Versions Compared

Old Version 3

changes.mady.by.user Khosrow Moossavi

Saved on

compared with

New Version 4

changes.mady.by.user Khosrow Moossavi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira
serverASF JIRA
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId5aa69414-a9e9-3523-82ec-879b028fb15b
keyCLOUDSTACK-10347

Introduction

Purpose

State the purpose of the document; something like: this is functional specificationS of feature "..." which has Jira ID CS-xyzwProvide the new VPN implementation based on IKEv2 rather than using existing L2TP implementation.

References

  • relevant links

Document History

Glossary

Feature Specifications

...

  • provide a global settings to switch between L2TP and IKEv2 (only one can be active throughout an installation)
  • out of the box configuration of ipsec will be provided in /etc/ipsec.d/ikev2.conf
  • authentication will be done with EAP and Public Key
  • it will use self-signed certificates per domain act as CA on VRs
  • PKI backend engine (out of the box support)
    • Vault by HashiCorp
    • Default internal implementation (TBD on dev@)
    • External Services (such as Let's Encrypt) (TBD on dev@)
  • put a summary or a brief description of the feature in question 
  • list what is deliberately not supported or what the feature will not offer - to clear any prospective ambiguities
  • list all open items or unresolved issues the developer is unable to decide about without further discussion
  • quality risks (test guidelines)
    • functional
    • non functional: performance, scalability, stability, overload scenarios, etc
    • corner cases and boundary conditions
    • negative usage scenarios
  • specify supportability characteristics:
    • what new logging (or at least the important one) is introduced
    • how to debug and troubleshoot
    • what are the audit events 
    • list JMX interfaces
    • graceful failure and recovery scenarios
    • possible fallback or work around route if feature does not work as expected, if those workarounds do exist ofcourse.
    • if feature depends other run-time environment related requirements, provide sanity check list for support people to run
  • explain configuration characteristics:
    • configuration parameters or files introduced/changed
    • branding parameters or files introduced/changed
    • highlight parameters for performance tweaking
    • highlight how installation/upgrade scenarios change
  • deployment requirements (fresh install vs. upgrade) if any
  • system requirements: memory, CPU, desk space, etcno special requirements needed
  • interoperability and compatibility requirements:
    • OS
    • xenserver, hypervisors
    • Tested on Debian 7 on VR
    • All major OSes (Linux, Windows 10, Mac X) as client of VPNstorage, networks, other
  • list localization and internationalization specifications specifications
    • one language key added (message.enabled.vpn.ca.certificate)
  • explain the impact and possible upgrade/migration solution introduced by the feature explain performance & scalability implications when feature is used from small scale to large scale
  • explain security specifications
    • list your evaluation of possible security attacks against the feature and the answers in your design* *
  • explain marketing specifications
  • explain levels or types of users communities of this feature (e.g. admin, user, etc)

      Use cases

        • this will be used by both infra admin, customer admin and customer user as it will be the Remove Access VPN implementation

      Architecture and Design description

      ...

      list changes to existing web services APIs and new APIs introduced with signatures and throughout documentation

      • Added API
        • ListVpnCaCertificateCmd
          • input:
            • domain (uuid)
          • output (CertificateResponse)
            • certificate: The client certificate
            • privateKey: Private key for the certificate
            • caCertificate: The CA certificate(s)
      • Modified API
        • RemoteAccessVpnResponse: two additional fields
          • type: the type of remote access vpn implementation (e.g. l2tp or ikev2)
          • certificate: the client certificate

       

      UI flow

      • either demonstrate it visually here or link to relevant mockups

      IP Clearance

      • what dependencies will you be adding to the project?
      • are you expecting to include any code developed outside the Apache CloudStack project?

      Usage Impact

      • Are there any entities being created that require usage reporting for billing purposes? 

      • Does this change any existing entities for which usage is being tracked already?

      Appendix

      Appendix A:

      Usage Impact

      • None

      ...