ONAP secure communications via VPN in addition to HTTPS? #security #seccom

Keong Lim
 

Hi Seccom,

Have just been looking at https://jira.onap.org/browse/OJSI-97 due to its relationship to https://jira.onap.org/browse/AAI-2411 and the struggle to have the corresponding gerrit review merged https://gerrit.onap.org/r/#/c/87178/

which lead to browsing these related 87 issues:
https://jira.onap.org/secure/IssueNavigator.jspa?reset=true&jqlQuery=text+%7E+%22plain+text+http%22+ORDER+BY+updated++DESC

Would the progression of https://jira.onap.org/browse/SECCOM-92 for "ONAP Communication Security Requirements" be assisted by implementing a node-to-node VPN at the level of the VMs/physical servers that host the Kubernetes pods/docker containers?

See also https://wiki.onap.org/display/DW/ONAP+Support+for+Secure+Communication

It seems to me that securing the infrastructure could provide immediate protection while the individual plain text ports are still being phased out over the coming years (!)

Would this level of protection still be considered to be "in ONAP"?
Should this be considered for El Alto release?


Keong

Join onap-seccom@lists.onap.org to automatically receive all group messages.