OpenStack Security Guide: One Week, 38,000 Words, A Lot Of Security

Earlier this year Racker Anne Gentle blogged about her contributions to the OpenStack Operations Guide, an instructional book highlighting how to operate the cloud on a daily basis. Fueled by caffeine and take-out food, Anne and a dream team of cloud evangelists and developers outlined, wrote and edited the 230-page book in just five days at the Rackspace Austin office.

I recently had the privilege to participate in the second “book sprint” for OpenStack in Annapolis, Md., alongside top-level experts from organizations like RedHat, HP and Intel, among others. The 12 of us spent one week in a room talking about secure cloud deployment, access control and best practices for management layers.

The outcome of our session was the OpenStack Security Guide, a 38,000-word handbook featuring practical security guidance for cloud operators. In it, we share detailed technical information about vulnerability management and tracking, support products and public and private cloud considerations. Here’s just a small glimpse of the practical security guidance you’ll find in the OpenStack Security Guide:

  • Discussions about each OpenStack service
  • Information about isolating security domains and securing domain bridges
  • Public and private cloud considerations
  • Best practices for management layers and access
  • Secure node bootstrapping and hardening
  • SSL, SSH and PKI availability per OpenStack service
  • API endpoint best practices
  • Security for messaging transport and queues
  • Database and data security best practices and considerations
  • Hypervisor selection advice
  • Security services available for OpenStack instances and trusted images
  • Migration information
  • Logging information and considerations
  • Access control and identity management concepts

We know the security guide will be a valuable resource for cloud architects and builders because OpenStack is maturing rapidly. It’s the fastest growing global open source community, with more than 10,000 individual members and over 1,000 total contributors from 121 countries. And the numbers continue to climb thanks to the April release of OpenStack Grizzly, the seventh edition of open source software for building public, private and hybrid clouds.

A few weeks after Grizzly went live, more than 2,600 people flooded Portland for OpenStack Summit (twice the number of the previous year’s attendees), where I gave a presentation on PCI DSS readiness. The security sessions at the summit, including mine, were beyond “standing room only.” It was obvious that there was a need for more focus on security in OpenStack.

Within weeks, I was asked to join the OpenStack Security Group and, in June, joined a team of security and OpenStack experts for the book sprint. We wrote this book because we know that many see the cloud as a security concern. Security has always been a big question mark for OpenStack, and it’s a sign of OpenStack’s maturity that we’re starting to have these discussions and produce bodies of work relating to security.

If you’re using OpenStack and are concerned about securing your data at a high level, you need to read the case studies and practical advice in the OpenStack Security Guide.

The OpenStack Security Guide is ready for download now, or you can buy a bound copy from

Cody Bunch is a Principal Architect for the Rackspace Private Cloud focused on Enterprise Cloud Solutions. He joined Rackspace in 2007 to focus on Windows Engineering and customer support. Today he focuses on integrating infrastructure and applications with OpenStack, specifically targeting solutions for enterprises.


Please enter your comment!
Please enter your name here