Versions Compared

Old Version 10

changes.mady.by.user Krzysztof Opasiak

Saved on

compared with

New Version 11

changes.mady.by.user Krzysztof Opasiak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Drawio
bordertrue
diagramNameonap_with_ca
simpleViewerfalse
width
linksauto
tbstyletop
lboxtrue
diagramWidth1146
revision3


Defining system boundaries

Provided interfaces

  1. Admin/User/OSS/BSS interfaces are REST.
  2. xNF southbound interfaces are VES events (protocol depends on the collector used)

Used interfaces

  1. Kubernetes interface is REST. Exact supported version of kubernetes has to be specified by every ONAP release
  2. Database interface depends on DB type but only encrypted communication should be used
  3. xNF interface depends on particular xNF but all xNFs should support secure protocols for communication
  4. NFVI interface is REST (usually OpenStack or Kubernetes)
  5. IAM interface is Open ID Connect
    1. if operator already has OIDC compatible solution ONAP should just use it
    2. if operator has Identity Provider (LDAP/Kerberos/etc) external OIDC solution should be deployed (ie keycloak) with operator IdP configured as backend
    3. In testing environment external OIDC solution should be deployed and bootstraped with test users
  6. CA interface can be one of:
    1. Manual interaction by deployer that will retrieve certificates and the bootstrap ONAP instance with them
    2. One of automated certificate retrieval protocols (ACME, CMPv2 etc)
    3. In testing environment external CA (and ONAP should use automated certificate retrieval as described in b) solution should be deployed