VMware: Next Generation Security Services in OpenStack

#OpenStack is quickly and steadily positioning itself as a great Infrastructure-as-a-Service solution for the Enterprise. Originally conceived for that proverbial DevOps Cloud use case (and as a private alternative to #AWS), the OpenStack framework has evolved to add rich Compute, Network and Storage services to fit several enterprise use cases. This evolution can be evidenced by the following initiatives: Higher number of commercial distributions are available today, in addition to Managed Services and/or DIY OpenStack. Diverse and expanded application and OS support vs. just Cloud-Native apps (a.k.a “pets vs. cattle”). Advanced network connectivity options (routable Neutron topologies, dynamic routing support, etc.). More storage options from traditional Enterprise storage vendors. This is definitely great news, but one area where OpenStack has lagged behind is security. As of today, the only robust option for application security offered in OpenStack are #Neutron Security Groups. The basic idea is that OpenStack Tenants can be in control of their own firewall rules, which are then applied and enforced in the dataplane by technologies like #Linux IP Tables, OVS conntrack or, as it is the case with #NSX #vSphere, a stateful and scalable Distributed Firewall with #vNIC -level resolution operating on each and every ESXi hypervisor.

http://www.dabcc.com/vmware-next-generation-security-services-in-openstack/