Event Details

Please note: All times listed below are in Central Time Zone


Encryption Workshop: Using Encryption to Secure Your Cloud

Encryption technology can be used in OpenStack to protect the confidentiality and integrity of data and software. There are services built in to Nova, Cinder, Glance, and Barbican to work together to protect your cloud and its users.

This workshop provides a hands-on tour through encryption use in OpenStack, led by core members of the Barbican project.

Bring your laptop! At the begining of this workshop, attendees will each be given SSH access to a VM with OpenStack software arleady installed. After discussing the architecture and technology, we'll hit the ground running with configuration and operation steps to get hands on experience encrypting Nova and Cinder volumes, verifying Glance images, and storing encryption keys in Barbican.

We will configure Barbican to use two different secret store plugins. One will store the secrets in a software-based backend (Dogtag), while the other will store the secrets in a hardware-based backend (Thales nShield Connect XC HSM).

 


What can I expect to learn?

By the end of the class you will know:

1) Importance of encryption to protect both the confidentiality and the integrity of data and software used in the cloud.

2) How to configure Barbican to be used for secret storage and how to store and retrieve encryption keys.

3) How to configure Nova and Cinder to use volume encryption to encrypt users' data and how to create encrypted volumes.

4) How to configure Glance to use cryptography to perform image signing and validation to ensure the software can be trusted and how to use the this feature.

 

Tuesday, November 13, 11:00am-12:30pm (10:00am - 11:30am UTC)
Difficulty Level: Intermediate
Cisco Systems
Dave McCowan leads security initiatives for the Private Cloud Engineering Team at Cisco.  He has been an OpenStack contributor for 6 years.  He is a former PTL for the Barbican project where he continues as a core reviewer.  He's an enthusiast of security of all kinds and holds a CISSP. FULL PROFILE
Red Hat
Ade works for Red Hat, and has been involved in various security and OpenStack projects (Dogtag, FreeIPA, Barbican, TripleO) for several years.  He is a former Barbican PTL.  Most recently, he's been working on FIPS compliance in OpenStack. FULL PROFILE
Thales eSecurity
Bernd Stamp is an experienced IT security expert who has worked for leading IT security companies such as Aladdin and SafeNet. As a recognized speaker at C-Level events, Bernd Stamp offers a wealth of knowledge and experience in his presentations. At Thales, Bernd Stamp focuses on companies operating in the DACH region to understand their specific challenges, derive a strategy and meet their IT... FULL PROFILE