• Issue 1

Virtualized Security – The end of Big Irons

Virtualized, scalable and carrier grade performance/functionalities, a true game changer for CSP's.

Key Challenges in the age of SDN/NFV

Communication Service Providers faces the most disruptive challenges ever seen in the industry

Migrating towards SDN/NFV is inevitable for most CSP's as it offers superior benefits in the area capacity scaling, agility and operational efficiency. Even if SDN/NFV might be a well known concept – especially in the world of private and public clouds of the enterprise world – the telecom infrastructures have additional complexities and challenges that need to be addressed. The winners will be the CSPs that develop a holistic solution that overcomes both telecom specific and SDN/NFV challenges.

Key Concern and Market Driver

Recommended Buyer Requirements

Massive Data Growth – The Performance Challenge

  • Data traffic in mobile networks will grow 300% until 2018*
    Source: Gartner, Report, Jessica Ekholm
  • The number of connected devices is expected to grow to to 20.8 billion by 2020. Source: Gartner, Press Release, Nov 10, 2015
  • The introduction of 5G is all about performance and latency.


Security VNFs must provide the necessary throughput and capacity to avoid server sprawl.

Security VNFs must support high volume of concurrent connections.

Agility – Becoming a fast moving and competitive company

  • Service automation is critical in order to achieve agility and fast introduction of new services.
  • Security VNFs must be deployed in an integrated fashion, not as an afterthought.
  • Open Standards and a multi-vendor approach is critical for agility.

 

Security VNFs must demonstrate integration capabilities with leading orchestration tools, offering turn-key experience as well as an extensive eco-system with critical technology partners.

Elastic Scalability – Start small, scale fast

  • Trend of increased traffic and more resource demanding security inspections place higher demands on Security VNFs.
  • Scaling performance and capacity by seamlessly adding more vCPUs is critical in order to avoid vm-sprawl, which would result in added complexity.

 

A Security VNF instance must scale seamlessly with added computing power (vCPUs).

Distributed Architectures designed for Quality of Experience

  • The forecasted explosion of IoT devices will create a high demand for a distributed architecture.
  • High Quality of Experience (QoE) and alleviated congestion is achieved by providing services and caching further out into the network.
  • Increased distribution results in more network elements that needs to be protected.
  • A distributed architecture leads to substantially more complex backhaul traffic that must be encrypted and protected.

 

Security VNFs must be possible to deploy, in a streamlined fashion, even in high quantities and widely distributed edge networks.

Security VNFs must manage high volume of IPSec tunnels.

Designed for Telecom Networks

  • To avoid integration and security problems it is critical that components used in the SDN/NFV network complies to various standardizations such as 3GPP and ETSI-NFV.
  • Telecom networks include a wide range of use-cases that each has its own set of specific security requirements. Without a unified approach this can result in added complexity and costs.

 

Security VNFs must be designed for telecom networks and complies to industry standardizations such as 3GPP and ETSI-NFV.

Security VNFs must support a wide range of telecom use-cases such as LTE Backhaul Security, Gi/SGi Firewalling, GRX Security as well as generic 3GPP-NDS functionality.

SDN/NFV Specific Security Challenges

  • Newly introduced elements such as NFV Orchestrators and SDN Controllers are profoundly mission-critical, failure to protect these elements can result in severe disruption and costly downtime.

 

NFV Orchestrators and SDN Controllers must be protected using Security VNFs.

Business Model

  • Opex instead of Capex oriented business models are needed for better revenue and cost alignment.
  • The business and licensing model must be designed for total capacity instead of single Security VNF in order to facilitate distributed environments.

 

The business model for Security VNFs must be based on the required total throughput and capacity, with unlimited number of deployed Security VNFs.

Summary

With the transition to SDN/NFV Communication Service Providers faces the most disruptive challenge ever seen in the industry, primarily as a result of very complex integrations throughout the organization. The key challenges will be integration to various orchestration systems, SDN Controllers, and other platforms, in combination with VNF's that can provide carrier grade performance and functionality.

Even if security challenges for legacy and SDN/NFV based networks in many ways are the same as for a CSP, the security has to be an integrated part of the overall SDN/NFV solution to enable a dynamic solution that can scale up, and down according to the required capacity needed at a specific point in time. If not, the CSP must overbook each server location to coop with traffic peaks, something that will become very costly in a highly distributed environment, and leaving them unsecured is not an option.

View the Solution

Source: Clavister

Return to Home