Back To Schedule
Thursday, October 29 • 11:00am - 11:40am
Sentinel: A Platform for Fine-grained Application Security on OpenStack

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

In this talk, we present Sentinel, the platform providing fine-grained security to applications running on OpenStack. Sentinel is currently being used at web-scale within eBay to secure applications across multiple OpenStack clusters.

Sentinel provides a robust policy-declaration model to represent applications and inter-application dependencies, a highly-scalable policy engine to translate the policies into enforcement rules, a policy agent that applies the rules on endpoints automatically, and monitoring & auditing capabilities. The highly-scalable design of the policy engine enables rapid deployment of rules on hundreds of thousands of VMs deployed on multiple OpenStack clusters.

The talk will be organized as follows:

  • Overview of the cloud architecture at eBay

  • Architecture of Sentinel

  • Policy declaration model

  • Policy enforcement methodology, optimizations 

  • Integration with OpenStack

  • Automatic service-dependency discovery

  • Monitoring, auditing and real-time visualization

  • Comparison with OpenStack congress and OpenStack Firewall-as-a-Service (FWaaS) 

  • Challenges

About eBay Inc.: eBay Inc. enables commerce by delivering flexible and scalable solutions that foster merchant growth. eBay Inc. properties include eBay Market Places, eBay Enterprise and StubHub. eBay Marketplaces delivers one of the world's largest online Marketplaces to customers. With more than 149 million active users globally, eBay is one of the world's largest online Marketplaces with more than 700 million items listed on its site.

Thursday October 29, 2015 11:00am - 11:40am JST

Attendees (0)