Friends, I’m reaching out for assistance from anyone who may have confronted the issue of dealing with ITAR data in an OpenStack cloud being used in some department of the Federal Gov.
ITAR (https://www.pmddtc.state.gov/regulations_laws/itar.html) is a less restrictive level of security than classified data, but it has some thorny aspects to it, particularly where media is concerned: * you cannot co-mingle ITAR and non-ITAR data on the same physical hard drives, and any drive, once it has been “tainted” with any ITAR data, is now an ITAR drive * when ITAR data is destroyed, a DBAN is insufficient — instead, you physically shred the drive. No need to elaborate on how destructive this can get if you accidentally mingle ITAR with non-ITAR Certainly the multi-tenant model of OpenStack holds great promise in Federal agencies for supporting both ITAR and non-ITAR worlds, but great care must be taken that *somehow* things like Glance and Cinder don’t get mixed up. One must ensure that the ITAR tenants can only access Glance/Cinder in ways such that their backend storage is physically separate from any non-ITAR tenants. Certainly I understand that Glance/Cinder can support multiple storage backend types, such as File & Ceph, and maybe that is an avenue to explore to achieving the physical separation. But what if you want to have multiple different File backends? Do the ACLs exist to ensure that non-ITAR tenants can’t access ITAR Glance/Cinder backends, and vice versa? Or…is it simpler to just build two OpenStack clouds….? Your thoughts will be most appreciated, Jonathan Mills NASA Goddard Space Flight Center
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators