ETSI's NFV Industry Specification Group released three new specifications on security and reliability in mid-October that provide guidance on lawful interception implementation in NFV environments and security features in open source management software.
Specification GS NFV-SEC 004 explores the architectures and designs that allow lawful interception (LI) capabilities to be provided in networks composed from Virtualized Network Functions (VNFs), as legal obligations to support LI apply irrespective of traffic type, signaling format, or network configuration. The spec enables LI functions to be virtualized along with corresponding network functions.
GS NFV-SEC 002 applies to security features in open-source management software, with OpenStack as the first use-case. It aims to cover all applicable aspects of information and network security.
See Also
Telecom Asia e-Brief: NFV
“Open-source software is a key building block for many NFV deployments, and can help with many of the goals that ETSI NFV seeks to promote, including accelerated time-to-market and improved interoperability,” said Mike Bursell, vice chairman of the working group NFV Security.
“To do so effectively requires having a knowledge base of the security features and cryptographic algorithms supported in each relevant code base. This helps shed light on how best to provision and deploy the relevant software and on enhancements necessary to meet NFV security requirements.”
As NFV applications are subject to privacy and security regulations, such a knowledge base is of particular importance in the area of management and orchestration (MANO), which plays a critical role in NFV security, he added.
A third spec, GS NFV-REL 002, describes a study of how today’s cloud/data center design techniques can be adapted to achieve scalability, efficiency, and reliability in NFV environments. These techniques are designed for managing a shared processing state with low-latency and high-availability requirements, and are application-independent, so they can be applied generally, rather than have each VNF use its own idiosyncratic method for meeting these goals.
This article was first published in Telecom Asia NFV e-Brief