D415 - Software Defined Networking

Nova (Compute)

Provides foundation for handling the compute resources of a cloud. Enables creation, scheduling, and management of VM instances across a cluster of nodes.

Neutron (networking)

Manages network resources in an OpenStack cloud. Provides the ability to create and manage virtual networks, routers, load balancers, and other network services.

Cinder (Block storage)

Allows users to create and manage block storage volumes that can be attached to VMs for persistent storage

Swift (Object storage)

Allows users to store and retrieve large amounts of unstructured data. Designed for scalability and durability.

Glance (Image service)

Stores, catalogs, and retrieves VM images, making them available for deployment.

Horizon (Dashboard)

Provides GUI for users/admins to manage the various OpenStack services

Keystone (Identity service)

IAM service that provides directory of users, roles, and permissions in OpenStack. Offers authentication, token issuance, and access control.

Heat (Orchestration)

Define and manage cloud application stacks as templates.

Ceilometer (Telemetry)

Collects metering and usage data. Helps monitor and analyze resource usage

Trove (Database service)

Offers database as a service

Ironic (bare metal)

Used for managing bare metal appliances

Magnum (Container Orchestration)

Enables management of container orchestration engines, such as Kubernetes, providing users with the ability to deploy and manage containerized applications

Barbican (Key Management)

Provides management, generation, and storage of keys/certs/other sensitive items. Plays a crucial role in safeguarding sensitive information and maintaining data privacy and security

SDN

Focuses on network control and management

SDN

Separates control plane from the data plane

SDN

Centralizes control by using a centralized controller that manages the network

SDN

Network devices are considered "dumb"

SDN

Used to optimize network performance, improve agility, and enable innovative appliactions

SDN

Particularly useful in datacenters, clouds, and situations requiring network flexibility

NFV

Focuses on virtualizing and consolidating network functions

NFV

Aims to replace hardware-based network appliances

NFV

Virtualizes network functions and running them on standard servers, reducing the need for dedicated hardware appliances.

NFV

Functions deployed as Virtual Network Functions (VNF's) and can be dynamically deployed and scaled

NFV

Optimize network infrastructure, reduce hardware dependence, and streamline network service deployment

NFV

Useful for service providers, telecom operators, and orgs with complex network requirements

Southbound API

Used to communicate between the control plane and data plane

Northbound API

Communicate between control plane and application/management systems

Southbound API

OpenFlow, NETCONF, and gRPC

Northbound API

RESTful APIs, WebSockets, and custom appliaction-specific APIs

Southbound API

Control plane instructs the data plane on how to handle network traffic

Northbound API

Provide way for external applications, services, or orchestrators to request network services, retrieve network status, and manipulate network behavior.

Southbound API

Used to communicate with physical or virtual network devices. Can configure, manage, and monitor

Chef

Uses code written in Ruby and a specialized Domain-Specific Language (DSL)

Ansible

Uses YAML-based playbooks, while also using JSON for data serialization during task execution and communication.

Ansible

Operates agentlessly over SSH, automating processes within an environment

Virtual Network Function (VNF)

Software implementation of a network function that traditionally would be performed by dedicated hardware appliances

Virtual Network Function Manager (VNFM)

Responsible for managing the lifecycle of VNFs. Handles VNF deployment, scaling, updating, and termination. Interacts with the NFV infrastructure.

Virtual Network Function Infrastructure (VNFI)

Virtualized resources required to support the execution of VNFs. Includes compute, storage, and network resources that VNFs need to operate effectively.

Network Functions Virtualization (NFV)

Architectural approach that involves virtualizing and consolidating network functions onto standard hardware.

Network Functions Virtualization (NFV)

Allows functions to run as software on general-purpose servers, reducing the need for dedicated hardware.

Common Vulnerability Scoring System (CVSS)

Framework used to assess and communicate the severity of vulnerabilities in software and systems. Assigns score based on impact, exploitability, and complexity

NIST SP 800-53 Security Controls

Outlines a comprehensive set of security controls across various control families, including access control, configuration management, incident response, and more.

NIST SP 800-125B Hypervisor Security

Provides guidance on security the hypervisor layer to prevent unauthorized access, ensure isolation between VMs, and protect against various attacks.

NIST SP 800-53 Control Families

Organized into families, each addressing a specific area of security concern. Ex: Access Control, Audit and Accountability, System and Communications Protection, and Security Assessment and Authorization

NIST SP 800-125B Virtualization Components

Covers various components such as host systems, guest systems, management interfaces, and virtual networks

NIST SP 800-53 Control Baselines

Guidelines for tailored security measures based on the organization risk profile and the sensitivity of the information being protected. (low, medium, and high)

NIST SP 800-125B Isolation and Segmentation

Importance of maintaining strong isolation between VMs to prevent unauthorized information disclosure or unauthorized access.

NIST SP 800-53 Continuous Monitoring

Monitoring of security controls to ensure ongoing compliance and effectiveness

NIST SP 800-125B Configuration Management

Emphasizes the need for secure configuration of hypervisor and virtual machine settings, including parameters related to memory allocation, CPU scheduling, and network configurations.

NIST SP 800-53 Risk Management Framework (RMF)

Provides a structured approach for managing and mitigating information security risks.

NIST SP 800-125B Secure Deployment

Provides recommendations for practices involving patch management, secure boot processes and hardware-based security features

NIST SP 800-53 Security and Privacy Overlay

Provides controls and guidance to help organizations address privacy requirements alongside security requirements.

NIST SP 800-125B Virtualization Vulnerabilities

Discusses issues that may arise due to virtualization, such as side-channel attacks and "VM escape" attacks. Provides guidance on mitigating these risks.