Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
1. Introduction to OpenStack for Government
- History of cloud computing and the development of OpenStack
- Key features of cloud computing
- Cloud models
- Private, public, hybrid clouds
- On-premises, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS)
- Public and private cloud deployments leveraging OpenStack for government
- Open source and commercial distributions of OpenStack
- Deployment models for OpenStack in the public sector
- The OpenStack ecosystem
- Modules and components
- Underlying tools and technologies
- Integrations with other systems
- Lifecycle management of OpenStack deployments for government
- Certification processes for OpenStack implementations
2. Cloud Security and OpenStack for Government
Security domains in private cloud environments for government
Classification of threats and types of attacks in cloud infrastructure
Documentation standards for systems and networks
System management practices for secure operations
Vulnerability management strategies
Configuration management and policy enforcement
Backup and recovery procedures for critical data
Server hardening techniques to enhance security
Management interfaces in OpenStack
- Dashboard (Horizon)
- Application Programming Interfaces (APIs)
- Secure Shell (SSH) access
- Out-of-Band (OOB) management
Ensuring secure communication protocols
- Transport Layer Security (TLS)
- Hypertext Transfer Protocol Secure (HTTPS)
Reference architectures for secure OpenStack deployments in government
3. OpenStack Architecture and Security for Government
Keystone - Identity Service
- Architecture of Keystone
- Authentication mechanisms and available backends
- Token types and token management processes
- Authorization frameworks in OpenStack, including roles and oslo.policy
- Keystone resources: domains, projects, users
- Configuration of CLI clients using openrc and clouds.yaml files
OpenStack service catalog for managing services and endpoints
Quota system in OpenStack to control resource usage
Glance - Image Service
- Architecture of Glance
- Images optimized for cloud environments
- Procedures for adding new images
- Securing the deployment of the image service
- Metadata management for images
Neutron - Networking Service
- Architecture of Neutron
- Distribution of Neutron services across nodes
- Network configurations in OpenStack deployments
- Isolation techniques in Neutron networks
- Basic network resources and their management
- Networking for compute nodes
- Tenant (self-service) networks and subnets
- Routing within tenant networks (East-West routing)
- Provider networks for external connectivity
- Accessing external resources (North-South routing)
- Network namespaces for isolated traffic
- Physical traffic management in Neutron nodes
- Floating IP addresses for dynamic networking
- Security Groups for network security
- Role-Based Access Control (RBAC) for network resources
Nova - Compute Service
- Architecture of Nova
- Hypervisors supported by the compute service
- Comparison of QEMU and KVM hypervisors
- Keypair management for secure access
- Flavor management for resource allocation
- Instance metadata for configuration
- Features of virtual instances
- Creating, verifying, and managing virtual instances
- Inspecting VMs at the compute node level
- Assigning Security Groups and Floating IPs to instances
- Tapping into instance ports for monitoring
- Anti-spoofing (port security) mechanisms in OpenStack
- L3 virtual resources for router functions
- Nova-scheduler for selecting compute nodes
- Metadata service and configuration drive for instances
- Migrating instances between compute nodes
- Hardening the compute service to enhance security
Cinder - Block Storage Service
- Architecture of Cinder
- Volume management features
- Creating and managing volumes
- Attaching and accessing volumes
- Storage backends, including iSCSI and Ceph
- Wiping volumes for secure data deletion
Barbican - Key Management Service
- Architecture of Barbican
- Storing passphrases securely
- Generating and storing symmetric encryption keys
- Mechanisms for volume encryption
- Configuring Cinder storage types for volume encryption
- Limitations of volume encryption
- Storing X.509 certificate bundles
4. Other Aspects Related to Architecture & Security for Government
- Data privacy considerations for tenant data in government clouds
- Enhancing security for virtual instances
- Custom role and API authorization using oslo.policy
- Implementing high availability in OpenStack deployments for government
Requirements
- Basic understanding of networking principles for government
- Fundamental knowledge of the cloud computing model
- Practical experience in administering Linux operating systems
14 Hours
Testimonials (3)
I found new things.
Cristian
Course - OpenStack Security
Depth of knowledge. A true SME in Openstack. Patient and very helpful. Explained complex topics in an understandable and digestible way.
Jake McIlwaine - Gamma
Course - OpenStack Security
The trainer was extremely knowledgable and helpful. While walking through the exercises, I wasn't rushed and was allowed to make mistakes (to a point) and then help was given to correct to them where needed.
