<div dir="ltr">I think that it's useful to talk about the "glue components" (e.g., the message queue, database, etc) and current thinking on best practices there. Also, on best practices for deployment and keeping everything up to date. Finally, I think it's important to highlight both the good things that we have today, but also the gaps / areas where improvement is needed.<div>
<br></div><div>-bryan<br><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jul 30, 2013 at 5:00 AM, Clark, Robert Graham <span dir="ltr"><<a href="mailto:robert.clark@hp.com" target="_blank">robert.clark@hp.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-GB" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I’d certainly be happy to throw some time into this.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Things I’d expect to see in the deck:<u></u><u></u></span></p>
<p><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Holistic overview, general security posture<u></u><u></u></span></p>
<p><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Service overview, perhaps restricted to core IaaS services or wider<u></u><u></u></span></p>
<p style="margin-left:72.0pt"><u></u><span style="font-size:11.0pt;font-family:"Courier New";color:#1f497d"><span>o<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Covers secure configuration<u></u><u></u></span></p>
<p style="margin-left:72.0pt"><u></u><span style="font-size:11.0pt;font-family:"Courier New";color:#1f497d"><span>o<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Especially new options, improvements<u></u><u></u></span></p>
<p style="margin-left:72.0pt"><u></u><span style="font-size:11.0pt;font-family:"Courier New";color:#1f497d"><span>o<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Security Bugs<u></u><u></u></span></p>
<p style="margin-left:72.0pt"><u></u><span style="font-size:11.0pt;font-family:"Courier New";color:#1f497d"><span>o<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Design issues<u></u><u></u></span></p>
<p><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Review of recent security issues and OSSNs<u></u><u></u></span></p>
<p><u></u><span style="font-size:11.0pt;font-family:Symbol;color:#1f497d"><span>·<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com" target="_blank">n.paladi@gmail.com</a>] <br>
<b>Sent:</b> 30 July 2013 07:25<br><b>To:</b> Bryan D. Payne<br><b>Cc:</b> <a href="mailto:openstack-security@lists.openstack.org" target="_blank">openstack-security@lists.openstack.org</a><br><b>Subject:</b> Re: [Openstack-security] develop a common State of OpenStack Security briefing<u></u><u></u></span></p>
</div></div><div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">Great initiative, I'd be glad to "test drive" such a presentation at our next OpenStack meetup in September;<u></u><u></u></p>
<div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Just my 2 cents: would be good to have a slide or two on the state of VPN support in Neutron, as well as what the capabilities of security groups are<u></u><u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">/nicolae<u></u><u></u></p></div></div><div><p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p><div><p class="MsoNormal">
On 29 July 2013 23:56, Bryan D. Payne <<a href="mailto:bdpayne@acm.org" target="_blank">bdpayne@acm.org</a>> wrote:<u></u><u></u></p><div><p class="MsoNormal">This sounds very valuable. What kinds of information would you guys like to see in this?<u></u><u></u></p>
<div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Also, I'm thinking the slides could be setup in a way that suits either 30 min or 60 min presentation lengths. Does that seem reasonable?<u></u><u></u></p>
</div><div><p class="MsoNormal"><span style="color:#888888"><u></u> <u></u></span></p></div><div><p class="MsoNormal"><span style="color:#888888">-bryan<u></u><u></u></span></p></div></div><div><div><div><p class="MsoNormal" style="margin-bottom:12.0pt">
<u></u> <u></u></p><div><p class="MsoNormal">On Mon, Jul 29, 2013 at 12:24 PM, Brian Schott <<a href="mailto:brian.schott@nimbisservices.com" target="_blank">brian.schott@nimbisservices.com</a>> wrote:<u></u><u></u></p>
<div><div><p class="MsoNormal">I was thinking that it would be great if we could collectively have a common "State of OpenStack Security" that Stackers could give at local OpenStack MeetUps or other venues. This topic comes up all of the time and a good executive overview briefing would raise the awareness of what OpenStack is doing in this space. <u></u><u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Is there interest in OSSG in pulling together such a briefing? <u></u><u></u></p></div><div><div><div><p class="MsoNormal"><span style="font-size:9.0pt">Brian<u></u><u></u></span></p>
</div><div><p class="MsoNormal"><span style="font-size:9.0pt"><u></u> <u></u></span></p></div></div></div><div><div><div><p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif"">-------------------------------------------------<u></u><u></u></span></p>
</div><div><p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif"">Brian Schott, CTO<u></u><u></u></span></p></div><div><p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif"">Nimbis Services, Inc.<u></u><u></u></span></p>
</div><div><p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif""><a href="mailto:brian.schott@nimbisservices.com" target="_blank">brian.schott@nimbisservices.com</a><u></u><u></u></span></p>
</div><div><p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif"">ph: <a href="tel:443-274-6064" target="_blank">443-274-6064</a> fx: <a href="tel:443-274-6060" target="_blank">443-274-6060</a><u></u><u></u></span></p>
</div></div><div><p class="MsoNormal"><span style="font-size:13.5pt;font-family:"Helvetica","sans-serif""><u></u> <u></u></span></p></div><p class="MsoNormal"><u></u> <u></u></p></div><p class="MsoNormal">
<u></u> <u></u></p></div><p class="MsoNormal" style="margin-bottom:12.0pt"><br>_______________________________________________<br>Openstack-security mailing list<br><a href="mailto:Openstack-security@lists.openstack.org" target="_blank">Openstack-security@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security</a><u></u><u></u></p></div><p class="MsoNormal"><u></u> <u></u></p>
</div></div></div><p class="MsoNormal" style="margin-bottom:12.0pt"><br>_______________________________________________<br>Openstack-security mailing list<br><a href="mailto:Openstack-security@lists.openstack.org" target="_blank">Openstack-security@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security</a><u></u><u></u></p></div><p class="MsoNormal"><u></u> <u></u></p>
</div></div></div></div></div></div></blockquote></div><br></div></div></div>