SlideShare une entreprise Scribd logo

Implementing security groups in open stack

Rishabh Agarwal
Rishabh Agarwal

Introduction to Cloud Computing, its types, implementation of Security Groups and installation guide for Single Node

Ingénierie
1  sur  27
Télécharger pour lire hors ligne
IMPLEMENTING SECURITY GROUPS IN OPENSTACK submitted to Noida Institute of Engineering & Technology, Greater Noida Project Report submitted by Rishabh Agarwal Arzoo Singh Raj Shekhar Jyoti Yadav under the supervision of Mr. Hitesh Sharma Mr. Rahul Singh Department of Computer Science and Engineering
DECLARATION WE, STUDENTS OF BACHELOR OF TECHNOLOGY, COMPUTER SCIENCE AND ENGINEERING, NIET GREATER NOIDA, HEREBY DECLARE THAT THE WORK PRESENTED IN THIS THESIS IS OUTCOME OF OUR OWN WORK, IS BONAFIDE, CORRECT TO THE BEST OF OUR KNOWLEDGE. THIS WORK HAS BEEN CARRIED OUT TAKING CARE OF ENGINEERING ETHICS AND KEEPING INDIAN IP LAWS INTO CONSIDERATION. RISHABH AGARWAL ARZOO SINGH 1313310118 1313310036 RAJ SHEKHAR JYOTI YADAV 1313310114 1313310070 DATE: 16-06-2016 i
ACKNOWLEDGEMENT WE WOULD LIKE TO TAKE THIS OPPORTUNITY TO EXPRESS OUR DEEP SENSE OF GRATITUDE AND PROFOUND FEELING OF ADMIRATION TO OUR PROJECT SUPERVISOR/MENTOR MR HITESH SHARMA AND MR RAHUL SINGH, FOR PROVIDING US INVALUABLE GUIDANCE FOR THE TECHNICAL SEMINAR. WE ACKNOWLEDGE HERE OUT DEPT TO ALL THOSE WHO HELPED SIGNIFICANTLY IN ONE OR MORE STEPS. ii
ABSTRACT The use of Cloud Computing has increased rapidly in many organizations. Cloud computing provides many benefits in terms of low cost and accessibility of data. Ensuring the security of cloud computing is a major factor in the cloud computing environment, as users often store sensitive information with cloud storage providers but these providers may be untrusted. Dealing with “single cloud” providers is predicted to become less popular with customers due to risks of service availability failure and the possibility of malicious insiders in the single cloud. A movement towards “multi-clouds”, or in other words, “interclouds” or “cloud-of-clouds” has emerged recently. Cloud can be implemented in 2 installation modes namely – Single Node Installation and Multi Node Installation. A single node installation installs all components like nova, keystone, cinder, etc. in one single node(used basically for testing). Multi node installation installs different components along various nodes. In Single Node installation, since all components are installed on a single node failure of any one node may lead to the failure of entire system. Multi node installation ensures reliable service since it deploys multiple components on multiple nodes. Multi Node installation can also implemented by having multiple copies of components on various nodes thus ensuring more reliability. iii
CONTENT Chapter Title Page No. Declaration i Acknowledgement ii Abstract iii 1 Introduction 1 1.1 Overview 1 1.2 Types of Cloud 2 1.3 Classification on the basis of Services 4 1.4 Advantages 5 2 Security 6 2.1 Security issues associated with cloud 6 2.2 Single node and Multi node 7 2.3 Security single node and multi node 9 3 Installation Guide 12 3.1 Installation 12 3.1.1 Add User 12 3.1.2 Download 12 3.1.3 Run DevStack 13 3.1.4 Using OpenStack 14 3.2 Container Setup 14 3.2.1 Configuration 14 3.2.2 Create Container 15 3.2.3 Start Container 15 3.2.4 Run DevStack 16 3.2.5 Cleanup 16 3.3 Configure Compute Nodes 17 4 Conclusion 20 5 References 21
LIST OF FIGURES Figure Name Figure No Page No Layered Model of Cloud 1 2 Architecture of Cloud Data Storage 2 4 Services of the Cloud 3 5 Multi Node Architecture 4 8
Chapter 1 INTRODUCTION 1.1 Overview The term „Cloud Computing‟ is made up of two terms, Cloud and Computing. Cloud could be thought to be synonymous with the Internet where various resources are interlinked with the use of network. One can use the resource they want with the help of simple client-server architecture. The term „computing‟ refers to processing. Cloud computing is computing on various resources over the network. In cloud computing Infrastructure, Platform and Application/Software are delivered as service over the network. The cloud concept has changed the IT market wherein organizations need not invest on resources; they rather rent the required resource on on-demand basis or take services from the cloud which has reduced the infrastructure costs in manifold. Cloud is basically used in three models namely, Saas (Software as a Service), PaaS (Platform as a service), IaaS (Infrastructure as a service). SaaS model of cloud computing lies with end users, where they store their critical, important and real time information. PaaS model of cloud computing is used mostly by Application developers, who use the platform from cloud as a service to develop, test, debug and deploy their applications. It is basically a middleware for developers. IaaS model is used by network analysts. Here services like storage, networking, and database management are also offered. In general pay per use payment model is followed here. The end user is generally interested only in SaaS. The data is consumed as well as produced by the cloud. This data is used by cloud computing systems and client computing systems as well. 1
Fig 1: Layered Model of Cloud Cloud computing has no specific definition as such. However, one acceptable definition was given which more or less defined cloud computing. It states cloud to be “A large-scale distributed computing paradigm that is driven by economies of scale, in which a pool of abstracted, virtualized, dynamically-scalable, managed computing power, storage, platforms, and services are delivered on demand to external customers over the Internet.” 1.2 Types of Cloud Cloud computing is typically classified in the following ways:  Public cloud: In Public cloud the computing infrastructure is hosted by the cloud vendor at the vendor‟s premises. The customer has no visibility 2
and control over where the computing infrastructure is hosted. The computing infrastructure is shared between any organizations.  Private cloud: The computing infrastructure is dedicated to a particular organization and not shared with other organizations. Private clouds are more expensive and more secure when compared to public clouds. Private clouds are of two types: On-premise private clouds and externally hosted. Private clouds. Externally hosted private clouds are also exclusively used by one organization, but are hosted by a third party specializing in cloud infrastructure. Externally hosted private clouds are cheaper than On-premise private clouds.  Hybrid cloud: Organizations may host critical applications on private clouds and applications with relatively less security concerns on the public cloud. The usage of both private and public clouds together is called hybrid cloud. A related term is Cloud Bursting. In Cloud bursting organization use their own computing infrastructure for normal usage, but access the cloud for high/peak load requirements. This ensures that a sudden increase in computing requirement is handled gracefully.  Community cloud: It involves sharing of computing infrastructure in between organization of the same community. For example all Government organizations within the state of California may share computing infrastructure on the cloud to manage data related to citizens residing in California 3
Fig 2: Architecture of Cloud Data Storage 1.3 Classification on the basis of services The three key cloud delivery models are –  Software-as-a-Service (SaaS) enables a software deployment model in which one or more applications and the computing resources that run them are provided for use on demand as a turnkey service. It can reduce the total cost of hardware and software development, maintenance, and operations.  Platform-as-a-Service (PaaS) enables a software deployment model in which the computing platform is provided as an on-demand service which applications can be developed upon and deployed. It can reduce the cost and complexity of buying, housing, and the managing of hardware and software components of the platform.Infrastructure-as-a-Service (IaaS) enables a software deployment model in which the basic computing infrastructure of servers, software, and network equipment is provided as an on-demand 4
service upon which a platform to develop and execute applications can be founded. It can be used to avoid buying, housing, and managing the basic hardware and software infrastructure components. Fig 3: Services of the Cloud 1.4 Advantages of Cloud Computing  Flexibility  Disaster recovery  Automatic software updates  Capital-expenditure Free  Increased collaboration  Work from anywhere  Document control  Security  Competitiveness  Environmentally Friendly 5
Chapter 2 SECURITY 2.1 Security issues associated with the cloud Cloud computing and storage solutions provide users and enterprises with various capabilities to store and process their data in third-party data centers. Organizations use the Cloud in a variety of different service models (SaaS, PaaS and IaaS) and deployment models (Private, Public, Hybrid and Community). There are a number of security concerns associated with cloud computing. These issues fall into two broad categories: security issues faced by cloud providers (organizations providing software-, platform-, or Infrastructure-as a-service via the cloud) and security issues faced by their customers (companies or organizations who host applications or store data on the cloud).The responsibility is shared, however. The provider must ensure that their infrastructure is secure and that their clients‟ data and applications are protected while the user must take measures to fortify their application and use strong passwords and authentication measures. When an organization elects to store data or host applications on the public cloud, it loses its ability to have physical access to the servers hosting its information. As a result, potentially sensitive data is at risk from insider attacks. According to a recent Cloud Security Alliance Report, insider attacks are the third biggest threat in cloud computing. Therefore, Cloud Service providers must ensure that thorough background checks are conducted for employees who have physical access to the servers in the data center. Additionally, data centers must be frequently monitored for suspicious activity. In order to conserve resources, cut costs, and maintain efficiency, Cloud Service Providers often store more than one customer's data on the same server. As a 6
result, there is a chance that one user's private data can be viewed by other users (possibly even competitors). To handle such sensitive situations, cloud service providers should ensure proper data isolation and logical storage segregation. The extensive use of virtualization in implementing cloud infrastructure brings unique security concerns for customers or tenants of a public cloud service. Virtualization alters the relationship between the OS and underlying hardware - be it computing, storage or even networking. This introduces an additional layer – virtualization that itself must be properly configured, managed and secured. Specific concerns include the potential to compromise the virtualization software, or "hypervisor". While these concerns are largely theoretical, they do exist. For example, a breach in the administrator workstation with the management software of the virtualization software can cause the whole datacenter to go down or be reconfigured to an attacker's liking. 2.2 Single node and Multi node in OpenStack A single node installation installs all components like Nova, Keystone, Cinder, etc. in one single node (used basically for testing). Multi node installation installs different components along various nodes. For example Keystone and Cinder in one node, Neutron in another and 2 Novas in 2 different servers. You can differentiate these two types of installation seeing if there is more than one node with different components in your environment. Generally speaking a single node setup of OpenStack (i.e.[DevStack])(http://docs.openstack.org/developer/devstack/) is used for testing purposes. It is not designed for production and thus most would strongly discourage such implementation. From a personal perspective, I've used it to test 7
certain OpenStack components that aren't fully available yet (i.e Sahara). For those purposes it is a fantastic environment. A multi-node setup on the other hand is what most production environments run on. Given the various components of OpenStack having all components on one node can significantly affect performance as you are limited to whatever resources that one node may have. Multi-Node not only provides a solution for this, but it is also highly scalable in the sense that if you require more compute power all you have to do is add more compute nodes (same with swift for storage, etc.). Additionally, having various nodes for various components can offer a failover in the case of one of your nodes suffers downtime. As for how to check the single node and multi node installation a quick and simple way to check if the current OpenStack deployment is single or multi node is run the following command in your controller node. nova host-list Fig 4: Multi Node Architecture 8
2.3 Security in Single node and Multi node 2.3.1 How to create Security Group? 1- Click on Access & Security 2-Click on Create Security Group 9
3- Enter the name of Security Group and click Create Security Group After creating, security group, you need to allow/deny network/protocol as per your requirement. This is the default rule in OpenStack for all tenant/group/project/user 2.3.2 How to add rules in Security Group? 1- Click on Add Rule 10
2- Manage Rules by clicking on Manage Security Group Rules 3- Here we are allowing All TCP ports. We can do the same for all protocols (TCP,UDP, ICMP etc.) Here, I have allowed All TCP, All UDP and All ICMP. After creating, click on Security &Access and you will be able to see your security group which you have created. 11
Chapter 3 INSTALLATION GUIDE 3.1 Installation 3.1.1 Add your user We need to add a user to install DevStack. (if you created a user during install you can skip this step and just give the user sudo privileges below) adduser stack Since this user will be making many changes to your system, it will need to have sudo privileges: apt-get install sudo -y || yum install -y sudo echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers From here on you should use the user you created. Logout and login as that user. 3.1.2 Download DevStack We‟ll grab the latest version of DevStack via https: sudo apt-get install git -y || sudo yum install -y git git clone https://git.openstack.org/openstack-dev/devstack cd devstack 12
3.1.3 Run DevStack Now to configure stack.sh. DevStack includes a sample in devstack/samples/local.conf. Createlocal.conf as shown below to do the following:  Set FLOATING_RANGE to a range not used on the local network, i.e. 192.168.1.224/27. This configures IP addresses ending in 225-254 to be used as floating IPs.  Set FIXED_RANGE and FIXED_NETWORK_SIZE to configure the internal address space used by the instances.  Set FLAT_INTERFACE to the Ethernet interface that connects the host to your local network. This is the interface that should be configured with the static IP address mentioned above.  Set the administrative password. This password is used for the admin and demo accounts set up as OpenStack users.  Set the MySQL administrative password. The default here is a random hex string which is inconvenient if you need to look at the database directly for anything.  Set the RabbitMQ password.  Set the service password. This is used by the OpenStack services (Nova, Glance, etc) to authenticate with Keystone. local.conf should look something like this: [[local|localrc]] FLOATING_RANGE=192.168.1.224/27 FIXED_RANGE=10.11.12.0/24 FIXED_NETWORK_SIZE=256 FLAT_INTERFACE=eth0 ADMIN_PASSWORD=supersecret 13
DATABASE_PASSWORD=iheartdatabases RABBIT_PASSWORD=flopsymopsy SERVICE_PASSWORD=iheartksl 3.1.4 Using OpenStack At this point you should be able to access the dashboard from other computers on the local network. In this example that would be http://192.168.1.201/ for the dashboard (aka Horizon). Launch VMs and if you give them floating IPs and security group access those VMs will be accessible from other machines on your network. Some examples of using the OpenStack command-line clients nova and glance are in the shakedown scripts in devstack/exercises. exercise.sh will run all of those scripts and report on the results. 3.2 Container Setup 3.2.1 Configuration For a successful run of stack.sh and to permit use of KVM to run the VMs you launch inside your container, we need to use the following additional configuration options. Place the following in a file called devstack-lxc.conf # Permit access to /dev/loop* lxc.cgroup.devices.allow = b 7:* rwm 14
# Setup access to /dev/net/tun and /dev/kvm lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file 0 0 lxc.mount.entry = /dev/kvm dev/kvm none bind,create=file 0 0 # Networking lxc.network.type = veth lxc.network.flags = up lxc.network.link = lxcbr0 3.2.2 Create Container The configuration and rootfs for LXC containers are created using the lxc-create command. We will name our container devstack and use the ubuntu template which will use debootstrap to build a Ubuntu rootfs. It will default to the same release and architecture as the host system. We also install the additional packages bsdmainutils and git as we‟ll need them to run devstack: sudo lxc-create -n devstack -t ubuntu -f devstack-lxc.conf -- --packages=bsdmainutils,git The first time it builds the rootfs will take a few minutes to download, unpack, and configure all the necessary packages for a minimal installation of Ubuntu. LXC will cache this and subsequent containers will only take seconds to create. 3.2.3 Start Container To start the container, run: sudo lxc-start -n devstack 15
A moment later you should be presented with the login prompt for your container. You can login using the username ubuntu and password ubuntu. You can also ssh into your container. On your host, run sudo lxc-info -n devstack to get the IP address (e.g. ssh ubuntu@$(sudo lxc-info -n devstack | awk '/IP/ { print $2 }')). 3.2.4 Run Devstack You should now be logged into your container and almost ready to run devstack. The commands in this section should all be run inside your container. 1. Download DevStack git clone https://git.openstack.org/openstack-dev/devstack 2. Configure Refer to Minimal Configuration if you wish to configure the behaviour of devstack. 3. Start the install 4. cd devstack ./stack.sh 3.2.5 Cleanup To stop the container: lxc-stop -n devstack 16
To delete the container: lxc-destroy -n devstack 3.3 Configure Compute Nodes The compute nodes only run the OpenStack worker services. For additional machines, create alocal.conf with: [[local|localrc]] HOST_IP=192.168.42.12 # change this per compute node FLAT_INTERFACE=eth0 FIXED_RANGE=10.4.128.0/20 FIXED_NETWORK_SIZE=4096 FLOATING_RANGE=192.168.42.128/25 MULTI_HOST=1 LOGFILE=/opt/stack/logs/stack.sh.log ADMIN_PASSWORD=labstack DATABASE_PASSWORD=supersecret RABBIT_PASSWORD=supersecret 17
SERVICE_PASSWORD=supersecret DATABASE_TYPE=mysql SERVICE_HOST=192.168.42.11 MYSQL_HOST=$SERVICE_HOST RABBIT_HOST=$SERVICE_HOST GLANCE_HOSTPORT=$SERVICE_HOST:9292 ENABLED_SERVICES=n-cpu,n-net,n-api-meta,c-vol NOVA_VNC_ENABLED=True NOVNCPROXY_URL="http://$SERVICE_HOST:6080/vnc_auto.html" VNCSERVER_LISTEN=$HOST_IP VNCSERVER_PROXYCLIENT_ADDRESS=$VNCSERVER_LISTEN Fire up OpenStack: ./stack.sh A stream of activity ensues. When complete you will see a summary of stack.sh„s work, including the relevant URLs, accounts and passwords to poke at your shiny new OpenStack. The most recent log file is available in stack.sh.log. 18
3.3.1 Cleaning Up After DevStack Shutting down OpenStack is now as simple as running the included unstack.sh script: ./unstack.sh A more aggressive cleanup can be performed using clean.sh. It removes certain troublesome packages and attempts to leave the system in a state where changing the database or queue manager can be reliably performed. ./clean.sh Sometimes running instances are not cleaned up. DevStack attempts to do this when it runs but there are times it needs to still be done by hand: sudo rm -rf /etc/libvirt/qemu/inst* sudo virsh list | grep inst | awk '{print $1}' | xargs -n1 virsh destroy 19
CONCLUSION In Single Node installation, since all components are installed on a single node failure of any one node may lead to the failure of entire system. Multi node installation ensures reliable service since it deploys multiple components on multiple nodes. Multi Node installation can also implemented by having multiple copies of components on various nodes thus ensuring more reliability. 20
REFERENCES  https://ask.openstack.org/en/question/59516/what-is-the-difference- between-single-node-and-multi-node-installation-in-openstack/  http://blog.flux7.com/blogs/openstack/tutorial-how-to-install-multi- nodes-in-openstack  http://blog.flux7.com/blogs/openstack/tutorial-install-single-node- openstack  www.wikipedia.com 21

Recommandé

Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityDhaval Dave
 
Cloud computing security and privacy
Cloud computing security and privacyCloud computing security and privacy
Cloud computing security and privacyAdeel Javaid
 
Cloud Computing Use Cases Whitepaper 3 0
Cloud Computing Use Cases Whitepaper 3 0Cloud Computing Use Cases Whitepaper 3 0
Cloud Computing Use Cases Whitepaper 3 0Jason Reed
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd Iaetsd
 
Cloud Computing - Introduction
Cloud Computing - IntroductionCloud Computing - Introduction
Cloud Computing - IntroductionDr. Sunil Kr. Pandey
 
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Bill Annibell
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesDheeraj Negi
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)ClubHack
 

Recommandé

Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityDhaval Dave
 
Cloud computing security and privacy
Cloud computing security and privacyCloud computing security and privacy
Cloud computing security and privacyAdeel Javaid
 
Cloud Computing Use Cases Whitepaper 3 0
Cloud Computing Use Cases Whitepaper 3 0Cloud Computing Use Cases Whitepaper 3 0
Cloud Computing Use Cases Whitepaper 3 0Jason Reed
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd Iaetsd
 
Cloud Computing - Introduction
Cloud Computing - IntroductionCloud Computing - Introduction
Cloud Computing - IntroductionDr. Sunil Kr. Pandey
 
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Bill Annibell
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesDheeraj Negi
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)ClubHack
 
Rp059 Icect2012 E694
Rp059 Icect2012 E694Rp059 Icect2012 E694
Rp059 Icect2012 E694Sandeep Saxena
 
Cloud computing security from single to multi clouds
Cloud computing security from single to multi cloudsCloud computing security from single to multi clouds
Cloud computing security from single to multi cloudsCholavaram Sai
 
An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...IJECEIAES
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Pushpa
 
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARINGSURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARINGEditor IJMTER
 
Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues Discover Cloud Computing
 
CLOUD COMPUTING_proposal
CLOUD COMPUTING_proposalCLOUD COMPUTING_proposal
CLOUD COMPUTING_proposalLaud Randy Amofah
 
Cloud Computing- Proposal (Autosaved)
Cloud Computing- Proposal (Autosaved)Cloud Computing- Proposal (Autosaved)
Cloud Computing- Proposal (Autosaved)Zuhair Haroon khan
 
Smart cloud - single to multi cloud
Smart cloud - single to multi cloud Smart cloud - single to multi cloud
Smart cloud - single to multi cloud Abdul Rasheed Feroz Khan
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesKresimir Popovic
 
Cloud Computing Security From Sngle to multi Clouds Full Documentaion
Cloud Computing Security From Sngle to multi Clouds Full DocumentaionCloud Computing Security From Sngle to multi Clouds Full Documentaion
Cloud Computing Security From Sngle to multi Clouds Full DocumentaionVamshi Chowdary
 
Cloud computing and its security issues
Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issuesJyoti Srivastava
 
Authentication cloud
Authentication cloudAuthentication cloud
Authentication cloudvidhya dharmarajan
 
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET Journal
 
Understanding Cloud Computing
Understanding Cloud ComputingUnderstanding Cloud Computing
Understanding Cloud ComputingMohammed Sajjad Ali
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computingragibhasan
 
Cloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher modelCloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher modelijcsit
 
Data Confidentiality in Cloud Computing
Data Confidentiality in Cloud ComputingData Confidentiality in Cloud Computing
Data Confidentiality in Cloud ComputingRitesh Dwivedi
 
Cloud security
Cloud security Cloud security
Cloud security Mohamed Shalash
 
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTINGSOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTINGHoang Nguyen
 
Celulares
CelularesCelulares
Celularessamuel Estevez
 
Innate Response - 1A
Innate Response - 1A Innate Response - 1A
Innate Response - 1AYbeb18
 

Contenu connexe

Tendances

Cloud computing security from single to multi clouds
Cloud computing security from single to multi cloudsCloud computing security from single to multi clouds
Cloud computing security from single to multi cloudsCholavaram Sai
 
An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...IJECEIAES
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Pushpa
 
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARINGSURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARINGEditor IJMTER
 
Cloud Computing- Proposal (Autosaved)
Cloud Computing- Proposal (Autosaved)Cloud Computing- Proposal (Autosaved)
Cloud Computing- Proposal (Autosaved)Zuhair Haroon khan
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesKresimir Popovic
 
Cloud Computing Security From Sngle to multi Clouds Full Documentaion
Cloud Computing Security From Sngle to multi Clouds Full DocumentaionCloud Computing Security From Sngle to multi Clouds Full Documentaion
Cloud Computing Security From Sngle to multi Clouds Full DocumentaionVamshi Chowdary
 
Cloud computing and its security issues
Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issuesJyoti Srivastava
 
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET Journal
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computingragibhasan
 
Cloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher modelCloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher modelijcsit
 
Data Confidentiality in Cloud Computing
Data Confidentiality in Cloud ComputingData Confidentiality in Cloud Computing
Data Confidentiality in Cloud ComputingRitesh Dwivedi
 
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTINGSOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTINGHoang Nguyen
 

Tendances (20)

Rp059 Icect2012 E694
Rp059 Icect2012 E694Rp059 Icect2012 E694
Rp059 Icect2012 E694
 
Cloud computing security from single to multi clouds
Cloud computing security from single to multi cloudsCloud computing security from single to multi clouds
Cloud computing security from single to multi clouds
 
An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
 
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARINGSURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
 
Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues
 
CLOUD COMPUTING_proposal
CLOUD COMPUTING_proposalCLOUD COMPUTING_proposal
CLOUD COMPUTING_proposal
 
Cloud Computing- Proposal (Autosaved)
Cloud Computing- Proposal (Autosaved)Cloud Computing- Proposal (Autosaved)
Cloud Computing- Proposal (Autosaved)
 
Smart cloud - single to multi cloud
Smart cloud - single to multi cloud Smart cloud - single to multi cloud
Smart cloud - single to multi cloud
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Cloud Computing Security From Sngle to multi Clouds Full Documentaion
Cloud Computing Security From Sngle to multi Clouds Full DocumentaionCloud Computing Security From Sngle to multi Clouds Full Documentaion
Cloud Computing Security From Sngle to multi Clouds Full Documentaion
 
Cloud computing and its security issues
Cloud computing and its security issuesCloud computing and its security issues
Cloud computing and its security issues
 
Authentication cloud
Authentication cloudAuthentication cloud
Authentication cloud
 
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
 
Understanding Cloud Computing
Understanding Cloud ComputingUnderstanding Cloud Computing
Understanding Cloud Computing
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computing
 
Cloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher modelCloud computing security through symmetric cipher model
Cloud computing security through symmetric cipher model
 
Data Confidentiality in Cloud Computing
Data Confidentiality in Cloud ComputingData Confidentiality in Cloud Computing
Data Confidentiality in Cloud Computing
 
Cloud security
Cloud security Cloud security
Cloud security
 
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTINGSOME SECURITY CHALLENGES IN CLOUD COMPUTING
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
 

En vedette

Innate Response - 1A
Innate Response - 1A Innate Response - 1A
Innate Response - 1AYbeb18
 
Innate Response - 1B
Innate Response - 1BInnate Response - 1B
Innate Response - 1BYbeb18
 
Employee Performance Review
Employee Performance ReviewEmployee Performance Review
Employee Performance ReviewMindy Bates
 
The Complement System
The Complement SystemThe Complement System
The Complement SystemYbeb18
 
Immunology in a Nutshell
Immunology in a Nutshell Immunology in a Nutshell
Immunology in a Nutshell Ybeb18
 

En vedette (12)

Celulares
CelularesCelulares
Celulares
 
Innate Response - 1A
Innate Response - 1A Innate Response - 1A
Innate Response - 1A
 
Innate Response - 1B
Innate Response - 1BInnate Response - 1B
Innate Response - 1B
 
Android lollipop
Android lollipopAndroid lollipop
Android lollipop
 
Sociology
SociologySociology
Sociology
 
Prezentacja
PrezentacjaPrezentacja
Prezentacja
 
Londync
LondyncLondync
Londync
 
Captcha seminar report
Captcha seminar reportCaptcha seminar report
Captcha seminar report
 
Employee Performance Review
Employee Performance ReviewEmployee Performance Review
Employee Performance Review
 
SYNOPSIS
SYNOPSISSYNOPSIS
SYNOPSIS
 
The Complement System
The Complement SystemThe Complement System
The Complement System
 
Immunology in a Nutshell
Immunology in a Nutshell Immunology in a Nutshell
Immunology in a Nutshell
 

Similaire à Implementing security groups in open stack

An Overview To Cloud Computing
An Overview To Cloud ComputingAn Overview To Cloud Computing
An Overview To Cloud ComputingIJSRED
 
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...iosrjce
 
Data Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentData Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentIOSR Journals
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportVivek Maurya
 
Introduction to aneka cloud
Introduction to aneka cloudIntroduction to aneka cloud
Introduction to aneka cloudssuser84183f
 
An introduction to the cloud 11 v1
An introduction to the cloud 11 v1An introduction to the cloud 11 v1
An introduction to the cloud 11 v1charan7575
 
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...IIJSRJournal
 
An Overview on Security Issues in Cloud Computing
An Overview on Security Issues in Cloud ComputingAn Overview on Security Issues in Cloud Computing
An Overview on Security Issues in Cloud ComputingIOSR Journals
 
Cloud Computing
Cloud Computing Cloud Computing
Cloud ComputingAbdul Aslam
 
Private Cloud With System Center Project
Private Cloud With System Center ProjectPrivate Cloud With System Center Project
Private Cloud With System Center ProjectAbhijit Kundu
 
Introduction to Cloud Computing(UNIT 1).pptx
Introduction to Cloud Computing(UNIT 1).pptxIntroduction to Cloud Computing(UNIT 1).pptx
Introduction to Cloud Computing(UNIT 1).pptxSURBHI SAROHA
 

Similaire à Implementing security groups in open stack (20)

An Overview To Cloud Computing
An Overview To Cloud ComputingAn Overview To Cloud Computing
An Overview To Cloud Computing
 
Cc unit 3 updated version
Cc unit 3 updated versionCc unit 3 updated version
Cc unit 3 updated version
 
G0314043
G0314043G0314043
G0314043
 
Module-1 introductaion cloud computing.pdf
Module-1 introductaion cloud computing.pdfModule-1 introductaion cloud computing.pdf
Module-1 introductaion cloud computing.pdf
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
 
A017620123
A017620123A017620123
A017620123
 
Data Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud EnvironmentData Security Model Enhancement In Cloud Environment
Data Security Model Enhancement In Cloud Environment
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” report
 
Introduction to aneka cloud
Introduction to aneka cloudIntroduction to aneka cloud
Introduction to aneka cloud
 
An introduction to the cloud 11 v1
An introduction to the cloud 11 v1An introduction to the cloud 11 v1
An introduction to the cloud 11 v1
 
cloud computing
cloud computing cloud computing
cloud computing
 
A REVIEW ON RESOURCE ALLOCATION MECHANISM IN CLOUD ENVIORNMENT
A REVIEW ON RESOURCE ALLOCATION MECHANISM IN CLOUD ENVIORNMENTA REVIEW ON RESOURCE ALLOCATION MECHANISM IN CLOUD ENVIORNMENT
A REVIEW ON RESOURCE ALLOCATION MECHANISM IN CLOUD ENVIORNMENT
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
Methodologies for Enhancing Data Integrity and Security in Distributed Cloud ...
 
An Overview on Security Issues in Cloud Computing
An Overview on Security Issues in Cloud ComputingAn Overview on Security Issues in Cloud Computing
An Overview on Security Issues in Cloud Computing
 
Ijetcas14 424
Ijetcas14 424Ijetcas14 424
Ijetcas14 424
 
Cloud Computing
Cloud Computing Cloud Computing
Cloud Computing
 
Private Cloud With System Center Project
Private Cloud With System Center ProjectPrivate Cloud With System Center Project
Private Cloud With System Center Project
 
Introduction to Cloud Computing(UNIT 1).pptx
Introduction to Cloud Computing(UNIT 1).pptxIntroduction to Cloud Computing(UNIT 1).pptx
Introduction to Cloud Computing(UNIT 1).pptx
 

Dernier

Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdfKamal Acharya
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptDineshKumar4165
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdfKamal Acharya
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfRagavanV2
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringmulugeta48
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Christo Ananth
 

Dernier (20)

Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 

Implementing security groups in open stack

  • 1. IMPLEMENTING SECURITY GROUPS IN OPENSTACK submitted to Noida Institute of Engineering & Technology, Greater Noida Project Report submitted by Rishabh Agarwal Arzoo Singh Raj Shekhar Jyoti Yadav under the supervision of Mr. Hitesh Sharma Mr. Rahul Singh Department of Computer Science and Engineering
  • 2. DECLARATION WE, STUDENTS OF BACHELOR OF TECHNOLOGY, COMPUTER SCIENCE AND ENGINEERING, NIET GREATER NOIDA, HEREBY DECLARE THAT THE WORK PRESENTED IN THIS THESIS IS OUTCOME OF OUR OWN WORK, IS BONAFIDE, CORRECT TO THE BEST OF OUR KNOWLEDGE. THIS WORK HAS BEEN CARRIED OUT TAKING CARE OF ENGINEERING ETHICS AND KEEPING INDIAN IP LAWS INTO CONSIDERATION. RISHABH AGARWAL ARZOO SINGH 1313310118 1313310036 RAJ SHEKHAR JYOTI YADAV 1313310114 1313310070 DATE: 16-06-2016 i
  • 3. ACKNOWLEDGEMENT WE WOULD LIKE TO TAKE THIS OPPORTUNITY TO EXPRESS OUR DEEP SENSE OF GRATITUDE AND PROFOUND FEELING OF ADMIRATION TO OUR PROJECT SUPERVISOR/MENTOR MR HITESH SHARMA AND MR RAHUL SINGH, FOR PROVIDING US INVALUABLE GUIDANCE FOR THE TECHNICAL SEMINAR. WE ACKNOWLEDGE HERE OUT DEPT TO ALL THOSE WHO HELPED SIGNIFICANTLY IN ONE OR MORE STEPS. ii
  • 4. ABSTRACT The use of Cloud Computing has increased rapidly in many organizations. Cloud computing provides many benefits in terms of low cost and accessibility of data. Ensuring the security of cloud computing is a major factor in the cloud computing environment, as users often store sensitive information with cloud storage providers but these providers may be untrusted. Dealing with “single cloud” providers is predicted to become less popular with customers due to risks of service availability failure and the possibility of malicious insiders in the single cloud. A movement towards “multi-clouds”, or in other words, “interclouds” or “cloud-of-clouds” has emerged recently. Cloud can be implemented in 2 installation modes namely – Single Node Installation and Multi Node Installation. A single node installation installs all components like nova, keystone, cinder, etc. in one single node(used basically for testing). Multi node installation installs different components along various nodes. In Single Node installation, since all components are installed on a single node failure of any one node may lead to the failure of entire system. Multi node installation ensures reliable service since it deploys multiple components on multiple nodes. Multi Node installation can also implemented by having multiple copies of components on various nodes thus ensuring more reliability. iii
  • 5. CONTENT Chapter Title Page No. Declaration i Acknowledgement ii Abstract iii 1 Introduction 1 1.1 Overview 1 1.2 Types of Cloud 2 1.3 Classification on the basis of Services 4 1.4 Advantages 5 2 Security 6 2.1 Security issues associated with cloud 6 2.2 Single node and Multi node 7 2.3 Security single node and multi node 9 3 Installation Guide 12 3.1 Installation 12 3.1.1 Add User 12 3.1.2 Download 12 3.1.3 Run DevStack 13 3.1.4 Using OpenStack 14 3.2 Container Setup 14 3.2.1 Configuration 14 3.2.2 Create Container 15 3.2.3 Start Container 15 3.2.4 Run DevStack 16 3.2.5 Cleanup 16 3.3 Configure Compute Nodes 17 4 Conclusion 20 5 References 21
  • 6. LIST OF FIGURES Figure Name Figure No Page No Layered Model of Cloud 1 2 Architecture of Cloud Data Storage 2 4 Services of the Cloud 3 5 Multi Node Architecture 4 8
  • 7. Chapter 1 INTRODUCTION 1.1 Overview The term „Cloud Computing‟ is made up of two terms, Cloud and Computing. Cloud could be thought to be synonymous with the Internet where various resources are interlinked with the use of network. One can use the resource they want with the help of simple client-server architecture. The term „computing‟ refers to processing. Cloud computing is computing on various resources over the network. In cloud computing Infrastructure, Platform and Application/Software are delivered as service over the network. The cloud concept has changed the IT market wherein organizations need not invest on resources; they rather rent the required resource on on-demand basis or take services from the cloud which has reduced the infrastructure costs in manifold. Cloud is basically used in three models namely, Saas (Software as a Service), PaaS (Platform as a service), IaaS (Infrastructure as a service). SaaS model of cloud computing lies with end users, where they store their critical, important and real time information. PaaS model of cloud computing is used mostly by Application developers, who use the platform from cloud as a service to develop, test, debug and deploy their applications. It is basically a middleware for developers. IaaS model is used by network analysts. Here services like storage, networking, and database management are also offered. In general pay per use payment model is followed here. The end user is generally interested only in SaaS. The data is consumed as well as produced by the cloud. This data is used by cloud computing systems and client computing systems as well. 1
  • 8. Fig 1: Layered Model of Cloud Cloud computing has no specific definition as such. However, one acceptable definition was given which more or less defined cloud computing. It states cloud to be “A large-scale distributed computing paradigm that is driven by economies of scale, in which a pool of abstracted, virtualized, dynamically-scalable, managed computing power, storage, platforms, and services are delivered on demand to external customers over the Internet.” 1.2 Types of Cloud Cloud computing is typically classified in the following ways:  Public cloud: In Public cloud the computing infrastructure is hosted by the cloud vendor at the vendor‟s premises. The customer has no visibility 2
  • 9. and control over where the computing infrastructure is hosted. The computing infrastructure is shared between any organizations.  Private cloud: The computing infrastructure is dedicated to a particular organization and not shared with other organizations. Private clouds are more expensive and more secure when compared to public clouds. Private clouds are of two types: On-premise private clouds and externally hosted. Private clouds. Externally hosted private clouds are also exclusively used by one organization, but are hosted by a third party specializing in cloud infrastructure. Externally hosted private clouds are cheaper than On-premise private clouds.  Hybrid cloud: Organizations may host critical applications on private clouds and applications with relatively less security concerns on the public cloud. The usage of both private and public clouds together is called hybrid cloud. A related term is Cloud Bursting. In Cloud bursting organization use their own computing infrastructure for normal usage, but access the cloud for high/peak load requirements. This ensures that a sudden increase in computing requirement is handled gracefully.  Community cloud: It involves sharing of computing infrastructure in between organization of the same community. For example all Government organizations within the state of California may share computing infrastructure on the cloud to manage data related to citizens residing in California 3
  • 10. Fig 2: Architecture of Cloud Data Storage 1.3 Classification on the basis of services The three key cloud delivery models are –  Software-as-a-Service (SaaS) enables a software deployment model in which one or more applications and the computing resources that run them are provided for use on demand as a turnkey service. It can reduce the total cost of hardware and software development, maintenance, and operations.  Platform-as-a-Service (PaaS) enables a software deployment model in which the computing platform is provided as an on-demand service which applications can be developed upon and deployed. It can reduce the cost and complexity of buying, housing, and the managing of hardware and software components of the platform.Infrastructure-as-a-Service (IaaS) enables a software deployment model in which the basic computing infrastructure of servers, software, and network equipment is provided as an on-demand 4
  • 11. service upon which a platform to develop and execute applications can be founded. It can be used to avoid buying, housing, and managing the basic hardware and software infrastructure components. Fig 3: Services of the Cloud 1.4 Advantages of Cloud Computing  Flexibility  Disaster recovery  Automatic software updates  Capital-expenditure Free  Increased collaboration  Work from anywhere  Document control  Security  Competitiveness  Environmentally Friendly 5
  • 12. Chapter 2 SECURITY 2.1 Security issues associated with the cloud Cloud computing and storage solutions provide users and enterprises with various capabilities to store and process their data in third-party data centers. Organizations use the Cloud in a variety of different service models (SaaS, PaaS and IaaS) and deployment models (Private, Public, Hybrid and Community). There are a number of security concerns associated with cloud computing. These issues fall into two broad categories: security issues faced by cloud providers (organizations providing software-, platform-, or Infrastructure-as a-service via the cloud) and security issues faced by their customers (companies or organizations who host applications or store data on the cloud).The responsibility is shared, however. The provider must ensure that their infrastructure is secure and that their clients‟ data and applications are protected while the user must take measures to fortify their application and use strong passwords and authentication measures. When an organization elects to store data or host applications on the public cloud, it loses its ability to have physical access to the servers hosting its information. As a result, potentially sensitive data is at risk from insider attacks. According to a recent Cloud Security Alliance Report, insider attacks are the third biggest threat in cloud computing. Therefore, Cloud Service providers must ensure that thorough background checks are conducted for employees who have physical access to the servers in the data center. Additionally, data centers must be frequently monitored for suspicious activity. In order to conserve resources, cut costs, and maintain efficiency, Cloud Service Providers often store more than one customer's data on the same server. As a 6
  • 13. result, there is a chance that one user's private data can be viewed by other users (possibly even competitors). To handle such sensitive situations, cloud service providers should ensure proper data isolation and logical storage segregation. The extensive use of virtualization in implementing cloud infrastructure brings unique security concerns for customers or tenants of a public cloud service. Virtualization alters the relationship between the OS and underlying hardware - be it computing, storage or even networking. This introduces an additional layer – virtualization that itself must be properly configured, managed and secured. Specific concerns include the potential to compromise the virtualization software, or "hypervisor". While these concerns are largely theoretical, they do exist. For example, a breach in the administrator workstation with the management software of the virtualization software can cause the whole datacenter to go down or be reconfigured to an attacker's liking. 2.2 Single node and Multi node in OpenStack A single node installation installs all components like Nova, Keystone, Cinder, etc. in one single node (used basically for testing). Multi node installation installs different components along various nodes. For example Keystone and Cinder in one node, Neutron in another and 2 Novas in 2 different servers. You can differentiate these two types of installation seeing if there is more than one node with different components in your environment. Generally speaking a single node setup of OpenStack (i.e.[DevStack])(http://docs.openstack.org/developer/devstack/) is used for testing purposes. It is not designed for production and thus most would strongly discourage such implementation. From a personal perspective, I've used it to test 7
  • 14. certain OpenStack components that aren't fully available yet (i.e Sahara). For those purposes it is a fantastic environment. A multi-node setup on the other hand is what most production environments run on. Given the various components of OpenStack having all components on one node can significantly affect performance as you are limited to whatever resources that one node may have. Multi-Node not only provides a solution for this, but it is also highly scalable in the sense that if you require more compute power all you have to do is add more compute nodes (same with swift for storage, etc.). Additionally, having various nodes for various components can offer a failover in the case of one of your nodes suffers downtime. As for how to check the single node and multi node installation a quick and simple way to check if the current OpenStack deployment is single or multi node is run the following command in your controller node. nova host-list Fig 4: Multi Node Architecture 8
  • 15. 2.3 Security in Single node and Multi node 2.3.1 How to create Security Group? 1- Click on Access & Security 2-Click on Create Security Group 9
  • 16. 3- Enter the name of Security Group and click Create Security Group After creating, security group, you need to allow/deny network/protocol as per your requirement. This is the default rule in OpenStack for all tenant/group/project/user 2.3.2 How to add rules in Security Group? 1- Click on Add Rule 10
  • 17. 2- Manage Rules by clicking on Manage Security Group Rules 3- Here we are allowing All TCP ports. We can do the same for all protocols (TCP,UDP, ICMP etc.) Here, I have allowed All TCP, All UDP and All ICMP. After creating, click on Security &Access and you will be able to see your security group which you have created. 11
  • 18. Chapter 3 INSTALLATION GUIDE 3.1 Installation 3.1.1 Add your user We need to add a user to install DevStack. (if you created a user during install you can skip this step and just give the user sudo privileges below) adduser stack Since this user will be making many changes to your system, it will need to have sudo privileges: apt-get install sudo -y || yum install -y sudo echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers From here on you should use the user you created. Logout and login as that user. 3.1.2 Download DevStack We‟ll grab the latest version of DevStack via https: sudo apt-get install git -y || sudo yum install -y git git clone https://git.openstack.org/openstack-dev/devstack cd devstack 12
  • 19. 3.1.3 Run DevStack Now to configure stack.sh. DevStack includes a sample in devstack/samples/local.conf. Createlocal.conf as shown below to do the following:  Set FLOATING_RANGE to a range not used on the local network, i.e. 192.168.1.224/27. This configures IP addresses ending in 225-254 to be used as floating IPs.  Set FIXED_RANGE and FIXED_NETWORK_SIZE to configure the internal address space used by the instances.  Set FLAT_INTERFACE to the Ethernet interface that connects the host to your local network. This is the interface that should be configured with the static IP address mentioned above.  Set the administrative password. This password is used for the admin and demo accounts set up as OpenStack users.  Set the MySQL administrative password. The default here is a random hex string which is inconvenient if you need to look at the database directly for anything.  Set the RabbitMQ password.  Set the service password. This is used by the OpenStack services (Nova, Glance, etc) to authenticate with Keystone. local.conf should look something like this: [[local|localrc]] FLOATING_RANGE=192.168.1.224/27 FIXED_RANGE=10.11.12.0/24 FIXED_NETWORK_SIZE=256 FLAT_INTERFACE=eth0 ADMIN_PASSWORD=supersecret 13
  • 20. DATABASE_PASSWORD=iheartdatabases RABBIT_PASSWORD=flopsymopsy SERVICE_PASSWORD=iheartksl 3.1.4 Using OpenStack At this point you should be able to access the dashboard from other computers on the local network. In this example that would be http://192.168.1.201/ for the dashboard (aka Horizon). Launch VMs and if you give them floating IPs and security group access those VMs will be accessible from other machines on your network. Some examples of using the OpenStack command-line clients nova and glance are in the shakedown scripts in devstack/exercises. exercise.sh will run all of those scripts and report on the results. 3.2 Container Setup 3.2.1 Configuration For a successful run of stack.sh and to permit use of KVM to run the VMs you launch inside your container, we need to use the following additional configuration options. Place the following in a file called devstack-lxc.conf # Permit access to /dev/loop* lxc.cgroup.devices.allow = b 7:* rwm 14
  • 21. # Setup access to /dev/net/tun and /dev/kvm lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file 0 0 lxc.mount.entry = /dev/kvm dev/kvm none bind,create=file 0 0 # Networking lxc.network.type = veth lxc.network.flags = up lxc.network.link = lxcbr0 3.2.2 Create Container The configuration and rootfs for LXC containers are created using the lxc-create command. We will name our container devstack and use the ubuntu template which will use debootstrap to build a Ubuntu rootfs. It will default to the same release and architecture as the host system. We also install the additional packages bsdmainutils and git as we‟ll need them to run devstack: sudo lxc-create -n devstack -t ubuntu -f devstack-lxc.conf -- --packages=bsdmainutils,git The first time it builds the rootfs will take a few minutes to download, unpack, and configure all the necessary packages for a minimal installation of Ubuntu. LXC will cache this and subsequent containers will only take seconds to create. 3.2.3 Start Container To start the container, run: sudo lxc-start -n devstack 15
  • 22. A moment later you should be presented with the login prompt for your container. You can login using the username ubuntu and password ubuntu. You can also ssh into your container. On your host, run sudo lxc-info -n devstack to get the IP address (e.g. ssh ubuntu@$(sudo lxc-info -n devstack | awk '/IP/ { print $2 }')). 3.2.4 Run Devstack You should now be logged into your container and almost ready to run devstack. The commands in this section should all be run inside your container. 1. Download DevStack git clone https://git.openstack.org/openstack-dev/devstack 2. Configure Refer to Minimal Configuration if you wish to configure the behaviour of devstack. 3. Start the install 4. cd devstack ./stack.sh 3.2.5 Cleanup To stop the container: lxc-stop -n devstack 16
  • 23. To delete the container: lxc-destroy -n devstack 3.3 Configure Compute Nodes The compute nodes only run the OpenStack worker services. For additional machines, create alocal.conf with: [[local|localrc]] HOST_IP=192.168.42.12 # change this per compute node FLAT_INTERFACE=eth0 FIXED_RANGE=10.4.128.0/20 FIXED_NETWORK_SIZE=4096 FLOATING_RANGE=192.168.42.128/25 MULTI_HOST=1 LOGFILE=/opt/stack/logs/stack.sh.log ADMIN_PASSWORD=labstack DATABASE_PASSWORD=supersecret RABBIT_PASSWORD=supersecret 17
  • 25. 3.3.1 Cleaning Up After DevStack Shutting down OpenStack is now as simple as running the included unstack.sh script: ./unstack.sh A more aggressive cleanup can be performed using clean.sh. It removes certain troublesome packages and attempts to leave the system in a state where changing the database or queue manager can be reliably performed. ./clean.sh Sometimes running instances are not cleaned up. DevStack attempts to do this when it runs but there are times it needs to still be done by hand: sudo rm -rf /etc/libvirt/qemu/inst* sudo virsh list | grep inst | awk '{print $1}' | xargs -n1 virsh destroy 19
  • 26. CONCLUSION In Single Node installation, since all components are installed on a single node failure of any one node may lead to the failure of entire system. Multi node installation ensures reliable service since it deploys multiple components on multiple nodes. Multi Node installation can also implemented by having multiple copies of components on various nodes thus ensuring more reliability. 20