Learn how to enhance OpenStack deployment security through traffic encryption in this 19-minute technical talk. Explore three critical traffic types requiring encryption: external communication to load balancers, internal communication from load balancers to backends, and service-to-service communication including rabbitmq, galera, nova live migration, and noVNC. Discover recent improvements implemented in OpenStack-Ansible to address these security challenges, with detailed explanations of required changes and their rationale. Gain insights into TLS backend enablement, variable scope management, TLS frontend transition, and AJ Proxy implementation. Basic OpenStack-Ansible knowledge is recommended to fully grasp the concepts presented by speaker Damian DÄ…browski.
Encrypting Internal Traffic with OpenStack-Ansible - A Security Implementation Guide
OpenInfra Foundation via YouTube
Overview
Syllabus
Intro
Things that can be encrypted
What we need to encrypt
How to enable TLS backend
Variables scope
TLS Frontend Transition
AJ Proxy
Summary
Taught by
OpenInfra Foundation