SEcure Cloud computing for CRitical Infrastructure IT Open
- Slides: 25
SEcure Cloud computing for CRitical Infrastructure IT Open. Stack Ani Bicaku 18/04/2015 AIT Austrian Institute of Technology • ETRA Investigación y Desarrollo • Fraunhofer Institute for Experimental Software Engineering IESE • Karlsruhe Institute of Technology • NEC Europe • Lancaster University • Mirasys • Hellenic Telecommunications Organization OTE • Ayuntamiento de Valencia • Amaris
What is Open. Stack ? § Open-Source Cloud OS § Public and Private Cloud § 18000 individual members § 140 countries around the world § Collection of open-source technologies 16. 09. 2020 © SECCRIT Consortium 2
Why Open. Stack ? § Research of assurance in Cloud environment § Monitor Cloud infrastructure § Testbed § Investigate open-source monitoring tools § Harmonize different monitoring tools 16. 09. 2020 © SECCRIT Consortium 3
What can you do with Open. Stack § Virtual Servers § Virtual network and virtual data center § Scalable servers § Load balancing § Virtual Storage § Billing § Migrate data and applications § Disaster recovery 16. 09. 2020 © SECCRIT Consortium 4
Open. Stack Principles q Open Development q Open Design q Open Community 16. 09. 2020 © SECCRIT Consortium 5
Open. Stack is Cloud OS User Your Application APIs Dashboard Hypervisor Hardware 16. 09. 2020 © SECCRIT Consortium 6
Open. Stack Release 16. 09. 2020 © SECCRIT Consortium 7
Simplified Open. Stack Component Interaction User Interface Dashboard (HORIZON) Keystone : Authentication and authorization framework Neutron: Provide network as a service to compute Networking (NEUTRON) Compute (NOVA) Image (GLANCE) Nova : Provision and manage virtual networks for VM’s Glance : Registry for VMs image Horizon : Web Interface to manage instances Identity (KEYSTONE) 16. 09. 2020 Authentication © SECCRIT Consortium Stores Images 8
Open. Stack Service Relation Horizon Neutron Glance Nova Swift Cinder Keystone 16. 09. 2020 © SECCRIT Consortium 9
Open. Stack Optional Services Orchestration Service Load Balancer as a Service Database as Service Telemetry Service 16. 09. 2020 © SECCRIT Consortium 10
Running example Main server ü Keystone ü Glance ü Nova ü Cinder ü Heat ü Ceilometer Network controller ü Neutron ü Horizon ü Lbaas Compute 1 / 2 ü Nova-compute ü Neutron-compute ü Ceilometer-agent Network eth 0 - Administration Network eth 1 - Instance Tunneling Network eth 2 - Public Network for VMs 16. 09. 2020 © SECCRIT Consortium 11
Technical Requirements § Server (3 machines) § CPU supporting Hypervisor KVM & 64 -bit x 86 § 4 GB RAM § 160 GB HDD § Operating System § Ubuntu Server 14. 04 LTS 64 -bit § Network Configuration § NIC Gigabit 16. 09. 2020 © SECCRIT Consortium 12
Launch an Instance from Horizon 16. 09. 2020 © SECCRIT Consortium 13
Virtual Network Infrastructure § External Network provides external internet access for instances. § Tenant network provides internal network access for instances § Virtual router passes network traffic between two or more virtual networks § To enable internet access to individual instances they need floating IP and security group rules. 16. 09. 2020 © SECCRIT Consortium
Initial Network § Create the external network ü Internet access from instances § Create a subnet on external network ü Like a physical network, a virtual network requires a subnet assigned to it 16. 09. 2020 © SECCRIT Consortium 15
Initial Network § Create the tenant network ü Provides internal network access for instances § Create a subnet on the tenant network ü Like the external network , the tenant network requires a subnet attached to it 16. 09. 2020 © SECCRIT Consortium 16
Initial Network § Create the router ü Router connected with tenant and external network § Attach the Router to the tenant network § Attach the Router to the external network 16. 09. 2020 © SECCRIT Consortium 17
VM Provisioning Horizon CLI Controller 1 Keystone Glance Nova-api Endpoint Glance-api Scheduler Nova DB Neutron-network 16. 09. 2020 Nova-compute take information for Neutron-network Hypervisor downloads update Nova-compute Nova Hypervisor Keystone api publishes validate request arequest API VM short from Nova-api Horizon Nova-api User Keystone specify sends validate sends VM POST sends HTTP itparameters from back request novahascreates an access to to Scheduler sends the VM User from DB, a coomand Horizon sends HTTP request to temporary db. If to request (flavor, image, key) validate token nova-api is valid to token Horizon it to saves via a tables image with using networking URL given info by message token image neutron-network and from to send scheduler Glance response via with hypervisor and delegates VM Keystone Horizon or CLI message to nova-compute db(signed entry Click about Keystone with “Create” HTTP given the new buton token) VM and VM Glance DB with networking accept/reject image VM info IDinfo rendering toentry hypervisor Glance-registry Nova Compute Nova-compute Hypervisor © SECCRIT Consortium 18
VM Provisioning Tenant is created, user has an access to Horizon / CLI Horizon CLI Controller 1 Keystone Glance Nova-api Endpoint Glance-api Scheduler Nova DB Neutron-network 16. 09. 2020 Glance-registry Nova Compute Nova-compute Hypervisor © SECCRIT Consortium 19
Create Instance § § § Name Flavor (Tiny / Small / Medium / Large / Xlarge) Instance Boot Source (Image/ Snap. Shot/ Volume ) Key Pair Networking 16. 09. 2020 © SECCRIT Consortium 20
Instance Console 16. 09. 2020 © SECCRIT Consortium 21
Network Topology 16. 09. 2020 © SECCRIT Consortium 22
Open-Source Monitoring Tools 16. 09. 2020 © SECCRIT Consortium 23
Get involved! Website: www. openstack. org Mailing Lists: http: //lists. openstack. org Wiki: http: //wiki. openstack. org 16. 09. 2020 © SECCRIT Consortium 24
SEcure Cloud computing for CRitical Infrastructure IT Contact Ani Bicaku AIT 0043 660 28 37 355 Ani. Bicaku@ait. ac. at AIT Austrian Institute of Technology • ETRA Investigación y Desarrollo • Fraunhofer Institute for Experimental Software Engineering IESE • Karlsruhe Institute of Technology • NEC Europe • Lancaster University • Mirasys • Hellenic Telecommunications Organization OTE • Ayuntamiento de Valencia • Amaris
- Critical semi critical and non critical instruments
- Spaulding classification of medical devices ppt
- Berkeley open infrastructure for network computing
- Computing refers to
- 영국 beis
- Grid computing infrastructure
- Voltage securemail cloud
- Critical infrastructure cybersecurity trends
- Klint walker
- Ceii ferc
- Critical infrastructure security coordination centre
- Critical infrastructure protection board
- Nist framework for improving critical infrastructure
- Nist cybersecurity framework roadmap
- Improving critical infrastructure cybersecurity
- Aviation critical infrastructure
- Oracle cloud visio stencils
- Mcse private cloud and server infrastructure
- Cloud and dynamic infrastructure
- Oci icon
- Cloud infrastructure wiki
- Infrastructure mechanisms
- Oracle private cloud
- Conventional computing and intelligent computing
- Compare non-critical readers with critical readers.
- Openstack summit shanghai