Sophia Antipolis, 13 October 2015
ETSI Network Functions Virtualisation (NFV) Industry Specification Group has just released 3 new specifications on security and reliability, providing guidance on lawful interception implementation in an NVF environment, giving a survey of the security features in an open source management software relevant to NFV, with OpenStackTM as the first case study and describing a study of how today's Cloud/Data Centre techniques can be adapted to achieve scalability, efficiency, and reliability in NFV environments.
As many regulatory authorities require operators to provide Lawful Interception capabilities, specification GS NFV-SEC 004 explores the architectures and designs to allow Lawful Interception capabilities to be provided in NFV deployments, addressing the NFV community and the wider lawful interception community.
As the obligation to support lawful interception applies irrespective of traffic type, signalling format or network configuration, where a network function is virtualized the corresponding LI function should also be virtualized in such a way as to maintain the flexibility of the virtualization. This point is addressed in the section dealing with architectures and structures for lawful interception in networks composed from Virtualized Network Functions (VNFs).
The second specification related to security, GS NFV-SEC 002, applies to security features in open source management software, with OpenStackTM, a widely adopted cloud operating system, as the first use case. It aims to cover all applicable aspects of information and network security.
The document addresses the OpenStack modules that provide security services (such as authentication, authorization, confidentiality protection, integrity protection, and logging) together with the full graphs of their respective dependencies as well as the ones that implement cryptographic protocols and algorithms.
Mike Bursell, vice chairman of the working group NFV security, asserts: “Open Source software is a key building block for many NFV deployments, and can help with many of the goals that ETSI NFV seeks to promote, including accelerated time-to-market and improved interoperability. To do so effectively requires having a knowledge base of the security features and cryptographic algorithms supported in each relevant code base. This helps shed light on how best to provision and deploy the relevant software and on enhancements necessary to meet NFV security requirements.”
As NFV applications are subject to privacy and security regulations, such a knowledge base is of particular importance in the area of management and orchestration, (MANO), which plays a critical role in NFV security.
The third specification on reliability published by ETSI NFV ISG, ETSI GS NFV-REL 002, describes a study of how today's Cloud/Data Centre techniques can be adapted to achieve scalability, efficiency, and reliability in NFV environments. These techniques are designed for managing shared processing state with low-latency and high-availability requirements. They are shown to be application-independent and can be applied generally, rather than have each VNF use its own idiosyncratic method for meeting these goals.
Accordingly, the document provides an overview of how such architectures are currently deployed in Cloud/Data Centres, describes various categories of state and how scaling state can be managed. It also describes scale-out techniques for instantiating new VNFs in a single location where failures have occurred or unexpected traffic surges have been experienced.
ETSI produces globally-applicable standards for Information and Communications Technologies (ICT), including fixed, mobile, radio, aeronautical, broadcast and internet technologies and is officially recognized by the European Union as a European Standards Organization. ETSI is an independent, not-for-profit association whose more than 800 member companies and organizations, drawn from 64 countries, determine its work programme and participate directly in its work.