In this talk, we present Sentinel, the platform providing fine-grained security to applications running on OpenStack. Sentinel is currently being used at web-scale within eBay to secure applications across multiple OpenStack clusters.
Sentinel provides a robust policy-declaration model to represent applications and inter-application dependencies, a highly-scalable policy engine to translate the policies into enforcement rules, a policy agent that applies the rules on endpoints automatically, and monitoring & auditing capabilities. The highly-scalable design of the policy engine enables rapid deployment of rules on hundreds of thousands of VMs deployed on multiple OpenStack clusters.
The talk will be organized as follows:
- Overview of the cloud architecture at eBay
- Architecture of Sentinel
- Policy declaration model
- Policy enforcement methodology, optimizations
- Integration with OpenStack
- Automatic service-dependency discovery
- Monitoring, auditing and real-time visualization
- Comparison with OpenStack congress and OpenStack Firewall-as-a-Service (FWaaS)
- Challenges
About eBay Inc.: eBay Inc. enables commerce by delivering flexible and scalable solutions that foster merchant growth. eBay Inc. properties include eBay Market Places, eBay Enterprise and StubHub. eBay Marketplaces delivers one of the world's largest online Marketplaces to customers. With more than 149 million active users globally, eBay is one of the world's largest online Marketplaces with more than 700 million items listed on its site.