Re: [Nsaas] 答复: Existing work, other things

Linda Dunbar <linda.dunbar@huawei.com> Tue, 12 August 2014 17:57 UTC

Return-Path: <linda.dunbar@huawei.com>
X-Original-To: nsaas@ietfa.amsl.com
Delivered-To: nsaas@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F1301A0442 for <nsaas@ietfa.amsl.com>; Tue, 12 Aug 2014 10:57:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.569
X-Spam-Level:
X-Spam-Status: No, score=-4.569 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U3wG90f7a0ow for <nsaas@ietfa.amsl.com>; Tue, 12 Aug 2014 10:57:49 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E6F41A034E for <nsaas@ietf.org>; Tue, 12 Aug 2014 10:57:48 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml402-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BLD94692; Tue, 12 Aug 2014 17:57:47 +0000 (GMT)
Received: from DFWEML706-CHM.china.huawei.com (10.193.5.225) by lhreml402-hub.china.huawei.com (10.201.5.241) with Microsoft SMTP Server (TLS) id 14.3.158.1; Tue, 12 Aug 2014 18:57:46 +0100
Received: from DFWEML701-CHM.china.huawei.com ([10.193.5.50]) by dfweml706-chm ([10.193.5.225]) with mapi id 14.03.0158.001; Tue, 12 Aug 2014 10:57:45 -0700
From: Linda Dunbar <linda.dunbar@huawei.com>
To: Melinda Shore <melinda.shore@gmail.com>, "nsaas@ietf.org" <nsaas@ietf.org>
Thread-Topic: =?utf-8?B?W05zYWFzXSDnrZTlpI06ICBFeGlzdGluZyB3b3JrLCBvdGhlciB0aGluZ3M=?=
Thread-Index: AQHPtdma4rlWSy/aBkSWnwoV1iexc5vMvPyAgABc2FCAAIJpAP//i1lAgAB+hAD//434oIAAeZoA//+MdRA=
Date: Tue, 12 Aug 2014 17:57:44 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F645DB24CD@dfweml701-chm.china.huawei.com>
References: <53E97DB5.3040106@gmail.com> <B0D29E0424F2DE47A0B36779EC666779661978DE@nkgeml501-mbs.china.huawei.com> <53E98377.1030902@gmail.com> <4A95BA014132FF49AE685FAB4B9F17F645DB236D@dfweml701-chm.china.huawei.com> <53EA3EBE.50200@gmail.com> <4A95BA014132FF49AE685FAB4B9F17F645DB2420@dfweml701-chm.china.huawei.com> <53EA4704.2090401@gmail.com> <4A95BA014132FF49AE685FAB4B9F17F645DB2460@dfweml701-chm.china.huawei.com> <53EA4D5E.70303@gmail.com>
In-Reply-To: <53EA4D5E.70303@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.47.144.204]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: http://mailarchive.ietf.org/arch/msg/nsaas/DMUfrUVA65KpCTCpIIa5sPDrQFs
Subject: Re: [Nsaas] =?utf-8?b?562U5aSNOiAgRXhpc3Rpbmcgd29yaywgb3RoZXIgdGhp?= =?utf-8?q?ngs?=
X-BeenThere: nsaas@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*NSaaS: Network Security as a Service mailing list*" <nsaas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nsaas>, <mailto:nsaas-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nsaas/>
List-Post: <mailto:nsaas@ietf.org>
List-Help: <mailto:nsaas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nsaas>, <mailto:nsaas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Aug 2014 17:57:54 -0000

Melinda, 

Answers are inserted below:

-----Original Message-----
From: Melinda Shore [mailto:melinda.shore@gmail.com] 
Sent: Tuesday, August 12, 2014 12:23 PM
To: Linda Dunbar; nsaas@ietf.org
Subject: Re: [Nsaas] 答复: Existing work, other things

On 8/12/14 9:08 AM, Linda Dunbar wrote:
> Thank you for the listing. There is also SACM. 
> I will include those IETF initiatives in the existing work of IETF. Gap analysis will be needed. 

I think a gap analysis is premature, given the lack of a sense of overall direction.  And my question really is *not* about why these protocols may not be applicable.  My question is why you feel that new work would be successful given the lack of implementation and deployment of previous efforts (and also given that OpenStack has an implementation of their own design).

[Linda] There is already wide acceptance of security functions that are not running on customer/enterprise premises. Numerous security vendors are now leveraging cloud based models to deliver security solutions. According to [Gartner-2013], the demand for cloud-based security services is growing. Small and medium-sized businesses (SMBs) are increasingly adopting cloud-based security services to replace on-premises security tools, while larger enterprises are deploying a mix of traditional and cloud-based security services.

In addition, NSaaS is very different from all those listed initiatives. 

There are three aspects to NSaaS:
- Define the mechanism for creating virtual security functions on physical appliances,
- Specify concrete rules (or attributes) for instantiating VMs for virtual security functions (NFV initiative), and
- Define the mechanisms for clients (applications) to request/negotiate/validate security functions that are not physically located on the local premises. 

All those aspects share a common need: Attributes for the needed virtual security functions, the request/negotiate mechanism for virtual functions (on physical appliances, from remote domains, or others).

Linda