It’s not a case of if, but when: that’s the message when it comes to communications service providers (CSPs) embracing virtualization. CSPs of all kinds, whether mobile network operators, telcos or carriers, are increasingly seeking to take advantage of optimized network efficiency, greater agility and the opportunity to create new revenue streams – all of which can be done easier and quicker in virtualized environments.
One of the key drivers is the transition to 5G, and enabling IoT environments that will require cost-effective and flexible solutions if they are to be commercially feasible. For 5G, it is all about high performance and low latency, which will require more distributed environments, closer to the end user. The same is true for IoT, with millions of connected devices to the network resulting in higher data throughput, and extremely high requirements for low latency, for example for connected and self-driving cars. These needs can only be supported by a cost effective environment, such as SDN/NFV, and operators are already starting to prepare this by establishing virtual packet core networks today, which is the foundation for extending to virtual radio access networks (RANs) to support 5G roll-outs in the years to come.
Software Defined Networking (SDN) and Network Function Virtualization (NFV) technologies are the driving forces of virtualization, replacing inflexible hardware with elastically-scalable software. Analyst Gartner suggests that CSPs deploying these technologies can anticipate hefty Opex reductions of 60 percent and Capex reductions of 40 percent. What’s more, they can use virtualization to enhance existing services and accelerate the deployment of new ones, like on-demand virtual VPN services for enterprises. SDN and NFV, in short, can be the answer for telecommunications companies looking to drive innovation and retain their edge in a highly competitive marketplace.
So it’s no surprise that through to 2018, it’s predicted that more than 70 percent of CSPs will have conducted proof-of-concept projects based on SDN and NFV technologies, and over half are expected to have already moved towards live deployments.
The security barrier
However, the move to virtualized environments also changes the way that CSPs need to approach securing their networks. Their security protections need to be more agile, both in terms of adapting to rapid changes to network and application connectivity, and in terms of ability to scale. Virtualized environments can be reconfigured and new applications provisioned far quicker than in conventional networks, and so they demand a security infrastructure that matches this flexibility.
But many CSPs’ existing, traditional security solutions are becoming barriers that can obstruct the rapid, business-driven changes that virtualization offers. CSPs’ current networks are usually secured by traditional ‘big iron’ carrier-class physical security appliances. These security gateways are expensive, because their hardware is optimized to deliver maximum throughput and performance to support millions of concurrent connections, and also because high availability is also a critical issue: CSPs can’t afford the loss of revenues resulting from even a temporary outage.
But as NFV decouples network functions from their physical locations, CSPs will want to start deploying services based on customer demand, wherever and whenever they are needed. And it’s both difficult, and extremely costly, to reconfigure and re-provision these traditional large, physical security appliances to achieve this. So CSPs need to reduce their reliance on traditional appliances, and replace them with virtualized, SDN/NFV-ready solutions. These solutions are security virtual network functions (VNFs).
Virtualization opportunities – and challenges
Security VNFs enable security functions to be deployed as an integrated part of the overall SDN/NFV environment, giving dynamic solutions that can scale up or down according to the capacity needed at specific points in time, and enable the CSP to capitalize on the new revenue opportunities presented by service chaining and service automation.
However, CSPs need to choose the security VNF solutions they plan to use carefully, in order to get both the maximum flexibility and protection for their deployments. While virtual security appliances are relatively well understood in enterprise private and public cloud environments, telecoms infrastructures have additional, specific complexities and challenges that need to be addressed by the security solutions they use. Let’s take a closer look at these CSP-specific requirements and capabilities for security VNFs:
Security VNFs with these capabilities will enable CSPs to secure their virtualized infrastructures robustly, without limiting their agility or speed of response to customer and market demands.
By choosing VNFs that can be deployed either as stand-alone virtual appliances, or fully integrated into an orchestrated SDN/NFV environment, CSPs can be assured of a smooth migration path from initial, proof-of-concept virtualization projects to full commercial roll-outs in their networks. This enables CSPs to start replacing legacy security appliances as part of a carefully-planned, stepwise transition, while ensuring that security of the network is never compromised at any point – giving them the foundation for advanced, secure SDN/NFV-enabled services and business models.
About the Author
Erik Engström is Head of Global Telecom Sales for Clavister. He joined Clavister in 2013 from Nokia, where he held various sales roles with key responsibilities for LTE security solutions, and now leads Clavister’s telco sector offering.
Network functions virtualization and software-defined network solutions provider Brain4Net Inc. has announced that its B4N SwitchOS has been certified…
Trumbull, CT, July 11, 2017- TMC, a global, integrated media company helping clients build communities in print, in person and online, today announced…
Mavenir and DNS server company Secure64 have forged a partnership through which they will provide NFV-ready, scalable IMS systems to global telecommun…
Windstream this week announced its membership to the Open Network Automation Platform Project.
The user data repository offered by Openwave Mobility has been validated as VMware Ready for network functions virtualization.