OpenStack Integration

Secure privileged access to your OpenStack private cloud infrastructure with Keystone integration, project-scoped authentication, and comprehensive audit trails.

View Documentation Request Demo

Features

Comprehensive OpenStack Coverage

Secure access to all your OpenStack services with unified authentication and authorization.

Keystone Authentication

Seamlessly integrate with OpenStack Keystone for federated authentication and project-scoped access.

Nova Instance Access

SSH access to Nova compute instances with automatic discovery and certificate-based authentication.

Neutron Integration

Network-aware access control with support for security groups, floating IPs, and tenant isolation.

Trove Database Access

Secure database access to Trove instances with protocol-aware proxying and credential rotation.

Project Scoping

Fine-grained access control based on OpenStack projects, domains, and role assignments.

Barbican Secrets

Integration with OpenStack Barbican for centralized secrets management and key rotation.

Capabilities

Enterprise-Grade OpenStack Integration

Keystone role mapping

Nova instance discovery

Neutron network awareness

Trove database proxying

Heat stack integration

Cinder volume access

Swift object storage

Designate DNS integration

Octavia load balancer access

Magnum container orchestration

Project-based RBAC

Domain-level isolation

Federated identity support

Multi-region deployment

API endpoint protection

Session recording

Setup

Get Started in Minutes

Follow these simple steps to integrate TigerAccess with your OpenStack infrastructure.

Configure Keystone Integration

Create a TigerAccess service account in Keystone with permissions to read projects, domains, and role assignments.

# Create service account
openstack user create tigeraccess \
  --domain default \
  --password-prompt

# Assign reader role
openstack role add \
  --user tigeraccess \
  --domain default \
  reader

Add OpenStack Integration

Configure the OpenStack integration in TigerAccess with your Keystone endpoint and service credentials.

tacctl integrations add openstack \
  --auth-url=https://keystone.example.com:5000/v3 \
  --username=tigeraccess \
  --domain=default \
  --project=admin \
  --regions=RegionOne,RegionTwo

Configure Project Mapping

Map OpenStack projects and roles to TigerAccess roles for fine-grained access control.

# Create role mapping
tacctl roles create openstack-dev \
  --allow project=dev \
  --allow instance=dev-* \
  --allow database=dev-*

# Map Keystone roles
tacctl integrations configure openstack \
  --role-mapping="Member:openstack-dev" \
  --role-mapping="Admin:openstack-admin"

Verify Discovery

Verify that TigerAccess has discovered your OpenStack resources and they are available for access.

tac ls
# Shows all discovered OpenStack resources:
# - Nova instances (compute)
# - Trove databases
# - Heat stacks
# - Octavia load balancers

Use Cases

Real-World OpenStack Scenarios

Multi-Tenant Access Control

Manage access to OpenStack resources across multiple projects and domains with unified authentication and tenant isolation.

Private Cloud Security

Secure your private cloud infrastructure with certificate-based authentication, just-in-time access, and comprehensive audit trails.

DevOps Workflows

Enable developers to access Nova instances, Trove databases, and Heat stacks with automatic approval workflows and session recording.

Compliance & Auditing

Meet regulatory requirements with detailed audit logs of all access to OpenStack resources, including API calls and SSH sessions.

FAQ

Frequently Asked Questions

Does TigerAccess require agent installation on Nova instances?

No. TigerAccess uses certificate-based SSH authentication and does not require agents on Nova instances. For enhanced features like session recording and compliance, you can optionally deploy the TigerAccess agent.

How does TigerAccess integrate with Keystone?

TigerAccess integrates with Keystone through the standard OpenStack Identity API. Users authenticate to TigerAccess using your identity provider, and TigerAccess maps their roles to OpenStack projects and permissions based on Keystone role assignments.

Can I use TigerAccess across multiple OpenStack regions?

Yes. TigerAccess supports multi-region OpenStack deployments. Configure multiple regions during integration setup, and TigerAccess will discover and manage access to resources across all configured regions.

How does project-based access control work?

TigerAccess maps OpenStack projects to access policies. When a user requests access to a resource, TigerAccess checks which project the resource belongs to and verifies the user has the appropriate role assignment for that project in Keystone.

What OpenStack services are supported?

TigerAccess supports all major OpenStack services including Keystone (identity), Nova (compute), Neutron (networking), Trove (databases), Heat (orchestration), Cinder (volumes), Swift (object storage), Barbican (secrets), Octavia (load balancer), Magnum (containers), and Designate (DNS).

Where are session recordings stored?

Session recordings can be stored in OpenStack Swift object storage or any S3-compatible storage backend. TigerAccess supports encryption at rest and integrates with Barbican for key management.

Ready to Secure Your Infrastructure?

Join thousands of security-conscious teams using TigerAccess to protect their critical infrastructure and AI agents.

Start Free Trial Contact Sales

No credit card required • 14-day free trial • Enterprise support available