- 1 SUSE® OpenStack Cloud: Security Planning and Features
- 1.1 Security Planning
- 1.2 Security Features in SUSE OpenStack Cloud 9
- 1.3 Role-Based Access Control (RBAC) Support for neutron Networks
- 1.4 Network Security Group Logging and Auditing
- 1.5 Separate Service Administrator Role
- 1.6 Inter-service Password Enhancements
- 1.7 Data In Transit Protection
- 1.8 Data-at-Rest Protection Using Project-Based Encryption
- 1.9 CADF-Compliant Security Audit Logs
- 1.10 glance-API Rate Limit to Address CVE-2016-8611
- 2 Key Management with the barbican Service
- 3 Key Management Service Administration
- 3.1 Post-installation verification and administration
- 3.2 Updating the barbican Key Management Service
- 3.3 barbican Settings
- 3.4 Enable or Disable Auditing of barbican Events
- 3.5 Updating the barbican API Service Configuration File
- 3.6 Starting and Stopping the barbican Service
- 3.7 Changing or Resetting a Password
- 3.8 Checking Barbican Status
- 3.9 Updating Logging Configuration
- 4 Service Admin Role Segregation in the Identity Service
- 5 Role-Based Access Control in neutron
- 5.1 Creating a Network
- 5.2 Creating an RBAC Policy
- 5.3 Listing RBACs
- 5.4 Listing the Attributes of an RBAC
- 5.5 Deleting an RBAC Policy
- 5.6 Sharing a Network with All Tenants
- 5.7 Target Project (
demo2
) View of Networks and Subnets - 5.8 Target Project: Creating a Port Using demo-net
- 5.9 Target Project Booting a VM Using Demo-Net
- 5.10 Limitations
- 6 Enabling Network Security Group Logging
- 7 Configuring keystone and horizon to use X.509 Client Certificates
- 8 Transport Layer Security (TLS) Overview
- 9 Preventing Host Header Poisoning
- 10 Encryption of Passwords and Sensitive Data
- 11 Encryption of Ephemeral Volumes
- 12 Refining Access Control with AppArmor
- 13 Data at Rest Encryption
- 14 glance-API Rate Limit (CVE-2016-8611)
- 15 Security Audit Logs
Copyright © 2006– 2024 SUSE LLC and contributors. All rights reserved.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License : https://creativecommons.org/licenses/by/3.0/legalcode.
For SUSE trademarks, see https://www.suse.com/company/legal/. All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its affiliates. Asterisks (*) denote third-party trademarks.
All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its affiliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof.