- Q: What sort of fault information is provided by Ensemble Virtualization Director( CE Platform)?
A: Ensemble Virtualization Director provides a framework to collect faults and alarms from all Ensemble components. Fault information includes: • Dynamic current alarm count display • Current alarm summary table • Powerful alarm filtering/search • Event browser maintains complete history of raise/clear events • Correlation between raise/clear events • Alarm acknowledgment, latching alarms and commenting function • Log browser • Connector Inventory view showing status and configuration details of each instance • Connector status page • Service topology • Northbound API and reporting
- Q: What is ZTP and why is it so important.
A: Zero touch provisioning (ZTP) is a set of tools and procedures that enable the automating deployment of remote Ensemble Connector instances across a network with minimal or no user intervention. With ZTP you can: • Apply a completely user-defined static configuration to all MaestrOS components. • Obtain an initial IP address over a defined infrastructure using DHCP. • Use the port query feature to identify available access network options when external cabling or connectivity is unknown. • Access an authentication scheme that uses two-factor authentication and X.509 certificates with a remote authentication server. Exchange of critical customer provisioning data occurs only after a valid certificate is presented to both the authentication server and Ensemble Connector. • Download customer specific day-1 CPE configuration with end-customer, site specific provisioning. • Instantiate 3rd party VNFs or containers and setup target service chains. • When applicable, integrate with external VNF managers to automatically provision dy-1 configuration of VNFs. • Customize the commissioning utility to provide the initial configuration, scripts, and processes. • Invoke your own user-supplied scripts for more customized operations. With Ensemble ZTP, an entire branch site can be deployed (“power to packets”) with little or zero interaction required from either the end customer or a service technician.
- Q: How does Ensemble( Cloud Edge Platform) address security requirements for uCPE?
A: Ensemble provides a systematic approach to VNF security by addressing security at multiple levels as shown in the figure. Physical and Network Layer Security • Support virtual networking including E-LAN, E-Tree and multiple secure VRFs: • Separation between tenants is ensured by VLAN isolation • Each VRF is a unique and isolated forwarding entity that uses independent route and ARP tables for isolation • Management network secured by interfacing into standard security gateways using IKE • Management firewall protection allowing firewall profiles to be assigned to all types of physical/logical interfaces • Prevents unwanted VNF data plane connectivity into the carrier management network Virtualization Layer Security • Safeguard against VM escape – protecting one VM from another • Prevention of rogue management system connectivity to hypervisor • Support for VNF attestation via checksum validation to confirm running VNF matches stored image Management Layer Security • Use of HTTPS on APIs and UIs • Support for role-based access across multiple privilege levels controls access to available commands • Root operating system login blocked on Ethernet and serial ports • SSH key-based login options to eliminate password exposure • RADIUS & TACACS+ authentication options Application/Solution Layer Security • Use of two-factor authentication at customer sites • Encryption of management and user tunnels • Encryption of locally stored passwords
- Q: What are Golden Images and why are they important?
A: A golden image provides a standard Ensemble Connector ISO that includes enough customer specific configuration information to enable the automated zero touch deployment process. Golden images contain the following key items: • Ensemble Connector software • Embedded Linux OS • Management and datapath applications • OpenStack Containers (if leveraging an OpenStack cloud model) • Customer specific configuration files • Hardware profiles – defines detailed configuration of hardware vendors and models that the operator intends to deploy • Day-0 configuration – defines the pre-deployment configuration parameters • Partition policies – based on specific hardware profiles and • deployment use cases, this will define how the storage resources are configured • Branded splash screen – the splash screen is used during the ZTP process to provide feedback to the end user regarding the status of system initialization • Custom ZTP URL – defines how to access service provider specific management domain • VNFs and RPMs – allows for pre-staging of VNF images as well as ability to execute custom applications or scripts after ZTP is complete Customers must engage ADVA professional services for the creation of Ensemble Connector golden images. Note, typically a customer will only require a single golden image for their network, although there are certain scenarios where more than one golden image will be required.
- Q: Are we involved in Day to Day operations in customer site?
A: NO. We will assure platform availability, and the Customer will do day to day operations.
- Q: What are the benefits of the Ensemble management and orchestration products (Cloud Edge Components)?
A: Ensemble Orchestrator and Ensemble Virtualization Director provide a perfect option for customers looking for a packaged end-to-end VNF solution. The Ensemble MANO products offer numerous benefits, including: • Zero touch provisioning (ZTP) automation platform • Versatile enough to handle single cloud, multi-cloud automated VNF service turn up • Supports integration with third party orchestration systems • Supports easy integration with VNF managers for building VNF Day-0 config • VNF Service Designer UI • Build VNF service and configure VNF service-chaining • Rich set of VNF onboarding options • Correlation of faults • Built-in troubleshooting tools and service visualization
- Q: Is IT/network convergence realistic?
A: IT/network convergence is realistic; it is happening now, and VNF is the path. VNF was invented by service providers to bring the benefits of the cloud to the telco network. VNF is often characterized as being about replacing appliances with software running on COTS servers, but it is much more than that. Here’s what operators are doing to fully realize the benefits of the cloud: • They are moving from single-vendor solutions (whether appliances or single-vendor applications running bare metal) to multi-vendor systems. • They are moving from static configurations to dynamically orchestrated virtual network functions (VNFs) on standard NFV infrastructure, i.e. COTS server, Linux, KVM, OpenStack, Docker, etc. • They are embracing new methods of working, such as agile development and DevOps. This includes partnering with both suppliers and customers to accelerate the development cycle • They are seeking to provide their customers with converged cloud/connectivity solutions. This requires virtualized networking and security solutions. • They are looking to treat the network as a platform with fungible resources so as to enable a new class of dynamic services and new technologies such as 5G and IoT. • They are looking to radically increase automation to reduce time to service and human errors, as well as to enable automatic resolution of most network failures. • The barriers and risks include: • Acquiring the necessary skills through training and/or hiring. • Changing organizations to reflect the new realities of operation, i.e. breaking down internal silos. • Building out new virtual infrastructure while maximizing the use of the existing network. • Driving new revenues quickly to justify the capital outlay. This migration is just getting underway, but operators see it as necessary to support their future strategies and more importantly, their end customers are now demanding these kinds of solutions. Embarking on this technology evolution will enable operators to move much more quickly, drive new services and cut costs. The risks are manageable given leadership and vision.
- Q: Can VNF meet telco performance requirements?
A: Yes. With the aid of more efficient VNFs and optimized infrastructure like Ensemble Connector, operators can deploy virtualized systems that meet both performance and cost requirements. Today, the Ensemble Connector datapath replaces standard Open vSwitch (OVS) and delivers improved throughput, latency and jitter leveraging data acceleration technologies such as DPDK. Moving forward, we are expanding our list of supported acceleration technologies to include SR-IOV for north-south traffic through the vSwitch and PCI Passthrough. Additionally, support application level accelerators for thing such as encryption with the enablement of AES-NI and QAT.
- Q: What are the benefits of VNF to the end user?
A: End users may not care about NFV, but NFV-based services to bring them benefits. Here are some examples: • VNF can provide consolidation of a stack of appliances down into one server. This saves space and power at the end user location. • Software-centric services can be deployed in real-time under user control. This gives end users control over their telecom services. • VNF allows services to be deployed on white box uCPE devices with ZTP requiring little-to-no end user intervention. This go-to-market model enables the acceleration of service activation with local sourcing/sparing of servers and/or bring-your-own-device models. E.g. – services can be activated almost immediately rather than waiting for days or weeks. • VNF facilitates moving from appliances to software, enabling new applications that were not previously possible.
- Q: What is “Cloud Edge”, and why do people want to use it?
A: Cloud Edge is a term that denotes a generic and open computing platform that can be used to run a wide variety of applications – networking or otherwise. Cloud Edge is desirable for the following reasons: • It decouple hardware from software, enabling best-of-breed choices in both • it allow customers to deploy other enterprise applications in the same computing footprint as their telco services • it enable operators to ride the broader hardware innovation curve • it simplify operations in locations that have onerous import restrictions by allowing for local procurement of compatible hardware platforms
- Q: Why should I move away from network appliances?
A: Network appliances typically include routers, firewalls, WAN Optimization and SD-WAN endpoints, Wi-Fi controllers, DPI devices, etc. An appliance is characterized by the tight integration between software features delivered on purpose-built hardware from a single supplier. As a result, network appliances are typically closed solutions, such that if a service provider wants to change software vendors, this requires changing out expensive network appliance hardware as well. Additionally, most network appliance vendors will not allow service provides to run “foreign applications” on the device. This type of vendor lock-in encompasses all the attributes that operators are trying to move away from with the push for cloud-centric solutions.
- Q: What are NFV and SDN, and what is the difference?
A: Software-defined networking (SDN) got its start on campus networks. As researchers were experimenting with new protocols, they were frustrated by the need to change the software in the network devices each time they wanted to try a new approach. As a result, they came up with the idea to make the network device behavior programmable, allowing them to be controlled by a central element. This led to a formalization of the principle elements that define SDN today: • Separation of control and forwarding functions • Centralization of control • Ability to program the behavior of the network using well-defined interfaces • Network functions virtualization (NFV) is a means to enable telco operators to leverage the benefits of the cloud, including: • Replacing closed appliances with software running on open, commercial-off-the-shelf (COTS) servers as shown below • Reduction of CAPEX, OPEX, and power • Construction of services from interchangeable components provided by an ecosystem of hardware and software suppliers • New commercial models including usage-based and shared-risk/shared-reward • New methods of working such as agile development and DevOps