Platform Maturity

Refering to CII Badging Security Program and Platform Maturity Requirements, fill out the table below by indicating the actual level , the targeted level for the current release and the evidences on how you plan to achieve the targeted level.

Area

Actual Level

Targeted Level for current Release

How, Evidences

Comments

Performance0

1


  • 0 -- none
  • 1 – baseline performance criteria identified and measured
  • 2 & 3 – performance improvement plans created & implemented

performance criteria: send file, test retry

Stability01
  • 0 – none
  • 1 – 72 hours component level soak w/random transactions
  • 2 – 72 hours platform level soak w/random transactions
  • 3 – 6 months track record of reduced defect rate
Resiliency22
  • 0 – none
  • 1 – manual failure and recovery (< 30 minutes)
  • 2 – automated detection and recovery (single site)
  • 3 – automated detection and recovery (geo redundancy)
Security02


  • 0 – none
  • 1 – CII Passing badge + 50% Test Coverage
  • 2 – CII Silver badge; internal communication encrypted; role-based access control and authorization for all calls
  • 3 – CII Gold
Scalability01
  • 0 – no ability to scale
  • 1 – single site horizontal scaling
  • 2 – geographic scaling
  • 3 – scaling across multiple ONAP instances
Manageability11
  • 1 – single logging system across components; instantiation in < 1 hour
  • 2 – ability to upgrade a single component; tracing across components; externalized configuration management
Usability11


  • 1 – user guide; deployment documentation; API documentation
  • 2 – UI consistency; usability testing; tutorial documentatio

More information on the levels: Platform Maturity Requirements (aka Carrier Grade)

Performance

  • Level 0: no performance testing done
  • Level 1: baseline performance criteria identified and measured  (such as response time, transaction/message rate, latency, footprint, etc. to be defined on per component)
  • Level 2: performance improvement plan created & implemented for 1 release (improvement measured for equivalent functionality & equivalent hardware)
  • Level 3: performance improvement plan implemented for 2 consecutive releases (improvements in each release)

Stability

  • Level 0: none beyond release requirements
  • Level 1: 72 hour component-level soak test (random test transactions with 80% code coverage; steady load)
  • Level 2: 72 hour platform-level soak test (random test transactions with 80% code coverage; steady load)
  • Level 3: track record over 6 months of reduced defect rate

Resiliency

  • Level 0: no redundancy
  • Level 1: support manual failure detection & rerouting or recovery within a single site; tested to complete in 30 minutes
  • Level 2: support automated failure detection & rerouting 
    • within a single geographic site
    • stateless components: establish baseline measure of failed requests for a component failure within a site 
    • stateful components: establish baseline of data loss for a component failure within a site

  • Level 3: support automated failover detection & rerouting 

    • across multiple sites 

    • stateless components 

      • improve on # of failed requests for component failure within a site 

      • establish baseline for failed requests for site failure 

    • stateful components 

      • improve on data loss metrics for component failure within a site 

      • establish baseline for data loss for site failure

  • These levels may drive the need for a common platform for resiliency & approaches to consistently provide resiliency across ONAP. Such a platform might contain: 
    1. a geo-distributed database that supports both within and cross-site state replication
    2. a failover mechanism that performs failure detection, request rerouting and the actual failover and 
    3. a site/replica selection service that picks among the appropriate replicas during request rerouting.  

Security

Project-level requirements

  • Level 0: None
  • Level 1: CII Passing badge
  • Level 2: CII Silver badge, plus:
    • All internal/external system communications shall be able to be encrypted.
    • All internal/external service calls shall have common role-based access control and authorization.
  • Level 3: CII Gold badge 

ONAP Platform-level requirements per release 

  • Level 1: 70 % of the projects passing the level 1 
    • with the non-passing projects reaching 80% passing level
    • Non-passing projects MUST pass specific cryptography criteria outlined by the Security Subcommittee*
  • Level 2: 70 % of the projects passing silver 
    • with non-silver projects completed passing level and 80% towards silver level
  • Level 3: 70% of the projects passing gold 
    • with non-gold projects achieving silver level and achieving 80% towards gold level
  • Level 4: 100 % passing gold.


Scalability

  • Level 0: no ability to scale
  • Level 1: supports single site horizontal scale out and scale in, independent of other components
  • Level 2: supports geographic scaling, independent of other components
  • Level 3: support scaling (interoperability) across multiple ONAP instances


Manageability

  • Level 1:
    • All ONAP components will use a single logging system.
    • Instantiation of a simple ONAP system should be accomplished in <1 hour with a minimal footprint
  • Level 2:
    • A component can be independently upgraded without impacting operation interacting components
    • Transaction tracing across components
    • Component configuration to be externalized in a common fashion across ONAP projects


Usability

  • Level 1
    • User guide created
    • Deployment documentation
    • API documentation
    • Adherence to coding guidelines
  • Level 2
    • Consistent UI across ONAP projects
    • Usability testing conducted
    • Tutorial documented


  • No labels