Wiki

• Date and Time: UTC 13:00, Thursday May 07, 2015
• Convenor: Bin Hu (AT&T)
• Participants:
  • Adrian Hoban (Intel)
  • Ali Ghazanfar (ZTE)
  • Ana Cunha (Ericsson)
  • Dan Druta (AT&T)
  • Eric Multanen (Intel)
  • Georg Kunz (Ericsson)
  • Ildiko Vancsa (Ericsson)
  • Jamil Chawki (Orange)
  • Mark D Gray (Intel)
  • Maryam Tahhan (Intel)
  • Michael Godley (Intel)
  • Pat Vaughan (Intel)
  • Prakash Ramchandran (Huawei)
  • Rajeev Seth (Sonus Networks)
  • Raymond Nugent (Huawei)
  • Ruan He (Orange)
  • Wei Su (Huawei)
  • Xingshan Su (H3C)
  • Yuri Yuan (ZTE)

• Draft Blueprints Discussion
  • None

• Project Proposal Discussion

• Discuss Revisions of Collaborative Development project proposals
  • Moon OPNFV Security Management

Ruan introduced the update of the proposal.

The first type of question is about the project scope. The scope of Moon is not limited to the infrastructure, while OPNFV is focusing on NFVI. Bin indicated that there were precedents, such as Parser project, that addresses the issues beyond NFVI. Ruan indicated that Moon is a flexible framework that can protect different levels, and the main focus is on the infrastructure, although it may go beyond NFVI.

The second type of question is about the dependency between Moon and interfaces to OpenStack, SDN controllers etc. and it should be done through same interfaces as other OPNFV projects like Movie, VNFFG, SFC, ONOSFW project etc. Ruan indicated that Moon is glad to collaborate with other projects like Movie, Copper, Inspector, etc. The security message and formats may be different but most projects need to have common interfaces as defined in ETSI as well as other projects, besides EU MIL specs that were referred in the project.

The third type of question is about how Moon achieves protection mechanism with other modules to ensure that Moon focuses on addressing security policies. Ruan answered that Moon connects with local agents (called hooks) in different platform for both supervision and control. It redirects security related to tenant, access etc. through user defined security levels like high, medium, low and assign to them rules to allow or deny specific function like resize vm. Thus the admin user of a tenant can manage the security policies through redirection of commands to Moon and followed by filtering.

The fourth type of question is about the relationship with ETSI. Ruan indicated that once Moon finishes the development in OPNFV, they will feedback and standardize its security management interface in ETSI.

The fifth type of question is about Moon v.s. group-based policy. Ruan anwered that Moon can support any policies that user defines, including GBP.

It is also clarified that the support of Admin defined security is not limited to GUI only. It also supports CLI so that batch processing can be applied.

Ruan also showed the audience a demo.

The consensus of the group is to recommend TSC Creation Review of Moon.

• Postponed Collaborative Development project proposals
  • Rescuer - upon author's request

Meeting adjourned