636abd5f42
Nicira NVP is to be replaced with VMware NSX as the product has been rebranded. Partial-implements blueprint nicira-plugin-renaming Change-Id: I1dd93a52984d473ec6cc5b905867711297495f67
128 lines
12 KiB
XML
128 lines
12 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
||
<chapter xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://docbook.org/ns/docbook" xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="ch002_why-and-how-we-wrote-this-book"><?dbhtml stop-chunking?>
|
||
<title>Why and how we wrote this book</title>
|
||
<para>As OpenStack adoption continues to grow and the product matures, security has become a priority. The OpenStack Security Group has recognized the need for a comprehensive and authoritative security guide. The <emphasis role="bold">OpenStack Security Guide</emphasis> has been written to provide an overview of security best practices, guidelines, and recommendations for increasing the security of an OpenStack deployment. The authors bring their expertise from deploying and securing OpenStack in a variety of environments.</para>
|
||
<para>The guide augments the <link xlink:href="http://docs.openstack.org/ops/"><citetitle>OpenStack Operations Guide</citetitle></link> and can be referenced to harden existing OpenStack deployments or to evaluate the security controls of OpenStack cloud providers.</para>
|
||
<section xml:id="ch002_why-and-how-we-wrote-this-book-idp117696">
|
||
<title>Objectives</title>
|
||
<itemizedlist><listitem>
|
||
<para>Identify the security domains in OpenStack</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Provide guidance to secure your OpenStack deployment</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Highlight security concerns and potential mitigations in present day OpenStack</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Discuss upcoming security features</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>To provide a community driven facility for knowledge capture and dissemination</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
</section>
|
||
<section xml:id="ch002_why-and-how-we-wrote-this-book-idp123024">
|
||
<title>How</title>
|
||
<para>As with the OpenStack Operations Guide, we followed the book sprint methodology. The book sprint process allows for rapid development and production of large bodies of written work. Coordinators from the OpenStack Security Group re-enlisted the services of Adam Hyde as facilitator. Corporate support was obtained and the project was formally announced during the OpenStack summit in Portland, Oregon.</para>
|
||
<para>The team converged in Annapolis, MD due to the close proximity of some key members of the group. This was a remarkable collaboration between public sector intelligence community members, silicon valley startups and some large, well-known technology companies. The book sprint ran during the last week in June 2013 and the first edition was created in five days.</para>
|
||
<para><inlinemediaobject><imageobject role="html">
|
||
<imagedata contentdepth="450" contentwidth="540" fileref="static/group.png" format="PNG" scalefit="1"/>
|
||
</imageobject>
|
||
<imageobject role="fo">
|
||
<imagedata contentdepth="100%" fileref="static/group.png" format="PNG" scalefit="1" width="100%"/>
|
||
</imageobject>
|
||
</inlinemediaobject></para>
|
||
<para>The team included:</para>
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para><emphasis role="bold">Bryan D. Payne</emphasis>, Nebula</para>
|
||
<para>Dr. Bryan D. Payne is the Director of Security Research at Nebula and co-founder of the OpenStack Security Group (OSSG). Prior to joining Nebula, he worked at Sandia National Labs, the National Security Agency, BAE Systems, and IBM Research. He graduated with a Ph.D. in Computer Science from the Georgia Tech College of Computing, specializing in systems security.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Robert Clark</emphasis>, HP</para>
|
||
<para>Robert Clark is the Lead Security Architect for HP Cloud Services and co-founder of the OpenStack Security Group (OSSG). Prior to being recruited by HP, he worked in the UK Intelligence Community. Robert has a strong background in threat modeling, security architecture and virtualization technology. Robert has a master's degree in Software Engineering from the University of Wales.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Keith Basil</emphasis>, Red Hat</para>
|
||
<para>Keith Basil is a Principal Product Manager for Red Hat OpenStack and is focused on Red Hat's OpenStack product management, development and strategy. Within the US public sector, Basil brings previous experience from the design of an authorized, secure, high-performance cloud architecture for Federal civilian agencies and contractors.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Cody Bunch</emphasis>, Rackspace</para>
|
||
<para>Cody Bunch is a Private Cloud architect with Rackspace. Cody has co-authored an update to "The OpenStack Cookbook" as well as books on VMware automation.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Malini Bhandaru</emphasis>, Intel</para>
|
||
<para>Malini Bhandaru is a security architect at Intel. She has a varied background, having worked on platform power and performance at Intel, speech products at Nuance, remote monitoring and management at ComBrio, and web commerce at Verizon. She has a Ph.D. in Artificial Intelligence from the University of Massachusetts, Amherst.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Gregg Tally</emphasis>, Johns Hopkins University Applied Physics Laboratory</para>
|
||
<para>Gregg Tally is the Chief Engineer at JHU/APL's Cyber Systems Group within the Asymmetric Operations Department. He works primarily in systems security engineering. Previously, he has worked at SPARTA, McAfee, and Trusted Information Systems where he was involved in cyber security research projects.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Eric Lopez</emphasis>, VMware</para>
|
||
<para>Eric Lopez is Senior Solution Architect at VMware's Networking and Security Business Unit where he helps customers implement OpenStack and VMware NSX (formerly known as Nicira's Network Virtualization Platform). Prior to joining VMware (through the company's acquisition of Nicira), he worked for Q1 Labs, Symantec, Vontu, and Brightmail. He has a B.S in Electrical Engineering/Computer Science and Nuclear Engineering from U.C. Berkeley and MBA from the University of San Francisco.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Shawn Wells</emphasis>, Red Hat</para>
|
||
<para>Shawn Wells is the Director, Innovation Programs at Red Hat, focused on improving the process of adopting, contributing to, and managing open source technologies within the U.S. Government. Additionally, Shawn is an upstream maintainer of the SCAP Security Guide project which forms virtualization and operating system hardening policy with the U.S. Military, NSA, and DISA. Formerly an NSA civilian, Shawn developed SIGINT collection systems utilizing large distributed computing infrastructures.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Ben de Bont</emphasis>, HP</para>
|
||
<para>Ben de Bont is the CSO for HP Cloud Services. Prior to his current role Ben led the information security group at MySpace and the incident response team at MSN Security. Ben holds a master's degree in Computer Science from the Queensland University of Technology.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Nathanael Burton</emphasis>, National Security Agency</para>
|
||
<para>Nathanael Burton is a Computer Scientist at the National Security Agency. He has worked for the Agency for over 10 years working on distributed systems, large-scale hosting, open source initiatives, operating systems, security, storage, and virtualization technology. He has a B.S. in Computer Science from Virginia Tech.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Vibha Fauver</emphasis></para>
|
||
<para>Vibha Fauver, GWEB, CISSP, PMP, has over fifteen years of experience in Information Technology. Her areas of specialization include software engineering, project management and information security. She has a B.S. in Computer & Information Science and a M.S. in Engineering Management with specialization and a certificate in Systems Engineering.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Eric Windisch</emphasis>, Cloudscaling</para>
|
||
<para>Eric Windisch is a Principal Engineer at Cloudscaling where he has been contributing to OpenStack for over two years. Eric has been in the trenches of hostile environments, building tenant isolation and infrastructure security through more than a decade of experience in the web hosting industry. He has been building cloud computing infrastructure and automation since 2007.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Andrew Hay</emphasis>, CloudPassage</para>
|
||
<para>Andrew Hay is the Director of Applied Security Research at CloudPassage, Inc. where he leads the security research efforts for the company and its server security products purpose-built for dynamic public, private, and hybrid cloud hosting environments.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><emphasis role="bold">Adam Hyde</emphasis></para>
|
||
<para>Adam facilitated this Book Sprint. He also founded the Book Sprint methodology and is the most experienced Book Sprint facilitator around. Adam founded FLOSS Manuals—a community of some 3,000 individuals developing Free Manuals about Free Software. He is also the founder and project manager for Booktype, an open source project for writing, editing, and publishing books online and in print.</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
<para>During the sprint we also had help from Anne Gentle, Warren Wang, Paul McMillan, Brian Schott and Lorin Hochstein.</para>
|
||
<para>This Book was produced in a 5 day book sprint. A book
|
||
sprint is an intensely collaborative, facilitated process which
|
||
brings together a group to produce a book in 3-5 days. It is a
|
||
strongly facilitated process with a specific methodology founded
|
||
and developed by Adam Hyde. For more information visit the book
|
||
sprint web page at
|
||
<link xlink:href="http://www.booksprints.net">http://www.booksprints.net</link>.
|
||
</para>
|
||
<para>After initial publication, the following added new content:</para>
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para><emphasis role="bold">Rodney D. Beede</emphasis>,
|
||
Seagate Technology
|
||
</para>
|
||
<para>Rodney D. Beede is the Cloud Security Engineer for
|
||
Seagate Technology. He contributed the missing chapter on
|
||
securing OpenStack Object Storage (Swift). He holds a M.S.
|
||
in Computer Science from the University of Colorado.
|
||
</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
</section>
|
||
<section xml:id="ch002_why-and-how-we-wrote-this-book-idp150816">
|
||
<title>How to contribute to this book</title>
|
||
<para>The initial work on this book was conducted in an overly
|
||
air-conditioned room that served as our group office for the
|
||
entirety of the documentation sprint.</para>
|
||
<para>Learn more about how to contribute to the OpenStack
|
||
docs: <link xlink:href="http://wiki.openstack.org/Documentation/HowTo">http://wiki.openstack.org/Documentation/HowTo</link>.
|
||
</para>
|
||
</section>
|
||
</chapter>
|