OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

tosca message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [OASIS Issue Tracker] Updated: (TOSCA-94) Use Case: Updating (managing) a firewall element (node) declaratively


     [ http://tools.oasis-open.org/issues/browse/TOSCA-94?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Matthew Rutkowski  updated TOSCA-94:
------------------------------------


Comments from a similar use case within (and perhaps TOSCA-8): 
https://www.oasis-open.org/apps/org/workgroup/tosca-interop/download.php/48514/ConsiderationsFor2TierWebApplications.docx

Setting the firewall to provide access to the application end points. 
How are the values computed? 
Can a firewall (appliance) be added to the deployment topology? 

> Use Case: Updating (managing) a firewall element (node) declaratively 
> ----------------------------------------------------------------------
>
>                 Key: TOSCA-94
>                 URL: http://tools.oasis-open.org/issues/browse/TOSCA-94
>             Project: OASIS Topology and Orchestration Specification for Cloud Applications (TOSCA) TC
>          Issue Type: Task
>          Components: Interop
>         Environment: Use case for development against TOSCA-v1.0-cs01.
>            Reporter: Matthew Rutkowski 
>            Assignee: Derek Palma
>
> The rules of all the firewall elements must be updated to allow access to the necessary EndPoints of the deployment. 
> Firewall elements differ across clouds. Server network connectivity differs across clouds.
> Related Scenarios:
> Compute complete deployment topology
> - Note: done with the Instance Model (all Node Templates Instantiated) so we have all IP addresses.
> - Determine which networks each connector will be bound to based on constraints. Simple case assumes single private network with complete connectivity and connectors with External EndPoints must be updated in Security Group.
> - Assumes each exposed EndPoint is connected to an External EndPoint so we have complete set of connectors for all communication, but this an implementation detail.
> >> For each connector
> - For each firewall element it traverses
> Example:
> TBD - One or more scenarios (use cases)? Can a SugarCRM variant be used (so we have normative nodes to build from)?
> Notes:
> Matt: Do we need a normative "Firewall" node type in all cases, or can we convey these firewall reqs (perhaps as constraints) in some other way?  Note: we have not defined a general network node type which might convey security (firewall), IP ranges, etc.) capabilities and properties. Can some general Firewall properties be normative (and not require custom types)? 
> Derek: declarative handling of firewall.
> Additional notes from related use case (merge agreed to):
> Matt: what is the unique use case/goal?  Some of the diagrams indicate "security groups" as well as OS (per-VM firewalls); if so, is this a network property (security) that can be normalized?  This seems to be post-deployment perhaps (i.e. need to traverse instances of firewalls)?
> Derek: collapse FW use cases.
> References:
> https://www.oasis-open.org/apps/org/workgroup/tosca-interop/download.php/48513/TOSCASugarCRMUseCase-CompleteConnectivity.pptx
> https://www.oasis-open.org/apps/org/workgroup/tosca-interop/download.php/48514/ConsiderationsFor2TierWebApplications.docx

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]