SUBSCRIBE NOW
IN THIS ISSUE
PIPELINE RESOURCES

Virtualization Reality Check


Hybrid networks ensure that service providers are able to implement the optimal combination of physical and virtual elements in the right ways.

Security

Every day there are headlines trumpeting the latest Internet security breach or compromise of personal or financial data. As service providers consider virtualization, security remains top-of-mind. Securing virtualization includes securing the servers and software that comprise the virtual elements. And, in the case of NFV, service providers must also consider how virtualization affects the security of the network as a whole.

First, securing the software. Service providers must ensure that individual subscriber functions are isolated from each other and that the control data or management network is isolated from the services being delivered. Shared virtual elements or server environments could be compromised or create a blind spot if not properly configured.

In the 2014 Verizon Data Breach Investigations Report, 35% of the 1,367 breaches examined were the result of web application attacks. Hackers that are using the Internet to compromise software applications can also affect the virtual elements being delivered by service providers across the public network. Subscriber isolation requires careful management of customer configurations and connectivity. Enforcement of resource access restrictions are valuable security measures, but limit the ability of service providers to easily expose network elements to partners and content providers.


Of equal importance to service providers is securing the network. In the Verizon report, network assets including routers, switches, and other physical devices are consistently at the bottom of the list of compromised assets. Although malicious traffic passes across the network, network devices are seldom the access point for a breach. Service providers are required to secure all traffic across the network and peeling back multiple layers of virtualization make it extremely difficult to isolate one stream of traffic from another and detect intrusions or breaches as they happen. Many security vendors admit that they cannot unravel multiple layers of virtualization quickly or accurately enough to isolate compromised transactions or fraudulent users.

Quality

Charging and policy enforcement benefit from the comprehensive view of infrastructure assets resulting from abstraction from the network layer and are readily virtualized. However, virtualization of network functions that affect security, service quality, and configuration could potentially delay critical responses such as prioritizing traffic or thwarting security threats. Edge devices used for security and traffic management are able to more rapidly identify problems and take immediate action like shutting down a port or blocking incoming traffic.

Digital media traffic, especially video, is much less tolerant of delay than even voice traffic and requires precise timing and priority handling. Latency, delay, and jitter are all amplified in video transfers and service providers cannot tolerate quality erosion from delays caused by virtual network elements. Managing quality of service (QoS) typically must be accomplished as close to line rate as possible and that becomes difficult when accessing a virtual device requires additional transit time.

Isolating virtual elements and the high performance computing platforms required to ensure quality increase the cost of virtualization and must be considered. The configuration of a hybrid network must take into account the wide variety of network functions involved and implement virtualization where it makes both business and technical sense. Hybrid networks ensure that service providers are able to implement the optimal combination of physical and virtual elements in the right ways. Switching, routing, and network control functions are best conducted close to the network so that quality is not affected.



FEATURED SPONSOR:

Latest Updates





Subscribe to our YouTube Channel