Course Outline
1. Introduction to OpenStack
- History of the cloud and OpenStack
- Cloud features
- Cloud models
- private, public, hybrid
- on-premise, IaaS, PaaS, SaaS
- Public and private cloud deployments based on OpenStack
- Open source and commercial OpenStack distributions
- OpenStack deployment models
- OpenStack ecosystem
- Modules
- Underlying tools
- Integrations
- OpenStack lifecycle
- OpenStack certification
2. Cloud security and OpenStack
-
Security domains in private clouds
-
Threat classification and attack types
-
System and network documentation
-
System management
-
Vulnerability management
-
Configuration management and policies
-
System backup and recovery
-
-
Server hardening
-
OpenStack Management interfaces
-
Dashboard
-
API
-
SSH
-
OOB
-
-
Secure communication
-
TLS and HTTPS
-
Reference architectures
-
3. OpenStack architecture and security
-
Keystone - Identity Service
-
Keystone architecture
-
Authentication and available backends
-
Token types and token management
-
Authorization in OpenStack - roles and oslo.policy
-
Keystone resources - domains, projects, users
-
Openrc and clouds.yaml - CLI clients configuration
-
OpenStack service catalog
-
Quota system in OpenStack
-
-
Glance - Image Service
-
Glance architecture
-
Images adjusted to the cloud
-
Adding new image
-
Securing image service deployment
-
Image metadata
-
-
Neutron - Networking Service
-
Neutron architecture
-
Neutron service distribution
-
Networks in OpenStack deployment
-
Network isolation in Neutron
-
Basic resources in Neutron
-
Compute node networking
-
Tenant (self-service) networks and subnets
-
Routing for tenant networks (East-West routing)
-
Provider networks
-
Accessing external resources (North-South routing)
-
Network namespaces
-
Physical traffic in Neutron nodes
-
Floating IPs
-
Security Groups
-
Role based access control (RBAC)
-
-
Nova - Compute Service
-
Nova architecture
-
Hypervisors in the compute service
-
QEMU vs. KVM
-
Keypair management
-
Flavour management
-
Instance metadata
-
Instance features
-
Creating, verifying and managing virtual instance
-
Inspecting VM at compute node
-
Assigning Security Groups and Floating IPs
-
Tapping into instance ports
-
Anti-spoofing (port security) in OpenStack
-
L3 virtual resources (router functions for instance traffic)
-
Nova-scheduler - compute node selection
-
Metadata service and configuration drive
-
Instance migration
-
Hardening compute service
-
-
Cinder - Block Storage Service
-
Cinder architecture
-
Volume features
-
Creating a volume
-
Attaching and accessing the volume
-
Storage backends - iSCSI, Ceph
-
Volume wipe
-
-
Barbican - Key Management Service
-
Barbican architecture
-
Storing passphrases
-
Generating and storing symmetric encryption keys
-
Volume encryption mechanisms
- Configuring Cinder storage type for volume encryption
- Limitations of volume encryption
- Storing X.509 certificate bundles
-
4. Other aspects related to architecture & security
- Tenant data privacy
- Instance security
- Oslo.policy - creating custom role and API authorization
- High Availability in OpenStack
Requirements
- Basic networking knowledge
- Basic knowledge of cloud computing paradigm
- Practical knowledge of administering Linux operating systems
Testimonials
contact with the lecturer, good substantive preparation, experience
Marcin Terlecki
Practical knowledge / experience of the teacher.
Cezary Żeszczyński
Experience testing a real-world cluster was good and it was interesting to hear about Rena to's real experiences of operating OpenStack.
- UKRI - UK Shared Business Services Ltd
I mostly enjoyed the interaction with the trainer.
- UKRI - UK Shared Business Services Ltd
there was something I did not like !!
- DOOR International B.V.
wide knowledge and skills of the trainer
Andrzej - DOOR International B.V.
opencast presentation from the data center page
- Samsung Electronics Polska Sp. z o.o.
Examples
- Samsung Electronics Polska Sp. z o.o.
Practical exercises
- Samsung Electronics Polska Sp. z o.o.
very wide knowledge of the trainer
- Samsung Electronics Polska Sp. z o.o.
A lot of good examples of practices used in DataCenter
- Samsung Electronics Polska Sp. z o.o.
Presentation of practical knowledge from real data center, description of issues in a way that makes it very easy to understand the subject - what would be impossible reading dry presentations
- Samsung Electronics Polska Sp. z o.o.
Ability to adapt to the needs of trainees.
- Komenda Główna Policji
Professionalism of the trainer and ability to structuring knowledge and communicating in an interesting way
Pawel Janik - Orange Szkolenia Sp. z o.o.
Vast knowledge of the Lecturer + Mega great experience:)
Mariusz Brodowski - Orange Szkolenia Sp. z o.o.
All
- Orange Szkolenia Sp. z o.o.
Knowledge and experience of the trainer (sic!) Materials The way of conducting the zajec-optimal pace, understandable message, luzna atmosphere connected with a very high level meritorika, practical examples, exercise in training (hands-on)
Miroslaw Matyla - Orange Szkolenia Sp. z o.o.
Exercises
- Orange Szkolenia Sp. z o.o.
Hands-on exercises
王 朝晖 - 是德科技
To get a better understanding about OpenStack.
Jan Gustafsson - Polystar OSIX
It was very easy communication during all the course, got answers and help in very pedagogical manner. The trainer is very experienced, I recommend him anyone who is interested in getting good knowledge in this very complicated area :-)
Polystar OSIX
The broad perspective of Openstack, no chance to dive in to deep to be able to keep schedule, more to where to get information from.
Jörgen Selegran - Polystar OSIX
A good mix of hands on exercises and lectures!
Polystar OSIX
The flexibility to answer questions. Good pdf, good examples
Conny Vigström - Polystar OSIX
Damian, is very skilled, I'm very pleased with everything, no complains, best training session I've participated in for a long time… It's very difficult to have a training course like this, totally remote, you did a great job, It went very well, there were no issues.
Peter Erlandsson - Polystar OSIX
The virtual desktop in a browser feature was kind of neat.
Mikael Karlsson - Polystar OSIX
The network parts.
Polystar OSIX
The varied topics
Daniel Lindh - Tele 2 Sverige AB
I like that we before the training had some meetings to discuss what parts we should focus on, and what is interesting for us at Tele2.
Tele 2 Sverige AB
The paste, all the information I got.
Tele 2 Sverige AB
Playing around in a non production environment.