openstack-manuals/doc/security-guide/bk_openstack-sec-guide.xml

<?xml version="1.0" encoding="UTF-8"?>
<book version="5.0" xml:id="os-security-guide"
    xmlns:xi="http://www.w3.org/2001/XInclude"
    xmlns="http://docbook.org/ns/docbook"
    xmlns:xlink="http://www.w3.org/1999/xlink">
    <title>OpenStack Security Guide</title>
    <info>
        <author>
            <personname>
                <firstname/>
                <surname/>
            </personname>
            <affiliation>
                <orgname>OpenStack Foundation</orgname>
            </affiliation>
        </author>
        <copyright>
            <year>2013</year>
            <holder>OpenStack Foundation</holder>
        </copyright>
        <releaseinfo>current</releaseinfo>
        <productname>OpenStack</productname>
        <pubdate/>
        <legalnotice role="cc-by">
            <annotation>
                <remark>Copyright details are filled in by the
                    template.</remark>
            </annotation>
        </legalnotice>
        <abstract>
            <para>This book provides best practices and conceptual
                information about securing an OpenStack cloud.</para>
        </abstract>
        <revhistory>
            <!-- ... continue adding more revisions here as you change this document using the markup shown below... -->

            <revision>
                <date>2013-12-02</date>
                <revdescription>
                    <itemizedlist>
                        <listitem>
                            <para>Chapter on Object Storage added.</para>
                        </listitem>
                    </itemizedlist>
                </revdescription>
            </revision>
            <revision>
                <date>2013-10-17</date>
                <revdescription>
                    <itemizedlist>
                        <listitem>
                            <para>Havana release.</para>
                        </listitem>
                    </itemizedlist>
                </revdescription>
            </revision>
            <revision>
                <date>2013-07-02</date>
                <revdescription>
                    <itemizedlist>
                        <listitem>
                            <para>Initial creation...</para>
                        </listitem>
                    </itemizedlist>
                </revdescription>
            </revision>
        </revhistory>
    </info>
    <xi:include href="../common/ch_preface.xml"/>
    <xi:include href="ch001_acknowledgements.xml"/>
    <xi:include href="ch002_why-and-how-we-wrote-this-book.xml"/>
    <xi:include href="ch004_book-introduction.xml"/>
    <xi:include href="ch005_security-domains.xml"/>
    <xi:include href="ch006_introduction-to-case-studies.xml"/>
    <xi:include href="ch008_system-roles-types.xml"/>
    <xi:include href="ch009_case-studies.xml"/>
    <xi:include href="ch011_management-introduction.xml"/>
    <xi:include href="ch012_configuration-management.xml"/>
    <xi:include href="ch013_node-bootstrapping.xml"/>
    <xi:include
        href="ch014_best-practices-for-operator-mode-access.xml"/>
    <xi:include href="ch015_case-studies-management.xml"/>
    <xi:include
        href="ch017_threat-models-confidence-and-confidentiality.xml"/>
    <xi:include href="ch018_case-studies-pkissl.xml"/>
    <xi:include href="ch020_ssl-everywhere.xml"/>
    <xi:include href="ch021_paste-and-middleware.xml"/>
    <xi:include href="ch022_case-studies-api-endpoints.xml"/>
    <xi:include href="ch024_authentication.xml"/>
    <xi:include href="ch025_web-dashboard.xml"/>
    <xi:include href="ch026_compute.xml"/>
    <xi:include href="ch027_storage.xml"/>
    <xi:include href="ch028_case-studies-identity-management.xml"/>
    <xi:include href="ch030_state-of-networking.xml"/>
    <xi:include href="ch031_neutron-architecture.xml"/>
    <xi:include href="ch032_networking-best-practices.xml"/>
    <xi:include href="ch033_securing-neutron-services.xml"/>
    <xi:include
        href="ch034_tenant-secure-networking-best-practices.xml"/>
    <xi:include href="ch035_case-studies-networking.xml"/>
    <xi:include href="ch037_risks.xml"/>
    <xi:include href="ch038_transport-security.xml"/>
    <xi:include href="ch039_case-studies-messaging.xml"/>
    <xi:include href="ch041_database-backend-considerations.xml"/>
    <xi:include href="ch042_database-overview.xml"/>
    <xi:include href="ch043_database-transport-security.xml"/>
    <xi:include href="ch044_case-studies-database.xml"/>
    <xi:include href="ch046_data-residency.xml"/>
    <xi:include href="ch047_data-encryption.xml"/>
    <xi:include href="ch048_key-management.xml"/>
    <xi:include href="ch049_case-studies-tenant-data.xml"/>
    <xi:include href="ch051_vss-intro.xml"/>
    <xi:include href="ch052_devices.xml"/>
    <xi:include href="ch053_case-studies-instance-isolation.xml"/>
    <xi:include href="ch055_security-services-for-instances.xml"/>
    <xi:include href="ch056_case-studies-instance-management.xml"/>
    <xi:include href="ch058_forensicsincident-response.xml"/>
    <xi:include href="ch059_case-studies-monitoring-logging.xml"/>
    <xi:include href="ch061_compliance-overview.xml"/>
    <xi:include href="ch062_audit-guidance.xml"/>
    <xi:include href="ch063_compliance-activities.xml"/>
    <xi:include href="ch064_certifications-compliance-statements.xml"/>
    <xi:include href="ch065_privacy.xml"/>
    <xi:include href="ch066_case-studies-compliance.xml"/>
    <xi:include href="../common/app_support.xml"/>
  <glossary role="auto"/>
</book>