openstack/openstack-manuals
Code Issues Proposed changes
18be804cdb
openstack-manuals/doc/security-guide/ch044_case-studies-database.xml
Andreas Jaeger 6bf4dedafc Edits on security guide 
Change all titles to sentence style capitalization (some were already,
majority not)
Adjust project and service name spelling.
Minor edits
Fix links to TPM section

Change-Id: Ic8cc709b068d2273762f074daa5ac30ebe9aaf20
Partial-Bug: #1217503
2014-05-06 22:40:19 +02:00

19 lines
2.2 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<chapter xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns="http://docbook.org/ns/docbook"
version="5.0"
xml:id="ch044_case-studies-database">
<?dbhtml stop-chunking?>
<title>Case studies: database</title>
<para>In this case study we discuss how Alice and Bob would address database selection and configuration for their respective private and public clouds.</para>
<section xml:id="ch044_case-studies-database-idp38048">
<title>Alice's private cloud</title>
<para>Alice's organization has high availability concerns, so she has elected to use MySQL for the database. She further places the database on the Management network and uses SSL with mutual authentication among the services to ensure secure access. Given there will be no external access of the database, she uses certificates signed with the organization's self-signed root certificate on the database and its access endpoints. Alice creates separate user accounts for each database user, and configures the database to use both passwords and X.509 certificates for authentication. She elects not to use the <systemitem class="service">nova-conductor</systemitem> sub-service due to the desire for fine-grained access control policies and audit support.</para>
</section>
<section xml:id="ch044_case-studies-database-idp40064">
<title>Bob's public cloud</title>
<para>Bob is concerned about strong separation of his tenants' data, so he has elected to use the Postgres database , known for its stronger security features. The database resides on the Management network and uses SSL with mutual authentication with the services. Since the database is on the Management network, the database uses certificates signed with the company's self-signed root certificate. Bob creates separate user accounts for each database user, and configures the database to use both passwords and X.509 certificates for authentication. He elects not to use the <systemitem class="service">nova-conductor</systemitem> sub-service due to a desire for fine-grained access control.</para>
</section>
</chapter>
View Git Blame Copy Permalink