This page is mostly a wishful thinking. It does not reflect the current state of ONAP security. It's rather where we would like to be.
ONAP introduction
ONAP from the milky way point of view
...
Abstract ONAP Architecture
Abstractly, ONAP is an independent software system in the outer space that provides that exposes Northbound interfaces for User, Admin and OSS/BSS system in the North and xNF in the South and systems and Southbound interfaces for xNFs (VNF, CNF, PNF). ONAP uses interfaces provided by NFVI NFVi and xNFxNFs.
Drawio |
---|
border | true |
---|
diagramName | onap_db |
---|
simpleViewer | false |
---|
links | auto |
---|
tbstyle | top |
---|
lbox | true |
---|
diagramWidth | 411 |
---|
revision | 1 |
---|
|
...
ONAP deployed on kubernetes
ONAP has to be deployed on some infra. Currently it's kubernetesIn the early releases, ONAP was deployed on VMs. ONAP is now virtualized using containers orchestrated by Kubernetes (K8S). ONAP uses interfaces exposed by K8S.
Drawio |
---|
border | true |
---|
diagramName | onap_milkyway |
---|
simpleViewer | false |
---|
links | auto |
---|
tbstyle | top |
---|
lbox | true |
---|
diagramWidth | 701 |
---|
revision | 5 |
---|
|
...
ONAP deployed on kubernetes with external databases
As most of applications ONAP requires some persistence layer in form of databases. As ONAP follows micro-service architecture principle in theory each component could ship its own database but in practice in commercial deployments its desired Most ONAP components require a data persistence layer, implemented using a databases. In early releases, most ONAP components had their own databases. As the platform has matured, components have moved to shared databases. A logical progression to make the platform simpler to deploy in an operator environment, is to create interfaces that allow an operator to configure ONAP to use external DB engines already existing in the operators infrastructureenvironment.
Drawio |
---|
border | true |
---|
diagramName | onap_with_db |
---|
simpleViewer | false |
---|
links | auto |
---|
tbstyle | top |
---|
lbox | true |
---|
diagramWidth | 781 |
---|
revision | 21 |
---|
|
ONAP deployed on
...
K8S with external databases and external identity and access management (IAM
...
)
ONAP includes AAF, an identity management system that supports authentication, authorization, identity lifecycle management (ILM), and certificate management, including a certificate authority (CA) designed to support a lab deployment. It is likely that an operator will want to integrate ONAP with their IAM system, thus ONAP needs to support standard IAM protocols.
- TO DO: specify the protocols
Drawio |
---|
border | true |
---|
diagramName | onap_with_iam |
---|
simpleViewer | false |
---|
links | auto |
---|
tbstyle | top |
---|
lbox | true |
---|
diagramWidth | 1146 |
---|
revision | 2 |
---|
|
...
Drawio |
---|
border | true |
---|
| |
---|
diagramName | cloud_native_security |
---|
simpleViewer | false |
---|
width | |
---|
links | auto |
---|
tbstyle | top |
---|
lbox | true |
---|
diagramWidth | 1396 |
---|
revision | 25 |
---|
|
Drawio |
---|
border | true |
---|
diagramName | keycloak_options |
---|
simpleViewer | false |
---|
links | auto |
---|
tbstyle | top |
---|
lbox | true |
---|
diagramWidth | 1346 |
---|
revision | 2 |
---|
|