The Must-Attend

Open Infrastructure Event

The world runs on open infrastructure. At the OpenStack Summit, you’ll learn about the mix of open technologies building the modern infrastructure stack, including OpenStack, Kubernetes, Docker, Ansible, Ceph, OVS, OpenContrail, OPNFV, and more. Whether you are pursuing a private, public or multi-cloud approach, the OpenStack Summit is the place to network, skill up and plan your cloud strategy.

Sydney
November 6-8, 2017

The Must-Attend

Open Infrastructure Event

Join the movement behind the most widely deployed open source cloud platform. Whether you are pursuing a private, hybrid or multi-cloud approach, the OpenStack Summit is the place to network, skill up and plan your cloud strategy.

Sydney
November 6-8, 2017

Event Details


Encryption Workshop: Using Encryption to Secure Your Cloud

Encryption technology can be used in OpenStack to protect the confidentiality and integrity of data and software.  There are services built in to Nova, Cinder, Glance, and Barbican to work together to protect your cloud and its users. These services can be configured to use secure industry standard products, like Dogtag and ThalesnShield Connect HSM, to protect encryption keys. 

This workshop provides a hands-on tour through encryption use in OpenStack, led by core members of the Barbican project.

During the workshop we'll configure, install, and operate: 
1) Data volume encryption with Nova and Cinder 
2) VM image signing and verification with Glance 
3) Encryption key storage and retrieval with Barbican 
4) Setup Barbican to store secrets in an onsite Thales nShield Hardware Security Module (HSM)

Bring your laptop!  At the begining of this workshop, attendees will each be given SSH access to a VM with OpenStack software arleady installed.  After discussing the architecture and technology,  we'll hit the ground running with configuration and operation steps to get hands on experience encrypting data, protecting software, and securely storing encryption keys.


What can I expect to learn?

1) Importance of encryption to protect both the confidentiality and the integrity of data and software used in the cloud.
2) How to configure Barbican to be used for secret storage and how to store and retrieve encryption keys.
3) How to configure Nova and Cinder to use volume encryption to encrypt users' data and how to create and mount encrypted volumes.
4) How to configure Glance to use cryptography to perform image signing and validation to ensure the software can be trusted and how to use the this feature.

Tuesday, November 7, 10:50am-12:20pm
Level: Beginner
Ade Lee  Moderator
Red Hat
Ade works for Red Hat, and has been involved in Dogtag development (and its integration into FreeIPA) for a number of years now. He has worked to integrate Dogtag and FreeIPA with Openstack, and is a core contributor to the Barbican project. Most recently, he has worked on puppet modules to deploy Barbican in Triple-O and RDO. FULL PROFILE
Johns Hopkins University Applied Physics Lab
Kaitlin Farr is a Software Engineer at the Johns Hopkins University Applied Physics Laboratory (JHU/APL). She has been contributing upstream to security-related features for OpenStack since 2013.  She is on the core team for the key manager project Barbican and the main contributor to Castellan, the key manager interface library. Kaitlin received her M.S. in Computer Science from the... FULL PROFILE
Cisco Systems
Dave McCowan leads security initiatives for the Cloud Solutions Group at Cisco. He is PTL for the Barbican project and an active contributor to the Security and Kolla projects.   FULL PROFILE