Uploaded image for project: 'OASIS Topology and Orchestration Specification for Cloud Applications (TOSCA) TC'
  1. OASIS Topology and Orchestration Specification for Cloud Applications (TOSCA) TC
  2. TOSCA-94

Use Case: Updating (managing) a firewall element (node) declaratively

    XMLWordPrintable

    Details

    • Type: Task
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Interop
    • Labels:
      None
    • Environment:

      Use case for development against TOSCA-v1.0-cs01.

    • Proposal:
      Hide

      Diagram(s): TBD
      Proposal(s): TBD

      Show
      Diagram(s): TBD Proposal(s): TBD

      Description

      The rules of all the firewall elements must be updated to allow access to the necessary EndPoints of the deployment.
      Firewall elements differ across clouds. Server network connectivity differs across clouds.

      Related Scenarios:
      Compute complete deployment topology

      • Note: done with the Instance Model (all Node Templates Instantiated) so we have all IP addresses.
      • Determine which networks each connector will be bound to based on constraints. Simple case assumes single private network with complete connectivity and connectors with External EndPoints must be updated in Security Group.
      • Assumes each exposed EndPoint is connected to an External EndPoint so we have complete set of connectors for all communication, but this an implementation detail.
        >> For each connector
      • For each firewall element it traverses

      Example:
      TBD - One or more scenarios (use cases)? Can a SugarCRM variant be used (so we have normative nodes to build from)?

      Notes:
      Matt: Do we need a normative "Firewall" node type in all cases, or can we convey these firewall reqs (perhaps as constraints) in some other way? Note: we have not defined a general network node type which might convey security (firewall), IP ranges, etc.) capabilities and properties. Can some general Firewall properties be normative (and not require custom types)?
      Derek: declarative handling of firewall.

      Additional notes from related use case (merge agreed to):
      Matt: what is the unique use case/goal? Some of the diagrams indicate "security groups" as well as OS (per-VM firewalls); if so, is this a network property (security) that can be normalized? This seems to be post-deployment perhaps (i.e. need to traverse instances of firewalls)?
      Derek: collapse FW use cases.

      References:
      https://www.oasis-open.org/apps/org/workgroup/tosca-interop/download.php/48513/TOSCASugarCRMUseCase-CompleteConnectivity.pptx
      https://www.oasis-open.org/apps/org/workgroup/tosca-interop/download.php/48514/ConsiderationsFor2TierWebApplications.docx

        Attachments

          Activity

            People

            • Assignee:
              dpalma Derek Palma (Inactive)
              Reporter:
              mrutkows Matthew Rutkowski
            • Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated: