Zero Trust for Private 5G and Edge
- 1. Zero Trust for Private 5G/Edge
- 2. Welcome Dr. Ken Urquhart Global Vice-President 5G Strategy 5G • Cybersecurity • AI • Engineering • GIS • Quantum Computing • Founder • Mentor • Speaker • Cats Jay Lawrence General Manager Technology Enablement 5G • Telecom • Strategy • AI/ML • IaaS • Cloud • Systems Integration • “40-under-40 Award” Recipient
- 3. • What is 5G? • Benefits of Private 5G • 5G Network Architecture • What about 5G Security? • Zero Trust for 5G • ZT from Metal to Cloud
- 4. 10 Gbps data rates (4x faster than 4G) 100 times more bandwidth than 4G Network slicing One-millisecond latency (Edge) 1 million devices per km2 Reduced endpoint energy consumption 5G B Y T H E N U M B E R S
- 5. Mobile operators were the only path to private mobile networks • Enterprises challenges of complexity, radio spectrum licensing rules, and cost considerations • 5G enables new options for adding telco-style infrastructure to Enterprise IT • Buy telco components directly, bid at frequency auctions, sub-license spectrum, or use radio spectrum allocated to business (CBRS)
- 6. Private 5G means Private high-speed wireless telco network Own infrastructure, radios, core, management Full control of network data flows, structure, and costs High-speed, high-bandwidth, real- time capabilities Responsible for end-to-end security Enterprise ownership and control
- 7. Enterprise 5G private network • Network isolation • Spectrum lease (CBRS) • Control of security, design, ops & deployment Operator 5G + enterprise infra • Onsite (private) computing • Operator & Enterprise MEC • Shared radios • Shared security Operator 5G public network • Infrastructure & spectrum • Operator Edge (MEC) • SLA & support • Isolation and privacy • Operator security A range of private 5G deployment options Operator managed Enterprise managed
- 9. #1 Performance • Improved speed, reliability, and capacity • New and valuable low-latency use cases • Higher data rates, massive numbers of devices, and efficiency at scale
- 10. #2 Flexibility • Interoperate with 4G, WiFi, Low- Earth Orbit, others • Keep Wi-Fi and use 5G for critical apps/services • Multiple frequency bands for speed vs. range • Network slicing
- 11. #3 Security • SIM for network access • SIM for Device ID and Auth • Stronger encryption than 4G • Private data stays in the Enterprise
- 12. #4 Cost • Improved uptime, and ultra-reliability • Interoperability of radios and cores lowers the barrier to entry for non-Operators • No fees, rate increases, overages, or other billing surprises…
- 14. User Plane Function Radios Control Plane User Plane Signals & Data Data Networks AMF SMF UDM PCF N3 N6 N4 N1 & N2 AUSF NSSF 5G-SA Core NEF NRF Network Slice Selection Function Network Exposure Function Network Repository Function Unified Data Management Policy Control Function Authentication Server Function Core Access and Mobility Management Function Session Management Function Edge Compute Any Device / Data Source 5G Network Architecture 14 • 3GPP Standards • HTTP/2 Restful Interfaces • Cloud ready • Virtualized & Scalable • Specifications evolving
- 15. 5G Network Architecture 15 User Plane Function Radios Control Plane User Plane Signals & Data Data Networks N3 N6 N4 N1 & N2 Edge Compute Any Device / Data Source 5G CORE
- 16. User Plane Function Radios Control Plane User Plane Signals & Data Data Networks N3 N6 N4 N1 & N2 Edge Compute Any Device / Data Source Multiple solutions and form factors for 5G/Edge/RAN 16 5G CORE Compact edge 1U Rackmount 2U Rackmount Fanless Systems from Atom, Core to Intel Xeon D Outdoor edge DC Racks
- 17. 17 5G/Edge/RAN Small (Atom/Core) Large (Single Socket Core / Xeon-SP 1 - 3 GPU/VPU & I/O options) X-Large (Dual Socket Xeon-SP 3 or more GPU/VPU) vNF Workloads Throughput SYS-220HE SYS-E403P SYS-110P SYS-E5019A ✔ Built for Net/Comms ✔ 2x workloads ✔ Power Needs ✔ Increased internal connections ✔ Redundancy/HA ✔ Expandability ✔ Flexible ✔ Rackmount or standalone ✔ NEBS and harsher certifications ✔ Cost Effective ✔ Enterprise driven ✔ Normalized Workloads ✔ uCPE & Intel Select solutions ✔ SMB capable ✔ Lower power consumption Minimal Port / Throughput Maximum Port / Throughput SYS-E50/100/302 Medium (Single Socket Core / Xeon-D 1 GPU/VPU & I/O options) SYS-510D SYS-210SE
- 18. CPU Support Compact Tower 1U UP Compact Rackmount (Front I/O) Performance Server Atom Core i Xeon-D Xeon SP UP Xeon SP DP Xeon-E Mobile Core I Mobile Atom IoT WIO Cloud DC 6-12W Xeon-W 15W 8-32W 80W 95W 100W 270W 65W 2U UP Short Depth Server Hyper E Micro Tower Mini Tower Box PC, Fanless Server 2U DP Short Depth Server Edge 2U Multinode Server Outdoor IP65 Super Edge
- 19. W H AT A B O U T 5 G S E C U R I T Y ?
- 20. User Plane Function Radios Control Plane User Plane Signals & Data Data Networks N3 N6 N4 N1 & N2 Edge Compute Any Device / Data Source 5G Network Architecture 20 5G CORE Firewall Firewall Firewall Firewall Firewall
- 21. Zero Trust Security May 2021: Executive Order on Improving the Nation’s Cybersecurity https://www.whitehouse.gov/briefing-room/presidential-actions/ 2021/05/12/executive-order-on-improving-the-nations- cybersecurity/ March 2022: Statement by President Biden on our Nation’s Cybersecurity https://www.whitehouse.gov/briefing-room/statements- releases/2022/03/21/statement-by-president-biden-on-our- nations-cybersecurity/ Zero Trust approach • Assume a breach is inevitable (or has already occurred) • Constantly limit access to only what is needed • Looks for anomalous/malicious activity everywhere
- 22. Zero trust for 5G/RAN • End-to-end protection: o Device ◀︎▶︎ RAN ◀︎▶︎ 5G ◀︎▶︎ Edge ︎◀︎▶︎ Cloud • Does not matter how many 5G networks you cross • Protection now as 5G/RAN/security models evolve • Protection for your Core/RAN/Edge choice(s) • Protection within network slices as tech matures
- 23. User Plane Function Radios Control Plane User Plane Signals & Data Data Networks N3 N6 N4 N1 & N2 Edge Compute Any Device / Data Source 5G Network + Zscaler 5G CORE Firewall Firewall Firewall Firewall Firewall • Zero Trust from devices to edges to clouds • Visibility of devices to edges to clouds • Integrated with Zscaler ZIA, ZPA, ZDX, … • Secure today while 5G matures • Hyperfine Slicing™ within 5G slices
- 24. Zero Trust: Metal to Cloud 2
- 25. Expanded Features ✓ Redfish 1.8 ✓ Console Video Capture ✓ Broadcom Secure Erase ✓ NVidia GPU monitoring Enhanced Security ✓ Hardware Root of Trust (ROT) ✓ Trusted Execution Environment (Trust Zone) ✓ System Lockdown to prevent unintentional system changes ✓ Secure Account Management Higher Performance ✓ ASPEED AST2600 processor ✓ LAN Over USB (Host Interface) Better User Experience ✓ Modern BMC User Interface ✓ System Component Inventory & Health Monitoring ✓ Enhanced Storage Management Supermicro BMC Features for New Generation Platforms
- 26. Why does Hardware Root of Trust matter? • Verify endpoint compute received by the customer matches the hardware specifications ordered • Verify that endpoint compute is network attached as configured • Quarantine incorrectly configured endpoint computers Zscaler 26 ▶︎ HW Root of Trust + Network Zero Trust = Zero Trust Metal to Cloud
- 27. Want to know more? 2 Contact us: JayLawrence@Supermicro.com KenU@Zscaler.com
- 28. Thank You Dr. Ken Urquhart Global Vice-President 5G Strategy 5G • Cybersecurity • AI • Engineering • GIS • Quantum Computing • Founder • Mentor • Speaker • Cats Jay Lawrence General Manager Technology Enablement 5G • Telecom • Strategy • AI/ML • IaaS • Cloud • Systems Integration • “40-under-40 Award” Recipient
Editor's Notes
- #8: CBRS = Citizens Broadband Radio Service
- #19: New High-Performance, Low-Power Supermicro Edge Systems Extend Edge Solutions Portfolio -- Opens New Telco, Industrial, and Intelligent Edge Opportunities https://www.supermicro.com/en/pressreleases/new-high-performance-low-power-supermicro-edge-systems-extend-edge-solutions Intel® Xeon® D Processors for IoT https://www.intel.com/content/www/us/en/products/docs/processors/xeon-d/intelligent-iot-edge-product-brief.html