-
Type: Task
-
Status: New
-
Priority: Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Interop
-
Labels:None
-
Environment:
Use case for development against TOSCA-v1.0-cs01.
-
Proposal:
The rules of all the firewall elements must be updated to allow access to the necessary EndPoints of the deployment.
Firewall elements differ across clouds. Server network connectivity differs across clouds.
Related Scenarios:
Compute complete deployment topology
- Note: done with the Instance Model (all Node Templates Instantiated) so we have all IP addresses.
- Determine which networks each connector will be bound to based on constraints. Simple case assumes single private network with complete connectivity and connectors with External EndPoints must be updated in Security Group.
- Assumes each exposed EndPoint is connected to an External EndPoint so we have complete set of connectors for all communication, but this an implementation detail.
>> For each connector - For each firewall element it traverses
Example:
TBD - One or more scenarios (use cases)? Can a SugarCRM variant be used (so we have normative nodes to build from)?
Notes:
Matt: Do we need a normative "Firewall" node type in all cases, or can we convey these firewall reqs (perhaps as constraints) in some other way? Note: we have not defined a general network node type which might convey security (firewall), IP ranges, etc.) capabilities and properties. Can some general Firewall properties be normative (and not require custom types)?
Derek: declarative handling of firewall.
Additional notes from related use case (merge agreed to):
Matt: what is the unique use case/goal? Some of the diagrams indicate "security groups" as well as OS (per-VM firewalls); if so, is this a network property (security) that can be normalized? This seems to be post-deployment perhaps (i.e. need to traverse instances of firewalls)?
Derek: collapse FW use cases.
References:
https://www.oasis-open.org/apps/org/workgroup/tosca-interop/download.php/48513/TOSCASugarCRMUseCase-CompleteConnectivity.pptx
https://www.oasis-open.org/apps/org/workgroup/tosca-interop/download.php/48514/ConsiderationsFor2TierWebApplications.docx