Assuring security integrity becomes even more challenging when multi-cloud or multi-site NFV is considered. Virtual networks may span from data centers, remote points-of-presences, to mobile base stations, and to customer premise locations. Not all VNFs are suitable to be centrally hosted for a variety of reasons, including latency, bandwidth and performance. The resulting architecture is very effective and practical for hosting various types of VNFs and changes the convention definition of a security perimeter.
Clearly, maintaining configuration integrity will be necessary in order to meet regulatory and compliance requirements, which will be increasingly challenging and potentially expensive in virtualized networks.
An effective network data integrity assurance strategy must be highly scalable. It must be able to collect, compare and report on tens-of-millions of real-time configuration and service parameters from hundreds-of-thousands of physical and virtual network functions, NFVI (i.e. servers, hypervisors, etc.), and management and orchestration systems. It must have the ability to discover network service topology and compare to inventory databases, automatically reconciling mismatches and discrepancies. Identifying, alerting, and correlating network data integrity analytics with security events will be important to maintain a reliable and secure network. Lastly, any strategy must be open and interoperable, and easily integrated into BSS, OSS, and orchestration systems, as well as multi-vendor physical and virtual network functions.
The benefits that can be gained from a holistic network data integrity strategy include:
We’ve reached the end of the beginning of SDN/NFV transformation. The time is now time to focus on deployability. Most of the challenges, including network data integrity, which exist with today’s convention networks will become magnified with new hybrid physical and virtual networks. And new ones will emerge. We are beginning a massive market transformation where many of the operational barriers first need to be identified, and then overcome.
________________
About Nakina:
Nakina offers a suite of Network Integrity applications for managing, securing, and optimizing physical and virtual networks. Nakina’s applications are built upon our Network Integrity Framework - open and modular software platform that abstracts network complexity, normalizes multi-vendor management, and bridges the physical and virtual worlds for Management and Orchestration systems. Our software is proven, trusted and protects the world’s largest and most important networks.