Telecom Security Foundations for 5G and Future Edge Networks

According to the industry reports globally 5G deployments will reach 1B+ 5G connections in 2022 and will reach 4.87B+ connections by 2027 combined with the fact from 6.5GB per subscriber average consumption with reach 15GB in 2022. This is a scale of networks world has not seen before and risk of not knowing what we are going to manage is greater than any value which will come from the technology advancements ,this is why we have seen growing Investments by Telcos in Security Infrastructure where at least 82% of Telco’s with 5G are having a substantial Security Infrastructure to Protect it .

Based on Dell Technologies long legacy in security solutions and projects done with Telecom customers we believe that software abstraction of network makes it possible to offer security as a service for any tenant or enterprise. However, that said key challenges exist because security is still considered as a built-in feature of product with less focus on its visibility, management and compliance. Therefore till now Cloud projects relied strongly on independent security test companies for validating a product including port scanning, penetration testing, and man-in-the-middle attacks.

The hurricane of new “things” connect to the network will increase network vulnerability. Thus, security is one of the key concerns when CSPs roll out their 5G and IoT services.

Security requirements and challenges will be wider in 5G than in previous generations, reflecting the far broader range of potential use cases and potential threats. Further contributing factors will come from the way 5G meets the need for higher speeds/lower latency combined with power efficiency needs, a wider variety of actors and device types and more use of the cloud and virtualization.

5G will be built upon network slicing and the “network of networks” concept. Any security measures must take both this and edge computing requirements into account.

Security Challenges in 5G

The following are generic issues that hinder the consolidation of secure IoT ecosystems:

  • Very large attack surface
  • Limited devices resources
  • Complex ecosystem
  • Fragmentation of standards and regulations
  • Insecure programming

There is no one-size-fits-all solution to address all the security challeng­es. To adequately protect from security breaches, a multi-layer, end-to-end framework is recommended that takes into account all connected devices, along with the applications they run and the net­works they use to transmit information. The framework should be built on emerging best practices. Several security layers (network, service, application, and endpoint/device) independent of each other may be combined in order to realize the overall system security. Associating the requirements to the respective security layers helps to avoid confusion and to better derive potential solutions.

The main security requirements to secure the upcoming IoT/5G services fall under the following main categories:

  • Identity Access Management and Authentication
  • Communication Security
  • Data Security (Confidentiality, Integrity, Availability)

5G Multi Layer Security Framework

These security requirements should be distributed over the below security layers:

  • Network Layer Security: This layer can be split in two parts: network access (part of the control plane) and network application (user plane). Different types of access, i.e. 3GPP (5G, LTE-M, NB-IoT, etc.)  or non 3GPP (WIFI, Zigbee, etc.) can be considered.

Under the umbrella of 3GPP, 5G/IoT will benefit from all the security and privacy mobile features, such as support for user identity confidentiality, entity authentication, confidentiality, signaling protection and data encryptions.

Although 3GPP defines several key security methodologies into its specification, CSPs still need to do the provisioning and configuration.

  • Service layer security: Services can be split into those that are defined by 3GPP, i.e. 3GPP services and services that are provided by service providers/third parties. As such, service layer mechanisms are defined within the domain of the service provider and cover aspects such as service authentication, confidentiality, integrity protection and privacy.
  • Application layer security: Service providers implement their services by providing applications to their subscribers. In addition to the security provided by the service layer, each application may implement additional and/or different security mechanisms. These could cover security mechanisms such as end-to-end data encryption and integrity protection.
  • Device or Endpoint security: Certain devices are required to implement security mechanisms in order to make sure only authorized users have access to device resources and in order to make sure that assets such as the device identifier cannot be manipulated. Those mechanisms are covered within the device security layer. In addition, aspects such as provisioning the UE with service or network access subscriptions, device theft, device integrity and grouping of devices (e.g. for bulk authentication and management) are covered.

The security requirements should be defined per use case, but at the end it follows the CIA triad (Confidentiality, Integrity, Availability), the below are different use cases for connected cars with the required security profile level

Network Slicing Security Requirements

Network slicing also raises the possibility of a range of scenarios that any security mechanisms must take into account.

These are listed by 3GPP SA3 as:

  • Network function sharing.
  • Access network sharing.
  • Access from less trusted networks.
  • Coexistence within a network slice with 3rd parties’ network functions.
  • Coexistence between network slices with different security assurance requirements.
  • Simultaneous UE connections to multiple network slices.
  • Simultaneous UE connections through different access technologies.
  • Possible deployment scenarios and trust relationship between the network operator and the service provider, e.g. third party application server.”

The nature of slicing leads to a range of specific security requirements. 3GPP SA3 identifies these as:

  • Security isolation of network slices.
  • Security mechanism of each slice.
  • Security on UEs’ access to slices.
  • Security on sensitive network elements.
  • Security on management of slicing.
  • Security on interacting with third party.
  • Virtualization security.

Network slices are intended to be independent and autonomous, which seems to imply security policies and configurations that differ according to functional needs of the slice. However rather than being a logical entity, a slice is a logical mapping of a set of functions. Some of those functions will be shared with another slice. Therefore, you cannot simply apply a security policy to a slice. Instead, what’s really important is the access control, authorization and authentication between individual virtualized functions. As a result, each virtualized function requires its own authentication mechanism to be able to mutually authenticate other functions that it communicates with that are on the same slice.

Edge Security Requirements

For the applications located on the MEC nodes, adequate security should be built into the MEC platform to provide secure platform services such as applications on-boarding, lifecycle management, etc.

Moreover, the distribution of NFs all over the network:

  • Increases attack surface as now more locations, and instances of NFs, new components (e.g. MANO) are included in the network.
  • Security enforcement and management becomes complex because now we need to monitor large number of security touch points.
Source: GSMA NEST

Recommended approach to address the increased attack surface and security management complexity is to implement security controls also at the edge of the network and extensively rely on the security automation driven by analytics.  This could be done by deploying a dedicated security gateway or service chained virtualized security functions at each edge location.

The main objectives of the Security Functions at the edge cloud should:

  1. Protect the network services: Edge is the first point of entry for the traffic. Hence placing security controls at the edge is highly important.
  2. Protect the MEC node platform
  3. Provide edge-based security services to the customers

Following attributes makes a security function desirable for hosting in the edge:

  1. Localized traffic analysis: SFs that can act locally without requiring the information about other part of the network
  2. Resource intensive security functions: Maximum capacity for some SF is not very high because of extensive compute or I/O handling required. Such SFs shall be distributed to ensure that the traffic remains with the capacity. This criterion is more relevant for SFs processing data plane traffic e.g. anti-virus, malware detection, DPI, cryptographic computations (particularly public KPI), etc.

Based on the above criteria, following Network Functions are preferred for the deployment in the edge to secure your networks and enable security as a service including

  • Access Control Lists
  • Stateful firewalls
  • Next-generation firewalls
  • Deep packet inspection
  • Web applications firewalls
  • Malware detection
  • analytics

Building Secure 5G and Nextgen Networks Using API’s and NaaS Architectures

If there is one thing Pandemic has taught us is that adopting a scalable Cloud model and Automated Network is not a Nice thing but rather a Must have to thrive and innovate new requirements for Telecoms .

However as business continues to become more open for both internal and external applications the questions around “Data gravity” , “Data confinement” , “data controls” and “data Privacy” becoming more and more important .

Now while the above topics looks quite straight forward in the IT world with a mature framework and tools , in Telco it is not as simple due to the conjunction of Telecom security compliance in an IT style system . To make it understand historically how Telco’s develop their Systems was based on boundary conditions based on Trusted Zones , Non Trusted Zone and DMZ A.K.A De-Militarized zones

Now with 5G and Future Networks which follows a “Cloud First” approach the biggest challenge comes to deliver same type of requirements and expectations in an cloud and dis-aggregated models . This requires a software and API centric approach on how a Security domain and characteristics will look like .

As an example hoe to deliver

  1. Security visibility in terms of SoC and Management tools solutions
  2. Ensure every thing is security pruned before deployed
  3. Model all requirements using software and API’s

Setting right Multi Cloud Model for Future Telco Services

This is important that in the context of Telco we understand Telco services clearly e.g characterize and benchmark different Applications to different cloud Models and then both secure and manage them as a whole and not in Legos .

This is where Multi Cloud model is pivotal and should support full LCM across following security postures

Control

Focused mainly on content and packages Managmeent , CI/CD pipelines , Vulnerability analysis , App configs control and API’s protection for CI/CD

Focused mainly on content and packages Managmeent , CI/CD pipelines , Vulnerability analysis , App configs control and API’s protection for CI/CD

Control

It comes to LCM for security tasks , IAM , Data protection Focused mainly on content and packages Managmeent , CI/CD pipelines , Vulnerability analysis , App configs control and API’s protection for CI/CD , packages assurance and compliance and risk quantification

Detect and Respond

This is the Most critical part of Multi Cloud security involving how to address security SLA’s across different clouds , how to isolate infrastructure and networks both data and service .

Finally it is important to observe data using a single pane of glass and possible integration with DATA and ML/AI pipelines .

This proposed model for delivering security to 5G and Future Multi Cloud Networks are very important to do proactive Threat detection and Incident response

In a true Multi Cloud model while Cloud become a commodity the Security needs to be standard and complied across all domains and Cloud Infrastructure

SoC and Management

Delivering and selling security as a product mean we need to make changes to how we build , sell , deploy and manage Networks around one simple concept which is “unified control” , “Integration and Single Pane Operations” and “Proactive first” which is seamless ingest the data in real time to tame both the analytics value and use case delivery in real time .

It also means any data breach or even policy breach will be reported and complied in real time

Check how Dell Multi Cloud Security solutions adressing these requirements

https://www.dell.com/en-us/dt/campaigns/dell-emc/future-proof-data-protection.htm

Data Protection

When “Cloud” will become a central theme for Networks the “data” will become even more important , not just for analytics “data” will also help us meet all security and regulations requirements , using a standard Data Protection solution is a must to achieve the outcome based results .

Infrastructure Automation

Also we need to understand how the Infrastructure will be deployed and delivered using a Cloud operating Model something which is federated , hierarchical and delivers securely in a massive scale .Below is a good example

Deliver Security as a Service

Now although the Cloud lego gives a good intro on how we can build and stretch a secure infrastructure across different players it is not the outcome at least for Telco which measure a success once tied with a “Telecom Service” that delivers a 99.999% reliability and stringent security SLA again set by Telecom bodies , TSR regulations and local governments .

This is where it becomes vital how we can abstract all these building blocks and deliver security as a Service using NaaS and API capabilities that comes natively with 5G SBA (Software based architectures) .

Although delivering E2E services by Slicing is in early phase of adoption but clearly this is the future of “Security” and “NaaS” with clear standardization of

  • How to ensure resources from different slices not to impact each other?
  • Pre-emption rules when resources are scarce
  • Define E2E security architecture for Network slicing
  • Define security requirements of inter operator slices


With the standardization of 3GPP Release 16 and many operators commercializing plans it is very important to evaluate slicing security impacts in the context of industry and other verticals as the stringent industry requirements make it necessary to apply an industry grade security and Telecom security requirements (TSR) as defined by both international and local regulations. The most important requirement to apply slicing in industry is that the data generated and owned by the industry partner do not leave the industry premises. Further it requires clear data governance for example demarking data boundary between industry control, management, service data and MNO. These security requirements also stipulate
that the industry data is not available or leak to any outside organization including MNOs who may be the infrastructure provider for such solution.

Check below on hoe #dell is working with its partners #VMware and #Oracle to deliver the secure slice based services across different industry verticals at scale adressing Telco unique needs to increase innovation and offering for Enteprrise and business

  • Providing a consistent platform across local, edge and regional data centers
  • Simplifying operations across all domains through consistency
  • Optimizing resource utilization with dynamic, programmable provisioning
  • Automating end-to-end network slicing orchestration

Differentiated Telecom services delivery through Open API’s

Delivering services through Open API’s is doughty success of Android and revolution that enabled an ecosystem of innovation . How can Telco industry can learn from this breakthrough is the baseline of “Automation and Orchestration” and “Network Slicing” Movement as we know today .

However achieving this is easier said than done as success of this in Telecom comes finally to these three things

  1. An Open Architecture
  2. Modular and Pluggable
  3. Model Driven
  4. Solved via Open API’s

Architecture

Although a proven E2E architecture is a must to build telecom systems and deliver them using a Telecom standard SLA’s yet in a real Telecom world which is massively “Brown field” this will seldom be applied so a framework that will give option to select only few new components and seamlessly integrate with existing legacy OSS/BSS components is a typical Telco OSS/BSS transformation journey

Outcome based

If there is one lesson Telco industry has learnt from open source is that there is almost zero time when a new architecture will make business case unless it is introduced incrementally based on “Outcome based” KPI’s that enables specific business outcomes in a non-airgapped environment and fully matching complex Telecom requirements

Model Driven

A strong emphasis on “Model Driven” is a baseline to de-couple Infrastructure from Application , in addition it should enable it to open focus on input and output manifests leaving implementation details flexible to enable a wider ecosystem while keeping a Telecom grade compliance .

One such example is we can learn from ONAP community responsible to enable an Open Orchestration and Intelligence Engine for Telecoms and their output for delivering models that delvers a Telco grade services

Programable and API Driven

As Telco’s accelerate their Network transformation to both improve customer experience and enable new era of growth it becomes evidently important that everything need to be enabled using API as a Service .

Whether it is a hardware procurement , service creation or Operations everything need to be models , depicted and delivered as an API that can be consumed in either ways

System view Integration

This is how external brokers or API consumers connects to systems

Internal view Integration

This is how you can develop and integrate a Module to existing system , it needs detailed API mapping to an abstracted plugin’s that hides all integration and functional complexity

NBI API’s

These are how the Services will be enabled and mostly need to align with TMF and MEF API’s as an example

  • TM Forum 641 APIs
  • TM Forum 633 APIs
  • TM Forum 638 APIs
  • MEF Legato Reference Point

Partners and Developer API’s

These are how the Network will be exposed and interconnected to a global Network to deliver services at scale as an example

  • TMF 641
  • MEF Interlude
  • Telco Edge
  • CAMARA API’s

Resource Orchestration

This is how you can integrate different components from different vendors in your network as an example

  • Redfish
  • ETSI
  • IETF

Enabling ML/AI an removing Data Silos

If there is one domain that seems unanimously important to win for Telco’s is both making networks intelligent and Monetize data . Data is generated at every points how we can deliver a standard MDAP (Management of data analytics platform) and integrate with the Telco NF’s like NWDAF defined in 3GPP SA2 is vital .

An API first and Model driven architecture will enable to remove data silos that exists between service and functional domains . In addition it can make Networks more flat and simple by removing duplicated between NWDAF , MDAF and may be data collectors .

In this paper i have tried to inked some of the directions how Telco’s can deliver their NG-OSS transformations towards more nimble and Open automation frameworks to deliver Telecom services in an agile and standard manner that meets the Telco specific requirements of performance , reliability and security

A broader look at Openness for Telco

When it comes to enabling an Open architecture in Telecom it need to viewed in the context of end game which is a Telecom service , this is one study one by our partner #Nokia and that gives a best glimpse how an architect should build and deliver services with a balance between 3GPP and a Linux world , below are 9 initiatives worthy to learn and apply

  1. 3GPP
  2. IETF
  3. CNCF
  4. NFV
  5. Apps
  6. ODA TMF
  7. OCP
  8. O-RAN
  9. Blocks chain and FinTech

Here is the the details https://www.nokia.com/networks/insights/9-openness-initiatives-powering-innovation/?did=D00000001041&gclid=CjwKCAjwkMeUBhBuEiwA4hpqEMZWCacSPI2H5FaURO23Z7wmSJRPmIfnexGVktQFtr2fEZ3HSTj3wxoChGAQAvD_BwE#

Integrating AI and data to monetize 5G Cloud Platforms

As of Q1 2022 for 5G adoption we have just passed 600M mark and expected to hit 2.5B connections by 2025 that is almost 500M every year . If we combine IoT and Device ecosystem the scale can go horrendously big .One of the biggest advantage and also challenge that comes from this once in a life time opportunity is “scale” .

Simply putting in to context “automation” and using ML/AI is a must to achieve both Network SLA’s ,efficiency and Optimizing Network TCO

AI has potential in creating value in terms of enhanced workload availability and improved performance and efficiency for 5G and Telco Cloud . However the biggest problem when it comes to use “AI” and Machine learning Telco’s is “Data” and “data Models” because simply there is no standardization or model definition on how Telco systems including Infrastructure expose the “Information” to upper layers Since data sets are huge in this domain with n permutations therefore first step to normalize is the Use case driven normalization of data that can be consumed both by Network and Data science domains . This will enable to develop a future Telco that can detect and also self heal itself .

Understanding Data Integration Architecture

Considering the 5G architecture which is based on Open API and Horizontal services design A.K.A SBA the Data integration and using AI should be an easy problem that can be divided in following to define a pipeline

  1. Telemetry and data
  2. Each layer data exposure as an API starting from Baremetal and then extending upwards towards Cloud , SDN , NFVO , Assurance etc
  3. Data models and engines to disseminate information

However it is easier said than done because of many reasons including

  1. What will be key data sets
  2. how FCAPS of each layer can be dis-aggregated i.e dropping one layer data without confirming dependency is a kill

Business Architecture

In order to address this we need to understand and gain experience from other industries and SDO’s and to see how it can both be agreed and integrated in Telco Networks , this lead us to approach this as a use case driven approach and select those domains and business challenges that can deliver quick results

"Follow the Money to deliver use cases that can monetize 5G

We have analyzed lot of use cases both from academia and industry and compiled a complete list here

From this we infer there are just too many ways Telco’s are solving same problems and this is what make us understand that there should be clear definition of “data Models” and use cases that should be defined at first steps .

The most important of which are :

  1. Using Machine Learning to Detect Noisy Neighbors in 5G Networks.

2.Towards Black-Box Anomaly Detection in Virtual Network Functions

3. Causality Inference for Failure in NFV

4. Self Adaptive Deep Learning Based System for Anomaly Detection in 5G

5. Correlating multiple Events and Data in an Ethernet Network

This leads us to define following as first steps for AI and Intelligence as applied to Telco’s

Source: LFN acumos

Analysis

Data Lakes , Log analysis and correlation

Detection

Anomaly detection including pattern detection , trend and Multi layer correlation

Prediction

Intelligent prediction including capacity ,SLA , Scaling and Cloud KPIs

Generation

Measure data and Synthetize it using frameworks like eBPF

Data Monetization is first to make 5G Profitable

Adressing both the Data Architecture and Business Architecture is vital as different Telco’s including in cases different BU’s in same Customer take it differently and what makes it worst is manipulate and store data lakes using different forms i.e Infrastructure metrics , Agents , Databases which is hard to apply between different data sets and hence it is biggest issue to Monetize one key assets of 5G which is “data” and hence to define a pipeline that can be shared between all of tenants including vertical industry

The latest White Paper: Intelligent Networking, AI and Machine Learning

Next Steps of “Thoth”

As said before we are defining few key use cases in LFN project “Thoth” to learn and elaborate from there applying concepts of Events , Anomaly and Prediction across layers and first phase use cases are

  1. VM failure
  2. Container Failure
  3. Node Failure
  4. Link Failure
  5. Middle layer Link failure

The detailed list can be seen here Use cases

Improving Telco’s Enterprise reach through Slicing and RAN control

Growing business in 5G era largely depends on ecosystem enablement and on idea that Telco’s can build a future Infrastructure that can deliver business outcomes for not only traditional Telco customers but also for broader verticals may it be Manufacturing ,Mining, Retail , Finance , Public safety , Tourism or eventually anything .

This means “Programmable” and “Automated” infrastructure is the base to achieve any such business outcome . Applying this to Telco’s 5G and Transformation journey will mean both “Network Slicing” and the “Private Networks” and although i totally agree with idea that both will co-exist and proliferate but to be fair it is a fact that although Network slicing has delivered outcomes in Labs and Demos it has still number of challenges when apply to practice .

Recently i have heard many views from many reputable names including my friend Dean Bubley and Karim so i thought to share my views on this topic highlighting some work we have been doing with our partners and customers in APAC as well in the GSMA and to allude to some improvements we have achieved in last year since i shared my views with industry on Network Slicing and its Delivery .

Today Network slicing has been live in a number of customers including Singtel that has achieved substantial outcomes with Slicing however the bigger challenge still remain un-answered

How will Network slicing address RAN resources ?

How will Network Slicing can help to monetize low hanging fruits of Edge together with Telco domain slicing

In 3GPP Release17 we have been doing some exciting progress on later with a new architecture and API exposure for co-deployment of Edge with RAN but again prior to this we need to extend the Slicing towards the Access Networks both from Technology and Business Architecture Perspective and this is what i will share in this paper

Experience Learnt from 5G Networks rollout

As many Telco’s in 2021+ accelerated 5G rollout and built 5G SA Core Networks one think proved more than before that limitation on

  • RAN resources are always scarce
  • AI need to be enabled to intelligently modify slicing in real time
  • Spectrum and RAN layers will be a top pressings time for Telco’s to deliver value
  • RAN resource isolation must follow performance: cost baseline
  • How to handle resources in peak time and pre-empt some over others is vital
  • Regulatory and GDPR is vital to achieve anything big in this domain

Orchestration must precede Network Slicing

From Above experience we can infer that it is really not about Network slicing but rather “Open” , “Control” and “API” to enable End to end Network slicing LCM and Orchestration all the way from UE to RAN to Edge to Core to Cloud

  • Dynamic control of resources with Telco level visibility in Key
  • RAN automation is first step to be done before Slicing change RAN resources
  • Cloud operations model is vital to support Network slicing because although there are many business verticals the Telco’s really have to build an efficient and Multi tenant operational model to win it

Cloud Operations Model that is secure and Multi tenant must be enabled across all Telecom Infrastructure

RAN SLA’s for vertical industry

The notion of Network slicing still lies in selling a SLA vs Selling a Network .

First of all RAN resources are always limited and secondly each vertical industry has its own traffic profile and trajectory which can never be planned using old Telecom simulation tools it means dynamic learning and resource adjustment is key . This all alludes to the fact that changing network while ensuring network KQI remain intact is something that require Full visibility and programmable Control

It leads us to consider following architecture first before Slicing is full enabled for the RAN

  • Slice LCM must be supported by automatic Infrastructure that is elastic and Telco grade at the same time
  • Scale out architecture must be enabled in RAN
  • RF and Spectrum resource scheduling is the most expensive and intricate resources for services and we must enable their dynamic control

Intelligent Networking ML/AI must be enabled first

Automation can deliver a myriad of outcomes including better control , real time changes , optimization , compliance and FCAPS for each tenant however it is not sufficient

Intent driven networks that uses power of data , ML and AI to orchestrate and adapt network is a capability that should be enabled on a network scale before network slicing can deliver a business outcome

It leads us to consider following architecture first before Slicing is full enabled for the RAN

  • Slice LCM must be supported by automatic Infrastructure that is elastic and Telco grade at the same time
  • Scale out architecture must be enabled in RAN
  • RF and Spectrum resource scheduling is the most expensive and intricate resources for services and we must enable their dynamic control

Components of a RAN Slice

Although the Core Slicing capability still exists on OSS and SMO layers that are outside the RAN still the real power of Slicing will come as we address the RT capability of RAN slicing which enables us to deliver following for a business tenant

  • RRM
  • Connection management
  • MM
  • Spectrum layers

All of this must be available to package as a NSSF functional instance as alluded below

Partnerships and Ecosystem

According to the latest GSMA report one use case enablement for any vertical will require at least 7 Players to work together , so RAN slicing or in other words Slicing Business outcomes is not a matter of one body or business to solve . Today to incrementally deliver the business outcomes following are key organizations collaborating to adress those challenges

  • ETSI NFV
  • GSMA
  • MEF
  • IETF
  • O-RAN and TIP
  • ONAP
  • 5GAA , ZVEI etc

We are also taking an aggregation approach where we are summing all the knowledge from these bodies and deliver as a outcome for our customers . you can reach out for more details .

Building Smart and Green Telecom Infrastructure using AI and Data

source: Total Telecom green summit

During last year industry has witnessed Telco’s increased spend and maturity in Cloud and Automation Platforms . During Pandemic it is proven that Digital and Cloud is the answer our customers require to design , build and Operate Future Telecom Networks .

The Second key Pillar forcing Telecom industry towards Autonomous networks is to deliver business outcomes while doing business responsibly .

Getting Business outcomes and doing a sustainable business that supports Green Vision has been a not related discussion in Telecom Industry

But now infusion of Data and Cloud is really enabling it , it is expected that we as industry can cutdown at least 50% of Power emissions in coming decade but how it will become possible . According to Pareto’s law the last 20% will be most difficult .

This is where my team main focus has been to build robust AI and Automation use cases that are intelligent enough and that solves broader issues . Today the biggest focus for ML/AI for Telco’s that can really put them lead such outcomes are

  1. Smart Capacity management
  2. O&M of networks that reduces emissions and improves availability
  3. Service assurance based on data

The biggest Challenge in Transformation is Fragmentation

The biggest bottleneck is making such outcomes is related to data . Intricately “Data” is both the problem and the Solution because of so many sources of truth and different ingestion mechanisms . Do check details on #Dell Streaming data platforms and how we are solving this problem

https://www.delltechnologies.com/en-au/storage/streaming-data-platform.htm

Today under the umbrella of Anuket , 3GPP , TMF and ITU are all collaborating to come a validated and composite solution to deliver those use cases . So in a nutshell it is vital to build a holistic and unified view to deliver data driven AI use cases

Scope and Scale of Intelligent automation

The biggest bottleneck is coming from the fact that in real world Telco Apps can never be fully cloud native , at some level both the state and resiliency requirements and App requirements has to be kept and to come with intelligent work load driven decisions . The decade long journey of Telecom Transformation has revealed that just building everything as a code and expecting it to work and Telco’s can rollback their NOC sizes simply not works .

This is where intelligence from layers above the Orchestration and SDN will be of help like google does in the Internet era .

The second biggest issue is in the Scalable Telco solutions itself , it is proven that Telco’s face unique challenges as they move from hundred’s to thousand of nodes . So imagine running AI for heterogenous environments each coming with different outcomes can never deliver power and scale Telco’s need in the new era .

Telco grade AIOPS models

It is true that with 5G and Business digital transformation the industry really want to ramp up to build an improved user experience and unified model to expand portfolio towards vertical markets as well , this is only possible if we can have a coordinated system , workflow management and data sharing and exposure with strict TSR security measures . Similarly this model should cover full LCM including FCAPS model .

Building Intelligent Telco’s

Although using AI and ML is an exciting ambition for a Telco still the bottom line is how to build these platforms on top of NFVI and Existing Orchestration and Automation frameworks . In other words really business case to build an intelligent networks starts with using Data and ML to automate the entire network . Although in this aspect the scope can extend not just to service domain but also to business domains i.e automate business process including event correlation , anomaly and RCA

Building a Unified AI Platform

Although this intention or target is clear however in context of networks this is complex as we need to solve challenge of data security , regulation as well as what it really means to do the certification of an AI platform because focus should be given that allow this layer to be built from solution from many vendors so a loose coupling with more focus on Network service and AI algorithms is a key to build this platform

Instead of focusing on network element certification focus of AI platform is service level compatibility , data models and AI algorithms

However lack of unified standard specially on trusted data normalization , sharing and exposure is certainly forcing operators to adopt a Be-Spoke solutions to build AI platforms and that itself is a big impediment to wide scale adoption of AI and ML in the Networks

To move forward more close collaboration between different standard bodies and governance by more Telco centric organization like TMF is the answer with immediate focus to be given to Data standardization , labs integration and to enable shared data sets and algorithms to evolve and support wide deployments of ML and AI in Telecom Networks

Latest Industry progress and standardization

Although this is the early time of AI platforms standardization still we need to aggregate the progress between different bodies lest we can only expect the plethora of silo solutions each with a different specifications

  • ONAP as baseline of automation platform has components like DCAE and AI engine that makes sense to make it the defacto baseline standard
  • Anuket is the Cloud Infrastructure reference and it has recently launched a new project “Thoth” to look in to AI network standardization
  • ETSI ZSM is E2E automation platform across full LCM of a Telecom network and certainly an important direction
  • ETSI ENI or enhanced network intelligence is another body that closely defines AI specifications in the context of Telecom
  • TMF as a broader Telecom body is defining architectures including ODA and AIOPS that really breaks down on how a Telco can take a phased approach to build these platforms

Above all early involvement and support from Telecom operators and partners is very important to realize this goal . I hope in this year we will see more success and standardization on these initiatives so lets work together and stay tuned .

AI based Operations and Security for 5G and Edge Networks

Use of AI in Telecom’s is not a new topic . However what has enabled with 5G and Edge is a Open and Flexible Infrastructure that helps to deliver AI as a standard platform and capabilities .

As an example the SON , NSP and other type of platforms are a tailored or closed systems but that definitely delivers an outcome and value , but the same can not be extended towards other domains . That is exactly what AI based operations in new era will be able to solve .

AI based Operations for 5G and Edge

AI for Telecom has gained industry interests recently primarily driven by both wide deployments of 5G platforms which generates 4X more data compared to early generations alongside other global events like Covid-19 which necessitates a close loop operation avoiding the human. This initiative require not only orchestration but infact intelligent policy generation based on real time use and customer behaviors and will enable a SLA based offering for each 5G business tenant.

The use of ML/AI is still in initial phases of standardization, to ensure realization of  a successful autonomous networks so the ML/AI should address following domains

  • Analysis
  • Intelligence
  • Automation and Policy

There is not just the technical side of ML/AI use in Telecom but a business side also. As we are well aware that many of NFV/SDN products in the market today that comes with native ML/AI functionality which are enabled not only in intent driven software level but also in chipset level one such example is Intel Atom , Intel 3rd gen Xeon processors with built in bfloat16 support that reduces data required to build training models . However still Telco’s in 5G are trying to find sweet spot that will make business case of 5G positive. This is a fact that to build same coverage as 4G we need to pump 4 times more sites which means use of ML/AI for automated managed and use cases to optimize infrastructure is mandatory. In this context we also need to evaluate new business models for 5G to see “If 5G data can be monetized than Service can Free. From Infra view to Managed services view to vertical industry offering view”

Use cases for AIOPS

In this context in 2022+ Telco’s need to evaluate and commercialize following key cases for 5G ML/AI to speed up the deployment

  1. Life Cycle Managmeent of Infrastructure
  2. Automating Application and  Infra Dependency
  3. Automatic output rule to Optimize NW specially RAN and Transport
  4. Advanced AI e.g build New Network Topology ,
  5. Work load placement , SLA analysis in case of PoP migration

The Telco operators should take active interest in following industry efforts to successfully use ML/AI  in 5G Cloud Infrastructure

  1. ITU-T Focus group on ML for future NW (FM ML5G)
  2. ETSI enhanced network intelligence (ENI)
  3. O-RAN alliance for RIC (RAN intelligent controller)

Below is the summary of Use cases and architectures delivered in TMF AIOPS framework and this is a great start point to start your AI journey in the OSS/BSS and Network Domains .

Security of Networks for AI era

Cloud infrastructures by its nature becomes more secure than black boxes over time however till their maturity there is a increasing risk of security vulnerabilities primarily due to increased attack surface and ease to access and use API’s once a security hole is concealed by hackers. It is clear that the existing Security solutions are not tailored to handle such architectures. The future security solutions in the Cloud must consider

  • Real time monitoring
  • API discovery
  • Policy management
  • Distributed security
  • Software based security frameworks

Service mesh is the futuristic technology that is required to protect the future 5G infrastructures. Delivering security as a service is a definite requirement for Telco’s and it is very important, we deliver security enhancement in a software manner to cover

  • Advanced Cluster management that encompass private, public and hybrid cloud
  • Security of Networks
  • End point protection IPSec and DTLS
  • Open data platforms and mTLS for scalability
  • Platform attention for disaggregated cloud

Today the secure networking using NSM is a reality in Core . 5G CNF’s  like NEF ,NRF,AUSF however due to high performance and resilience requirement the nodes like UPF,DU,CU,AMF,SMF is not hardened today however the Kubernetes’s 1.23 is adding a number of enhancements around like secondary networking , monitoring , CNI extensive models and storage acceleration which means we are converging faster towards to open and standard deployment of 5G Networks .

Below is a recording of a recent summit of which i were part of , do check it out here .

Orchestration and ML/AI Architectures for 5G and Future Networks

According to the latest Market updates the global 5G active connections will surpass 580M in 2021 with astounding growth rate of 100% will reach 2.9B by 2025 , added in woes are machine and things that will add around 75B by 2025 .

Although these results are very encouraging it will raise challenges of its own kind not faced by mankind before requiring new architectures and principles to manage networks at scale . Issue like Data ,Privacy and Security is changing the Telco’s business narrative and more and more business now linking their business vision not such on Telco business but also on sustainability and responsibility .

The Flatter architectures and Cloud principles promised a great future by making it possible to Orchestrate and Automate networks and to use data to something not done before in any Telco generation and that is build Autonomous and Intelligent Networks by design solving some of the great challenges for 5G network scale and operational efficiency and this is topic i like to discuss today .

Orchestration and Automation for the Future World

Orchestration refers to the way the end user model, provision and manage the applications. The very nature of 5G which necessitates a distributed cloud and thousands of clusters it is vital we can handle all infrastructure in a software fashion that is friendly to use like drag and drop from intent point of view

From Telco perspective open and highly performant orchestration is the backbone for 5G Cloud infrastructure. Manual deployments of 5G services and connecting them using legacy approaches will be complex, error prone and not resource efficient .

Decoupling of Application and Infrastructure is a vision that orchestration solutions make it possible by using  declarative API like YAML, TOSCA, Terraform today as it makes it possible to make Infrastructure irrelevant for the Application and hence to make Infrastructure totally Immutable that is provisioned using standard artefacts and templates. Declarative means an end user only defined “What” without specifying details of “How” . In fact 5G Cloud infrastructure is open and flexible in terms of How as it can use an extended set of tools to deploy it . It is by virtue of these characteristics that Telco’s target evolves from a manual to a Level4 autonomous networks of Future. As highlighted above the Telco for 5G and Edge applications will require some enhancements and that will require new frameworks today CNI plugins and CRD (Customer resource definitions) provided by different vendors for their offering made it possible to ensure all the Telco required enhancements can be deployed in a open cloud through open frameworks of Helm and concord .In addition, Orchestration will not only support vision towards software define Telco but also automated management of all the 5G infrastructure all the way from Physical servers/storage to the Application itself.

Network Slicing and B2B/B2B2X Models for Future

Network slicing is the segregation of one physical network in to a number of logical networks each serving varying use cases and business tenant that meets the desired SLA for different tenants  .

To achieve this goal, Network Slicing needs to be designed from an E2E perspective, spanning over different technical domains (e.g. device, access network, core network, transport network and network management system).  As example of reference architecture of a future network as shown below

However as today still there are a number of gaps which need more cross community collaboration, as an example the 3GPP SA5 resource model does includes modelling of the TN end-points it does however not include modelling for the 5G transport network itself, nor the RAN Furthermore, indication of whether a slice may share resources or not is indicated as part of the ServiceProfile. This indicates cooperation with other bodies, e.g. ETSI, as mentioned above, is needed. However the problem is that many other bodies define management function and interfaces regarding what and how they could allocate resources. Yet, there lacks of end-to-end view since transport and NFVI is not part of 3GPP. It is expected to specify management framework for SLA compliance and that is ongoing in SA5 with regards to RAN and Core. In addition, if resources are handled by vertical industry customers directly, further discussion will be needed. Based on our industry efforts we are bringing cohesion among following standardization organization for commercialization of 5G slicing

  • 3GPP RAN
  • 3GPP SA
  • Broadband Forum – 5G Transport architecture
  • IEEE 802  -Switched Ethernet networking and TSN
  • MEF – Transport Services for Mobile Networks
  • IETF – IP, MPLS SegRtg, EVPN, DetNet)
  • TMForum
  • OSM and ONAP
  • ETSI NFV

The integration of automation and Telco DevOps for automating the end to end slices means E2E all the services can be provisioned in an agile manner from current 1Week to 1hours which is necessary to pace up with the innovation required in 5G era.

One of the typical issues with Slicing is that as tenant we need single Pane not just for services (GST or NEST) but also way how to connect them. Today frameworks like GANSO (GST and Network Slice Operator)  is supporting industry to standardize on it .

AI/ML and Closed Loop for 5G Cloud Infrastructures

AI for Telecom has gained industry interests recently primarily driven by both wide deployments of 5G platforms which generates 4X more data compared to early generations alongside other global events like Covid-19 which necessitates a close loop operation avoiding the human. This initiative require not only orchestration but infact intelligent policy generation based on real time use and customer behaviors and will enable a SLA based offering for each 5G business tenant.

The use of ML/AI is still in initial phases of standardization, to ensure realization of  a successful autonomous networks so the ML/AI should address following domains

  • Analysis
  • Intelligence
  • Automation and Policy

There is not just the technical side of ML/AI use in Telecom but a business side also. As we are well aware that many of NFV/SDN products in the market today that comes with native ML/AI functionality which are enabled not only in intent driven software level but also in chipset level one such example is Intel Atom , Intel 3rd gen Xeon processors with built in bfloat16.

support that reduces data required to build training models . However still Telco’s in 5G are trying to find sweet spot that will make business case of 5G positive. This is a fact that to build same coverage as 4G we need to pump 4 times more sites which means use of ML/AI for automated managed and use cases to optimize infrastructure is mandatory. In this context we also need to evaluate new business models for 5G to see “If 5G data can be monetized than Service can Free. From Infra view to Managed services view to vertical industry offering view”

In this context in 2021-2022 era I think Telco’s need to evaluate and commercialize following key cases for 5G ML/AI to speed up the deployment

  1. Life Cycle Managmeent of Infrastructure
  2. Automating Application and  Infra Dependency
  3. Automatic output rule to Optimize NW specially RAN and Transport
  4. Advanced AI e.g build New Network Topology ,
  5. Work load placement , SLA analysis in case of PoP migration

The Telco operators should take active interest in following industry efforts to successfully use ML/AI  in 5G Cloud Infrastructure

  1. ITU-T Focus group on ML for future NW (FM ML5G)
  2. ETSI enhanced network intelligence (ENI)
  3. O-RAN alliance for RIC (RAN intelligent controller)

Although the content should be enough for some but obviously for future networks the topic can not be considered complete unless we adress 5G in terms of security , public cloud integration in Telecom and Hybrid network Managmeent including evolution and migration with legacy networks . If that sounds interesting then keep following my blog as these shall be my topics of upcoming blogs .

Rethink Telco grade Edge Architectures and Solution requirements in 5G Era

5G Markets are developing at a horrendous pace and one thing which is a shared believe across industry is importance of “Edge Networks” to monetize 5G . There are many players in the picture both from Hyperscalers and on-prem vendors and big hybrid cloud players each ready to flood market with “Edge solutions” however fragmentation in this critical component means there will be varying different models of “Edge” consumption which obviously will be a bottleneck to its global adoption .

The purpose of this paper is to share my thoughts around how important is to align on principles and Specs in order to make possible for Telco’s to Mix and Match between different players . First of all when we view Edge from Telecom Operator perspective it means

“Support of Cloud like characteristics near to service consumers including Network boundary (Network Edge) or customer boundary (Customer Edge)”

Below is the summary of those principles that needs to be followed to build a robust “Edge” that can delivers a global scale .

#1:Cloud or Edge

Cloud vs Edge is same like Electricity Generation and Distribution , we know both are important and both need to be modernized over time . With most Apps becoming Cloud Native the core principle is to move those Apps towards Edge which are obviously impractical to host on central cloud due to many factors including regulatory , privacy , latency ,data reduction or technical feasibility aspect . Even in this case the two clouds need to co-exist like Cloud can support Edge clouds to deliver data based solutions , AI use cases or simply use Edge API’s to deliver an E2E use case.

source: Kubecon

#2:Operational Model

With thousands and may be million of devices at edge the real question is how we can operate it using same cloud type principles we learnt during so many years . It also need to re-use same CI/CD pipelines and test/on-boarding mechanisms they used for Cloud and not just limited to Private but also Public Clouds .

#3:Data and Privacy

Every business is a Digital Business and being secure is now a must have not a nice to have. As a result businesses are assessing their cyber security and resilience posture that are fully compliant with both Data and Privacy concerns , determining where they have gaps and what they need to do about them.  A leading Infrastructure provider like Dell Technologies has a valuable role to play, ensuring that security is intelligent, automated and built into everything, everywhere.

Data protection regulations differ between countries and regions (such as the EU). The Edge architecture needs a flexibility to meet Data Protection requirement set by each country and operator

#4:LCM and Day2

What makes Edge a “Ranch” is it is a rugged environment with constraint resources , further tenants are dynamic and commercial model do not enforce a long term commitment something Public clouds always love to have . So ability and build and importantly tear down service on the fly is a must . In addition application mobility strategy that includes QoE, geographical store and privacy policies;

#5:Global Scale and Mobility

One area that is still un-touched is how to open Global Edge owned by 100’s of operators using same API exposure to Developers .In other words Developer can develop Apps in Verizon same way as it can do for Telstra in Australia . It require solve certain issues like

  1. How to ensure build Edge globally using same principles at least for developers
  2. How to assure service consistency during Mobility
  3. Support for roaming where VPLMN can ensure to deliver same service with same QoE something we in Telecom industry has never done
  4. Able to receive geographical UE mobility events (e.g. when leaving a pre-defined area) from the network or the UE.

Ideally, mobility is handled invisibly to the application’s end-user by the mobile network operator.

#6:Securing the Edge

In explaining Core vs Edge , obviously we expect “Edge” to be universally secure . It require not only “Cloud” all security specs to be followed but also Some specific things related to Edge which are of importance

  1. Data ingestion and analysis real time e.g to auto lock once a physical intrusion is detected.
  2. Real time Telemetry based on Streaming and eBPF principles
  3. Support Silicon root of trust e.g Intel v7
  4. Residual data clean up (A known issue in industry)
  5. “Configuration” related CVE poses a biggest threat to Edge security and use of ML/AI to detect and manage “Configuration” and MME (Man made errors) is a must for Edge architectures.

#7:API and Dev to proliferate Edge

Edge require a new way to expose #API and how to define its Specs. Our recent work with in GSMA Edge group may be a good starting point to take #Telco grade view to this #software problem by adressing following .

1. How Different Edge (Public , Private , Hybrid all will expose same end points)

2: How to smoothly tear down an Edge service

3: what are #VNF and #CNF package requirements and how it is different from #ETSI Sol and IFA Specs ? how much we can re-use

4: How to extend #Cloud Infra #CICD to Edge with maximum re-use

5: Monitor Edge resources in real time

6: What are tools and catalog for #Edge , can we re-use #NFVO VNF catalog at the edge and if so how ? as it should be a distributed architecture but managed centrally .

7: How #Dev can ensure #Edge resilience , consider a situation when a 5G and its #Edge resources are down ,

can services can switch consider it was a non H/A site (Again consider $ cost , we can not afford it ).

How #Edge availability can be achieved specially where own Telco sites are not available and need to rely on other Partners and #Telco‘s , how to ensure same service with same QoE for #Dev

#8:Resource Management

Once we imagine the Edge the first and most important feature that comes to mind is resources . Following should be available on Edge Resources

  1. Inventory for all resources
  2. Usage of resources via real time monitoring
  3. Cloud resource reservation mechanism exposure following “need to Know” mechanisms
  4. Configuring UE App’s to get real time view on customer experience
  5. Support of resource sharing using USRP and other mechanisms
  6. Visibility in the Cloudlet locations based on 3GPP LBO mechanisms
  7. Give fair insights of UE and App Mobility in changing resource scnerios
  8. Support “Intent” and “Policy” enforcement through Orchestration and Cloud Infra tools whether Edge is a Public or a Private

Ideally the Edge Data Model must give same level of resources exposure and management capabilities to developers of Telco as it can give to Developers outside home country through E-W connectivity and necessary Mobility arrangements

#9:Resource Discovery and Catalog

As developers will build and deploy Applications it becomes increasingly important to have same tools and catalogs that they can use . Normally they can be accessed via E-W API or through MEF and upper layer Orchestration capabilities . The parameters expected are

  1. Location details
  2. Infra resources keeping view of stateful workloads
  3. Acceleration resources like GPU , vPU , NPU and Smart NICS
  4. QOS profiles both for Provisioning and Monitoring aspects .Monitoring is vital for resources discovery to ensure only valid resources are available for provisioning , this is a complex as it is not just limited to Cloud resources but also need analyze Network topology , transport characteristics etc
  5. Cost budgets for each AZ , this information is vital (e.g. the use of several small zones, that combined, cover the needed Region and are offered by different partners, instead of a more extensive and expensive zone offered by another partner)

#10:Redefining Edge Application with Telecom Grade

Since there are many Edge and some are infact commercial for long time so it is vital to end the Edge architectures for 5G era with a touch on what is Edge Native for 5G era or simply can we build an Edge application with 5 9’s reliability and a Telco grade that can be benchmarked with same characteristics as provided by large OEM 5G Core CNF’s ? . Such App need to know the App characteristics from user perspective and those App components and architectures needed to manage it .

  1. Edge application package and artefacts standardization to onboard using uniform capability
  2. Flavor characteristics consider the fact it can be a different flavors in different Telco’s , Flavor exposure before instantiation is the best Model for a Edge App
  3. QOS characteristics like Location , Identify , Quality and security
  4. App state profile to ensure all such components are sinned in a coordinated fashion
  5. Deployment models needs to be flexible but in certain cases Telco should be ale to select all details of what type of Edge cloud it want to deploy App
  6. Elasticity profile like how it will scale as per load demand
  7. Resource migration e.g whether it needs to be auto or steered by customers
  8. App and Edge cloud coordination is vital , ideally it needs to be de-coupled but we know from experience in Telecom Clouds for many use cases such information coordination between different layers is a key
source: Kubecon 2021

In a summary we can see that the Edge Cloud and Application with Telecom characteristics is quite different than normal Edge applications available today and mostly offered through public clouds delivery model . It is very important to bring experience from both Telco Clouds and Orchestration/Automation platforms together with NaaS and connectivity framework something Telco’s has been doing for long time .

 Experience from Telco Cloud , Orchestration/Automation and NaaS connectivity is the future of Edge Infrastructure and Applications 

Final thoughts on how Remote Work will influence Edge Architectures

According to World Economic forum report Sixty-five percent of children starting school today will work in jobs that have not been invented yet .

This re-confirm that there is a different sort of infrastructure required for new era and it will require Edge and EUC (End user compute) and user devices to work in conjunction . Ideally we want to make end device nimble and hence “Edge” solution should off load most heavy lift from end device and still ensuring

  1. Worker productivity (At least 4X times compared to today)
  2. Secure work environment with notion that all users will be #WFH primarily accessing the services from remote and hostile access locations that may be an easy Ransom and CVE target
  3. Data sovereignty and policy , although organizations go remote still IT like same type of control e.g Data sharing , employee accessibility , usability etc
  4. Auto optimization using ML/AI to ensure infra , tools and software is optimized on a per user level based on his/hear usage trends and not a generalized Infra which is not optimized
  5. Lastly the security of end user devices through Edge solutions is vital including data analytics ,configuration audits and steer mechanism like auto lock and reboot will be both vital and exciting how Edge solutions need to solve some of the issues of remote Work and its productivity .

I guess this will be an exciting era of Edge and User experience .

Edge + End user productivity solution cohesion is the future of work in post covid-19 world and Infrastructure providers like Dell who operate in both domains is in ideal situation to solve this complex requirement in a simple yet efficient manner