什么没有 发表于 2018-6-2 14:45:58



  有人要求我对OpenStack开源云计算平台进行简要的安全性分析,并简要分析我们的企业是否应该把开源云计算平台作为云基础设施建设的基础去追求。我的初步评估是,像Apache和 Linux,平台的开放性让我们能迅速发现和修复安全漏洞,这可以降低溢出的可能性。你们同意吗?还有其他值得考虑的OpenStack安全点(利与弊)吗?

    OpenStack是一个倡导执行简便、功能丰富、扩展性强的基础设施即服务云计算平台。于2010年7月由托管供应商Rackspace有限公司和NASA发布,它由构建云基础设施解决计划的各种组件的一系列相关项目组成。有了Apache 2.0许可证,所有编码都可免费使用,并且有上百家公司为它的开发做出贡献,包括:思科系统有限公司、Citrix系统有限公司、戴尔有限公司、英特尔有限公司和微软公司等等。

    选择开源云软件意味着避免了专利供应商技术锁定的潜在困境,OpenStack的典型设计使它能与传统技术或第三方技术合并。OpenStack也旨在制定云计算标准,这在目前是缺失的。有了标准,拥有在云供应商中应用的兼容工具和服务也变得更容易,从而简化了在云与云之间(特别是从私有云移向公共云)移动数据和应用的过程。开源Linux 解决了由Unix特点出现而产生的问题,开放云标准可以为大型云计算提供同样的益处。

    OpenStack有两种相关项目:OpenStack计算和OpenStack对象存储。OpenStack计算是提供和管理大型虚拟私有服务器集团的软件。利用Eventlet 和Twisted架构把它写入Python,并遵照高级消息列队协议 (AMQP)的标准和SQLAlchemy访问数据存储。它从NASA的Nebula云平台和Rackspace的云文档平台中融合编码。对象存储是利用集群服务器创建多余、可扩展的目标存储来存储大量数据的软件。如果你选择了OpenStack,就会运行NASA使用的相同的软件和惠普及Rackspace提供的云服务;其他供应商也开始提供OpenStack,比如Piston云计算等。

    虽然OpenStack 想使企业组织部署大规模标准硬件上运行的私有云和公共云变为可能,但这需要有合格的技术操作团队,他们要拥有把物理硬件转化为大型云部署的能力。这不是普通企业要考虑的因素。



I’ve been asked to provide a brief security analysis of the OpenStack open source cloud computing platform and whether our enterprise should pursue it as the basis for our cloud infrastructure build-out. My initial assessment is that, like with Apache and Linux, the open nature of the platform allows security flaws to be found and fixed quickly, which helps decrease the likelihood of exploits. Do you agree? What other OpenStack security points (pro and con) are worth considering?

OpenStack is an Infrastructure as a Service cloud computing initiative with the goal of being an easy-to-implement, feature-rich, yet very scalable, cloud computing platform. Launched in July 2010 by hosting provider Rackspace Inc. and NASA, it consists of a series of interrelated projects building various components for a cloud infrastructure solution. All of the code is freely available under the Apache 2.0 license, and there are over 100 companies, including Cisco Systems Inc., Citrix Systems Inc., Dell Inc., Intel Corp. and Microsoft, contributing to its development.

Opting for open source cloud software means avoiding the potential dilemma that is proprietary vendor technology lock-in, and OpenStack’s modular design means it can integrate with legacy or third-party technologies. OpenStack also aims to establish cloud computing standards, which are certainly lacking at the moment. Standards will make it easier to have compatible tools and services that work across cloud providers, thereby easing the process of moving data and applications between clouds, particularly when migrating from private to public. Open source Linux solved the problems caused by the emergence of proprietary flavors of Unix, and open cloud standards could provide the same benefits for large-scale cloud computing.

There are two interrelated OpenStack projects: OpenStack Compute and OpenStack Object Storage. OpenStack Compute is software to provision and manage large groups virtual private servers. It is written in Python using the Eventlet and Twisted frameworks, and relies on the standard AMQP messaging protocol, and SQLAlchemy for data store access. It integrates code from NASA's Nebula cloud platform as well as Rackspace's Cloud Files platform. Object Storage is software for creating redundant, scalable object storage using clusters of servers to store vast amounts of data. If you opt for OpenStack, you’ll be running the same software used by NASA, and the cloud services offered by Hewlett-Packard Co. and Rackspace; other providers are also starting to appear that offer OpenStack, such as Piston Cloud Computing.

Although OpenStack wants to make it possible for any organization to deploy large-scale private or public clouds running on standard hardware, you will need a competent technical operations team that has the capabilities to turn physical hardware into large-scale cloud deployments. It is probably not something the average business would consider deploying itself.

Open source projects generally have a good track record when it comes to security, but they are not immune to flaws and vulnerabilities, and OpenStack is still new. An alternative would be the Eucalyptus framework, which implements the API stack of Amazon's EC2 compute cloud allowing a cluster of servers to emulate what Amazon does internally, but on a private cloud. Eucalyptus has been around longer than OpenStack but is not fully open source. This is possibly one of the reasons the Ubuntu community has decided future releases of the Ubuntu Server will support OpenStack.

It’s unclear whether OpenStack or Eucalyptus will achieve commercial success and -- importantly for you -- longevity, but at the moment the momentum certainly seems to be with OpenStack.
页: [1]
查看完整版本: OpenStack安全性分析:开源云软件的利与弊