Cloud Computing and Telecommunications: Business. Opportunities, Technologies and Experimental Setup. András Vajda, Stephan Baucke, Daniel Catrein, ...
Cloud Computing and Telecommunications: Business Opportunities, Technologies and Experimental Setup András Vajda, Stephan Baucke, Daniel Catrein, Calin Curescu, Joacim Halén, James Kempf, Yves Lemieux, Bob Melander, Arif Mohammed, Jan-Erik Mångs, Mats Naslund, Ahmed Shohel, Jukka Ylitalo, Sonny Thorelli Ericsson Research (Sweden, Finland, Germany, Canada, India, USA) {firstname.lastname}@ericsson.com Abstract— Cloud computing is one of the key business and technology trends impacting every aspect of the ICT industry. In this paper we analyze the impact and opportunities of the cloud computing paradigm for the telecom industry, both as users as well as providers of cloud-based solutions. Based on the identified opportunities, we describe the key technological and operational innovations that can help streamline operations and, at the same time, generate new business through differentiating solutions. We also show how these new technologies and operational models can be realized in practice. Keywords- cloud computing; telecommunications; business models; elastic networking; automation
I.
INTRODUCTION
Remote delivery of computing infrastructure (Infrastructure as a Service, IaaS), software platforms (Platform as a Service, PaaS) and/or software functionality (Software as a Service, SaaS) coupled with usage-based charging – is one of the key emerging ICT technologies with potentially disruptive impacts in terms of business models and innovative technologies. When discussing cloud computing, it’s important to distinguish between the two aspects of cloud computing. On one hand, it’s a set of technologies that enable remote delivery of computational services. On the other hand, cloud computing brings a new way of doing business, characterized by a shift from capital expenses to operational ones. Simply put, cloud computing turns traditional IT products into services provided on demand basis, usually remotely. In this paper we take a holistic approach, covering the technology, operational and business aspects of cloud computing, in the context of the telecommunication industry. For the telecommunication industry, both network equipment providers and service providers, cloud computing represents the underlying technology for both operational efficiency as well as for new business opportunities. Beyond the traditional benefits for improving internal efficiency, cloud computing technologies enable the shift from a product based to a service based model, away from traditional, box based approaches. The software as a service model can be applied to both traditional telecom infrastructure features as well as to managed service and hosting deals, resulting in a different cost structure, and significant benefits in terms of delivery times, flexibility and reduced operational costs. Telecommunication business can also leverage cloud computing technologies in order to enter new business areas, by
focusing on their core assets that can be used to create an improved cloud computing experience and deploy cloud technologies in a new context: network expertise, security infrastructure and handling of quality of service requirements. Research and practice of cloud computing so far focused primarily on the on-demand delivery of computational and storage resources, with impressive results in pushing down the cost of these through concentration, virtualization and economies of scale. However, several fundamental issues related to networking, security and fulfillment of service level agreements required by some applications are not yet fully addressed. As we show in this paper, optimization of the cost of networking and fulfillment of quality of service requirements require novel approaches, not yet fully understood, let alone implemented. In this context, extending the automation of operations to cover automatic enforcement of service level agreements becomes a key component of the cloud computing fabric. We also show how security, one of the prime concerns with respect to cloud computing, can benefit from established, proven concepts developed for telecommunication networks. II.
CLOUD COMPUTING IN TELECOMMUNICATIONS
A. Telecom Software as a Service Traditionally, the telecom industry was a strongly productcentered business: telecom infrastructure was delivered as a set of boxes, dedicated for one particular customer, with strong performance and in-service performance characteristics guaranteed by telecom vendors. Up until recently, telecom networks were fully operated by telecom providers; recently however the role of hosting and managed services by network equipment providers has increased dramatically, signaling a shift towards more decentralization and role specialization. There are however major differences between hosting/ managed service approaches and software as a service modes of operations, summarized in the table below. These differences relate primarily to business models and modes of operation, but have significant technology implications as well. For some telecom services, with fluctuating demand and varying take-up characteristics, the SaaS model clearly represent an approach that can help mitigate risk and keep costs under control due to lack of large scale initial investment and can, at the same time, facilitate a rapid build out and provisioning of the service to end users.
10SB0091 (C) 2012 IEICE
Table 1Traditional telecom models and SaaS Product Hosting SaaS Sales Billing
Upfront
Upfront + usage based
Usage based
Location
On premises
Dedicated Datacenter
Shared Data center
Management
Customer
Managed Service
Managed Service
Capacity
Customer responsibility
Managed capacity, customer preplanning
Elastic, no customer pre-planning necessary
Offering
Customized
Customized
Standardized, customized through configuration
Running telecom SaaS brings several technical challenges. One of the main characteristics of many telecom and real-time services is a strong requirement for fulfillment of certain endto-end performance characteristics. For SaaS deployments, such requirements need to be translated into service level agreements required from the cloud and guarantees for performance within the cloud. Thus, telecom SaaS requires an SLA definition and automatic enforcement mechanism that guarantees sustained and verifiable end-to-end performance. A second aspect of telecom SaaS relates to multi-tenancy. Traditionally telecom software is run on dedicated hardware, with no interference from other applications competing for the same resources. However, in a cloud computing context, this will not hold true anymore: there might be multiple telecom networks running on the same infrastructure. Strong isolation features need to be put in place to guarantee that there will not be performance or security interference between cloud tenants. In this paper, we use the concept of virtual private cloud for a secure virtual container consisting of virtualized compute, network and storage resources within which tenants of the cloud can operate in full isolation from the other tenants. B. Network Performance From the three basic types of resources required for a complete computing solution – CPU, storage and networking – cloud computing research and practice so far prioritized the first two, while networking was largely neglected. However, concentration of computing and storage will exacerbate the impact of network bandwidth, delay and latency, to a point where it becomes a dominant performance and cost factor, especially for bandwidth hungry or quality of service dependent applications. For a typical telecom application with a moderate per user bandwidth (basic speech), the cost of networking can be an order of magnitude higher than the cost of computation and storage; this result correlates with earlier, independently obtained data [2]. In general, a conjecture similar to Brewer’s CAP theorem [5] applies to traditional cloud computing as well: one can only optimize two out of the three main infrastructure cost factors of cloud computing, namely CPU, storage, networking. Picking any two of these will have adverse
impact on the third; we call this the CONST (COmputation, Network and STorage) conjecture. Furthermore, inter-data center networking also suffers from numerous limitations, not least in terms of limited capabilities for wide area L2 networking; inflexibility of data center networks has also been shown to contribute significantly to design and cost bottlenecks [1]. The telecommunication industry is in a sweet spot with respect to the challenges of cloud networking. On one hand, efficient management of network resources and network related quality of service is a key part of the requirements of telecom applications; on the other hand, the telecom industry has direct control, as well as deep rooted expertise in management of networks. The combination of these makes efficient cloud networking one of the key components where telecommunications can enhance cloud computing performance. C. Security and privacy In a survey by IDC [3], 87.5% of IDC’s Enterprise Panel for IT Cloud Services indicated that cloud security is their number one challenge. It is clear that these concerns must be taken seriously in order for clouds to provide an attractive, trustworthy environment. Fundamental issues to address are users’ fear of loosing control over their information, need to trust the cloud provider to protect against both “outsiders” as well as “insiders” (other tenants), and legal issues (e.g. data movement across geographical borders). Existing security technologies and standards can in principle address many of these issues, but there are fundamental differences to consider when applying these in a cloud. First, the usage of conventional security mechanisms will need to be pervasive in clouds. Next, openness and standardization of the security solution becomes even more important since cloud customers must be given the opportunity to evaluate whether a certain cloud can meet their required security policy. Clouds will make the network perimeter (to the extent it still exists) erode even further, putting even more emphasis on protection at data center and host level. Fine-grained authorization and metering/charging for virtual resource consumption is needed. Post security-breach audit and forensics become even more challenging in a virtualized, distributed environment. There are also emerging technologies that shows great promise to address more cloud-specific issues, e.g. virtualization with very strong isolation properties will be key in multitenant settings. Trusted computing and remote attestation may provide a more robust and verifiable cloud computing base. Finally, more than ever it will be necessary to treat security as process rather than a state: it needs to rapidly adapt to the changing cloud security landscape due to e.g. to attacks and/or diverse requirements by different cloud customers. The ondemand properties will certainly apply to security as well. III.
TELECOM CLOUD TECHNOLOGIES
In this section we introduce in more details the key technologies that can address the concerns listed in section II: virtual private clouds, management of distribution, efficient utilization of networking resources, handling of service level agreements and security enhancements.
A. Virtual Private Clouds The concept of Virtual Private Clouds (VPC) refers to the partitioning of cloud resources (also commonly called cloud slice) for the benefit of cloud tenants, in the form of Infrastructure as a Service (IaaS). Typically, there is one VPC per tenant due to the fact that the cloud trends call for full isolation between tenants. Other properties of the VPC are Bandwidth-onDemand (BoD) and Quality of Service (QoS). These three properties - Isolation, bandwidth on demand, and quality of experience - reflect the enforcement of the SLAs associated with cloud applications. The concept of VPC in the context of a multi-data center cloud is illustrated in Figure 1.
To open Internet
Management Tenant 1 VPC
Tenant 2 VPC
Multi-tenant Data Centers Management Tenant 1 VPC
Tenant 2 VPC
need to balance concentration (reducing the cost of computation and storage, but increasing the cost of networking) and distribution (with the reverse effect). The key principle underlying the concept of distributed cloud is that of data centric computing. It encompasses on one hand intelligent replication, distribution and caching of data that follows and adapts according to application constraints and network performance; on the other hand it also requires placement and seamless migration of computation to where the data is located or closer to where it is finally consumed. Automatic management of the placement of data and computation in order to optimize network performance and meet application requirements is the characteristic and purpose of a distributed cloud infrastructure. In the context of telecommunications, distribution may be pushed even further, out into some of the sites of a mobile network, for applications with very low latency or very high bandwidth requirements, coupled with specific locality characteristics (such as predominant access from a specific geographic region). Content delivery networks (CDN) are one example of such an application. Cloud Service Customer
D-COS Agent: Distributed Cloud Operating System Agent
Wide Area Network
VPC Management
D-COS
Figure 1 The concept of virtual private cloud The setup, supervision and deletion of VPC(s) are managed by a dedicated logical function that coordinates access to infrastructure resources that have been abstracted before a VPC required by a tenant is invoked. This coordination consists of multifold actions that are orchestrated at different levels such as authentication and authorization, policy enforcement, access privileges control to infrastructure resources, intra-data center connectivity and finally inter-data center connectivity. We envision elastic allocation of wide area networking as Layer 2 connectivity in order to enhance the appearance of one data center and full-featured cloud for the VPC tenant (for more details, see section D). In summary, this function acts as an orchestrator of infrastructure resources to offer IaaS services in order to support new cloud applications for tenants. B. Distributed Cloud One of the important consequences of the CONST conjecture is that the concentration of computation and storage can lead to sub-optimal cost and performance of the network infrastructure, crucial for applications with strict network performance requirements. In such cases concentration becomes unsustainable and the achieved economies of scale are quickly eroded by the increasing cost of the network infrastructure and poor performance. Consequently a more distributed and network-aware infrastructure is required. Intuitively the idea of a distributed cloud conflicts the existing view of unlimited, amorphous “cloud” structure prevailing today. In view of the CONST conjecture however there’s a
Agent Local WIND Agent Site
D-COS Agent
D-COS
Local Site
Agent
D-COS Agent
Local Site
Data Center
Figure 2 Architecture of a distributed cloud In a distributed cloud, an application’s resource requirements and constraints are mapped onto concrete realization over the available physical resources by the cloud operating system. These specifications are ideally technology agnostic as this will give more flexibility in the mapping process. Once the application is deployed, the cloud operating system will either automatically or in coordination with the application itself scale it according to its dynamic needs. The concept of distributed cloud and distributed cloud operating system is illustrated in Figure 2. Each site – whether a data center or a node distributed inside the network – will execute a local Distributed Cloud OS (D-COS) agent that will handle the distribution aspects in a decentralized manner. C. SLA Management A characteristic of telecom services is strong requirements for several end-to-end performance and non-functional aspects such as latency, throughput, localization, security, availability.
Providing this in a cloud environment is more challenging, as service components may be allocated in different datacenters, over different network links and dynamically sharing the infrastructure with other applications. Moreover, the more interesting application services are created using compositions or mesh-ups, where the end offering is based on several service components offered by different providers. An important question is who should be responsible for the specification and enforcement of the SLAs. Each service could directly manage its SLA offer and create its own infrastructure requirements. There are however several disadvantages: •
the SLA resolution and resource management become the burden of the service creator, embedded in specific calls in the service implementation
•
driven by competing applications, resource allocation on the hosting infrastructure becomes non-optimal
•
non-standardized or evolving IaaS interfaces create maintenance issues and vendor lock-in concerns
To address the issues above we envision and propose a system where SLA specification is totally decoupled from the functional implementation of the services and where the cloud platform automatically takes care of the SLA resolution process down to the infrastructure allocations. At deployment time, the service provider only needs to provide a service description containing the functional offering, SLA constraints and other service dependencies. The cloud platform SLA resolution manager will iteratively identify the needed service components that satisfy dependency and SLA constraints, and builds a hierarchical dependency tree down to the required infrastructure resources. If several solutions are available, the best according to a certain criteria (e.g. price) is chosen. What is important during the resolution process is that the different SLA parameters are divided into clear aggregation classes that identify how SLA parameters on one level of the tree fulfill the global requirements specified by the parent node. We have identified exact matching (e.g. location, protocols), additive (delay, memory, processing, price), multiplicative (availability, reliability) and max-min (throughput) aggregations. Note that higher-level SLA parameters can be “transformed” to lower-level, i.e. the SLA parameters required from a component service can be totally different than the ones required from its dependencies. The resolution process results in bundles of infrastructure requests with different low-level requirements. The deployment algorithm will map the requests onto the available physical topology, with the goal of optimizing infrastructure utilization. D. Elastic Networking Connectivity is a deciding factor for the quality of experience seen by customers of traditional cloud services. Virtual private clouds are a model to provide a set of connected resources to the customer as a bundle, typically including a secure connection to the customer's on-premise infrastructure.
Telecommunication providers are in a unique position to leverage their network infrastructure and management expertise to bundle cloud services for enterprises with robust and better than best effort connectivity, as well as strong service level agreements. However, this potential remains largely unutilized today. While techniques like virtual switching are often used by cloud OSs to gain a certain amount of control over the local connectivity within data centers, there is no integration of the wide-area network infrastructure with the cloud management. Cloud resources and wide-area connectivity (e.g. via VPN services) are typically provisioned separately even in case of telecommunications providers, often by entirely different units within the company. And, while compute and storage resources in the cloud are highly elastic and can be dynamically scaled on demand, VPNs have largely static properties, and ordering and provisioning them often takes days or weeks. To alleviate these issues, we propose the concept of elastic networking. The goal is to achieve a closer integration of network resources - both local and wide-area - with cloud management. The network is considered an integral part of the cloud service next to compute and storage, and should ideally be just as elastic and dynamic. Modern MPLS-based provider networks are a primary target to support such an approach. They increasingly support dynamic and automated provisioning, can be virtualized, and can provide transport paths for both IP and (via pseudo-wires) L2 services. However, other technologies, such as optical networks or even simple IP overlays, are potential targets as well. Since there is a multitude of network technologies, control plane architectures and management systems used by providers, we propose to use an abstraction layer with a plug-in architecture that provides a unified service interface to the cloud administrator. The service interface offers methods for the establishment of wide-area connections with QoS attributes, and allows attaching these connections to the data center network. Plug-ins specific to the underlying wide-area network implement the methods on the infrastructure layer. The attachment of the wide-area connection to the data center network is handled by a gateway. In multi-tenant clouds, virtual networks are often used to provide tenant isolation. In this case it must be possible to associate a wide-area connection with a specific virtual network, essentially making it an extension of this virtual network. The gateway is configured and managed by the cloud OS or, in case of VPC, a VPC management function. The gateway can be implemented as a virtual appliance running in the data center. Such a system allows telecommunication providers to offer enterprises cloud and VPC services bundled with elastic connectivity with robust service assurances, rather than just best effort. Optionally, the provider can enable a self-service interface to allow the customer to dynamically increase or decrease the capacity of the connection linking on-premise resources with remote cloud resources on demand, rather than using static provisioning with the expected peak capacity. This may be coupled with a usage based billing model, and can potentially increase the average network utilization and allow for increased oversubscription of the infrastructure.
Furthermore, the automation and integration into the cloud OS allows the operator to easily create temporary on-demand connectivity between data centers, for example for the migration of virtual machines. Finally, an increased amount of control over the wide-area connectivity is beneficial to the concept of distributed clouds. E. Telecom Grade Security Current telecom networks (e.g. 3G or LTE [6, 7] mobile broadband) have already built in security features that can be re-used and contribute to a trusted cloud. Such networks were designed from the outset to provide strong mutual authentication between user and network as well as protection of the users’ privacy (encryption and identity management). Signaling is authenticated to provide robust usage utilization. A fundamental enabler for all of this is the USIM (Universal Subscriber Identity Module, see [6]) user credential. Some ways to leverage this in telecom clouds include: •
Optimized security. USIM authentication can be reused to set up security between user and cloud. This can reduce need for other, more heavy-weight solutions such as Public Key Infrastructures.
•
The above applies not only to an operator’s own cloud, but can also be used as an enabler towards 3rd party clouds via federated identity solutions, i.e. “security as a service” solutions offered by the operator.
•
The strength and portability of USIM authentication across different access types (3G, LTE, WLAN, etc) makes it an excellent basis for authorization to join into a VPC and/or to provide other “personalized” security services for cloud access, e.g. removing unwanted traffic, regardless of access type used.
•
The telecom security infrastructure has proven to scale well and seems further expandable also to include connected machines and sensors.
•
Location provided by mobile networks is highly reliable and can thus be used to optimize cloud resource allocation, bringing resources closer to user
There is thus today an inherent trust in telecom networks that can be leveraged. However, it is also clear that the evolving threat landscape needs to be handled to ensure that trust carries over to clouds.
needs to be considered right from the beginning when developing cloud services. Usage based pricing for cloud services demands streamlined operational setups where automation is used as much as possible. However, this automation needs to be well integrated into the operational processes described above. Even though it would be appealing to automate everything, this is unrealistic and from a commercial perspective not viable. Automation should rather focus on critical issues that impose particular problems in real operational scenarios. We identified particularly two of these issues: •
On-boarding of new customers; typically a very expensive task. VPCs are a perfect technology basis to deploy telecom software and nodes for multiple operators in an isolated way in the same virtual infrastructure. As no physical hardware is involved, the deployment can be automated. However, we need to consider that deployed functionality needs to be integration into customer networks. This does typically involve customer interaction and manual re-configuration, e.g., of “classical” hardware nodes. Thus, the automation needs to be tightly aligned with the operational processes.
•
Upgrading running software components: efficient operation requires uniform version management in order to scale. Otherwise, the Network Operations Centers (NOCs) needs to be aware of all aspects of the different running software versions. Only automated deployment makes small deployments commercially viable, without violating the cloud paradigm of usage based pricing.
Deploys
Cloud Tenant Administrator
IV.
TELECOM SOFTWARE AS A SERVICE OPERATIONS
Distributed Applications Service API
Service & SLA Resolution Authentication
So far, we focused in this paper on technologies to offer telecom grade clouds. However, telecom grade clouds and cloud services do also impose considerable challenges from an operations perspective. In the end, services need to be provided to millions of users simultaneously with telecom grade reliability and availability. Experiences from today’s telecom system show that operation requires still much human support; typically, up to thousands of people are necessary to run a telecom network. Across the industry, operations are organized according to well defined and structured processes following standards like the IT Infrastructure Library (ITIL) [9]. The framework set by these standards and experiences from operations
FUNCTIONAL DECOMPOSITION
V.
There are two layers of orchestration and management needed in order to support the technologies we propose. The inter-cloud orchestration layer provides the functions needed to provision and supervise applications across multiple virtual private clouds harbored inside private or public clouds.
Generic Cloud Application API
GBA-based authentication
Infrastructure Provisioning & Orchestration Cloud Infrastructure API
VPC Cloud Provider A
SW Provisioning & Management
Software Provisioning API
VPC
VPC
Cloud Provider B
Cloud Provider C
Figure 3 Inter-cloud orchestration layer These functions, illustrated in Figure 3, are:
•
The Service and SLA Resolution function deals with mapping of abstract service descriptions to concrete, platform dependent actions, scripts and components
•
Infrastructure Provisioning and Orchestration has the main role of orchestrating multi-cloud deployments
•
Software Provisioning and Management is the function responsible for managing and configuring application software on virtual machines. Cloud Infrastructure API
Configuration Management DB (CM DB)
Cloud Owner
VPC Configuration
Policy/ SLA Control & Orchestration NW Compute
Distributed resources
Connectivity Control Infrastructure Management
DC Cloud OS: Provisioning
Virtualization layer
Virtualization layer
Data Center
Data Center
Inter-DC NW Mngmnt
WAN
Distribute Compute Mngmnt
Distributed Resources
Figure 4 Distributed cloud management The distributed cloud management layer contains the functions that deal with multi-data center and network as well as SLA aware cloud infrastructures with a cloud provider’s cloud, as illustrated in Figure 4. The key functions are
[1]
Connectivity control, responsible for orchestration of both data center local as well as wide area on-demand network connectivity
[2]
Data center cloud OS, responsible for the management of resources within a single data center
[3]
In order to demonstrate the technologies and processes described in this paper, we are developing a concrete evaluation platform and software stack, based on open-source, commercial and in-house developed components. On the infrastructure side, we use a tested distributed across the globe, with multiple data centers in North America, Europe and India as well as a simulated mobile core, connected to the infrastructure in order to demonstrate the distributed cloud functionality. On the software side, we base our prototype software on the OpenStack open-source cloud operating system [4]. We have chosen OpenStack because of its modular architecture that enables us to extend it with multiple functions, such as:
•
Support for VPC management, leveraging on both the data center OS and wide-area networking components
•
Support for USIM-card based authentication. Current prototype supports OpenID with OpenStack’s authentication software based on 3GPP Generic Bootstrapping Architecture (GBA) [8].
In this paper we introduced, based on the impact and opportunity analysis of the cloud computing for the telecommunication industry, several technological and operational features that can significantly enhance the usability of cloud computing technologies in telecommunications as well as enhance the quality of experience and efficiency for traditional cloud offerings. We demonstrate these technologies and processes - operation of telecom software as a service – in a geographically distributed experimental infrastructure, built over state of the art open source, commercial and own developed hardware and software infrastructure.
Policy & SLA Control and Orchestration, that verifies and resolves VPC and application constraints and decides, as well as orchestrates, the allocation of IaaS resources for applications deployed within a VPC
EXPERIMENTAL SETUP
Support for wide-area networking, where we also take advantage of programmable routers and existing best in class commercial software
VII. CONCLUSIONS
•
VI.
•
To demonstrate the architecture in practice, we use two types of applications. In order to verify our operational model, we chose a subset of an existing mobile network offered as a service; for demonstration of the distribution, SLA management and elastic networking, we use a self-adaptive, distributed video delivery application that can be seamlessly scaled across multiple data centers and out into the mobile network.
VPC Configuration, dealing with configuration of key parameters for virtual private clouds, such as compute, storage and network resource limits, access rights etc
•
Support for distribution, implemented as an overlay and extension of OpenStack’s functionality
SLA management is implemented as a separate component.
•
•
•
REFERENCES
[4] [5]
[6] [7]
[8] [9]
A. Greenberg, J. Hamiltion, D.A. Maltz, P. Patel, “The Cost of a Cloud: Research Problems in Data Center Networks”. Submitted to the Computer Communication Review, 2009, available at http://ccr.sigcomm.org/online/?q=node/436 R. Sion, “To Cloud or Not To”. Invited talk at Workshop on Cryptography and Security in Clouds, 2011, available at. http://www.zurich.ibm.com/~cca/csc2011/talks/sion-invited-csc2011.pdf IDC, “Cloud Computing 2010 – an IDC Update”. Available on-line at http://www.slideshare.net/JorFigOr/cloud-computing-2010-an-idcupdate, 2009. OpenStack Cloud Software. See homepage at http://www.openstack.org/ N.Lynch, S.Gilbert, “Brewer’s Conjecture and the Feasibility of Consistent, Available, Partition-tolerant Web Services”, ACM SIGACT News, Vol. 33, p. 51-59, 2002. K. Boman, G. Horn, P. Howard, V. Niemi, “UMTS security”, Electronics Communications Engineering Journal (2002), Vol. 14, No 5. R. Blom, K. Norr man, M. Näslund, S. Rommer, B. Sahlin, “Security in the Evolved Packet System”, Ericsson Review no 2, 2010,
http://www.ericsson.com/res/thecompany/docs/publications/ericsson_re view/2010/security_eps.pdf 3GPP Technical Specification 33.220, “Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA)” CCTA, IT Infrastructure Libaray, http://www.itil.org