Nokia Container Services: Benefits

You might also like

Download as pdf or txt
Download as pdf or txt
You are on page 1of 3

Nokia Container Services

Nokia Container Services is a turn-key Containers as a Service (CaaS) offering

for deploying, orchestrating, monitoring and managing containers and
container-based applications for Telco cloud use cases. It offers critical
functions that support always-on services including access controls, security,
and high availability.

Cloud computing in all market segments is moving

towards containerized workloads and applications,
based on microservices. The evolution to cloud- • Deploy anywhere: NCS can be deployed on a
based microservices promises greater agility and plethora of platforms: bare metal (on reference
granular scalability than the large and monolithic hardware configurations), CBIS (or other
Virtualized Network Functions (VNFs). Tools to OpenStack), VMware, AWS EC2 and Azure.
manage and govern the cloud computing world are • Automated application Life Cycle Management
changing too, and this is where Nokia Container (LCM): Kubernetes-based LCM using Helm charts
Services plays.
• Configuration flexibility: A variety of Container
Nokia Container Services (NCS) packages the Networking Interface (CNI) choices are available
necessary tools and capabilities for carrier grade, including: Calico, DANM, Multus, SRIOV, DPDK and
container-based cloud infrastructure. It offers others. Storage types that are supported include:
Communications Service Providers (CSPs) turn-key Ceph, Cinder, Rook, and local storage.
Containers-as-a-Service (CaaS) virtualization on
• Serviceability and automation: Automated
which to deploy their network, OSS, and BSS.
cluster management. Monitoring by Prometheus/
NCS provides CaaS functionality for deployment of Zabbix for fault and performance management
containerized applications in private clouds, public and Elasticsearch for logs.
clouds, and on bare metal. The platform is multi-
• Security: Multi-tenancy integrated into user
vendor, multi-tenant and carrier grade.
management, Role Based Access Control (RBAC),
Nokia has embraced Kubernetes as the core of the Single Signon (SSO), and Harbor integrated
NCS platform. To that end, Nokia pre-integrated as the multi-tenant registry. The design is
dozens of best-of-breed Open Source components based on Nokia Design for Security, including
and built automation tooling around them, which operating system and Kubernetes best practices.
help you streamline operations and support agility Networking security with network policies and
improvements and TCO reductions that are critical traffic separation.
for your commercial success, especially in 5G.
• NCS is Cloud Native Computing Foundation
With NCS, you have the freedom to deploy (CNCF) certified
anywhere. Nokia can support your transition from
current infrastructure to containerized deployments.

1 Data sheet
Nokia Container Services
Logical architecture NCS cluster services
NCS provides complete life cycle management
and main functions functions to users for NCS management after
deployment, including:
NCS leverages Kubernetes for container
management and orchestration. In this way, NCS • Scale-in/scale-out: Infrastructure scaling
supports deployment and life cycle management operations which allow addition or removal of
of software applications that are composed as nodes from a cluster. When NCS is deployed over
microservices running on Docker or other container bare metal, this activity is triggered via the NCS
runtimes. NCS supports multiple container runtime Manager, in a single, automated step. Auto-scale
options, as well as leveraging Kubernetes pluggable is also supported.
interfaces for networking and storage integration • Control node recovery: Control nodes are not
and Helm for package management. scalable, and this NCS Manager-driven operation
Nokia Container Services (NCS) automates the recovery of the node.
• Heal: Operation is used to recover a failed
Cluster services Security
Application node. In bare metal deployments, the operation
High availability Multi-tenancy reinstalls the OS and recovers all services running
on the node.
Automated operations
• Upgrade & rollback
Container runtime Kubernetes • Backup & restore: Backup and restore of
infrastructure configuration is supported.
Operating system
• Cluster monitoring, alarming, and logging.
Application services
• NCS provides Helm to support application
An NCS system consists of an NCS manager
installation and management.
node to deploy and manage the NCS system,
3 control nodes to run the K8s control plane and • All standard Helm lifecycle events are supported,
a varying number of worker/edge nodes to run the plus NCS enhances Helm with plugins for heal,
application workloads. NCS also provides support scale in/out, and backup/restore.
for a small footprint. • Istio service mesh provided as an optional add-on.
Edge nodes are a special type of worker node
designed to interface with the external network, High Availability (HA)
and it provides a proxy for data traffic in and out • Redundancy is built into all key NCS system
of the NCS cluster. components.
For Virtual Machine (VM) based deployments, one • Node groups/labeling/affinity rules, etc. are
NCS system can support hundreds of worker/ supported to control workload placement on
edge node VMs. NCS uses Terraform providers to nodes and across availability zones.
interface to the APIs of the virtual infrastructure
For bare metal deployments, NCS is certified on • NCS is a multi-tenant platform with features
reference hardware which can be configured for provided using namespaces and resource quotas
small deployments with shared worker/storage to provide isolation between tenant applications.
nodes to large deployments with dedicated Per tenant user management via RBAC is provided
storage and monitoring/logging servers. to restrict user access to only the select tenant’s

2 Data sheet
Nokia Container Services
Security In-service software upgrade
Nokia Container Services provides security settings Nokia Container Services can be upgraded to
to address configuration management using new releases, while remaining in service. Failed
automated hardening tools that address the related components can be recovered automatically.
standards, customers and best-practice security A configurable backup and restore function based
requirements. The RBAC mechanism allows the on customer preferences is available.
operator to restrict user authorized actions on
a system. The permissions to perform certain
operations are assigned to specific roles and
users based on its policies.

Product characteristics
Networking IPv4, IPv6, load balancing, CNIs (Calico, Multus, DANM, Weave, IP VLAN, MAC VLAN, vhost-user, Host
device, SRIOV)
Storage CSI Manila, CEPHFS, Cinder, CephRBD, Rook, GlusterFS, local storage, local disk (bare metal), vSphere
(vCenter), EBS (AWS), Azure Disk (Azure)
Logging & Monitoring Elascticsearch, Prometheus, Zabbix
Application life cycle events Install/delete, scale-in/scale-out, heal, disaster recovery, upgrade/rollback, update configuration,
Services Backup & restore, DNS, high availability, local Docker registry, local Helm chart repository
Security TLS, Role Based Access Control (RBAC), pod security policy (PSP), Center for Internet Security (CIS)
benchmark, Nokia Design for Security (DFSEC) and General Data Protection Regulation (GDPR)
Cluster lifecycle events Install/uninstall, scale-in/scale-out, heal, disaster recovery, upgrade/rollback
Operating systems CentOS
1 Some configurations will require additional certification by services.

About Nokia
We create the technology to connect the world. Powered by the research and innovation of Nokia Bell Labs, we serve communications service providers, governments,
large enterprises and consumers, with the industry’s most complete, end-to-end portfolio of products, services and licensing.

From the enabling infrastructure for 5G and the Internet of Things, to emerging applications in digital health, we are shaping the future of technology to transform the
human experience.

Nokia operates a policy of ongoing development and has made all reasonable efforts to ensure that the content of this document is adequate and free of material errors
and omissions. Nokia assumes no responsibility for any inaccuracies in this document and reserves the right to change, modify, transfer, or otherwise revise this publication
without notice.

Nokia is a registered trademark of Nokia Corporation. Other product and company names mentioned herein may be trademarks or trade names of their respective owners.

© 2020 Nokia

Nokia Oyj
Karaportti 3
FI-02610 Espoo, Finland
Tel. +358 (0) 10 44 88 000

Document code: SR2008046501EN (September) CID207821

You might also like