summaryrefslogtreecommitdiffstats
path: root/mcp/reclass/classes/cluster/all-mcp-ocata-common/init.yml
blob: b8bde832ecc1d003a37dc8407279d2eabc959e07 (plain) 
1
2
3

classes:
- cluster.all-mcp-ocata-common.arch
- cluster.all-mcp-ocata-common.opnfv
font-weight: bold } /* Name.Tag */ .highlight .nv { color: #336699 } /* Name.Variable */ .highlight .ow { color: #008800 } /* Operator.Word */ .highlight .w { color: #bbbbbb } /* Text.Whitespace */ .highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */ .highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */ .highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */ .highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */ .highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */ .highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */ .highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */ .highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */ .highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */ .highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */ } 
Requirements references related to OPNFV Audit

------------------
Source information
------------------

http://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/003/01.01.01_60/gs_NFV-INF003v010101p.pdf
http://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/004/01.01.01_60/gs_NFV-INF004v010101p.pdf

* ETSI GS NFV-SEC 003 V1.1.1 (2014-12)

  - Network Functions Virtualisation NFV);
  - NFV Security; Security and Trust Guidance
  - NFV-SEC-003_.


.. _NFV-SEC-003: http://www.etsi.org/deliver/etsi_gs/NFV-SEC/001_099/003/01.01.01_60/gs_NFV-SEC003v010101p.pdf
* ETSI GS NFV 004 V1.1.1 (2013-10)

  - Network Functions Virtualisation (NFV);
  - Virtualisation Requirements
  - NFV-SEC-004_.

.. _NFV-SEC-004: http://www.etsi.org/deliver/etsi_gs/NFV/001_099/004/01.01.01_60/gs_NFV004v010101p.pdf

Requirements on Auditing framework
----------------------------------

Audit records shall be maintained within protected binary logs so that the record of
malicious actions cannot be deleted from the logs.

Necessary auditable events
--------------------------

* access control management

  - Adding a user account
  - Modifying user account
  - Deleting a user account
  - login event
  - logout event
  - IP whitelisting update
  - IP blacklisting update

* VNFC Creation

  - The instantiation of a newly-defined VNFC
  - The instantiation of a VNFC with pre-configured state
  - The cloning of an existing VNFC

* VNFC Deletion

  - The deletion of VNFC and of all of its instances (e.g. snapshots, backups, archives, cloned images)

* Software management

  - patching e.g. opreating system, drivers, VM components
  - dynamic updates to the configuration e.g. DNS, DHCP
  - application software updates
  - software component updates

* Data management

  - Root level access to NFVI file system
  - User level access to NFVI file system
  - Secured wipe, disk and memory
  - Verified destruction
  - Certificate revocation

* VNFC Migration

  - VNFC original host identity
  - VNFC target host identity
  - high availability
  - recovery
  - data-in-motion changes

* Other VNFC Operational State Changes

  - Hibernation, sleep, resumption, abort, restore, suspension
  - Power-on and power-off (either physical or virtual)
  - Integrity verification failure, crash and OS compromise

* VNFC Topology Changes

  - Network IP address and VLAN updates
  - Service chaining
  - Failover and disaster recovery

* traffic inspection

  - enabling virtual port mirroring
  - enabling hypervisor introspection
  - enabling in-line traffic inspection
  - application insertion

* initial provisioning of a public/private key pair

  - Self-generation of key pairs for later validation by an external party:

     - Certificate Authority
     - VNFM

  - Provision by trusted party

     - network
     - storage

  - Injection by hypervisor