Security Orchestrator: Introducing a Security Orchestrator in the Context of the ETSI NFV Reference Architecture

Abstract

During the last two years, the ETSI NFV Management and Orchestration (MANO) working group has defined the ETSI NFV Reference Architecture. Network Function Virtualization (NFV) means the virtualization of telco network elements intending to get away from specialized or proprietary network appliances by leveraging standard IT virtualization technologies (clouds). One main intention of ETSI NFV MANO is controlling the NFV environment as much as possible through automation and orchestration. As security is a key requirement of virtual networking in the context of NFV environments, the same principles should apply to security management in ETSI NFV. Therefore it is proposed introducing a Security Orchestrator to meet this requirement. This paper describes the ETSI NFV Reference Architecture enhanced by the Security Orchestrator as well as the interworking of the Security Orchestrator with the already defined ETSI NFV orchestration and management entities like the NFV Orchestrator, the VNF Manager(s), the Element Manager(s) and the Virtual Infrastructure Manager(s). Additionally it defines the security orchestration tasks as well as the interfaces required to interact with the existing ETSI NFV Reference Architecture.