Use https
Use https for openstack.org pages since docs.o.o and developer.o.o now have https enabled. Change-Id: Ife353949cf3bcd089eff45628e00116e670ac8a2
This commit is contained in:
10
README.rst
10
README.rst
@@ -14,7 +14,7 @@ This repository contains the OpenStack Security documentation.
|
||||
|
||||
For details on how to contribute to the documentation, see the
|
||||
`OpenStack Documentation Contributor Guide
|
||||
<http://docs.openstack.org/contributor-guide/>`_.
|
||||
<https://docs.openstack.org/contributor-guide/>`_.
|
||||
|
||||
It includes these manuals:
|
||||
|
||||
@@ -58,11 +58,11 @@ Contributing
|
||||
|
||||
Our community welcomes all people interested in open source cloud
|
||||
computing, and encourages you to join the `OpenStack Foundation
|
||||
<http://www.openstack.org/join>`_.
|
||||
<https://www.openstack.org/join>`_.
|
||||
|
||||
The best way to get involved with the community is to talk with others
|
||||
online or at a meet up and offer contributions through our processes,
|
||||
the `OpenStack wiki <http://wiki.openstack.org>`_, blogs, or on IRC at
|
||||
the `OpenStack wiki <https://wiki.openstack.org>`_, blogs, or on IRC at
|
||||
``#openstack`` on ``irc.freenode.net``.
|
||||
|
||||
We welcome all types of contributions, from blueprint designs to
|
||||
@@ -70,7 +70,7 @@ documentation to testing to deployment scripts.
|
||||
|
||||
If you would like to contribute to the documents, please see the
|
||||
`OpenStack Documentation contributor guide
|
||||
<http://docs.openstack.org/contributor-guide/>`_.
|
||||
<https://docs.openstack.org/contributor-guide/>`_.
|
||||
|
||||
|
||||
Bugs
|
||||
@@ -88,5 +88,5 @@ Guide, please see `How to Report Security Issues to OpenStack
|
||||
Installing
|
||||
==========
|
||||
|
||||
Refer to http://docs.openstack.org/security-guide to see where these documents
|
||||
Refer to https://docs.openstack.org/security-guide to see where these documents
|
||||
are published and to learn more about the OpenStack Security Guide.
|
||||
|
@@ -3,7 +3,7 @@ name = openstacksecurityguide
|
||||
summary = OpenStack Security Guide
|
||||
author = OpenStack
|
||||
author-email = openstack-dev@lists.openstack.org
|
||||
home-page = http://docs.openstack.org/
|
||||
home-page = https://docs.openstack.org/
|
||||
classifier =
|
||||
Environment :: OpenStack
|
||||
Intended Audience :: Information Technology
|
||||
|
@@ -7,9 +7,9 @@ to set the ``lvm_type`` to ``thin``, and then use the ``volume_clear``
|
||||
parameter. Alternatively, if the volume encryption feature is used, then
|
||||
volume wiping is not necessary if the volume encryption key is deleted.
|
||||
See the OpenStack Configuration Reference doc in the `Volume Encryption
|
||||
<http://docs.openstack.org/newton/config-reference/block-storage/volume-encryption.html>`__
|
||||
<https://docs.openstack.org/newton/config-reference/block-storage/volume-encryption.html>`__
|
||||
section for set up details and also the `Castellan usage
|
||||
<http://docs.openstack.org/developer/castellan/usage.html>`__ document
|
||||
<https://docs.openstack.org/developer/castellan/usage.html>`__ document
|
||||
for key deletion.
|
||||
|
||||
.. note::
|
||||
@@ -25,14 +25,14 @@ patterns.
|
||||
|
||||
For more information about the ``lvm_type`` parameter, see
|
||||
the `LVM Block Storage section
|
||||
<http://docs.openstack.org/newton/config-reference/block-storage/drivers/lvm-volume-driver.html>`__
|
||||
<https://docs.openstack.org/newton/config-reference/block-storage/drivers/lvm-volume-driver.html>`__
|
||||
|
||||
of OpenStack Configuration Reference and
|
||||
the `Oversubscription in thin provisioning
|
||||
<http://docs.openstack.org/admin-guide/blockstorage_over_subscription.html>`__
|
||||
<https://docs.openstack.org/admin-guide/blockstorage_over_subscription.html>`__
|
||||
of OpenStack Administrator Guide.
|
||||
|
||||
For more information about the ``volume_clear`` parameter, see the
|
||||
`Block Storage sample configuration files
|
||||
<http://docs.openstack.org/newton/config-reference/block-storage/samples/index.html>`__
|
||||
<https://docs.openstack.org/newton/config-reference/block-storage/samples/index.html>`__
|
||||
of OpenStack Configuration Reference.
|
||||
|
@@ -43,7 +43,7 @@ Federation (CADF) notification, providing auditing data for
|
||||
compliance with security, operational, and business processes. For more
|
||||
information, see the
|
||||
`Keystone developer documentation
|
||||
<http://docs.openstack.org/developer/keystone/event_notifications.html#auditing-with-cadf>`_.
|
||||
<https://docs.openstack.org/developer/keystone/event_notifications.html#auditing-with-cadf>`_.
|
||||
|
||||
Backup and disaster recovery
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
@@ -33,7 +33,7 @@ successfully.
|
||||
|
||||
Monitoring is a critical component of IT infrastructure, and we recommend the
|
||||
`Compute logfiles
|
||||
<http://docs.openstack.org/newton/config-reference/compute/logs.html>`__
|
||||
<https://docs.openstack.org/newton/config-reference/compute/logs.html>`__
|
||||
be monitored and analyzed so that meaningful alerts can be created.
|
||||
|
||||
|
||||
|
@@ -196,7 +196,7 @@ container`_ that runs an OpenStack service.
|
||||
.. _installing the selinux-policy source package: https://wiki.centos.org/HowTos/RebuildSRPM
|
||||
.. _Fedora's selinux-policy: https://github.com/fedora-selinux/selinux-policy
|
||||
.. _rawhide-contrib: https://github.com/fedora-selinux/selinux-policy/tree/rawhide-contrib
|
||||
.. _applying AppArmor profiles to each container: http://docs.openstack.org/developer/openstack-ansible/install-guide/overview-security.html#apparmor
|
||||
.. _applying AppArmor profiles to each container: https://docs.openstack.org/developer/openstack-ansible/install-guide/overview-security.html#apparmor
|
||||
|
||||
.. _hardening-the-virtualization-layers-svirt-selinux-and-virtualization:
|
||||
|
||||
|
@@ -87,6 +87,6 @@ Bibliography
|
||||
------------
|
||||
|
||||
#. OpenStack Admin Guide. SPICE Console. `SPICE Console
|
||||
<http://docs.openstack.org/admin-guide/compute-remote-console-access.html>`__.
|
||||
<https://docs.openstack.org/admin-guide/compute-remote-console-access.html>`__.
|
||||
#. bugzilla.redhat.com, Bug 913607 - RFE: Support Tunnelling SPICE over
|
||||
websockets. 2013. `RedHat bug 913607 <https://bugzilla.redhat.com/show_bug.cgi?id=913607>`_.
|
||||
|
@@ -15,7 +15,7 @@ reading the `Django documentation <https://docs.djangoproject.com/>`__.
|
||||
|
||||
The dashboard ships with reasonable default security settings, and has good
|
||||
`deployment and configuration documentation
|
||||
<http://docs.openstack.org/developer/horizon/topics/deployment.html>`__.
|
||||
<https://docs.openstack.org/developer/horizon/topics/deployment.html>`__.
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 2
|
||||
|
@@ -70,7 +70,7 @@ Horizon image upload
|
||||
~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
We recommend that implementers
|
||||
`disable HORIZON_IMAGES_ALLOW_UPLOAD <http://docs.openstack.org/developer/horizon/topics/deployment.html#file-uploads>`_
|
||||
`disable HORIZON_IMAGES_ALLOW_UPLOAD <https://docs.openstack.org/developer/horizon/topics/deployment.html#file-uploads>`_
|
||||
unless they have implemented a plan to prevent resource
|
||||
exhaustion and denial of service.
|
||||
|
||||
|
@@ -205,7 +205,7 @@ Bibliography
|
||||
~~~~~~~~~~~~
|
||||
|
||||
OpenStack.org, Welcome to Sahara!. 2016.
|
||||
`Sahara project documentation <http://docs.openstack.org/developer/sahara/>`__
|
||||
`Sahara project documentation <https://docs.openstack.org/developer/sahara/>`__
|
||||
|
||||
The Apache Software Foundation, Welcome to Apache Hadoop!. 2016.
|
||||
`Apache Hadoop project <https://hadoop.apache.org>`__
|
||||
|
@@ -7,7 +7,7 @@ security of an OpenStack deployment. Multiple factors should be
|
||||
considered when deciding on a database server, however for the scope of
|
||||
this book only security considerations will be discussed. OpenStack
|
||||
supports a variety of database types (see `OpenStack Administrator
|
||||
Guide <http://docs.openstack.org/admin-guide/>`__ for more
|
||||
Guide <https://docs.openstack.org/admin-guide/>`__ for more
|
||||
information). The Security Guide currently focuses on PostgreSQL and
|
||||
MySQL.
|
||||
|
||||
|
@@ -10,7 +10,7 @@ combined fashion by the frontend, for example an authenticate call will
|
||||
validate user/project credentials with the identity service and, upon
|
||||
success, create and return a token with the token service. Further
|
||||
information can be found by reading the `Keystone Developer
|
||||
Documentation <http://docs.openstack.org/developer/keystone/index.html>`__.
|
||||
Documentation <https://docs.openstack.org/developer/keystone/index.html>`__.
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 2
|
||||
|
@@ -32,7 +32,7 @@ Service authorization
|
||||
|
||||
Cloud administrators must define a user with the role of admin for each
|
||||
service, as described in the `OpenStack Administrator
|
||||
Guide <http://docs.openstack.org/admin-guide/index.html>`__.
|
||||
Guide <https://docs.openstack.org/admin-guide/index.html>`__.
|
||||
This service account provides the service with the authorization to
|
||||
authenticate users.
|
||||
|
||||
|
@@ -9,7 +9,7 @@ associated policy file. A resource, for example, could be API access, the
|
||||
ability to attach to a volume, or to fire up instances. The policy rules are
|
||||
specified in JSON format and the file is called ``policy.json``. The
|
||||
syntax and format of this file is discussed in the `Configuration Reference
|
||||
<http://docs.openstack.org/newton/config-reference/policy-json-file.html>`__.
|
||||
<https://docs.openstack.org/newton/config-reference/policy-json-file.html>`__.
|
||||
|
||||
These policies can be modified or updated by the cloud administrator to
|
||||
control the access to the various resources. Ensure that any changes to the
|
||||
|
@@ -48,9 +48,9 @@ and volume requests.
|
||||
|
||||
The ``FilterScheduler`` is the default scheduler for OpenStack
|
||||
Compute, although other schedulers exist (see the section `Scheduling
|
||||
<http://docs.openstack.org/newton/config-reference/compute/scheduler.html>`_
|
||||
<https://docs.openstack.org/newton/config-reference/compute/scheduler.html>`_
|
||||
in the `OpenStack Configuration Reference
|
||||
<http://docs.openstack.org/newton/config-reference/config-overview.html>`_
|
||||
<https://docs.openstack.org/newton/config-reference/config-overview.html>`_
|
||||
). This works in collaboration with 'filter hints' to decide where an
|
||||
instance should be started. This process of host selection allows
|
||||
administrators to fulfill many different security and compliance
|
||||
@@ -139,7 +139,7 @@ The first option is to obtain boot media from a trusted source.
|
||||
|
||||
|
||||
The second option is to use the
|
||||
`OpenStack Virtual Machine Image Guide <http://docs.openstack.org/image-guide/>`_.
|
||||
`OpenStack Virtual Machine Image Guide <https://docs.openstack.org/image-guide/>`_.
|
||||
In this case, you will want to follow your organizations OS hardening
|
||||
guidelines or those provided by a trusted third-party such as the
|
||||
`Linux STIGs <http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx>`_.
|
||||
@@ -235,7 +235,7 @@ the Image service. If this verification fails, the boot won't occur.
|
||||
The OpenStack Operations Guide provides guidance on how to create and
|
||||
upload a signed image, and how to use this feature. For more
|
||||
information, see `Adding Signed Images
|
||||
<http://docs.openstack.org/ops-guide/ops-user-facing-operations.html#adding-signed-images>`_
|
||||
<https://docs.openstack.org/ops-guide/ops-user-facing-operations.html#adding-signed-images>`_
|
||||
in the Operations Guide.
|
||||
|
||||
Instance migrations
|
||||
|
@@ -11,7 +11,7 @@ deployment. The authors bring their expertise from deploying and securing
|
||||
OpenStack in a variety of environments.
|
||||
|
||||
This guide augments the `OpenStack Operations Guide
|
||||
<http://docs.openstack.org/ops/>`__ and can be referenced to harden existing
|
||||
<https://docs.openstack.org/ops/>`__ and can be referenced to harden existing
|
||||
OpenStack deployments or to evaluate the security controls of OpenStack cloud
|
||||
providers.
|
||||
|
||||
@@ -180,4 +180,4 @@ that served as our group office for the entirety of the documentation sprint.
|
||||
|
||||
Learn more about how to contribute to the OpenStack docs, see the
|
||||
`OpenStack Documentation Contributor Guide
|
||||
<http://docs.openstack.org/contributor-guide/index.html>`__.
|
||||
<https://docs.openstack.org/contributor-guide/index.html>`__.
|
||||
|
@@ -236,7 +236,7 @@ Bibliography
|
||||
------------
|
||||
|
||||
- OpenStack.org, Chapter 14. Backup and Recovery. 2016.
|
||||
`OpenStack Operations Guide on backup and recovery <http://docs.openstack.org/openstack-ops/content/backup_and_recovery.html>`__
|
||||
`OpenStack Operations Guide on backup and recovery <https://docs.openstack.org/openstack-ops/content/backup_and_recovery.html>`__
|
||||
|
||||
- SANS Institute, Security Considerations for Enterprise Level Backups. 2002.
|
||||
`Interested in learning more about security? <http://www.sans.org/reading_room/whitepapers/backup/security-considerations-enterprise-level-backups_515>`__
|
||||
|
@@ -166,10 +166,10 @@ Bibliography
|
||||
------------
|
||||
|
||||
OpenStack.org, OpenStack End User Guide section. 2016.
|
||||
`OpenStack command-line clients overview <http://docs.openstack.org/user-guide/common/cli_overview.html>`__
|
||||
`OpenStack command-line clients overview <https://docs.openstack.org/user-guide/common/cli_overview.html>`__
|
||||
|
||||
OpenStack.org, Set environment variables using the OpenStack RC file. 2016.
|
||||
`Download and source the OpenStack RC file <http://docs.openstack.org/user-guide/common/cli_set_environment_variables_using_openstack_rc.html#download-and-source-the-openstack-rc-file>`__
|
||||
`Download and source the OpenStack RC file <https://docs.openstack.org/user-guide/common/cli_set_environment_variables_using_openstack_rc.html#download-and-source-the-openstack-rc-file>`__
|
||||
|
||||
Out-of-band management interface
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
@@ -13,7 +13,7 @@ the various instances.
|
||||
The basics of logging: configuration, setting log level, location of the log
|
||||
files, and how to use and customize logs, as well as how to do centralized
|
||||
collections of logs is well covered in the `OpenStack Operations Guide
|
||||
<http://docs.openstack.org/ops/>`__.
|
||||
<https://docs.openstack.org/ops/>`__.
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 2
|
||||
|
@@ -87,4 +87,4 @@ API network
|
||||
IP block. This network is considered the Public Security Domain.
|
||||
|
||||
For additional information see the `OpenStack Administrator Guide
|
||||
<http://docs.openstack.org/admin-guide/networking.html>`__.
|
||||
<https://docs.openstack.org/admin-guide/networking.html>`__.
|
||||
|
@@ -26,7 +26,7 @@ operators should carefully evaluate their policy towards user and tenant
|
||||
access to administration of network resources. For a more detailed
|
||||
explanation of OpenStack Networking policy definition, please refer to
|
||||
the `Authentication and authorization
|
||||
section <http://docs.openstack.org/admin-guide/networking_auth.html>`__
|
||||
section <https://docs.openstack.org/admin-guide/networking_auth.html>`__
|
||||
in the OpenStack Administrator Guide.
|
||||
|
||||
.. note::
|
||||
|
@@ -162,7 +162,7 @@ is currently provided by security groups. Both Freescale and Intel
|
||||
developed third-party plug-ins as extensions in OpenStack Networking to
|
||||
support this component in the Kilo release. For more details on the
|
||||
administration of FWaaS, see `Firewall-as-a-Service (FWaaS) overview
|
||||
<http://docs.openstack.org/admin-guide/networking-introduction.html#firewall-as-a-service-fwaas-overview>`__
|
||||
<https://docs.openstack.org/admin-guide/networking-introduction.html#firewall-as-a-service-fwaas-overview>`__
|
||||
in the OpenStack Administrator Guide.
|
||||
|
||||
During the design of an OpenStack Networking infrastructure it is
|
||||
|
@@ -13,7 +13,7 @@ HTTP RESTful API. Back-end components of Object Storage follow the same RESTful
|
||||
model however some of the APIs for managing durability, for example, are kept
|
||||
private to the cluster. For more details on the API see the `OpenStack Storage
|
||||
documentation
|
||||
<http://docs.openstack.org/api/openstack-object-storage/1.0/content/>`__.
|
||||
<https://docs.openstack.org/api/openstack-object-storage/1.0/content/>`__.
|
||||
|
||||
For this document the components will be grouped into the following primary
|
||||
groups:
|
||||
@@ -86,9 +86,9 @@ non-root (UID 0) service account. One recommendation is the user name "swift"
|
||||
with the primary group "swift." Object Storage services include, for example,
|
||||
'proxy-server', 'container-server', 'account-server'. Detailed steps for setup
|
||||
and configuration can be found in the `Add Object Storage chapter
|
||||
<http://docs.openstack.org/project-install-guide/object-storage/newton/>`__
|
||||
<https://docs.openstack.org/project-install-guide/object-storage/newton/>`__
|
||||
of the Installation Guide in the `OpenStack Documentation index
|
||||
<http://docs.openstack.org>`__. (The link defaults to the Ubuntu version.)
|
||||
<https://docs.openstack.org>`__. (The link defaults to the Ubuntu version.)
|
||||
|
||||
File permissions
|
||||
----------------
|
||||
@@ -250,7 +250,7 @@ TempAuth
|
||||
TempAuth is the default authentication for Object Storage. In contrast to
|
||||
Identity it stores the user accounts, credentials, and metadata in object
|
||||
storage itself. More information can be found in the section `The Auth System
|
||||
<http://docs.openstack.org/developer/swift/overview_auth.html>`__ of the Object
|
||||
<https://docs.openstack.org/developer/swift/overview_auth.html>`__ of the Object
|
||||
Storage (swift) documentation.
|
||||
|
||||
Keystone
|
||||
|
@@ -16,7 +16,7 @@ main services, which are similar to those of the Block Storage service:
|
||||
authenticates and routes requests throughout the Shared Filesystem
|
||||
service. There is python-manilaclient to interact with the API.
|
||||
For more details on the Shared File Systems API, see the `OpenStack
|
||||
Shared File Systems API <http://developer.openstack.org/api-ref-share-v2.html>`_.
|
||||
Shared File Systems API <https://developer.openstack.org/api-ref-share-v2.html>`_.
|
||||
``manila-share``
|
||||
Responsible for managing Shared File Service devices, specifically the
|
||||
back-end devices.
|
||||
@@ -36,10 +36,10 @@ PostgreSQL data bases.
|
||||
Using SQL, the Shared File Systems service is similar to other OpenStack
|
||||
services and can be used with any OpenStack deployment. For more details on
|
||||
the API, see the `OpenStack Shared File Systems API
|
||||
<http://developer.openstack.org/api-ref-share-v2.html>`_ description. For more
|
||||
<https://developer.openstack.org/api-ref-share-v2.html>`_ description. For more
|
||||
details on the CLI usage and configuration, see `Shared File Systems Cloud
|
||||
Administrative Guide
|
||||
<http://docs.openstack.org/admin-guide/shared_file_systems.html>`_.
|
||||
<https://docs.openstack.org/admin-guide/shared_file_systems.html>`_.
|
||||
|
||||
On the image below you can see how different parts of the Shared File System
|
||||
service interact with each other.
|
||||
@@ -98,7 +98,7 @@ driver and security service you configure and use.
|
||||
methods. It also does not support any of the security services, such as
|
||||
LDAP, Kerberos, or Active Directory. For details of features supported by
|
||||
different drivers, see `Manila share features support mapping
|
||||
<http://docs.openstack.org/developer/manila/devref/share_back_ends_feature_support_mapping.html>`_.
|
||||
<https://docs.openstack.org/developer/manila/devref/share_back_ends_feature_support_mapping.html>`_.
|
||||
|
||||
As an administrator, you can create share types that enable the scheduler to
|
||||
filter back ends before you create a share. Share types have extra
|
||||
|
@@ -195,4 +195,4 @@ flat networks or VLAN-segmented networks of the Legacy networking
|
||||
independently from OpenStack networking services. For more information of how
|
||||
to use different network plug-ins, see `Shared File Systems service Network
|
||||
plug-ins
|
||||
<http://docs.openstack.org/admin-guide/shared_file_systems_network_plugins.html#network-plug-ins>`_.
|
||||
<https://docs.openstack.org/admin-guide/shared_file_systems_network_plugins.html#network-plug-ins>`_.
|
||||
|
@@ -46,4 +46,4 @@ management commands are used.
|
||||
service is running. Manual modification of the policy can have unexpected
|
||||
side effects and is not encouraged. For details, see
|
||||
`The policy.json file
|
||||
<http://docs.openstack.org/newton/config-reference/policy-json-file.html>`_.
|
||||
<https://docs.openstack.org/newton/config-reference/policy-json-file.html>`_.
|
||||
|
@@ -86,9 +86,9 @@ security services for a specified share network and disassociate them from
|
||||
a share network.
|
||||
|
||||
For details of managing security services via API, see the `Security
|
||||
services API <http://developer.openstack.org/api-ref-share-v2.html#share-security-services>`_.
|
||||
services API <https://developer.openstack.org/api-ref-share-v2.html#share-security-services>`_.
|
||||
You also can manage security services via python-manilaclient,
|
||||
see `Security services CLI managing <http://docs.openstack.org/admin-guide/shared_file_systems_security_services.html>`_.
|
||||
see `Security services CLI managing <https://docs.openstack.org/admin-guide/shared_file_systems_security_services.html>`_.
|
||||
|
||||
An administrator and users as share owners can manage the
|
||||
:ref:`access to the shares <shared_fs_share_acl>` by creating access
|
||||
@@ -105,7 +105,7 @@ and the Identity service.
|
||||
|
||||
Different authentication services are supported by different share drivers.
|
||||
For details of supporting of features by different drivers, see
|
||||
`Manila share features support mapping <http://docs.openstack.org/developer/manila/devref/share_back_ends_feature_support_mapping.html>`_.
|
||||
`Manila share features support mapping <https://docs.openstack.org/developer/manila/devref/share_back_ends_feature_support_mapping.html>`_.
|
||||
Support for a specific authentication service by a driver does not
|
||||
mean that it can be configured with any shared file system protocol.
|
||||
Supported shared file systems protocols are NFS, CIFS, GlusterFS, and HDFS.
|
||||
|
@@ -12,9 +12,9 @@ An administrator can create and delete share types, and also manage extra
|
||||
specifications that give them meaning inside the Shared File Systems service.
|
||||
Tenants can list the share types and can use them to create new shares. For
|
||||
details of managing the share types, see `Shared File Systems API
|
||||
<http://developer.openstack.org/api-ref-share-v2.html#share-type>`_ and
|
||||
<https://developer.openstack.org/api-ref-share-v2.html#share-type>`_ and
|
||||
`Share types managing
|
||||
<http://docs.openstack.org/admin-guide/shared_file_systems_share_types.html>`_
|
||||
<https://docs.openstack.org/admin-guide/shared_file_systems_share_types.html>`_
|
||||
documentation.
|
||||
|
||||
Share types can be created as *public* and *private*. This is the level of
|
||||
|
@@ -143,7 +143,7 @@ including:
|
||||
|
||||
For more information on the deployment, operation, or implementation of
|
||||
Object Storage encryption, see the swift Developer Documentation on
|
||||
`Object Encryption <http://docs.openstack.org/developer/swift/overview_encryption.html>`_.
|
||||
`Object Encryption <https://docs.openstack.org/developer/swift/overview_encryption.html>`_.
|
||||
|
||||
Block Storage volumes and instance ephemeral filesystems
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
@@ -110,7 +110,7 @@ the encryption key. The end user can select this feature while creating a
|
||||
volume, but note that an admin must perform a one-time set up of the volume
|
||||
encryption feature first. Instructions for this setup are in the block
|
||||
storage section of the `Configuration Reference
|
||||
<http://docs.openstack.org/newton/config-reference/block-storage/volume-encryption.html>`__
|
||||
<https://docs.openstack.org/newton/config-reference/block-storage/volume-encryption.html>`__
|
||||
, under volume encryption.
|
||||
|
||||
If the OpenStack volume encryption feature is not used, then other approaches
|
||||
@@ -152,7 +152,7 @@ Compute instance ephemeral storage
|
||||
----------------------------------
|
||||
|
||||
Note that the OpenStack `Ephemeral disk encryption
|
||||
<http://docs.openstack.org/security-guide/tenant-data/data-encryption.html>`__
|
||||
<https://docs.openstack.org/security-guide/tenant-data/data-encryption.html>`__
|
||||
feature provides a means of improving ephemeral storage privacy and isolation,
|
||||
during both active use as well as when the data is to be destroyed. As in the
|
||||
case of encrypted block storage, one can simply delete the encryption key to
|
||||
|
@@ -31,7 +31,7 @@ Bibliography:
|
||||
|
||||
- OpenStack.org, Welcome to Barbican's Developer Documentation!. 2014.
|
||||
`Barbican developer
|
||||
documentation <http://docs.openstack.org/developer/barbican>`__
|
||||
documentation <https://docs.openstack.org/developer/barbican>`__
|
||||
|
||||
- oasis-open.org, OASIS Key Management Interoperability Protocol
|
||||
(KMIP). 2014.
|
||||
|
Reference in New Issue
Block a user