Security Guide
- 1 HPE Helion OpenStack®: Security Features Overview
- 2 Key Management with the Barbican Service
- 3 Key Management Service Administration
- 4 HPE Helion OpenStack®: Service Admin Role Segregation in the Identity Service
- 5 Role-Based Access Control in Neutron
- 6 Configuring Keystone and Horizon to use X.509 Client Certificates
- 7 Transport Layer Security (TLS) Overview
- 8 HPE Helion OpenStack®: Preventing Host Header Poisoning
- 9 Encryption of Passwords and Sensitive Data
- 10 Encryption of Ephemeral Volumes
- 11 Refining Access Control with AppArmor
- 12 Data at Rest Encryption
- 13 Glance-API Rate Limit (CVE-2016-8611)
- 14 Security Audit Logs
HPE Helion OpenStack 8
Security Guide
- 1 HPE Helion OpenStack®: Security Features Overview
- 1.1 Security features in HPE Helion OpenStack 8
- 1.2 Role-Based Access Control (RBAC) Support for Neutron Networks
- 1.3 Separate Service Administrator Role
- 1.4 Inter-service Password Enhancements
- 1.5 SELinux for KVM
- 1.6 Data In Transit Protection
- 1.7 Data-at-Rest Protection Using Project-Based Encryption
- 1.8 CADF-Compliant Security Audit Logs
- 1.9 PCI Readiness
- 1.10 Glance-API Rate Limit to Address CVE-2016-8611
- 2 Key Management with the Barbican Service
- 3 Key Management Service Administration
- 3.1 Post-installation verification and administration
- 3.2 Updating the Barbican Key Management Service
- 3.3 Barbican Settings
- 3.4 Enable or Disable Auditing of Barbican Events
- 3.5 Updating the Barbican API Service Configuration File
- 3.6 Starting and Stopping the Barbican Service
- 3.7 Changing or Resetting a Password
- 3.8 Checking Barbican Status
- 3.9 Updating Logging Configuration
- 4 HPE Helion OpenStack®: Service Admin Role Segregation in the Identity Service
- 5 Role-Based Access Control in Neutron
- 5.1 Creating a Network
- 5.2 Creating an RBAC Policy
- 5.3 Listing RBACs
- 5.4 Listing the Attributes of an RBAC
- 5.5 Deleting an RBAC Policy
- 5.6 Sharing a Network with All Tenants
- 5.7 Target Project (
demo2) View of Networks and Subnets - 5.8 Target Project: Creating a Port Using demo-net
- 5.9 Target Project Booting a VM Using Demo-Net
- 5.10 Limitations
- 6 Configuring Keystone and Horizon to use X.509 Client Certificates
- 7 Transport Layer Security (TLS) Overview
- 8 HPE Helion OpenStack®: Preventing Host Header Poisoning
- 9 Encryption of Passwords and Sensitive Data
- 10 Encryption of Ephemeral Volumes
- 11 Refining Access Control with AppArmor
- 12 Data at Rest Encryption
- 13 Glance-API Rate Limit (CVE-2016-8611)
- 14 Security Audit Logs
Copyright © 2006– 2024 SUSE LLC and contributors. All rights reserved.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License :
For SUSE trademarks, see http://www.suse.com/company/legal/. All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its affiliates. Asterisks (*) denote third-party trademarks.
All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its affiliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof.