openstack data jurisdiction compliance in hybrid clouds
play

OpenStack Data Jurisdiction Compliance in Hybrid Clouds - PowerPoint PPT Presentation

Feb 05, 2024 •150 likes •368 views

OpenStack Data Jurisdiction Compliance in Hybrid Clouds https://etherpad.openstack.org/p/hybrid-geo Steven Woodward, CEO, Cloud Perspectives CCSK, CSQA, CFPS Agenda Introductions Objectives Hybrid and Federation Data Jurisdictions New

  1. OpenStack Data Jurisdiction Compliance in Hybrid Clouds https://etherpad.openstack.org/p/hybrid-geo Steven Woodward, CEO, Cloud Perspectives CCSK, CSQA, CFPS

  2. Agenda Introductions Objectives Hybrid and Federation Data Jurisdictions New Cloud Perspectives OpenStack Fit and inTOS lessons Summary Perspectives Potential Actions

  3. Steven Woodward Industry and International Participation ISO SC38 (Cloud Computing) SC7 (Systems) IFPUG Chair Industry Standards Committee NIST Cloud Contributor and Co-Lead ITU-T (United Nations) Cloud Contributor IEEE – Contributor OWASP – presenter/ collaborator Cloud Security Alliance TM Forum, Quest Forum OMG – Cloud Standards Customer Council OpenStack, itSMF, ICEAA, IIBA, ISACA Fostering Collaboration Contributing vision and strategy to IntOS OpenStack powered enterprise cloud development

  4. About IntOS IntOS is a self-maintained enterprise grade OpenStack distribution, developed and supported by ComputingStack (see www.computingstack.com). IntOS is highly resilient, agile, scalable, efficient and secure by design, while providing a simplified user experience to architect and efficiently deploy complex OpenStack solutions. Major services include: Compute, Software Defined Storage, SDN, Container/Kubernetes as a service (by Magnum). IntOS provides key governance capabilities by design, while incrementally incorporating Cloud 2.0 services for NFV, Edge, IoT and AI. Based in Ottawa On Canada, ComputingStack also supports Academia and Research communities by offering cloud out of box, operation and support.

  5. Objectives Present hybrid-cloud and geo-jurisdiction international considerations Interactive exchange of information and perspectives Awareness of cloud federation activities Identify OpenStack and InTOS components impacted and lessons Filling gaps and integration Identify future activities for OpenStack consideration

  6. Hybrid Cloud Public Cloud Binds together enabling: Private Cloud Interoperability Data Portability Community Cloud Application Portability

  7. Draft Cloud Federation RA Concept - NIST IEEE P2302 Federation Meeting in Room 306 Today! Broker Regulatory Environment A Federation Instance Administrative Membership Regulatory Environment C Regulatory Environment B Domain A Fed. Identity Administrative Domain C Identity Administrative Domain B Roles/Attribute Provider C B s A Security Policies IdP B IdP C Sec. Sec. Resource Disc. A Federation Catalog Security Security Security Cloud Carrier Security: Security • Identity/Authentication Security Audit • Authorization/Policy Privacy Impact Audit • Integrity Performance Audit • Privacy • Non-repudiation Federation Auditor

  8. Mapping Concept Model thru Open Source to Implementation NIST/IEEE IntOS UI/CLI: Domain, Domain, Project, User, Role, Policy Project, User, Role, Policy Enabling IntOS configuration Configuring IntOS Keystone Enablement OpenID, SAML, OAuth IDP integration: AD, LDAP IntOS finely granulated Role Role->rule->policy Definition and tools Service Policy (keystone, IntOS Development neutron, glance, cinder, Templates and console to magnum, nova) ease the complexity Horizon policy API (resource) to policy API role and Service packaging mapping

  9. Geo-Jurisdictions Valid Reasons to Care or Not? This Photo by Unknown Author is licensed under CC BY-SA

  10. Geo-Jurisdictions ISO SC38 Concept Model Data Classification - Higher Risk Regional Multi- (sensitive) National - Medium Risk - Lower Risk (public) Enterprise Process Storage Transit

  11. Geo-Jurisdictions Concept Incorporating inTOS and OpenStack Elements Data Classification Regional Cross Interests Multi- - Higher Risk National (sensitive) Keystone - Medium Risk Enterprise Horizon - Lower Risk (public) Process Storage: Transit Nova Cinder Neutron Glance Manilla OpenDaylight Magnum SWIFT Octavia Sahara CEPH Heat

  12. OpenStack Trusted Location Control

  13. Updated Perspectives Consumer Consumer Broker (Technical and Business Relationship) Fog/ Edge/ Mist SaaS Intermediary Provider PaaS IaaS Primary Provider

  14. Updated Perspectives Consumer Consumer Broker (Technical and Business Relationship) Fog/ Edge/ Mist SaaS Intermediary Provider PaaS IaaS Primary Provider

  15. Compliance and Controls Sets Vary! Securing IoT Devices Often at the Edge Consumer Consumer Broker (Technical and Business Relationship) This Photo by Unknown Author is licensed under CC BY-SA Fog/ Edge/ Mist SaaS Intermediary Provider PaaS IaaS Primary Provider

  16. Also Integration of Non OpenStack Services Eco-system includes a variety of products and services across service and deployment models: Standards (ISO, IEC, IEEE, ETSI, ITU-T, NIST) Open Groups (Open Grid Forum, The Open Group, ONFV, OSF, Open GeoSpatial Consortium, ORCA) Communities (TM Forum, DMTF, ENISA, OMG, ISACA, CSA, CENGN) Proprietary (Based on OpenStack and Not) Research and Participate

  17. IntOS Benefits from Mapping of OpenStack Elements Impacted Resource Group IntOS Cloud UI (User Centralized UI) and definition based on API: Keystone Glance Nuetron/Nova API Alerting Cinder and Swift Tag, Policy Configurations Data Mediati IntOS OpenStack Performanc e Dashboard keystone Office Integration RDO SGW IntOS Cloud IntOS Membership Manager Ceph Fed Id Role/Policy Storage Implementation Configuration Ceph RADOGW Policy /Role Integration

  18. Lessons learned IntOS compliance Reference Architecture and Enterprise Architecture models help (common understanding) GPDR has driven geo-jurisdiction and portability discussions to the front of the line OpenStack has a variety of tools and techniques supporting geo-jurisdiction and hybrid cloud deployment and governance that can be extended Keystone Identity & Policy Management at the centre Not magic – Complex Challenges – Is Executable - Objectives and targeted outcomes vary - Planning and architecting required - Focus on your priority use cases - Create and refine your own checklists, while embracing automation - Trial and demonstrate capabilities (incremental progress)

  19. Capability – Action Request Element Hybrid – Interoperability – Geo-Jurisdictions – Edge – Scenario/ Federation – Scenario/ Scenario/ Increment 1 Increment 1 Increment 1 Keystone - Identity Glance - Images Nova - Scheduler Ceph – Storage OpenDayLight Functionally Mature? Performance? Security? Automation?

  20. Well That’s Interesting! ….. It must be secure…right?

  21. https://etherpad.openstack.org/p/hybrid-geo Thank you! Contact: steve@cloud-perspectives.com 613-698-5240 @cloudsimplify

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OpenStack: The OpenSource Clouds Application in High Energy Physics That Titles Overstated

OpenStack: The OpenSource Clouds Application in High Energy Physics That Titles Overstated

OpenStack: The OpenSource Clouds Application in High Energy Physics That Titles Overstated OpenStack: The OpenSource Clouds Potential Application in Data Intensive Research That Titles Overstated OpenStack: The OpenSource

461 views • 33 slides
e n o t s y e K OpenStack in the context of Fog/Edge Massively Distributed Clouds

e n o t s y e K OpenStack in the context of Fog/Edge Massively Distributed Clouds

e n o t s y e K OpenStack in the context of Fog/Edge Massively Distributed Clouds Fog/Edge/Massively Distributed Clouds (FEMDC) SIG Beyond the clouds - The Discovery initiative 1 Who are We? Marie Delavergne Adrien Lebre

563 views • 42 slides
Facility-based Clouds using OpenStack John Hover, Xin Zhao OSG All-Hands Meeting 2013

Facility-based Clouds using OpenStack John Hover, Xin Zhao OSG All-Hands Meeting 2013

Facility-based Clouds using OpenStack John Hover, Xin Zhao OSG All-Hands Meeting 2013 Indianapolis, Indiana John Hover 13 Mar 2013 1 Outline Rationale/Benefits Limitations Openstack Overview Components Networking BNL Openstack

486 views • 19 slides
Building Efficient HPC Clouds with MVAPICH2 and OpenStack over SR-IOV-enabled Heterogeneous

Building Efficient HPC Clouds with MVAPICH2 and OpenStack over SR-IOV-enabled Heterogeneous

Building Efficient HPC Clouds with MVAPICH2 and OpenStack over SR-IOV-enabled Heterogeneous Clusters Talk at OpenStack Summit 2018 Vancouver, Canada by Xiaoyi Lu Dhabaleswar K. (DK) Panda The Ohio State University The Ohio State University

594 views • 48 slides
CEPH DATA SERVICES IN A MULTI- AND HYBRID CLOUD WORLD Sage Weil - Red Hat 1 OpenStack Summit -

CEPH DATA SERVICES IN A MULTI- AND HYBRID CLOUD WORLD Sage Weil - Red Hat 1 OpenStack Summit -

CEPH DATA SERVICES IN A MULTI- AND HYBRID CLOUD WORLD Sage Weil - Red Hat 1 OpenStack Summit - 2018.11.15 OUTLINE Ceph Data services Block File Object Edge Future 2 UNIFIED STORAGE PLATFORM OBJECT

868 views • 52 slides
MVAPICH2 over OpenStack with SR-IOV: An Efficient Approach to Build HPC Clouds Jie Zhang, Xiaoyi

MVAPICH2 over OpenStack with SR-IOV: An Efficient Approach to Build HPC Clouds Jie Zhang, Xiaoyi

MVAPICH2 over OpenStack with SR-IOV: An Efficient Approach to Build HPC Clouds Jie Zhang, Xiaoyi Lu, Mark Arnold and Dhabaleswar. K. Panda Outline Introduction Problem Statement Proposed Design Performance Evaluation

1.28k views • 59 slides
Sedic: Privacy-Aware Data Intensive Computing on Hybrid Clouds K. Zhang, X. Zhou, Y. Chen, X.

Sedic: Privacy-Aware Data Intensive Computing on Hybrid Clouds K. Zhang, X. Zhou, Y. Chen, X.

UT DALLAS UT DALLAS Erik Jonsson School of Engineering & Computer Science Sedic: Privacy-Aware Data Intensive Computing on Hybrid Clouds K. Zhang, X. Zhou, Y. Chen, X. Wang, Y. Ruan FEARLESS engineering Motivation Rapid growth of

258 views • 11 slides
OpenStack based telco clouds Todays Panel Sunil Sood Moderator Ericsson VP, IT & Cloud

OpenStack based telco clouds Todays Panel Sunil Sood Moderator Ericsson VP, IT & Cloud

OpenStack Summit - Sydney I pity the fool that builds his own cloud. Panel Discussion Ericsson (Moderator) AT&T SKT Overcoming NTT challenges of OpenStack based telco clouds Todays Panel Sunil Sood Moderator Ericsson VP, IT

724 views • 7 slides
When you look up into the sky, you will often see clouds. No two clouds are the same, and there

When you look up into the sky, you will often see clouds. No two clouds are the same, and there

When you look up into the sky, you will often see clouds. No two clouds are the same, and there are many different types of clouds. Different kinds of clouds lead to different types of weather. Cirrus clouds are the highest group of clouds that

271 views • 5 slides
OpenStack Amir Rahafrouz rahafrouz@gmail.com Clusters, Grids, Clouds course @ ITMO ITMO

OpenStack Amir Rahafrouz rahafrouz@gmail.com Clusters, Grids, Clouds course @ ITMO ITMO

OpenStack Amir Rahafrouz rahafrouz@gmail.com Clusters, Grids, Clouds course @ ITMO ITMO University, St. Petersburg by Prof. Andrey Shevel June 5th, 2018 Agenda Cloud Computing Scaling Virtualization History of

331 views • 17 slides
OpenStackod: Collaborative OpenStack Clouds On-Demand http://beyondtheclouds.github.io

OpenStackod: Collaborative OpenStack Clouds On-Demand http://beyondtheclouds.github.io

OpenStackod: Collaborative OpenStack Clouds On-Demand http://beyondtheclouds.github.io Who Are We? Adrien Lebre Javier Rojas Balderrama Ronan-Alexandre Cherrueau Prof. IMT Atlantique Inria research engineer Inria research engineer

279 views • 26 slides
Bringing Private Cloud to Australia OpenStack on VMware OpenStack Summit 2013 Introduction

Bringing Private Cloud to Australia OpenStack on VMware OpenStack Summit 2013 Introduction

Bringing Private Cloud to Australia OpenStack on VMware OpenStack Summit 2013 Introduction Aptira Leading OpenStack provider in Australia and APAC Private and Hybrid IaaS Cloud Solutions Technology consultancy for large providers

224 views • 21 slides
Security and Compliance in Clouds Jan Jrjens , Kristian Beckers Fraunhofer Institute for

Security and Compliance in Clouds Jan Jrjens , Kristian Beckers Fraunhofer Institute for

Security and Compliance in Clouds Jan Jrjens , Kristian Beckers Fraunhofer Institute for Software and Systems Engineering ISST (Dortmund, Germany) http://jan.jurjens.de Security is the Major Show-Stopper Jan Jrjens: Security and Compliance

768 views • 18 slides
Hybrid Messaging Solutions OpenStack Summit Boston 2017 About Us... Ken Giusti

Hybrid Messaging Solutions OpenStack Summit Boston 2017 About Us... Ken Giusti

Hybrid Messaging Solutions OpenStack Summit Boston 2017 About Us... Ken Giusti (kgiusti@gmail.com) irc: kgiusti Apache Qpid Project Oslo.Messaging Developer Software Engineer at Red Hat Mark Wagner (mwagner@redhat.com)

471 views • 34 slides
MobiCloud Power of Clouds in Your Pocket : An Efficient Approach for Cloud Mobile Hybrid

MobiCloud Power of Clouds in Your Pocket : An Efficient Approach for Cloud Mobile Hybrid

MobiCloud Power of Clouds in Your Pocket : An Efficient Approach for Cloud Mobile Hybrid Application Development Ashwin Manjunatha , Ajith H. Ranabahu , Amit Sheth, Krishnaprasad Thirunarayan Kno.e.sis Center Wright State University 1 Agenda

506 views • 26 slides
Distributed File Storage in Multi-Tenant Clouds using CephFS Openstack Vancouver 2018 May 23

Distributed File Storage in Multi-Tenant Clouds using CephFS Openstack Vancouver 2018 May 23

Distributed File Storage in Multi-Tenant Clouds using CephFS Openstack Vancouver 2018 May 23 Patrick Donnelly Tom Barron Ramana Raja CephFS Engineer Manila Engineer CephFS Engineer Red Hat, Inc. Red Hat, Inc. Red Hat, Inc. How do we

381 views • 11 slides
E UCI SE 2020 E Uro pe a n te st b e d fo r the ma ritime Co mmo n I nfo rma tio n Sha

E UCI SE 2020 E Uro pe a n te st b e d fo r the ma ritime Co mmo n I nfo rma tio n Sha

E UCI SE 2020 E UCI SE 2020 E Uro pe a n te st b e d fo r the ma ritime Co mmo n I nfo rma tio n Sha ring E nviro nme nt in the 2020 pe rspe c tive Se pte mb e r, 09, 2015 E UCI SE 2020 ha s re c e ive d funding fro m the E

774 views • 33 slides
Community Action in Louisa County 489 Households (HH) 1,246 Individuals 274 HHs

Community Action in Louisa County 489 Households (HH) 1,246 Individuals 274 HHs

Community Action in Louisa County 489 Households (HH) 1,246 Individuals 274 HHs below 100% FPL NIFCAP FY 2019 Compiled by Claire Conner Iowa Wesleyan University Volunteer May 2020 5 Neighborhood Centers 700 Jefferson,

760 views • 24 slides
Forecast and Capacity Planning for Nogales Ports of Entry Research Team: Dr. Rene Villalobos,

Forecast and Capacity Planning for Nogales Ports of Entry Research Team: Dr. Rene Villalobos,

Forecast and Capacity Planning for Nogales Ports of Entry Research Team: Dr. Rene Villalobos, Dr. Arnold Maltz, Liangjie Xue, Octavio Sanchez and Laura Vasquez Arizona State University December 2009 Agenda Objective of the study

694 views • 52 slides
Strategic Action Planning Group on Aging Transportation and Housing December 7, 2015 Priority

Strategic Action Planning Group on Aging Transportation and Housing December 7, 2015 Priority

Strategic Action Planning Group on Aging Transportation and Housing December 7, 2015 Priority Service Votes 1 Transportation 298 2 In-Home Service 269 3 Home Repair/Chore Service 187 4 Nutrition Service 185 5 Information and

351 views • 23 slides
PROJECT OJECT UP UPDA DATE TE Ca Calexic xico o West La Land nd Port of En Entry y Ex

PROJECT OJECT UP UPDA DATE TE Ca Calexic xico o West La Land nd Port of En Entry y Ex

PROJECT OJECT UP UPDA DATE TE Ca Calexic xico o West La Land nd Port of En Entry y Ex Expansion ansion and Reco confi nfigur gurat ation ion U.S. Genera neral Serv rvice ices s Admini minist strat ation ion March 16,

496 views • 23 slides
Aurelia Ring Taylor Braun - Lead Writer, Art Assistant, Social Media Manager Mihir Ravindra

Aurelia Ring Taylor Braun - Lead Writer, Art Assistant, Social Media Manager Mihir Ravindra

Aurelia Ring Taylor Braun - Lead Writer, Art Assistant, Social Media Manager Mihir Ravindra Choudhari - Webmaster, Head Game Design and Developer Yuhan Wei - Artistic Director, Lead Product Designer Plot Synopsis Harper wakes up in the future

450 views • 10 slides
U.S. General Services Administration/ Customs & Border Protection February 25, 2016 San

U.S. General Services Administration/ Customs & Border Protection February 25, 2016 San

U.S. General Services Administration/ Customs & Border Protection February 25, 2016 San Ysidro LPOE, CA San Ysidro LPOE Master Plan San Ysidro LPOE Master Plan PHASE 1E VATC WEST PED West Pedestrian Facility WEST PEDESTRIAN Design

573 views • 33 slides
HB 2017 Transit Advisory Committee May 18, 2018 Meeting Agenda Welcome & Introductions 2

HB 2017 Transit Advisory Committee May 18, 2018 Meeting Agenda Welcome & Introductions 2

HB 2017 Transit Advisory Committee May 18, 2018 Meeting Agenda Welcome & Introductions 2 min. Agenda & Timeline 3 min. Public Comment 15 min. High Poverty/Equity Definition Discussion 30 min. Regional Coordination Selection

380 views • 22 slides

More recommend