Cloud and Edge Computing

The document focuses on identifying the additional support that needs to be provided by MEC when MEC applications run on alternative virtualization technologies, such as containers. The document collects and analyses the use cases relating to the deployment of such alternative virtualization technologies, evaluates the gaps from the currently defined MEC functionalities, and identifies new recommendations. As ETSI NFV is also working on alternative virtualization technologies, the MEC work should be aligned with NFV where applicable. The document also recommends the necessary normative work to close any identified gaps.

The document describes the key issues, solution proposals and recommendations for MEC integration into 3GPP 5G system. The following aspects are addressed: MEC System interactions with the 5G System, including the correspondence of the current MEC procedures to procedures available in 3GPP 5G system specification, options for the functional split between MEC and 5G Common API framework, realization of MEC as 5G Application Function(s). In addition the document addresses the scope and the preferred way of proceeding with the identified future technical work, as well as the identification of any missing 5G system functionality for MEC integration.

The document studies the applicability of MEC specifications to inter-MEC systems and MEC-Cloud systems coordination that supports e.g. application instance relocation, synchronization and similar functionalities. Another subject of this study is the enablement and/or enhancement of functionalities for application lifecycle management by third parties (e.g. application developers).

The document studies the security enhancements on the support for Edge Computing in the 5G Core network defined in TR 23.748, and application architecture for enabling Edge Applications defined in TR 23.758 and TS 23.558. Potential security requirements are provided and possible security enhancements to 5GS and edge application architecture are proposed that meet these security requirements.

This document provides terms and definitions for vocabulary used in the field of cloud computing.

OpenFog Consortium--OpenFog Reference Architecture for Fog Computing is adopted by this standard. OpenFog Reference Architecture [OPFRA001.020817] is a structural and functional prescription of an open, interoperable, horizontal system architecture for distributing computing, storage, control and networking functions closer to the users along a cloud-to-thing continuum of communicating, computing, sensing and actuating entities. It encompasses various approaches to disperse Information Technology (IT), Communication Technology (CT) and Operational Technology (OT) Services through information messaging infrastructure as well as legacy and emerging multi-access networking technologies

Recommendation ITU-T X.1602 analyses the maturity levels of software as a service (SaaS) application and proposes security requirements to provide a consistent and secure service execution environment for SaaS applications. These proposed requirements originate from cloud service providers (CSP) and cloud service partners (CSN) as they need a SaaS application environment to meet their demands on security. The requirements are general and independent of any service or scenario specific model (e.g. web services, or representational state transfer (REST)), assumptions or solutions.

Recommendation X.1643 analyses security threats and challenges on virtualization container in cloud computing environment and specifies a reference framework with security guidelines for virtualization container in cloud.

Recommendation ITUT X.SRCaaS recommends the security requirements of communication as a service (CaaS) application environments with the identification of the risks. The Recommendation describes the scenarios and the features of CaaS, into which multicommunication capabilities are plugged. Moreover, some special /unique risks are identified, which are caused by the unique features of CaaS. The corresponding security requirements are recommended for the following aspects: Identity fraud, orchestration security, multi devices security, countering spam, privacy protection, infrastructure attack, attack from infrastructure, Intranet attack and so on. The Recommendation refers to the common security requirements of Recommendation ITUT X.1602 to avoid duplicated work. These measures in the requirements take into account the national legal and regulatory obligations in individual member states in which the platforms operate. The work applies the methodology standardized in clause 10 of Recommendation ITU-T X.1601.

Infrastructure as a Service (IaaS) is one of the representative categories of cloud services, in which the cloud capabilities service provided to the CSC is an infrastructure capabilities type. IaaS environments and virtualized services are facing more challenges and threats than traditional information technology infrastructure and application. Platforms that share computing, storage, and network services need protections specific to the threats in the IaaS environment. If these threats are not carefully addressed, it will have very negative impact on the development of IaaS services.Recommendation ITU- X.SRIaaS aims to document the security requirements of public IaaS. This will be helpful for IaaS CSPs to improve the overall security level throughout the planning, constructing and operating stages of IaaS platform and services. This work also complements the security standardization activity related to Software Defined Networks

Network as a Service (NaaS) is one of the representative cloud service categories, in which the capability provided to the cloud service customer (CSC) is transport connectivity and related network capabilities. NaaS services can provide any of three cloud capabilities as: NaaS application service, NaaS platform service and NaaS connectivity service. All the three kinds of NaaS service face particular security challenges such as application security vulnerabilities, security risks of network virtualization, eavesdropping, etc. Recommendation ITU-T X.SRNaaS analyses the security challenges and security requirements of NaaS application, NaaS platform and NaaS connectivity. This Recommendation could help NaaS service providers to address on the security issues. The capabilities provided by this Recommendation will take into account the national legal and regulatory obligations in individual Member States in which the NaaS services operate.The methodology of this proposal would follow the recommendations of clause 10 in Recommendation ITU-T X.1601.

This Recommendation specifies the requirements and capabilities of data aware networking (DAN) to realize the use cases and scenarios described in ITU-T Supplement 35 to Recommendation Y.3033, Data aware networking - Scenarios and use cases, which are expected to be major applications/services provided on DAN. One of the objectives reflecting emerging requirements for future networks (FNs) is data awareness as specified in ITU-T Recommendation Y.3001 - Future networks: Objectives and design goals. DAN is expected to have capabilities optimized to handle enormous amount of data and to enable users to access desired data safely, easily, quickly, and accurately, regardless of their location by making information the destination of request delivery. DAN can be rephrased as the networking whose central concern is retrieving information, i.e., information centric networking (ICN).