Book Image

OpenStack for Architects - Second Edition

By : Michael Solberg, Ben Silverman
Book Image

OpenStack for Architects - Second Edition

By: Michael Solberg, Ben Silverman

Overview of this book

Over the past six years, hundreds of organizations have successfully implemented Infrastructure as a Service (IaaS) platforms based on OpenStack. The huge amount of investment from these organizations, including industry giants such as IBM and HP, as well as open source leaders, such as Red Hat, Canonical, and SUSE, has led analysts to label OpenStack as the most important open source technology since the Linux operating system. Due to its ambitious scope, OpenStack is a complex and fast-evolving open source project that requires a diverse skill set to design and implement it. OpenStack for Architects leads you through the major decision points that you'll face while architecting an OpenStack private cloud for your organization. This book will address the recent changes made in the latest OpenStack release i.e Queens, and will also deal with advanced concepts such as containerization, NVF, and security. At each point, the authors offer you advice based on the experience they've gained from designing and leading successful OpenStack projects in a wide range of industries. Each chapter also includes lab material that gives you a chance to install and configure the technologies used to build production-quality OpenStack clouds. Most importantly, the book focuses on ensuring that your OpenStack project meets the needs of your organization, which will guarantee a successful rollout.
Table of Contents (17 chapters)
Title Page
Copyright and Credits
Packt Upsell
Contributors
Preface
Index

Hardening hypervisors


The Nova service, one of OpenStack's most complex projects, provides compute functionality in the environment. Nova is very pervasive throughout an OpenStack cloud and interacts with most of the other core IaaS services. Proper configuration of this particular service is an important factor in securing an OpenStack deployment.

Standard Linux hardening practices and hypervisors

The key to security in an OpenStack environment is the configuration and hardening of the virtualization technology, also named the hypervisor. Although OpenStack can be configured to use many different hypervisors, by far the most common hypervisor in use is KVM. All of the top operating systems, such as RHEL, Ubuntu, and CentOS, support the KVM hypervisor.

All of the top OpenStack distributions, such as Red Hat OpenStack Platform, Cisco, and SUSE, use KVM as the default hypervisor; other solutions like the one from Canonical have the ability to use LXC/LXD and KVM. Therefore, as KVM is a common...