Cloud & DevOps

OpenStack Security Training

OpenStack is an open-source platform used for building cloud computing environments.

Duration
6h
Ask about the program → See all
Who it's for

Ideal for teams that…

1 System administrators who want to learn how to manage the OpenStack platform from an administrator or user perspective.
2 Developers building interfaces and services on top of OpenStack.
3 Architects looking to select the optimal configuration for OpenStack deployments.
4 Candidates preparing for the Certified OpenStack Administrator certification.
5 Network administrators who want to understand network virtualization and software-defined networking in cloud environments.
6 Security specialists interested in the nuances of distributed cloud infrastructure security.
Outcomes after the program

Cloud, automation and CI/CD in practice — hands-on for engineering teams.

Gain an in-depth understanding of OpenStack architecture.

Learn to manage virtual resources such as VMs and storage volumes.

Build virtual networks with routers and secure access to resources.

Understand how virtualization of compute and networking is implemented at the OS level.

Learn cloud monitoring principles and troubleshooting techniques.

Secure cloud environments and infrastructure against unauthorized access.

Program · 11 modules

What we actually do

M01
Introduction to OpenStack
  • · History of the cloud and OpenStack
  • · Cloud features
  • · Private, public, hybrid
  • · On-premise, IaaS, PaaS, SaaS
  • · Public and private cloud deployments based on OpenStack
  • · Open source and commercial OpenStack distributions
  • · OpenStack deployment models
  • · Modules
  • · Underlying tools
  • · Integrations
  • · OpenStack lifecycle
  • · OpenStack certification
M02
Security Foundations in Private Clouds
  • · Security domains in private clouds
  • · Threat classification and attack types
  • · System and network documentation
  • · Vulnerability management
  • · Configuration management and policies
  • · System backup and recovery
  • · Server hardening
M03
OpenStack Management Interfaces
  • · Dashboard
  • · API
  • · SSH
  • · OOB (Out-of-Band)
  • · Secure communication: TLS and HTTPS
  • · Reference architectures
M04
Keystone – Identity Service
  • · Keystone architecture
  • · Authentication and available backends
  • · Token types and token management
  • · Authorization in OpenStack – roles and oslo.policy
  • · Keystone resources: domains, projects, users
  • · openrc and clouds.yaml – CLI client configuration
  • · OpenStack service catalog
  • · Quota system in OpenStack
M05
Glance – Image Service
  • · Glance architecture
  • · Images adjusted to the cloud
  • · Adding new images
  • · Securing image service deployment
  • · Image metadata
M06
Neutron – Networking Service
  • · Neutron architecture
  • · Neutron service distribution
  • · Networks in OpenStack deployment
  • · Network isolation in Neutron
  • · Basic resources in Neutron
  • · Compute node networking
  • · Tenant (self-service) networks and subnets
  • · East-West routing
  • · Provider networks and North-South routing
  • · Network namespaces
  • · Physical traffic in Neutron nodes
  • · Floating IPs
  • · Security Groups
  • · Role Based Access Control (RBAC)
M07
Nova – Compute Service
  • · Nova architecture
  • · Hypervisors in the compute service
  • · QEMU vs. KVM
  • · Keypair management
  • · Flavour management
  • · Instance metadata and features
  • · Creating, verifying, and managing virtual instances
  • · Inspecting VM at the compute node
  • · Assigning Security Groups and Floating IPs
  • · Tapping into instance ports
  • · Anti-spoofing (port security)
  • · L3 virtual resources (router functions)
  • · Nova-scheduler – compute node selection
  • · Metadata service and configuration drive
  • · Instance migration
  • · Hardening the compute service
M08
Cinder – Block Storage Service
  • · Cinder architecture
  • · Volume features
  • · Creating a volume
  • · Attaching and accessing volumes
  • · Storage backends: iSCSI, Ceph
  • · Volume wipe
M09
Barbican – Key Management Service
  • · Barbican architecture
  • · Storing passphrases
  • · Generating and storing symmetric encryption keys
  • · Volume encryption mechanisms
  • · Configuring encrypted Cinder volume types
  • · Limitations of volume encryption
  • · Storing X.509 certificate bundles
M10
Auxiliary Services and Platform Security
  • · Logging in OpenStack
  • · RabbitMQ – message queue (RPC)
  • · MySQL – database access
  • · Monitoring OpenStack deployment
  • · Tenant data privacy
  • · Instance security
  • · Oslo.policy – custom roles and API authorization
M11
High Availability in OpenStack
  • · High Availability concepts and implementations
Every module is adapted to your stack and context. The above is a starting point — not a fixed agenda.
How we work

From brief to retro in 30 days.

01

Brief & diagnosis

A call with the team lead + a short survey for participants. We define goals, gap and context.

02

Program customization

We adapt modules, case studies and code examples to your stack. Approval in 5 days.

03

Workshop

Trainer-led sessions, hands-on, code review. Mentor available between sessions too.

04

Retro + report

Outcome report for the team and lead. 30 days of consulting included.

Inquiry

Send a brief. We'll reply within 1 day.

After a short brief we'll prepare a program and a quote. No obligations — it's just a starting point.

Quote within 48h of the brief
First session within 30 days
Pilot before the full decision
VAT invoice, payment in instalments possible

Ochrona antyspamowa (Cloudflare Turnstile) zostanie aktywowana po wpięciu klucza.

Other programs for teams

See all →
Cloud & DevOps

Advanced Ansible Training

Cloud, automation and CI/CD in practice — hands-on for engineering teams.

Cloud & DevOps
Cloud & DevOps

Advanced Linux System Administration Training

Cloud, automation and CI/CD in practice — hands-on for engineering teams.

Cloud & DevOps
Cloud & DevOps

Ansible Basic Training

Cloud, automation and CI/CD in practice — hands-on for engineering teams.

Cloud & DevOps