November 6-8, 2017

Event Details

Please note: All times listed below are in Central Time Zone

Encryption Workshop: Using Encryption to Secure Your Cloud

Encryption technology can be used in OpenStack to protect the confidentiality and integrity of data and software.  There are services built in to Nova, Cinder, Glance, and Barbican to work together to protect your cloud and its users. These services can be configured to use secure industry standard products, like Dogtag and ThalesnShield Connect HSM, to protect encryption keys. 

This workshop provides a hands-on tour through encryption use in OpenStack, led by core members of the Barbican project.

During the workshop we'll configure, install, and operate: 
1) Data volume encryption with Nova and Cinder 
2) VM image signing and verification with Glance 
3) Encryption key storage and retrieval with Barbican 
4) Setup Barbican to store secrets in an onsite Thales nShield Hardware Security Module (HSM)

Bring your laptop!  At the begining of this workshop, attendees will each be given SSH access to a VM with OpenStack software arleady installed.  After discussing the architecture and technology,  we'll hit the ground running with configuration and operation steps to get hands on experience encrypting data, protecting software, and securely storing encryption keys.

What can I expect to learn?

1) Importance of encryption to protect both the confidentiality and the integrity of data and software used in the cloud.
2) How to configure Barbican to be used for secret storage and how to store and retrieve encryption keys.
3) How to configure Nova and Cinder to use volume encryption to encrypt users' data and how to create and mount encrypted volumes.
4) How to configure Glance to use cryptography to perform image signing and validation to ensure the software can be trusted and how to use the this feature.

Tuesday, November 7, 10:50am-12:20pm (11:50pm - 1:20am UTC)
Difficulty Level: Beginner
Red Hat
Ade works for Red Hat, and has been involved in various security and OpenStack projects (Dogtag, FreeIPA, Barbican, TripleO) for several years.  He is a former Barbican PTL.  Most recently, he's been working on FIPS compliance in OpenStack. FULL PROFILE
Johns Hopkins University Applied Physics Lab
Kaitlin Farr is a Software Engineer at the Johns Hopkins University Applied Physics Laboratory (JHU/APL). She has been contributing upstream to security-related features for OpenStack since 2013.  She is on the core team for the key manager project Barbican and the main contributor to Castellan, the key manager interface library. Kaitlin received her M.S. in Computer Science from the... FULL PROFILE
Cisco Systems
Dave McCowan leads security initiatives for the Private Cloud Engineering Team at Cisco.  He has been an OpenStack contributor for 6 years.  He is a former PTL for the Barbican project where he continues as a core reviewer.  He's an enthusiast of security of all kinds and holds a CISSP. FULL PROFILE