Encryption technology can be used in OpenStack to protect the confidentiality and integrity of data and software. There are services built in to Nova, Cinder, Glance, and Barbican to work together to protect your cloud and its users.
This workshop provides a hands-on tour through encryption use in OpenStack, led by core members of the Barbican project.
Bring your laptop! At the begining of this workshop, attendees will each be given SSH access to a VM with OpenStack software arleady installed. After discussing the architecture and technology, we'll hit the ground running with configuration and operation steps to get hands on experience encrypting Nova and Cinder volumes, verifying Glance images, and storing encryption keys in Barbican.
We will configure Barbican to use two different secret store plugins. One will store the secrets in a software-based backend (Dogtag), while the other will store the secrets in a hardware-based backend (Thales nShield Connect XC HSM).
By the end of the class you will know:
1) Importance of encryption to protect both the confidentiality and the integrity of data and software used in the cloud.
2) How to configure Barbican to be used for secret storage and how to store and retrieve encryption keys.
3) How to configure Nova and Cinder to use volume encryption to encrypt users' data and how to create encrypted volumes.
4) How to configure Glance to use cryptography to perform image signing and validation to ensure the software can be trusted and how to use the this feature.