OpenStack 的工作原理
OpenStack 是用於建構雲端運算平台的開源軟體集合,包括對公有和私有雲端環境的支援。 它由全球組織和開發人員社群設計和維護,其共同目標是建立雲端基礎設施以滿足現代業務需求。 這使組織能夠充分利用雲端基礎架構的可擴展性和靈活性來提高業務敏捷性並縮短上市時間。
Check Point 是OpenStack 社群的貢獻成員,並與 OpenStack 整合以保護雲端環境。
OpenStack 作為開源元件的集合來實現,旨在解決某些挑戰或解決雲端運算的用例。 OpenStack 的一些主要元件包括:
- 計算: Nova 是開放堆疊的主要計算引擎。 它負責部署和控制構成組織雲端基礎架構的虛擬機器陣列。
- 網路: Neutron 為 OpenStack 實現網絡,並實現元件之間高效、快速的通訊。
- 物件儲存: Swift 使用檔案的唯一識別碼而不是位置來實現檔案儲存。 這使得 Swift 能夠在幕後優化和分配存儲,同時為開發人員提供輕鬆存取。
- 區塊儲存: Cinder 實作了一種類似於磁碟機的更傳統的儲存媒體。 這提高了檔案的存取速度,因為它們的確切位置是已知的。
- 身分: Keystone 是 OpenStack 的身分和存取管理 (IAM) 解決方案。 它維護用戶及其相關權限的主列表。
- 映像: Glance 管理 OpenStack 硬碟的磁碟映像(虛擬副本)。 這使用戶能夠使用現有虛擬機器作為範本來建立新的虛擬機器。
- 容器: Magnum 可讓容器在 OpenStack 中使用。 Magnum 應用程式開發介面服務提供對 Docker Swarm、Kubernetes 和 Apache Mesos 等容器編排引擎的存取。
此清單中的所有元件以及 OpenStack 中可用的其他元件都是開源的。 這意味著任何人都可以使用它們,並且可以與社群共享改進,確保 OpenStack 成為實施雲端基礎架構的高品質解決方案。
Check Point for OpenStack
Check Point’s Check Point integrates with OpenStack and provides a number of security benefits, such as:
- Cloud Network Security: Check Point Cloud Firewall provides security automation and scalability to OpenStack. Its metadata support for developing and managing contextual security policies and single-click provisioning simplifies and strengthens private cloud security.
- Comprehensive Threat Prevention: Prevention is the most effective and least costly approach to managing security in any environment. Check Point offers comprehensive threat prevention for an organization’s entire cloud infrastructure, including public, private, and hybrid cloud deployments.
- Security Orchestration and Automation: Cloud security threats are fast-moving and distributed. Check Point’s security orchestration and automation enables security teams to quickly and effectively respond to security threats in OpenStack environments.
- Context-Aware Security Policies: Contextual information is vital to differentiating between a benign anomaly and a true threat. Check Point’s context-aware security policies enable administrators to define particular scenarios in which certain policies should be applied and enforced.
- Advanced Threat Protection: Check Point enables dynamic insertion and orchestration of Check Point’s advanced threat protection into OpenStack. This provides industry-leading malware detection and blocking for cloud environments.
- 日誌記錄和監控:安全可見性是雲端資安的一項重大挑戰和必要條件。 Check Point 的 SmartEvent 日誌記錄為週邊和資料中心流量提供事件追蹤和威脅分析
- Unified Security Management: Standalone point cloud security solutions are unscalable and difficult to use effectively. Check Point unifies cloud security management for control and visibility across virtual and physical environments and includes support for multi-tenancy.
- Cross-Vendor Context and Visibility: Check Point is able to use context from multiple private cloud management systems such as Cisco ACI, OpenStack and VMware vCenter in the same security policy. It also offers support for all leading public clouds (AWS, Azure, Google Cloud, Oracle Cloud, Alibaba, IBM Cloud, etc.) and manages the security of all clouds and on-prem deployments from a single pane-of-glass.
- Security Agility: Organizations security requirements change rapidly, especially in cloud-based infrastructure. Check Point enables rapid deployment of security policies through the complete application deployment lifecycle.
- Reduced Operating Expenditure (OpEx): Check Point offers accelerated application and security deployment with increased efficiency in service provisioning and network security segmentation. This reduces the OpEx associated with securing a cloud environment.
OpenStack and Check Point integrate to provide a secure, usable cloud infrastructure solution. To learn more about this partnership, check out this solution brief. Then, request a demo of Check Point to see its capabilities for yourself. For more information and to speak with an expert about your cloud security needs, contact us.
