121a4adaa8
Change-Id: Ia8ff994d778918847f47d3f7d9c07d8b56b06aea
307 lines
9.8 KiB
HTML
307 lines
9.8 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
|
|
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<meta content="HTML Tidy for Linux/x86 (vers 11 February 2007), see www.w3.org" name="generator"/>
|
|
<meta content="text/html; charset=utf8" http-equiv="Content-Type"/>
|
|
<meta content="Ip5yk0nd8yQHEo8I7SjzVfAiadlHvTvqQHLGwn1GFyU" name="google-site-verification"/>
|
|
<title>
|
|
OpenStack Docs: Security Guide
|
|
</title>
|
|
<!-- Google Fonts -->
|
|
<link href="http://fonts.googleapis.com/css?family=PT+Sans&subset=latin" rel="stylesheet" type="text/css"/>
|
|
<!-- Framework CSS -->
|
|
<link href="http://openstack.org/themes/openstack/css/blueprint/screen.css" media="screen, projection" rel="stylesheet" type="text/css"/>
|
|
<link href="http://openstack.org/themes/openstack/css/blueprint/print.css" media="print" rel="stylesheet" type="text/css"/>
|
|
<!--[if lt IE 8]><link rel="stylesheet" href="http://openstack.org/themes/openstack/css/blueprint/ie.css" type="text/css" media="screen, projection"><![endif]-->
|
|
<!-- OpenStack Specific CSS -->
|
|
<link href="http://openstack.org/themes/openstack/css/main.css" media="screen, projection, print" rel="stylesheet" type="text/css"/>
|
|
<script type="text/javascript">
|
|
// Used to record outbound links before the browser resets to the new site
|
|
|
|
function recordOutboundLink(link, category, action) {
|
|
try {
|
|
_gaq.push(['._trackEvent', category , action ]);
|
|
setTimeout('document.location = "' + link.href + '"', 100)
|
|
}catch(err){}
|
|
}
|
|
</script>
|
|
<script type="text/javascript">
|
|
var _gaq = _gaq || [];
|
|
_gaq.push(['_setAccount', 'UA-17511903-1']);
|
|
_gaq.push(['_setDomainName', '.openstack.org']);
|
|
_gaq.push(['_trackPageview']);
|
|
|
|
(function() {
|
|
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
|
|
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
|
|
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
|
|
})();
|
|
</script>
|
|
</head>
|
|
<body class="docshome" id="docshome">
|
|
<div class="container">
|
|
<div id="header">
|
|
<div class="span-5">
|
|
<h1 id="logo">
|
|
<a href="/">
|
|
OpenStack
|
|
</a>
|
|
</h1>
|
|
</div>
|
|
<div class="span-19 last blueLine">
|
|
<div class="span-19" id="navigation">
|
|
<ul id="Menu1">
|
|
<li>
|
|
<a href="http://www.openstack.org/" title="Go to the Home page">
|
|
Home
|
|
</a>
|
|
</li>
|
|
<li>
|
|
<a class="link" href="http://www.openstack.org/software/" title="Go to the Software page">
|
|
Software
|
|
</a>
|
|
</li>
|
|
<li>
|
|
<a class="link" href="http://www.openstack.org/user-stories/" title="Go to the User Stories page">
|
|
User Stories
|
|
</a>
|
|
</li>
|
|
<li>
|
|
<a class="link" href="http://www.openstack.org/community/" title="Go to the Community page">
|
|
Community
|
|
</a>
|
|
</li>
|
|
<li>
|
|
<a class="link" href="http://www.openstack.org/profile/" title="Go to the Profile page">
|
|
Profile
|
|
</a>
|
|
</li>
|
|
<li>
|
|
<a href="http://www.openstack.org/blog/" title="Go to the OpenStack Blog">
|
|
Blog
|
|
</a>
|
|
</li>
|
|
<li>
|
|
<a href="http://wiki.openstack.org/" title="Go to the OpenStack Wiki">
|
|
Wiki
|
|
</a>
|
|
</li>
|
|
<li>
|
|
<a class="current" href="http://docs.openstack.org/" title="Go to OpenStack Documentation">
|
|
Documentation
|
|
</a>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<!-- Page Content -->
|
|
<div class="container">
|
|
<div class="span-12">
|
|
<h3 class="subhead">
|
|
<a href="http://docs.openstack.org/">
|
|
Documentation
|
|
</a>
|
|
> Security Guide
|
|
</h3>
|
|
</div>
|
|
<div class="searchArea span-10 last">
|
|
<div id="cse" style="width: 100%;">
|
|
Loading
|
|
</div>
|
|
<script src="http://www.google.com/jsapi" type="text/javascript">
|
|
</script>
|
|
<script type="text/javascript">
|
|
//<![CDATA[
|
|
|
|
google.load('search', '1', {language : 'en'});
|
|
var _gaq = _gaq || [];
|
|
_gaq.push(["_setAccount", "UA-17511903-6"]);
|
|
function _trackQuery(control, searcher, query) {
|
|
var gaQueryParamName = "q";
|
|
var loc = document.location;
|
|
var url = [
|
|
loc.pathname,
|
|
loc.search,
|
|
loc.search ? '&' : '?',
|
|
gaQueryParamName == '' ? 'q' : encodeURIComponent(gaQueryParamName),
|
|
'=',
|
|
encodeURIComponent(query)
|
|
].join('');
|
|
_gaq.push(["_trackPageview", url]);
|
|
}
|
|
google.setOnLoadCallback(function() {
|
|
var customSearchControl = new google.search.CustomSearchControl('011012898598057286222:elxsl505o0o');
|
|
customSearchControl.setResultSetSize(google.search.Search.FILTERED_CSE_RESULTSET);
|
|
customSearchControl.setSearchStartingCallback(null, _trackQuery);
|
|
customSearchControl.draw('cse');
|
|
}, true);
|
|
//]]>
|
|
</script>
|
|
</div>
|
|
</div>
|
|
<div class="container">
|
|
<div class="span-12">
|
|
<div class="photo">
|
|
<img src="../common/images/openstack-security-guide.jpg" width="100%"/>
|
|
</div>
|
|
<p>
|
|
<a class="button" href="http://docs.openstack.org/security-guide/content/" onclick="recordOutboundLink(this, 'Outbound Links', 'security-guide.html');return false;">
|
|
HTML
|
|
</a>
|
|
<a class="button" href="http://docs.openstack.org/security-guide/security-guide.pdf" onclick="recordOutboundLink(this, 'Outbound Links', security-guide.pdf');return false;">
|
|
PDF
|
|
</a>
|
|
</p>
|
|
</div>
|
|
<div class="span-12 last">
|
|
<div class="photo">
|
|
<img src="../common/images/openstack-security-guide-team.jpg" width="100%"/>
|
|
</div>
|
|
<p>
|
|
<b>
|
|
The OpenStack Security Guide provides best practices learned by real cloud operators while hardening their OpenStack deployments.
|
|
</b>
|
|
</p>
|
|
<p>
|
|
This book was written by a close community of security experts from the
|
|
<a href="https://launchpad.net/~openstack-ossg">
|
|
OpenStack Security Group
|
|
</a>
|
|
in a short, intense
|
|
week-long effort at an undisclosed location. One of the goals for this book is to bring together interested members to capture their collective knowledge and give it
|
|
back to the OpenStack community.
|
|
</p>
|
|
<p>
|
|
In this book you'll find practical security guidance:
|
|
</p>
|
|
<ul>
|
|
<li>
|
|
Discussions about each OpenStack service
|
|
</li>
|
|
<li>
|
|
Information about isolating security domains and securing domain bridges
|
|
</li>
|
|
<li>
|
|
Public and private cloud considerations
|
|
</li>
|
|
<li>
|
|
Best practices for management layers and access
|
|
</li>
|
|
<li>
|
|
Secure node bootstrapping and hardening
|
|
</li>
|
|
<li>
|
|
SSL, SSH, and PKI availability per OpenStack service
|
|
</li>
|
|
<li>
|
|
API endpoint best practices
|
|
</li>
|
|
<li>
|
|
Security for messaging transport and queues
|
|
</li>
|
|
<li>
|
|
Database and data security best practices and considerations
|
|
</li>
|
|
<li>
|
|
Hypervisor selection advice
|
|
</li>
|
|
<li>
|
|
Security services available for OpenStack instances and trusted images
|
|
</li>
|
|
<li>
|
|
Migration information
|
|
</li>
|
|
<li>
|
|
Logging information and considerations
|
|
</li>
|
|
<li>
|
|
Access control and identity management concepts
|
|
</li>
|
|
</ul>
|
|
<p>
|
|
You can get the
|
|
<a href="http://docs.openstack.org/security-guide/security-guide.pdf" onclick="recordOutboundLink(this, 'Outbound Links', security-guide.pdf');return false;">
|
|
PDF
|
|
</a>
|
|
to print yourself. If you'd like a bound copy,
|
|
<a href="http://www.lulu.com/commerce/index.php?fBuyContent=13956188" onclick="recordOutboundLink(this, 'Outbound Links', 'securitylulu.com');return false;">
|
|
buy it from Lulu
|
|
</a>
|
|
and all proceeds go to the Foundation to support more book sprints efforts like this one.
|
|
</p>
|
|
<p>
|
|
<a href="http://www.lulu.com/commerce/index.php?fBuyContent=13956188">
|
|
<img alt="Support independent publishing: Buy this book on Lulu." border="0" src="http://static.lulu.com/images/services/buy_now_buttons/us/blue2.gif?20130702092152"/>
|
|
</a>
|
|
</p>
|
|
<p align="right">
|
|
<a href="http://creativecommons.org/licenses/by/3.0/us/" rel="license">
|
|
<img alt="Creative Commons License" src="http://i.creativecommons.org/l/by/3.0/us/88x31.png" style="border-width:0"/>
|
|
</a>
|
|
<br/>
|
|
This work is licensed under a
|
|
<a href="http://creativecommons.org/licenses/by/3.0/us/" rel="license">
|
|
Creative Commons Attribution 3.0 United States License
|
|
</a>
|
|
.
|
|
</p>
|
|
</div>
|
|
</div>
|
|
<div class="container">
|
|
<div id="footer">
|
|
<hr/>
|
|
<p>
|
|
Documentation treated like code, powered by the community - interested? Here's
|
|
<a href="http://wiki.openstack.org/Documentation/HowTo">
|
|
how to contribute
|
|
</a>
|
|
.
|
|
</p>
|
|
<p>
|
|
The OpenStack project is provided under the Apache 2.0 license. Openstack.org is powered by
|
|
<a href="http://www.rackspacecloud.com/">
|
|
Rackspace Cloud Computing
|
|
</a>
|
|
.
|
|
</p>
|
|
</div>
|
|
</div>
|
|
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js" type="text/javascript">
|
|
</script>
|
|
<script charset="utf-8" src="http://docs.openstack.org/common/jquery/jquery.hoverIntent.minified.js" type="text/javascript">
|
|
</script>
|
|
<script charset="utf-8" type="text/javascript">
|
|
//<![CDATA[
|
|
$(document).ready(function() {
|
|
|
|
function addMenu(){
|
|
$(".dropDown").addClass("menuHover");
|
|
}
|
|
|
|
function removeMenu(){
|
|
$(".dropDown").removeClass("menuHover");
|
|
}
|
|
|
|
var menuConfig = {
|
|
interval: 500,
|
|
sensitivity: 4,
|
|
over: addMenu,
|
|
timeout: 500,
|
|
out: removeMenu
|
|
};
|
|
|
|
$(".dropDownTrigger").hoverIntent(menuConfig);
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
//]]>
|
|
</script>
|
|
</body>
|
|
</html>
|