View Source

Platform Maturity

Refering to CII Badging Security Program and Platform Maturity Requirements, fill out the table below by indicating the actual level , the targeted level for the current release and the evidences on how you plan to achieve the targeted level.

Area	Actual Level	Targeted Level for current Release	Comments
Performance	0	1	0 -- none 1 – baseline performance criteria identified and measured 2 & 3 – performance improvement plans created & implemented performance criteria: send file, test retry
Stability	0	1	0 – none 1 – 72 hours component level soak w/random transactions 2 – 72 hours platform level soak w/random transactions 3 – 6 months track record of reduced defect rate
Resiliency	2	2	0 – none 1 – manual failure and recovery (< 30 minutes) 2 – automated detection and recovery (single site) 3 – automated detection and recovery (geo redundancy)
Security	0	2	0 – none 1 – CII Passing badge + 50% Test Coverage 2 – CII Silver badge; internal communication encrypted; role-based access control and authorization for all calls 3 – CII Gold
Scalability	0	1	0 – no ability to scale 1 – single site horizontal scaling 2 – geographic scaling 3 – scaling across multiple ONAP instances
Manageability	1	1	1 – single logging system across components; instantiation in < 1 hour 2 – ability to upgrade a single component; tracing across components; externalized configuration management
Usability	1	1	1 – user guide; deployment documentation; API documentation 2 – UI consistency; usability testing; tutorial documentatio

More information on the levels: Platform Maturity Requirements (aka Carrier Grade)

Performance

Level 0: no performance testing done
Level 1: baseline performance criteria identified and measured (such as response time, transaction/message rate, latency, footprint, etc. to be defined on per component)
Level 2: performance improvement plan created & implemented for 1 release (improvement measured for equivalent functionality & equivalent hardware)
Level 3: performance improvement plan implemented for 2 consecutive releases (improvements in each release)

Stability

Level 0: none beyond release requirements
Level 1: 72 hour component-level soak test (random test transactions with 80% code coverage; steady load)
Level 2: 72 hour platform-level soak test (random test transactions with 80% code coverage; steady load)
Level 3: track record over 6 months of reduced defect rate

Resiliency

Level 0: no redundancy
Level 1: support manual failure detection & rerouting or recovery within a single site; tested to complete in 30 minutes
Level 2: support automated failure detection & rerouting
- within a single geographic site
- stateless components: establish baseline measure of failed requests for a component failure within a site
- stateful components: establish baseline of data loss for a component failure within a site
Level 3: support automated failover detection & rerouting
- across multiple sites
- stateless components
  - improve on # of failed requests for component failure within a site
  - establish baseline for failed requests for site failure
- stateful components
  - improve on data loss metrics for component failure within a site
  - establish baseline for data loss for site failure
These levels may drive the need for a common platform for resiliency & approaches to consistently provide resiliency across ONAP. Such a platform might contain:
1. a geo-distributed database that supports both within and cross-site state replication
2. a failover mechanism that performs failure detection, request rerouting and the actual failover and
3. a site/replica selection service that picks among the appropriate replicas during request rerouting.

Security

Project-level requirements

Level 0: None
Level 1: CII Passing badge
Level 2: CII Silver badge, plus:
- All internal/external system communications shall be able to be encrypted.
- All internal/external service calls shall have common role-based access control and authorization.
Level 3: CII Gold badge

ONAP Platform-level requirements per release

Level 1: 70 % of the projects passing the level 1
- with the non-passing projects reaching 80% passing level
- Non-passing projects MUST pass specific cryptography criteria outlined by the Security Subcommittee*
Level 2: 70 % of the projects passing silver
- with non-silver projects completed passing level and 80% towards silver level
Level 3: 70% of the projects passing gold
- with non-gold projects achieving silver level and achieving 80% towards gold level
Level 4: 100 % passing gold.

Scalability

Level 0: no ability to scale
Level 1: supports single site horizontal scale out and scale in, independent of other components
Level 2: supports geographic scaling, independent of other components
Level 3: support scaling (interoperability) across multiple ONAP instances

Manageability

Level 1:
- All ONAP components will use a single logging system.
- Instantiation of a simple ONAP system should be accomplished in <1 hour with a minimal footprint
Level 2:
- A component can be independently upgraded without impacting operation interacting components
- Transaction tracing across components
- Component configuration to be externalized in a common fashion across ONAP projects

Usability

Level 1
- User guide created
- Deployment documentation
- API documentation
- Adherence to coding guidelines
Level 2
- Consistent UI across ONAP projects
- Usability testing conducted
- Tutorial documented