May 8-11, 2017

Event Details

Securing OpenStack Clouds and Beyond with Ansible

You successfully pitched an OpenStack cloud to your company. Great! But wait -- here comes the security team and the auditors! What do you do now?

Help is on the way (in the form of an Ansible role)!

The openstack-ansible-security role, first unveiled at the Austin Summit, applies security controls from the Security Technical Implementation Guide (STIG) across OpenStack clouds using Ansible. The highly configurable design arms cloud operators with a flexible tool to secure hypervisors, control plane hosts, and other non-OpenStack Linux systems. It comes with an audit mode that allows deployers to preview their deployment and provide evidence of configuration when the auditors come knocking.

The Ocata release applies Red Hat Enterprise Linux 6 and 7 STIG releases on CentOS 7, Red Hat Enterprise Linux 7, Ubuntu Trusty and Ubuntu Xenial.

Major Hayden, principal architect at Rackspace, will bring attendees along for a live demo of the role in action during this vendor-neutral talk.

What can I expect to learn?

Attendees will start by learning the problems that companies of all sizes face when they secure large infrastructure deployments. This brings the whole audience together -- from the security experts to the novices -- into a common story.

From there, we will take a deep dive into the design and configuration of the openstack-ansible-security role. The audience will learn how to reconfigure the role and re-apply certain configurations to an environment.

Toward the end of the talk, the audience will learn how to develop new capabilities for the role and contribute to documentation.

Thursday, May 11, 11:00am-11:40am
Difficulty Level: Intermediate
Major Hayden builds OpenStack clouds as a Principal Architect at Rackspace. Major is a core developer in the OpenStack-Ansible project with a focus on improving information security in OpenStack deployments.  He holds multiple Red Hat and Global Information Assurance Certification (GIAC) certifications and has written extensively about securing virtualized Linux environments. Outside of... FULL PROFILE