IEEE EDOC 2015 – The Enterprise Compu8ng Conference September 22 – 25, 2015 Adelaide, Australia
Building Secure and Scalable Private Cloud with OpenStack Ben Ramsey Muhammad Ali Babar CREST – The Centre for Research on Engineering SoCware Technologies The University of Adelaide, Australia
[email protected] [email protected]
Ben Ramsey
SoCware Developer @ The University of Adelaide Bachelor of Engineering (SoCware) with Honors, The University of Adelaide
E-‐mail:
[email protected] Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
M. Ali Babar Professor of SoCware Engineering, University of Adelaide, Australia: Nov. 2013 – IT University of Copenhagen, Denmark: Dec. 2009 PhD in CSE, University of New South Wales, Mar. 2007 Work History: Reader in SoCware Engineering , Lancaster, UK, Feb. 2013 – Nov. 2013. Lero, Ireland: Mar. 2007 – Dec. 2009 Na\onal ICT Australia: Mar. 2003 – Mar. 2007 JRCASE, Macquarie University: Feb. 2001 – Feb. 2003 Various industrial roles in IT: Prior to 2001
Research Interests: SoCware Architecture, Service Orienta\on, Cloud Compu\ng, and SoCware Development Paradigm h`p://malibabar.wordpress.com Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Tutorial Agenda
– Virtualiza\on • Cloud Compu\ng Overview – Bare-‐metal provisioning • Design & Implementa\on Considera\ons for building a • Component modeling (previous R&D project) private cloud • Exercises in using OpenStack • Security in the Cloud – Deployment • Scalability in the Cloud – Launching instances, stacks • OpenStack – Projects – Distribu\ons Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
What is Cloud Compu\ng? “Cloud compu8ng is a model for enabling convenient, on-‐demand network access to a shared pool of configurable compu8ng resources (e.g., networks, servers, storage, applica8ons, and services) that can be rapidly provisioned and released with minimal management effort or service provider interac8on.” (A defini\on by the US Na\onal ins\tute of standards and technology (NIST))
• Some of the characteris\cs – – – – –
Distributed compu\ng at a massive scale. On demand elas\city. Exploi\ng exis\ng technologies (Grid, U\lity, Virtualiza\on). Pay per use model. Driven by economies of scale.
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
A Snapshot of Poten\al Areas of Interest
Reproduced from Figure 1 of The Future of Cloud Compu\ng: Opportuni\es for European Cloud Compu\ng beyond 2010. Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Service and Deployment Models SoKware as a Service (SaaS) Google Apps
Zoho
Salesforce CRM
MicrosoK Cloud Services
Google App Engine
MicrosoK Azure
Force.com
Yahoo Open Strategy
Service Models
PlaIorm as a Service (PaaS)
Infrastructure as a Service (IaaS) Amazon EC2
Private Clouds
IBM – Compu@ng On Demand (DoC)
Community Clouds Hybrid Clouds
VMWare vSphere
Virtual Private Clouds
Deployment Models
Public Clouds
Eucalyptus
Design Considera\ons
• Some ques\ons to consider: – What are the use cases for the cloud? – What architectural requirements need to be met? – What infrastructure is available to you? – What resources are needed by the cloud users? Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Design Considera\ons
• There are mul\ple use cases for the cloud, and the use case can determine the features, capabili\es, and architectural requirements for the cloud
• Some examples include: – Big Data Processing – Tiered applica\on hos\ng – Cloud Storage Service Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Design Considera\ons
• Architectural requirements of the cloud need to be considered carefully as there is oCen compromise required.
• Some examples of architectural requirements to consider are: – Availability – Scalability – Security – Redundancy Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Design Considera\ons
• The available infrastructure can impact the design of a cloud system greatly.
• Some cloud services may only be available if some hardware/ soCware requirement is met. – e.g. OpenStack bare-‐metal driver requires an IPMI server to be running
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Design Considera\ons
• The virtual resources required by the cloud users is linked to the use case.
• Some resources that need to be considered is: – How many virtual machines are needed to be run concurrently? – How many virtual networks are needed for each tenant? – How much does the load on the system fluctuate over \me?
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Implementa\on Considera\ons • What technologies are you familiar with? – Not all technologies used outside of the cloud is appropriate for the cloud.
• What features do you require from the cloud? – Can be features required for deployments, and administra\on as well as for the use cases.
• How much of your current infrastructure can be moved to the cloud? – Need to ensure that current infrastructure integra\on will provide more value than already integrated alterna\ve Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Security in the Cloud
• Highly important in mul\-‐tenant cloud environments
• Public clouds is the providers issue, private cloud it’s the deployers.
• OpenStack founda\on split vulnerabili\es into the following categories – Privilege Escala\on – Denial of Service – Informa\on Disclosure Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Security in the Cloud
• Vulnerability categories can help with risk assignment
• OCen security and scalability must have compromises in order to achieve the best solu\on
• Clouds have a large a`ack surface, making secure deployments difficult
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Security in the Cloud: Privilege Escala\on
• A`ack that allows a user to masquerade as another user bypassing authorisa\on checks. i.e. guest ac\ng as an admin user
• Can allow the malicious user to create new users, making a persistent escala\on.
• In the cloud, admin users can create and remove instances, networks, etc. Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Security in the Cloud: Denial of Service
• A`ack that can make all or some cloud services unusable
• Usually done by overloading the system with requests, filling up disk space, require too much memory, etc.
• Cloud services are very suscep\ble to these a`acks, and oCen the risk of these a`acks is very high or cri\cal
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Security in the Cloud: Informa\on Disclosure
• A`acks that can give the a`acker confiden\al, or privileged informa\on.
• Informa\on can include password files, configura\on files, debugging info.
• Refers to both the confiden\ality, and integrity of the informa\on with a`ackers being able to either read, or modify files. Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Security in the Cloud: A`ack Surface
• The a`ack surface of the cloud can be split into several domains: – – – –
Public: should be untrusted includes APIs, and other public facing items Guest: untrusted for public clouds, trusted for private (instance data) Management: trusted (inter-‐service communica\on) Data: trusted (Cloud storage)
• Need to ensure security management over all domains and technologies used in the cloud – – – – –
SSL technologies Hypervisors Message Queues Databases Provisioning tools
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Scalability in the cloud
• This is a very important architectural requirement for cloud based systems.
• Can be split into management and usage scalability concerns
• Management scalability, is the scalability of the cloud services
• Usage scalability is how many cloud resources can be used before the system is nega\vely impacted. Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Introduc\on to OpenStack
• Open Source private cloud soCware for deployment of private Infrastructure as a Service clouds
• Minimal deployment provides: – Authorisa\on – Virtual Networking – Computa\on Engine
• Other OpenStack projects provide addi\onal func\onality Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Conceptual Overview of OpenStack
Source of Figure: h`p://docs.openstack.org/kilo/install-‐guide/install/apt/content/ch_overview.html Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
OpenStack Projects
• Mandatory:
– Ceilometer Telemetry Service – Horizon Web Dashboard
– Nova Compute – Keystone Iden\ty – Glance Image – Neutron Networking
• Op\onal:
• Common non-‐mandatory: – Cinder Block Storage – SwiC Object Storage – Heat Orchestra\on Service Ben Ramsey & Muhammad Ali Babar
– Magnum: Containers as a Service – Ironic: Bare-‐metal Provisioning Driver – Trove: Database as a Service – Sahara: Data Processing as a Service
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
OpenStack Projects: Nova
• Service responsibility: Virtual Machine Provisioning
• One of the original components of OpenStack
• Includes schedulers to decide what hypervisor to put a requested virtual machine instance on
• Conductor acts as a proxy between the other services and the service database Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
OpenStack Projects: Keystone
• Service Responsibility: Iden\ty and Endpoint management
• Iden\ty component provides the authen\ca\on and authorisa\on for the cloud
• Endpoint component provides a way to catalog the other services and where they can be found – Endpoints have three types: admin, internal, and public. Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
OpenStack Projects: Keystone Concepts
• User: An en\ty that uses the OpenStack cloud services in some way. – Can be an OpenStack cloud service
service (e.g. Keystone, Nova,…) • Endpoint: Where to access the associated service
• Role: A set of capabili\es for the • Tenant: A grouping of resources, allows separa\on of users with the role users • Domain: Administra\ve boundaries o f t he s ystem • Service: An OpenStack cloud Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
OpenStack Projects: Glance
• Service Responsibility: Image Management
• Manages the storage and fetching of cloud instance images.
• Can use different backend storage engines: filesystem, swiC, ceph
• Can store various disk formats: qcow2, raw, vhd, vdi, vmdk, iso, etc.
• Can store various container formats: bare, ovf, ova, docker, etc. Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
OpenStack Projects: Neutron
• Service Responsibility: Virtual Networking
• Provides an interface for reques\ng the crea\on and dele\on of virtual networking infrastructure – Networks – Routers
• Provides virtual machine instances access to the outside world, and provides rou\ng in between instances on the same virtual network. Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
OpenStack Projects: Neutron Complexity
• Neutron is one of the more complex OpenStack projects
• Configura\on and components change considerably between deployments
• Along with the basic networking func\onality plugins exists that can provide: – Load-‐Balancing-‐as-‐a-‐Service – Firewall-‐as-‐a-‐Service – VPN-‐as-‐a-‐Service
• Common deployments use OpenVSwitch or linuxbridge agents for tunneling
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
OpenStack Projects: Cinder
• Service Responsibility: Block Storage
• Provides virtual instances with persistent storage capabili\es
• Mul\ple storage back-‐ends available: – GlusterFS – Ceph – LVM Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
OpenStack Projects: SwiC
• Service Responsibility: Object Storage
• Provides binary object storage within the cloud
• Similar to the Amazon S3 object storage system
• Used to store backups of block storage devices and images primarily. Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
OpenStack Projects: Ceilometer
• Service Responsibility: Cloud telemetry
• Provides a way to collect data about the usage of the cloud – VM usage – Network u\lisa\on – Storage usage
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
OpenStack Projects: Horizon
• Service Responsibility: Web facing Dashboard
• Uses Python Django web framework
• Provides a simple UI tool to perform most common tasks within OpenStack
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
OpenStack Projects: Heat
• Service Responsibility: Cloud Orchestra\on
• Provides a way to deploy mul\ple cloud resources simultaneously
• Uses a YAML based syntax to define stacks
• Can be used to deploy applica\ons with several dependent components e.g. – Laqce – Wordpress
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
OpenStack Projects: Heat Architecture heat-‐api
• Heat-‐api • heat-‐api-‐cfn
heat-‐eng Other Projects Ben Ramsey & Muhammad Ali Babar
• glance-‐api • nova-‐api • neutron-‐api • cinder-‐api • swiC-‐api • magnum-‐api
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Heat Orchestra\on Template
• Used to define a group of resources to be deployed by Heat
• Has three major groups in the defini\on
– Parameters: used to customise a groups defini\on on a stack-‐by-‐stack basis – Resources: The resources that are a part of the stack – Outputs: Informa\on about the stack the user requires e.g. IP address of a server
• Resources are from most major components of OpenStack Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
OpenStack Projects: Magnum
• Service Responsibility: Container Orchestra\on
• Provides an interface for deploying container orchestra\on engines e.g. – Kubernetes – Mesos – Docker Swarm
• Leverages Heat to deploy the clusters Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
OpenStack Projects: Ironic
• Service Responsibility: Bare-‐metal Instance Driver
• Provides a way to start bare-‐metal servers in the same way that nova starts virtual machines
• Nova talks to the Ironic API to start the machine with a par\cular image
• Uses IPMI or WoL. – IPMI can be used to power machines off and on – WoL is only able to power machines on Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
OpenStack Distribu\ons
• Rackspace Private Cloud
– Based on OpenStack Juno – Uses Ansible deployment scripts for enterprise deployments
• Ubuntu Cloud
– Based on Openstack Juno – Fairly rigid in what is deployable, i.e. limited virtual machine types.
• DevStack
– Based on a combina\on of Trunk and Juno – Uses MaaS, Juju, and Landscape for deployment tools.
Ben Ramsey & Muhammad Ali Babar
• Miran\s Fuel
– Development Environment, based on master branch of source code (can specify other branches) – Fetches all projects from git repositories, and handles all prerequisites.
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Hypervisors (type-‐1, type-‐2)
• Virtual compu\ng resources that sit either on the bare-‐metal, or on top of a host OS
• Provide a complete compu\ng environment to the user
• Used to separate the running of applica\ons from other hypervisors or the host
• Cloud providers use them to provide various compu\ng resources to their consumers. Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Virtual Machines: OpenStack Op\ons
• Type-‐1 hypervisors supported: – XenServer – VMWare ESXI – Hyper-‐V
• Type-‐2 hypervisors supported: – KVM/QEMU
• Full list available at: h`p://docs.openstack.org/developer/nova/support-‐matrix.html Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Containers
• Commonly applica\on level virtualiza\on
• Lighter weight than tradi\onal type-‐1 or type-‐2 hypervisors
• Does not require a guest kernel
• Docker is currently the most popular op\on
Ben Ramsey & Muhammad Ali Babar
h`ps://www.docker.com/wha\sdocker
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Containers: Security
• Less secure than full virtual machines – They communicate with the host kernel
• Uses namespaces and cgroups in order to separate themselves from the host system
• Security can be increased by deploying containers within a hypervisor to add another layer of isola\on. Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Containers: OpenStack Op\ons
• Docker nova driver
• LXD nova driver
• Magnum containers service that leverages container orchestra\on engines – Kubernetes – Mesos – Docker Swarm
• Libvirt LXC, or OpenVZ(Virtuozza) nova driver Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Containers: Docker
• Very popular container engine
• Was not originally designed with security focus
• Has major flaws in terms of security risks – Main flaw in container images, Docker 1.8 seeks to address this – Uses unfiltered bridge as network connec\on on the host machine – Docker daemon runs as root (implies any user in Docker group is an admin of the system) Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Containers: LXD
• Machine containers system – Heavier than tradi\onal applica\on containers (Docker, rkt) – Lighter than full type-‐1 or type-‐2 hypervisors
• Has full virtualised OS within containers
• Difference between LXD and hypervisors is LXD uses LXC to have a faster virtualisa\on plavorm Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Bare-‐metal provisioning
• Bringing machines from boot to a required state
• Ironic provides this capability within OpenStack – Requires IPMI for full capabili\es
• Other op\ons include: – Clonezilla – Puppetlabs Razor Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Component Modelling
• Our previous R&D project was to develop a way to model different components to run within an OpenStack private cloud
• Each component was a service that generated network traffic, either by requests, or responses.
• Components based around Data Distribu\on Service models.
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Component Modelling: UI
• A graphical user interface was developed as a plugin to eclipse.
• The interface allowed the following ac\ons: – Define components from forms, and models. – View and launch virtual machine instances – View and provision bare-‐metal servers. (Either compute node, or linux node)
• Component Models were done using the OpenDDS model format, created using the Eclipse plugin for OpenDDS modelling Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Component Modelling: UI Screenshot
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Component Models: Dummy Component
• These components were defined from either a DDS model, or from a form.
• They defined the input data they were expec\ng and the data they output.
• The output data was given a frequency to push data out at (Hz)
• Able to use this to simulate the network flow, through a system. Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Component Models: Running
• These components could be run once defined, either within a instance within OpenStack or on a bare-‐metal provisioned server.
• Bare-‐metal servers were provisioned using Clonezilla – Used because of hardware limita\ons (no IPMI available)
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Deployment Issues from previous project • Networking:
– Neutron was difficult, nova-‐network was simpler to deploy and fit our use case – OpenStack networking required high degree of knowledge of networking infrastructure
• OpenStack Distribu\ons:
– Rackspace distribu\on was unable to be used due to buggy scripts dealing with non-‐enterprise grade systems – Miran\s Fuel did not fit our requirements
• Bare-‐metal Provisioning
– OpenStack Ironic required IPMI to work fully – Clonezilla needed control over DHCP configura\on, but it fit our needs.
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Summary
• Finding deployment guides for OpenStack is easy, finding ones suitable for your requirements is harder
• Many design and implementa\on considera\ons to take into account
• OpenStack is a complex system of interconnec\ng components
• OpenStack is very flexible for the requirements of the user, as many features are op\onal and very customizable Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Summary
• OCen need to find a compromise between security and scalability
• More features/projects added less secure the cloud is
• Scalability and security require very careful considera\on in order to achieve the requirements
• Security is never perfect Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Acknowledgement
• Main source of material -‐ M. Ali Babar, D. Silver, B. Ramsey, An Inves\ga\on into the Use of OpenStack for Submarine Mission Systems: Technological Capabili\es and Limita\ons, Volume 1, Technical Report, CREST, University of Adelaide, Adelaide, Australia, 2015. • M. Ali Babar and B. Ramsey, Secure and Scalable Private Cloud with OpenStack and Container Technologies, Work in progress. • This research was performed under contract to the Defence Science and Technology (DST) Group Mari\me Division, Australia.
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Ques\ons
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Interes\ng Resources: mailing lists
• OpenStack:Now newsle`er: h`p://content.miran\s.com/openstack-‐now-‐newsle`er-‐landing-‐page.html – Holds links to various blogs, tutorials, and news related to the OpenStack community
• OpenStack mailing lists
– Security mailing list is a must if security is a primary concern for your cloud deployment: h`p://lists.openstack.org/cgi-‐bin/mailman/lis\nfo/openstack-‐security • Discusses current security risks and vulnerabili\es, with their status.
– For other mailing lists visit: h`p://lists.openstack.org/cgi-‐bin/mailman/lis\nfo
• Docker weekly: h`ps://www.docker.com/newsle`er-‐subscrip\on
– Similar to OpenStack:Now contains links to blogs, tutorials, and news related to Docker
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Exercise 1: Deploying an OpenStack cloud
• Deploy the DevStack distribu\on of OpenStack
• Takes about one hour to do a complete deployment most of it is automated
• Use a virtual machine to deploy it within.
Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
Exercise 2: Using OpenStack
• Launch a compute instance
• Create a virtual network
• Using heat to deploy stacks – Single instance – Mul\ple instances – Load balancing instances Ben Ramsey & Muhammad Ali Babar
Building Secure and Scalable Private Cloud Infrastructure with OpenStack
