Encryption technology can be used in OpenStack to protect the confidentiality and integrity of data and software. There are services built in to Nova, Cinder, Glance, and Barbican to work together to protect your cloud and its users. These services can be configured to use secure industry standard products, like Dogtag and ThalesnShield Connect HSM, to protect encryption keys.
This workshop provides a hands-on tour through encryption use in OpenStack, led by core members of the Barbican project.
During the workshop we'll configure, install, and operate:
1) Data volume encryption with Nova and Cinder
2) VM image signing and verification with Glance
3) Encryption key storage and retrieval with Barbican
4) Setup Barbican to store secrets in an onsite Thales nShield Hardware Security Module (HSM)
Bring your laptop! At the begining of this workshop, attendees will each be given SSH access to a VM with OpenStack software arleady installed. After discussing the architecture and technology, we'll hit the ground running with configuration and operation steps to get hands on experience encrypting data, protecting software, and securely storing encryption keys.
1) Importance of encryption to protect both the confidentiality and the integrity of data and software used in the cloud.
2) How to configure Barbican to be used for secret storage and how to store and retrieve encryption keys.
3) How to configure Nova and Cinder to use volume encryption to encrypt users' data and how to create and mount encrypted volumes.
4) How to configure Glance to use cryptography to perform image signing and validation to ensure the software can be trusted and how to use the this feature.