<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, May 20, 2013 at 3:22 PM, Matt Joyce <span dir="ltr"><<a href="mailto:matt.joyce@cloudscaling.com" target="_blank">matt.joyce@cloudscaling.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div><div><div>Chris,<br><br></div>Someone will probably denounce this email as heresy for using this analogy, but so be it.<br>
<br></div>Try to think of OpenStack as you would a motor vehicle's engine. It has many components that all tie together to allow the engine to operate. Sometimes it has different configurations such as having a turbo charger or a specific custom intake.<br>
<br></div>But, by itself OpenStack is just that... an engine. Think of the OS as being the frame or chasis of the Car. Now you have a chasis with an engine. Maybe Horizon is the Dashboard. Awesome. Now we have most of what we need to move this vehicle from place to place.<br>
<br>However, there's no seat belts, no windows, no a/c, or stereo, no bumpers, no breaks, no... etc etc.<br><br></div>OpenStack by itself is just one component of a larger thing, be it an SaaS, IaaS, whatever... solution.<br>
<br></div>You need to add the pieces to your cloud vehicle as you build it, or alternatively buy a cloud vehicle from one of the many fine purveyor's of OpenStack products.<br><br></div>As far as basic security goes... I put together a basic introduction to security targetting for OpenStack for shmoocon earlier this year. It's very folsom specific and very high level. <br>
<br>That's here: <cite><a href="http://www.youtube.com/watch?v=TkFsBvymiNM" target="_blank">http://www.youtube.com/watch?v=TkFsBvymiNM</a><br><br></cite>Not sure if that is enough. A long time ago I wrote a security primer for OpenStack, probably around the cactus release time frame. I'll try to write something up for grizzly if I have time. It would probably be helpful to have something like that in Docs. <br>
<span class="HOEnZb"><font color="#888888">
<br></font></span></div></div></blockquote><div><br></div><div style>There's a book sprint for a hardening guide happening next month... at an undisclosed location because they're secure like that. Matt, you might want to see if you can free up your schedule to write or review or anything you like. I'll connect you off-list. </div>
<div style><br></div><div style>I'd like a cloud vehicle in sky blue please.<br></div><div style>Anne</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div><span class="HOEnZb"><font color="#888888"></font></span></div><span class="HOEnZb"><font color="#888888"><div>-Matt<br></div><div><br></div><br></font></span></div><div class="gmail_extra"><br><br><div class="gmail_quote">
<div><div class="h5">On Mon, May 20, 2013 at 12:54 PM, Chris Bartels <span dir="ltr"><<a href="mailto:chris@christopherbartels.com" target="_blank">chris@christopherbartels.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div link="blue" vlink="purple" lang="EN-US"><div><p class="MsoNormal">Hi,<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I’m interested in learning more about how to implement a customer portal for an OpenStack installation, and would like to know specifically about how the customer portal is safe from would-be hackers when exposed in the wild. I don’t know if there are any additional measures I would have to add like perhaps my own login page with its own security to protect the management page, or if it comes with its own login system for example. <u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">How can I make the security of my VPS service a selling point when I’m using OpenStack for the backend?<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Mind you I don’t know anything about OpenStack yet, aside from what I see in videos on the OpenStack Foundation YouTube channel, and I haven’t seen anything addressing this issue as of yet. I don’t even know if OpenStack comes with a customer portal I can deploy or if I have to design one using the API.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">I hope to have servers arrive this week which I can use to build prototypes of my production setup, where I can test hardening configurations. But I don’t know where to begin. All I can think of is fail2ban, and I don’t think that would apply in this case.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">What can people tell me that would help me get a handle on this issue?<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Thanks in advance.<span><font color="#888888"><u></u><u></u></font></span></p><span><font color="#888888"><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">-Chris<u></u><u></u></p>
</font></span></div></div><br></div></div><div class="im">_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></div></blockquote></div><br></div>
<br>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></blockquote></div><br></div></div>