Identity, Authentication, and Access Management in OpenStack: Implementing and Deploying Keystone

· ·
· "O'Reilly Media, Inc."
Ebook
130
Pages

About this ebook

Keystone—OpenStack's Identity service—provides secure controlled access to a cloud’s resources. In OpenStack environments, Keystone performs many vital functions, such as authenticating users and determining what resources users are authorized to access.

Whether the cloud is private, public, or dedicated, access to cloud resources and security is essential. This practical guide to using Keystone provides detailed, step-by-step guidance to creating a secure cloud environment at the Infrastructure-as-a-Service layer—as well as key practices for safeguarding your cloud's ongoing security.

  • Learn about Keystone's fundamental capabilities for providing Identity, Authentication, and Access Management
  • Perform basic Keystone operations, using concrete examples and the latest version (v3) of Keystone's Identity API
  • Understand Keystone's unique support for multiple token formats, including how it has evolved over time
  • Get an in-depth explanation of Keystone's LDAP support and how to configure Keystone to integrate with LDAP
  • Learn about one of Keystone's most sought-after features—support for federated identity

About the author

Steve Martinelli is an OpenStack Active Technical Contributor and a Keystone Core Contributor. He primarily focuses on enabling Keystone, which is OpenStack's Identity Manager, to better integrate into enterprise environments. Steve was responsible for adding Federated Identity and OAuth support to Keystone and was one of the leading contributors to Keystone to Keystone federation support for interoperable hybrid cloud enablement. In his spare time he also contributes to OpenStackClient, pyCADF, and oslo.policy and is a core contributor in each of these projects. Steve received his B.ASc. in Computer Engineering from York University. Henry works in IBM's Cloud division as an OpenStack Architect and a core contributor to OpenStack Keystone, driving enterprise capabilities into OpenStack as well as IBM's products that use OpenStack. He has a long history of developing enterprise software, graphics and communication systems as well as nanotechnology, having founded numerous successful companies in Europe and the USA, finally coming to IBM via acquisition in 2009. He holds a 1st class honors degree in Electrical Engineering from the University of Southampton, UK. Dr. Brad Topol is an IBM Distinguished Engineer in the IBM Cloud Architecture and Technology organization. In his current role, Brad leads a development team focused on contributing to and improving OpenStack and he has cross-IBM responsibility for coordinating its contributions to OpenStack. Brad is an OpenStack core contributor to Keystone-Specs, Pycadf, and Heat-Translator and has personally contributed to multiple OpenStack projects including Keystone, Pycadf, Heat-Translator, and DevStack. He received a Ph.D. in Computer Science from the Georgia Institute of Technology in 1998.

Reading information

Smartphones and tablets
Install the Google Play Books app for Android and iPad/iPhone. It syncs automatically with your account and allows you to read online or offline wherever you are.
Laptops and computers
You can listen to audiobooks purchased on Google Play using your computer's web browser.
eReaders and other devices
To read on e-ink devices like Kobo eReaders, you'll need to download a file and transfer it to your device. Follow the detailed Help Center instructions to transfer the files to supported eReaders.