copper:use_cases
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
copper:use_cases [2015/02/11 18:47] Bryan Sullivan |
copper:use_cases [2015/05/05 21:24] (current) Bryan Sullivan |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| Use Cases for Copper | Use Cases for Copper | ||
| - | * Developer Sandbox | + | ^ Policy ^ Description ^ Notes/Examples ^ |
| - | * As a developer, I need a basic development environment setup with certain compute, storage, and network functions, and want this to be scripted and thus easily repeatable. | + | | Network Access Control | As a tenant, I need to be sure that the only private networks connected to my VMs are owned by me or someone from my group. | OpenStack Congress: <code>error :- |
| - | + | nova:vm(vm), | |
| - | * Workload Placement | + | neutron:network(network), |
| - | * Affinity - Same Host Filter: Local Service Instance Deployment: As a service provider, I need my software application deployed in a local environment with resources configured to meet specific quality of service criteria, so I can ensure an acceptable user experience. Ensures that the VM instance is launched on the same compute node as a given set of instances, as defined in a scheduler hint list. This filter is analogous to the affinity rules in vSphere DRS. | + | nova:network(vm, network), |
| - | * Anti-Affinity - Different Host Filter: Ensures that the VM instance is launched on a different compute node from a given set of instances, as defined in a scheduler hint list. This filter is analogous to the anti-affinity rules in vSphere DRS. | + | neutron:private(network), |
| - | * Geo-Diverse Service Instance Deployment: As a service provider, I need my software application deployed in a geo-diverse environment with resources configured to meet specific quality of service, so I can ensure an acceptable user experience. | + | nova:owner(vm, vm-own), |
| - | + | neutron:owner(network, net-own), | |
| - | * Load Balancing | + | -same-group(vm-own, net-own) |
| - | * Geo-Diverse Load-Balanced Service Instance Deployment: As a service provider, I need my software application deployed in a geo-diverse environment with resources configured to meet specific local balancing criteria, so I can ensure an acceptable user experience. | + | |
| - | + | same-group(user1, user2) :- | |
| - | * Service Failover | + | ldap:group(user1, g), |
| - | * Geo-Diverse Service Instance Deployment with Failover: As a service provider, I need my software application deployed in a geo-diverse environment with resources configured to meet specific service failover, so I can ensure an acceptable user experience. | + | ldap:group(user2, g) </code> | |
| - | + | | Storage Access Control | As a tenant, I need to be sure that the only VMs that can attach to my private storage resources are owned by me or someone from my group. | OpenStack Congress: <code>error :- | |
| - | * Link Mirroring | + | nova:vm(vm), |
| - | * Link Mirroring: As a troubleshooter, I need to mirror traffic from physical or virtual network ports so that I can investigate trouble reports. | + | cinder:volumes(volume), |
| - | * This use case is relevant to the Copper project, as the project’s initial objective is to assess platform ability to enable arbitrary configurations within policy constraints. It could address the basic configuration policy support for creating mirrored links to other VNFs (such as a protocol analyzer) etc. | + | nova:volume(vm, volume), |
| - | * Link mirroring is a common need, and it does bring up other interesting use cases for policy, e.g. the following. In this case mirroring is a specific example of need for support functions and related access control, e.g. allowing support VNFs to make connections to hosts / storage / network for troubleshooting. And preventing those who are unauthorized from doing the same. | + | nova:owner(vm, vm-own), |
| - | * Link Mirroring – Authorization: As a NFVaaS tenant, I need to be able to mirror traffic on my virtual network ports so that I can investigate trouble reports. | + | neutron:owner(volume, vol-own), |
| - | * Link Mirroring – Authorization Failure: As a NFVaaS tenant, I need to be able to prevent other tenants from mirroring traffic on my virtual network ports so that I can protect the privacy of my service users. | + | -same-group(vm-own, vol-own) |
| - | * Link Mirroring – Delegated Authorization: As a NFVaaS tenant, I need to be able to allow my NFVaaS SP customer support to mirror traffic on my virtual network ports so that they can assist in investigating trouble reports. | + | |
| + | same-group(user1, user2) :- | ||
| + | ldap:group(user1, g), | ||
| + | ldap:group(user2, g) </code> | | ||
| + | | Resource Reclamation | As a service provider, I need to be informed of VMs that are under-utilized so that I can reclaim the VI resources. (example from [[http://ruleyourcloud.com/2015/03/12/scaling-up-congress.html|RuleYourCloud blog]]) | OpenStack Congress: <code> reclaim_server(vm) :- | ||
| + | ceilometer:stats("cpu_util",vm, avg_cpu), | ||
| + | lessthan(avg_cpu, 1) | ||
| + | error(user_id, email, vm_name) :- | ||
| + | reclaim_server(vm), | ||
| + | nova:servers(vm, vm_name, user_id), | ||
| + | keystone:users(user_id, email) </code>| | ||
| + | | Affinity | Ensures that the VM instance is launched "with affinity to" specific resources, e.g. within a compute or storage cluster. | This is analogous to the affinity rules in [[https://pubs.vmware.com/vsphere-50/topic/com.vmware.vsphere.resmgmt.doc_50/GUID-FF28F29C-8B67-4EFF-A2EF-63B3537E6934.html|VMWare vSphere DRS]]. Examples include: "Same Host Filter", i.e. place on the same compute node as a given set of instances, e.g. as defined in a scheduler hint list. | | ||
| + | | Anti-Affinity | Ensures that the VM instance is launched "with anti-affinity to" specific resources, e.g. outside a compute or storage cluster. | This filter is analogous to the anti-affinity rules in vSphere DRS. Examples include: " Different Host Filter", i.e. ensures that the VM instance is launched on a different compute node from a given set of instances, as defined in a scheduler hint list. | | ||
| + | | Geo-Diversity | As a service provider, I need my software application deployed in a geo-diverse environment with resources configured to meet specific quality of service, so I can ensure an acceptable user experience. | | | ||
| + | | Load Balancing | As a service provider, I need my software application deployed in a geo-diverse environment with resources configured to meet specific local balancing criteria, so I can ensure an acceptable user experience. | | | ||
| + | | Service Failover | As a service provider, I need my software application deployed in a geo-diverse environment with resources configured to meet specific service failover, so I can ensure an acceptable user experience. | | | ||
| + | | Link Mirroring | As a troubleshooter, I need to mirror traffic from physical or virtual network ports so that I can investigate trouble reports. | | | ||
| + | | Link Mirroring – Authorization | As a NFVaaS tenant, I need to be able to mirror traffic on my virtual network ports so that I can investigate trouble reports. | | | ||
| + | | Link Mirroring – Authorization Failure | As a NFVaaS tenant, I need to be able to prevent other tenants from mirroring traffic on my virtual network ports so that I can protect the privacy of my service users. | | | ||
| + | | Link Mirroring – Delegated Authorization | As a NFVaaS tenant, I need to be able to allow my NFVaaS SP customer support to mirror traffic on my virtual network ports so that they can assist in investigating trouble reports. | | | ||
copper/use_cases.1423680470.txt.gz · Last modified: 2015/02/11 18:47 by Bryan Sullivan
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Creative Commons Attribution 4.0 International License
