[arch-design] Reorganize front page and overview chapter

1. Restructure index pages for the Ops Guide and Arch Guide
2. Rename and reorganize the overview chapter
3. Migrate security requirements, legal requirements, deployment, and
capacity planning and scaling content to the Ops Guide

Change-Id: Ic22d58f48ba11b59839d8fe39046281d26fa033c
Implements: blueprint arch-design-pike
This commit is contained in:
daz 2017-03-27 16:49:45 +11:00 committed by Darren Chan
parent 5774575e6b
commit 2e931e7db9
15 changed files with 247 additions and 343 deletions

View File

@ -0,0 +1,8 @@
Appendix
~~~~~~~~
.. toctree::
:maxdepth: 1
common/app-support.rst
common/glossary.rst

View File

@ -0,0 +1,13 @@
=========================
Architecture requirements
=========================
This chapter describes the enterprise and operational factors that impacts the
design of an OpenStack cloud.
.. toctree::
:maxdepth: 2
arch-requirements/arch-requirements-enterprise
arch-requirements/arch-requirements-operations
arch-requirements/arch-requirements-ha

View File

@ -1,9 +1,9 @@
===================== =======================
Customer requirements Enterprise requirements
===================== =======================
The following sections describe business, usage, and performance The following sections describe business, usage, and performance
considerations for customers which will impact cloud design. considerations for customers which will impact cloud architecture design.
Cost Cost
~~~~ ~~~~
@ -24,6 +24,8 @@ architectures. However, overall operational costs might be lower by virtue of
using a cloud brokerage tool to deploy the workloads to the most cost effective using a cloud brokerage tool to deploy the workloads to the most cost effective
platform. platform.
.. TODO Replace examples with the proposed example use cases in this guide.
Consider the following costs categories when designing a cloud: Consider the following costs categories when designing a cloud:
* Compute resources * Compute resources
@ -45,11 +47,8 @@ capital expenditure (CapEx) at all layers of the stack. Operators of massively
scalable OpenStack clouds require the use of dependable commodity hardware and scalable OpenStack clouds require the use of dependable commodity hardware and
freely available open source software components to reduce deployment costs and freely available open source software components to reduce deployment costs and
operational expenses. Initiatives like Open Compute (more information available operational expenses. Initiatives like Open Compute (more information available
in the `Open Compute Project <http://www.opencompute.org>`_) in the `Open Compute Project <http://www.opencompute.org>`_) provide additional
provide additional information and pointers. information.
Factors to consider include power, cooling, and the physical design of the
chassis. Through customization, it is possible to optimize your hardware and
systems for specific types of workloads when working at scale.
Time-to-market Time-to-market
~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~
@ -80,9 +79,7 @@ Capacity planning and scalability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Capacity and the placement of workloads are key design considerations Capacity and the placement of workloads are key design considerations
for clouds. One of the primary reasons many organizations use a hybrid cloud for clouds. A long-term capacity plan for these designs must
is to increase capacity without making large capital investments.
The long-term capacity plan for these designs must
incorporate growth over time to prevent permanent consumption of more incorporate growth over time to prevent permanent consumption of more
expensive external clouds. To avoid this scenario, account for future expensive external clouds. To avoid this scenario, account for future
applications' capacity requirements and plan growth appropriately. applications' capacity requirements and plan growth appropriately.
@ -105,6 +102,10 @@ as a result, performance can be inconsistent.
If at all possible, determine what the oversubscription rates If at all possible, determine what the oversubscription rates
of each host are and plan capacity accordingly. of each host are and plan capacity accordingly.
.. TODO Considerations when building your cloud, racks, CPUs, compute node
density. For ongoing capacity planning refer to the Ops Guide.
Performance Performance
~~~~~~~~~~~ ~~~~~~~~~~~
@ -289,7 +290,6 @@ data centers. Considerations include:
- power usage and power usage efficiency (PUE) - power usage and power usage efficiency (PUE)
- physical security - physical security
Auditing Auditing
~~~~~~~~ ~~~~~~~~

View File

@ -19,10 +19,10 @@ operations, metering, monitoring, and so on, are often referred to as the
Control Plane. The SLA is likely to dictate a lower uptime requirement for Control Plane. The SLA is likely to dictate a lower uptime requirement for
these services. these services.
The services comprising an OpenStack cloud have a number of requirements which The services comprising an OpenStack cloud have a number of requirements that
the architect needs to understand in order to be able to meet SLA terms. For you need to understand in order to be able to meet SLA terms. For example, in
example, in order to provide the Compute service a minimum of storage, message order to provide the Compute service a minimum of storage, message queueing and
queueing, and database services are necessary as well as the networking between database services are necessary as well as the networking between
them. them.
Ongoing maintenance operations are made much simpler if there is logical and Ongoing maintenance operations are made much simpler if there is logical and
@ -32,13 +32,8 @@ If one service failure affects the operation of an entire server (``noisy
neighbor``), the separation between Control and Data Planes enables rapid neighbor``), the separation between Control and Data Planes enables rapid
maintenance with a limited effect on customer operations. maintenance with a limited effect on customer operations.
Eliminating single points of failure Eliminating single points of failure within each site
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. TODO Add introduction
Within each site
----------------
OpenStack lends itself to deployment in a highly available manner where it is OpenStack lends itself to deployment in a highly available manner where it is
expected that at least 2 servers be utilized. These can run all the services expected that at least 2 servers be utilized. These can run all the services
@ -102,8 +97,8 @@ If using a storage design that includes shared access to centralized storage,
ensure that this is also designed without single points of failure and the SLA ensure that this is also designed without single points of failure and the SLA
for the solution matches or exceeds the expected SLA for the Data Plane. for the solution matches or exceeds the expected SLA for the Data Plane.
Between sites in a multi-region design Eliminating single points of failure in a multi-region design
-------------------------------------- -------------------------------------------------------------
Some services are commonly shared between multiple regions, including the Some services are commonly shared between multiple regions, including the
Identity service and the Dashboard. In this case, it is necessary to ensure Identity service and the Dashboard. In this case, it is necessary to ensure
@ -162,7 +157,7 @@ should be implemented to understand and plan for recovery scenarios.
avoid race conditions. avoid race conditions.
Inter-site replication data Replicating inter-site data
~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
Traditionally, replication has been the best method of protecting object store Traditionally, replication has been the best method of protecting object store

View File

@ -1,6 +1,6 @@
===================== ========================
Operator requirements Operational requirements
===================== ========================
This section describes operational factors affecting the design of an This section describes operational factors affecting the design of an
OpenStack cloud. OpenStack cloud.
@ -134,9 +134,9 @@ third parties involved.
Support and maintenance Support and maintenance
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~
An operations staff supports, manages, and maintains an OpenStack An operations staff supports, manages, and maintains an OpenStack environment.
environment. Their skills may be specialised or varied depending Their skills may be specialized or varied depending on the size and purpose of
on the size and purpose of the installation. the installation.
The maintenance function of an operator should be taken into consideration: The maintenance function of an operator should be taken into consideration:
@ -156,8 +156,7 @@ Reliability and availability
For more information on For more information on
managing and maintaining your OpenStack environment, see the managing and maintaining your OpenStack environment, see the
`Operations chapter <https://docs.openstack.org/ops-guide/operations.html>`_ `OpenStack Operations Guide <https://docs.openstack.org/ops-guide/index.html>`_.
in the OpenStack Operations Guide.
Logging and monitoring Logging and monitoring
---------------------- ----------------------
@ -177,8 +176,8 @@ Specific meters that are critically important to capture include:
* Response time to the Compute API * Response time to the Compute API
Logging and monitoring does not significantly differ for a multi-site OpenStack Logging and monitoring does not significantly differ for a multi-site OpenStack
cloud. The tools described in the `Logging and monitoring chapter cloud. The tools described in the `Logging and monitoring
<https://docs.openstack.org/ops-guide/ops-logging-monitoring.html>`__ of <https://docs.openstack.org/ops-guide/ops-logging-monitoring.html>`__ in
the Operations Guide remain applicable. Logging and monitoring can be provided the Operations Guide remain applicable. Logging and monitoring can be provided
on a per-site basis, and in a common centralized location. on a per-site basis, and in a common centralized location.
@ -258,22 +257,3 @@ prepare for situations where it may not be possible to make changes.
Additionally, cloud providers may differ on how infrastructure must be managed Additionally, cloud providers may differ on how infrastructure must be managed
and exposed. This can lead to delays in root cause analysis where a provider and exposed. This can lead to delays in root cause analysis where a provider
insists the blame lies with the other provider. insists the blame lies with the other provider.
Quota management
~~~~~~~~~~~~~~~~
Quotas are used to set operational limits to prevent system capacities
from being exhausted without notification. For more
information on managing quotas refer to the `Managing projects and users
chapter <https://docs.openstack.org/ops-guide/ops-projects-users.html>`__
of the OpenStack Operations Guide.
Policy management
~~~~~~~~~~~~~~~~~
OpenStack provides a default set of Role Based Access Control (RBAC)
policies, defined in a ``policy.json`` file, for each service. If consistent
RBAC policies across sites is a requirement, ensure proper synchronization of
the ``policy.json`` files to all installations using system administration
tools such as rsync.

View File

@ -9,16 +9,26 @@ OpenStack Architecture Design Guide
.. note:: .. note::
Parts of this guide is a work in progress. Contributions are welcome. This guide is a work in progress. Contributions are welcome.
Abstract Abstract
~~~~~~~~ ~~~~~~~~
This guide provides information on planning and designing an OpenStack The Architecture Design Guide provides information on planning and designing
cloud. It describes common use cases, high availability, and considerations an OpenStack cloud. It explains core concepts, cloud architecture design
when changing capacity and scaling your cloud environment. A breakdown of the requirements, and the design criteria of key components and services in an
major OpenStack components is also described in relation to cloud architecture OpenStack cloud. The guide also describes five common cloud use cases.
design.
Before reading this book, we recommend:
* Prior knowledge of cloud architecture and principles.
* Linux and virtualization experience.
* A basic understanding of networking principles and protocols.
For information about deploying and operating OpenStack, see the
`Installation Tutorials and Guides <https://docs.openstack.org/project-install-guide/ocata/>`_,
`Deployment Guides <https://docs.openstack.org/project-deploy-guide/ocata/>`_,
and the `OpenStack Operations Guide <https://docs.openstack.org/ops-guide/>`_.
Contents Contents
~~~~~~~~ ~~~~~~~~
@ -27,31 +37,7 @@ Contents
:maxdepth: 2 :maxdepth: 2
common/conventions.rst common/conventions.rst
overview.rst arch-requirements.rst
use-cases.rst
high-availability.rst
capacity-planning-scaling.rst
design.rst design.rst
use-cases.rst
Appendix appendix.rst
~~~~~~~~
.. toctree::
:maxdepth: 1
common/app-support.rst
Glossary
~~~~~~~~
.. toctree::
:maxdepth: 1
common/glossary.rst
.. only:: html
Search
~~~~~~
* :ref:`search`

View File

@ -1,93 +0,0 @@
.. _legal-requirements:
==================
Legal requirements
==================
Using remote resources for collection, processing, storage,
and retrieval provides potential benefits to businesses.
With the rapid growth of data within organizations, businesses
need to be proactive about their data storage strategies from
a compliance point of view.
Most countries have legislative and regulatory requirements governing
the storage and management of data in cloud environments. This is
particularly relevant for public, community and hybrid cloud models,
to ensure data privacy and protection for organizations using a
third party cloud provider.
Common areas of regulation include:
* Data retention policies ensuring storage of persistent data
and records management to meet data archival requirements.
* Data ownership policies governing the possession and
responsibility for data.
* Data sovereignty policies governing the storage of data in
foreign countries or otherwise separate jurisdictions.
* Data compliance policies governing certain types of
information needing to reside in certain locations due to
regulatory issues - and more importantly, cannot reside in
other locations for the same reason.
* Data location policies ensuring that the services deployed
to the cloud are used according to laws and regulations in place
for the employees, foreign subsidiaries, or third parties.
* Disaster recovery policies ensuring regular data backups and
relocation of cloud applications to another supplier in scenarios
where a provider may go out of business, or their data center could
become inoperable.
* Security breach policies governing the ways to notify individuals
through cloud provider's systems or other means if their personal
data gets compromised in any way.
* Industry standards policy governing additional requirements on what
type of cardholder data may or may not be stored and how it is to
be protected.
This is an example of such legal frameworks:
Data storage regulations in Europe are currently driven by provisions of
the `Data protection framework <http://ec.europa.eu/justice/data-protection/>`_.
`Financial Industry Regulatory Authority
<http://www.finra.org/Industry/Regulation/FINRARules/>`_ works on this in
the United States.
Privacy and security are spread over different industry-specific laws and
regulations:
* Health Insurance Portability and Accountability Act (HIPAA)
* Gramm-Leach-Bliley Act (GLBA)
* Payment Card Industry Data Security Standard (PCI DSS)
* Family Educational Rights and Privacy Act (FERPA)
Cloud security architecture
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cloud security architecture should recognize the issues
that arise with security management, which addresses these issues
with security controls. Cloud security controls are put in place to
safeguard any weaknesses in the system, and reduce the effect of an attack.
The following security controls are described below.
Deterrent controls:
Typically reduce the threat level by informing potential attackers
that there will be adverse consequences for them if they proceed.
Preventive controls:
Strengthen the system against incidents, generally by reducing
if not actually eliminating vulnerabilities.
Detective controls:
Intended to detect and react appropriately to any incidents
that occur. System and network security monitoring, including
intrusion detection and prevention arrangements, are typically
employed to detect attacks on cloud systems and the supporting
communications infrastructure.
Corrective controls:
Reduce the consequences of an incident, normally by limiting
the damage. They come into effect during or after an incident.
Restoring system backups in order to rebuild a compromised
system is an example of a corrective control.
For more information, see See also `NIST Special Publication 800-53
<https://web.nvd.nist.gov/view/800-53/home>`_.

View File

@ -1,33 +0,0 @@
==================
Software licensing
==================
The many different forms of license agreements for software are often written
with the use of dedicated hardware in mind. This model is relevant for the
cloud platform itself, including the hypervisor operating system, supporting
software for items such as database, RPC, backup, and so on. Consideration
must be made when offering Compute service instances and applications to end
users of the cloud, since the license terms for that software may need some
adjustment to be able to operate economically in the cloud.
Multi-site OpenStack deployments present additional licensing
considerations over and above regular OpenStack clouds, particularly
where site licenses are in use to provide cost efficient access to
software licenses. The licensing for host operating systems, guest
operating systems, OpenStack distributions (if applicable),
software-defined infrastructure including network controllers and
storage systems, and even individual applications need to be evaluated.
Topics to consider include:
* The definition of what constitutes a site in the relevant licenses,
as the term does not necessarily denote a geographic or otherwise
physically isolated location.
* Differentiations between "hot" (active) and "cold" (inactive) sites,
where significant savings may be made in situations where one site is
a cold standby for disaster recovery purposes only.
* Certain locations might require local vendors to provide support and
services for each site which may vary with the licensing agreement in
place.

View File

@ -1,60 +0,0 @@
========
Overview
========
:term:`OpenStack` is a fully-featured, self-service cloud. This book takes you
through some of the considerations you have to make when designing your
cloud.
Intended audience
~~~~~~~~~~~~~~~~~
This book has been written for architects and designers of OpenStack
clouds. For information about deploying and operating OpenStack, see the
`OpenStack Operations Guide <https://docs.openstack.org/ops-guide/>`_.
Before reading this book, we recommend:
* Prior knowledge of cloud architecture and principles.
* Experience in enterprise system design.
* Linux and virtualization experience.
* A basic understanding of networking principles and protocols.
How this book is organized
~~~~~~~~~~~~~~~~~~~~~~~~~~
This book examines some of the most common uses for OpenStack clouds, explains
the considerations for each use case, and design criteria for each of the
major OpenStack components. Cloud architects may use this book as a
comprehensive guide by reading all of the use cases, but it is also possible
to read only the chapters which pertain to a specific use case. The sections
covered include:
* :doc:`Cloud Architecture Use Cases <use-cases>`: An examination of some
of the most common OpenStack cloud use cases. It covers stakeholder
requirements, user stories, an explanation of the design models, and
component block diagrams.
* :doc:`High availability <high-availability>`: Separation of data plane and
control plane, and how to eliminate single points of failure.
* :doc:`Capacity planning and scaling <capacity-planning-scaling>`:
Information on how to design your cloud architecture for high network
traffic and scalability.
* :doc:`Cloud architecture design <design>`: A detailed breakdown of the
major cloud architecture components, and considerations when designing a
cloud. This includes storage choices, networking design choices,
implementing keystone, image creation and management, implementation of
control plane components, and using Dashboard or cloud management platform
tools.
.. toctree::
:maxdepth: 2
overview-planning
overview-customer-requirements
overview-legal-requirements
overview-software-licensing
overview-security-requirements
overview-operator-requirements

View File

@ -0,0 +1,12 @@
Appendix
~~~~~~~~
.. toctree::
:maxdepth: 1
app-usecases.rst
app-crypt.rst
app-roadmaps.rst
app-resources.rst
common/app-support.rst
common/glossary.rst

Binary file not shown.

After

Width:  |  Height:  |  Size: 42 KiB

View File

@ -39,6 +39,9 @@ Contents
acknowledgements.rst acknowledgements.rst
preface.rst preface.rst
common/conventions.rst common/conventions.rst
ops-deployment-factors.rst
ops-planning.rst
ops-capacity-planning-scaling.rst
ops-lay-of-the-land.rst ops-lay-of-the-land.rst
ops-projects-users.rst ops-projects-users.rst
ops-user-facing-operations.rst ops-user-facing-operations.rst
@ -49,30 +52,4 @@ Contents
ops-customize.rst ops-customize.rst
ops-advanced-configuration.rst ops-advanced-configuration.rst
ops-upgrades.rst ops-upgrades.rst
appendix.rst
Appendix
~~~~~~~~
.. toctree::
:maxdepth: 1
app-usecases.rst
app-crypt.rst
app-roadmaps.rst
app-resources.rst
common/app-support.rst
Glossary
~~~~~~~~
.. toctree::
:maxdepth: 1
common/glossary.rst
.. only:: html
Search
~~~~~~
* :ref:`search`

View File

@ -4,9 +4,9 @@
Capacity planning and scaling Capacity planning and scaling
============================= =============================
Whereas traditional applications required larger hardware to scale Cloud-based applications typically request more discrete hardware (horizontal
(vertical scaling), cloud-based applications typically request more, scaling) as opposed to traditional applications, which require larger hardware
discrete hardware (horizontal scaling). to scale (vertical scaling).
OpenStack is designed to be horizontally scalable. Rather than switching OpenStack is designed to be horizontally scalable. Rather than switching
to larger servers, you procure more servers and simply install identically to larger servers, you procure more servers and simply install identically
@ -14,16 +14,16 @@ configured services. Ideally, you scale out and load balance among groups of
functionally identical services (for example, compute nodes or ``nova-api`` functionally identical services (for example, compute nodes or ``nova-api``
nodes), that communicate on a message bus. nodes), that communicate on a message bus.
The Starting Point Determining cloud scalability
~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Determining the scalability of your cloud and how to improve it requires Determining the scalability of your cloud and how to improve it requires
balancing many variables. No one solution meets everyone's scalability goals. balancing many variables. No one solution meets everyone's scalability goals.
However, it is helpful to track a number of metrics. Since you can define However, it is helpful to track a number of metrics. You can define
virtual hardware templates, called "flavors" in OpenStack, you can start to virtual hardware templates called "flavors" in OpenStack, which will impact
make scaling decisions based on the flavors you'll provide. These templates your cloud scaling decisions. These templates define sizes for memory in RAM,
define sizes for memory in RAM, root disk size, amount of ephemeral data disk root disk size, amount of ephemeral data disk space available, and the number
space available, and number of cores for starters. of CPU cores.
The default OpenStack flavors are shown in :ref:`table_default_flavors`. The default OpenStack flavors are shown in :ref:`table_default_flavors`.
@ -85,8 +85,8 @@ and require 80 TB of storage for ``/var/lib/nova/instances``:
- Most instances are size m1.medium (two virtual cores, 50 GB of - Most instances are size m1.medium (two virtual cores, 50 GB of
storage). storage).
- Default CPU overcommit ratio (``cpu_allocation_ratio`` in nova.conf) - Default CPU overcommit ratio (``cpu_allocation_ratio`` in the ``nova.conf``
of 16:1. file) of 16:1.
.. note:: .. note::
Regardless of the overcommit ratio, an instance can not be placed Regardless of the overcommit ratio, an instance can not be placed
@ -105,8 +105,6 @@ the latter puts constant heavy load on the cloud controller. You must
consider your average VM lifetime, as a larger number generally means consider your average VM lifetime, as a larger number generally means
less load on the cloud controller. less load on the cloud controller.
.. TODO Perhaps relocate the above paragraph under the web scale use case?
Aside from the creation and termination of VMs, you must consider the Aside from the creation and termination of VMs, you must consider the
impact of users accessing the service particularly on ``nova-api`` and impact of users accessing the service particularly on ``nova-api`` and
its associated database. Listing instances garners a great deal of its associated database. Listing instances garners a great deal of
@ -133,7 +131,7 @@ CPU performance (CPU/core).
metrics from your cloud, see the `OpenStack Operations Guide metrics from your cloud, see the `OpenStack Operations Guide
<https://docs.openstack.org/ops-guide/ops-logging-monitoring.html>`_. <https://docs.openstack.org/ops-guide/ops-logging-monitoring.html>`_.
Adding Cloud Controller Nodes Adding cloud controller nodes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You can facilitate the horizontal expansion of your cloud by adding You can facilitate the horizontal expansion of your cloud by adding
@ -164,18 +162,16 @@ the one machine.
Several options are available for MySQL load balancing, and the Several options are available for MySQL load balancing, and the
supported AMQP brokers have built-in clustering support. Information supported AMQP brokers have built-in clustering support. Information
on how to configure these and many of the other services can be on how to configure these and many of the other services can be
found in the `operations chapter found in the `Operations Guide
<https://docs.openstack.org/ops-guide/operations.html>`_ in the Operations <https://docs.openstack.org/ops-guide/operations.html>`_.
Guide.
Segregating Your Cloud Segregating your cloud
~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~
When you want to offer users different regions to provide legal Segregating your cloud is needed when users require different regions for legal
considerations for data storage, redundancy across earthquake fault considerations for data storage, redundancy across earthquake fault lines, or
lines, or for low-latency API calls, you segregate your cloud. Use one for low-latency API calls. It can be segregated by *cells*, *regions*,
of the following OpenStack methods to segregate your cloud: *cells*, *availability zones*, or *host aggregates*.
*regions*, *availability zones*, or *host aggregates*.
Each method provides different functionality and can be best divided Each method provides different functionality and can be best divided
into two groups: into two groups:
@ -228,7 +224,7 @@ segregation method currently provided by OpenStack Compute.
- Keystone, All nova services - Keystone, All nova services
- Keystone, All nova services - Keystone, All nova services
Cells and Regions Cells and regions
----------------- -----------------
OpenStack Compute cells are designed to allow running the cloud in a OpenStack Compute cells are designed to allow running the cloud in a
@ -258,16 +254,12 @@ The OpenStack dashboard (horizon) can be configured to use multiple
regions. This can be configured through the ``AVAILABLE_REGIONS`` regions. This can be configured through the ``AVAILABLE_REGIONS``
parameter. parameter.
Availability Zones and Host Aggregates Availability zones and host aggregates
-------------------------------------- --------------------------------------
You can use availability zones, host aggregates, or both to partition a You can use availability zones, host aggregates, or both to partition a
nova deployment. nova deployment. Both methods are configured and implemented in a similar
way.
Availability zones are implemented through and configured in a similar
way to host aggregates.
However, you can use them for different reasons.
Availability zone Availability zone
^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^
@ -429,4 +421,3 @@ while in production can be avoided by appropriate burn-in testing to
attempt to trigger the early-stage failures. The general principle is to attempt to trigger the early-stage failures. The general principle is to
stress the hardware to its limits. Examples of burn-in tests include stress the hardware to its limits. Examples of burn-in tests include
running a CPU or disk benchmark for several days. running a CPU or disk benchmark for several days.

View File

@ -1,8 +1,11 @@
.. _security-requirements: .. _legal-requirements:
======================================
Factors affecting OpenStack deployment
======================================
=====================
Security requirements Security requirements
===================== ~~~~~~~~~~~~~~~~~~~~~
When deploying OpenStack in an enterprise as a private cloud, it is When deploying OpenStack in an enterprise as a private cloud, it is
usually behind the firewall and within the trusted network alongside usually behind the firewall and within the trusted network alongside
@ -40,7 +43,7 @@ For more information OpenStack Security, see the `OpenStack Security
Guide <https://docs.openstack.org/security-guide/>`_. Guide <https://docs.openstack.org/security-guide/>`_.
Security domains Security domains
~~~~~~~~~~~~~~~~ ----------------
A security domain comprises of users, applications, servers or networks A security domain comprises of users, applications, servers or networks
that share common trust requirements and expectations within a system. that share common trust requirements and expectations within a system.
@ -89,7 +92,7 @@ OpenStack deployment topology. The domains and their trust requirements depend
upon whether the cloud instance is public, private, or hybrid. upon whether the cloud instance is public, private, or hybrid.
Hypervisor security Hypervisor security
~~~~~~~~~~~~~~~~~~~ -------------------
The hypervisor also requires a security assessment. In a The hypervisor also requires a security assessment. In a
public cloud, organizations typically do not have control public cloud, organizations typically do not have control
@ -106,7 +109,7 @@ important. However, enterprises can minimize vulnerability by avoiding
hardware sharing with others in a public cloud. hardware sharing with others in a public cloud.
Baremetal security Baremetal security
~~~~~~~~~~~~~~~~~~ ------------------
There are other services worth considering that provide a There are other services worth considering that provide a
bare metal instance instead of a cloud. In other cases, it is bare metal instance instead of a cloud. In other cases, it is
@ -125,7 +128,7 @@ offers private Cloud-as-a-Service.
workloads. workloads.
Networking security Networking security
~~~~~~~~~~~~~~~~~~~ -------------------
Consider security implications and requirements before designing the Consider security implications and requirements before designing the
physical and logical network topologies. Make sure that the networks are physical and logical network topologies. Make sure that the networks are
@ -144,7 +147,7 @@ network onto dedicated Compute nodes. This prevents attackers
from having access to the networks from a compromised instance. from having access to the networks from a compromised instance.
Multi-site security Multi-site security
~~~~~~~~~~~~~~~~~~~ -------------------
Securing a multi-site OpenStack installation brings Securing a multi-site OpenStack installation brings
several challenges. Tenants may expect a tenant-created network several challenges. Tenants may expect a tenant-created network
@ -169,3 +172,128 @@ Networking (neutron). Therefore an external system may be required
to manage mapping. Tenant networks may contain sensitive information requiring to manage mapping. Tenant networks may contain sensitive information requiring
accurate and consistent mapping to ensure that a tenant in one site accurate and consistent mapping to ensure that a tenant in one site
does not connect to a different tenant in another site. does not connect to a different tenant in another site.
Legal requirements
~~~~~~~~~~~~~~~~~~
Using remote resources for collection, processing, storage,
and retrieval provides potential benefits to businesses.
With the rapid growth of data within organizations, businesses
need to be proactive about their data storage strategies from
a compliance point of view.
Most countries have legislative and regulatory requirements governing
the storage and management of data in cloud environments. This is
particularly relevant for public, community and hybrid cloud models,
to ensure data privacy and protection for organizations using a
third party cloud provider.
Common areas of regulation include:
* Data retention policies ensuring storage of persistent data
and records management to meet data archival requirements.
* Data ownership policies governing the possession and
responsibility for data.
* Data sovereignty policies governing the storage of data in
foreign countries or otherwise separate jurisdictions.
* Data compliance policies governing certain types of
information needing to reside in certain locations due to
regulatory issues - and more importantly, cannot reside in
other locations for the same reason.
* Data location policies ensuring that the services deployed
to the cloud are used according to laws and regulations in place
for the employees, foreign subsidiaries, or third parties.
* Disaster recovery policies ensuring regular data backups and
relocation of cloud applications to another supplier in scenarios
where a provider may go out of business, or their data center could
become inoperable.
* Security breach policies governing the ways to notify individuals
through cloud provider's systems or other means if their personal
data gets compromised in any way.
* Industry standards policy governing additional requirements on what
type of cardholder data may or may not be stored and how it is to
be protected.
This is an example of such legal frameworks:
Data storage regulations in Europe are currently driven by provisions of
the `Data protection framework <http://ec.europa.eu/justice/data-protection/>`_.
`Financial Industry Regulatory Authority
<http://www.finra.org/Industry/Regulation/FINRARules/>`_ works on this in
the United States.
Privacy and security are spread over different industry-specific laws and
regulations:
* Health Insurance Portability and Accountability Act (HIPAA)
* Gramm-Leach-Bliley Act (GLBA)
* Payment Card Industry Data Security Standard (PCI DSS)
* Family Educational Rights and Privacy Act (FERPA)
Cloud security architecture
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cloud security architecture should recognize the issues
that arise with security management, which addresses these issues
with security controls. Cloud security controls are put in place to
safeguard any weaknesses in the system, and reduce the effect of an attack.
The following security controls are described below.
Deterrent controls:
Typically reduce the threat level by informing potential attackers
that there will be adverse consequences for them if they proceed.
Preventive controls:
Strengthen the system against incidents, generally by reducing
if not actually eliminating vulnerabilities.
Detective controls:
Intended to detect and react appropriately to any incidents
that occur. System and network security monitoring, including
intrusion detection and prevention arrangements, are typically
employed to detect attacks on cloud systems and the supporting
communications infrastructure.
Corrective controls:
Reduce the consequences of an incident, normally by limiting
the damage. They come into effect during or after an incident.
Restoring system backups in order to rebuild a compromised
system is an example of a corrective control.
For more information, see See also `NIST Special Publication 800-53
<https://web.nvd.nist.gov/view/800-53/home>`_.
Software licensing
~~~~~~~~~~~~~~~~~~
The many different forms of license agreements for software are often written
with the use of dedicated hardware in mind. This model is relevant for the
cloud platform itself, including the hypervisor operating system, supporting
software for items such as database, RPC, backup, and so on. Consideration
must be made when offering Compute service instances and applications to end
users of the cloud, since the license terms for that software may need some
adjustment to be able to operate economically in the cloud.
Multi-site OpenStack deployments present additional licensing
considerations over and above regular OpenStack clouds, particularly
where site licenses are in use to provide cost efficient access to
software licenses. The licensing for host operating systems, guest
operating systems, OpenStack distributions (if applicable),
software-defined infrastructure including network controllers and
storage systems, and even individual applications need to be evaluated.
Topics to consider include:
* The definition of what constitutes a site in the relevant licenses,
as the term does not necessarily denote a geographic or otherwise
physically isolated location.
* Differentiations between "hot" (active) and "cold" (inactive) sites,
where significant savings may be made in situations where one site is
a cold standby for disaster recovery purposes only.
* Certain locations might require local vendors to provide support and
services for each site which may vary with the licensing agreement in
place.