Vancouver, BC
May 21-24, 2018

Event Details

Centralized Policy Engine to Enable multiple OpenStack deployments for Telco/NFV

Beyond OpenStack for IT, NFV is another killer use case. Horizontally, multiple NGPoPs (OpenStack deployments) are geographically distributed but should be centrally controlled. Vertically, users of cross-layer services like bare-metal, IaaS, VNF and/or SDN should be federated. Hence, Identity and Access Management (IAM) module becomes a key issue.

The proposed solution enables dynamic policy reconfiguration instead of static OSLO policy.json and enables external PDP to manage multiple OpenStack deployments for NFV NGPoPs. The organization of this PDP contains a set of upstreamed hooks to OpenStack/OSLO, OpenDaylight/AAA, and possibly OpenContrail in the future. It also proposed a reference implementation of the security engine policy called Moon hosted by the OPNFV community.

Orange as major Telco operator is planning the deployment in production of this “external PDP mechanism” in 2019 for its first VNFs, in collaboration with the upstream community and Red Hat.

What can I expect to learn?

This presentation shows a new way to use OpenStack for Telco which is radically different from exiting use case of public and private clouds (IT centric). Instead of using one OpenStack to manage multiple data centers, NFV requires an independent security module to coordinate multiple OpenStack instances which are geographically distributed. The synchronization of user accounts and permissions among this OpenStack instances becomes a technical challenge. The proposition shows an “external PDP” approach as the “authorizations source of Truth” for the individual OpenStack deployments. The proposed policy engine also enables the dynamic reconfiguration of security policy. This drastically facilitates the administration of OpenStack by allowing adapting user permissions at runtime to satisfy ever changing business needs.

Thursday, May 24, 11:00am-11:40am
Will be recorded
Level: Intermediate
Orange OpenStack Skillcenter Manager
Marc is the manager of OpenStack skill center who in charge of the whole OpenStack product line inside Orange. FULL PROFILE
Red Hat, NFV Engineering Partner Manager
Bertrand is Engineering Partner Manager at Red Hat with a focus on NFV.   He collaborates closely with NEPs and communications service providers to deliver additional features supporting NFV into OpenStack and other open source communities. FULL PROFILE
Ruan is the Cloud IAM product line manager in Orange. He is also the PTL of the OPNFV/Moon project for security management of NFV. FULL PROFILE