Directory-enabled Networking Manages OSS Complexities

With the unique operational complexities of managed IP services and applications becoming increasingly apparent, carriers and service providers are turning their attention to directory-enabled networking.

In directory-enabled networking (DEN), a discrete array of customer and service information—users, applications, services, computing devices, networks, etc.—is managed and accessible from a single interface. By managing the data, as well as the relationships among data, DEN technologies facilitate automated, consistent provisioning across all enterprise OSSs.

Many carriers and service providers are implementing directory-enabled networking through the deployment of next-generation service fulfillment software platforms that leverage existing OSSs. With these directory-driven systems, carriers and service providers can define and automate the provisioning of service activation, create billing records and manage subscribers and their services more efficiently.

Defining DEN

The Distributed Management Task Force (DMTF) leads the development, adoption and unification of management standards and initiatives for desktop, enterprise and Internet environments. Over the past 10 years, it has developed and implemented notable standards and initiatives such as the Desktop Management Interface (DMI), Common Information Model (CIM), Web Based Enterprise Management (WBEM), DEN, System Management BIOS (SMBIOS) and Alert Standard Format (ASF).

Together these initiatives have been instrumental in developing next-generation systems for service fulfillment. The DEN initiative is designed to provide the building blocks for more intelligent management by mapping concepts from CIM (such as systems, services and policies) to a directory, and integrating this information with other WBEM elements in the management infrastructure. Common schema and semantics are especially important when defining and decomposing platform-neutral, high-level policies. Integration within the WBEM infrastructure ties high-level, infrequently changing directory data to the other, more real-time components of the management infrastructure. As a result, directory-based solutions utilize existing user and enterprise-wide data already present in a company’s directory, empower end-to-end services and support distributed network-wide service creation, provisioning and management.

Understanding DEN

Various myths surround directory technologies, including that directories are designed to take the place of CRM and other task-specific systems, that implementing DEN is expensive and increases load on the network, and that deploying directories requires effectively duplicating the server farm of databases in a service provider’s operations center.

Each of these myths is based on a common misconception that implementing directory technologies entails federating the data in all of the various OSS silos throughout a network into one massive master profile, something that doesn’t make sense.

Today’s OSS vendors are implementing a well-conceived DEN infrastructure to manage customers and services. The directory is essentially a smart, customer-oriented index of all the data already in the network. The data that must be shared is based on analyses of business scenarios and profiles such that the directory knows where to go for information and culls out only what is needed for dynamic service delivery. CRM data stays in the CRM system, for example; billing data stays in the billing system. Their functions are not taken over by the directory technology; rather, the technology simply provides a means for referring to common information across OSS silos and eliminates the need to duplicate and reconcile data.

Whereas middleware provides only communications among the systems within a network, directory technologies foster a more fully functioning OSS environment. Next-generation services are fundamentally different from their predecessors and each other—each with its own, unique provisioning paradigm and data idiosyncrasies. Delivering more sophisticated functionality than middleware, the best directory technologies create order in networks without increasing loads. They make sense of the relationships among OSS, data and network equipment; unify and simplify their management; and enable each individual system to function at higher levels.

How and Where To Get Started

Service providers have traditionally deployed separate OSSs to track usage and faults and manage the billing associated with each new networking technology, and then built new connectors into a mesh of existing connectors to launch and activate new services. However, service providers understood that, long-term, it was an unscalable and ultimately unprofitable model. Instead, a cohesive layer that ties the separate OSSs together makes more sense.

Directory-driven service fulfillment software occupies a separate layer over all of the task-specific OSSs in a service provider’s network, unifying front-end, customer-facing service portals with the back-end OSSs that execute service authentication, activation and billing across the network. Through tight integration, the new platforms prevent operational costs from draining the revenue potential of advanced IP services.

At the front end, the customer selects and adjusts specifications for hosted applications and network services through an intuitive, Web-based portal, which defines and publishes offerings and their associated commercial terms. With a portal fortified by extensive self-management functionality, the customer’s network administrator assumes the responsibility of setting and fluidly readjusting the enterprise’s hierarchical user groups and entitlements. The customer is empowered, and the service provider takes advantage of decreased workload on its operations personnel.

At the back end, service delivery is automated end-to-end across the service provider’s multi-vendor, multi-technology network. The service fulfillment piece leverages directories by converting customer service requirements into automated activation processes, thereby eliminating manual, device-by-device configuration commands. This approach speeds service delivery, reduces activation errors and simplifies configuration and maintenance, hence generating operational savings.

Service providers gain automated control over services, users, systems and equipment in their networks, as well as a scalable and repeatable manner to deliver advanced IP services. A directory-enabled service fulfillment system streamlines order handling, equipment procurement and deployment, service provisioning, problem resolution and billing, and averts numerous truck rolls and other costly, error-prone manual actions.

Delivering Market-Responsive Services

A quality, directory-enabled service fulfillment system includes combining the network with the intelligence and flexibility to quickly and cost-effectively meet business customers’ needs for any emerging application or service, such as Internet services, IP VPNs or voice over IP.

These services also include managed firewalls, in which the service provider applies configurable security criteria to all traffic entering or exiting an enterprise network to prevent unauthorized access; secure access to CRM, accounting and human resources applications, which requires intensive hosting, management and support that exceeds the capabilities and budgets of most small or medium-sized businesses; and Microsoft Exchange for email, scheduling and other collaboration and messaging tasks.

Supporting IP VPNs is not without its challenges, such as building the high-level internal expertise to manage them; accommodating frequent adds, moves and changes, especially in the case of remote-access VPNs; maintaining billing accuracy; managing multiple IP VPN vendor solutions in the same network; bundling IP VPN offerings in combination with other services; and executing dozens of commands per IPSec tunnel end point. These challenges can render an IP VPN offering unprofitable.

Additionally, delivering such a complex service traditionally requires involving multiple organizations within the service provider’s business: service planners to define activation parameters and commercial terms, customer service representatives to receive orders and gather the information necessary to initiate delivery, operations personnel to configure and deploy necessary equipment, and skilled engineering staff to activate and maintain the service properly. When communications and process handoffs among these groups occur via email, fax or other paper-based work orders, provisioning delays, information discrepancies and duplications are virtually inevitable.

A directory-enabled service fulfillment approach for IP VPNs can keep operational costs in check by streamlining processes and reducing touch points within the service provider organization.

Service providers define service characteristics such as the type of VPN, encryption and authentication to be supported with particular offerings. For example, the service provider could create an offering that includes the default IPSec attributes of Autokey IKE pre-shared secret for authentication and 3DES for encryption. It would then publish that offering at its Web-based portal.

A company seeking to link its Chicago and New York locations would select the service on the portal. With its directories drawing from internal records or external databases, the service fulfillment solution would identify the customer’s equipment in Chicago and New York and create device-specific configuration commands. Using this information and previously defined default attributes for the service—including configurations, workflows and processes—the service fulfillment solution would initiate automated provisioning across multiple organizations, technologies and networks of various protocols. The service provider could enable customers to manage their own user updates, again through the service portal. All billable events defined throughout these processes would seamlessly generate billing records.

Finally, such an approach allows a service provider to establish a profitable model for quickly and repeatedly delivering IP VPNs. And it allows customers to affordably implement sophisticated IP VPNs in-house with minimal customer premise hardware and without elaborate information technology expertise.



Richard Burke is director of product development at Atreus Systems. He has more than a decade of engineering experience inventing scalable element, network and service management platforms. Mr. Burke recently held senior management positions at Newbridge Networks, where he successfully led the product development of the next-generation service creation platform: the 48020 MultiNetwork Service Controller. Mr. Burke holds a number of patents in network and service management including “A Method for Improved Service Reliability” and “Hybrid Routed ATM PVC/SPVC Services”. He can be reached at rburke@atreus-systems.com