Introducing Development Features for Virtualized Network Services

Network virtualization and softwarizing network functions are trends aiming at higher network efficiency, cost reduction and agility. They are driven by the evolution in Software Defined Networking (SDN) and Network Function Virtualization (NFV). This shows that software will play an increasingly important role within telecommunication services, which were previously dominated by hardware appliances. Service providers can benefit from this, as it enables faster introduction of new telecom services, combined with an agile set of possibilities to optimize and fine-tune their operations. However, the provided telecom services can only evolve if the adequate software tools are available. In this article, we explain how the development, deployment and maintenance of such an SDN/NFV-based telecom service puts specific requirements on the platform providing it. A Software Development Kit (SDK) is introduced, allowing service providers to adequately design, test and evaluate services before they are deployed in production and also update them during their lifetime. This continuous cycle between development and operations, a concept known as DevOps, is a well known strategy in software development. To extend its context further to SDN/NFV-based services, the functionalities provided by traditional cloud platforms are not yet sufficient. By giving an overview of the currently available tools and their limitations, the gaps in DevOps for SDN/NFV services are highlighted. The benefit of such an SDK is illustrated by a secure content delivery network service (enhanced with deep packet inspection and elastic routing capabilities). With this use-case, the dynamics between developing and deploying a service are further illustrated

5G-PPP Software Network Working Group:Network Applications: Opening up 5G and beyond networks 5G-PPP projects analysis, Version 2

It is expected that the communication fabric and the way network services are consumed will evolve towards 6G, building on and extending capabilities of 5G and Beyond networks. Service APIs, Operation APIs, Network APIs are different aspects of the network exposure, which provides the communication service providers a way to monetize the network capabilities. Allowing the developer community to use network capabilities via APIs is an emerging area for network monetization. Thus, it is important that network exposure caters for the needs of developers serving different markets, e.g., different vertical industry segments. The concept of “Network Applications” is introduced following this idea. It is defined as a set of services that provides certain functionalities to verticals and their associated use cases. The Network Applications is more than the introduction of new vertical applications that have interaction capabilities. It refers to the need for a separate middleware layer to simplify the implementation and deployment of vertical systems on a large scale. Specifically, third parties or network operators can contribute to Network Applications, depending on the level of interaction and trust. In practice, a Network Application uses the exposed APIs from the network and can either be integrated with (part of) a vertical application or expose its APIs (e.g., service APIs) for further consumption by vertical applications. This paper builds on the findings of the white paper released in 2022. It targets to go into details about the implementations of the two major Network Applications class: “aaS” and hybrid models. It introduces the Network Applications marketplace and put the light on technological solution like CAMARA project, as part of the standard landscape. <br/

Network Security Automation

L'abstract è presente nell'allegato / the abstract is in the attachmen

Formal assurance of security policies in automated network orchestration (SDN/NFV)

1noL'abstract è presente nell'allegato / the abstract is in the attachmentopen677. INGEGNERIA INFORMATInoopenYusupov, Jalolliddi

Testbed para aplicações e serviços 5G

With 5G technologies growing, there is the need to adopt the NFV paradigm to align with the demands of a 5G environment. This entails the decoupling of hardware from the functions it provides, expediting service development. However, the adoption of NFV raises many challenges, one of which is the validation of Virtualized Network Functions. 5GASP is a European project that aims to shorten the idea-to-market process by creating a fully automated and self-service 5G testbed. In alignment with 5GASP’s objectives, this dissertation seeks to design tests for the validation of Network Applications used within a 5G environment. Furthermore, the Service-Based Architecture offers the NEF, which enables external application access to 5G core functions. With these concepts in mind, the solution provided by this dissertation uses NEF to verify whether a Network Application can correctly interact with a 5G Network. This is achieved by integrating NEF into the validation pipeline of 5GASP and developing tests to assess the behavior of Network Applications. In summary, this document presents the designed architecture and the implementation of these mechanisms, along with their respective results and outcomes.Com o crescimento das tecnologias 5G, há a necessidade de adotar o paradigma NFV para responder às necessidades de um ambiente 5G, o que leva à separação do hardware das funções que ele fornece, acelerando o desenvolvimento de serviços. No entanto, a adoção de NFV traz muitos desafios, um dos quais é a validação das VNF. O 5GASP é um projeto europeu que visa a encurtar o processo de ideia-ao-mercado, criando um ambiente de teste 5G totalmente automatizado. Em alinhamento com os objetivos do 5GASP, esta dissertação procura criar testes para a validação de Network Applications usadas em ambiente 5G. Além disso, a Arquitetura Baseada em Serviços oferece o NEF, que permite o acesso de aplicações externas às funções da rede 5G. Com estes conceitos em mente, a solução apresentada por esta dissertação utiliza o NEF para verificar se uma Network Application consegue interagir corretamente com uma rede 5G. Isto é alcançado integrando o NEF no pipeline de validação do 5GASP e desenvolvendo testes para avaliar o comportamento das Network Applications. No geral, este documento apresenta a arquitetura definida e a implementação desses mecanismos, juntamente com seus respectivos resultados.Mestrado em Engenharia de Computadores e Telemátic

HIL: designing an exokernel for the data center

We propose a new Exokernel-like layer to allow mutually untrusting physically deployed services to efficiently share the resources of a data center. We believe that such a layer offers not only efficiency gains, but may also enable new economic models, new applications, and new security-sensitive uses. A prototype (currently in active use) demonstrates that the proposed layer is viable, and can support a variety of existing provisioning tools and use cases.Partial support for this work was provided by the MassTech Collaborative Research Matching Grant Program, National Science Foundation awards 1347525 and 1149232 as well as the several commercial partners of the Massachusetts Open Cloud who may be found at http://www.massopencloud.or

Intent-based network slicing for SDN vertical services with assurance: Context, design and preliminary experiments

Network slicing is announced to be one of the key features for 5G infrastructures enabling network operators to provide network services with the flexibility and dynamicity necessary for the vertical services, while relying on Network Function Virtualization (NFV) and Software-defined Networking (SDN). On the other hand, vertical industries are attracted by flexibility and customization offered by operators through network slicing, especially if slices come with in-built SDN capabilities to programmatically connect their application components and if they are relieved of dealing with detailed technicalities of the underlying (virtual) infrastructure. In this paper, we present an Intent-based deployment of a NFV orchestration stack that allows for the setup of Qos-aware and SDN-enabled network slices toward effective service chaining in the vertical domain. The main aim of the work is to simplify and automate the deployment of tenant-managed SDN-enabled network slices through a declarative approach while abstracting the underlying implementation details and unburdening verticals to deal with technology-specific low-level networking directives. In our approach, the intent-based framework we propose is based on an ETSI NFV MANO platform and is assessed through a set of experimental results demonstrating its feasibility and effectiveness

Deploying building information modeling software on Desktop as a Service platform

Desktop as a Service (DaaS) is a novel cloud computing service that provides cloud-based virtual desktops on-demand to end users. The major advantage of DaaS is the capability to quickly deliver expeditious control of a full desktop environment to end users from various device platforms such as Android, iOS, MacOS or Web access from anywhere and at any time. This master thesis is a proof of concept to demonstrate the practicability to deploy the case company's graphics-intensive building information modeling software, Tekla Structures on Amazon Web Services' DaaS solution, named Amazon WorkSpaces. We investigated the whole deployment process of the software to the Amazon WorkSpaces. After clarifying the deployment process, we developed the working prototype consisting of different Amazon Web Services to automate the process. Furthermore, we implemented operational test cases for the prototype and for the Tekla Structures running on Amazon WorkSpaces to determine the feasibility of using this novel cloud service for the production purpose in the case company. In summary, Amazon WorkSpaces is a highly anticipated DaaS solution that can simplify the desktop and software delivery process to the case company's customers. The prototype developed in the thesis can automate the deployment process and launch new Amazon WorkSpaces to a sufficient extent. Moreover, the evaluation shows that the prototype can handle its automation tasks correctly based on the proposed architectural design and the Amazon WorkSpaces with Graphics hardware configuration are capable of operating Tekla Structures impeccably as in physical Windows desktops

A novel approach for security function graph configuration and deployment

Network virtualization increased the versatility in enforcing security protection, by easing the development of new security function implementations. However, the drawback of this opportunity is that a security provider, in charge of configuring and deploying a security function graph, has to choose the best virtual security functions among a pool so large that makes manual decisions unfeasible. In light of this problem, the paper proposes a novel approach for synthesizing virtual security services by introducing the functionality abstraction. This new level of abstraction allows to work in the virtual level without considering the different function implementations, with the objective to postpone the function selection jointly with the deployment, after the configuration of the virtual graph. This novelty enables to optimize the function selection when the pool of available functions is very large. A framework supporting this approach has been implemented and it showed adequate scalability for the requirements of modern virtual networks