Open Stack

On 12/11/2017 12:41 PM, Csatari, Gergely (Nokia - HU/Budapest) wrote:
> Hi Jay,
> 
> Okay. Thanks for the clarification. Makes sense.
> 
> Random-thinking:
> Maybe the best would be to have a privilege level what covers the needs of MANO/NFVO, but still not full admin privileges. Do you think is this possible?

I think that the differences between the super-privileged user needs 
that a MANO system has and an administrative user are pretty small. The 
MANO system needs to be able to query and dynamically adjust resource 
inventories, move and grow/shrink workloads as needed and essentially 
act like the underlying hardware is wholly owned and operated by itself.

Really, the only privilege that the MANO system user *doesn't* need is 
the ability to create new users/projects in Keystone. Everything else is 
something that the MANO system user needs to be able to do. This is why 
I've called NFV (and particularly MANO/NFVO) a "purpose-built telco 
application" in the past. And I don't say that as some sort of put-down 
of NFV. I'm just pointing out the reality of things, that's all.

The ramification of this reality is that people deploying NFV using 
cloud infrastructure software like OpenStack really need to fully 
isolate the infrastructure environments that are used for VNFs (the 
things managed by the MANO/NFVO) from the infrastructure environments 
that are used for more "traditional" virtual private server or IT 
applications.

Best,
-jay