您好,欢迎光临本网站![请登录][注册会员]  
文件名称: Security enforcement, from OS to image to VM for Production OpenStack Cloud
  所属分类: 互联网
  开发工具:
  文件大小: 971kb
  下载次数: 0
  上传时间: 2015-06-22
  提 供 者: happy*****
 详细说明: Suning Cloud Commerce is one of the largest privately owned retailers in China. Suning has more than 1600 stores covering over 700 cities of Mainland China, Hong Kong and Japan, and its e-commerce platform, Suning.com ranks among top three Chinese B2C companies. There are more than 180,000 employees, thousands of mixed power, x86, storage servers and tens of thousands of virtual machines from several large data center across China, HongKong and Japan. KVM, oVirt and virtualization technologies are widely used, and there are also very large server farm for VDI. Till end of year 2014, Suning has setup large OpenStack private production clouds across several data centers, based on OpenStack Icehouse. Controller nodes are high-availabile and easily scale-out based on Pacemaker+Corosync+HAproxy, with large compute+storage nodes, splitted by multiple regions, and each region was further splitted into multiple availability zones. Host aggregates are also used with pre-determined metadata attributes to serve complex scheduling not only based on CPU, Memory, Disk, but also filters like self-developed anti-Affinity on anti-Affinity according to business requirement. Config drive is used for the isolated AZ that can only accept static IP address. iSCSI burden is also tweaked to fast Cinder volume to instances to improve IO performance. Security is a forever topic for any IT infrastructure, especially important in a large production OpenStack cloud, which involving: · Operating System Level Security Enforcement and intrusion detection; · Password Security, especially Host and Virtual Machine password, life cycle from template creation to virtual machine retirement; · Message level protection including message routing from generation to consumption; · Database security settings to prevent unauthorized access or privilege alter; · VNC/Spice console protection; · Service port restriction; · Network DDoS attack detection; · Account, Password and ssh key management; · Openstack service protocol protection; · Virtual Machine access and isolation along physical planning; In this presentation, we will share approaches that we utilize in setup large OpenStack cloud ...展开收缩
(系统自动生成,下载前可以参看下载内容)

下载文件列表

相关说明

  • 本站资源为会员上传分享交流与学习,如有侵犯您的权益,请联系我们删除.
  • 本站是交换下载平台,提供交流渠道,下载内容来自于网络,除下载问题外,其它问题请自行百度
  • 本站已设置防盗链,请勿用迅雷、QQ旋风等多线程下载软件下载资源,下载后用WinRAR最新版进行解压.
  • 如果您发现内容无法下载,请稍后再次尝试;或者到消费记录里找到下载记录反馈给我们.
  • 下载后发现下载的内容跟说明不相乎,请到消费记录里找到下载记录反馈给我们,经确认后退回积分.
  • 如下载前有疑问,可以通过点击"提供者"的名字,查看对方的联系方式,联系对方咨询.
 相关搜索: OpenStack 苏宁
 输入关键字,在本站1000多万海量源码库中尽情搜索: