Security Level www huawei com Solution for Sharing

  • Slides: 8
Download presentation
Security Level: www. huawei. com Solution for Sharing existing Node Instance HUAWEI TECHNOLOGIES CO.

Security Level: www. huawei. com Solution for Sharing existing Node Instance HUAWEI TECHNOLOGIES CO. , LTD.

Problem Statement l TOSCA supports deployment of Apps in a cloud environment, and one

Problem Statement l TOSCA supports deployment of Apps in a cloud environment, and one user can deploy many Apps which may be co-related with each other. One of the way to co -relate one App with the other is that the two Apps actually share one resource. l Take database as an example, App 1 and App 2 can share one my. Sql server instance with two separate DBs, or further, with the same DB (but new tables may be created for the later App) l This contribution will explain the solution of supporting two Apps sharing the same resource with TOSCA: l p Assumption: For simplicity, App 1 and App 2 are deployed by the same user/deployer p Problem to resolve: App 1 and App 2 share the same DB in one my. Sql server p Extensions necessary to TOSCA p Impacts/modifications to Plans of App 1 and App 2 Concrete proposal to TOSCA will be provided after discussion of this contribution. HUAWEI TECHNOLOGIES CO. , LTD. Huawei Confidential Page 2

App 2 Shares existing DB Instance with App 1 Step 0: Deploy App 1

App 2 Shares existing DB Instance with App 1 Step 0: Deploy App 1 n. Instance of App 1 is created n. A Database named i-DB 1 is created with tables such as Employee. Service. Template of App 1 Connect. To Apache my. Sql App 2 Connect. To DB 2 i-Apache Hose. On My. SQLCustomer. Table A new table is created Instance of App 2 Ste p 2 i-App 2 Connect. To i-Apache Huawei Confidential i-my. Sql Referencing to existing node instance My. SQLCustomer. Table Step 2: Deploy App 2 n. Instance of App 2 is created, which is i-App 2 n The instance is connected to i-DB 1, and further, a new table named Customer is created DB: Sugar. CRM Tables: • Employee • … Step 1 Reference to i-DB 1 Apache HUAWEI TECHNOLOGIES CO. , LTD. i-DB 1 Step 0 Hose. On Service. Template of App 2 Step 1: Modify the Node. Template of DB 2 to reference to existing node instance i-DB 1 of i-App 1 ni-App 2 will reuse the database created for i-App 1, and will create one more table named Customer i-App 1 DB 1 D- Artifacts Hose. On Now I want to deploy another application App 2, which will reuse the database created for App 1, and will add one more table named Customer in the database. Instance of App 1 Page 3 i-DB 1 DB: Sugar. CRM Tables: • Employee • Customer • …

Describe App 2 With 1. Define a new Artifact. Type, which indicates an Artifact.

Describe App 2 With 1. Define a new Artifact. Type, which indicates an Artifact. Template of this type actually references to an existing Node instance <Artifact. Type name="Existing. Resource. Artifact" target. Namespace="http: //docs. oasisopen. org/tosca/ns/2011/12/Artifacts"/> 2. Define an Artifact. Template of this Artifact. Type, referencing to existing node instance <Artifact. Template id="My. SQLAT" type="Existing. Resource. Artifact "> <Artifact. References> <Artifact. Reference reference=“i-app 1. i-DB 1 "/> </Artifact. References> </Artifact. Template> Extension to TOSCA 3. Modify Node. Template of App. B. DB 2 <Node. Template id=“My. Sql" node. Type="My. SQLServer"> <Deployment. Artifacts> <Deployment. Artifact name=" My. SQLDA" artifact. Type=" Existing. Resource. Artifact" artifact. Ref=" My. SQLAT"/> <Deployment. Artifact name=" My. SQL-Customer. Table" artifact. Type=" my. Sql. Script" artifact. Ref=" My. SQL-Customer. Table. sql"/> </Deployment. Artifacts> … //other definitions </Node. Template> HUAWEI TECHNOLOGIES CO. , LTD. Huawei Confidential Page 4

Further Modification to App 2 If App 2 is developed with the idea to

Further Modification to App 2 If App 2 is developed with the idea to share an known existing instance node, then we can assume that App 2 is ready for direct deployment. But if App 2 is developed as a brand-new app, and only when deployment, the deployer hopes to make it share an existing instance node, then at least the following stuff should be modified. l Build Plan p Not to create a new DB, but to connect to existing i-DB 1 l Remove Plan p Not to remove i-DB 1, but only delete table Customer (which was created by the deployment artifact of App 2. DB 2 HUAWEI TECHNOLOGIES CO. , LTD. Huawei Confidential Page 5

Modification to App 1 Since now App 2 and App 1 share the same

Modification to App 1 Since now App 2 and App 1 share the same database ( and are still two separate apps), it’s necessary to check the state of App 2 before executing any operations of APP 1 that will impact the database. For instance, the precondition to execute Remove operation of App 1 is to check whether App 2 is removed. <Plan id=“remove“> <Pre. Condition expression. Language="www. example. com/text"> The state of app 2 is REMOVED </Pre. Condition> </ Plan > HUAWEI TECHNOLOGIES CO. , LTD. Huawei Confidential Page 6

Simplified Process Flow Client Container My. SQL(VM) 1 Get id of node instance i-App

Simplified Process Flow Client Container My. SQL(VM) 1 Get id of node instance i-App 1. i-DB 1 2 Modify App 2 ST 3 Deploy App 2 4 Get connection information of My. SQL 5 Execute My. SQL-Customer. Table. sql, create Customer table in i-App 1. i-DB 1 6 OK 7 OK HUAWEI TECHNOLOGIES CO. , LTD. Huawei Confidential Page 7

Thank you www. huawei. com

Thank you www. huawei. com