Chances are if you run an OpenStack cloud, you have some form of compliance you have to adhere to. It may be some internal CIO driven compliance written in 1993, or external compliance requirements like HIPPA or PCI. We'll show you how Blue Box Cloud manages its compliance by utilizing the power of DevOps and open source software to not only enforce (Ansible) our adherence to compliance but to actively monitor and alert (Serverspec, Sensu, ELK) the moment a server falls out of compliance.
Of course this is not a magic wand that will make your systems PCI compliant, the underlying operating system and software need to have the appropriate features to support the compliance requirements. For example, we are not injecting any magic to perform automated password rotation in keystone (that would need to be solved in keystone itself, or custom middleware) but rather enabling or configuring the keystone options to do so.
We’ll be taking you on a behind the scenes tour of the software and processes that we utilize to make our compliance ( and auditing! ) a completely automated process. You will walk away from this talk with everything you need to implement similar compliance enforcement and auditing capabiities.