View
214
Download
0
Tags:
Embed Size (px)
Citation preview
All rights reserved © 2005, Alcatel
Page
Distibuted Storage Networks
Problems in current network design
Solutions - the Flexinet approach
Data beyond current user profiles
Technical options for distributed storage networks
All rights reserved © 2005, Alcatel
Page
Current Networks, for example 3GPP
Each function requires new network elements.
=> growing complexity
All rights reserved © 2005, Alcatel
Page
Problems with current network design
No Future!
Gc#3
C#4
Iu#19
D#17
SpecialisedNetwork Elements
Specialised Protocols
User Data hidden in Network
Elements
• a closed environment• a network for each service• too complex• too expensive
All rights reserved © 2005, Alcatel
Page
> go “meta”: use IDL on interfaces & semantic
models to describe the meaning of interfaces
> separate data from applications
Distibuted Storage Networks
Problems in current network design
Solutions - the Flexinet approach:
Data beyond current user profiles
Technical options for distributed storage networks
Functions of network
elements & protocols
become self-explanatory
Facilitates virtualisation of resources (application = computer power, data =
storage).The bigger bang.
All rights reserved © 2005, Alcatel
Page
The traditional approach: functions and protocols
The Customer
Billing CSE HSS CRMCC Marketing
Distributed and hidden information
All rights reserved © 2005, Alcatel
Page
A new approach: data centric design
Billing
CSE
HSS
CRM
CC
Consolidation of customer data
“The Customer Profile”
Marketing
All rights reserved © 2005, Alcatel
Page
Keep data in
one place.
HLR
SCP
Voice
Video
SMS
HLR1 HLR2 HLRn
SCPnSCP1 SCP2
VoiceMail Video
E-MailSMS
Which data?
Instead of protocol
specifications:IDL + semantic
model of interfaces
New areas of application?
Data models & technical options for
implementation (distribution, persistency,
redundancy, security)
Technical Challenges
All rights reserved © 2005, Alcatel
Page
Distibuted Storage Networks
Problems in current network design
Solutions - the Flexinet approach
Data beyond current user profiles
Technical options for distributed storage networks:
All rights reserved © 2005, Alcatel
Page
Beyond current user profiles
Extended User Profile e.g. Mobile SubcriberUser data and services subscribed
Device Profilesassociated with user profiledecribes device, supplier, hardware, firmware software
Identification SystemSemantic models for classification
Meta Data Place, how to access, interface definition
Messages, Files, Executables and Blobs Any information distributed over the network in need of
storage
User
Device
Device
HW FW SW
All rights reserved © 2005, Alcatel
Page
Beyond current service offerings
User and Devices
Identity Provider
Devices & Software(Supplier, ASP)Service
Semantic Modell:System for Classification and Schnema-Transformations
Meta-Information:Object References, IDL, Inventory?
All rights reserved © 2005, Alcatel
Page
Distibuted Storage Networks
Problems in current network design
Solutions - the Flexinet approach
Data beyond current user profiles
Technical options for distributed storage networks:
> store data in a redundant and secure way
> present single point of access to all data for all
applications and administrative systems
All rights reserved © 2005, Alcatel
Page
Redundancy and geographic distribution
SAN SANSite 1 Site 2
Layer 1 Fibre Channel
DatabaseServer
LAN
DatabaseServer
LANWANLayer 2
DatabaseServer
DatabaseServer
Appl. Logic 1e.g. HLR
Appl. Logic x Appl. Logic 1e.g. HLR
Appl. Logic x
Signaling Network (SS7, SIGTRAN)
Layer 3
WAN
Fibre Channel
DWDMDark FiberSDH
All rights reserved © 2005, Alcatel
Page
Resilience and Redundancy
CharacteristicTypical High Availability Systems
Redundancy by Distributed Storage Networks
Unit Cost
High
(Proprietary HW and standby redundant policy)
Low
(COTS HW and optimised redundancy policy)
Typical Architecture Mated-pair Load-sharing peers
Local Fault Tolerance 2 x N N + k
Geographical Redundancy 4 x N N + k
Disaster Recovery Time Minutes -> Hours Instant
Source: Siemens/Apertio, Flexinet 2nd operator workshop, Dec. 2, 2005
All rights reserved © 2005, Alcatel
Page
Security threats for distributed storage networks
Same risks as in current distributed systems, but the the potential damage is much bigger.
However:Centralisation facilitates higher level of
protection compared to protecting many distributed systems.
All rights reserved © 2005, Alcatel
Page
Security Concept: Access Control & Roles
.
.
.
Authentication
Role
Departsments/ Organisations define:
Role
Role
.
.
.
Security Policy
Processes
Access rights
Security Policy
Security Category
Processes
Access rightsAuthorisation
Security PolicyProcesses
Tasks
Functions
Security Policy
Application / Ressource
Desired Ressource
Security PolicyProcesses
Tasks
Functions
All rights reserved © 2005, Alcatel
Page
Security Policy
Access rights to
- IT services (applications, tools)
- Data
- Ressources (Subnetworks, disks, ...)
Administrator rights
Physical access to
- plants and buildings
- technical equipment
...
Processes
- Logging, recording of interventions
Log Files, Tracking
- Physical access
Authentication, Monitoring, ...
Registration, Deregistration, ...
- Backup procedures
- Roll Back methods
...
What is used ?
is accessible ?
How- should access be controlled ?
- secure has communication to be ?- to reverse interventions ?
- to log interventions ?How, how-long, where- should data be stored ?
Security Policy