Do końca Promocji Noworocznej zostało 0dni 00godz 00min 00s
Sprawdź
Trainings listAI

OpenStack Security Training

Level

Intermediate

Duration

21h / 3 days

Date

Individually arranged

Price

Individually arranged

OpenStack Bootcamp Training

OpenStack is an open-source platform used for building cloud computing environments. With this system, we can build a fully functional private or public cloud on our own infrastructure. This ecosystem allows managing the entire set of components used in clouds, such as user access management, cloud resource images, block, file, and object storage, as well as virtualized networking and its functions at different layers. Most importantly, OpenStack enables the management of compute resources – from physical servers, through the most popular virtual machines, to container clusters or single containers. Additionally, OpenStack provides many higher-layer services such as databases, load balancers, telemetry, or DNS services delivered in the “as a Service” model.

What will you learn?

  • Gain an in-depth understanding of OpenStack architecture.
  • Learn to manage virtual resources such as VMs and storage volumes.
  • Build virtual networks with routers and secure access to resources.
  • Understand how virtualization of compute and networking is implemented at the OS level.
  • Learn cloud monitoring principles and troubleshooting techniques.
  • Secure cloud environments and infrastructure against unauthorized access.
Who is this training for?
  • logo infoshare System administrators who want to learn how to manage the OpenStack platform from an administrator or user perspective.
  • logo infoshare Developers building interfaces and services on top of OpenStack.
  • logo infoshare Architects looking to select the optimal configuration for OpenStack deployments.
  • logo infoshare Candidates preparing for the Certified OpenStack Administrator certification.
  • logo infoshare Network administrators who want to understand network virtualization and software-defined networking in cloud environments.
  • logo infoshare Security specialists interested in the nuances of distributed cloud infrastructure security.

Training Program

  1. Introduction to OpenStack

  • History of the cloud and OpenStack
  • Cloud features
  • Cloud models

    • Private, public, hybrid
    • On-premise, IaaS, PaaS, SaaS
  • Public and private cloud deployments based on OpenStack
  • Open source and commercial OpenStack distributions
  • OpenStack deployment models
  • OpenStack ecosystem

    • Modules
    • Underlying tools
    • Integrations
  • OpenStack lifecycle
  • OpenStack certification

  1. Security Foundations in Private Clouds

  • Security domains in private clouds
  • Threat classification and attack types
  • System and network documentation
  • System management

    • Vulnerability management
    • Configuration management and policies
    • System backup and recovery
    • Server hardening

  1. OpenStack Management Interfaces

  • Dashboard
  • API
  • SSH
  • OOB (Out-of-Band)
  • Secure communication: TLS and HTTPS
  • Reference architectures

  1. Keystone – Identity Service

  • Keystone architecture
  • Authentication and available backends
  • Token types and token management
  • Authorization in OpenStack – roles and oslo.policy
  • Keystone resources: domains, projects, users
  • openrc and clouds.yaml – CLI client configuration
  • OpenStack service catalog
  • Quota system in OpenStack

  1. Glance – Image Service

  • Glance architecture
  • Images adjusted to the cloud
  • Adding new images
  • Securing image service deployment
  • Image metadata

  1. Neutron – Networking Service

  • Neutron architecture
  • Neutron service distribution
  • Networks in OpenStack deployment
  • Network isolation in Neutron
  • Basic resources in Neutron
  • Compute node networking
  • Tenant (self-service) networks and subnets
  • East-West routing
  • Provider networks and North-South routing
  • Network namespaces
  • Physical traffic in Neutron nodes
  • Floating IPs
  • Security Groups
  • Role Based Access Control (RBAC)

  1. Nova – Compute Service

  • Nova architecture
  • Hypervisors in the compute service
  • QEMU vs. KVM
  • Keypair management
  • Flavour management
  • Instance metadata and features
  • Creating, verifying, and managing virtual instances
  • Inspecting VM at the compute node
  • Assigning Security Groups and Floating IPs
  • Tapping into instance ports
  • Anti-spoofing (port security)
  • L3 virtual resources (router functions)
  • Nova-scheduler – compute node selection
  • Metadata service and configuration drive
  • Instance migration
  • Hardening the compute service

  1. Cinder – Block Storage Service

  • Cinder architecture
  • Volume features
  • Creating a volume
  • Attaching and accessing volumes
  • Storage backends: iSCSI, Ceph
  • Volume wipe

  1. Barbican – Key Management Service

  • Barbican architecture
  • Storing passphrases
  • Generating and storing symmetric encryption keys
  • Volume encryption mechanisms
  • Configuring encrypted Cinder volume types
  • Limitations of volume encryption
  • Storing X.509 certificate bundles

  1. Auxiliary Services and Platform Security

  • Logging in OpenStack
  • RabbitMQ – message queue (RPC)
  • MySQL – database access
  • Monitoring OpenStack deployment
  • Tenant data privacy
  • Instance security
  • Oslo.policy – custom roles and API authorization

  1. High Availability in OpenStack

  • High Availability concepts and implementations

Contact us

we will organize training for you tailored to your needs

Przemysław Wołosz

Key Account Manager

przemyslaw.wolosz@infoShareAcademy.com

    The controller of your personal data is InfoShare Academy Sp. z o.o. with its registered office in Gdańsk, al. Grunwaldzka 427B, 80-309 Gdańsk, KRS: 0000531749, NIP: 5842742121. Personal data are processed in accordance with information clause.