We are approaching an interesting and critical phase in our industry as SDN and NFV transition from evaluation phases to commercialization and deployments. Everyone is more or less familiar with the “crossing the chasm” analogy for technology adoption cycles. The most difficult step, the chasm, is the transition between visionaries (early adopters) and pragmatists (early majority).
Virtualization itself is not new – the technology, approach, and benefits have been widely implemented and proven in enterprise environments for quite some time.
Communication service providers (CSPs) have committed to evolve largely out of necessity. Cost improvements, operational efficiency, and accelerated new service introduction times are all reasons cited as to why NFV is an integral evolutionary step.
So where exactly are we in the NFV lifecycle? One view is that we’ve reached the end of the beginning. Initial evaluations and proof-of-concepts are completing. Some initial benefits have been proven, but at the same time more of the operational considerations and questions are materializing. It is likely that the rate, scope, and complexity of operational questions will both accelerate and increase. To cross the chasm, NFV will need to be “operationalized.”
There are a number of operational areas that will quickly come into focus – one is security. How will virtual networks be secured? Roles and responsibilities were once easier to define. In a virtual environment, the hard boundaries between physical network functions are now blurred. There are multiple levels/domains that need to be administered, such as the NFVI (including the hypervisor), VNFs, and VNF managers and orchestrators, as well as external systems such as OSS and policy systems.
Security assurance will become part of a holistic service assurance strategy, requiring a service-driven and contextual view of security access control policies. Services and service chains will be complex, spanning shared infrastructures, physical networks, locations, and clouds. We’ll undoubtedly see an increase in complexity in regard to administering security privileges and policies to ensure that the right systems, processes, and people have the appropriate access end-to-end in order to turn on, manage, optimize, and troubleshoot services.
Some NFV purists believe that management of virtual networks will be simpler. In some ideal future state, humans will never have to log into networks. Everything will be automated. Conversely, pragmatists believe this is unlikely. In reality, automation will increase (it has to), but humans will still need to access network resources manually. Configuration errors will continue to occur, provisioning issues will continue, troubleshooting complex issues will still require human correlation. The definition of identity access management needs to evolve to encompass both people and processes. Administration of who, or what system, can view, set, or change configuration parameters and effect network policies becomes vital, especially given the interdependencies between NFVIs and VNFs, and overall service performance and availability.
We’re entering an exciting phase in the evolution of NFV. Ultimately, realizing the commercial benefits of NFV rests on the ability to achieve pervasive implementation. Identifying and solving some of the practical and critical operational considerations will be essential in order to “cross the chasm” instead of “jumping the shark.”