openstack/openstack-manuals
Code Issues Proposed changes

cleanup ch055_security-services-for-instances

Browse Source 
no plural needed environments to environment
fulfil to fulfill

Change-Id: I064d4126d45cb607eaada1b25d9e9801cf051316
This commit is contained in:
Shilla Saebi 2014-01-25 03:04:55 -05:00
parent 0d5847775f
commit 6d0bc8f0fe
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/security-guide/ch055_security-services-for-instances.xml
View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<chapter xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://docbook.org/ns/docbook" xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="ch055_security-services-for-instances"><?dbhtml stop-chunking?>
<title>Security Services for Instances</title>
<para>One of the virtues of running instances in a virtualized environments is that it opens up new opportunities for security controls that are not typically available when deploying onto bare metal. There are several technologies that can be applied to the virtualization stack that bring improved information assurance for cloud tenants.</para>
<para>One of the virtues of running instances in a virtualized environment is that it opens up new opportunities for security controls that are not typically available when deploying onto bare metal. There are several technologies that can be applied to the virtualization stack that bring improved information assurance for cloud tenants.</para>
<para>Deployers or users of OpenStack with strong security requirements may want to consider deploying these technologies. Not all are applicable in every situation, indeed in some cases technologies may be ruled out for use in a cloud because of prescriptive business requirements. Similarly some technologies inspect instance data such as run state which may be undesirable to the users of the system.</para>
<para>In this chapter we explore these technologies and describe the situations where they can be used to enhance security for instances or underlying instances. We also seek to highlight where privacy concerns may exist. These include data pass through, introspection, or providing a source of entropy. In this section we highlight the following additional security services:</para>
<itemizedlist><listitem>
@ -35,7 +35,7 @@
Reference</citetitle>). The filter scheduler works in
collaboration with 'filters' to decide where an instance should
be started. This process of host selection allows administrators
to fulfil many different security requirements. Depending on the
to fulfill many different security requirements. Depending on the
cloud deployment type for example, one could choose to have
tenant instances reside on the same hosts whenever possible if
data isolation was a primary concern, conversely one could