Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
1. Introduction to OpenStack
- Evolution of the cloud and OpenStack
- Key cloud features
- Cloud service models
- Private, public, and hybrid clouds
- On-premise, IaaS, PaaS, and SaaS
- Public and private cloud deployments using OpenStack
- Open-source and commercial OpenStack distributions
- OpenStack deployment architectures
- OpenStack ecosystem
- Core modules
- Underlying tools
- Integration capabilities
- OpenStack lifecycle management
- OpenStack certification pathways
2. Cloud security and OpenStack
Security domains in private clouds
Threat classification and attack vectors
System and network documentation standards
System administration practices
Vulnerability management
Configuration management and policy enforcement
System backup and disaster recovery
Server hardening techniques
OpenStack management interfaces
Dashboard (Horizon)
REST API interactions
SSH access
Out-of-Band (OOB) management
Securing communication channels
TLS and HTTPS protocols
Reference architecture guidelines
3. OpenStack architecture and security
Keystone – Identity Service
Keystone architecture overview
Authentication mechanisms and backend options
Token types and token lifecycle management
Authorization in OpenStack – roles and oslo.policy
Keystone resources – domains, projects, and users
Configuring CLI clients via Openrc and clouds.yaml
OpenStack service catalog
Quota management in OpenStack
Glance – Image Service
Glance architecture
Cloud-optimized images
Uploading new images
Securing Glance deployments
Image metadata management
Neutron – Networking Service
Neutron architecture
Neutron service distribution
Network configurations in OpenStack deployments
Network isolation strategies in Neutron
Core Neutron resources
Compute node networking
Tenant (self-service) networks and subnets
Routing for tenant networks (East-West traffic)
Provider networks
Accessing external resources (North-South traffic)
Network namespaces
Physical traffic flow in Neutron nodes
Floating IP allocation
Security Groups
Role-based access control (RBAC)
Nova – Compute Service
Nova architecture
Hypervisors in the compute service
QEMU vs. KVM comparison
Key pair management
Flavor management
Instance metadata
Instance features
Creating, verifying, and managing virtual instances
Inspecting VMs at the compute node
Assigning Security Groups and Floating IPs
Accessing instance ports
Anti-spoofing (port security) in OpenStack
L3 virtual resources (router functions for instance traffic)
Nova-scheduler – compute node selection
Metadata service and configuration drive
Instance migration capabilities
Hardening the compute service
Cinder – Block Storage Service
Cinder architecture
Volume features
Creating a volume
Attaching and accessing volumes
Storage backends – iSCSI and Ceph
Volume wiping procedures
Barbican – Key Management Service
Barbican architecture
Securely storing passphrases
Generating and storing symmetric encryption keys
Volume encryption mechanisms
- Configuring Cinder storage types for volume encryption
- Limitations of volume encryption
- Storing X.509 certificate bundles
4. Other aspects related to architecture & security
- Tenant data privacy
- Instance security best practices
- Oslo.policy – creating custom roles and API authorization
- High Availability in OpenStack
Requirements
- Fundamental networking knowledge
- Basic understanding of cloud computing concepts
- Practical experience in administering Linux operating systems
14 Hours
Testimonials (3)
I found new things.
Cristian
Course - OpenStack Security
Depth of knowledge. A true SME in Openstack. Patient and very helpful. Explained complex topics in an understandable and digestible way.
Jake McIlwaine - Gamma
Course - OpenStack Security
The trainer was extremely knowledgable and helpful. While walking through the exercises, I wasn't rushed and was allowed to make mistakes (to a point) and then help was given to correct to them where needed.
