Book Image

OpenStack for Architects

By : Michael Solberg, Benjamin Silverman
Book Image

OpenStack for Architects

By: Michael Solberg, Benjamin Silverman

Overview of this book

Over the last five years, hundreds of organizations have successfully implemented Infrastructure as a Service (IaaS) platforms based on OpenStack. The huge amount of investment from these organizations, industry giants such as IBM and HP, as well as open source leaders such as Red Hat have led analysts to label OpenStack as the most important open source technology since the Linux operating system. Because of its ambitious scope, OpenStack is a complex and fast-evolving open source project that requires a diverse skill-set to design and implement it. This guide leads you through each of the major decision points that you'll face while architecting an OpenStack private cloud for your organization. At each point, we offer you advice based on the experience we've gained from designing and leading successful OpenStack projects in a wide range of industries. Each chapter also includes lab material that gives you a chance to install and configure the technologies used to build production-quality OpenStack clouds. Most importantly, we focus on ensuring that your OpenStack project meets the needs of your organization, which will guarantee a successful rollout.
Table of Contents (14 chapters)
OpenStack for Architects
About the Authors
Customer Feedback

IdM integration

In a 2014 blog post, OpenStack developer Nathan Kinder famously (and convincingly) argued that Keystone is not an authentication service. In this post, Kinder describes the deployment pattern of placing the Keystone service behind an Apache HTTP server, which uses native modules to perform authentication. Kinder makes two arguments in his post:

  • Most people use some kind of external authentication system with OpenStack

  • The reference authentication system (the SQL plugin) doesn't have any of the features that we'd expect from an authentication service

Both of these arguments have been proven in our experience; the first integration that most of the organizations we work with tackle is that of the IdM service.

Authentication and authorization in OpenStack

Having an understanding of how authentication and authorization work within OpenStack is helpful. Each call to an OpenStack API service is authorized by a bearer token, which is retrieved from and verified by the Keystone service...