MNO Cloud Use Case 2 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#43Tdoc SA3LI11_115.

Slides:



Advertisements
Similar presentations
Inter WISP WLAN roaming
Advertisements

Enabling Secure Internet Access with ISA Server
Network Systems Sales LLC
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Standards Certification Education & Training Publishing Conferences & Exhibits Using Outbound IP Connections for Remote Access EXPO 2005 Chicago, IL.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
MNO Cloud Use Case 3 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#43Tdoc SA3LI11_116.
Secure Lync mobile Authentication
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
Introducing Windows Server 2012 R2 Work Folders:
1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
Security Issues and Challenges in Cloud Computing
Technical Brief v1.0. Communication tools that broadcast visual content directly onto the screens of computers, using multiple channels and formats Easy.
CSE 190: Internet E-Commerce Lecture 16: Performance.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
1 Web Content Delivery Reading: Section and COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:
Lexmark Print Management
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
MNO Cloud Use Cases Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#42Tdoc SA3LI11_104.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
1 Enabling Secure Internet Access with ISA Server.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Discussion on LI for Mobile Clouds
The internet and the WWW
Windows 2003 and 802.1x Secure Wireless Deployments.
Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Cisco Discovery Working at a Small-to-Medium Business or ISP CHAPTER 7 ISP Services Jr.
Networks. What is a Network? Two or more computers linked together so they can send and receive data. We use them for sending s, downloading files,
MNO Cloud Use Cases 4 to 9 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#44Tdoc.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Virtual Connectivity Network Virtual Connectivity Networks – Improving Usability and Enhancing Security for Remote Access Jim Kokal Wavetrix President/CEO.
SUSE Linux Enterprise Desktop Administration Chapter 12 Administer Printing.
Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection.
Computer Emergency Notification System (CENS)
1 FAQ’S ABOUT WAP Presented By Abhilash Pillai CSCI 5939-Independent Study.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Sudarshan Yadav Sr. Program Manager, Microsoft
DNS Antidote Abhishek Madav( ) Suhas Tikoo( ) Urjit Khadilkar( )
Integrating and Troubleshooting Citrix Access Gateway.
TCP/IP (Transmission Control Protocol / Internet Protocol)
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Wavetrix Changing the Paradigm: Remote Access Using Outbound Connections Remote Monitoring, Control & Automation Orlando, FL October 6, 2005.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.
1 Welcome to Designing a Microsoft Windows 2000 Network Infrastructure.
BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Secure HTTP (HTTPS) Pat Morin COMP 2405.
Web and Proxy Server.
Installing TMG & Choosing a Client Type
Module 3: Enabling Access to Internet Resources
Enabling Secure Internet Access with TMG
Users and Administrators
Web Development Web Servers.
Securing the Network Perimeter with ISA 2004
Power BI Security Best Practices
Introduction to Networking
Chapter 3: Windows7 Part 4.
Unit 27: Network Operating Systems
Technical Capabilities
Managing a Distributed Environment
Protocol Application TCP/IP Layer Model
Wireless Spoofing Attacks on Mobile Devices
Users and Administrators
Presentation transcript:

MNO Cloud Use Case 2 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#43Tdoc SA3LI11_115 San Fanscico, 15 Nov– 18 Nov 2011

Introduction This document provides additional use cases and provides a brief description of the first Cloud Use Case as reference

List of Potential Cloud Use Cases relevant to LI Work Use Case 1: Filing Sharing Service with single MNO Use Case 2: MNO uses a Cloud server – Use Case 2a: MNO uses a Cloud server that provides redirection Use Case 3: The MNO hosts a cloud in its network Use Case 4: SMB or Enterprise use multiple MNO networks Use Case 5: Same as Use Case 4, but each MNO has a Cloud Server that proxies (extension of Use Case 2) Use Case 6: Same as use case 6, however MNO cloud server provides redirection (extension of Use Case 2a) to the 3rd party cloud App server Use Case 7: SMB or Enterprise use multiple MNO with their own Clouds (extension of Use Case 4) Use Case 8: Enterprise extension to the cloud Use Case 9; Local Break out

Use case 2 MNO uses a Cloud server – MNO deploys a Cloud server Application that provides access to the real cloud Client application Could be an IMS application – Real cloud is as in Use one, third party, that may be anywhere or relocated anywhere in the regulatory domains – MNO internal DNS resolves URI request to the MNO cloud server application – the external DNS resolves the URI requests for the Cloud server to an MNO Cloud Server – This server proxies all request to the cloud location, hiding and recording all transactions Allows multiple services and white label clouds to be supported

Use case 2 issues It may be required to handle lots of transactions – N number of hosted cloud services, It may be Attacked or spoofed (more than so than the core network, as it contains IPR (SMB files)) Not as efficient as other cases, scaling Allows clients to act as a network share – Access to files only when requested – May be difficult to issue a warrant, as device may in a different regulatory domain (roaming) It may or may not have access to the crypto keys for secure content Captures all transactions Registered Domains (administration)

Use case 2 issues How would cloud server application be identified to LEA? – URI redirection may not provide enough information as to the type of service Ie file share, or music, or – Crypto keys on content What applications would be used to authenticate users prior to redirection to real cloud – Ie users that masquerade as targets – What other information is required to authenticate user/ target Nothing precludes target for providing an associate with proper credentials to access the cloud services – What other information is gathered – MNO side and Non MNO side » HTTP get/ or application API information (what is encrypted and what is not) » IP address » Mac_ID » …

Use case 2a MNO uses a Cloud server – MNO deploys a Cloud server Application that provides access to the real cloud Client application Could be an IMS application – Real cloud is as in Use one, third party, that may be anywhere or relocated anywhere in the regulatory domains – the DNS resolves the URI requests for the Cloud server to an MNO Cloud Server – The cloud server Authenticates the user per service and provides a redirection to the real cloud and the resource requested – In general no content passed through the cloud Server – LEA will capture CII on the cloud server – It may be possible to augment the Cloud server to provide capture of content as in use case 2, if cloud server included LEA target capture

Use case 2a Issues Redirection Note that some form of authorizations should be used on this, else the user with the redirected URI, can easily modify that URI to access other resources/ files on the server. Ie – Many servers may allowing the user to access the file directory by modifing the URI to – But access block – So access to these other locations will not be captured by LEA – Who controls the file access (user, MNO, cloud app?) Captures all file requests, but may not capture all content Implementation may allow the 3 rd party Cloud to send to the cloud server file contents (for LEA and other government enterprise requirements (archival purposes)) or deleted files User access directly files from the Cloud – “off loads” delivery and access to cloud from the MNO cloud server – Concern over access locally on 3 rd party server to logs, or by the 3 rd party service provider to log, and or admin activities/ alarms of data sent to MNO cloud server.

Use case 2a Issues Access to content – Implementation may not be standardize LI correlation issues – Crypto keys May all be on the real cloud

Reference

Rogers WirelessMNO Cloud Use cases 13 Use Case 1 General MNO offers a cloud service, File Sharing Service, see “Dropbox” as a real world example – The service can be white labelled by the MNO, such that the user does not know its from a third party The third party can choose its own third party provider for the service hosting The MNO may be a converged operator providing may access domains (3gpp, Non 3gpp, wireline, cable, Broadband) There are various business models offering the service which provide different architectures and implementations

Regulatory Domain Each regulatory Domain may have some constraints on the service delivery The File Sharing cloud infrastructure may be required to operate in the same domain as the LEA pending the delivery or lack of delivery of LI information

Use Case 1 Description In this case, a Small medium business (SMB) has opted to use File sharing Service for all its users. An MNO was selected that provides Broadband and Wireless connectivity and provides an integrated service across both domains of it users to access files, Read write and delete privileges are controlled by an Admin determined by the SMB for each user. This may or not be controlled by the MNO, but by preconfigured access rules to the Service. (ie initial setup) The MNO may have an Admin facility to the Cloud Service for user support (ie user set up configuration, clean up, network size, debug and problem resolution)

Use Case 1 Description - cont - The service may use encryption from the application on the users device and provide end to end encryption from the application to the server. The files stored on the File Sharing Server may be encrypted (end to end security from user to user) The MNO may provide the encryption services The Cloud Service provider may provide the encryption service The user may provide its own encryption service

Use Case 1 Description - cont - In this use case a third party service is used and that party has hosted the service on another third party application server. The Third party Service resides in a country not in the regulatory domain of the MNO nor LEA The third party APP Server is also not in the same regulatory domain as the MNO The service is setup that allows a user while not on the MNO network, to access the File sharing via another access domain ( ie Internet Cafe)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.