Open Stack

Friends,

I’m reaching out for assistance from anyone who may have confronted the
issue of dealing with ITAR data in an OpenStack cloud being used in some
department of the Federal Gov.

ITAR (https://www.pmddtc.state.gov/regulations_laws/itar.html) is a less
restrictive level of security than classified data, but it has some thorny
aspects to it, particularly where media is concerned:

* you cannot co-mingle ITAR and non-ITAR data on the same physical hard
drives, and any drive, once it has been “tainted” with any ITAR data, is
now an ITAR drive

* when ITAR data is destroyed, a DBAN is insufficient — instead, you
physically shred the drive.  No need to elaborate on how destructive this
can get if you accidentally mingle ITAR with non-ITAR

Certainly the multi-tenant model of OpenStack holds great promise in
Federal agencies for supporting both ITAR and non-ITAR worlds, but great
care must be taken that *somehow* things like Glance and Cinder don’t get
mixed up.  One must ensure that the ITAR tenants can only access
Glance/Cinder in ways such that their backend storage is physically
separate from any non-ITAR tenants.  Certainly I understand that
Glance/Cinder can support multiple storage backend types, such as File &
Ceph, and maybe that is an avenue to explore to achieving the physical
separation.  But what if you want to have multiple different File backends?


Do the ACLs exist to ensure that non-ITAR tenants can’t access ITAR
Glance/Cinder backends, and vice versa?

Or…is it simpler to just build two OpenStack clouds….?

Your thoughts will be most appreciated,


Jonathan Mills

NASA Goddard Space Flight Center
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20170321/cdf4fe5a/attachment.html>