Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Automated and secure service activation at the network edge with zero touch provisioning

1,547 views

Published on

The ADVA FSP 150 ProNID range of network edge devices now features secure zero touch provisioning. This automated deployment capability offers a huge boost to communication service providers (CSPs) as it accelerates new service activation while at the same time driving down operational costs.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Automated and secure service activation at the network edge with zero touch provisioning

  1. 1. Automated and secure service activation at the network edge with zero touch provisioning April 10, 2018
  2. 2. © 2018 ADVA Optical Networking. All rights reserved.22 Empowering the network edge – secure, zero touch service delivery Physical and virtual network edge Secure networking Zero touch operations Cloud-native hosting Openness and assurance Aggregation Hand-overDemarcation Virtual appliance hosting Programmable edge services CE 2.0 and IP services Ensemble NFV software solutions Metro network FSP network management suite
  3. 3. © 2018 ADVA Optical Networking. All rights reserved.33 NFV and SDN create business opportunities but adds complexity  Relieve provisioning work load Minimizing manual processes for faster innovation and lower production cost IoT and 5G increase the number of intelligent edge devices  Minimize cost of installation Configuration but also functionality of edge devices need to adapt to changes  Automated configuration/provisioning Site visits create cost and take time; manual configuration is failure prone  Reduce need for human input Intelligent edge devices Time to revenue Increasing complexity High number of devices What’s driving the need for zero touch operation? Motivation: Automation at the network edge
  4. 4. © 2018 ADVA Optical Networking. All rights reserved.44 Manual steps: - Install device - Plug in network connection - Power it up Automated processes: - Network connectivity - Upload/install software updates - Load and activate configuration - Service test and activation High-volume products need to self-start without human intervention Zero touch service activation Simplifying operations
  5. 5. © 2018 ADVA Optical Networking. All rights reserved.55 • Human-driven activation and commissioning: security relies upon skilled and trustworthy field engineers • Automated provisioning: security mechanisms are needed to mitigate lack of human control Automation needs to come with security controls mitigating new attack vectors Elimination of manual processes increases attack surface Threat landscape at the automated edge Cloud and internet access Rogue user installs manipulated device Fake server provides corrupted firmware Malicious software installed during shipment
  6. 6. © 2018 ADVA Optical Networking. All rights reserved.66 Vendor • Provides hardware and software • Runs private CA for own products and servers Service provider • Runs NOC • Operates software server with boot-images, config Public CA creates certificates for vendor and service provider (optional) Edge devices need to be securely authenticated and provisioned Three stakeholder model: vendor, service provider and CA Use case: Zero touch provisioning Communication service provider’s NOC Software server Untrusted connectivity network On-premises edge device Certification authority (optional, not considered in the following, simplified case)
  7. 7. © 2018 ADVA Optical Networking. All rights reserved.77 The device requests a secure connection to Ensemble authentication server The device knows the server’s IP address and has trust anchor certificate of server Trust relation established with mutual authentication Mutual authentication ZTP with FSP 150 ProNID and Ensemble authentication server #1 UNI Service provider access/core network DHCP File Server
  8. 8. © 2018 ADVA Optical Networking. All rights reserved.88 Creating a device identity: entering UID and credentials Using the UID as a key the correct onboarding information is sent to the NID With established trust relation and secured connection, the onboarding information staged on the server might be unsigned Device authorization through User ID (UID) ZTP with FSP 150 ProNID and Ensemble authentication server #2 UNI Service provider access/core network DHCP File Server
  9. 9. © 2018 ADVA Optical Networking. All rights reserved.99 The onboarding information contains configuration information as well as post- configuration script NID uses down ECPA on network port to test the connection The PE‘s port facing the NID is preconfigured with facility loopback on and will loop back ECPA test frames Post-configuration script to test the physical bearer Automated service pre-activation testing UNI Customer xyz PE ECPA
  10. 10. © 2018 ADVA Optical Networking. All rights reserved.1010 Automated device configuration and activation of business services Zero touch instantiation of virtual network functions with uCPE Applicable with electrical and optical products ZTP is a unifying feature across our wider product portfolio Automation is widely applicable Demarcation Virtual appliance hosting Programmable edge services High bandwidth business access FSP network management suite
  11. 11. © 2018 ADVA Optical Networking. All rights reserved.1111 Eliminating time- consuming and failure- prone manual processes Cryptography becomes essential competence for ZTP as well as IoT Available with FSP 150 and Ensemble software solutions Improving network security and operational efficiency with ZTP Standard compliant for easy integration Summary: ZTP, an essential step towards ZT operations
  12. 12. Thank you IMPORTANT NOTICE The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited. The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation. Copyright © for the entire content of this presentation: ADVA Optical Networking.

×