openstack/openstack-manuals
Code Issues Proposed changes
a7b79cb34c
openstack-manuals/doc/security-guide/ch035_case-studies-networking.xml
Andreas Jaeger 6bf4dedafc Edits on security guide 
Change all titles to sentence style capitalization (some were already,
majority not)
Adjust project and service name spelling.
Minor edits
Fix links to TPM section

Change-Id: Ic8cc709b068d2273762f074daa5ac30ebe9aaf20
Partial-Bug: #1217503
2014-05-06 22:40:19 +02:00

48 lines
2.7 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<chapter xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns="http://docbook.org/ns/docbook"
version="5.0"
xml:id="ch035_case-studies-networking">
<?dbhtml stop-chunking?>
<title>Case studies: Networking</title>
<para>In this case study we discuss how Alice and Bob would address providing networking services to the user.</para>
<section xml:id="ch035_case-studies-networking-idp37440">
<title>Alice's private cloud</title>
<para>A key objective of Alice's cloud is to integrate with the
existing auth services and security resources. The key design
parameters for this private cloud are a limited scope of
tenants, networks and workload type. This environment can be
designed to limit what available network resources are available
to the tenant and what are the various default quotas and
security policies are available. The network policy engine can
be modified to restrict creation and changes to network
resources. In this environment, Alice might want to leverage
nova-network in the application of security group polices on a
per instance basis vs. neutron's application of security group
polices on a per port basis. L2 isolation in this environment
would leverage VLAN tagging. The use of VLAN tags will allow
great visibility of tenant traffic by leveraging existing
features and tools of the physical infrastructure.</para>
</section>
<section xml:id="ch035_case-studies-networking-idp40064">
<title>Bob's public cloud</title>
<para>A major business driver for Bob is to provide an advanced
networking services to his customers. Bob's customers would like
to deploy multi-tiered application stacks. This multi-tiered
application are either existing enterprise application or newly
deployed applications. Since Bob's public cloud is a
multi-tenancy enterprise service, the choice to use for L2
isolation in this environment is to use overlay
networking. Another aspect of Bob's cloud is the self-service
aspect where the customer can provision available networking
services as needed. These networking services encompass L2
networks, L3 Routing, Network <glossterm>ACL</glossterm> and
NAT. It is important that per-tenant quota's be implemented in
this environment.</para>
<para>An added benefit with utilizing OpenStack Networking is
when new advanced networking services become available, these
new features can be easily provided to the end customers.</para>
</section>
</chapter>
View Git Blame Copy Permalink