You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
must: Requirements that are marked as must are considered mandatory and must exist in the reference architecture and reflected in any implementation targeting this reference architecture. The same applies to must not.
should: Requirements that are marked as should are expected to be fulfilled by the reference architecture but it is up to each service provider to accept an implementation targeting this reference architecture that is not reflecting on any of those requirements. The same applies to should not.
RFC2119
may: Requirements that are marked as may are considered optional. The same applies to may not.
This chapter includes both "Requirements" that must be satisifed in an RA-1 conformant implementation and "Recommendations" that are optional for implementation.
2.2 Reference Model Requirements
Traceability to Reference Model.
2.3 Architecture and OpenStack Requirements
"Architecture" in this chapter refers to Cloud infrastructure (referred to as NFVI by ETSI) + VIM (as specified in Reference Model Chapter 3).
The Architecture must support allocating certain number of host cores for all non-tenant workloads such as for OpenStack services. SMT threads can be allocated to individual OpenStack services or their components.
The Architecture must ensure that the host cores assigned to non-tenant and tenant workloads are SMT aware: that is, a host core and its associated SMT threads are either all assigned to non-tenant workloads or all assigned to tenant workloads.
Achieved through configuring the "cpu_dedicated_set" and "cpu_shared_set" parameters in nova.conf correctly.
req.inf.stg.01
Storage
The Architecture must provide remote (not directly attached to the host) Block storage for VM Instances.
The Architecture must provide Object storage for VM Instances. Operators may choose not to implement Object Storage but must be cognizant of the risk of "Compliant VNFs" failing in their environment.
The Architecture must include capabilities for integrating SDN controllers to support provisioning of network services, from the OpenStack Neutron service, such as networking of VTEPs to the Border Edge based VRFs.
The Architecture must support multiple networking options for Cloud Infrastructure to support various infrastructure profiles (Basic and Network Intensive).
The Architecture must expose the latest version and microversion of the APIs for the given CNTT OpenStack release for each of the OpenStack core services.
The Architecture must support zero downtime expansion/change of physical capacity (compute hosts, storage increase/replacement).
req.lcm.adp.02
Automated deployment
The Architecture must support hitless upgrades of software provided by the cloud provider so that the availability of running workloads is not impacted.
Table 2-6: LCM Requirements
2.3.7 Assurance Requirements
Ref #
sub-category
Description
Traceability
req.asr.mon.01
Integration
The Architecture must include integration with various infrastructure components to support collection of telemetry for assurance monitoring and network intelligence.
req.asr.mon.03
Monitoring
The Architecture must allow for the collection and dissemination of performance and fault information.
req.asr.mon.04
Network
The Cloud Infrastructure Network Fabric and Network Operating System must provide network operational visibility through alarming and streaming telemetry services for operational management, engineering planning, troubleshooting, and network performance optimisation.
Table 2-7: Assurance Requirements
2.3.8 Security Requirements
2.3.8.1. System Hardening
Ref #
sub-category
Description
Traceability
sec.gen.001
Hardening
The Platform must maintain the state to what it is specified to be and does not change unless through change management process.
The Platform must be able to assign the Entities that comprise the tenant networks to different trust domains. (Communication between different trust domains is not allowed, by default.)
The Platform must support creation of Trust Relationships between trust domains. These maybe uni-directional relationships where the trusting domain trusts another domain (the “trusted domain”) to authenticate users for them or to allow access to its resources from the trusted domain. In a bidirectional relationship both domain are “trusting” and “trusted”.
For two or more domains without existing trust relationships, the Platform must not allow the effect of an attack on one domain to impact the other domains either directly or indirectly.
The Platform must support Confidentiality and Integrity of process-related metadata and restrict information sharing with only the process owner (e.g., tenant).
The Platform must support Confidentiality and Integrity of workload resource utilization (RAM, CPU, Storage, Network I/O, cache, hardware offload) and restrict information sharing with only the workload owner (e.g., tenant).
The Platform must not allow Memory Inspection by any actor other than the authorized actors for the Entity to which Memory is assigned (e.g., tenants owning the workload), for Lawful Inspection, and by secure monitoring services. Admin access must be carefully regulated
Images must not be configured to run with privileges higher than the privileges of the actor authorized to run them
sec.img.004
Image
Images must only be accessible to authorized actors
sec.img.005
Image
Image Registries must only be accessible to authorized actors
sec.img.006
Image
Image Registries must only be accessible over secure networks
sec.img.007
Image
Image registries must be clear of vulnerable and stale (out of date) versions
2.3.8.6. Security LCM
Ref #
sub-category
Description
Traceability
sec.lcm.001
LCM
The Platform must support Secure Provisioning, Maintaining availability, Deprovisioning (secure Clean-Up) of workload resources; Secure clean-up: tear-down, defending against virus or other attacks, or observing of cryptographic or user service data
The Cloud Operator must implement change management for Cloud Infrastructure, Cloud Infrastructure Manager and other components of the cloud; Platform change control on hardware
The Platform must be able to update the tag of newly instantiated, suspended, hibernated, migrated and restarted images with relevant geolocation (geographical) information
The Platform must implement Security life cycle management processes including proactively update and patch all deployed Cloud Infrastructure software.
The Platform is assumed to provide configurable alerting and notification capability and the operator is assumed to have automated systems, policies and procedures to act on alerts and notifications in a timely fashion. In the following the monitoring and logging capabilities can trigger alerts and notifications for appropriate action.
Ref #
sub-category
Description
Traceability
sec.mon.001
Monitoring/Audit
Platform must provide logs and these logs must be regularly scanned for events of interest
The Platform must log all changes to time server source, time, date and time zones
sec.mon.004
Audit
The Platform must secure and protect Audit logs (contain sensitive information) both in-transit and at rest
sec.mon.005
Monitoring/Audit
The Platform must Monitor and Audit various behaviours of connection and login attempts to detect access attacks and potential access attempts and take corrective actions accordingly
The Platform must Monitor and Audit operations by authorized account access after login to detect malicious operational activity and take corrective actions accordingly
sec.mon.007
Monitoring/Audit
The Platform must Monitor and Audit security parameter configurations for compliance with defined security policies
sec.mon.008
Monitoring/Audit
The Platform must Monitor and Audit externally exposed interfaces for illegal access (attacks) and take corrective security hardening measures
sec.mon.009
Monitoring/Audit
The Platform must Monitor and Audit service handling for various attacks (malformed messages, signalling flooding and replaying, etc.) and take corrective actions accordingly
sec.mon.010
Monitoring/Audit
The Platform must Monitor and Audit running processes to detect unexpected or unauthorized processes and take corrective actions accordingly
sec.mon.011
Monitoring/Audit
The Platform must Monitor and Audit logs from infrastructure elements and workloads to detected anomalies in the system components and take corrective actions accordingly
The Platform must Monitor and Audit Traffic patterns and volumes to prevent malware download attempts
sec.mon.013
Monitoring
The monitoring system must not affect the security (integrity and confidentiality) of the infrastructure, workloads, or the user data (through back door entries).
sec.mon.015
Monitoring
The Platform must ensure that the Monitoring systems are never starved of resources
sec.lcm.017
Audit
The Platform must Audit systems for any missing security patches and take appropriate actions
The Public Cloud Operator must, and the Private Cloud Operator may be certified to be compliant with the International Standard on Awareness Engagements (ISAE) 3402 (in the US: SSAE 16); International Standard on Awareness Engagements (ISAE) 3402. US Equivalent: SSAE16
Table 2-8: OpenStack Security Requirements.
2.4 Architecture and OpenStack Recommendations
The requirements listed in this section are optional, and are not required in order to be deemed a conformant implementation.
2.4.1 General Recommendations
Ref #
sub-category
Description
Notes
req.gen.cnt.01
Cloud nativeness
The Architecture should consist of stateless service components. However, where state is required it must be kept external to the component.
OpenStack consists of both stateless and stateful services where the stateful services utilize a database. For latter see "Configuring the stateful services"
req.gen.cnt.02
Cloud nativeness
The Architecture should consist of service components implemented as microservices that are individually dynamically scalable.
req.gen.scl.01
Scalability
The Architecture should support policy driven auto-scaling.
This requirement is currently not addressed but will likely be supported through Senlin, cluster management service.
req.gen.rsl.02
Resiliency
The Architecture should support resilient OpenStack service components that are not subject to req.gen.rsl.01.
Table 2-9: General Recommendations
2.4.2 Infrastructure Recommendations
Ref #
sub-category
Description
Notes
req.inf.com.02
Compute
The Architecture should include industry standard hardware management systems at both HW device level (embedded) and HW platform level (external to device).
req.inf.com.03
Compute
The Architecture should support Symmetric Multiprocessing with shared memory access as well as Simultaneous Multithreading.
req.inf.stg.08
Storage
The Architecture should allow use of externally provided large archival storage for its Backup / Restore / Archival needs.
req.inf.stg.09
Storage
The Architecture should make available all non-host OS / Hypervisor / Host systems storage as network-based Block, File or Object Storage for tenant/management consumption.
req.inf.stg.10
Storage
The Architecture should provide local Block storage for VM Instances.
The Architecture should support service function chaining.
req.inf.ntw.06
Network
The Architecture should support Distributed Virtual Routing (DVR) to allow compute nodes to route traffic efficiently.
req.inf.ntw.08
Network
The Cloud Infrastructure Network Fabric should embrace the concepts of open networking and disaggregation using commodity networking hardware and disaggregated Network Operating Systems.
req.inf.ntw.09
Network
The Cloud Infrastructure Network Fabric should embrace open-based standards and technologies.
req.inf.ntw.11
Network
The Cloud Infrastructure Network Fabric should be architected to provide a standardised, scalable, and repeatable deployment model across all applicable Cloud Infrastructure sites.
req.inf.ntw.17
Network
The Architecture should use dual stack IPv4 and IPv6 for Cloud Infrastructure internal networks.
req.inf.acc.01
Acceleration
The Architecture should support Application Specific Acceleration (exposed to VNFs).
The Architecture should support Enhanced Platform Awareness (EPA) only for discovery of infrastructure resource capabilities.
req.vim.06
General
The Architecture should allow orchestration solutions to be integrated with VIM.
req.vim.09
General
The Architecture should support horizontal scaling of OpenStack core services.
Table 2-11: VIM Recommendations
2.4.4 Interfaces and APIs Recommendations
Ref #
sub-category
Description
Notes
req.int.acc.01
Acceleration
The Architecture should provide an open and standard acceleration interface to VNFs.
req.int.acc.02
Acceleration
The Architecture should not rely on SR-IOV PCI-Pass through for acceleration interface exposed to VNFs.
duplicate of req.inf.acc.03 under "Infrastructure Recommendations"
Table 2-12: Interfaces and APIs Recommendations
2.4.5 Tenant Recommendations
Ref #
sub-category
Description
Notes
Table 2-13: Tenant Recommendations
2.4.6 Operations and LCM Recommendations
Ref #
sub-category
Description
Notes
req.lcm.adp.01
Automated deployment
The Architecture should allow for “cookie cutter” automated deployment, configuration, provisioning and management of multiple Cloud Infrastructure sites.
req.lcm.adp.03
Automated deployment
The Architecture should support hitless upgrade of all software provided by the cloud provider that are not covered by req.lcm.adp.02. Whenever hitless upgrades are not feasible, attempt should be made to minimize the duration and nature of impact.
req.lcm.adp.04
Automated deployment
The Architecture should support declarative specifications of hardware and software assets for automated deployment, configuration, maintenance and management.
req.lcm.adp.05
Automated deployment
The Architecture should support automated process for Deployment and life-cycle management of VIM Instances.
req.lcm.cid.02
CI/CD
The Architecture should support integrating with CI/CD Toolchain for Cloud Infrastructure and VIM components Automation.
Table 2-14: LCM Recommendations
2.4.7 Assurance Recommendations
Ref #
sub-category
Description
Notes
req.asr.mon.02
Monitoring
The Architecture should support Network Intelligence capabilities that allow richer diagnostic capabilities which take as input broader set of data across the network and from VNF workloads.
Table 2-15: Assurance Recommendations
2.4.8 Security Recommendations
2.4.8.1. System Hardening
Ref #
sub-category
Description
Notes
sec.gen.011
Hardening
The Cloud Infrastructure should support Read and Write only storage partitions (write only permission to one or more authorized actors)
sec.gen.014
Hardening
All servers part of Cloud Infrastructure should support measured boot and an attestation server that monitors the measurements of the servers.
2.4.8.2. Platform and Access
Ref #
sub-category
Description
Notes
2.4.8.3. Confidentiality and Integrity
Ref #
sub-category
Description
Notes
sec.ci.002
Confidentiality/Integrity
The Platform should support self-encrypting storage devices
2.4.8.4. Workload Security
Ref #
sub-category
Description
Notes
sec.wl.007
Workload
The Operator should implement processes and tools to verify VNF authenticity and integrity.
2.4.8.5. Image Security
Ref #
sub-category
Description
Notes
2.4.8.6. Security LCM
Ref #
sub-category
Description
Notes
sec.lcm.004
LCM
The Cloud Operator should support automated templated approved changes; Templated approved changes for automation where available
2.4.8.7. Monitoring and Security Audit
The Platform is assumed to provide configurable alerting and notification capability and the operator is assumed to have automated systems, policies and procedures to act on alerts and notifications in a timely fashion. In the following the monitoring and logging capabilities can trigger alerts and notifications for appropriate action.
Ref #
sub-category
Description
Notes
sec.mon.014
Monitoring
The Monitoring systems should not impact IAAS, PAAS, and SAAS SLAs including availability SLAs
sec.mon.016
Monitoring
The Platform Monitoring components should follow security best practices for auditing, including secure logging and tracing
The Cloud Operator, Platform and Workloads should ensure that their code is not vulnerable to the OWASP Top Ten Security Risks https://owasp.org/www-project-top-ten/
The Cloud Operator, and Platform should satisfy the requirements for Information Management Systems specified in ISO/IEC 27001 https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-2:v1:en; ISO/IEC 27002:2013 - ISO/IEC 27001 is the international Standard for best-practice information security management systems (ISMSs)
The Cloud Operator, and Platform should implement the ISO/IEC 27032:2012 (or latest) Guidelines for Cybersecurity techniques https://www.iso.org/obp/ui/#iso:std:iso-iec:27032:ed-1:v1:en; ISO/IEC 27032 - ISO/IEC 27032is the international Standard focusing explicitly on cybersecurity
sec.std.016
Standards
The Cloud Operator should conform to the ISO/IEC 27035 standard for incidence management; ISO/IEC 27035 - ISO/IEC 27035 is the international Standard for incident management
sec.std.017
Standards
The Cloud Operator should conform to the ISO/IEC 27031 standard for business continuity; ISO/IEC 27031 - ISO/IEC 27031 is the international Standard for ICT readiness for business continuity