups
    • Role based access control (RBAC)
  • Nova - Compute Service
    • Nova architecture
    • Hypervisors in the compute service
    • QEMU vs. KVM
    • Keypair management
    • Flavour management
    • Instance metadata
    • Instance features
    • Creating, verifying and managing virtual instance
    • Inspecting VM at compute node
    • Assigning Security Groups and Floating IPs
    • Tapping into instance ports
    • Anti-spoofing (port security) in OpenStack
    • L3 virtual resources (router functions for instance traffic)
    • Nova-scheduler - compute node selection
    • Metadata service and configuration drive
    • Instance migration
    • Hardening compute service
  • Cinder - Block Storage Service
    • Cinder architecture
    • Volume features
    • Creating a volume
    • Attaching and accessing the volume 
    • Storage backends - iSCSI, Ceph
    • Volume wipe
  • Barbican - Key Management Service
    • Barbican architecture
    • Storing passphrases
    • Generating and storing symmetric encryption keys
    • Volume encryption mechanisms
    • Configuring Cinder storage type for volume encryption
    • Limitations of volume encryption
    • Storing X.509 certificate bundles

4. Other aspects related to architecture & security

  • Tenant data privacy
  • Instance security
  • Oslo.policy - creating custom role and API authorization
  • High Availability in OpenStack

Requirements

  • Basic networking knowledge
  • Basic knowledge of cloud computing paradigm
  • Practical knowledge of administering Linux operating systems
  14 Hours
 

Number of participants


Starts

Ends


Dates are subject to availability and take place between 9:30 am and 4:30 pm.
Open Training Courses require 5+ participants.

Testimonials (3)

Related Courses

CRISC - Certified in Risk and Information Systems Control

  21 Hours

Standard Java Security

  14 Hours

Java and Web Application Security

  21 Hours

Advanced Java Security

  21 Hours

Advanced Java, JEE and Web Application Security

  28 Hours

.NET, C# and ASP.NET Security Development

  14 Hours

Comprehensive C# and .NET Application Security

  21 Hours

Advanced C#, ASP.NET and Web Application Security

  21 Hours

Related Categories