Security is essential for critical enterprise OpenStack installations like telco NFV clouds. This includes the often-ignored issue of security for storage of images, objects, and shared file systems (e.g., user data or mission critical configurations like firewall rules). This talk will provide insight into requirements for a secure setup and potential issues, pitfalls, and attack vectors against storage technologies used with an cloud based on OpenStack.
The Ceph distributed storage system has become very popular in OpenStack deployments, and is currently the most commonly deployed solution for block storage. It provides an object store, block devices, and a shared file system. However, distributed systems in particular make it much more complex to achieve robust security compared e.g. to local storage on compute nodes.
By using Ceph as an example, this talk will present what Deutsche Telekom and Red Hat/Inktank, together with the community, are working on to build a security critical cloud with OpenStack and Ceph.
This talk will cover:
- the security requirements for telco clouds
- the security issues associated with multi-tenant clouds with a range of security zones sharing a single storage system
- how to secure the storage setup in an OpenStack cloud
- the current state of security in Ceph
- current Ceph development efforts that are underway
- the security roadmap for Ceph