In the world of NFV, we have defined the concept of management and network orchestration (MANO). In the rush to capitalize on the promise of NFV, many telecom providers have focused purely on the NFV orchestration (NFVO) piece, i.e. the orchestration of virtualized solutions. As these operators move from the lab and trials to production, they’re starting to realize that there’s a key piece missing – management. Telecom providers must consider the management of virtual functions, networks, and services in order to roll out services at scale. In other words, they must work on putting the M in MANO.
So, What Do We Need for NFV Management?
Here are some of the essential high-level requirements for putting the M in MANO. These are required to achieve deployability at scale and to realize operational efficiencies.
Simplified management networking. Telecom operators are used to having clearly-separated user and internal management networks (a.k.a. data communications network or DCN). They also expect to assign one automatic (dynamic host configuration protocol or DHCP) address to each end node for management. Supporting this requirement greatly simplifies the deployment and management of NFV infrastructure.
Multi-layer security. There are no silver bullets to ensure security, so we need a layered approach. This means addressing vulnerabilities at each layer, including networking, NFV infrastructure, virtualization, application, and management. For management, that means running the latest versions of protocols such as secure sockets layer (SSL) and IPSec, and supporting connections into standard security gateways.
Software management. One the main benefits of cloud-centric technologies is the ability to innovate at the speed of software. This only works if operators can upgrade software easily, and in the case of resulting issues, revert to the previous version. Software maintenance includes both virtual network functions (VNFs) as well as the NFV infrastructure itself. In addition, it must be straightforward to onboard new VNFs. NFV management must also fit into standard networking and security models (such as the security gateways mentioned above).
Service chain creation, visibility, monitoring, and troubleshooting. The heart of NFV-based services is the service chain. We build a service chain from a set of VNFs, connect them by networking, and possibly distribute them across multiple locations or clouds. Operators require the ability to build complex service chains on demand. A manageable system must also provide service assurance with the ability to visualize, monitor, and troubleshoot the service chain. The system must provide statistics on how the service chain is operating, as well as virtualization-aware tools for analysis and debugging (such as ping and traceroute).
Zero touch provisioning (ZTP). Increasing service velocity means increasing automation and reducing manual touches. With ZTP, a service provider can have an unconfigured server shipped directly to a customer site and installed by an unskilled end-user. The service is then turned up without the need for a technician on site or any manual configuration. No server inventory at the operator, no pre-configuration, and no truck roll. In addition, a complete ZTP solution addresses multiple layers of NFV:
- Authenticates and initializes the NFV infrastructure
- Configures networking for secure connectivity and/or for multi-cloud service chaining
- Builds the VNF service chain
- Initializes the VNFs
- Handles VNF licensing by registering newly launched VNFs with their VNF manager
- Integrates with higher-level OSS/BSS systems such as provisioning, inventory, and billing
Separation of Design and Deployment Phases
The service chain configuration and ZTP described above have two clear phases: design and deployment.
- The design phase includes tasks such as onboarding VNFs, designing services, defining ZTP operation, and other complex and infrequent tasks.
- The deployment phase covers the tasks that occur each time a customer site or service is created or changed. It includes the per-site configuration items that can be handled manually or tied into flow-through provisioning.
Clearly separating the design and deployment phases has these benefits:
- Operators can get started quickly using pre-packaged designs, or engage consultants to create custom designs.
- The design phase provides an abstract view of complex services as applications and templates, simplifying integration into higher level operations support system/business support system (OSS/BSS), or portal systems.
- The deployment phase provides a simple framework for everyday deployment of services at scale with less-trained staff.
Virtualization, Yes, But Don’t Forget About Management
Leading service providers are now bringing their NFV strategies to life. They are using a multi-vendor implementation of NFV to build and deliver sophisticated new services and to take advantage of the benefits of cloud technologies. The days of lab experiments and endless RFx activity are over. Reaching the next level of NFV maturity means putting the focus on MANO. There are a number of solutions for NFVO, including both proprietary and open source. However, NFVO is necessary but not sufficient. We need management systems that provide the needed operation features – and that put the M in MANO.