The next wave of cloud security and efficiency: Mirantis OpenStack for Kubernetes 23.3
In the ever-evolving landscape of cloud computing, the intersection of security and operational efficiency remains a top priority for enterprises worldwide. Today, we're proud to unveil a suite of advancements in the Mirantis OpenStack for Kubernetes (MOSK) 23.3 release that not only fortifies your cloud's security posture but also streamlines your cloud management processes.
Introducing FIPS-compatible OpenStack API
Understanding the need for rigorous security compliance among enterprise users, we have introduced a FIPS-compatible layer for the cloud API. Adhering to the FIPS-140-2 (and later FIPS-140-3) standard, this layer ensures that the user-to-cloud communications are protected in compliance with the highest security requirements. The layer is implemented as an SSL/TLS proxy injected into MOSK’s underlying Kubernetes ingress networking and performs the data encryption using a FIPS-validated cryptographic module.
Encryption of cloud control plane traffic
Mirantis OpenStack for Kubernetes now offers the option to encrypt communications within its control plane. This is a significant step forward in safeguarding sensitive information within the cloud infrastructure. By encapsulating the underlay Kubernetes traffic into a secure WireGuard mesh network, we're enhancing the security of the exchange of various control messages between the components of the cloud. This includes the protection of OpenStack's internal APIs, databases, and interactions within the Logging Monitoring and Alerting system (Mirantis StackLight) and both SDNs (Open vSwitch and Tungsten Fabric).
MOSK Security Guide update
To further assist our cloud operators in achieving and maintaining compliance with security regulations, we've updated the MOSK Security Guide with a new “Data Protection” section. This new section provides a comprehensive overview of the data protection mechanisms available in MOSK. It serves as a valuable reference for the architectural planning of a secure cloud environment, enabling operators to manage risks effectively by protecting user-, workload-, and other sensitive data against breaches and unauthorized access.
Introducing OpenStack Antelope: The future-ready release
We're thrilled to announce that the OpenStack Antelope (2023.1) release is now available as a technical preview for Open vSwitch and Tungsten Fabric-based greenfield deployments of MOSK. This release brings in enhanced functionality and introduces new features to elevate your cloud infrastructure.
With the latest advancements, OpenStack Antelope stands at the forefront of cloud technology, providing our customers with a cutting-edge platform. One of the most remarkable features of Antelope is its forward compatibility. For the first time in OpenStack's history, operators are given the unique opportunity to bypass intermediate releases and jump straight to the "Caracal" (2024.1) release once it becomes available in MOSK. This leapfrogging capability is a game-changer, streamlining the upgrade process significantly.
Streamline troubleshooting with the new support dump feature
MOSK's troubleshooting is now faster and more efficient with the introduction of the ‘support dump’ tool, which simplifies issue diagnostics by automating the collection of comprehensive logs from across a MOSK cloud, including StackLight and non-active pods. Using the “support dump,” cloud operators can quickly gather essential data about your OpenStack cluster, and submit it to Mirantis experts for analysis, accelerating issue identification and resolution, and ensuring the continuity of your business.
Removable Tungsten Fabric Analytics service
Tungsten Fabric Analytics is a component of one of MOSK’s software defined network solutions, Tungsten Fabric. It collects and processes network performance metrics and provides visualization tools for monitoring and analytics of cloud workloads network traffic.
MOSK 23.3 presents an option for cloud operators to disengage the Tungsten Fabric Analytics service, liberating valuable hardware resources. This feature is particularly beneficial for those who do not require its network traffic metrics and visualization capabilities, and rather consider it as a burden.
Mastering network orchestration: OpenStack Heat with Tungsten Fabric
Learn the advantages of leveraging OpenStack Heat for orchestrating Tungsten Fabric infrastructure in our MOSK User Guide. This approach, commonly used by telco cloud operators, offers a template-driven method that simplifies the deployment and management of virtual network services. Dive into our detailed examples to seamlessly integrate Tungsten Fabric network primitives using OpenStack Heat, and elevate your operational efficiency to new heights.
We're committed to continuously enhancing the MOSK platform to meet the dynamic needs of our customers. For a deep dive into the full capabilities of MOSK 23.3 and for more information on our future releases, visit the Release Notes section of the Mirantis Documentation Portal.