The Volume Encryption feature in OpenStack presents a normal block storage device to the VM but encrypts the data in the virtualization host before writing to a remote disk. This provides data confidentiality against network traffic interception, compromised storage hosts, and stolen disk drives. To the end user, the block server operates exactly as it would when reading and writing unencrypted blocks. It includes a key manager interface that supports key generation and storage, and the interface allows different key managers to be supported such as Barbican or a KMIP server. This session will be split into two parts, the first covering the set up of the Barbican key management service and the second covering the configuration and use of Cinder and Nova to provide encrypted block storage.
Johns Hopkins University Applied Physics Lab
Cloud Security Product Manager, Rackspace Hosting
Jarret Raim is the Security Product Manager at Rackspace Hosting. Since joining Rackspace, he has built a software assurance program for Rackspace?s internal software teams as well as defined strategy for building secure systems on Rackspace?s OpenStack Cloud implementation. Through his experience at Rackspace, and as a consultant for Denim Group, Jarret has assessed and remediated applications in all industries and has experience width a wide variety of both development environments and the... Read More →
Attendance numbers do not account for private attendees. Get there early!