Page Comparison

• Converting all microservices to Alpine, created common images for users to select either Alpine or Ubuntu, reduced the number of microservices that is started by default for the demo
• Updated to newer versions of spring boot — in the process of moving to spring-boot 2, but many of the microservices are still running 1.5.21
• Updated to JanusGraph 0.2.3, which is a seamless upgrade from 0.2.0 which was used in Dublin

• Code footprint reduction
• Greater stability

• Engaged Global Location Strategy for Locator (from Dublin)
• Engaged Certificate Dynamic Generation for Apps (from Dublin)
• Miscellaneous improvements and fixes

• Greater scalability
• Greater security
• Greater stability

• Upgraded OpenDaylight (ODL) version to Fluorine SR2
• 14 bug fixes
• 5 security fixes

• Expanded support for VNF configuration
• Greater stability, security

• All major security issues resolved
• Front-end GUI framework moving from Angular to the  React
• Genericity and Re-factoring reduces code footprint(size) by around 40%

• Increased security
• Code footprint reduction

• OpenDaylight Fluorine SR2 (version 0.5.4) and OpenDaylight Neon SR1
• Support Netconf notifications
• Controller Design Studio (CDS) Initiative –
  • Decouple CDS HELM CHART from SDNC.
  • Consolidated controller blueprint pod into blueprint processor pod. 
  • Refactored Resource Assignment to support resource resolution for primitive and complex data types.
  • Automated vLB_CDS SDC Model Distribution via Robot Script
  • Automated E2E Run Time MACRO Execution for vLB_CDS and vFW_CDS use case via Robot Script 

• • • Certified Kotlin Script Support for Netconf and RESTCONF for vLB CDS Package
    • Certified Python Netconf Support for vLB CDS Package
  • CDS UI Data Dictionary Screen Improvements for resource creation
• 45 bugs fixed

• DCAE Platform/Deployment updates
  • Dashboard deployed via Helm
    • All DCAE Platform components: Cloudify, ConfigBindingService, InventoryAPI, ServiceChangeHandler, PolicyHandler, Healthcheck moved to Helm in Dublin
  • DCAE Cloudify deployed MS pods auto-cleanup (triggered via Helm)
  • DCAE MS Deployment options
    • Static deployment
      • Support integration usecases
    • Dynamic deployment
      • Cloudify/cli or Dashboard or CLAMP
• Dynamic Topic/feed support
  • Dmaap Plugin enhancement (to support DMAAP-BusController interface)
  • Bootstrap updates
    • Configmap, consul entry, Update k8s plugin key to include configmap,
  • k8s plugin enhancement to support dynamic feed
  • Verified dynamic topic/feed on DMAAP Message Router and Data router interfacing components.
    • DataFileCollector and Pm-Mapper were pilot ms
  • Bp-gen tool enhanced to support dmaap plugin integrated blueprint generation
• TLS Enablement for platform components
  • ConfigBindingService (deployment for El-Alto supports 2 parallel service – HTTP and HTTPS to mitigate client migration impact)
  • Deployment Handler
  • InventoryAPI
  • Cloudify Container
• Other Security updates
  • Image optimization

• • • ConfigBindingService, Inventory-API, ServiceChangeHandler, High volume VES (HV-VES), PNF Registration Handler (PRH), Son-handler
  • Non-root
    • SON-handler, PRH, ServiceChangeHandler,

• • • ConfigBindingService, Inventory-API, HV

• • • -VES

• Increased usability
• Dynamic topic/feed support for increased flexibility in closed loops
• Greater security

• New Features
  • Cert based authentication support in Message Router
  • Improved Kafka and Zookeeper cluster lookup
  • Pluggable Kafka server.properties,log4j.properties and Message Router logback.xml
• Bug Fixes
  • Fixed for security vulnerabilities in Message Router
  • Fixed authorization issues in Message Router

DMaaP Data Router:

• New Features
  • Enhanced logging to match Platform Maturity Logging Spec.
• Bug Fixes
  • Fixed for security vulnerabilities in

• • Data Router

• Greater security, stability
• Enhanced logging

• User Guides improvement including Postman collections
• We have been wrapping up minor things that we didn’t manage to finalize for Dublin and been focusing on processes and how we should work with documentation within the community.

• Increased usability

• Migrated to 11-jre-slim
• Added postman collection
• Bug fixes
  • Fixed External API Framework Tosca parsing to extract Inputs from SDC csar for generation of the external facing Service Catalog ServiceSpecifications.
  • Fixed issues in Health Check Tests with SDC

• Greater stability
• Increased usability 

• No updates

• Add new integration labs

• Introduction of OOM Gating

• Updated scripts for OOM daily automated deployment tests

• Refactoring of the Integration wiki home page

• Automation script for use cases

• Updated java artifact versions for ONAP El Alto release

• Cleaning of CSIT jobs

• Update oparent library to fix security Vulnerabilities

• Update Postman collection for test

• Greater stability
• More E2E use-case tests

• Reduce the number of vulnerability issues.  There are 15 issues addressed for this release.

• Greater security and stability

• Minor functional enhancements—delete custom services, register https services via MSB mgmt. UI
• 2 bug fixes

• Greater stability, security, usability

• A new repo has been created (modeling/etsicatalog), which provides package management service and parser service as Micro Service
• New model specification publication
  • root model
  • business and interaction model
  • VES 7.1 model

• provide general micro service for package management and parser service
• new models covering more area

• Rebased most MultiCloud services to python3
• Rebased MultiCloud services to latest Django packages to fix security vulnerability issues
• 7 critical bugs fixed
• Improved usability of MultiCloud k8s plugin
• ONAP4K8S profile is added - A smaller ONAP if the cloud regions are all Kubernetes based.
• ISTIO based security for ONAP4K8S profile is verified.
• Enhancements to work with OVN Network operators, Provider network operator.

• Greater stability, security, usability

• MUSIC Control Panel UI based on ONAP Portal SDK
• Eliminating ZK and building mechanism with Cassandra Light Weight Transaction for locking to simplify containerization and boost performance
• AAF CADI Support
• Keyspace Based logging
• Internal retry mechanisms
• MUSIC API improvements to allow multiple non-blocking reads to improve performance
• MDBC 2.0 - Allows apps to gain resiliency and performance benefits of MUSIC without rewriting existing JDBC code, supports mixture of tables requiring immediate and eventual consistency. Built support for MySQL, MariaDB and Postgres database. Utilized existing open source Avatica project and filled the solution gaps with connection pool support and optimization.
• Remediation of all 9 open Black Duck, 28 Fortify and 5 Sonar reported issues.

• Greater security, stability, usability
• New enhancements to make it easier for workloads to consume Music 

• Multi-level orchestration capability (how platform helps to support the hierarchy of service->domain->resource level orchestration and this platform would help to perform orchestration at each level and across.) Python, or similar scripting/workflow engine can be used for this
• VNF Test Platform(VTP) has used the Open Command Platform (OCOMP) – part of ONAP CLI project, for VNF life cycle testing (create and delete)
• Enabled as experimental (dev) mode
• Used for end-end automation of VNF service provision and termination for both HEAT and TOSCA based VNF service

• Multi-level orchestration capability

• Enables OVP, by helping integration and end-end service automation
• Improves usability to use CLI as an alternative to GUI/API

• Upgraded to Kubernetes 1.15.2 and Helm 2.14.2
• 25 bug fixes

• Greater stability and security

• CMSO (Change Management Scheduler Optimization) enhancements - Schedule a workflow in SO and track status to completion
• Automation on policy model uploading for vCPE, vFW use cases
• 10 Bug fixes
• 4 Vulnerabilities fixed

• Enhancements for change management scheduling

• Adaptive Pages : change the Home, Customer, Lifecycle Management and Package Management modules to adaptive pages that can be normally displayed in all screen sizes
  • Mock Data Scheme : build mock data scheme to support the development and preview in local environment in case of lack of server environment
  • Document Enhancement : enrich README.md to introduce the general situation and add CHANGELOG.md to record the commit messages
  • Structure Optimization : restructure the project to increase the development efficiency and improve the performance
  • Function Optimization : delete useless modules and simplify some apis to improve loading speed of the project
• 2 bug fixes

• Improved usability with support for different screen sizes
• Greater stability and performance 

• 56 minor enhancements or fixes
  • Policy Lifecycle API handling of Version fields
  • Improvement of Docker image generation
  • Code cleanup: sonar, checkstyle and code coverage for core components
  • 22 Bug Fixes
• Initial CDS API and Actor integration
• XACML PDP retrieval of Policy Types to support ability of dynamic policy translation using "matchable" metadata fields.
• CII Silver Badging for core components
  • Various upgrades of dependencies for security fixes

• Greater stability and security

• Bug fixes and security enhancements
  • Specifically, addressed OJSI security enhancements and also fixed security issues reported by NexusIQ scan tool. As part of maintenance, enhanced known MariaDB/UX bugs and improved deployment helm charts.

• Greater stability and security

• New functionality such as ODL Neon, implementing a Configuration database, Netconf enhancements including receiving notification from RAN
• Generic Resource API support for async and concurrency request for VNF and VF Module Topology operation request
• 41 bug fixes
• 11 security fixes

• Closed loops can use Netconf notification
• Ability to store configurations
• Expanded configuration capabilities
• Greater stability and security

• Fixed 12 OJSI tickets
• Integrated with AAF for certificates, so SDC works in HTTPS-only mode;
• 8% more test coverage
• Migrated to OParent
• Upgraded DB infrastructure (Titan to JanusGraph)
• And fixed 60 defects

• Greater stability, security

• 84 enhancements
• 156 bug fixes

• Greater stability

• Added 15 csit test cases to cover more

• APIs and code

• branches testing
• Optimized NSLCM, catalog, VNFLCM code and 20% code reduction

• Rebased python based VF-C components to python3
• Integrate with VNFSDK VTP and leverage existing VF-C capabilities to Support OVP TOSCA VNF validation.
• Integrate with CLI

• to improve the VF-C usability

• Greater stability
• Code footprint reduction
• OVP supporting

• Fixed security and non-security defects
• Minor improvements to code conventions, logging and documentation
• Added lots of unit-tests and integrative tests covering many user-scenarios

• Greater stability and security

• TOSCA based VNF validation enabled for support OVP & CVC.
• TOSCA based VNF compliance check based on some operator requirements.
• SDC now integrated VNFSDK VTP on VNF validation.
• ETSI SOL004 Security check (CMS signature validation) enabled.
• Code quality improvement.(e.g. replace the Jackson to Gson, 100 + sonar issue fix)
• A C++ implement of VES spec 7.0.1 on ves-agent.

• VNF SDK: improved support for ETSI SOL004
• Greater stability and usability

• Defined reference test cases for VNF onboarding and instantiation to further expand the compliance badge scope available in the OPNFV Verified Program (OVP).
  • Covers both Heat-based and TOSCA-based VNFs
• Over 30 requirement changes across VNF packaging, security, monitoring, and management to ensure VNF Providers can more readily integrate with ONAP in a compliant and secure manner

• VNF Requirements: 30 additional VNF requirements around VNF packaging, security, monitoring, and management to improve VNF interop and security compliance

• New features:
  • VNF Preload Generation
    • Executing the VVP validation scripts will now generate valid preloads for each VF module present in a VNF
    • This simplifies the creation of preloads, and greatly reduces the chance of errors during instantiation due to an incomplete or malformed preload
    • Supports both VNF API and GR API formats
• Security, Performance, and Bug Fixes:
  • Improved performance of validating complex VNFs by > 30%
  • Improved security by adding bandit library to perform code scans on each commit
  • Aligned VVP validation scripts with the latest version of the VNF Heat Template Requirements
  • Improved error messages, enhanced report readability for users
  • Refactored code to reduce code complexity and increase code re-use

• VVP: Day 0 config simplification for testing, greater security, performance, stability 

Completed

• The performance test script of vfw has been developed 90%. Before we have run the basic functions on the B version, we have not tested the concurrent version in the B version. Last month and the integration group meeting, the integration team suggested that we switch to the D version of the vfw performance test.
• The vcpe performance test script has been developed. On the onap dublin version, we create only one virtual machine model. And use the modified vcpe script to create a service instance and virtual machine. The concurrent creation of a single virtual machine script, the completion of 20 concurrent tests, and the recording of test results

Work in progress

• Find the reason why the virtual machine was not successfully created in the 20 concurrent test in the vcpe performance test.
• Transplant the beijing version of the benchmark test mock server, simulate openstack request processing, and then concurrently create a virtual machine test.

First of all we are very pleased by the quality that ONAP projects managed to reach, especially comparing with what was prepared initially around end of September. This means that SECCOM complaints during PTL and TSC meetings were received and triggered right and a very positive outcome. El Alto has the best security release notes out of all ONAP releases! Thank you all teams for your hard work!

• AAF Auto-Configuration and Certificate Generation

• Upgrade to latest oParent 2.1.0

• Release key achievements from SECCOM perspective:

  • State of ONAP security is improving. We are not there yet to say that ONAP is a secure piece of software but we are definitely going in the right direction.

  • Some key facts from this release:

    • Number of exposed HTTP ports has been significantly reduced (21 currently but may reduce further by the time the release is pushed out)

    • 12 CVEs has been fixed, 7 still being worked on (out of total 26)

    • 44 OJSI tickets has been resolved and 19 still in progress (some may be fixed till Thursday but most will be probably deferred to Frankfurt), 66 still untouched.

    • Analyzing known vulnerabilities – first component upgrades were introduced by Portal project Springframework: from v 4.2.3 to 4.3.24. Next upgrades not yet pushed into ONAP gerrit due to resource constraints for testing the recent changes

    • CII Badging:

      • Updates of projects representatives 
        • Having a LF representative on each of the CII projects has provided the "bus factor" backup needed to guarantee transition on several projects whose project editor has left ONAP.
      • Updates of ONAP projects answers in passing level
        • At the passing level, we remained constant. The majority of our projects are passing, with only a handful in the 80-90% passing.
      • Updates of ONAP projects answers in silver level
        • In Dublin, we had 30% of our projects in the 80-90% silver, 16% in the 40-80% silver, and the remaining 53% below 40%.
        • In El Alto, we improved considerably. We now have one project achieving the Silver level and 47% achieving 80-90% silver, 23% in the 40-80% silver level, and only 27% below 40%.
      • Updates of ONAP projects answers in gold level
        • We also showed a steady climb in the gold achievements. In Dublin, only two projects were above 40% gold, 10% in the 20-40% gold, and the remaining 83% below 20% gold.
        • In El Alto, one projects reached the 60-80% level and now three projects were in the 40-60% range. 27% of the projects are in the 20-40% gold range, and now there are only 60% of the projects below 20% gold.

      
      

Following the last call with Dan, SDNC team fixes for the remote code execution vulnerability were implemented - SDNC portal is disabled.

If the vulnerability is mitigated with the workaround instead of a permanent fix, then the CVEs must be documented in the known security issues section of the El Alto release notes in order to improve ONAP transparency.

• Reduced vulnerabilities
• Reduced traffic in the clear
• Increased CII badging compliance

• root model
• business and interaction model
• VES 7.1 model

Information Integration

• The Root model establishes a common base for the ONAP information model
• The general Business Interaction model provides a means to tie in concepts such as Service Order, VES Events, and Licenses into ONAP's model hierarchy
• The VES model describes ONAP's Event Streaming information as implemented

• Self-Serve Release
• Kick-Off Dockerhub Migration
• Release Management Automation
• Activation of jS Test Coverage

• Improve tool-chain efficiency
• Improve software quality

• Total

• issues being addressed - currently 3407 closed but PTLs are currently cleaning-up
• Test coverage increase

• - jS
• Footprint reduction - A&AI, CLAMP
• Stability proof TBD - See  El-Alto Release Platform Maturity
• Scalability proof TBD - See El-Alto Release Platform Maturity
• Performance proof TBD - See El-Alto Release Platform Maturity