HPE: Secure by design
Big Interview

HPE: Secure by design

Jeff Edlund 2019.png

Jeff Edlund, CTO of the Communications Technology Group, HPE talks to Natalie Bannerman about the world of telco cloud and HPE’s place in it

When one thinks of the cloud, names such as Google Cloud, AWS and Microsoft Azure spring to mind. Telco cloud is something different. Typically, it refers to private cloud environments that host virtual network functions of telcos’ networks.

One company making waves in this space is Hewlett Packard Enterprise (HPE) and its network functions virtualization (NFV) telco cloud offering. Jeff Edlund, CTO of HPE’s Communications Technology Group, says that the industry has come through a significant transition and is “starting to arrive at cloud-based technologies for the service providers”.

According to Edlund, historically networks would adopt an “appliance-based approach” towards core networks and wide area networks (WAN). However, over time NFV is being increasingly implemented.

“This saw us liberate software that was sitting on a piece of firmware within an appliance, and run it on common, off-the-shelf pieces of hardware,” says Edlund.

With enterprises digitalising their businesses today, 5G specifications are increasingly moving towards cloud and cloud-native functions, allowing telecoms service providers and mobile operators to also digitalise their businesses.

Rather than attempting to move these networks to the cloud or break up old appliance-based networks, Edlund says HPE is starting from the ground up, by building very small, cloud network functions (CNFs).

These CNFs are generally designed to have a micro function (to be good at doing a single thing), and as they can be containerised, they can be composed together, which, Edlund says, means “you get reusability of these components”.

“They’re also much lighter in weight, so you can start to take on some of the attributes that the cloud gives you rather than having to build those attributes into your applications and services,” he adds.

Edlund says that there is also the option of leveraging “telco blueprints” in HPE’s telco cloud offerings, which he describes as “specific, tested and validated configurations of our hardware that are designed to run clouds for telco-specific applications”.

According to HPE, telco blueprints are “reference designs” validated by its in-house telecom experts using infrastructure as “code principles” and “HPE NFV best practices”. The offering is designed to simplify and enhance NFVI stack deployment and configuration on HPE infrastructure, as it can be paired with an optional NFV Platform Software (NPS) toolkit.

HPE is also offering GreenLake, a platform that uses a “consumption model, where a customer can bundle up not only their telco edge cloud, IaaS, PaaS and CaaS that is sitting on top of that, and all of the 5G network functions, for instance, and be able to consume those from HPE either on-prem, hybrid up in a cloud or some combination of the two”.

The differences between a telco cloud environment and an enterprise cloud are not immediately clear if you are not an expert.

“The telco edge can be configured in 5G to implement three different types of communications virtually over the same physical network through slicing. And we’ve defined three different network slices for the edge,” says Edlund.

The first is enhanced, massive mobile broadband (eMBB), a slice would typically be used for 4K, professional gaming, or AR or VR applications.

The second is ultra-reliable low latency communications (URLLC), a slice where the policies deliver response times of less than 10 milliseconds. This is typically used for things like manufacturing and automation.

The last slice is massive machine-type communications (MMTC). “You would see an IoT device that has very small communications packets and does not have really stringent response time associated with it,” says Edlund.

As for enterprise cloud environments, Edlund says that they can be used for many of the applications that communication service providers want to put on their edge, private communications, such as faster response times for employees to optimise their manufacturing environments, and the increasingly prevalent safety applications.

“One of the early uses for an enterprise edge that I saw was in mining operations, for an oil rig. They wanted to have an edge that could sit on site, respond to a particular event and be able to take a set of actions without having to go through a whole set of network protocols back to an enterprise data centre,” says Edlund.

HPE’s approach to securing these environments, not just in the cloud, is to view each one as an end-to-end lifecycle that includes a supply chain.

“It starts from the acquisition of raw materials to build products, through the shipping of those products, to putting those products on a data centre floor, to running software on it, to retiring the software, retiring the hardware, and getting it off the floor,” explains Edlund.

In each one of those stages of procurement and development, there are specific things that the company does.

At the hardware layer, HPE provides its customers with the Silicon Root of Trust (SROT) – immutable firmware that is put onto a server that “a bad actor or customer can’t manipulate”.

“When the customer goes to power that system up, if the SROT looks at the BIOS, boot sequences or UEFI, and it doesn’t match the configuration that came out of the hardware, that system becomes a brick. It’s not going to start up and it’s not going to build their software until it’s sorted,” says Edlund.

On top of this there a plethora of other solutions including SASE and applications that come with Edlund’s business unit, the Communications Technology Group.

“We do secure software by design using an architectural blueprint detailing how our engineers are supposed to write the software from the ground up, securely,” explains Edlund.

“Then we do considerable amount of scanning on the software, open-source components, our components and third-party components, to verify if there are any critical vulnerability exposures. We also have a Red Hat team that will do penetration testing in a static environment and dynamic penetration testing where the code is running,” he adds.

As conversation turns to new and disruptive technologies, it seems HPE is exploring quantum, with the company’s high-performance computing division leading the charge.

“That is where you would find our experts that are specifically involved in quantum computing,” says Edlund. “So we’re tracking with the industry and we’re developing quantum capability within HPE for customers.”

Another area of technological interest for HPE is network automation, particularly as the industry moves away from hierarchical 3G and 4G networks to flat 5G networks that are highly distributed and more complex.

“The complexity is not only from a provisioning and activation perspective, but also lifecycle and real-time management. There’s just so many facets that you have to monitor, and there’s just not enough money to put enough fingers on keyboards to manually take care of all this. So we’re looking at how we can provide hyper automation to every facet of the telcos’ networks,” says Edlund.

An example of this was in January 2022, when Japanese telco Optage selected HPE’s 5G Core Stack for its testbed Local 5G network. HPE 5G Core Stack is an open, cloud-native, container-based 5G core network stack designed to drive automation, provide agility, and accelerate 5G service deployment.

The trials by Optage form part of Japan’s private 5G initiative, Local 5G, and will see the telco test the viability of its networks in meeting the demands of business customers, such as those in manufacturing, logistics, healthcare and education.

Another space that Edlund says has “got a fire lit underneath it” is the use of AI to automate operations within data centres. He describes this as “beyond the AI that we’ve have been traditionally used to”.

He also flags up the move to Open RAN, due to a desire to “move to openness and distributed architecture within the radio access network”.

“This will get [telcos] off the proprietary technologies that come from equipment providers and put them on top of common off-the-shelf hardware, like their core networks. It will also give them a lot more flexibility and how they configure their networks and deploy them,” he says.

Interestingly, broadcast is another field of application, as broadcasting players that are digitalising their businesses are using 5G. Edlund says they are “moving from analogue channels, and starting to digitise. And as they start to do that, 5G can apply and they can start to reap some of the unique benefits that 5G networks bring. It’s an interesting space where we can make a difference”.

With so many verticals where telco cloud technology can apply, the overarching message from Edlund to HPE’s customers is “we are the as-a-service business”.

“Whether you want to run it on sheet metal on your own premise, you want to run it up in the cloud, or if you want to do it in some sort of a hybrid way, we can bundle all of this together, including your support services, into a Greenlake-as-a-service agreement, and provide you telco-as-a-service. Whether you’re an enterprise or an operator, we can be that business partner,” says Edlund.

Gift this article