openstack/openstack-manuals
Code Issues Proposed changes
openstack-manuals/doc/security-guide/ch044_case-studies-database.xml
Roger Luethi 063c3693f7 Fix use of non-breaking-spaces in manuals 
Non-breaking spaces should only be used where necessary to
prevent line breaks.

This patch removes and replaces non-breaking spaces as appropriate.

Closes-Bug: #1314498

Change-Id: I43565603a8d0ff8672c23cfee049b04b612070f8
2014-04-30 22:01:45 +02:00

14 lines
2.2 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<chapter xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://docbook.org/ns/docbook" xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="ch044_case-studies-database"><?dbhtml stop-chunking?>
<title>Case Studies: Database</title>
<para>In this case study we discuss how Alice and Bob would address database selection and configuration for their respective private and public clouds.</para>
<section xml:id="ch044_case-studies-database-idp38048">
<title>Alice's Private Cloud</title>
<para>Alice's organization has high availability concerns, so she has elected to use MySQL for the database. She further places the database on the Management network and uses SSL with mutual authentication among the services to ensure secure access. Given there will be no external access of the database, she uses certificates signed with the organization's self-signed root certificate on the database and its access endpoints. Alice creates separate user accounts for each database user, and configures the database to use both passwords and X.509 certificates for authentication. She elects not to use the <systemitem class="service">nova-conductor</systemitem> sub-service due to the desire for fine-grained access control policies and audit support.</para>
</section>
<section xml:id="ch044_case-studies-database-idp40064">
<title>Bob's Public Cloud</title>
<para>Bob is concerned about strong separation of his tenants' data, so he has elected to use the Postgres database , known for its stronger security features. The database resides on the Management network and uses SSL with mutual authentication with the services. Since the database is on the Management network, the database uses certificates signed with the company's self-signed root certificate. Bob creates separate user accounts for each database user, and configures the database to use both passwords and X.509 certificates for authentication. He elects not to use the <systemitem class="service">nova-conductor</systemitem> sub-service due to a desire for fine-grained access control.</para>
</section>
</chapter>
View Git Blame Copy Permalink