Hardening OpenStack to Support Trust in Public Clouds

Add Your Comments

Vin Sharma is a software strategist at Intel responsible for planning and marketing Intel contributions to open source datacenter software projects, specifically Hadoop, OpenStack, KVM, and enterprise Linux.

Vin-Sharma-tnVIN SHARMA
Intel

A public cloud is meaningless without multi-tenancy. And multi-tenancy is unworkable without trust in the infrastructure. So when the community OpenStack came together at its summit in San Diego last fall, I was particularly excited about the full day of security topics on the agenda. I wasn’t alone — the packed sessions were a clear indication that the OpenStack community is serious about building trust from the foundation up as well as hardening against vulnerabilities. This focus on security is timely – it’s been close to the hearts and minds of many at Intel.

Security Concerns on the Rise

We’ve all known for a while that as enterprises move business-critical workloads into a public cloud, security and privacy issues rise to preeminence. The annual survey conducted by the Open Data Center Alliance continues to reinforce this view. As with every other “enterprise requirement”, then, cloud service providers and solution vendors start with a high-contrast choice:  either adapt for the cloud what’s worked well in traditional data centers (knowing fully well that some techniques just won’t scale) or design a whole new approach for this new IT delivery model.

So when a new open source project like OpenStack comes along, it presents a great opportunity to implement the best new thinking on cloud security, while leapfrogging over hurdles strewn by enterprise legacies. Put simply, we have that rare opportunity to keep the baby and let out the bathwater.

To be sure, the underlying security infrastructure of OpenStack must be hardened—with authentication, encryption, role-based access control, containment, auditing and myriad other security capabilities that are well understood in traditional enterprise operating systems. What we are advocating is a combination of security features and practices refined over decades of enterprise usage with security mechanisms built specifically for use cases that are unique to the public cloud – like trustworthy multi-tenancy.

Trusted Compute Pools

One significant step in that direction is the notion of “trusted compute pools” – a usage model that Intel has espoused and brought to light with the Folsom version of OpenStack. The premise is simple:  organizations moving regulation-compliant workloads to the cloud require the same assurance of security that they get from traditional IT today. To support a service provider’s ability to create a pool of resources whose integrity can be assured, Intel developed a number of components that weave through the stack – from UI changes in Horizon through the APIs and scheduler in Nova to an independent remote-attestation server down to the trusted boot pre-kernel module in the Xen/KVM hypervisors. The lynchpin of this apparatus is a new filter in the OpenStack scheduler that selects servers whose trust has been attested. We’re thrilled that the entire solution stack is ready to be packaged and supported by distribution vendors such as Canonical.

And at the Summit with developers working on Grizzly, we are proposing enhancements to identity management using platform attributes. Until now, the fundamental element of identity has been a set of user attributes: whether it’s username & password, biometrics, or something else. Intel’s Abhilasha Bhargav-Spantzel is proposing device attributes as another element of identity. Abhilasha wants you to envision device characteristics as another link in the chain of the trust forged from client to cloud, when a trusted service is delivered by a provider.

How is this useful? This enables a number of use cases for the delivery of cloud services with varying levels of personalization and anonymity. For example, a service provider might want to deliver some services to specific device types regardless of user attributes while delivering other, more security-sensitive, services only after robust attestation of device attributes as well as user credentials. There’s a lot of exciting work in this area happening and we are developing use cases and blueprints that advance the state of the art.

To sum up, we’re excited by the promise and potential that OpenStack presents to build an infrastructure that balances privacy, security, and usability while delivering cloud services at scale. Abhilasha’s video from OpenStack is now online. Stay tuned for updates on our contributions to OpenStack and cloud security.

Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.

Add Your Comments

  • (will not be published)