-
Notifications
You must be signed in to change notification settings - Fork 0
Development Roadmap
This page tracks the immediate and long term plans for Ba Sing Se's development, from the service's current state.
Ba Sing Se's plans for the next two to four months.
This is a practice infrastructure, after all.
A practice is a list of (user, VM) tuples; instead of being associated with one VM, users should now be associated with multiple practices, each of which provides that user with one VM.
practice -> listof(user, VM)
(user, practice) -> VM
An administrator can create and delete practices, add or remove users from practices, and start or end practices. All users can see which practices they have been added to, whether they are active or not. When a practice is active, each user in that practice may access his or her VM for that practice.
Estimated Completion February 27, 2015
The current practice plan is to prioritize giving each blue teamer access to a private VM network. That's what this phase is for.
Instead of mapping each user to asingle VM, a practice maps each user to a Virtual Network Specification. A Virtual Network Specification (VNS) is a list of Virtual Machine Specifications (VMS), together with a list of VLAN specifications. A VLANspec is just a name that is associated with a VLAN. A VMS contains data representing CPU, memory, network interface cards (including where it should be plugged in; could be a VLANspec, the public Internet, or nothing), together with a list of disk specifications that should be loaded into the VM. A disk specification is a number representing disk size combined with a reference to a disk image (.iso, .img, etc.) which is on the backing service. The disk image must still be configured and uploaded manually.
practice -> listof(user), VNS
VNS -> listof(VMS), listof(VLANspec)
VMS -> CPUspec, RAMspec, listof(DiskSpec), listof(IfaceSpec)
VLANspec -> name
VMS, VNS, IfaceSpec -> nothing | "public Internet" | VLANspec
An administrator should be able to edit, add, or remove DiskSpecs (requires uploading an image to the backing service), VLANspecs, VMSes, and VNSes. Should be able to associate these things with each other according to the model. In addition to adding and removing users from each practice, they should be able to associate a VNS with that practice.
Users should be able to access all VMs on their VNS during each practice.
Estimated completion March 22, 2015
The idea here is for an administrator to specify some hardware, combined with an OS/Service pair, and have that machine simply configure itself without the need to manually set up the disk image. In other words, provisioning should "just work". This is also the step where we'd like to add support for Windows machines.
This is probably best implemented using a service such as Puppet, Chef, Vagrant, Ansible, etc. We are not familiar with these tools, so we don't know exactly what to do or how long it will take. We are definitely in the exploratory stage here.
Unknown
The ultimate goal of the Ba Sing Se project is to allow a team practice to emulate every aspect of a CCDC competition environment, including injects, red team activity, service scoring and network topology. The practices should be flexible, easy to set up, and easy to use. Even better, they should provide transparent, concrete metrics such as service uptime statistics, inject scores, and red team activity stats.