The OpenStack Compute service (nova) runs in many locations throughout the cloud and interacts with a variety of internal services. The OpenStack Compute service offers a variety of configuration options which may be deployment specific.
In this chapter we will call out general best practice around Compute
security as well as specific known configurations that can lead to
security issues. The
nova.conf file and the
should be secured. Controls like centralized logging, the
file, and a mandatory access control framework should be implemented.