Barcelona, Spain
October 25-28, 2016

Event Details


Controlling Access to OpenStack in the Enterprise: This is Not a Public Cloud!

Addressing access control in the enterprise is a hugh challange, as a cloud architect and cloud operator we need to take into account the complexities of exisiting enterprise authentication standards and requirements. The maturity of Openstack authentication mechanisms allows for limited controls and auditing that often dont meet the percieved needs of the enterprise. 

We will discussion the short falls and challenges that exisit in Openstack today and what is being done to through blueprints and proposed patches to remedy the situation 

Finally we will present a possible solution to the problem, and include a demo of a working RBAC solution for the enterprise.


What can I expect to learn?

During the talk we will cover the the following;

  • What are the requirments that we are typically seeing in enterprises?
  • Where does Openstack fall short today?
  • What is being done, a discussion of blueprints and patches to review
  • What RBAC is currently lacking 
    • Native auditing capabilities 
    • Programmatically being able to modify rules (API)
    • Lack of synchronization capabilities 
    • Poor Format for easy readability 
    • Multiple locations causes ambiguity and extra complexity
    • Causes Separation of duties issues
  • Alternatives to policy.json 
    • Issues with alternatives 
    • Conclusion: We can make it work but must give up certain capabilities in order to fit with Keystone's model. Is it time to address this model? Or just continue searching for an RBAC model that adopts Keystone's architecture model?
  • A proposed RBAC solution and demo. 

 

Wednesday, October 26, 11:25am-12:05pm
Difficulty Level: Advanced
Mirantis Inc.
Shaun O’Meara, Field CTO at Miranits, has been designing and building Enterprise IT Infrastructure Solutions for 15 years. His work with customers, advising on the journey to cloud and assisting in the development of cloud solutions, has given him a wide scope to learn and try new and diverse technologies. FULL PROFILE
Mirantis Inc
I have been part of the Openstack community since the Essex release. I've architected, deployed and managed a cloud for one of the top hospitals in Toronto, Canada after which I took more architectural orientated role with Mirantis. I have a strong focus in identity management as well as cloud orchestration.  FULL PROFILE