Policy in OpenStack - Martin Casado, CTO, VMware - OpenStackSV 2014
of 11
/11
-
Upload
mirantis -
Category
Technology
-
view
112 -
download
2
Embed Size (px)
description
Keynote by Martin Casado, CTO VMware, at OpenStack Silicon Valley (OpenStackSV) - 9/16/14
Transcript of Policy in OpenStack - Martin Casado, CTO, VMware - OpenStackSV 2014
SEPTEMBER 2014Conference Organizer
Policy in OpenStack
openstacksv.com
Page 2SEPTEMBER 2014
Automation does not remove the human
Page 3SEPTEMBER 2014
Defining Policy
Humans have ideas
BusinessOperations
Legal
Security
Audit & Compliance
Policy
Humans candocument ideas
Systems don’t understandhuman languages
?
Page 4SEPTEMBER 2014
Computer Science’s Solution
Policy Compiler
Declarative Language
System Implementation
Page 5SEPTEMBER 2014
Traditional Barriers
1. Device Canonicalization 2. Distributed State Management 3. Topology Independence
?
Lowest CommonDenominator Hard Problem
Physical Topology
Virtual Topology
Requires Mapping
Page 6SEPTEMBER 2014
Cloud / Openstack
ABSTRACTION
Virtual Networks
Software
Hardware
Virtual Machines Virtual Storage
API
Page 7SEPTEMBER 2014
Openstack & Software Defined Data Center
ABSTRACTION
Policy
Automated
Manual
Page 8SEPTEMBER 2014
Congress Introduction
An Open Policy Framework for Automated IT Infrastructure
Congress
Network Compute Storage Security / Identity
Page 9SEPTEMBER 2014
All Data In Tables
An Open Policy Framework for Automated IT Infrastructure
Congress
Network Compute Storage Security / Identity
Net Name Owner
Pete Finance 30
Tim Engineering 32
Martin Finance 33
Pierre Sales 31
ID Results Time
VM1 Infected 01:13:56
VM2 Clean 18:23:05
VM3 Infected 07:13:09
VM4 Clean 20:21:17
Net Router Ports
Pete Finance 30
Tim Engineering 32
Martin Finance 33
Pierre Sales 31
VM Network Ports
Pete Finance 30
Tim Engineering 32
Martin Finance 33
Pierre Sales 31
VM Memory CPU
VM1 32GB 4
VM2 64GB 8
VM3 32GB 12
VM4 128GB 8
Disk Name Owner
Pete Finance 30
Tim Engineering 32
Martin Finance 33
Pierre Sales 31
Disk Capacity Used
Disk1 1TB 501GB
Disk2 2TB 237GB
Disk3 8TB 6.1TB
Disk4 4TB 3.2TB
IP Port Protocol
192.168.10.1 80 HTTP
192.168.3.1 20 FTP
192.168.11.2 25 SMTP
192.168.9.9 443 HTTPS
• Queries• Declaration of Policy
Page 10SEPTEMBER 2014
Use Case Example: 3 People, 3 Ideas, 1
Policy Application DeveloperMy Application (2 tier, Web and Database) Can be deployed for test or production
Cloud Operator• Applications deployed for production must have access to the Internet, must not be
deployed in the DMZ cluster and should scale based on load.• Applications deployed for test should have 1 VM instance per tier.• All applications must use VM images signed by an administrator.
Compliance OfficerNo VM from a PCI app may be located on the same hypervisor as a VM from a non-PCI app.
Page 13SEPTEMBER 2014
Thank you
For your time
