Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
1. Introduction to OpenStack
- The history of cloud computing and OpenStack
- Key features of cloud technologies
- Cloud service models
- Private, public, and hybrid clouds
- On-premise, IaaS, PaaS, and SaaS
- OpenStack-based public and private cloud deployments
- Open source versus commercial OpenStack distributions
- OpenStack deployment models
- OpenStack ecosystem
- Core modules
- Underlying tools
- Integration capabilities
- OpenStack lifecycle management
- OpenStack certification paths
2. Cloud security and OpenStack
Security domains within private clouds
Threat classification and attack vectors
System and network documentation practices
System management strategies
Vulnerability management
Configuration management and policy enforcement
System backup and recovery procedures
Server hardening techniques
OpenStack management interfaces
Dashboard
API access
SSH connectivity
Out-of-band (OOB) management
Secure communication protocols
TLS and HTTPS implementation
Reference architectures
3. OpenStack architecture and security
Keystone - Identity Service
Keystone architecture
Authentication mechanisms and available backends
Token types and token management
Authorization in OpenStack - roles and oslo.policy
Keystone resources - domains, projects, users
CLI client configuration via Openrc and clouds.yaml
OpenStack service catalog
OpenStack quota system
Glance - Image Service
Glance architecture
Cloud-optimized images
Adding new images
Securing Glance deployments
Image metadata
Neutron - Networking Service
Neutron architecture
Neutron service distribution
Network configurations in OpenStack deployments
Network isolation in Neutron
Basic resources in Neutron
Compute node networking
Tenant (self-service) networks and subnets
Routing for tenant networks (East-West routing)
Provider networks
Accessing external resources (North-South routing)
Network namespaces
Physical traffic handling in Neutron nodes
Floating IPs
Security Groups
Role-based access control (RBAC)
Nova - Compute Service
Nova architecture
Hypervisors in the compute service
QEMU vs. KVM
Keypair management
Flavour management
Instance metadata
Instance features
Creating, verifying, and managing virtual instances
Inspecting VMs at the compute node
Assigning Security Groups and Floating IPs
Tapping into instance ports
Anti-spoofing (port security) in OpenStack
L3 virtual resources (router functions for instance traffic)
Nova-scheduler - compute node selection
Metadata service and configuration drive
Instance migration
Hardening the compute service
Cinder - Block Storage Service
Cinder architecture
Volume features
Creating a volume
Attaching and accessing volumes
Storage backends - iSCSI, Ceph
Volume wipe procedures
Barbican - Key Management Service
Barbican architecture
Storing passphrases
Generating and storing symmetric encryption keys
Volume encryption mechanisms
- Configuring Cinder storage types for volume encryption
- Limitations of volume encryption
- Storing X.509 certificate bundles
4. Other aspects related to architecture & security
- Tenant data privacy
- Instance security
- Oslo.policy - creating custom roles and API authorization
- High Availability in OpenStack
Requirements
- Fundamental understanding of networking
- Basic familiarity with cloud computing concepts
- Practical experience administering Linux operating systems
14 Hours
Testimonials (3)
I found new things.
Cristian
Course - OpenStack Security
Depth of knowledge. A true SME in Openstack. Patient and very helpful. Explained complex topics in an understandable and digestible way.
Jake McIlwaine - Gamma
Course - OpenStack Security
The trainer was extremely knowledgable and helpful. While walking through the exercises, I wasn't rushed and was allowed to make mistakes (to a point) and then help was given to correct to them where needed.
