Imported Translations from Transifex

Change-Id: Iec9e5a0dce924bb78e27ed38abb035c362f52a96

doc/cli-reference/locale/cli-reference.pot

@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2014-03-14 06:22+0000\n"
+"POT-Creation-Date: 2014-03-18 06:29+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -9,6 +9,222 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:11(title)
+msgid "neutron-debug command-line client"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:12(para)
+msgid "The <placeholder-1/> client is an extension to the <placeholder-2/> command-line interface (CLI) for the OpenStack neutron-debug tool. This chapter documents <placeholder-3/> version 2.3.0."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:16(para)
+msgid "For help on a specific <placeholder-1/> command, enter:"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:18(option)
+msgid "help"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:18(replaceable)
+msgid "COMMAND"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:21(title)
+msgid "neutron-debug usage"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:34(title)
+msgid "Subcommands"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:38(para)
+msgid "Create probe port - create port and interface within a network namespace."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:46(para)
+msgid "List all probes."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:54(para) ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:242(para)
+msgid "Clear all probes."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:62(para)
+msgid "Delete probe - delete port then delete the namespace."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:70(para)
+msgid "Execute commands in the namespace of the probe."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:78(para)
+msgid "ping-all is all-in-one command to ping all fixed IP's in a specified network."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:86(title)
+msgid "neutron-debug optional arguments"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:91(para)
+msgid "Show version number and exit."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:97(para)
+msgid "Increase verbosity of output and show tracebacks on errors. Can be repeated."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:104(para)
+msgid "Suppress output except warnings and errors"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:110(para)
+msgid "Show this help message and exit"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:117(para)
+msgid "Authentication strategy (Env: OS_AUTH_STRATEGY, default keystone). For now, any other value will disable the authentication"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:125(para)
+msgid "Authentication URL (Env: OS_AUTH_URL)"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:132(para)
+msgid "Authentication tenant name (Env: OS_TENANT_NAME)"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:140(para)
+msgid "Authentication tenant name (Env: OS_TENANT_ID)"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:148(para)
+msgid "Authentication username (Env: OS_USERNAME)"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:155(para)
+msgid "Authentication password (Env: OS_PASSWORD)"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:162(para)
+msgid "Authentication region name (Env: OS_REGION_NAME)"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:169(para)
+msgid "Defaults to <code>env[OS_TOKEN]</code>"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:177(para)
+msgid "Defaults to <code>env[OS_ENDPOINT_TYPE]</code> or public URL."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:184(para)
+msgid "Defaults to <code>env[OS_URL]</code>"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:192(para)
+msgid "Specify a CA bundle file to use in verifying a TLS (https) server certificate. Defaults to <code>env[OS_CACERT]</code>"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:201(para)
+msgid "Explicitly allow neutron-debug to perform \"insecure\" SSL (https) requests. The server's certificate will not be verified against any certificate authorities. This option should be used with caution."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:210(para)
+msgid "Config file for interface driver (You may also use l3_agent.ini)"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:217(title)
+msgid "neutron-debug probe-create command"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:220(para)
+msgid "Create probe port - create port and interface, then place it into the created network namespace."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:222(title) ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:251(title) ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:272(title)
+msgid "Positional arguments"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:226(para)
+msgid "ID of the network in which the probe will be created."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:233(title)
+msgid "neutron-debug probe-list command"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:236(para)
+msgid "List probes."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:239(title)
+msgid "neutron-debug probe-clear command"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:245(title)
+msgid "neutron-debug probe-delete command"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:248(para)
+msgid "Remove a probe."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:255(para)
+msgid "ID of the probe to delete."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:261(title)
+msgid "neutron-debug probe-exec command"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:264(para)
+msgid "Execute commands in the namespace of the probe"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:267(title)
+msgid "neutron-debug ping-all command"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:270(para)
+msgid "All-in-one command to ping all fixed IP's in a specified network."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:276(para)
+msgid "ID of the port to use."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:281(title)
+msgid "Optional arguments"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:286(para)
+msgid "Optional ping timeout."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:292(title)
+msgid "neutron-debug example"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:295(para)
+msgid "Create a probe namespace within the network identified by NET_ID. The namespace will have the name of qprobe-&lt;UUID of the probe port&gt;"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:298(para)
+msgid "For the following examples to function, the security group rules may need to be modified to allow the SSH (TCP port 22) or ping (ICMP) traffic into network."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:303(para)
+msgid "SSH to an instance within the network."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:306(para)
+msgid "Ping all instances on this network to verify they are responding."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml:310(para)
+msgid "Ping the DHCP server for this network using dhcping to verify it is working."
+msgstr ""
+
 #: ./doc/cli-reference/bk-cli-reference.xml:10(title)
 msgid "OpenStack Command-Line Interface Reference"
 msgstr ""
@@ -49,8 +265,12 @@ msgstr ""
 msgid "Initial version."
 msgstr ""
 
-#: ./doc/cli-reference/ch_preface.xml:10(title)
-msgid "Preface"
+#: ./doc/cli-reference/bk-cli-reference.xml:56(date)
+msgid "2014-03-14"
+msgstr ""
+
+#: ./doc/cli-reference/bk-cli-reference.xml:60(para)
+msgid "Added documentation for the neutron-debug command."
 msgstr ""
 
 #: ./doc/cli-reference/ch_cli.xml:10(title)

doc/cli-reference/locale/sq.po

@@ -0,0 +1,313 @@
+# 
+# Translators:
+msgid ""
+msgstr ""
+"Project-Id-Version: OpenStack Manuals\n"
+"POT-Creation-Date: 2014-03-18 06:29+0000\n"
+"PO-Revision-Date: 2014-03-17 07:58+0000\n"
+"Last-Translator: Tom Fifield <tom@openstack.org>\n"
+"Language-Team: Albanian (http://www.transifex.com/projects/p/openstack/language/sq/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: sq\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml11(title)
+msgid "neutron-debug command-line client"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml12(para)
+msgid ""
+"The <placeholder-1/> client is an extension to the <placeholder-2/> command-"
+"line interface (CLI) for the OpenStack neutron-debug tool. This chapter "
+"documents <placeholder-3/> version 2.3.0."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml16(para)
+msgid "For help on a specific <placeholder-1/> command, enter:"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml18(option)
+msgid "help"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml18(replaceable)
+msgid "COMMAND"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml21(title)
+msgid "neutron-debug usage"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml34(title)
+msgid "Subcommands"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml38(para)
+msgid ""
+"Create probe port - create port and interface within a network namespace."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml46(para)
+msgid "List all probes."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml54(para)
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml242(para)
+msgid "Clear all probes."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml62(para)
+msgid "Delete probe - delete port then delete the namespace."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml70(para)
+msgid "Execute commands in the namespace of the probe."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml78(para)
+msgid ""
+"ping-all is all-in-one command to ping all fixed IP's in a specified "
+"network."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml86(title)
+msgid "neutron-debug optional arguments"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml91(para)
+msgid "Show version number and exit."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml97(para)
+msgid ""
+"Increase verbosity of output and show tracebacks on errors. Can be repeated."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml104(para)
+msgid "Suppress output except warnings and errors"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml110(para)
+msgid "Show this help message and exit"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml117(para)
+msgid ""
+"Authentication strategy (Env: OS_AUTH_STRATEGY, default keystone). For now, "
+"any other value will disable the authentication"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml125(para)
+msgid "Authentication URL (Env: OS_AUTH_URL)"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml132(para)
+msgid "Authentication tenant name (Env: OS_TENANT_NAME)"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml140(para)
+msgid "Authentication tenant name (Env: OS_TENANT_ID)"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml148(para)
+msgid "Authentication username (Env: OS_USERNAME)"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml155(para)
+msgid "Authentication password (Env: OS_PASSWORD)"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml162(para)
+msgid "Authentication region name (Env: OS_REGION_NAME)"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml169(para)
+msgid "Defaults to <code>env[OS_TOKEN]</code>"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml177(para)
+msgid "Defaults to <code>env[OS_ENDPOINT_TYPE]</code> or public URL."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml184(para)
+msgid "Defaults to <code>env[OS_URL]</code>"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml192(para)
+msgid ""
+"Specify a CA bundle file to use in verifying a TLS (https) server "
+"certificate. Defaults to <code>env[OS_CACERT]</code>"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml201(para)
+msgid ""
+"Explicitly allow neutron-debug to perform \"insecure\" SSL (https) requests."
+" The server's certificate will not be verified against any certificate "
+"authorities. This option should be used with caution."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml210(para)
+msgid "Config file for interface driver (You may also use l3_agent.ini)"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml217(title)
+msgid "neutron-debug probe-create command"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml220(para)
+msgid ""
+"Create probe port - create port and interface, then place it into the "
+"created network namespace."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml222(title)
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml251(title)
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml272(title)
+msgid "Positional arguments"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml226(para)
+msgid "ID of the network in which the probe will be created."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml233(title)
+msgid "neutron-debug probe-list command"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml236(para)
+msgid "List probes."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml239(title)
+msgid "neutron-debug probe-clear command"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml245(title)
+msgid "neutron-debug probe-delete command"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml248(para)
+msgid "Remove a probe."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml255(para)
+msgid "ID of the probe to delete."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml261(title)
+msgid "neutron-debug probe-exec command"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml264(para)
+msgid "Execute commands in the namespace of the probe"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml267(title)
+msgid "neutron-debug ping-all command"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml270(para)
+msgid "All-in-one command to ping all fixed IP's in a specified network."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml276(para)
+msgid "ID of the port to use."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml281(title)
+msgid "Optional arguments"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml286(para)
+msgid "Optional ping timeout."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml292(title)
+msgid "neutron-debug example"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml295(para)
+msgid ""
+"Create a probe namespace within the network identified by NET_ID. The "
+"namespace will have the name of qprobe-&lt;UUID of the probe port&gt;"
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml298(para)
+msgid ""
+"For the following examples to function, the security group rules may need to"
+" be modified to allow the SSH (TCP port 22) or ping (ICMP) traffic into "
+"network."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml303(para)
+msgid "SSH to an instance within the network."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml306(para)
+msgid "Ping all instances on this network to verify they are responding."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli_neutron-debug_commands.xml310(para)
+msgid ""
+"Ping the DHCP server for this network using dhcping to verify it is working."
+msgstr ""
+
+#: ./doc/cli-reference/bk-cli-reference.xml10(title)
+msgid "OpenStack Command-Line Interface Reference"
+msgstr ""
+
+#: ./doc/cli-reference/bk-cli-reference.xml12(titleabbrev)
+msgid "CLI Reference"
+msgstr ""
+
+#: ./doc/cli-reference/bk-cli-reference.xml20(orgname)
+#: ./doc/cli-reference/bk-cli-reference.xml25(holder)
+msgid "OpenStack Foundation"
+msgstr ""
+
+#: ./doc/cli-reference/bk-cli-reference.xml24(year)
+msgid "2014"
+msgstr ""
+
+#: ./doc/cli-reference/bk-cli-reference.xml27(releaseinfo)
+msgid "trunk"
+msgstr ""
+
+#: ./doc/cli-reference/bk-cli-reference.xml28(productname)
+msgid "OpenStack"
+msgstr ""
+
+#: ./doc/cli-reference/bk-cli-reference.xml32(remark)
+msgid "Remaining licensing details are filled in by the template."
+msgstr ""
+
+#: ./doc/cli-reference/bk-cli-reference.xml37(para)
+msgid "This guide documents the OpenStack command-line clients."
+msgstr ""
+
+#: ./doc/cli-reference/bk-cli-reference.xml46(date)
+msgid "2014-01-29"
+msgstr ""
+
+#: ./doc/cli-reference/bk-cli-reference.xml50(para)
+msgid "Initial version."
+msgstr ""
+
+#: ./doc/cli-reference/bk-cli-reference.xml56(date)
+msgid "2014-03-14"
+msgstr ""
+
+#: ./doc/cli-reference/bk-cli-reference.xml60(para)
+msgid "Added documentation for the neutron-debug command."
+msgstr ""
+
+#: ./doc/cli-reference/ch_cli.xml10(title)
+msgid "OpenStack command-line clients"
+msgstr ""
+
+#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
+#: ./doc/cli-reference/ch_cli.xml0(None)
+msgid "translator-credits"
+msgstr ""

doc/common/locale/common.pot

@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2014-03-14 06:23+0000\n"
+"POT-Creation-Date: 2014-03-18 06:29+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -4526,6 +4526,46 @@ msgstr ""
 msgid "The name of the trait to list Required."
 msgstr ""
 
+#: ./doc/common/section_conventions.xml:8(title)
+msgid "Conventions"
+msgstr ""
+
+#: ./doc/common/section_conventions.xml:9(para)
+msgid "The OpenStack documentation uses several typesetting conventions:"
+msgstr ""
+
+#: ./doc/common/section_conventions.xml:14(title)
+msgid "Admonitions"
+msgstr ""
+
+#: ./doc/common/section_conventions.xml:15(para)
+msgid "Admonitions take three forms:"
+msgstr ""
+
+#: ./doc/common/section_conventions.xml:19(para)
+msgid "This is a note. The information in a note is usually in the form of a handy tip or reminder."
+msgstr ""
+
+#: ./doc/common/section_conventions.xml:25(para)
+msgid "This is important. The information in an important admonition is something you must be aware of before moving on."
+msgstr ""
+
+#: ./doc/common/section_conventions.xml:31(para)
+msgid "This is a warning. The information in warnings is critical. Warnings provide additional information about risk of data loss or security issues."
+msgstr ""
+
+#: ./doc/common/section_conventions.xml:40(title)
+msgid "Command prompts"
+msgstr ""
+
+#: ./doc/common/section_conventions.xml:41(para)
+msgid "Commands prefixed with the <literal>#</literal> prompt are to be executed by the <literal>root</literal> user. These examples can also be executed using the <placeholder-1/> command, if available."
+msgstr ""
+
+#: ./doc/common/section_conventions.xml:47(para)
+msgid "Commands prefixed with the <literal>$</literal> prompt can be executed by any user, including <literal>root</literal>."
+msgstr ""
+
 #: ./doc/common/ch_cli_neutron_commands.xml:11(title)
 msgid "Networking command-line client"
 msgstr ""
@@ -8330,7 +8370,7 @@ msgid "Object Storage (Swift)"
 msgstr ""
 
 #: ./doc/common/section_objectstorage-arch.xml:61(para)
-msgid "Currently, 2TB or 3TB SATA disks deliver good price/performance value. You can use desktop-grade drives if you have responsive remote hands in the datacenter and enterprise-grade drives if you don't."
+msgid "Currently, 2 TB or 3 TB SATA disks deliver good price/performance value. You can use desktop-grade drives if you have responsive remote hands in the datacenter and enterprise-grade drives if you don't."
 msgstr ""
 
 #: ./doc/common/section_objectstorage-arch.xml:66(para)
@@ -9133,6 +9173,82 @@ msgstr ""
 msgid "Configurable WSGI middleware that handles authentication. Usually the Identity Service."
 msgstr ""
 
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:6(title)
+msgid "Secure the OpenStack Identity service connection to an LDAP back end"
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:8(para)
+msgid "The Identity service supports the use of TLS to encrypt LDAP traffic. Before configuring this, you must first verify where your certificate authority file is located. For more information, see <xref linkend=\"certificates-for-pki\"/>."
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:12(para)
+msgid "Once you verify the location of your certificate authority file:"
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:15(title)
+msgid "Configuring TLS encryption on LDAP traffic"
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:17(para)
+msgid "Open the <filename>/etc/keystone/keystone.conf</filename> configuration file."
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:23(para)
+msgid "Find the <literal>[ldap]</literal> section."
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:26(para)
+msgid "In the <literal>[ldap]</literal> section, set the <literal>use_tls</literal> configuration key to <literal>True</literal>. Doing so will enable TLS."
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:31(para)
+msgid "Configure the Identity service to use your certificate authorities file. To do so, set the <literal>tls_cacertfile</literal> configuration key in the <literal>ldap</literal> section to the certificate authorities file's path."
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:37(para)
+msgid "You can also set the <literal>tls_cacertdir</literal> (also in the <literal>ldap</literal> section) to the directory where all certificate authorities files are kept. If both <literal>tls_cacertfile</literal> and <literal>tls_cacertdir</literal> are set, then the latter will be ignored."
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:46(para)
+msgid "Specify what client certificate checks to perform on incoming TLS sessions from the LDAP server. To do so, set the <literal>tls_req_cert</literal> configuration key in the <literal>[ldap]</literal> section to <literal>demand</literal>, <literal>allow</literal>, or <literal>never</literal>:"
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:53(para)
+msgid "<parameter>demand</parameter>: a certificate will always be requested from the LDAP server. The session will be terminated if no certificate is provided, or if the certificate provided cannot be verified against the existing certificate authorities file."
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:60(para)
+msgid "<parameter>allow</parameter>: a certificate will always be requested from the LDAP server. The session will proceed as normal even if a certificate is not provided. If a certificate is provided but it cannot be verified against the existing certificate authorities file, the certificate will be ignored and the session will proceed as normal."
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:67(para)
+msgid "<parameter>never</parameter>: a certificate will never be requested."
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:72(para)
+msgid "On distributions that include <application>openstack-config</application>, you can configure TLS encryption on LDAP traffic by running the following commands instead:"
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:80(replaceable)
+msgid "CA_FILE"
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:82(replaceable)
+msgid "CERT_BEHAVIOR"
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:83(para)
+msgid "Where:"
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:85(para)
+msgid "<replaceable>CA_FILE</replaceable> is the absolute path to the certificate authorities file that should be used to encrypt LDAP traffic."
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-hardening.xml:88(para)
+msgid "<replaceable>CERT_BEHAVIOR</replaceable>: specifies what client certificate checks to perform on an incoming TLS session from the LDAP server (<literal>demand</literal>, <literal>allow</literal>, or <literal>never</literal>)."
+msgstr ""
+
 #: ./doc/common/section_rpc-for-networking.xml:7(title) ./doc/common/section_rpc.xml:7(title)
 msgid "Configure the Oslo RPC messaging system"
 msgstr ""
@@ -9566,7 +9682,7 @@ msgid "The queue. A central hub for passing messages between daemons. Usually im
 msgstr ""
 
 #: ./doc/common/section_getstart_compute.xml:192(para)
-msgid "SQL database. Stores most build-time and runtime states for a cloud infrastructure. Includes instance types that are available for use, instances in use, available networks, and projects. Theoretically, OpenStack Compute can support any database that SQL-Alchemy supports, but the only databases widely used are sqlite3 databases (only appropriate for test and development work), MySQL, and PostgreSQL."
+msgid "SQL database. Stores most build-time and runtime states for a cloud infrastructure. Includes instance types that are available for use, instances in use, available networks, and projects. Theoretically, OpenStack Compute can support any database that SQL-Alchemy supports, but the only databases widely used are SQLite3 databases (only appropriate for test and development work), MySQL, and PostgreSQL."
 msgstr ""
 
 #: ./doc/common/section_getstart_compute.xml:201(para)
@@ -11342,6 +11458,10 @@ msgstr ""
 msgid "<emphasis role=\"bold\">How to find unknown options?</emphasis> The unknown options can be easily found by watching the output of <literal>create_xxx</literal> or <literal>show_xxx</literal> command. For example, in the port creation command, we see the fixed_ips fields, which can be used as an unknown option."
 msgstr ""
 
+#: ./doc/common/ch_preface.xml:10(title)
+msgid "Preface"
+msgstr ""
+
 #: ./doc/common/section_cli_keystone_apiv3.xml:5(title)
 msgid "Use Identity Service API v3 instead of API v2.0"
 msgstr ""
@@ -12287,6 +12407,38 @@ msgstr ""
 msgid "For more information, review the key concepts in the developer documentation at <link href=\"http://docs.openstack.org/developer/swift/\">docs.openstack.org/developer/swift/</link>."
 msgstr ""
 
+#: ./doc/common/section_keystone_config_ldap-assignments.xml:6(title)
+msgid "Separate role authorization and user authentication"
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-assignments.xml:7(para)
+msgid "When you configure the Identity service to use an LDAP back end, you can split authentication and authorization using the <emphasis>Assignments</emphasis> feature."
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-assignments.xml:10(para)
+msgid "The Assignments feature enables administrators to manage project role authorization using the Identity service's own SQL database, while still providing user authentication through the LDAP directory."
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-assignments.xml:14(para)
+msgid "To configure this:"
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-assignments.xml:16(title)
+msgid "Separating role authorization and user authentication through Assignments"
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-assignments.xml:19(para)
+msgid "Configure the Identity service to authenticate users through the LDAP driver. To do so, first find the <literal>[identity]</literal> section in the <filename>/etc/keystone/keystone.conf</filename> configuration file. Then, set the <literal>driver</literal> configuration key in that section to <literal>keystone.identity.backends.ldap.Identity</literal>:"
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-assignments.xml:30(para)
+msgid "Next, enable the Assignment driver. To do so, find the <literal>[assignment]</literal> section in the <filename>/etc/keystone/keystone.conf</filename> configuration file. Then, set the <literal>driver</literal> configuration key in that section to <literal>keystone.assignment.backends.sql.Assignment</literal>:"
+msgstr ""
+
+#: ./doc/common/section_keystone_config_ldap-assignments.xml:41(para)
+msgid "On distributions that include <application>openstack-config</application>, you can configure both drivers by running the following commands instead:"
+msgstr ""
+
 #: ./doc/common/section_cli_cinder_manage_volumes.xml:7(title)
 msgid "Manage volumes"
 msgstr ""
@@ -14070,11 +14222,11 @@ msgid "Easily scalable for future growth"
 msgstr ""
 
 #: ./doc/common/section_storage-concepts.xml:51(td)
-msgid "Example: 10GB first disk, 30GB/core second disk"
+msgid "Example: 10 GB first disk, 30 GB/core second disk"
 msgstr ""
 
 #: ./doc/common/section_storage-concepts.xml:52(td)
-msgid "Example: 1TB \"extra hard drive\""
+msgid "Example: 1 TB \"extra hard drive\""
 msgstr ""
 
 #: ./doc/common/section_storage-concepts.xml:53(td)
@@ -14321,18 +14473,6 @@ msgstr ""
 msgid "If Active Directory classes and attributes do not match the specified classes in the LDAP module, so you can modify them, as follows:"
 msgstr ""
 
-#: ./doc/common/section_keystone_config_ldap.xml:133(title)
-msgid "Assignment"
-msgstr ""
-
-#: ./doc/common/section_keystone_config_ldap.xml:134(para)
-msgid "The Assignment feature allows a combination of LDAP and SQL for Identity Service authentication and authorization. Consequently, the LDAP directory authenticates users and the Identity Service SQL back end authorizes their access to projects and roles."
-msgstr ""
-
-#: ./doc/common/section_keystone_config_ldap.xml:139(para)
-msgid "Enable the Assignment driver in the <filename>keystone.conf</filename> file alongside the LDAP driver:"
-msgstr ""
-
 #. When image changes, this message will be marked fuzzy or untranslated for you.
 #. It doesn't matter what you translate it to: it's not used at all.
 #: ./doc/common/section_dashboard_launch_instances_from_image.xml:106(None)

doc/high-availability-guide/locale/high-availability-guide.pot

@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2014-03-14 06:23+0000\n"
+"POT-Creation-Date: 2014-03-18 06:30+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

doc/image-guide/locale/image-guide.pot

@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2014-03-14 06:23+0000\n"
+"POT-Creation-Date: 2014-03-18 06:30+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -1545,10 +1545,6 @@ msgstr ""
 msgid "In the example above, the guest <literal>centos-6.4</literal> uses VNC display <literal>:1</literal>, which corresponds to tcp port <literal>5901</literal>. You should be able to connect to a VNC client running on your local machine to display :1 on the remote machine and step through the installation process."
 msgstr ""
 
-#: ./doc/image-guide/ch_preface.xml:10(title)
-msgid "Preface"
-msgstr ""
-
 #: ./doc/image-guide/section_glance_image-formats.xml:6(title)
 msgid "Disk and container formats for images"
 msgstr ""

doc/install-guide/locale/install-guide.pot

@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2014-03-14 06:23+0000\n"
+"POT-Creation-Date: 2014-03-18 06:30+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -303,7 +303,7 @@ msgstr ""
 msgid "Configure access to the <application>RabbitMQ</application> service:"
 msgstr ""
 
-#: ./doc/install-guide/section_neutron-network-node.xml:152(replaceable) ./doc/install-guide/section_neutron-network-node.xml:161(replaceable) ./doc/install-guide/section_neutron-compute-node.xml:200(replaceable) ./doc/install-guide/section_neutron-compute-node.xml:209(replaceable) ./doc/install-guide/section_ceilometer-install.xml:140(replaceable) ./doc/install-guide/section_ceilometer-install.xml:143(replaceable) ./doc/install-guide/section_nova-controller.xml:67(replaceable) ./doc/install-guide/section_nova-controller.xml:75(replaceable) ./doc/install-guide/section_neutron-per-tenant-routers-with-private-networks.xml:182(replaceable) ./doc/install-guide/section_neutron-per-tenant-routers-with-private-networks.xml:195(replaceable) ./doc/install-guide/section_neutron-per-tenant-routers-with-private-networks.xml:272(replaceable) ./doc/install-guide/section_neutron-per-tenant-routers-with-private-networks.xml:327(replaceable) ./doc/install-guide/section_neutron-provider-router-with-private_networks.xml:113(replaceable) ./doc/install-guide/section_neutron-provider-router-with-private_networks.xml:178(replaceable) ./doc/install-guide/section_neutron-provider-router-with-private_networks.xml:189(replaceable) ./doc/install-guide/section_neutron-provider-router-with-private_networks.xml:322(replaceable) ./doc/install-guide/section_neutron-provider-router-with-private_networks.xml:333(replaceable) ./doc/install-guide/section_ceilometer-glance.xml:18(replaceable) ./doc/install-guide/section_ceilometer-glance.xml:24(replaceable) ./doc/install-guide/section_neutron-single-flat.xml:207(replaceable) ./doc/install-guide/section_neutron-single-flat.xml:230(replaceable) ./doc/install-guide/section_neutron-single-flat.xml:335(replaceable) ./doc/install-guide/section_neutron-single-flat.xml:362(replaceable) ./doc/install-guide/section_neutron-single-flat.xml:427(replaceable) ./doc/install-guide/section_neutron-single-flat.xml:446(replaceable) ./doc/install-guide/ch_basics.xml:643(replaceable) ./doc/install-guide/section_neutron-controller-node.xml:156(replaceable) ./doc/install-guide/section_neutron-controller-node.xml:183(replaceable) ./doc/install-guide/section_cinder-node.xml:130(replaceable) ./doc/install-guide/section_cinder-node.xml:150(replaceable) ./doc/install-guide/section_cinder-controller.xml:111(replaceable) ./doc/install-guide/section_cinder-controller.xml:131(replaceable) ./doc/install-guide/section_heat-install.xml:93(replaceable) ./doc/install-guide/section_heat-install.xml:96(replaceable) ./doc/install-guide/section_ceilometer-nova.xml:75(replaceable) ./doc/install-guide/section_ceilometer-nova.xml:79(replaceable) ./doc/install-guide/section_nova-compute.xml:152(replaceable) ./doc/install-guide/section_nova-compute.xml:158(replaceable)
+#: ./doc/install-guide/section_neutron-network-node.xml:152(replaceable) ./doc/install-guide/section_neutron-network-node.xml:161(replaceable) ./doc/install-guide/section_neutron-compute-node.xml:200(replaceable) ./doc/install-guide/section_neutron-compute-node.xml:209(replaceable) ./doc/install-guide/section_ceilometer-install.xml:140(replaceable) ./doc/install-guide/section_ceilometer-install.xml:143(replaceable) ./doc/install-guide/section_nova-controller.xml:67(replaceable) ./doc/install-guide/section_nova-controller.xml:75(replaceable) ./doc/install-guide/section_neutron-per-tenant-routers-with-private-networks.xml:182(replaceable) ./doc/install-guide/section_neutron-per-tenant-routers-with-private-networks.xml:195(replaceable) ./doc/install-guide/section_neutron-per-tenant-routers-with-private-networks.xml:272(replaceable) ./doc/install-guide/section_neutron-per-tenant-routers-with-private-networks.xml:327(replaceable) ./doc/install-guide/section_neutron-provider-router-with-private_networks.xml:113(replaceable) ./doc/install-guide/section_neutron-provider-router-with-private_networks.xml:178(replaceable) ./doc/install-guide/section_neutron-provider-router-with-private_networks.xml:189(replaceable) ./doc/install-guide/section_neutron-provider-router-with-private_networks.xml:322(replaceable) ./doc/install-guide/section_neutron-provider-router-with-private_networks.xml:333(replaceable) ./doc/install-guide/section_ceilometer-glance.xml:18(replaceable) ./doc/install-guide/section_ceilometer-glance.xml:24(replaceable) ./doc/install-guide/section_neutron-single-flat.xml:207(replaceable) ./doc/install-guide/section_neutron-single-flat.xml:230(replaceable) ./doc/install-guide/section_neutron-single-flat.xml:335(replaceable) ./doc/install-guide/section_neutron-single-flat.xml:362(replaceable) ./doc/install-guide/section_neutron-single-flat.xml:427(replaceable) ./doc/install-guide/section_neutron-single-flat.xml:446(replaceable) ./doc/install-guide/ch_basics.xml:664(replaceable) ./doc/install-guide/section_neutron-controller-node.xml:156(replaceable) ./doc/install-guide/section_neutron-controller-node.xml:183(replaceable) ./doc/install-guide/section_cinder-node.xml:130(replaceable) ./doc/install-guide/section_cinder-node.xml:150(replaceable) ./doc/install-guide/section_cinder-controller.xml:111(replaceable) ./doc/install-guide/section_cinder-controller.xml:131(replaceable) ./doc/install-guide/section_heat-install.xml:93(replaceable) ./doc/install-guide/section_heat-install.xml:96(replaceable) ./doc/install-guide/section_ceilometer-nova.xml:75(replaceable) ./doc/install-guide/section_ceilometer-nova.xml:79(replaceable) ./doc/install-guide/section_nova-compute.xml:152(replaceable) ./doc/install-guide/section_nova-compute.xml:158(replaceable)
 msgid "RABBIT_PASS"
 msgstr ""
 
@@ -2539,10 +2539,6 @@ msgstr ""
 msgid "Each user belongs to a user group with the same name as the user."
 msgstr ""
 
-#: ./doc/install-guide/ch_preface.xml:10(title)
-msgid "Preface"
-msgstr ""
-
 #: ./doc/install-guide/section_ceilometer-glance.xml:6(title)
 msgid "Add the Image Service agent for Telemetry"
 msgstr ""
@@ -2696,7 +2692,7 @@ msgid "This section describes how to install the OpenStack Networking service an
 msgstr ""
 
 #: ./doc/install-guide/section_neutron-single-flat.xml:10(para)
-msgid "The following diagram shows the set up. For simplicity, all nodes should have one interface for management traffic and one or more interfaces for traffic to and from VMs. The management network is 100.1.1.0/24 with controller node at 100.1.1.2. The example uses the Open vSwitch plugin and agent."
+msgid "The following diagram shows the set up. For simplicity, all nodes should have one interface for management traffic and one or more interfaces for traffic to and from VMs. The management network is 100.1.1.0/24 with controller node at 100.1.1.2. The example uses the Open vSwitch plug-in and agent."
 msgstr ""
 
 #: ./doc/install-guide/section_neutron-single-flat.xml:16(para)
@@ -3167,202 +3163,218 @@ msgid "When you install the server package, you are prompted for the root passwo
 msgstr ""
 
 #: ./doc/install-guide/ch_basics.xml:398(para)
-msgid "Edit <filename os=\"ubuntu;debian\">/etc/mysql/my.cnf</filename><filename os=\"opensuse;sles;rhel;fedora;centos\">/etc/my.cnf</filename> and set the <literal>bind-address</literal> to the internal IP address of the controller, to enable access from outside the controller node."
+msgid "The MySQL configuration requires some changes to work with OpenStack."
+msgstr ""
+
+#: ./doc/install-guide/ch_basics.xml:402(para)
+msgid "Edit the <filename>/etc/mysql/my.cnf</filename> file:"
+msgstr ""
+
+#: ./doc/install-guide/ch_basics.xml:404(para)
+msgid "Edit the <filename>/etc/my.cnf</filename> file:"
 msgstr ""
 
 #: ./doc/install-guide/ch_basics.xml:408(para)
+msgid "Under the <literal>[mysqld]</literal> section, set the <literal>bind-address</literal> key to the management IP address of the controller node to enable access by other nodes via the management network:"
+msgstr ""
+
+#: ./doc/install-guide/ch_basics.xml:417(para)
+msgid "Under the <literal>[mysqld]</literal> section, set the following keys to enable the UTF-8 character set by default:"
+msgstr ""
+
+#: ./doc/install-guide/ch_basics.xml:429(para)
 msgid "Restart the MySQL service to apply the changes:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:411(para)
+#: ./doc/install-guide/ch_basics.xml:432(para)
 msgid "Start the <phrase os=\"rhel;fedora;centos\">MySQL</phrase><phrase os=\"opensuse;sles\">MariaDB or MySQL</phrase> database server and set it to start automatically when the system boots."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:420(para)
+#: ./doc/install-guide/ch_basics.xml:441(para)
 msgid "Finally, you should set a root password for your <phrase os=\"rhel;fedora;centos\">MySQL</phrase><phrase os=\"opensuse;sles\">MariaDB or MySQL</phrase> database. The OpenStack programs that set up databases and tables prompt you for this password if it is set."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:426(para)
+#: ./doc/install-guide/ch_basics.xml:447(para)
 msgid "You must delete the anonymous users that are created when the database is first started. Otherwise, database connection problems occur when you follow the instructions in this guide. To do this, use the <placeholder-1/> command. Note that if <placeholder-2/> fails you might need to use <placeholder-3/> first:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:435(para)
+#: ./doc/install-guide/ch_basics.xml:456(para)
 msgid "<phrase os=\"rhel;centos;fedora;opensuse;sles\">If you have not already set a root database password, press <keycap>ENTER</keycap> when you are prompted for the password.</phrase> This command presents a number of options for you to secure your database installation. Respond <placeholder-1/> to all prompts unless you have a good reason to do otherwise."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:445(title)
+#: ./doc/install-guide/ch_basics.xml:466(title)
 msgid "Node setup"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:446(para)
+#: ./doc/install-guide/ch_basics.xml:467(para)
 msgid "On all nodes other than the controller node, install the <phrase os=\"ubuntu;debian;rhel;fedora;centos\">MySQL</phrase><phrase os=\"opensuse\">MariaDB (on openSUSE)</phrase> client and the MySQL Python library on any system that does not host a MySQL database:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:455(para)
+#: ./doc/install-guide/ch_basics.xml:476(para)
 msgid "For SUSE Linux Enterprise, install MySQL:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:462(title)
+#: ./doc/install-guide/ch_basics.xml:483(title)
 msgid "OpenStack packages"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:463(para)
+#: ./doc/install-guide/ch_basics.xml:484(para)
 msgid "Distributions might release OpenStack packages as part of their distribution or through other methods because the OpenStack and distribution release times are independent of each other."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:467(para)
+#: ./doc/install-guide/ch_basics.xml:488(para)
 msgid "This section describes the configuration you must complete after you configure machines to install the latest OpenStack packages."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:470(para)
+#: ./doc/install-guide/ch_basics.xml:491(para)
 msgid "The examples in this guide use the OpenStack packages from the RDO repository. These packages work on Red Hat Enterprise Linux 6, compatible versions of CentOS, and Fedora 20. To enable the RDO repository, download and install the <package>rdo-release-icehouse</package> package."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:477(para)
+#: ./doc/install-guide/ch_basics.xml:498(para)
 msgid "The EPEL package includes GPG keys for package signing and repository information. This should only be installed on Red Hat Enterprise Linux and CentOS, not Fedora. Install the latest <package>epel-release</package> package (see <link href=\"http://download.fedoraproject.org/pub/epel/6/x86_64/repoview/epel-release.html\">http://download.fedoraproject.org/pub/epel/6/x86_64/repoview/epel-release.html</link>). For example:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:486(para)
+#: ./doc/install-guide/ch_basics.xml:507(para)
 msgid "The <package>openstack-utils</package> package contains utility programs that make installation and configuration easier. These programs are used throughout this guide. Install <package>openstack-utils</package>. This verifies that you can access the RDO repository."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:493(para)
+#: ./doc/install-guide/ch_basics.xml:514(para)
 msgid "Use the Open Build Service repositories for <glossterm>Icehouse</glossterm> based on your openSUSE or SUSE Linux Enterprise Server version, for example if you run openSUSE 12.3 use:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:498(para)
+#: ./doc/install-guide/ch_basics.xml:519(para)
 msgid "For openSUSE 13.1 use:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:500(para)
+#: ./doc/install-guide/ch_basics.xml:521(para)
 msgid "If you use SUSE Linux Enterprise Server 11 SP3, use:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:503(para)
+#: ./doc/install-guide/ch_basics.xml:524(para)
 msgid "The <package>openstack-utils</package> package contains utility programs that make installation and configuration easier. These programs are used throughout this guide. Install <package>openstack-utils</package>. This verifies that you can access the Open Build Service repository:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:510(para)
+#: ./doc/install-guide/ch_basics.xml:531(para)
 msgid "The <application>openstack-config</application> program in the <package>openstack-utils</package> package uses <application>crudini</application> to manipulate configuration files. However, <application>crudini</application> version 0.3 does not support multi valued options. See <link href=\"https://bugs.launchpad.net/openstack-manuals/+bug/1269271\">https://bugs.launchpad.net/openstack-manuals/+bug/1269271</link>. As a work around, you must manually set any multi valued options or the new value overwrites the previous value instead of creating a new option."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:522(para)
+#: ./doc/install-guide/ch_basics.xml:543(para)
 msgid "The <package>openstack-selinux</package> package includes the policy files that are required to configure SELinux during OpenStack installation. Install <package>openstack-selinux</package>."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:528(para)
+#: ./doc/install-guide/ch_basics.xml:549(para)
 msgid "Upgrade your system packages:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:532(para)
+#: ./doc/install-guide/ch_basics.xml:553(para)
 msgid "If the upgrade included a new kernel package, reboot the system to ensure the new kernel is running:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:536(title)
+#: ./doc/install-guide/ch_basics.xml:557(title)
 msgid "To use the Ubuntu Cloud Archive for Icehouse"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:537(para)
+#: ./doc/install-guide/ch_basics.xml:558(para)
 msgid "The <link href=\"https://wiki.ubuntu.com/ServerTeam/CloudArchive\">Ubuntu Cloud Archive</link> is a special repository that allows you to install newer releases of OpenStack on the stable supported version of Ubuntu."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:543(para)
+#: ./doc/install-guide/ch_basics.xml:564(para)
 msgid "Install the Ubuntu Cloud Archive for <glossterm>Icehouse</glossterm>: <placeholder-1/>"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:549(para)
+#: ./doc/install-guide/ch_basics.xml:570(para)
 msgid "Update the package database, upgrade your system, and reboot for all changes to take effect: <placeholder-1/>"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:556(title)
+#: ./doc/install-guide/ch_basics.xml:577(title)
 msgid "To use the Debian Wheezy backports archive for Icehouse"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:558(para)
+#: ./doc/install-guide/ch_basics.xml:579(para)
 msgid "The <glossterm>Icehouse</glossterm> release is available only in Debian Sid (otherwise called Unstable). However, the Debian maintainers of OpenStack also maintain a non-official Debian repository for OpenStack containing Wheezy backports."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:564(para)
+#: ./doc/install-guide/ch_basics.xml:585(para)
 msgid "Install the Debian Wheezy backport repository Icehouse:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:569(para)
+#: ./doc/install-guide/ch_basics.xml:590(para)
 msgid "Install the Debian Wheezy OpenStack repository for Icehouse:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:574(para)
+#: ./doc/install-guide/ch_basics.xml:595(para)
 msgid "Update the repository database and install the key:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:578(para)
+#: ./doc/install-guide/ch_basics.xml:599(para)
 msgid "Update the package database, upgrade your system, and reboot for all changes to take effect:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:584(para)
+#: ./doc/install-guide/ch_basics.xml:605(para)
 msgid "Numerous archive.gplhost.com mirrors are available around the world. All are available with both FTP and HTTP protocols (you should use the closest mirror). The list of mirrors is available at <link href=\"http://archive.gplhost.com/readme.mirrors\">http://archive.gplhost.com/readme.mirrors</link>."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:592(title)
+#: ./doc/install-guide/ch_basics.xml:613(title)
 msgid "Manually install python-argparse"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:593(para)
+#: ./doc/install-guide/ch_basics.xml:614(para)
 msgid "The Debian OpenStack packages are maintained on Debian Sid (also known as Debian Unstable) - the current development version. Backported packages run correctly on Debian Wheezy with one caveat:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:597(para)
+#: ./doc/install-guide/ch_basics.xml:618(para)
 msgid "All OpenStack packages are written in Python. Wheezy uses Python 2.6 and 2.7, with Python 2.6 as the default interpreter; Sid has only Python 2.7. There is one packaging change between these two. In Python 2.6, you installed the <package>python-argparse</package> package separately. In Python 2.7, this package is installed by default. Unfortunately, in Python 2.7, this package does not include <code>Provides: python-argparse</code> directive."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:605(para)
+#: ./doc/install-guide/ch_basics.xml:626(para)
 msgid "Because the packages are maintained in Sid where the <code>Provides: python-argparse</code> directive causes an error, and the Debian OpenStack maintainer wants to maintain one version of the OpenStack packages, you must manually install the <package>python-argparse</package> on each OpenStack system that runs Debian Wheezy before you install the other OpenStack packages. Use the following command to install the package:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:614(para)
+#: ./doc/install-guide/ch_basics.xml:635(para)
 msgid "This caveat applies to most OpenStack packages in Wheezy."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:618(title)
+#: ./doc/install-guide/ch_basics.xml:639(title)
 msgid "Messaging server"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:619(para)
+#: ./doc/install-guide/ch_basics.xml:640(para)
 msgid "On the controller node, install the messaging queue server. Typically this is <phrase os=\"ubuntu;debian;opensuse;sles\"><glossterm>RabbitMQ</glossterm></phrase><phrase os=\"centos;rhel;fedora\"><glossterm>Qpid</glossterm></phrase> but <phrase os=\"ubuntu;debian;opensuse;sles\"><glossterm>Qpid</glossterm></phrase><phrase os=\"centos;rhel;fedora\"><glossterm>RabbitMQ</glossterm></phrase> and <glossterm>ZeroMQ</glossterm> (0MQ) are also available."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:631(title)
+#: ./doc/install-guide/ch_basics.xml:652(title)
 msgid "Important security consideration"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:632(para)
+#: ./doc/install-guide/ch_basics.xml:653(para)
 msgid "The <package>rabbitmq-server</package> package configures the RabbitMQ service to start automatically and creates a <literal>guest</literal> user with a default <literal>guest</literal> password. The RabbitMQ examples in this guide use the <literal>guest</literal> account, though it is strongly advised to change its default password, especially if you have IPv6 available: by default the RabbitMQ server enables anyone to connect to it by using guest as login and password, and with IPv6, it is reachable from the outside."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:642(para)
+#: ./doc/install-guide/ch_basics.xml:663(para)
 msgid "To change the default guest password of RabbitMQ:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:645(para)
+#: ./doc/install-guide/ch_basics.xml:666(para)
 msgid "Disable Qpid authentication by editing <filename>/etc/qpidd.conf</filename> file and changing the <literal>auth</literal> option to <literal>no</literal>."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:651(para)
+#: ./doc/install-guide/ch_basics.xml:672(para)
 msgid "To simplify configuration, the Qpid examples in this guide do not use authentication. However, we strongly advise enabling authentication for production deployments. For more information on securing Qpid refer to the <link href=\"http://qpid.apache.org/books/trunk/AMQP-Messaging-Broker-CPP-Book/html/chap-Messaging_User_Guide-Security.html\">Qpid Documentation</link>."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:660(para)
+#: ./doc/install-guide/ch_basics.xml:681(para)
 msgid "After you enable Qpid authentication, you must update the configuration file of each OpenStack service to ensure that the <literal>qpid_username</literal> and <literal>qpid_password</literal> configuration keys refer to a valid Qpid username and password, respectively."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:668(para)
+#: ./doc/install-guide/ch_basics.xml:689(para)
 msgid "Start Qpid and set it to start automatically when the system boots."
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:672(para)
+#: ./doc/install-guide/ch_basics.xml:693(para)
 msgid "Start the messaging service and set it to start automatically when the system boots:"
 msgstr ""
 
-#: ./doc/install-guide/ch_basics.xml:676(para)
+#: ./doc/install-guide/ch_basics.xml:697(para)
 msgid "Congratulations, now you are ready to install OpenStack services!"
 msgstr ""
 
@@ -4626,7 +4638,7 @@ msgid "Use the <placeholder-1/> command to create the database and tables, as we
 msgstr ""
 
 #: ./doc/install-guide/section_keystone-install.xml:53(para)
-msgid "By default, the Ubuntu packages create an SQLite database. Delete the <filename>keystone.db</filename> file created in the <filename>/var/lib/keystone/</filename> directory so that it does not get used by mistake."
+msgid "By default, the Ubuntu packages create a SQLite database. Delete the <filename>keystone.db</filename> file created in the <filename>/var/lib/keystone/</filename> directory so that it does not get used by mistake."
 msgstr ""
 
 #: ./doc/install-guide/section_keystone-install.xml:59(para)

doc/security-guide/locale/security-guide.pot

@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2014-03-14 06:23+0000\n"
+"POT-Creation-Date: 2014-03-18 06:30+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -228,594 +228,594 @@ msgid "Hypervisors in OpenStack"
 msgstr ""
 
 #: ./doc/security-guide/ch051_vss-intro.xml:20(para)
-msgid "Whether OpenStack is deployed within private data centers or as a public cloud service, the underlying virtualization technology provides enterprise-level capabilities in the realms of scalability, resource efficiency, and uptime. While such high-level benefits are generally available across many OpenStack-supported hypervisor technologies, there are significant differences in each hypervisor's security architecture and features, particularly when considering the security threat vectors which are unique to elastic OpenStack environments. As applications consolidate into single Infrastructure as a Service (IaaS) platforms, instance isolation at the hypervisor level becomes paramount. The requirement for secure isolation holds true across commercial, government, and military communities."
+msgid "Whether OpenStack is deployed within private data centers or as a public cloud service, the underlying virtualization technology provides enterprise-level capabilities in the realms of scalability, resource efficiency, and uptime. While such high-level benefits are generally available across many OpenStack-supported hypervisor technologies, there are significant differences in each hypervisor's security architecture and features, particularly when considering the security threat vectors which are unique to elastic OpenStack environments. As applications consolidate into single Infrastructure-as-a-Service (IaaS) platforms, instance isolation at the hypervisor level becomes paramount. The requirement for secure isolation holds true across commercial, government, and military communities."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:21(para)
-msgid "Within the framework of OpenStack you can choose from any number of hypervisor platforms and corresponding OpenStack plugins to optimize your cloud environment. In the context of the OpenStack Security guide, we will be highlighting hypervisor selection considerations as they pertain to feature sets that are critical to security. However, these considerations are not meant to be an exhaustive investigation into the pros and cons of particular hypervisors. NIST provides additional guidance in Special Publication 800-125, \"<emphasis>Guide to Security for Full Virtualization Technologies</emphasis>\"."
+#: ./doc/security-guide/ch051_vss-intro.xml:34(para)
+msgid "Within the framework of OpenStack you can choose from any number of hypervisor platforms and corresponding OpenStack plug-ins to optimize your cloud environment. In the context of the OpenStack Security guide, we will be highlighting hypervisor selection considerations as they pertain to feature sets that are critical to security. However, these considerations are not meant to be an exhaustive investigation into the pros and cons of particular hypervisors. NIST provides additional guidance in Special Publication 800-125, \"<emphasis>Guide to Security for Full Virtualization Technologies</emphasis>\"."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:24(title)
+#: ./doc/security-guide/ch051_vss-intro.xml:37(title)
 msgid "Selection Criteria"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:25(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:38(para)
 msgid "As part of your hypervisor selection process, you will need to consider a number of important factors to help increase your security posture. Specifically, we will be looking into the following areas:"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:27(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:40(para)
 msgid "Team Expertise"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:30(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:43(para)
 msgid "Product or Project maturity"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:33(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:46(para)
 msgid "Certifications, Attestations"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:36(para) ./doc/security-guide/ch051_vss-intro.xml:300(title)
+#: ./doc/security-guide/ch051_vss-intro.xml:49(para) ./doc/security-guide/ch051_vss-intro.xml:313(title)
 msgid "Additional Security Features"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:39(para) ./doc/security-guide/ch051_vss-intro.xml:293(title)
+#: ./doc/security-guide/ch051_vss-intro.xml:52(para) ./doc/security-guide/ch051_vss-intro.xml:306(title)
 msgid "Hypervisor vs. Baremetal"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:42(para) ./doc/security-guide/ch051_vss-intro.xml:255(title)
+#: ./doc/security-guide/ch051_vss-intro.xml:55(para) ./doc/security-guide/ch051_vss-intro.xml:268(title)
 msgid "Hardware Concerns"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:45(para) ./doc/security-guide/ch051_vss-intro.xml:79(title)
+#: ./doc/security-guide/ch051_vss-intro.xml:58(para) ./doc/security-guide/ch051_vss-intro.xml:92(title)
 msgid "Common Criteria"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:49(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:62(para)
 msgid "Has the hypervisor undergone Common Criteria certification? If so, to what levels?"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:52(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:65(para)
 msgid "Is the underlying cryptography certified by a third-party?"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:48(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:61(para)
 msgid "Additionally, the following security-related criteria are highly encouraged to be evaluated when selecting a hypervisor for OpenStack deployments:<placeholder-1/><bridgehead>Team Expertise</bridgehead> Most likely, the most important aspect in hypervisor selection is the expertise of your staff in managing and maintaining a particular hypervisor platform. The more familiar your team is with a given product, its configuration, and its eccentricities, the less likely will there be configuration mistakes. Additionally, having staff expertise spread across an organization on a given hypervisor will increase availability of your systems, allow for developing a segregation of duties, and mitigate problems in the event that a team member is unavailable."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:56(title)
+#: ./doc/security-guide/ch051_vss-intro.xml:69(title)
 msgid "Product or Project Maturity"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:57(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:70(para)
 msgid "The maturity of a given hypervisor product or project is critical to your security posture as well. Product maturity will have a number of effects once you have deployed your cloud, in the context of this security guide we are interested in the following:"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:59(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:72(para)
 msgid "Availability of expertise"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:62(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:75(para)
 msgid "Active developer and user communities"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:65(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:78(para)
 msgid "Timeliness and Availability of updates"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:68(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:81(para)
 msgid "Incidence response"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:71(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:84(para)
 msgid "One of the biggest indicators of a hypervisor's maturity is the size and vibrancy of the community that surrounds it. As this concerns security, the quality of the community will affect the availability of expertise should you need additional cloud operators. It is also a sign of how widely deployed the hypervisor is, in turn leading to the battle readiness of any reference architectures and best practices."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:72(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:85(para)
 msgid "Further, the quality of community, as it surrounds an open source hypervisor like KVM or Xen, will have a direct impact on the timeliness of bug fixes and security updates. When investigating both commercial and open source hypervisors, you will want to look into their release and support cycles as well as the time delta between the announcement of a bug or security issue and a patch or response. Lastly, the supported capabilities of OpenStack compute vary depending on the hypervisor chosen. Refer to the <link href=\"https://wiki.openstack.org/wiki/HypervisorSupportMatrix\">OpenStack Hypervisor Support Matrix</link> for OpenStack compute feature support by hypervisor."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:75(title)
+#: ./doc/security-guide/ch051_vss-intro.xml:88(title)
 msgid "Certifications and Attestations"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:76(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:89(para)
 msgid "One additional consideration when selecting a hypervisor is the availability of various formal certifications and attestations. While they may not be requirements for your specific organization, these certifications and attestations speak to the maturity, production readiness, and thoroughness of the testing a particular hypervisor platform has been subjected to."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:80(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:93(para)
 msgid "Common Criteria is an internationally standardized software evaluation process, used by governments and commercial companies to validate software technologies perform as advertised. In the government sector, NSTISSP No. 11 mandates that U.S. Government agencies only procure software which has been Common Criteria certified, a policy which has been in place since July 2002. It should be specifically noted that OpenStack has not undergone Common Criteria certification, however many of the available hypervisors have."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:81(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:94(para)
 msgid "In addition to validating a technologies capabilities, the Common Criteria process evaluates <emphasis>how</emphasis> technologies are developed."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:83(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:96(para)
 msgid "How is source code management performed?"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:86(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:99(para)
 msgid "How are users granted access to build systems?"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:89(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:102(para)
 msgid "Is the technology cryptographically signed before distribution?"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:92(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:105(para)
 msgid "The KVM hypervisor has been Common Criteria certified through the U.S. Government and commercial distributions, which have been validated to separate the runtime environment of virtual machines from each other, providing foundational technology to enforce instance isolation. In addition to virtual machine isolation, KVM has been Common Criteria certified to"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:94(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:107(para)
 msgid "\"<emphasis>provide system-inherent separation mechanisms to the resources of virtual machines. This separation ensures that large software component used for virtualizing and simulating devices executing for each virtual machine cannot interfere with each other. Using the SELinux multi-category mechanism, the virtualization and simulation software instances are isolated. The virtual machine management framework configures SELinux multi-category settings transparently to the administrator</emphasis>\""
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:96(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:109(para)
 msgid "While many hypervisor vendors, such as Red Hat, Microsoft, and VMWare have achieved Common Criteria Certification their underlying certified feature set differs. It is recommended to evaluate vendor claims to ensure they minimally satisfy the following requirements:"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:103(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:116(para)
 msgid "Identification and Authentication"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:104(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:117(para)
 msgid "Identification and authentication using pluggable authentication modules (PAM) based upon user passwords. The quality of the passwords used can be enforced through configuration options."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:107(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:120(para)
 msgid "Audit"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:108(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:121(para)
 msgid "The system provides the capability to audit a large number of events including individual system calls as well as events generated by trusted processes. Audit data is collected in regular files in ASCII format. The system provides a program for the purpose of searching the audit records."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:108(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:121(para)
 msgid "The system administrator can define a rule base to restrict auditing to the events they are interested in. This includes the ability to restrict auditing to specific events, specific users, specific objects or a combination of all of this. "
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:108(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:121(para)
 msgid "Audit records can be transferred to a remote audit daemon."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:111(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:124(para)
 msgid "Discretionary Access Control"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:113(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:126(para)
 msgid "Discretionary Access Control (<glossterm>DAC</glossterm>) restricts access to file system objects based on <glossterm baseform=\"access control list\">Access Control Lists</glossterm> (ACLs) that include the standard UNIX permissions for user, group and others. Access control mechanisms also protect IPC objects from unauthorized access."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:122(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:135(para)
 msgid "The system includes the ext4 file system, which supports POSIX ACLs. This allows defining access rights to files within this type of file system down to the granularity of a single user."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:130(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:143(para)
 msgid "Mandatory Access Control"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:131(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:144(para)
 msgid "Mandatory Access Control (MAC) restricts access to objects based on labels assigned to subjects and objects. Sensitivity labels are automatically attached to processes and objects. The access control policy enforced using these labels is derived from the BellLaPadula access control model."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:131(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:144(para)
 msgid "SELinux categories are attached to virtual machines and its resources. The access control policy enforced using these categories grant virtual machines access to resources if the category of the virtual machine is identical to the category of the accessed resource."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:131(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:144(para)
 msgid "The TOE implements non-hierarchical categories to control access to virtual machines."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:134(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:147(para)
 msgid "Role-Based Access Control"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:135(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:148(para)
 msgid "Role-based access control (RBAC) allows separation of roles to eliminate the need for an all-powerful system administrator."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:138(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:151(para)
 msgid "Object Reuse"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:139(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:152(para)
 msgid "File system objects as well as memory and IPC objects will be cleared before they can be reused by a process belonging to a different user."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:142(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:155(para)
 msgid "Security Management"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:143(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:156(para)
 msgid "The management of the security critical parameters of the system is performed by administrative users. A set of commands that require root privileges (or specific roles when RBAC is used) are used for system management. Security parameters are stored in specific files that are protected by the access control mechanisms of the system against unauthorized access by users that are not administrative users."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:146(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:159(para)
 msgid "Secure Communication"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:147(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:160(para)
 msgid "The system supports the definition of trusted channels using SSH. Password based authentication is supported. Only a restricted number of cipher suites are supported for those protocols in the evaluated configuration."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:150(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:163(para)
 msgid "Storage Encryption"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:151(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:164(para)
 msgid "The system supports encrypted block devices to provide storage confidentiality via dm_crypt."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:154(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:167(para)
 msgid "TSF Protection"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:155(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:168(para)
 msgid "While in operation, the kernel software and data are protected by the hardware memory protection mechanisms. The memory and process management components of the kernel ensure a user process cannot access kernel storage or storage belonging to other processes."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:155(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:168(para)
 msgid "Non-kernel TSF software and data are protected by DAC and process isolation  mechanisms. In the evaluated configuration, the reserved user ID root owns the directories and files that define the TSF configuration. In general, files and directories containing internal TSF data, such as configuration files and batch job queues, are also protected from reading by DAC permissions."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:162(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:175(para)
 msgid "The system and the hardware and firmware components are required to be physically protected from unauthorized access. The system kernel mediates all access to the hardware mechanisms themselves, other than program visible CPU instruction functions."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:162(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:175(para)
 msgid "In addition, mechanisms for protection against stack overflow attacks are provided."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:169(title)
+#: ./doc/security-guide/ch051_vss-intro.xml:182(title)
 msgid "Cryptography Standards"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:170(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:183(para)
 msgid "Several cryptography algorithms are available within OpenStack for identification and authorization, data transfer and protection of data at rest. When selecting a hypervisor, the following are recommended algorithms and implementation standards to ensure the virtualization layer supports:"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:180(emphasis)
+#: ./doc/security-guide/ch051_vss-intro.xml:193(emphasis)
 msgid "Algorithm"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:181(emphasis)
+#: ./doc/security-guide/ch051_vss-intro.xml:194(emphasis)
 msgid "Key Length"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:182(emphasis)
+#: ./doc/security-guide/ch051_vss-intro.xml:195(emphasis)
 msgid "Intended Purpose"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:183(emphasis)
+#: ./doc/security-guide/ch051_vss-intro.xml:196(emphasis)
 msgid "Security Function"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:184(emphasis)
+#: ./doc/security-guide/ch051_vss-intro.xml:197(emphasis)
 msgid "Implementation Standard"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:187(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:200(para)
 msgid "AES"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:188(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:201(para)
 msgid "128 bits,192 bits,"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:188(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:201(para)
 msgid "256 bits"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:189(para) ./doc/security-guide/ch051_vss-intro.xml:196(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:202(para) ./doc/security-guide/ch051_vss-intro.xml:209(para)
 msgid "Encryption / Decryption"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:190(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:203(para)
 msgid "Protected Data Transfer, Protection for Data at Rest"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:191(para) ./doc/security-guide/ch051_vss-intro.xml:198(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:204(para) ./doc/security-guide/ch051_vss-intro.xml:211(para)
 msgid "RFC 4253"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:194(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:207(para)
 msgid "TDES"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:195(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:208(para)
 msgid "168 bits"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:197(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:210(para)
 msgid "Protected Data Transfer"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:201(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:214(para)
 msgid "RSA"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:202(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:215(para)
 msgid "1024 bits,2048 bits,"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:202(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:215(para)
 msgid "3072 bits "
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:203(para) ./doc/security-guide/ch051_vss-intro.xml:210(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:216(para) ./doc/security-guide/ch051_vss-intro.xml:223(para)
 msgid "Authentication,Key Exchange "
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:204(para) ./doc/security-guide/ch051_vss-intro.xml:211(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:217(para) ./doc/security-guide/ch051_vss-intro.xml:224(para)
 msgid "Identification and Authentication, Protected Data Transfer"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:205(para) ./doc/security-guide/ch051_vss-intro.xml:212(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:218(para) ./doc/security-guide/ch051_vss-intro.xml:225(para)
 msgid "U.S. NIST FIPS PUB 186-3"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:208(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:221(para)
 msgid "DSA"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:209(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:222(para)
 msgid "L=1024,N=160 bits "
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:215(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:228(para)
 msgid "Serpent"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:216(para) ./doc/security-guide/ch051_vss-intro.xml:223(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:229(para) ./doc/security-guide/ch051_vss-intro.xml:236(para)
 msgid "128, 196, or256 bit "
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:217(para) ./doc/security-guide/ch051_vss-intro.xml:224(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:230(para) ./doc/security-guide/ch051_vss-intro.xml:237(para)
 msgid "Encryption /Decryption "
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:218(para) ./doc/security-guide/ch051_vss-intro.xml:225(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:231(para) ./doc/security-guide/ch051_vss-intro.xml:238(para)
 msgid "Protection of Data at Rest"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:219(link)
+#: ./doc/security-guide/ch051_vss-intro.xml:232(link)
 msgid "http://www.cl.cam.ac.uk/~rja14/Papers/serpent.pdf"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:222(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:235(para)
 msgid "Twofish"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:226(link)
+#: ./doc/security-guide/ch051_vss-intro.xml:239(link)
 msgid "http://www.schneier.com/paper-twofish-paper.html"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:229(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:242(para)
 msgid "SHA-1"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:230(para) ./doc/security-guide/ch051_vss-intro.xml:237(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:243(para) ./doc/security-guide/ch051_vss-intro.xml:250(para)
 msgid "-"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:231(para) ./doc/security-guide/ch051_vss-intro.xml:238(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:244(para) ./doc/security-guide/ch051_vss-intro.xml:251(para)
 msgid "MessageDigest "
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:232(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:245(para)
 msgid "Protection of Data at Rest,Protected Data Transfer"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:233(para) ./doc/security-guide/ch051_vss-intro.xml:240(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:246(para) ./doc/security-guide/ch051_vss-intro.xml:253(para)
 msgid "U.S. NIST FIPS 180-3"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:236(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:249(para)
 msgid "SHA-2(224-, 256-,"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:236(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:249(para)
 msgid "384-, 512 bit)"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:239(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:252(para)
 msgid "Protection for Data at Rest,Identification and Authentication "
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:246(title)
+#: ./doc/security-guide/ch051_vss-intro.xml:259(title)
 msgid "FIPS 140-2"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:247(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:260(para)
 msgid "In the United States the National Institute of Science and Technology (NIST) certifies cryptographic algorithms through a process known the Cryptographic Module Validation Program. NIST certifies algorithms for conformance against Federal Information Processing Standard 140-2 (FIPS 140-2), which ensures:"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:249(emphasis)
+#: ./doc/security-guide/ch051_vss-intro.xml:262(emphasis)
 msgid "Products validated as conforming to FIPS 140-2 are accepted by the Federal agencies of both countries [United States and Canada] for the protection of sensitive information (United States) or Designated Information (Canada). The goal of the CMVP is to promote the use of validated cryptographic modules and provide Federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:251(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:264(para)
 msgid "When evaluating base hypervisor technologies, consider if the hypervisor has been certified against FIPS 140-2. Not only is conformance against FIPS 140-2 mandated per U.S. Government policy, formal certification indicates that a given implementation of a cryptographic algorithm has been reviewed for conformance against module specification, cryptographic module ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:256(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:269(para)
 msgid "Further, when evaluating a hypervisor platform the supportability of the hardware the hypervisor will run on should be considered. Additionally, consider the additional features available in the hardware and how those features are supported by the hypervisor you chose as part of the OpenStack deployment. To that end, hypervisors will each have their own hardware compatibility lists (HCLs). When selecting compatible hardware it is important to know in advance which hardware-based virtualization technologies are important from a security perspective."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:264(emphasis)
+#: ./doc/security-guide/ch051_vss-intro.xml:277(emphasis)
 msgid "Description"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:265(emphasis)
+#: ./doc/security-guide/ch051_vss-intro.xml:278(emphasis)
 msgid "Technology"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:266(emphasis)
+#: ./doc/security-guide/ch051_vss-intro.xml:279(emphasis)
 msgid "Explanation"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:269(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:282(para)
 msgid "I/O MMU"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:270(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:283(para)
 msgid "VT-d / AMD-Vi"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:271(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:284(para)
 msgid "Required for protecting PCI-passthrough"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:274(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:287(para)
 msgid "Intel Trusted Execution Technology"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:275(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:288(para)
 msgid "Intel TXT / SEM"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:276(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:289(para)
 msgid "Required for dynamic attestation services"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:279(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:292(para)
 msgid "<anchor xml:id=\"PCI-SIG_I.2FO_virtualization_.28IOV.29\"/>PCI-SIG I/O virtualization"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:280(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:293(para)
 msgid "SR-IOV, MR-IOV, ATS"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:281(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:294(para)
 msgid "Required to allow secure sharing of PCI Express devices"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:284(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:297(para)
 msgid "Network virtualization"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:285(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:298(para)
 msgid "VT-c"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:286(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:299(para)
 msgid "Improves performance of network I/O on hypervisors"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:294(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:307(para)
 msgid "To wrap up our discussion around hypervisor selection, it is important to call out the differences between using LXC (Linux Containers) or Baremetal systems vs using a hypervisor like KVM. Specifically, the focus of this security guide will be largely based on having a hypervisor and virtualization platform. However, should your implementation require the use of a baremetal or LXC environment, you will want to pay attention to the particular differences in regard to deployment of that environment. In particular, you will need to provide your end users with assurances that the node has been properly sanitized of their data prior to re-provisioning. Additionally, prior to reusing a node, you will need to provide assurances that the hardware has not been tampered or otherwise compromised."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:295(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:308(para)
 msgid "It should be noted that while OpenStack has a baremetal project, a discussion of the particular security implications of running baremetal is beyond the scope of this book."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:296(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:309(para)
 msgid "Finally, due to the time constraints around a book sprint, the team chose to use KVM as the hypervisor in our example implementations and architectures."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:297(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:310(para)
 msgid "There is an OpenStack Security Note pertaining to the <link href=\"https://bugs.launchpad.net/ossn/+bug/1098582\">use of LXC in Nova</link>."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:301(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:314(para)
 msgid "Another thing to look into when selecting a hypervisor platform is the availability of specific security features. In particular, we are referring to features like Xen Server's XSM or Xen Security Modules, sVirt, Intel TXT, and AppArmor. The presence of these features will help increase your security profile as well as provide a good foundation."
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:302(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:315(para)
 msgid "The following table calls out these features by common hypervisor platforms. "
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:315(para) ./doc/security-guide/ch051_vss-intro.xml:327(para) ./doc/security-guide/ch051_vss-intro.xml:336(para) ./doc/security-guide/ch051_vss-intro.xml:338(para) ./doc/security-guide/ch051_vss-intro.xml:340(para) ./doc/security-guide/ch051_vss-intro.xml:341(para) ./doc/security-guide/ch051_vss-intro.xml:346(para) ./doc/security-guide/ch051_vss-intro.xml:347(para) ./doc/security-guide/ch051_vss-intro.xml:348(para) ./doc/security-guide/ch051_vss-intro.xml:350(para) ./doc/security-guide/ch051_vss-intro.xml:351(para) ./doc/security-guide/ch051_vss-intro.xml:352(para) ./doc/security-guide/ch051_vss-intro.xml:356(para) ./doc/security-guide/ch051_vss-intro.xml:357(para) ./doc/security-guide/ch051_vss-intro.xml:358(para) ./doc/security-guide/ch051_vss-intro.xml:359(para) ./doc/security-guide/ch051_vss-intro.xml:360(para) ./doc/security-guide/ch051_vss-intro.xml:361(para) ./doc/security-guide/ch051_vss-intro.xml:362(para) ./doc/security-guide/ch012_configuration-management.xml:95(para) ./doc/security-guide/ch012_configuration-management.xml:100(emphasis)
+#: ./doc/security-guide/ch051_vss-intro.xml:328(para) ./doc/security-guide/ch051_vss-intro.xml:340(para) ./doc/security-guide/ch051_vss-intro.xml:349(para) ./doc/security-guide/ch051_vss-intro.xml:351(para) ./doc/security-guide/ch051_vss-intro.xml:353(para) ./doc/security-guide/ch051_vss-intro.xml:354(para) ./doc/security-guide/ch051_vss-intro.xml:359(para) ./doc/security-guide/ch051_vss-intro.xml:360(para) ./doc/security-guide/ch051_vss-intro.xml:361(para) ./doc/security-guide/ch051_vss-intro.xml:363(para) ./doc/security-guide/ch051_vss-intro.xml:364(para) ./doc/security-guide/ch051_vss-intro.xml:365(para) ./doc/security-guide/ch051_vss-intro.xml:369(para) ./doc/security-guide/ch051_vss-intro.xml:370(para) ./doc/security-guide/ch051_vss-intro.xml:371(para) ./doc/security-guide/ch051_vss-intro.xml:372(para) ./doc/security-guide/ch051_vss-intro.xml:373(para) ./doc/security-guide/ch051_vss-intro.xml:374(para) ./doc/security-guide/ch051_vss-intro.xml:375(para) ./doc/security-guide/ch012_configuration-management.xml:95(para) ./doc/security-guide/ch012_configuration-management.xml:100(emphasis)
 msgid " "
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:316(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:329(para)
 msgid "KSM"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:317(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:330(para)
 msgid "XSM"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:318(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:331(para)
 msgid "sVirt"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:319(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:332(para)
 msgid "TXT"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:320(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:333(para)
 msgid "AppArmor"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:321(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:334(para)
 msgid "cGroups"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:322(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:335(para)
 msgid "MAC Policy"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:325(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:338(para)
 msgid "KVM"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:326(para) ./doc/security-guide/ch051_vss-intro.xml:328(para) ./doc/security-guide/ch051_vss-intro.xml:329(para) ./doc/security-guide/ch051_vss-intro.xml:337(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:339(para) ./doc/security-guide/ch051_vss-intro.xml:341(para) ./doc/security-guide/ch051_vss-intro.xml:342(para) ./doc/security-guide/ch051_vss-intro.xml:350(para)
 msgid "X"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:330(address) ./doc/security-guide/ch051_vss-intro.xml:331(para) ./doc/security-guide/ch051_vss-intro.xml:332(para) ./doc/security-guide/ch051_vss-intro.xml:342(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:343(address) ./doc/security-guide/ch051_vss-intro.xml:344(para) ./doc/security-guide/ch051_vss-intro.xml:345(para) ./doc/security-guide/ch051_vss-intro.xml:355(para)
 msgid "x"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:335(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:348(para)
 msgid "Xen"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:339(para) ./doc/security-guide/ch051_vss-intro.xml:349(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:352(para) ./doc/security-guide/ch051_vss-intro.xml:362(para)
 msgid " X"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:345(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:358(para)
 msgid "ESXi"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:355(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:368(para)
 msgid "Hyper-V"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:367(link)
+#: ./doc/security-guide/ch051_vss-intro.xml:380(link)
 msgid "KSM: Kernel Samepage Merging"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:368(link)
+#: ./doc/security-guide/ch051_vss-intro.xml:381(link)
 msgid "XSM: Xen Security Modules"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:369(link)
+#: ./doc/security-guide/ch051_vss-intro.xml:382(link)
 msgid "xVirt: Mandatory Access Control for Linux-based virtualization"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:370(link)
+#: ./doc/security-guide/ch051_vss-intro.xml:383(link)
 msgid "TXT: Intel Trusted Execution Technology"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:371(link)
+#: ./doc/security-guide/ch051_vss-intro.xml:384(link)
 msgid "AppArmor: Linux security module implementing MAC"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:372(link)
+#: ./doc/security-guide/ch051_vss-intro.xml:385(link)
 msgid "cgroups: Linux kernel feature to control resource usage"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:373(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:386(para)
 msgid "MAC Policy: Mandatory Access Control; may be implemented with SELinux or other operating systems"
 msgstr ""
 
-#: ./doc/security-guide/ch051_vss-intro.xml:374(para)
+#: ./doc/security-guide/ch051_vss-intro.xml:387(para)
 msgid "* Features in this table may not be applicable to all hypervisors or directly mappable between hypervisors."
 msgstr ""
 
@@ -1424,15 +1424,15 @@ msgid "Rate-limiting on a per port/network/tenant basis."
 msgstr ""
 
 #: ./doc/security-guide/ch032_networking-best-practices.xml:50(para)
-msgid "Port mirroring (via open source or third-party plugins)"
+msgid "Port mirroring (via open source or third-party plug-ins)"
 msgstr ""
 
 #: ./doc/security-guide/ch032_networking-best-practices.xml:53(para)
-msgid "Flow analysis (via open source or third-party plugins)"
+msgid "Flow analysis (via open source or third-party plug-ins)"
 msgstr ""
 
 #: ./doc/security-guide/ch032_networking-best-practices.xml:56(para)
-msgid "Tenant traffic port mirroring or Network Flow monitoring is currently not an exposed feature in OpenStack Networking. There are third-party plugin extensions that do provide Port Mirroring on a per port/network/tenant basis. If Open vSwitch is used on the networking hypervisor, it is possible to enable sFlow and port mirroring, however it will require some operational effort to implement."
+msgid "Tenant traffic port mirroring or Network Flow monitoring is currently not an exposed feature in OpenStack Networking. There are third-party plug-in extensions that do provide Port Mirroring on a per port/network/tenant basis. If Open vSwitch is used on the networking hypervisor, it is possible to enable sFlow and port mirroring, however it will require some operational effort to implement."
 msgstr ""
 
 #: ./doc/security-guide/ch032_networking-best-practices.xml:59(title)
@@ -1440,7 +1440,7 @@ msgid "Load Balancing"
 msgstr ""
 
 #: ./doc/security-guide/ch032_networking-best-practices.xml:60(para)
-msgid "An experimental feature in the Grizzly release of OpenStack Networking is Load-Balancer-as-a-service (LBaaS). The LBaaS API gives early adopters and vendors a chance to build implementations of the technology. The reference implementation however, is still experimental and should likely not be run in a production environment. The current reference implementation is based on HA-Proxy. There are third-party plugins in development for extensions in OpenStack Networking to provide extensive L4-L7 functionality for virtual interface ports."
+msgid "An experimental feature in the Grizzly release of OpenStack Networking is Load-Balancer-as-a-service (LBaaS). The LBaaS API gives early adopters and vendors a chance to build implementations of the technology. The reference implementation however, is still experimental and should likely not be run in a production environment. The current reference implementation is based on HA-Proxy. There are third-party plug-ins in development for extensions in OpenStack Networking to provide extensive L4-L7 functionality for virtual interface ports."
 msgstr ""
 
 #: ./doc/security-guide/ch032_networking-best-practices.xml:63(title)
@@ -1448,7 +1448,7 @@ msgid "Firewalls"
 msgstr ""
 
 #: ./doc/security-guide/ch032_networking-best-practices.xml:64(para)
-msgid "FW-as-a-Service (FWaaS) is currently in development for the OpenStack Networking Havana release as an experimental feature. FWaaS will address the need to manage and leverage the rich set of security features provided by typical firewall products which are typically far more comprehensive than what is currently provided by security groups. There are third-party plugins in development for extensions in OpenStack Networking to support this."
+msgid "FW-as-a-Service (FWaaS) is currently in development for the OpenStack Networking Havana release as an experimental feature. FWaaS will address the need to manage and leverage the rich set of security features provided by typical firewall products which are typically far more comprehensive than what is currently provided by security groups. There are third-party plug-ins in development for extensions in OpenStack Networking to support this."
 msgstr ""
 
 #: ./doc/security-guide/ch032_networking-best-practices.xml:65(para)
@@ -1460,7 +1460,7 @@ msgid "Network Services Extensions"
 msgstr ""
 
 #: ./doc/security-guide/ch032_networking-best-practices.xml:70(para)
-msgid "Here is a list of known plugins provided by the open source community or by SDN companies that work with OpenStack Networking:"
+msgid "Here is a list of known plug-ins provided by the open source community or by SDN companies that work with OpenStack Networking:"
 msgstr ""
 
 #: ./doc/security-guide/ch032_networking-best-practices.xml:71(para)
@@ -1468,7 +1468,7 @@ msgid "Big Switch Controller Plugin, Brocade Neutron Plugin Brocade Neutron Plug
 msgstr ""
 
 #: ./doc/security-guide/ch032_networking-best-practices.xml:72(para)
-msgid "For a more detailed comparison of all features provided by plugins as of the Folsom release, see <link href=\"http://www.sebastien-han.fr/blog/2012/09/28/quantum-plugin-comparison/\">Sebastien Han's comparison</link>."
+msgid "For a more detailed comparison of all features provided by plug-ins as of the Folsom release, see <link href=\"http://www.sebastien-han.fr/blog/2012/09/28/quantum-plugin-comparison/\">Sebastien Han's comparison</link>."
 msgstr ""
 
 #: ./doc/security-guide/ch032_networking-best-practices.xml:75(title)
@@ -1492,7 +1492,7 @@ msgid "<emphasis role=\"bold\">Multi-Host DHCP-agent</emphasis> — OpenStack Ne
 msgstr ""
 
 #: ./doc/security-guide/ch032_networking-best-practices.xml:85(para)
-msgid "<emphasis role=\"bold\">No IPv6 Support for L3 agents</emphasis> — The neutron-l3-agent, used by many plugins to implement L3 forwarding, supports only IPv4 forwarding."
+msgid "<emphasis role=\"bold\">No IPv6 Support for L3 agents</emphasis> — The neutron-l3-agent, used by many plug-ins to implement L3 forwarding, supports only IPv4 forwarding."
 msgstr ""
 
 #. When image changes, this message will be marked fuzzy or untranslated for you.
@@ -2812,7 +2812,7 @@ msgid "AIDE"
 msgstr ""
 
 #: ./doc/security-guide/ch013_node-bootstrapping.xml:355(para)
-msgid "Network intrusion detection tools complement the host-based tools. OpenStack doesn't have a specific network IDS built-in, but OpenStack's networking component, Neutron, provides a plugin mechanism to enable different technologies via the Neutron API. This plugin architecture will allow tenants to develop API extensions to insert and configure their own advanced networking services like a firewall, an intrusion detection system, or a VPN between the VMs."
+msgid "Network intrusion detection tools complement the host-based tools. OpenStack doesn't have a specific network IDS built-in, but OpenStack's networking component, Neutron, provides a plug-in mechanism to enable different technologies via the Neutron API. This plug-in architecture will allow tenants to develop API extensions to insert and configure their own advanced networking services like a firewall, an intrusion detection system, or a VPN between the VMs."
 msgstr ""
 
 #: ./doc/security-guide/ch013_node-bootstrapping.xml:363(para)
@@ -3138,7 +3138,7 @@ msgid "Public cloud"
 msgstr ""
 
 #: ./doc/security-guide/ch004_book-introduction.xml:43(para)
-msgid "According to NIST, a public cloud is one in which the infrastructure is open to the general public for consumption. OpenStack public clouds are typically run by a service provider and can be consumed by individuals, corporations, or any paying customer. A public cloud provider may expose a full set of features such as software defined networking, block storage, in addition to multiple instance types. Due to the nature of public clouds, they are exposed to a higher degree of risk. As a consumer of a public cloud you should validate that your selected provider has the necessary certifications, attestations, and other regulatory considerations. As a public cloud provider, depending on your target customers, you may be subject to one or more regulations. Additionally, even if not required to meet regulatory requirements, a provider should ensure tenant isolation as well as protecting management infrastructure from external attacks."
+msgid "According to NIST, a public cloud is one in which the infrastructure is open to the general public for consumption. OpenStack public clouds are typically run by a service provider and can be consumed by individuals, corporations, or any paying customer. A public cloud provider may expose a full set of features such as software-defined networking, block storage, in addition to multiple instance types. Due to the nature of public clouds, they are exposed to a higher degree of risk. As a consumer of a public cloud you should validate that your selected provider has the necessary certifications, attestations, and other regulatory considerations. As a public cloud provider, depending on your target customers, you may be subject to one or more regulations. Additionally, even if not required to meet regulatory requirements, a provider should ensure tenant isolation as well as protecting management infrastructure from external attacks."
 msgstr ""
 
 #: ./doc/security-guide/ch004_book-introduction.xml:61(title)
@@ -3869,10 +3869,6 @@ msgstr ""
 msgid "For migrations, Bob wants to enable secure instance migrations in order to support rolling upgrades with minimal user downtime. Bob ensures that all migrations occur on an isolated VLAN. He plans to defer implementing encrypted migrations until this is better supported in Nova client tools. However, he makes a note to track this carefully and switch to encrypted migrations as soon as possible."
 msgstr ""
 
-#: ./doc/security-guide/ch_preface.xml:10(title)
-msgid "Preface"
-msgstr ""
-
 #. When image changes, this message will be marked fuzzy or untranslated for you.
 #. It doesn't matter what you translate it to: it's not used at all.
 #: ./doc/security-guide/ch008_system-roles-types.xml:101(None) ./doc/security-guide/ch008_system-roles-types.xml:106(None)
@@ -4344,11 +4340,11 @@ msgid "For these and other hypervisors, we recommend referring to hypervisor-spe
 msgstr ""
 
 #: ./doc/security-guide/ch046_data-residency.xml:114(para)
-msgid "Plugins to OpenStack Block Storage will store data in a variety of ways. Many plugins are specific to a vendor or technology, whereas others are more DIY solutions around filesystems such as LVM or ZFS. Methods to securely destroy data will vary from one plugin to another, from one vendor's solution to another, and from one filesystem to another."
+msgid "Plugins to OpenStack Block Storage will store data in a variety of ways. Many plug-ins are specific to a vendor or technology, whereas others are more DIY solutions around filesystems such as LVM or ZFS. Methods to securely destroy data will vary from one plugin to another, from one vendor's solution to another, and from one filesystem to another."
 msgstr ""
 
 #: ./doc/security-guide/ch046_data-residency.xml:115(para)
-msgid "Some backends such as ZFS will support copy-on-write to prevent data exposure. In these cases, reads from unwritten blocks will always return zero. Other backends such as LVM may not natively support this, thus the Cinder plugin takes the responsibility to override previously written blocks before handing them to users. It is important to review what assurances your chosen volume backend provides and to see what mediations may be available for those assurances not provided."
+msgid "Some backends such as ZFS will support copy-on-write to prevent data exposure. In these cases, reads from unwritten blocks will always return zero. Other backends such as LVM may not natively support this, thus the Block Storage plug-in takes the responsibility to override previously written blocks before handing them to users. It is important to review what assurances your chosen volume backend provides and to see what mediations may be available for those assurances not provided."
 msgstr ""
 
 #: ./doc/security-guide/ch046_data-residency.xml:116(para)
@@ -4356,11 +4352,11 @@ msgid "Finally, while not a feature of OpenStack, vendors and implementors may c
 msgstr ""
 
 #: ./doc/security-guide/ch046_data-residency.xml:120(para)
-msgid "The creation and destruction of ephemeral storage will be somewhat dependent on the chosen hypervisor and the OpenStack Compute plugin."
+msgid "The creation and destruction of ephemeral storage will be somewhat dependent on the chosen hypervisor and the OpenStack Compute plug-in."
 msgstr ""
 
 #: ./doc/security-guide/ch046_data-residency.xml:121(para)
-msgid "The libvirt plugin for compute may maintain ephemeral storage directly on a filesystem, or in LVM. Filesystem storage generally will not overwrite data when it is removed, although there is a guarantee that dirty extents are not provisioned to users."
+msgid "The libvirt plug-in for compute may maintain ephemeral storage directly on a filesystem, or in LVM. Filesystem storage generally will not overwrite data when it is removed, although there is a guarantee that dirty extents are not provisioned to users."
 msgstr ""
 
 #: ./doc/security-guide/ch046_data-residency.xml:122(para)
@@ -4950,7 +4946,7 @@ msgid "Networking Architecture"
 msgstr ""
 
 #: ./doc/security-guide/ch031_neutron-architecture.xml:4(para)
-msgid "OpenStack Networking is a standalone service that often involves deploying several processes across a number of nodes. These processes interact with each other and with other OpenStack services. The main process of the OpenStack Networking service is neutron-server, a Python daemon that exposes the OpenStack Networking API and passes tenant requests to a suite of plugins for additional processing."
+msgid "OpenStack Networking is a standalone service that often involves deploying several processes across a number of nodes. These processes interact with each other and with other OpenStack services. The main process of the OpenStack Networking service is neutron-server, a Python daemon that exposes the OpenStack Networking API and passes tenant requests to a suite of plug-ins for additional processing."
 msgstr ""
 
 #: ./doc/security-guide/ch031_neutron-architecture.xml:5(para)
@@ -4966,11 +4962,11 @@ msgid "<emphasis role=\"bold\">plugin agent</emphasis> (<literal>neutron-*-agent
 msgstr ""
 
 #: ./doc/security-guide/ch031_neutron-architecture.xml:13(para)
-msgid "<emphasis role=\"bold\">DHCP agent</emphasis> (<literal>neutron-dhcp-agent</literal>): Provides DHCP services to tenant networks. This agent is the same across all plugins and is responsible for maintaining DHCP configuration. The neutron-dhcp-agent requires message queue access."
+msgid "<emphasis role=\"bold\">DHCP agent</emphasis> (<literal>neutron-dhcp-agent</literal>): Provides DHCP services to tenant networks. This agent is the same across all plug-ins and is responsible for maintaining DHCP configuration. The neutron-dhcp-agent requires message queue access."
 msgstr ""
 
 #: ./doc/security-guide/ch031_neutron-architecture.xml:16(para)
-msgid "<emphasis role=\"bold\">l3 agent</emphasis> (<literal>neutron-l3-agent</literal>): Provides L3/NAT forwarding for external network access of VMs on tenant networks. Requires message queue access. <emphasis>Optional depending on plugin.</emphasis>"
+msgid "<emphasis role=\"bold\">l3 agent</emphasis> (<literal>neutron-l3-agent</literal>): Provides L3/NAT forwarding for external network access of VMs on tenant networks. Requires message queue access. <emphasis>Optional depending on plug-in.</emphasis>"
 msgstr ""
 
 #: ./doc/security-guide/ch031_neutron-architecture.xml:19(para)
@@ -5002,7 +4998,7 @@ msgid "<emphasis role=\"bold\">Management network</emphasis> Used for internal c
 msgstr ""
 
 #: ./doc/security-guide/ch031_neutron-architecture.xml:47(para)
-msgid "<emphasis role=\"bold\">Guest network</emphasis> Used for VM data communication within the cloud deployment. The IP addressing requirements of this network depend on the OpenStack Networking plugin in use and the network configuration choices of the virtual networks made by the tenant. This network is considered the Guest Security Domain."
+msgid "<emphasis role=\"bold\">Guest network</emphasis> Used for VM data communication within the cloud deployment. The IP addressing requirements of this network depend on the OpenStack Networking plug-in in use and the network configuration choices of the virtual networks made by the tenant. This network is considered the Guest Security Domain."
 msgstr ""
 
 #: ./doc/security-guide/ch031_neutron-architecture.xml:50(para)
@@ -5396,7 +5392,7 @@ msgid "Alice writes XSM policies (for Xen) and SELinux policies (for Linux domai
 msgstr ""
 
 #: ./doc/security-guide/ch053_case-studies-instance-isolation.xml:13(para)
-msgid "Bob is very concerned about instance isolation since the users in a public cloud represent anyone with a credit card, meaning they are inherently untrusted. Bob has just started hiring the team that will deploy the cloud, so he can tailor his candidate search for specific areas of expertise. With this in mind, Bob chooses a hypervisor based on its technical features, certifications, and community support. KVM has an EAL 4+ common criteria rating, with a layered security protection profile (LSPP) to provide added assurance for instance isolation. This, combined with the strong support for KVM within the OpenStack community drives Bob's decision to use KVM."
+msgid "Bob is very concerned about instance isolation since the users in a public cloud represent anyone with a credit card, meaning they are inherently untrusted. Bob has just started hiring the team that will deploy the cloud, so he can tailor his candidate search for specific areas of expertise. With this in mind, Bob chooses a hypervisor based on its technical features, certifications, and community support. KVM has an EAL 4+ common criteria rating, with a labeled security protection profile (LSPP) to provide added assurance for instance isolation. This, combined with the strong support for KVM within the OpenStack community drives Bob's decision to use KVM."
 msgstr ""
 
 #: ./doc/security-guide/ch053_case-studies-instance-isolation.xml:14(para)

doc/training-guides/locale/training-guides.pot

@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2014-03-14 06:23+0000\n"
+"POT-Creation-Date: 2014-03-18 06:30+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -368,7 +368,7 @@ msgid "The next component is the storage servers themselves. Generally, most con
 msgstr ""
 
 #: ./doc/training-guides/module003-ch007-swift-cluster-architecture.xml:72(para)
-msgid "Currently 2TB or 3TB SATA disks deliver good price/performance value. Desktop-grade drives can be used where there are responsive remote hands in the datacenter, and enterprise-grade drives can be used where this is not the case."
+msgid "Currently 2 TB or 3 TB SATA disks deliver good price/performance value. Desktop-grade drives can be used where there are responsive remote hands in the datacenter, and enterprise-grade drives can be used where this is not the case."
 msgstr ""
 
 #: ./doc/training-guides/module003-ch007-swift-cluster-architecture.xml:78(para)
@@ -418,11 +418,11 @@ msgid "Enhancing traditional networking solutions to provide rich cloud networki
 msgstr ""
 
 #: ./doc/training-guides/module002-ch001-networking-in-openstack.xml:56(para)
-msgid "The original OpenStack Compute network implementation assumed a very basic model of performing all isolation through Linux VLANs and IP tables. OpenStack Networking introduces the concept of a plugin, which is a pluggable back-end implementation of the OpenStack Networking API. A plugin can use a variety of technologies to implement the logical API requests. Some OpenStack Networking plugins might use basic Linux VLANs and IP tables, while others might use more advanced technologies, such as L2-in-L3 tunneling or OpenFlow, to provide similar benefits."
+msgid "The original OpenStack Compute network implementation assumed a very basic model of performing all isolation through Linux VLANs and IP tables. OpenStack Networking introduces the concept of a plug-in, which is a pluggable back-end implementation of the OpenStack Networking API. A plug-in can use a variety of technologies to implement the logical API requests. Some OpenStack Networking plug-ins might use basic Linux VLANs and IP tables, while others might use more advanced technologies, such as L2-in-L3 tunneling or OpenFlow, to provide similar benefits."
 msgstr ""
 
 #: ./doc/training-guides/module002-ch001-networking-in-openstack.xml:66(para)
-msgid "The current set of plugins include:"
+msgid "The current set of plug-ins include:"
 msgstr ""
 
 #: ./doc/training-guides/module002-ch001-networking-in-openstack.xml:69(emphasis)
@@ -487,7 +487,7 @@ msgid "<emphasis role=\"bold\">VMware NSX:</emphasis> Documentation include in t
 msgstr ""
 
 #: ./doc/training-guides/module002-ch001-networking-in-openstack.xml:132(para)
-msgid "Plugins can have different properties in terms of hardware requirements, features, performance, scale, operator tools, etc. Supporting many plugins enables the cloud administrator to weigh different options and decide which networking technology is right for the deployment."
+msgid "Plugins can have different properties in terms of hardware requirements, features, performance, scale, operator tools, etc. Supporting many plug-ins enables the cloud administrator to weigh different options and decide which networking technology is right for the deployment."
 msgstr ""
 
 #: ./doc/training-guides/module002-ch001-networking-in-openstack.xml:137(para)
@@ -503,7 +503,7 @@ msgid "OpenStack Networking is a standalone service, just like other OpenStack s
 msgstr ""
 
 #: ./doc/training-guides/module002-ch001-networking-in-openstack.xml:148(para)
-msgid "The main process of the OpenStack Networking server is quantum-server, which is a Python daemon that exposes the OpenStack Networking API and passes user requests to the configured OpenStack Networking plugin for additional processing. Typically, the plugin requires access to a database for persistent storage, similar to other OpenStack services."
+msgid "The main process of the OpenStack Networking server is quantum-server, which is a Python daemon that exposes the OpenStack Networking API and passes user requests to the configured OpenStack Networking plug-in for additional processing. Typically, the plug-in requires access to a database for persistent storage, similar to other OpenStack services."
 msgstr ""
 
 #: ./doc/training-guides/module002-ch001-networking-in-openstack.xml:155(para)
@@ -511,15 +511,15 @@ msgid "If your deployment uses a controller host to run centralized OpenStack Co
 msgstr ""
 
 #: ./doc/training-guides/module002-ch001-networking-in-openstack.xml:164(para)
-msgid "<emphasis role=\"bold\">plugin agent (quantum-*-agent):</emphasis>Runs on each hypervisor to perform local vswitch configuration. Agent to be run depends on which plugin you are using, as some plugins do not require an agent."
+msgid "<emphasis role=\"bold\">plugin agent (quantum-*-agent):</emphasis>Runs on each hypervisor to perform local vswitch configuration. Agent to be run depends on which plug-in you are using, as some plug-ins do not require an agent."
 msgstr ""
 
 #: ./doc/training-guides/module002-ch001-networking-in-openstack.xml:171(para)
-msgid "<emphasis role=\"bold\">dhcp agent (quantum-dhcp-agent):</emphasis>Provides DHCP services to tenant networks. This agent is the same across all plugins."
+msgid "<emphasis role=\"bold\">dhcp agent (quantum-dhcp-agent):</emphasis>Provides DHCP services to tenant networks. This agent is the same across all plug-ins."
 msgstr ""
 
 #: ./doc/training-guides/module002-ch001-networking-in-openstack.xml:177(para)
-msgid "<emphasis role=\"bold\">l3 agent (quantum-l3-agent):</emphasis>Provides L3/NAT forwarding to provide external network access for VMs on tenant networks. This agent is the same across all plugins."
+msgid "<emphasis role=\"bold\">l3 agent (quantum-l3-agent):</emphasis>Provides L3/NAT forwarding to provide external network access for VMs on tenant networks. This agent is the same across all plug-ins."
 msgstr ""
 
 #: ./doc/training-guides/module002-ch001-networking-in-openstack.xml:184(para)
@@ -575,7 +575,7 @@ msgid "<emphasis role=\"bold\">Management network:</emphasis>Used for internal c
 msgstr ""
 
 #: ./doc/training-guides/module002-ch001-networking-in-openstack.xml:246(para)
-msgid "<emphasis role=\"bold\">Data network:</emphasis>Used for VM data communication within the cloud deployment. The IP addressing requirements of this network depend on the OpenStack Networking plugin in use."
+msgid "<emphasis role=\"bold\">Data network:</emphasis>Used for VM data communication within the cloud deployment. The IP addressing requirements of this network depend on the OpenStack Networking plug-in in use."
 msgstr ""
 
 #: ./doc/training-guides/module002-ch001-networking-in-openstack.xml:252(para)
@@ -1205,15 +1205,15 @@ msgid "Cloud computing offers different service models depending on the capabili
 msgstr ""
 
 #: ./doc/training-guides/module001-ch001-intro-text.xml:50(para)
-msgid "SaaS: Software as a Service. Provides the consumer the ability to use the software in a cloud environment, such as web-based email for example."
+msgid "SaaS: Software-as-a-Service. Provides the consumer the ability to use the software in a cloud environment, such as web-based email for example."
 msgstr ""
 
 #: ./doc/training-guides/module001-ch001-intro-text.xml:55(para)
-msgid "PaaS: Platform as a Service. Provides the consumer the ability to deploy applications through a programming language or tools supported by the cloud platform provider. An example of platform as a service is an Eclipse/Java programming platform provided with no downloads required."
+msgid "PaaS: Platform-as-a-Service. Provides the consumer the ability to deploy applications through a programming language or tools supported by the cloud platform provider. An example of Platform-as-a-service is an Eclipse/Java programming platform provided with no downloads required."
 msgstr ""
 
 #: ./doc/training-guides/module001-ch001-intro-text.xml:62(para)
-msgid "IaaS: Infrastructure as a Service. Provides infrastructure such as computer instances, network connections, and storage so that people can run any software or operating system."
+msgid "IaaS: Infrastructure-as-a-Service. Provides infrastructure such as computer instances, network connections, and storage so that people can run any software or operating system."
 msgstr ""
 
 #: ./doc/training-guides/module001-ch001-intro-text.xml:68(para)
@@ -1423,7 +1423,7 @@ msgid "More Content To be Added ..."
 msgstr ""
 
 #: ./doc/training-guides/module001-ch005-vm-provisioning-walk-through.xml:9(para)
-msgid "OpenStack Compute gives you a tool to orchestrate a cloud, including running instances, managing networks, and controlling access to the cloud through users and projects. The underlying open source project's name is Nova, and it provides the software that can control an Infrastructure as a Service (IaaS) cloud computing platform. It is similar in scope to Amazon EC2 and Rackspace Cloud Servers. OpenStack Compute does not include any virtualization software; rather it defines drivers that interact with underlying virtualization mechanisms that run on your host operating system, and exposes functionality over a web-based API."
+msgid "OpenStack Compute gives you a tool to orchestrate a cloud, including running instances, managing networks, and controlling access to the cloud through users and projects. The underlying open source project's name is Nova, and it provides the software that can control an Infrastructure-as-a-Service (IaaS) cloud computing platform. It is similar in scope to Amazon EC2 and Rackspace Cloud Servers. OpenStack Compute does not include any virtualization software; rather it defines drivers that interact with underlying virtualization mechanisms that run on your host operating system, and exposes functionality over a web-based API."
 msgstr ""
 
 #: ./doc/training-guides/module001-ch005-vm-provisioning-walk-through.xml:20(guilabel)
@@ -2641,7 +2641,7 @@ msgid "Project history and releases overview."
 msgstr ""
 
 #: ./doc/training-guides/module001-ch003-core-projects.xml:5(para)
-msgid "OpenStack is a cloud computing project that provides an infrastructure as a service (IaaS). It is free open source software released under the terms of the Apache License. The project is managed by the OpenStack Foundation, a non-profit corporate entity established in September 2012 to promote OpenStack software and its community."
+msgid "OpenStack is a cloud computing project that provides an Infrastructure-as-a-Service (IaaS). It is free open source software released under the terms of the Apache License. The project is managed by the OpenStack Foundation, a non-profit corporate entity established in September 2012 to promote OpenStack software and its community."
 msgstr ""
 
 #: ./doc/training-guides/module001-ch003-core-projects.xml:11(para)
@@ -5921,7 +5921,7 @@ msgid "Conceptual Architecture"
 msgstr ""
 
 #: ./doc/training-guides/module001-ch004-openstack-architecture.xml:9(para)
-msgid "The OpenStack project as a whole is designed to deliver a massively scalable cloud operating system. To achieve this, each of the constituent services are designed to work together to provide a complete Infrastructure as a Service (IaaS). This integration is facilitated through public application programming interfaces (APIs) that each service offers (and in turn can consume). While these APIs allow each of the services to use another service, it also allows an implementer to switch out any service as long as they maintain the API. These are (mostly) the same APIs that are available to end users of the cloud."
+msgid "The OpenStack project as a whole is designed to deliver a massively scalable cloud operating system. To achieve this, each of the constituent services are designed to work together to provide a complete Infrastructure-as-a-Service (IaaS). This integration is facilitated through public application programming interfaces (APIs) that each service offers (and in turn can consume). While these APIs allow each of the services to use another service, it also allows an implementer to switch out any service as long as they maintain the API. These are (mostly) the same APIs that are available to end users of the cloud."
 msgstr ""
 
 #: ./doc/training-guides/module001-ch004-openstack-architecture.xml:20(para)
@@ -6153,11 +6153,11 @@ msgid "Neutron provides \"network connectivity as a service\" between interface
 msgstr ""
 
 #: ./doc/training-guides/module001-ch004-openstack-architecture.xml:315(para)
-msgid "neutron-server accepts API requests and then routes them to the appropriate Neutron plugin for action."
+msgid "neutron-server accepts API requests and then routes them to the appropriate Neutron plug-in for action."
 msgstr ""
 
 #: ./doc/training-guides/module001-ch004-openstack-architecture.xml:319(para)
-msgid "Neutron plugins and agents perform the actual actions such as plugging and unplugging ports, creating networks or subnets and IP addressing. These plugins and agents differ depending on the vendor and technologies used in the particular cloud. Neutron ships with plugins and agents for: Cisco virtual and physical switches, NEC OpenFlow products, Open vSwitch, Linux bridging, the Ryu Network Operating System, and VMware NSX."
+msgid "Neutron plug-ins and agents perform the actual actions such as plugging and unplugging ports, creating networks or subnets and IP addressing. These plug-ins and agents differ depending on the vendor and technologies used in the particular cloud. Neutron ships with plug-ins and agents for: Cisco virtual and physical switches, NEC OpenFlow products, Open vSwitch, Linux bridging, the Ryu Network Operating System, and VMware NSX."
 msgstr ""
 
 #: ./doc/training-guides/module001-ch004-openstack-architecture.xml:329(para)
@@ -6165,7 +6165,7 @@ msgid "The common agents are L3 (layer 3), DHCP (dynamic host IP addressing) and
 msgstr ""
 
 #: ./doc/training-guides/module001-ch004-openstack-architecture.xml:333(para)
-msgid "Most Neutron installations will also make use of a messaging queue to route information between the neutron-server and various agents as well as a database to store networking state for particular plugins."
+msgid "Most Neutron installations will also make use of a messaging queue to route information between the neutron-server and various agents as well as a database to store networking state for particular plug-ins."
 msgstr ""
 
 #: ./doc/training-guides/module001-ch004-openstack-architecture.xml:339(para)
@@ -7157,23 +7157,23 @@ msgid "What three service models does cloud computing provide? (choose all that
 msgstr ""
 
 #: ./doc/training-guides/bk001-ch002-associate-getting-started-quiz.xml:43(para)
-msgid "Software as a Service (SaaS)"
+msgid "Software-as-a-Service (SaaS)"
 msgstr ""
 
 #: ./doc/training-guides/bk001-ch002-associate-getting-started-quiz.xml:46(para)
-msgid "Applications as a Service (AaaS)"
+msgid "Applications-as-a-Service (AaaS)"
 msgstr ""
 
 #: ./doc/training-guides/bk001-ch002-associate-getting-started-quiz.xml:49(para)
-msgid "Hardware as a Service (HaaS)"
+msgid "Hardware-as-a-Service (HaaS)"
 msgstr ""
 
 #: ./doc/training-guides/bk001-ch002-associate-getting-started-quiz.xml:52(para)
-msgid "Infrastructure as a Service (IaaS)"
+msgid "Infrastructure-as-a-Service (IaaS)"
 msgstr ""
 
 #: ./doc/training-guides/bk001-ch002-associate-getting-started-quiz.xml:55(para)
-msgid "Platform as a Service (PaaS)"
+msgid "Platform-as-a-Service (PaaS)"
 msgstr ""
 
 #: ./doc/training-guides/bk001-ch002-associate-getting-started-quiz.xml:63(title)

doc/user-guide-admin/locale/user-guide-admin.pot

@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2014-03-14 06:23+0000\n"
+"POT-Creation-Date: 2014-03-18 06:30+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -2050,7 +2050,7 @@ msgid "Using the command-line interface, you can manage quotas for the OpenStack
 msgstr ""
 
 #: ./doc/user-guide-admin/section_cli_keystone_set_quotas.xml:24(para)
-msgid "Typically, default values are changed because a tenant requires more than 10 volumes, or more than 1TB on a compute node."
+msgid "Typically, default values are changed because a tenant requires more than 10 volumes, or more than 1 TB on a compute node."
 msgstr ""
 
 #: ./doc/user-guide-admin/section_cli_keystone_set_quotas.xml:27(para)

doc/user-guide/locale/user-guide.pot

@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2014-03-14 06:23+0000\n"
+"POT-Creation-Date: 2014-03-18 06:30+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"