Bringing together CSP experts and leaders to discuss their DNS, DHCP, and IPAM solutions, collectively known as DDI, Telecom Review successfully hosted the virtual panel, “How Modernized DDI Underpins the Future of Telco Cloud,” in collaboration with Infoblox.
Toni Eid, CEO of Trace Media International and Founder of Telecom Review Group, welcomed the guest moderator, Amer Kayyal, Senior Manager, Technology Consulting-Cybersecurity, EY, as well as the esteemed panelists who were present for the discussion: Omar Almansoori, Vice President, Consumer & Business Services Design, Technology & IT, etisalat by e&; Zeeshan Masood, Director of ICT Managed Services and Cloud Operations, PTCL Group; Humoud Alkhamees, Mobile Networks Team Leader at Network Engineering Division, Zain Kuwait; and Hesham El-Sherif, Territory Account Manager, Infoblox.
Two Sides of DDI: Operational and Security Mandates
Before delving into the discussion itself, Kayyal, as moderator, shared a quick overview of his understanding of the topic. “Due to the requirements of modern enterprises, managing these fundamental services [DDI] from a network perspective is very important… The environment is continuously growing as we are depending on either second- or third-party providers for us to be able to provide the operational requirements of that enterprise. However, from a cybersecurity perspective, it's also equally important, as there are multiple attack vectors that target DDI solutions,” he explained.
When asked about the top challenges faced within their operations, Masood mentioned “system reliability, network visibility and security.” Thus, it is important to add control to the DDI services within the telco cloud, which is centrally managed by a system like Infoblox. “DDI actively contributes to the managing and monitoring of network devices.”
Masood cited Pakistan’s environment, where, despite the lack of 5G network services, PTCL and team “ensure that the security of the network infrastructure and customer data is appropriate” within 3G and 4G services. DDI solutions are used in this environment to safeguard against cybersecurity threats.
Almansoori said that DDI originated in the internet and has now come into the cloud space, giving it the capability to introduce “automation, scalability and so on that gives more value.” e& deployed these services on the cloud and gave the advantages of “being able to scale in or out, improving the latency of the consumer as well as improving the efficiency when operating the platform.”
Almansoori also confirmed that they received positive feedback upon deploying DDI solutions; particularly when it comes to monitoring, they knew exactly “where they have doubts and gaps before.”
As a result, he sees that modernized DDI solutions will keep on improving in the future, supporting “container-based kinds of applications and microservices that meet the requirements of 5G, among other use cases.”
For Alkhamees, choosing the right DDI vendor and solutions design are very important. When starting their deployment at Zain Kuwait, they had two options: a legacy vendor method or a fully virtualized DDI solution. They chose the latter and currently implement a full-fledged DDI solution, including internet DNS, recursive DNS and authoritative DNS.
According to the Kuwaiti-based operator, with DDI solutions on the cloud, the risk of hardware failure in their operations has been eliminated. Through their automation tool, they can easily spin up a virtual instance, whether it’s a bug, system crash or software issue.
Regarding the cybersecurity aspect, along with Zain Kuwait’s defense protection programs and strict access control list (ACL), having DDI on the cloud reduces the attack surface, which, when not prevented, can lead to lost subscribers and challenged clients.
Telco Cloud Environment: Reliability, Automation and Scalability
“The main pillar of telco cloud is to decouple the software and the solution from the hardware and the location itself,” expressed El-Sherif. “The technology evolvement now is going very, very high; we cannot even predict what's going to happen.”
The Infoblox representative pointed out that when service providers invest in a solution, they won’t continue to do it every single year, which is where the telco cloud becomes very advantageous.
“For this, we need very centralized and proper visibility to know when and what decisions to make, and to minimize human intervention; it should [be] automated,” added El-Sherif.
“At the same time, it's very important to maintain the reliability. When we give the control to the service providers, we give the flexibility to the designers, implementers and service providers, as well as the operation team, who will have the trust that he can fulfill his requirement,” he noted.
DDI solutions will adopt all the standard APIs that can provide the control and integration with all service providers through an orchestration solution to achieve reliability, scalability and security.
Additionally, when onboarded in the cloud, DDI solutions give “more features,” noted Almansoori. “You are able to decouple functionalities and give an advanced experience to the operation and to the end users.”
5G Evolution and DDI Solutions
Speaking about this ongoing evolution, Humoud Alkhamees said that when we talk about 5G network benefits — higher capacity, increased bandwidth, and ultra-low latency — it only means that there will be a surge of connected users to networks. “Given this scenario, to have a DDI solution deployed on a telco cloud means that we can easily scale up our DNS to cater to all devices' DNS queries through automation. More users also mean a higher cybersecurity threat, which is normal in any public network. Having the security mechanism deployed to avoid elements of DNS poisoning, or spoofing, and other cyberattacks is important. Also, there should be a dynamic load balance of traffic and distributed defenses across the multiple DNS servers to ensure that the network can handle the increased traffic during peak hours. These are the three main benefits of having DDI within the 5G environment,” Alkhamees said.
“In today's scenario, 5G is mainly used for the B2B segment, so we started communicating with our B2B team, trying to promote the real use cases of 5G along with the DDI solution to our corporate customers. DNS latency is a critical factor in the overall network performance, and to be able to reduce it and help in real-time IoT applications, we have started deploying our first edge site MEC with a telco cloud to help spin up a new DNS closer to the corporate to reduce the latency of DNS queries,” he added.
Efficient Security Practices in the Telco Cloud
Zeeshan Masood offered that “for multiple security challenges that we face, we implement the access controls by integrating segments within the network with the implementation of a strong authentication and accreditation mechanism that only authorized personnel can access the cloud environment. We maintain network security by implementing the firewalls, IPS and WAP solutions in the network environment for security devices and protection against cyber threats.” He said that data encryption was critical for sensitive user data to ensure its confidentiality and integrity from one point to another. He also cited the importance of regular vulnerability management practices within the network. “At PTCL, whenever we put any system or network application, or an application either on the cloud or on-premise, we regularly run the vulnerability management portfolio for vulnerabilities assessment and other security practices to mitigate the risk of cyberattacks. We have a well-defined security incident response plan within a network enforcement moment, and to address any security incident promptly, we engage the relevant team and take appropriate measures to control such security incidents,” he explained.
Omar H. Almansoori agreed with Zeeshan’s view and said security challenges are threats to infrastructure. “DNS protection and RPZ help operators from a consumer and operations perspective. We saw a big difference in the reduction of threats, and DDI added a value. DNS over TLS and DNS over HTTPS protected our infrastructure, and implementing such practices markedly reduces security holes in the future,” he said.
Cybersecurity as a Driver for Brand Protection
Alkhamees offered that protecting a brand’s reputation in the market was very important. “Talking from a technical perspective rather than a marketing strategy, we do this by ensuring that the quality, availability, and reliability of the services that we provide to our subscribers and customers are always up to the standard, be it internet access, e-commerce or group websites, mobile services, among others. The first phase is the DNS query, which needs to respond efficiently, and to do this, we have enabled security measures to ensure the reliability and availability of our services on both our recursive and our authoritative DNS servers and protect from various cyberattacks,” he said.
On this, Almansoori said that new threats were being introduced daily and that security protection was critical for any protection of brand reputation. “At etisalat, we have applied advanced DNS servers; we have Infoblox in our network; we have RPZ, with very good security functions and features; and [the] implementation of elements of DNS over TLS and DNS over HTTPS have maintained the trust of our customers on our brand’s security measures.”
DDI and Monetization of Value-Added Services
Hesham El-Sherif explained, “We engage the marketing team with service providers to listen to them carefully and advise some ideas. Service providers can take advantage of the huge infrastructure and the reach of all the customers and subscribers in their homes to host services on their premises with customized DNS servers, as all customers are not the same. For example, if we have an educational sector, we can offer them a more tightly secured, limited access to the DNS, just customized for the education services. Similarly, for banking, the security becomes completely different from other customers. We can have dedicated instances with a specific portfolio and configuration to fulfill this kind of business trend,” he explained.
Almansoori responded by saying, “We are utilizing [the] DDI solution as part of 5G slices for enterprise customers in one of the services that are available today.”
Masood said that for the monetization aspect, a dedicated and centralized DDI solution can enable CSPs to offer value-added services — subscription-based models, pay-per-use models, bundling with other services, and so on. He said that PTCL was combining the DDI solutions to provide value-added cloud services to its customers in Pakistan and nearby regions.
Alkhamees added his opinion by saying that deploying DDI solutions to the telco cloud simplifies the process of speeding up dedicated DNS virtual instances for our corporate as well as subscriber customers to give more control over internet accessibility and monetize the services that Zain is offering today.
Strategies and Outlook on the Future of Telco Cloud
When asked about the integration of DDI and other solutions at Zain Kuwait, Alkhamees explained that their quality and performance management OSS is closely tied to all their solutions. This includes monitoring performance and availability, checking for hardware issues, and tracking various KPIs.
Additionally, Zain Kuwait has a security report to monitor and protect against attacks. According to Alkhamees, their processes follow normal procedures, with 24/7 monitoring and automation to detect and alert them of incidents or issues. In some cases, specific workflows trigger automatic recovery after a critical issue occurs.
Next, the moderator asked Badaoui about the alignment of multi-vendor, multi-platform capability in a DDI solution with the company's strategy and how Infoblox contributes to technology optimization for key integrations. Badaoui emphasized that service providers have the flexibility to choose the best solution for their needs and that centralized management and control are crucial. For example, visibility and monitoring require the sending of logs and countermeasures to a unified dashboard that collects data from all vendors to set KPIs and intervene when necessary.
Badaoui noted that Infoblox works with full standardization in the market and offers an ecosystem concept, which allows for seamless integration with other solutions. In the case of a malware attack, for instance, Infoblox can trigger a KPI to orchestrate with multi-vendors and even firewalls to enforce policies and take extra precautions. This level of monitoring, visibility, and policy enforcement aligns with service providers' needs and helps enhance the overall experience for customers.
The final panel question looked ahead: “What is your outlook on the future of telco cloud? How fast will the integration be within digital telcos? What are your top priorities in the next 12 months?” Almansoori was the first to answer. He noted that their applications are cloud-ready, cloud-native, and micro-container-based. However, for deployment, compatibility with the cloud infrastructure is essential. The current deployment is already cloud-ready, and they are exploring microservices and container-based applications for future deployments. The aim is to support the agility of microservices and ensure that applications are container-based. Furthermore, Alkhamees stated that part of their digital transformation strategy involves virtualizing their network functions through a telco cloud, which offers benefits such as agility, flexibility, and reduced CAPEX and OPEX. While the transition to a fully virtualized environment can be challenging in the short term, they have already virtualized 90% of their network functions and plan to reach 100% in the next 12 months. They are also moving towards a containerized cloud-native environment, which requires support from their vendors. Ultimately, they aim to move from private to public container clouds in the future.
Additionally, Massood also commented on this question, stating that they have been focusing on a complete end-to-end cloud-native architecture. They have recently completed multiple projects where they modernized their infrastructure and moved their traditional legacy applications to a cloud-native architecture. Their focus for the next 12 months will be to move as many traditional applications as possible to a cloud-native architecture. They are also developing a robust digital transformation strategy, having already begun the journey in 2021 and 2022 by transforming multiple application services and digital platforms using cloud-native architecture. Lastly, they aim to improve their IP infrastructure and telco infrastructure within the network environment to enable further application, and deliver high-speed and low-latency services to end-users.
Wrap-Up
To summarize, Kayyal directed the virtual panel’s title, “How modernized DDI underpins the future of telco cloud,” to the panel’s sponsor, Infoblox, with El-Sherif answering, “DDI always comes first. The very first thing when we launch any system or device is an IP, and this IP, if we can assign it professionally, efficiently and secure, will relieve a lot of pain that may come later when it comes to telco cloud.”
“DDI starts from the infrastructure of the telco cloud. Then, whatever comes on top of the telco cloud also needs an IP and DNS, so the DDI needs to be adopted and certified. Cloud containerization is one of the main pillars as well that the DDI should work towards,” he continued.
Four poll questions were then asked by the moderator to the audience, and insights on them were drawn from the panelists as well.
The first question posed was, “Have you implemented the telco cloud in your environment?” where 43% answered yes and no, while the rest are assessing the move to the cloud. “The future is the cloud. You will not be able to build a robust network if you don't depend on third-party support,” commented Kayyal.
The second question pondered, “What is the most important aspect of a telco cloud environment?”, and here, 57% answered all: security, reliability, automation and scalability, while 29% focused on security and 14% on automation. Alkhamees shared his opinion that, for him, it is automation, as it is missing in most “IP and network environments.”
The third poll question asked, “In your perspective, why is it recommended to have a built-in DNS security and protection rather than a standalone solution?” with 80% agreeing that it’s a combination of minimizing latency, saving operation complexity and costs, and improving DNS security as well as visibility. In line with this, Almansoori held that this embedded solution was a “protection” part of the solution that would make much more sense than buying it from outside or from a third party.
Finally, when asked, “With deployments ongoing, what does 5G mandate from CSPs?”, Almansoori answered that it is improving latency for services and consumers, while Alkhamees agree that all three are important in 5G: automation, virtualization and low latency (same views as 71% of the audience).
Watch the full webinar here.
Watch the webinar highlights here.