Email a colleague    

July 2015

The Race to Serve Enterprises with Revenue-Generating IT Services Virtualized by SDN & NFV

The Race to Serve Enterprises with Revenue-Generating IT Services Virtualized by SDN & NFV

Telcos are the original eagles of the cloud.  If you’ll recall, as recently as the early 2000s, the term “cloud” was synonymous with the telecom network.

Well, all of that changed of course, when Amazon Web Services and SalesForce popularized cloud computing and sparked the industry revolution, seizing leadership of the “cloud” term from telcos.  And for a while there, it looked like computing vendors, systems integrators and OTT players were going to totally dominate the cloud and the telecom eagle would simply have to fold his wings and never soar again.

But in the last number of years, a couple of promising trends took shape.  One has been the Software Defined Network (SDN) movement — an efficiency play to optimize the use of the network and lower costs.  The common analogy is that SDN will transform telecom from a slow-to-respond and bureaucratic postal system to a fast and profitable Fedex global delivery system.

The second auspicious trend that’s come along is Network Function Virtualization (NFV).  With NFV, the idea to leverage SDN to flexibly deploy network functions just about anywhere in the network you want to.

Well, it turns out the SDN/NVF movement couldn’t have come at a better time — because suddenly it’s given reasons for telcos to get excited about the cloud again.  There’s now a solid business case for providing many virtualized network and IT services to enterprises — services that could be neither efficiently delivered nor managed before SDN/NFV came along.  And these are potentially lucrative revenue streams for telcos in areas like security, enterprise service assurance, enterprise application prioritization and content caching.

In short, the cloud is no longer just “cloud computing”, it’s also “cloud networking”.  And if it’s cloud networking, then it’s an ideal time for the telecom eagle to flap his wings again and start gaining some altitude.

Now I know my analysis is quite optimistic, but I’m not alone in this thinking.  One telecom veteran who shares this optimistic view of where SDN/NFV is taking us is Gal Ofel, Director of Software Solutions at Telco Systems, a Carrier Ethernet switch provider who is at the forefront of pushing SDN/NFV into the telco environment.

Dan Baker: Gal, what’s your take on what’s happening and how are SDN/NFV is impacting telcos?  Is the excitement over telco growth opportunities in the cloud really justified?

Gal Ofel: Yes, I very much agree with you, Dan.  What SDN and NFV are enabling is the extension of cloud technology into the service provider’s network.  Enterprises will not only use telecom infrastructure in carrier-owned and neutral data centers, but they’ll also find a place on the carrier Ethernet edge where companies like Telco Systems play.

With AWS you can purchase computing resources on demand: an automatic process shapes a thousand sub-servers.  In much the same way, the private cloud with SDN can automatically increase bandwidth for a few hours and then drop back down to normal.

Tell us about Telco Systems — what role is the company playing in this SDN/NFV revolution?

Last year we launched our first product suite for SDN/NFV.  We call it the Open Metro Edge.  Its mission is to provide distributed virtualized applications at the edge of the network — from CPU up to aggregation.

Our device delivers a carrier Ethernet switch together with a CPU unit, but we are also looking to provide the same functionality on a standard Intel platform.  On top of that device is our Cloud Metro solution that runs a hypervisor and virtual switch and various VNFs like a firewall, content filtering, session border controller and others.

In the last few months, we’ve launched quite a few proof of concepts (PoCs) within our telco operator customer base — mainly in Europe and Asia.  And I must say that things look very encouraging.  We expect to have our first deployment by the end of the year and we’re also very hopeful the business will really take off in 2016 and 2017.

We are also executing these PoCs with other vendor partners of ours.  For example, we are running a PoC together with Orange, Cisco, Intel and Netrounds for provisioning and maintaining a customer network service via virtualization.  This involves the configuration of network devices according to the service intent, activation tests and ongoing service level assurance.

The good news is that carriers are building business cases around these NFV services.  Two use cases gaining traction right now are mobile backhaul caching and infrastructure as a service.

Great, if you could, Gal, please dive in a bit on those two hot use cases you mentioned: mobile backhaul caching and infrastructure as a service.

Well, mobile backhaul caching is an efficiency play for telcos.  With the huge increase in video consumption over mobile networks, operators are looking for ways to reduce the precious bandwidth for video and provide a better response time to the user.

An SDN NFV enabled caching platform could be deployed at either the mobile base station or further back.  The overall goal would be to reduce mobile backhaul bandwidth by 10 to 25% and response time by 25 to 30%.

Now the second use case — infrastructure as a service — is really exciting because this is about using SDN and NFV to generate new revenue streams for telcos in the form of IT services for the enterprise.

Infrastructure as a service includes services required on premises such as a firewall or VPN — certainly anything related to security.  Other capabilities include session border control functions and network acceleration functions like caching.

What interesting is that if the operator sells and provisions a firewall to one of its business customers, that service can be managed and configured either by the business or the operator as a full managed service.

With voice and data services having become commoditized, these virtualized services enabled by SDN and NFV technologies represent an important new source of revenues for operators.

We know that Tier 1 telecoms are already serving up firewalls and similar network services to their enterprise clients.  How will that change with SDN and NFV?

Dan, today a firewall is delivered on a hardware basis.  The telco goes into the business and installs a firewall platform from a Cisco or Checkpoint and then configures it.  And if there are issues, a technician is sent out to physically fix the problem.

So virtualizing this activity is the next logical step for the Tier 1 operator because it will enable the provisioning and support of the service to be done quicker and at a lower cost.

Now from what I hear, the revenue from such business services for enterprise is significant, probably 10% to 20% of the business.  And mid- to small-sized carriers are also seeing virtual business services like firewalls as a major upsell opportunity to their own business customer base.

One of the things that really attracts telcos to SDN/NFV is its flexibility in sales situations.  For instance, instead of investing in an appliance and spending two days installing it at a company to do a proof of concept, they can provide the customer a free one-week trial of that SDN/NFV enabled service.  And because the software is distributed via the cloud, the cost of deploying the trial is minimal.  Meanwhile, the upside of winning the long term business is very attractive.

One of the confusing things about this SDN/NFV rollout is there are many companies who could take the lead on the orchestrator side.  How is that going to get sorted out?

Dan, this is not like a few years back where two or more companies are coming in with hardware and testing their gear.

Today the name of the game is interoperability.  The customer wants to be assured that our system works with other orchestration tools — or that our own orchestration function works with other devices.

This is a very dynamic market, so we bring the solutions where we already have partnerships, but our engineers are invariably being asked to integrate with new VNFs and get the work done in a matter of hours.

So we are part of SDN/NFV alliances formed by companies like Intel, Cyan and soon HP.  In the meantime, we are also building an ecosystem of our own with companies like Checkpoint in security and various other partners across DPI, caching and session border control functions.  We call our ecosystem program the Open Edge Alliance.

I understand that in the area of service assurance, your orchestration story is an attractive one.

Yes, because our NFV solution is positioned at the edge of the network, we have great visibility to monitor business critical application end-to-end and to deploy a virtual function once there’s an issue.

For example, there’s a great need to synchronize databases across an enterprise network.  So let’s say the enterprise has a private cloud installed on-premises, and that cloud synchronizes data with a public cloud such as the Amazon Web Services or Microsoft Azure.  Now if something goes wrong or performance degrades, taking a snapshot at the data center alone doesn’t really allow you to pinpoint where problems are occurring.

However, by using the data from the Demarcation platform, all of that service assurance data can be rolled up through our Cloud Metro device so you can build a diagram of packet latency or TCP disconnection issues at various points in the network.

If you visualize that with high levels in red color and medium in orange, you can quickly find congestion points or the problems that occur as you hand off services to different service providers.  So this is a great way to analyze root cause issues.

I’m curious how these virtual services are deployed in the network.  Can you briefly walk through the process?

Dan, setting up a virtual service is a dream compared to the time-consuming way hardware has been traditionally been configured.

Let’s say we’re serving a business with an office of 50 employees and they are connected to our Cloud Metro device that provides a carrier Ethernet connection to the network.  Here are the steps in deploying the service:

  1. Service is defined by the NMS — First, the Network Management System defines the network service such as VLAN or MPLS.  The virtual environment then connects using a standard interface such as an OpenFlow, SNMP, or CLI interface.
  2. Provision the VNF — The next stage is to provision the firewall Virtual Network Function.  This is accomplished through our own orchestration tool or we interop with another orchestration tool via the OpenStack standard.  So the orchestrator sees our device as another computing node and connects to it to provision the firewall VNF.
  3. Configure the firewall — Now the firewall is configured by closing certain ports or applying specific security policies the business desires.
  4. Management handoff — The next step is handing off the responsibility of managing the firewall to either the business or to the operator who is going to deliver by a managed service.
  5. Build the service chain — Finally, the network service is instructed to pass through the VNF.  The traffic will now be chained from the switch to the firewall and back to the outgoing port.

So there you have it: in one to two hours the operator can deliver a virtualized and fully operational firewall for its business customer.  And making a change to the firewall policies is just as quick.  We can even connect that firewall service to another service, say content caching.  Once the caching VNF function is up and running, we chain the traffic coming out of the firewall to go into the cache and then through the outgoing port.

Thank for this nice overview of the SDN/NFV scene.  Looks like your Ethernet edge solution is an ideal place to be as this trend rolls out.

Yes, we see being at the edge as an exciting competitive advantage.  The ability to smoothly transition to this new environment is critical to the carriers.  Our new platform provides both the existing carrier Ethernet and the virtualization component.  So when our operator customers are ready to transition to NFV, we are ready to help them.  Our customers can even keep their existing service levels and contracts with their customers without having to change out their products.

Without a doubt, the telco network is headed for some exciting times in the next few years.

Copyright 2015 Telexchange Journal


About the Expert

Gal Ofel

Gal Ofel

Gal is the Director of Software Solutions at Telco Systems.  Gal is responsible for the software products and ecosystem, including Telco Systems‘ Open Metro Edge solution for SDN and Distributed NFV for service providers and the company’s Open Edge Alliance partner program.   Contact Gal via

Related Stories

Related Articles

  • The Race to Serve Enterprises with Revenue-Generating IT Services Virtualized by SDN & NFV interview with Gal Ofel — The SDN/NVF movement is giving telcos a new revenue-generating play in the cloud: virtualized network and IT services to enterprises in areas like security, enterprise service assurance, enterprise application prioritization and content caching.
  • Lifecycle Service Orchestration: Enterprise Ethernet & Cloud Exchange Meet OSS & SDN/NFV interview with Marie Fiala Timlin — SDN and lifecycle service orchestration are key to the next generation of telco-to-enterprise services.  In this interview, an expert explains how lifecycle service orchestration adds value to SDN, cloud exchanges, enterprise Ethernet, and mobile backhaul.
  • Automatically Stopping Fraud Traffic: iBasis Raises the Bar for Wholesaler Protection of Retail Carriers interview with Daan Kleijnen — The margins in the retail voice business are so tight these days that many operators fail to make a vital investment in fraud protection, making them easy targets for IRSF and other frauds.  A leading wholesaler explains a new fraud control program that automatically disconnects a retailer’s fraud traffic.
  • False Answer Supervision Fraud: Applying Advanced Statistics to Find Needles in the CDR Haystack interview with Steve Heap — Fraud management solutions have made great technical advances via automated threshold setting, big data, and DPI.  Now this expert interview explains how a new breed of advanced statistics-based solutions is tackling very hard-to-detect fraud types such as the call signal spoofing of False Answer Supervision.
  • Fraud Management Collaboration: From “Great Idea” to Real Software & Intelligence Sharing interview with Katia González — Without effective multi-operator collaboration in fraud management, each operator ends up merely reacting to fraud threats on its own rather than building up a proactive defense.  In this interview, a leading wholesale provider explains its innovative program to enable the automated and expert-to-expert sharing of fraud intelligence and techniques.
  • Sharing Intelligence, Services, and Infrastructure across the Telecom Galaxy interview with Gary Zimmerman — The telecom industry is an industry of sharing.  In fact, the rise of mobile broadband is driving a greater reliance on real-time intelligence, services trading, and infrastructure exchange.  In this article, a leading info exchange provider explains the value of its services portfolio and points to other interoperability and sharing ideas under development.
  • Recruiting Smartphone Users as Partners in Telecom Fraud & Security Control by Chris Hill — Premium Rate Service (PRS) fraud and spyware on a mobile phone can ruin an operator’s relationship with a  subscriber.  The attacker uses malware to automatically generate phone calls, SMSs and data sessions to high cost (premium) phone numbers.  This article discusses a new crowd sourcing mobile app that addresses the problem and helps operators better manage the threat.
  • International Revenue Share Fraud: Are We Winning the Battle Against Telecom Pirates? interview with Colin Yates — International Revenue Share Fraud (IRSF) is one of the telecom industry’s most enduring problems.  Yet many of us have only a foggy notion of how IRSF works and how operators around the globe are coping with the issue. This interview covers the bases: the origins of IRSF, typical fraud scenarios, efforts to get international cooperation on the issue, and the future outlook of IRSF.
  • Converging Criminal and Technical Intelligence: Secret to Combating the Explosion in Telecom Fraud and Security Threats interview with Mark Johnson — A fraud and security expert gives a big picture talk on why industry convergence is driving the need for a broader “revenue risk intelligence.”  His prescription?  Yes, telecoms surely need to excel in technical  infrastructure such as traffic usage data, IP intrusion appliances, and physical barriers.  But just as important is the need to pair that knowledge with the real-life lessons of fighting criminals in general.
  • Real-Time Network Intelligence: The New Way to Read Telecom Tea Leaves by Suren Nathan — Real-time network intelligence is the key to deciding which products to launch, whose facilities to lease, and where to route traffic.  The article explains why telecoms — and especially enhanced service providers --  should ideally be equipped with both a fine-grained margin analysis solution and a SaaS platform, offering an upgrade path that requires no internat IT support.