How OpenStack Works
OpenStack is a collection of open-source software for building cloud computing platforms that includes support for both public and private cloud environments. It is designed and maintained by a global community of organizations and developers with the shared purpose of building cloud infrastructure to meet modern business needs. This enables organizations to take full advantage of cloud infrastructure’s scalability and flexibility to increase business agility and improve time to market.
Check Point is a contributing member of the OpenStack community and integrates with OpenStack to protect and secure cloud environments.
OpenStack is implemented as a collection of open-source components designed to solve certain challenges or address use cases for cloud computing. Some of the primary components of OpenStack include:
- Compute: Nova is open stack’s main computing engine. It is responsible for deploying and controlling the array of virtual machines that make up an organization’s cloud infrastructure.
- Networking: Neutron implements networking for OpenStack and enables efficient and rapid communication between components.
- Object Storage: Swift implements file storage using unique identifiers for files rather than location. This allows Swift to optimize and distribute storage behind the scenes while providing easy access to developers.
- Block Storage: Cinder implements a more traditional storage medium similar to disk drives. This improves access speed to files because their exact location is known.
- Identity: Keystone is OpenStack’s identity and access management (IAM) solution. It maintains a master list of users and their associated permissions.
- Image: Glance manages OpenStack’s disk images (virtual copies) of hard drives. This enables users to create new virtual machines using existing ones as a template.
- Container: Magnum makes containers usable in OpenStack. The Magnum API service provides access to container orchestration engines like Docker Swarm, Kubernetes, and Apache Mesos.
All of the components in this list – and others available in OpenStack – are open-source. This means that anyone can use them and improvements are shared with the community, ensuring that OpenStack is a high-quality solution for implementing cloud infrastructure.
Check Point CloudGuard for OpenStack
Check Point’s CloudGuard integrates with OpenStack and provides a number of security benefits, such as:
- Cloud Network Security: CloudGuard Network Security provides security automation and scalability to OpenStack. Its metadata support for developing and managing contextual security policies and single-click provisioning simplifies and strengthens private cloud security.
- Comprehensive Threat Prevention: Prevention is the most effective and least costly approach to managing security in any environment. CloudGuard offers comprehensive threat prevention for an organization’s entire cloud infrastructure, including public, private, and hybrid cloud deployments.
- Security Orchestration and Automation: Cloud security threats are fast-moving and distributed. CloudGuard’s security orchestration and automation enables security teams to quickly and effectively respond to security threats in OpenStack environments.
- Context-Aware Security Policies: Contextual information is vital to differentiating between a benign anomaly and a true threat. CloudGuard’s context-aware security policies enable administrators to define particular scenarios in which certain policies should be applied and enforced.
- Advanced Threat Protection: CloudGuard enables dynamic insertion and orchestration of Check Point’s advanced threat protection into OpenStack. This provides industry-leading malware detection and blocking for cloud environments.
- Logging and Monitoring: Security visibility is a major challenge and a necessity for cloud security. Check Point’s SmartEvent Logging provides incident tracking and threat analysis for both the perimeter and data center traffic
- Unified Security Management: Standalone point cloud security solutions are unscalable and difficult to use effectively. CloudGuard unifies cloud security management for control and visibility across virtual and physical environments and includes support for multi-tenancy.
- Cross-Vendor Context and Visibility: CloudGuard is able to use context from multiple private cloud management systems such as Cisco ACI, OpenStack and VMware vCenter in the same security policy. It also offers support for all leading public clouds (AWS, Azure, Google Cloud, Oracle Cloud, Alibaba, IBM Cloud, etc.) and manages the security of all clouds and on-prem deployments from a single pane-of-glass.
- Security Agility: Organizations security requirements change rapidly, especially in cloud-based infrastructure. CloudGuard enables rapid deployment of security policies through the complete application deployment lifecycle.
- Reduced Operating Expenditure (OpEx): CloudGuard offers accelerated application and security deployment with increased efficiency in service provisioning and network security segmentation. This reduces the OpEx associated with securing a cloud environment.
OpenStack and Check Point integrate to provide a secure, usable cloud infrastructure solution. To learn more about this partnership, check out this solution brief. Then, request a demo of CloudGuard to see its capabilities for yourself. For more information and to speak with an expert about your cloud security needs, contact us.