OpenStack NSA

I n f ra s t r u c t u re a s a S e r v i c e

OpenStack at NSA

April 9, 2023

National Security Agency

Nathanael I Burton

Thank You

Introduction

IT Challenges

Private, IaaS Cloud – OpenStack

[[REDACTED]]

Number of users:Number of systems:Number of servers:Storage capacity:Applications used:Favorite color:

http://www.nsa.gov/about/_images/pg_hi_res/NeverSleeps_071310.jpg

NSA: Intelligence Community

NSA: Mission

Signals Intelligence

Information Assurance

NSA: Areas of Innovation

Computer ScienceMathematicsCryptanalysis

Foreign language analysis

NSA: Technology

All the Technologies!

CommercialOpen Source

In-House

“Cloud”?

http://www.flickr.com/photos/dexxus/5454005272

“Cloud” at NSA

Big Data

Big Data at NSA

Hadoop

Accumulo• Developed by NSA• Inspired by Google BigTable Paper• Open Source, Apache Software Foundation

Images: Licensed under the Apache License, Version 2.0Apache Hadoop , Apache Accumulo are trademarks of the Apache Software Foundation

Carbon-based IaaS

Manually Intensive

Stovepipes of Excellence!

SOMEDAY YOU’LL BE A UNICORN!

http://commons.wikimedia.org/wiki/File:Traffic_cone.png

http://commons.wikimedia.org/wiki/File:Biandintz_eta_zaldiak_-_modified2.jpg

Carbon-based IaaS: An Example

I have an idea!

http://www.flickr.com/photos/goopymart/8521955193

http://www.flickr.com/photos/ipdegirl/7827785878http://www.flickr.com/photos/andresrueda/3259487071http://commons.wikimedia.org/wiki/File:Board-Meeting.png

Weeks or months later…

What was my idea again?

The Problem

Too much time from idea to capability

Needed scale, agility

Proposed Solution

Lower barriers to entrySelf-service, on-demand

ElasticAPI access

Private OpenStack IaaS Cloud

OpenStack Pilot

Diablo Summit

Two mad scientists

Repurposed Stole a rack

OpenStack Pilot: Goals

Try out OpenStack

Offer flexible hosting

Automate lab infrastructure

OpenStack Pilot: Results

Working Pilot in two weeks:• Cactus• API / CLI• 10’s of users• Improved service delivery time

Limited capabilities:• Lab• Firewall / network isolation• Toys

Patient Zero

http://www.flickr.com/photos/origamiancy/6137629982

What Next?

Let’s go bigger!

Beyond the Lab

More hardwareMore usersMore use casesMore data

Beyond the Lab

Co-located with Big Data systemStarted with half rackAccess to mission data

Use cases:• RDBMs• Web applications• Non-Hadoop processing

Results

100’s of users

“Fail fast” model

Generous with capacity

Huge potential

Patient One

MORE unicorns!

http://commons.wikimedia.org/wiki/File:Invisible_Pink_Unicorn.svg

Making It Real

Productionhttp://commons.wikimedia.org/wiki/File:Compass_Barnstar_Hires.png

Automation

Puppet / Kickstart• Installation• Configuration• Enforcement• Management

Bare metal to OpenStack in 20 minutes!

Our Middle Name

Harden the system:• Operating System• OpenStack APIs• Database• Message Queue• Guest OS

SSL Everywhere!

Accounts? $$$?

Amazon, Dreamhost, Rackspace … NSA

http://www.flickr.com/photos/9731367@N02/7113235069

Free Tier

Have PKI? You’re in!

Auto-account creation

Outbreak

http://commons.wikimedia.org/wiki/File:Unicorn_llama.jpghttp://commons.wikimedia.org/wiki/File:Zebra_%28PSF%29.png

http://www.flickr.com/photos/goopymart/6917974213/

http://www.flickr.com/photos/bulius/4839345269

An Epidemic

Opened for general availability:• Silent launch, viral growth:–100’s of users in first weeks

• Production workloads• Migrated from Diablo to Folsom

Still managed by a small team!

Changing Behavior

Development patterns:• “In a box” recipes• System lifecycle• Common environment• Better collaboration• Better development

Disruptive Change

We broke things

Change or eliminate process

Rethink problems

Changing the Game

AgilityFlexibilityScalability

Better mission systems!

Win Win!

Lowering risk, while increasing flexibility

• Trust but verify• Security• Accountability• Central reporting• Logging• Metrics• APIs on everything

IT Efficiency = Time = $$$

Next Steps

Continued growth, scalingFolsom to Grizzly ++

Open source contributionsMore community participation

We’re Hiring!

Thank You

April 9, 2023

Nathanael I Burton

OpenStack NSA

Technology

Transcript of OpenStack NSA

OpenStack Deployment Manual - Bright Computingsupport.brightcomputing.com/.../7.3/openstack-deployment-manual.pdf3.1.8 OpenStack Nodes Selection ... •The OpenStack Deployment Manual

“Congress lets the NSA run Amok” Jeffrey Rosen. Congress, NSA and President: Congress, NSA and President: Let Courts Deal with It Two NSA programs: 1)

NSA Affirmative - forms.huffmanisd.netforms.huffmanisd.net/debate/NSA Affirmative - DDI 2015 ST.docx · Web viewNSA Affirmative – DDI 2015 ST. 1. NSA Affirmative. NSA Affirmative1.

OpenStack & Ubuntu (india openstack day)

Documents/Approved... · ns.d MN/Sta31 nsa nsa nsd nv7 ozm9M asa otV09M nsa nSd nsa 0909M nn ottZ9M nsa 09-09M Ott-ce9M as. ontsosan asa ... Sd/11Hd SdnlHd santHd san1Hd san.ga SdnlHd

OpenStack Operations Guide - MIT CSAILpeople.csail.mit.edu/jon/openstack-ops/openstack-ops-manual.pdf · OpenStack Ops Guide July 3, 2014 iii Acknowledgments The OpenStack Foundation

Nsa Datasheet

NSA Document

Courtney: NSA

OpenStack on OpenStack

The SonicWALL Network Security Appliance Seriesmmvaquinhas.pt/sonicwall/DS_NSA_Series_US.pdf · Certifications Firewall NSA 240 NSA 2400 NSA 3500 NSA 4500 SonicOS Version SonicOS

NSA Appeal

OpenStack Training - OpenStack Summit Atlanta

nsa hearing

NSA-2016.9.30-10Q · Title: NSA-2016.9.30-10Q Created Date: 2016114154

NSA Secrets

NSA Complaint

Nsa Overcollection

Communication Nsa

73 National Security Agency (NSA) DIRgrams, NSA · Description of document: 73 National Security Agency (NSA) DIRgrams, NSA Director's Messages to the Work Force, 1999-2001 Requested