copper:use_cases
Use Cases for Copper
| Policy | Description | Notes/Examples |
|---|---|---|
| Network Access Control | As a tenant, I need to be sure that the only private networks connected to my VMs are owned by me or someone from my group. | OpenStack Congress: error :- nova:vm(vm), neutron:network(network), nova:network(vm, network), neutron:private(network), nova:owner(vm, vm-own), neutron:owner(network, net-own), -same-group(vm-own, net-own) same-group(user1, user2) :- ldap:group(user1, g), ldap:group(user2, g) |
| Storage Access Control | As a tenant, I need to be sure that the only VMs that can attach to my private storage resources are owned by me or someone from my group. | OpenStack Congress: error :- nova:vm(vm), cinder:volumes(volume), nova:volume(vm, volume), nova:owner(vm, vm-own), neutron:owner(volume, vol-own), -same-group(vm-own, vol-own) same-group(user1, user2) :- ldap:group(user1, g), ldap:group(user2, g) |
| Resource Reclamation | As a service provider, I need to be informed of VMs that are under-utilized so that I can reclaim the VI resources. (example from RuleYourCloud blog) | OpenStack Congress: reclaim_server(vm) :-
ceilometer:stats("cpu_util",vm, avg_cpu),
lessthan(avg_cpu, 1)
error(user_id, email, vm_name) :-
reclaim_server(vm),
nova:servers(vm, vm_name, user_id),
keystone:users(user_id, email)
|
| Affinity | Ensures that the VM instance is launched "with affinity to" specific resources, e.g. within a compute or storage cluster. | This is analogous to the affinity rules in VMWare vSphere DRS. Examples include: "Same Host Filter", i.e. place on the same compute node as a given set of instances, e.g. as defined in a scheduler hint list. |
| Anti-Affinity | Ensures that the VM instance is launched "with anti-affinity to" specific resources, e.g. outside a compute or storage cluster. | This filter is analogous to the anti-affinity rules in vSphere DRS. Examples include: " Different Host Filter", i.e. ensures that the VM instance is launched on a different compute node from a given set of instances, as defined in a scheduler hint list. |
| Geo-Diversity | As a service provider, I need my software application deployed in a geo-diverse environment with resources configured to meet specific quality of service, so I can ensure an acceptable user experience. | |
| Load Balancing | As a service provider, I need my software application deployed in a geo-diverse environment with resources configured to meet specific local balancing criteria, so I can ensure an acceptable user experience. | |
| Service Failover | As a service provider, I need my software application deployed in a geo-diverse environment with resources configured to meet specific service failover, so I can ensure an acceptable user experience. | |
| Link Mirroring | As a troubleshooter, I need to mirror traffic from physical or virtual network ports so that I can investigate trouble reports. | |
| Link Mirroring – Authorization | As a NFVaaS tenant, I need to be able to mirror traffic on my virtual network ports so that I can investigate trouble reports. | |
| Link Mirroring – Authorization Failure | As a NFVaaS tenant, I need to be able to prevent other tenants from mirroring traffic on my virtual network ports so that I can protect the privacy of my service users. | |
| Link Mirroring – Delegated Authorization | As a NFVaaS tenant, I need to be able to allow my NFVaaS SP customer support to mirror traffic on my virtual network ports so that they can assist in investigating trouble reports. |
copper/use_cases.txt · Last modified: 2015/05/05 21:24 by Bryan Sullivan
Except where otherwise noted, content on this wiki is licensed under the following license: Creative Commons Attribution 4.0 International License
