OpenStack 2012 Summit Day #4

Security Track!

Having been a security administrator at a medium sized University; having taking fairly extensive education in Information Security; having attended security conferences like CanSec West and H.O.P.E I am happy that all of Thursday has a dedicated security track. Unfortunately I can only attend a couple of sessions, but at least I can do that much. :)

Creating an OpenStack Security Group

Bryan D. Payne from Neubula and Robert Clark from HP talk about the need for a OpenStack Security Group. The OSSG is “hiring”, ie. need volunteers especially security engineers, technical writers, and security experts that operate OpenStack clouds.

Computer Security

Security Challenges for OpenStack

There was some mention of the Cloud Security Alliance which Bryan is a co-lead on a workgroup for and that the CSA is a more oriented to high-level theory whereas the OSSG will need to be directed at applied security.

Delivering Secure OpenStack IaaS for SaaS Products

“Everyone has a great plan until they get punched in the mouth”–Mike Tyson

Andrew Hay, is the Chief Evangelist at CloudPassage, Inc. where he serves as the public face of the company and its cloud server security product portfolio.

Three places to “put security” in OpenStack

Issues in Cloud Security

He then went over some basic host security concepts, quite a few of which I disagree with, or at least he wasn’t able to really go into depth with what he actually meant by them.

Generally speaking I think host security has been reduced mostly because in OpenStack most people use images that have already been provided to them and don’t run any specific configuration management (ie. chef/puppet/ansible) “hardening” processes.

Nor do people usually build their own OpenStack images, which I think is an important skill to have. Though if more OS vendors provided base OpenStack images things would be a little easier. As far as I know, at this time, only Ubuntu publishes OpenStack compatible cloud images.


Unfortunately, or fortunately, depending on your perspective, that was all the OpenStack security talks I was able to attend on Thursday because I had to go to a meeting at the San Digeo Super Computing Center, or the SDSC, and wasn’t able to come back to the summit.

I was excited to go to find out more about what they are doing, especially because they have one of the largest OpenStack Swift installations in the world. I think about five petabytes worth.

They were also very excieted about their new supercomputer Gordon, which has a ton of SSD storage (ie. flash–get it…gordon + flash).

Also they had some old tape systems they were retiring. Tape is not dead yet though!

(old tape silo being retired; sad to see it go)