OpenStack Summit November 2013

Title :

Security on Openstack

Presenters :

Brian Chong

Audience :

Security Architects or CISO that are looking to deploy Openstack in a Enterprise Datacenter to run SaaS/PaaS/IaaS applications.

Objective :

This presentation will cover different security concepts that needed to be addressed in an overall Openstack design. Due to the additional control plane elements that are introduced in the messaging tier as well as the API level there are now several new attack vectors that must be considered when desigining your Enterprise Network and Security strategy.



In the world of Software Defined Data Center it does not eliminate the need for the physical plane of control (switches, routers, hosts and storage) but it adds a new control plane element which is the Data Center Controller which never existed before. All of the old issues of device managers must be still designed while adding this element without losing the security we had before with separate device element managers.



This means a new approach on network design and network segmentation must come into play when designing a security architecture for the future data centers.