<div dir="ltr"><div><div><div><div><div><div><div>Chris,<br><br></div>Someone will probably denounce this email as heresy for using this analogy, but so be it.<br><br></div>Try to think of OpenStack as you would a motor vehicle's engine. It has many components that all tie together to allow the engine to operate. Sometimes it has different configurations such as having a turbo charger or a specific custom intake.<br>
<br></div>But, by itself OpenStack is just that... an engine. Think of the OS as being the frame or chasis of the Car. Now you have a chasis with an engine. Maybe Horizon is the Dashboard. Awesome. Now we have most of what we need to move this vehicle from place to place.<br>
<br>However, there's no seat belts, no windows, no a/c, or stereo, no bumpers, no breaks, no... etc etc.<br><br></div>OpenStack by itself is just one component of a larger thing, be it an SaaS, IaaS, whatever... solution.<br>
<br></div>You need to add the pieces to your cloud vehicle as you build it, or alternatively buy a cloud vehicle from one of the many fine purveyor's of OpenStack products.<br><br></div>As far as basic security goes... I put together a basic introduction to security targetting for OpenStack for shmoocon earlier this year. It's very folsom specific and very high level. <br>
<br>That's here: <cite><a href="http://www.youtube.com/watch?v=TkFsBvymiNM">http://www.youtube.com/watch?v=TkFsBvymiNM</a><br><br></cite>Not sure if that is enough. A long time ago I wrote a security primer for OpenStack, probably around the cactus release time frame. I'll try to write something up for grizzly if I have time. It would probably be helpful to have something like that in Docs. <br>
<br></div><div>-Matt<br></div><div><br></div><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, May 20, 2013 at 12:54 PM, Chris Bartels <span dir="ltr"><<a href="mailto:chris@christopherbartels.com" target="_blank">chris@christopherbartels.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div link="blue" vlink="purple" lang="EN-US"><div><p class="MsoNormal">Hi,<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I’m interested in learning more about how to implement a customer portal for an OpenStack installation, and would like to know specifically about how the customer portal is safe from would-be hackers when exposed in the wild. I don’t know if there are any additional measures I would have to add like perhaps my own login page with its own security to protect the management page, or if it comes with its own login system for example. <u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">How can I make the security of my VPS service a selling point when I’m using OpenStack for the backend?<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Mind you I don’t know anything about OpenStack yet, aside from what I see in videos on the OpenStack Foundation YouTube channel, and I haven’t seen anything addressing this issue as of yet. I don’t even know if OpenStack comes with a customer portal I can deploy or if I have to design one using the API.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">I hope to have servers arrive this week which I can use to build prototypes of my production setup, where I can test hardening configurations. But I don’t know where to begin. All I can think of is fail2ban, and I don’t think that would apply in this case.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">What can people tell me that would help me get a handle on this issue?<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Thanks in advance.<span class="HOEnZb"><font color="#888888"><u></u><u></u></font></span></p><span class="HOEnZb"><font color="#888888"><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">-Chris<u></u><u></u></p>
</font></span></div></div><br>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></blockquote></div><br></div>