摘要
本文围绕OpenStack私有云平台对用户和资源的管理展开研究,在分析OpenStack平台架构、相关组件交流互通机制和安全机制的基础上,针对其缺少细粒度的身份认证机制,数据传输安全性等问题,提出一种身份管理增强方案。该方案将LDAP、RBAC机制以及SSL/TLS安全协议,集成到Keystone安全服务组件,并通过实验表明该方案能够实现私有云平台对于用户和虚拟资源的身份管理的可扩展性和安全性。
This paper studies the identity and resource management of the OpenStack cloud platform. Based on the analysis of OpenStack platform architecture,the related information exchange mode and security mechanism,this paper proposes an identity lack of fine granularity authentication mechanism and management enhancement scheme for OpenStack data transmission security. This solution integrates LDAP and SSL/TLS security protocol into the keystone security service.Through the deployment of the test,it is proved that this scheme can improve the scalability and security of the private cloud platform for user and resource pool identity management.
作者
池亚平
丁正光
蒲钰
Chi Yaping;Ding Zhengguang;Pu Yu(Beijing Electronic Science and Technology Institute,Beijing 100070,China)
出处
《北京电子科技学院学报》
2017年第2期66-72,共7页
Journal of Beijing Electronic Science And Technology Institute
作者简介
池亚平(1969-),女(汉),教授,研究方向:网络安全.
