3HE15139AAACTQZZA - V1 - NSP 19.9 System Architecture Guide
3HE15139AAACTQZZA - V1 - NSP 19.9 System Architecture Guide
3HE15139AAACTQZZA - V1 - NSP 19.9 System Architecture Guide
3HE-15139-AAAC-TQZZA
Issue 1
September 2019
NSP
Legal notice
Nokia is a registered trademark of Nokia Corporation. Other products and company names mentioned herein may be trademarks or
tradenames of their respective owners.
The information presented is subject to change without notice. No responsibility is assumed for inaccuracies contained herein.
© 2019 Nokia.
Release 19.9
September 2019
2 3HE-15139-AAAC-TQZZA Issue 1
Contents NSP
Contents
2 System structure............................................................................................................................................9
2.1 Core NSP system elements ................................................................................................................9
2.2 Central management functions .........................................................................................................10
3 Security .........................................................................................................................................................11
3.1 Overview ...........................................................................................................................................11
Release 19.9
September 2019
Issue 1 3HE-15139-AAAC-TQZZA 3
About this document NSP
Document support
Customer documentation and product support URLs:
• Documentation Center
• Technical support
How to comment
Documentation feedback
Release 19.9
September 2019
4 3HE-15139-AAAC-TQZZA Issue 1
About the NSP NSP
NSP product description
The NSP can integrate IP/MPLS and optical management platforms using carrier SDN technology
to:
• accelerate the creation and rollout of on-demand IP/optical network services
• enable real-time service optimization and flow steering
• extend assurance capabilities and automates assurance functions
Release 19.9
September 2019
Issue 1 3HE-15139-AAAC-TQZZA 5
About the NSP NSP
NSP system components
NSP modules
NSP modules are the orderable commercial units that comprise the NSP product:
• Network Services Director, or NSD
− SDN L2 and L3 service fulfillment
− Assurance using service supervision
− Model-driven mediation of Nokia and multi-vendor devices
• Network Resource Controller - Cross-domain, or NRC-X
− IP/optical traffic correlation
− Cross-domain link creation and discovery
• Network Resource Controller - Packet, or NRC-P
− IP/MPLS network optimization
− IP/MPLS path computation
− Flow steering based on statistics, analytics, and operator action
• Network Functions Manager - Packet, or NFM-P
− IP/MPLS network infrastructure management
− IP/MPLS network and service assurance
− Traditional L2 and L3 service management
Release 19.9
September 2019
6 3HE-15139-AAAC-TQZZA Issue 1
About the NSP NSP
Network management functions
• NSP Flow Collectors, which collect Cflowd statistics from NEs for processing by third-party tools,
or for report generation by NSP analytics servers
• NSP Flow Collector Controllers, which manage NSP Flow Collectors
Release 19.9
September 2019
Issue 1 3HE-15139-AAAC-TQZZA 7
About the NSP NSP
Network management functions
Release 19.9
September 2019
8 3HE-15139-AAAC-TQZZA Issue 1
System structure NSP
Core NSP system elements
2 System structure
Release 19.9
September 2019
Issue 1 3HE-15139-AAAC-TQZZA 9
System structure NSP
Central management functions
Release 19.9
September 2019
10 3HE-15139-AAAC-TQZZA Issue 1
Security NSP
Overview
3 Security
3.1 Overview
3.1.1 TLS
NSP interfaces are secured using Transport Layer Security, or TLS, which is implemented using an
NSP PKI server or customer-provided certificates.
Session credentials and messages are protected using mechanisms and protocols that include the
following:
• HTTPS, as the application-layer transport for API clients
• SNMPv3, for secure SNMP communication with the managed network
• NAT, at the network layer, between system components
Release 19.9
September 2019
Issue 1 3HE-15139-AAAC-TQZZA 11
Security NSP
Overview
Release 19.9
September 2019
12 3HE-15139-AAAC-TQZZA Issue 1
NSP fault tolerance NSP
Overview
4.1 Overview
4.1.1 Component redundancy
All NSP modules support a 1+1, or warm standby, redundancy model. In such a model, each
module has a group of active components, and a group of warm standby components; each
component is a separate OS instance that hosts a module function. For example, the NFM-P has
main server, main database, and optional auxiliary components. Each main or auxiliary component
supports redundant deployment. All active components of a module require low network latency, so
ideally are geographically collocated.
See the NSP System Administrator Guide for information about the supported redundancy models
and redundancy failure and recover scenarios.
The following figure is a high-level example of a geographically redundant NSP system that
illustrates the data synchronization between components.
Release 19.9
September 2019
Issue 1 3HE-15139-AAAC-TQZZA 13
NSP fault tolerance NSP
Overview
Release 19.9
September 2019
14 3HE-15139-AAAC-TQZZA Issue 1
NSP fault tolerance NSP
Overview
• access to each station in a multi-station data source, which ensures access to data when a
database station is unavailable
Release 19.9
September 2019
Issue 1 3HE-15139-AAAC-TQZZA 15
NSP fault tolerance NSP
Overview
Release 19.9
September 2019
16 3HE-15139-AAAC-TQZZA Issue 1
NSP data privacy summary NSP
NSP network and user data privacy
NE data
Type of data
• Username and password
• IP address
Purpose
• NE authentication
• NE IP address for NE discovery/access
Retention Data is retained in the database until an authorized user deletes it. Log retention can vary
based on the log file size and number of log backups.
Release 19.9
September 2019
Issue 1 3HE-15139-AAAC-TQZZA 17
NSP data privacy summary NSP
NSP network and user data privacy
Subscriber data
Type of data
• MAC address
• IP address
Purpose • Statistics
• SLA compliance
• Troubleshooting
Retention Data is retained in the database until an authorized user deletes it. Log retention can vary
based on the log file size and number of log backups.
Retention period for statistics can be configured.
Safeguards
• NEs are configured by authorized users.
• Database access is restricted to authorized users.
• Log file access is restricted to authorized users.
Purpose • Username, password and sender’s e-mail address are used for SMTP configuration
• Recipient e-mail addresses are required to create e-mail notification policies in supported
applications (for example, Fault Management application for alarm notifications)
Retention Data is retained in the database until an authorized user deletes it. By default, SMTP server
and application e-mail notification policies are not configured.
Processing SMTP server configuration and application e-mail notification policies are processed for the
stated purpose.
Release 19.9
September 2019
18 3HE-15139-AAAC-TQZZA Issue 1
NSP data privacy summary NSP
NSP network and user data privacy
Safeguards • SMTP configuration and application e-mail policies are configured by authorized users.
• Database access is restricted to authorized users.
• Password for SMTP configuration is encrypted before being stored.
Category Description
Type of data
• Username and password
• E-mail
• IP address
Purpose
• Authentication of local NSP users
• User e-mail addresses (optional) to send notifications for certain events; for example, alarms or account
status
• IP address provides accountability of individual product access.
Retention Data is retained in the database until an authorized user deletes it. Log retention time can vary based on
log file size and the number of log backups.
Safeguards
• Additional local users must be created by an authorized user.
• Database access is restricted to authorized users.
• TLS secures data in transit.
• Passwords for local users are hashed before they are stored.
• Log file access is restricted to authorized users.
Comments Local authentication is performed using a local database of users and a local security scheme.
Release 19.9
September 2019
Issue 1 3HE-15139-AAAC-TQZZA 19
NSP data privacy summary NSP
NSP network and user data privacy
Category Description
Purpose Data may be used by an authorized user for associating customers to configured services.
Retention Data is retained in the database until an authorized user deletes it.
NE data
Purpose • NE authentication
• NE IP address for NE discovery/access
Retention Data is retained in the database until an authorized user deletes it. Log retention can vary based on the log
file size and number of log backups.
Subscriber data
Release 19.9
September 2019
20 3HE-15139-AAAC-TQZZA Issue 1
NSP data privacy summary NSP
NSP network and user data privacy
Category Description
Purpose • Statistics
• SLA compliance
• Troubleshooting
• Analytics
• UE or network node performance information
Retention Data is retained in the database until an authorized user deletes it. Log retention can vary based on the log
file size and number of log backups.
Retention period for auxiliary servers can be configured.
Type of data
• Username and password
• E-mail address (sender)
• E-mail address (recipient)
Purpose
• Username, password and sender’s e-mail address are used for SMTP configuration
• Recipient e-mail addresses are required to create e-mail notification policies in supported applications
(for example, Fault Management application for alarm notifications)
Retention Data is retained in the database until an authorized user deletes it. By default, SMTP server and
application e-mail notification policies are not configured.
Release 19.9
September 2019
Issue 1 3HE-15139-AAAC-TQZZA 21
NSP data privacy summary NSP
NSP network and user data privacy
Category Description
Processing SMTP server configuration and application e-mail notification policies are processed for the stated
purpose.
Safeguards • SMTP configuration and application e-mail policies are configured by authorized users.
• Database access is restricted to authorized users.
• Password for SMTP configuration is encrypted before being stored.
Release 19.9
September 2019
22 3HE-15139-AAAC-TQZZA Issue 1