Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page is mostly a wishful thinking. It does not reflect the current state of ONAP security. It's rather where we would like to be.

ONAP introduction

ONAP from the milky way point of view

...

Abstract ONAP Architecture

Abstractly, ONAP is an independent software system in the outer space that provides that exposes Northbound interfaces for User, Admin and OSS/BSS system in the North and xNF in the South and systems and Southbound interfaces for xNFs (VNF, CNF, PNF). ONAP uses interfaces provided by NFVI NFVi and xNFxNFs.

Drawio
bordertrue
diagramNameonap_db
simpleViewerfalse
linksauto
tbstyletop
lboxtrue
diagramWidth411
revision1

...

ONAP deployed on kubernetes

ONAP has to be deployed on some infra. Currently it's kubernetesIn the early releases, ONAP was deployed on VMs. ONAP is now virtualized using containers orchestrated by Kubernetes (K8S). ONAP uses interfaces exposed by K8S.

Drawio
bordertrue
diagramNameonap_milkyway
simpleViewerfalse
linksauto
tbstyletop
lboxtrue
diagramWidth701
revision5

...

ONAP deployed on kubernetes with external databases

As most of applications ONAP requires some persistence layer in form of databases. As ONAP follows micro-service architecture principle in theory each component could ship its own database but in practice in commercial deployments its desired Most ONAP components require a data persistence layer, implemented using a databases. In early releases, most ONAP components had their own databases. As the platform has matured, components have moved to shared databases. A logical progression to make the platform simpler to deploy in an operator environment, is to create interfaces that allow an operator to configure ONAP to use external DB engines already existing in the operators infrastructureenvironment.


Drawio
bordertrue
diagramNameonap_with_db
simpleViewerfalse
linksauto
tbstyletop
lboxtrue
diagramWidth781
revision21

ONAP deployed on

...

K8S with external databases and external identity and access management (IAM

...

)

ONAP includes AAF, an identity management system that supports authentication, authorization, identity lifecycle management (ILM), and certificate management, including a certificate authority (CA) designed to support a lab deployment. It is likely that an operator will want to integrate ONAP with their IAM system, thus ONAP needs to support standard IAM protocols.

  • TO DO: specify the protocols
    • LDAP
    • ...


Drawio
bordertrue
diagramNameonap_with_iam
simpleViewerfalse
linksauto
tbstyletop
lboxtrue
diagramWidth1146
revision2

...

Drawio
bordertrue
diagramNamecloud_native_security
simpleViewerfalse
width
linksauto
tbstyletop
lboxtrue
diagramWidth1396
revision25


Drawio
bordertrue
diagramNamekeycloak_options
simpleViewerfalse
linksauto
tbstyletop
lboxtrue
diagramWidth1346
revision2