Vancouver, BC
May 21-24, 2018

Event Details

Please note: All times listed below are in Central Time Zone

Encrypt your Volumes with Barbican

Interested in volume encryption to secure your environment? Find out how to design and implement a volume encryption service based on the Barbican project. OnRamp built and deployed a volume encryption service for their Virtual Private Cloud, allowing users to encrypt their volumes. Each volume the VPC users provision is encrypted with a unique key, ensuring that their data is not readable by other tenants in the cloud.

Using lessons learned from OnRamp’s VPC, OpenStack Engineer Duncan Wannamaker will review the design journey from soup to nuts, including outlining requirements, choosing from the available open source platforms, developing the architecture, and implementing the volume encryption. Learn from the challenges OnRamp encountered with a multi-tenant deployment, and see a demo of how to create an encryption key, integrate Cinder with Barbican, and create and attach encrypted volumes.

What can I expect to learn?

What does Barbican offer for encryption management?  What is it lacking?

What are the pros and cons of using Barbican versus other open source alternatives, like Vault?

What level of security does volume encryption provide?  What are the limitations?

How OnRamp built and deployed an encryption key generation and management service for a multi-tenant environment.

How to integrate Barbican and Cinder.

Configuring encryption using Simple Crypto or a Hardware Security Module with Barbican.

How to mount a volume using a unique encryption key.

How a user can leverage Barbican to encrypt volumes.

OnRamp’s ideas for improving this service in the future.


Wednesday, May 23, 9:50am-10:30am (4:50pm - 5:30pm UTC)
Difficulty Level: Advanced
OpenStack Engineer
Duncan Wannamaker is an OpenStack Engineer with OnRamp Access, a managed service provider based out of Austin, Texas.  He leads the volume encryption and key management implementation which allows OnRamp to provide enhanced security with per-volume transparent encryption.  Duncan has previous experience building large private cloud environments based on the VMware vCloud platform and... FULL PROFILE