Spirent Recommendations for Success User Guide
- September 18, 2024
- Spirent
Table of Contents
Recommendations for Success
“`html
Specifications:
-
Product: Spirent White Paper
-
Testing Strategies for U.S. Government Private Network
Modernization -
Usage: Infrastructure validation, security testing, Wi-Fi
security assessment
Product Information:
The Spirent White Paper provides recommendations and testing
strategies for U.S. Government private network modernization. It
includes methodologies for live network active field tests,
infrastructure validation, security management, and Wi-Fi security
assessment.
Product Usage Instructions:
Infrastructure Validation:
Spirent software and hardware are utilized for validating the
performance and scalability of network infrastructure. The Spirent
TestCenter platforms facilitate end-to-end testing under real-world
stress conditions for mission-critical applications.
Security Testing:
– Ensure dedicated network resources for specific functions and
locations
– Follow cybersecurity best practices and specific security
recommendations for private 5G networks
– Engage in rigorous testing in both development and live
environments
– Include repeatable validation of network performance
Wi-Fi Security Assessment:
Perform a comprehensive Wi-Fi security assessment starting with
a site survey to map the network and identify rogue access points.
Tests include coverage through various phases to ensure network
security.
FAQ:
Q: What are the key considerations for testing private 5G
networks?
A: Key considerations for testing private 5G networks include
infrastructure validation, security management, and Wi-Fi security
assessments tailored to the network environment and supported
applications.
“`
SPIRENT WHITE PAPER
Recommendations for Success
Testing Strategies for U.S. Government Private Network Modernization
SPIRENT WHITE PAPER
Introduction Successful planning, launch and operation of networks under a
broad range of U.S. Government (USG) enterprise network modernization programs
require a partner with a proven track record, cutting-edge technology and
expertise in all phases of wireless network launch. In this white paper, we
make key recommendations to foster comprehensive achievement of U.S.
Government performance and coverage goals in a reliable and secure network,
drawn from extensive background in the delivery of critical test and
validation solutions. The topics of this white paper include:
· Overview and Summary of Recommendations · Network Acceptance: Validating
Network and Device Performance for Key Services · Infrastructure Validation:
Ensuring the Infrastructure Performs and Scales · Security: Managing the
Complex Threat Surfaces of U.S. Government Networks · Assurance: Actively
Managing Performance During Network Operations · Spirent Technology and
Platforms Supporting U.S. Government Networks Validation
and Assurance · Conclusions and Takeaways · How Spirent Managed Solutions Can
Help
Overview and Summary of Recommendations A comprehensive testing and assurance
strategy is vital to the successful launch and operation of any mission-
critical private network. That strategy should be incorporated into project
planning ahead of network technology selection. A full lifecycle mindset leads
to achievement of performance, reliability and security goals, and effective
management of project timelines. Spirent’s testing approach is informed by
decades of assuring wireless networks, from 2G thru 5G. Our latest 5G-driven
innovations in tools and methodologies apply for any RAN technology direction
chosen by the USG for the test enterprise network modernization. To ensure
quality of service (QoS) in individual private networks, the Government must
incorporate comprehensive validation solutions that enable effective launch
and operation of the network, devices and services. To achieve this, Spirent
recommends adopting launch and testing strategy factors in the following
critical components:
· Network Acceptance Testing Ensure the network delivers on the
requirements. Assess service quality and end user experience for video, voice,
data, and other projected use cases. Identify performance issues and
optimization opportunities.
· Infrastructure Validation Testing Assess infrastructure performance in the
lab ahead of vendor selection, design, and implementation.
· Security Testing Assess network and device security before launch and as
part of a continuous security framework to identify and mitigate
vulnerabilities.
· Lifecycle Management and Assurance Proactively assure service performance
and ongoing change management and fault isolation through automated active
assurance solutions.
1
SPIRENT WHITE PAPER
Network Acceptance Validating Network and Device Performance for Key
Services
To ensure success in individual network initiatives, the Government needs to
answer critical questions: Does the network have the capacity for the
performance and QoS that you require? Is coverage of the private network sites
comprehensive, both outdoors and indoors? Where must optimization take place
to meet your requirements? For video use cases, does the network enable
delivery of reliable video feeds without freezing, buffering, or poor-quality
frames? For voice use cases, can you reliably place and hold calls and hear
both parties clearly? A focus on performance will ensure that traffic flows
reliably and that the network can support target services, regardless of RAN
technology. Assessment Areas. A comprehensive approach to testing the private
network should include the following:
· Coverage and Spectrum Outdoor/indoor heatmaps and band utilization: Ensure
coverage and signal-to-noise performance across the entire private network
site and within surrounding buildings. Pre-launch analysis of actual band
usage and received signal confirms design goals are met, identify areas that
need improvement, and offer optimization opportunities. State-of-the art tools
are required to collect, analyze, and produce heatmap views of the sites and
environs.
· Capacity Loading limits and impact on performance: Assess both the radio
and backhaul capacity supported by the network with next-gen traffic
generation solutions. Test with both multi-user point and spread single-user
solutions. Multi-user tests will exercise the network’s ability to carry end-
to-end volume. Construct the tests to mimic expected video traffic as well as
future voice and data services. Capacity testing will characterize how
performance degrades with volume and pinpoint where optimization or investment
is required.
· Devices Assess with relevant devices, phones, tablets, and IoT: Test with
the devices expected to be on the network. If that is not possible, use
solutions that allow you to emulate the traffic footprint of the required
device set.
· Performance and QoE Data, video, voice handovers latency: Assess video,
voice, and data performance and quality from the perspective of the end user.
Good RF does not always mean good quality of experience (QoE). This means
using quantified scientific measures that help you identify relative weak
performance and measure the efficacy of network optimizations. Use QoE best-
in-class tools like Umetrix Video, Voice, and Data.
· Applications Emulate data footprint of critical apps: As with devices,
test with the actual applications/services you intend to carry on the network
or use tools that emulate the data footprint of those services.
· App Endpoints Cloud, on-prem edge, public edge: Placement of application
services has a critical impact on performance, especially for latency-
sensitive use cases. Use a test solution that allows testing to all possible
service endpoints from cloud to edge.
2
SPIRENT WHITE PAPER
Methodology. Spirent’s approach: Live network active field tests from actual
UEs to Spirent data servers placed at the edge and in the cloud.
· Measure: Use state-of-the-art tools to actively drive user traffic over the
network in stationary and both drive and walk mobility scenarios.
· Analyze and Report: Generate statistical and geographical views of all
performance indicators. Correlate video, voice, and data KPIs to underlying RF
performance. Identify areas for service and network optimization.
· Optimize: Modify designs to address opportunities uncovered in acceptance
testing. Confirm efficacy of changes.
MEASURE
ANALYZE
REPORT
OPTIMIZE
· Stationary, walk, drive
· Active test data, voice, video, location
· Coverage · Capacity · Bandwidth · Latency · Voice · Video · Location · Security
· KPI Statistics
· Good/fair/poor scoring
· Optimization recommendations
· Design modifications
· Ongoing performance monitoring
Figure 1. Typical Private Network site acceptance field testing
UEs with App Emulation
e/gNodeB
NiB
On-Premises Outpost / Private
Public MEC or Local / Availability Zones
Cloud
Figure 2. Sample Private Network
3
SPIRENT WHITE PAPER
Infrastructure Validation: Ensure your Infrastructure Performs and Scales
Spirent software and hardware has been used by U.S. Government customers for
more than two decades to validate the performance and scalability of their
network infrastructure. The Spirent TestCenter platforms enable end-to-end
testing of network infrastructure to ensure it performs under real-world
stress conditions for missioncritical applications.
Spirent TestCenter covers the entire gamut of testing, from core network
infrastructure, to remote sites, to validate their performance across
throughput, latency, packet drops, and many other metrics. Additionally, the
tools enable quick pinpointing of potential problems during testing before
they have operational impact. As new network elements are designed into
existing networks, testing with Spirent TestCenter ensures that the evolving
network performance continues to meet the USG’s interconnectivity and
interoperability needs.
Security: Managing the Complex Threat Surfaces of U.S. Government Private Networks
USG private networks should provide dedicated network resources for specific functions and locations, offering benefits like enhanced control over data, improved security, and lower latency. However, this type of network, including private 5G networks, also presents unique security challenges. The vulnerabilities and threats must be understood and mitigated if a private 5G network’s true potential is to be realized.
Testing strategies should be tailored to the specifics of the private 5G network environment and the applications it supports. This involves following best practices of cybersecurity and the specific security recommendations for private 5G networks.
In the process, security will be an unyielding expectation for all stakeholders in Government private network ecosystems. To assure a private 5G network’s trustworthiness, service providers must engage in rigorous and comprehensive testing in both the development and live environments is crucial. Testing considerations must include:
· Network security assessment – Available devices, servers, workstations, services, ports
· Privilege escalation – Unauthorized access to services, sensitive information, databases
· Network segmentation and slicing – Security of 5G-LANs, network slices, access rules, virtual firewall rules analysis
· Isolation review – In the case of shared RAN, how the private segment is separated from the SP network and subscribers
· 5G hardware – Router security analysis, configuration, security rules, administrative interfaces, etc.
· Applications security assessment – Management and Orchestration Applications
· Security of IoT devices in the network
· Network Security and Application Performance Validation – Highly scalable,
repeatable validation of network performance
4
SPIRENT WHITE PAPER
Wi-Fi Security Assessment Wi-Fi security assessment ensuring thorough coverage
through various phases starting with a site survey to map the Wi-Fi network
and identify rogue access points. Although not exhaustive, below is a list of
tests performed during the wireless security testing:
· Site survey and enumerate wireless networks · 802.11 network reconnaissance
· Enumeration of authentication protocols · Testing access control · Testing
segregation between guest and corporate network · Identify weakly encrypted
networks · Capture and analyze wireless network traffic to gain information
about internal
systems and wireless network peers · Access point configuration review,
including:
Network design and architecture Policies RADIUS server configuration
review (if any) Rules review for access control, filtering,
authentication/authorization, logging
and segmentation
5
SPIRENT WHITE PAPER
Private Network and Private 5G Network Security Testing. Spirent recognizes
that private 5G network solutions are architected in multiple ways, where
individual implementations vary in a variety of bespoke environments which
require a proven approach. With many years of experience, Spirent SecurityLabs
is an established leader delivering testing solutions which includes an
extensive focus on 5G and 5G MEC (multi-access edge computing) security. With
this well-established and comprehensive background, SecurityLabs created an
essential testing strategy to assess the security posture of the private 5G
network solution before deployment, to identify and prioritize mitigation of
vulnerabilities. SecurityLabs has established the following approach to
proactive identification of private 5G network vulnerabilities and to assist
with mitigating risk.
The testing strategy includes, but is not limited to, the criteria found
below:
· Platform security and integrity This covers operations, administration,
and management (OA&M) security, interface security, user authentication
multifactor authentication or PKI-based certificate authentication,
encryption, key and certificate management systems, and strong cryptographic
algorithms.
· Virtualization and Containerization This includes weak secrets management,
insufficient pod/container isolation, inadequate patch management, no resource
limits, misconfigured network policies, lack of restrictions on container
images to private registry, lack of mTLS and unrestricted pod-to-pod
communication.
· Applications and APIs Testing assesses authentication, authorization,
input validation (SQL, XSS, etc.), error handling, security misconfiguration,
sensitive data exposure, business logic testing, API path discovery,
unauthenticated API, broken access control, insecure deserialization,
insufficient session expiration, lack of resources and rate limiting,
sensitive information disclosure in JWT token, and application path
disclosure.
· Network Security This testing assesses insecure PKI setup, misconfigured
firewall rules, insecure network segmentation, inadequate, misconfigured or
missing network access control (NAC), unpatched network devices, data
exfiltration and egress protection bypass, privilege escalation, unsecured
network services, unsecured protocols, security misconfigurations,
insufficient authentication, default credentials, insufficient privileged
account management, insufficient network isolation and segmentation.
· Hardware Security Testing covers unencrypted communications, hardcoded
keys, device firmware analysis, binary code analysis, insecure boot process,
JTAG/UART review, fuzzing, underlying software and application evaluation, and
unencrypted communication.
Fig. A: Deployment as isolated network
Fig. B: Deployment with shared RAN
Fig. C: Deployment with shared RAN and control plane
Fig. D: NPN deployed in public network
Public network
Public network services
Public network
Public network services
Public network
Public network services
Public network
Public network services
Local path
Optional connection
Local path
Local path
Non-public network services
Non-public network services
Non-public network services
Figure 3. Private 5G Network connectivity architecture
Non-public network services
6
SPIRENT WHITE PAPER
Vulnerability Management. Vulnerability management is a critical component of
any cybersecurity program, especially within a 5G environment where potential
vulnerabilities could have wide-ranging impacts. A high-level list of
SecurityLabs’ testing solution components for a 5G vulnerability management
program include:
· Vulnerability Scanning Objectives are to ensure these scans cover all
devices, network, applications, and systems in the 5G environment; categorize
asset and identified impactful weaknesses; utilize continual validation
against remediation efforts of vendor.
· Patch Management Testing Testing ensures the patching process occurs in a
timely manner or follows the appropriate policy and/or schedule and that
additional vulnerabilities are not introduced. Also, check that patches are
properly applied and fully address the identified vulnerabilities and that
patches are signed by the developer.
· Configuration Management Testing This covers tests that ensure all devices
and systems are securely configured and accurately identify and mitigate
insecure configurations.
· Risk Assessment Testing The risk assessment process properly verifies and
prioritizes vulnerabilities based on factors such as potential impact,
exploitability, and business importance.
· Penetration Testing Regularly conducted to simulate an attack on the 5G
network and assess effectiveness of vulnerability mitigation measures by
attempting to exploit identified vulnerabilities.
· Incident Response Integration Testing This involves testing the
integration of the vulnerability management process with the incident response
plan to verify that the detection of a serious vulnerability triggers the
necessary incident response procedures.
· Remediation Verification Tests are re-run to confirm that the
vulnerability is indeed fixed and validate that no regressions occurred.
· Threat Intelligence Integration Testing The effectiveness of threat
intelligence feeds for the VM program are assessed to verify that emerging
threats and vulnerabilities are identified and mitigated.
· Security Awareness and Training Testing Ensure staff are trained to
recognize and handle vulnerabilities effectively and evaluate the efficacy of
training through periodic testing or quizzes.
7
SPIRENT WHITE PAPER
N3IWF Security. N3IWF is a Non-3GPP Interworking Function. This element of the
5G SBA (Service-Based Architecture) is responsible for interworking between
untrusted non3GPP networks and the 5G Core. The secure establishment of IPSec
Tunnel between UE and N3IWF must be ensured which involves testing all the
required protocols (EAP, IKEv2, and IPSec).
Additional security testing includes: confidentiality and integrity protection
of NAS signaling messages (UE & AMF) That pass through N3IWF; User plane data
protection between UE and UPF; Proper handling of N2 signaling from SMF by the
N3IWF; Encapsulation and decapsulation of packets for IPSec and N3 Tunneling;
Secure authentication of the UE by this NF using the EAP method;
Authorization; Proper handling of DoS and DDoS; Handling of malicious,
malformed packets or unexpected protocol messages testing; Secure storage and
handling of encryption keys and other sensitive information.
N1 (for 3GPP
access) NAS
N2
NGAP/SCTP
N1 (for non3GPP access)
NAS
IPSec tunnel IPSec tunnel
for CP
for UP
Y1
Y2
UE NWu
GRE/ESP/IKEv2/EAP
N11
AMF
SMF
N2 NGAP/SCTP
N4 PFCP
N3 GTP-U
GTP-U tunnel for UP
N6
N31WF
UPF
DN
N3
GTP-U
N9
Protocols used in communication
Figure 4. Architecture for 5GC network with untrusted non-3GPP access network.
Accounting for New Cybersecurity Frameworks. Any new private network must
include the following security technologies to ensure their architecture is up
to date with the current industry security best practices.
· Secure Access Service Edge (SASE). A cloud-centric distributed security
architecture securing users and applications as opposed to subnetworks and IP
resources.
· Zero Trust and Zero Trust Network Access (ZTNA). Eliminating the notion of
trust, necessitating that access must be granted for each application
transaction.
· Transport Layer Security (TLS). Use of encryption targeted at preventing
malicious unauthorized altering of transmitted data between endpoints and
eavesdropping.
· Mutual authentication. Where the sender and recipient must verify the other party is genuine and trusted.
8
SPIRENT WHITE PAPER
Network Security and Application Performance Validation. Highly scalable, repeatable validation of network performance, QoE, and security effectiveness are required for success with on-prem, public cloud, hybrid cloud and cloud- native network infrastructure. To achieve this, an advanced and proven testing platform must be incorporated in the validation strategy.
CyberFlood
Spirent CyberFlood is a a state-of-the-art, powerful, and easy-to-use, easy- to-use test solution that generates realistic application traffic and malicious threat vectors to test the performance, quality of experience (QoE), and security effectiveness of app-aware networking devices and end-to-end deployments.
CyberFlood assessments are user configurable and are based on latest protocols, applications, malwares, and attacks that are updated continuously through Spirent TestCloud repository (containing over 3,500 applications, over 6,000 attacks and over 100,000 malwares).
CyberFlood solution architecture consists of the CyberFlood Controller (responsible for assessment configuration, execution, and reporting) and CyberFlood Test Agents (responsible for emulation of inter-agent exchanges of malicious/non-malicious traffic). This allows mixing attacks and applications to verify and analyze network security effectiveness under load as well the impact of security policies on QoE. Realistic hacker behavior can be emulated with evasion techniques or encrypting attacks to push security solutions to their limits. For malware testing, CyberFlood provides infected host emulation, as well as malware binary transfer-based security testing. Also, unique applications and vulnerabilities can quickly be imported to create custom test scenarios. CyberFlood sensitive information emulation provides pre-existing templates or users can import custom file sets to quickly assess Data Loss Prevention (DLP) policies. Support for security industry frameworks such as NetSecOPEN and MITRE ATT&CK® are built into CyberFlood solution as well.
SD-WSUANDNI -EWDAGNE SD-EWDAGSDNE-WUANNI
Test Agent
IPP DNS DNP URL MDR
Internet
Subscriber
SERVICE EDGE
SUDN-IWEASNDD-GEWAN
Private Cloud and Branches
· Test agents can be deployed in a distributed, hybrid environment
· Scalable emulation of real application workloads and threat vectors that
recreate network traffic patterns
· Test cases, methodologies that can be used throughout the network lifecycle
design, deployment, and on-going assurance
Figure 5. CyberFlood Solution Overview.
9
SPIRENT WHITE PAPER
Key Highlights. CyberFlood’s key solutions capabilities include: · Multi-
domain Scale. CyberFlood quickly and accurately assesses and validates the
performance, scalability, and security efficacy of systems such as next-
generation firewalls and DPI solutions, across on-prem, cloud, and cloud-
native deployments, including IDS/IPS, SD-WAN, SASE, and others. · Intuitive
Functionality. CyberFlood is specifically designed for ease of use. It can be
deployed quickly, and its web-based UI makes it easy to design tests no matter
what user experience level, and so you can test now, not months from now.
Combined with the CyberFlood RESTful API interface users can easily integrate
their test cases into their CI/CD/CT pipeline for continuous and ongoing
testing and compliance validations. · Comprehensive Realism. Test scale and
efficacy of application and security policies are provided with hyper-
realistic, repeatable application mixes, and threat emulations. The variety of
applications available in the TestCloud library enables users to customize the
application parameters and traffic mixes that are representative of their
network traffic profiles. · Detailed Reporting: CyberFlood solution provides
live reporting while assessments are in progress and final reporting at the
end of assessment which can be annotated and archived as needed. The reports
are contextual in relation to the type of assessment underway, for example,
the Threat Assessment reports include details of attack vectors, including
vulnerability information, call flows, and packet captures.
10
SPIRENT WHITE PAPER
Assurance: Actively Managing Performance During Network Operations
Lifecycle Management and Assurance Continuous Monitoring. The USG’s
requirements should guarantee business outcomes through reduced downtime,
increased operational efficiency, increased survivability, and optimized
security. The solution must support proactive and automated activation of
change management to accelerate deployment using a combination of over-the-air
(OTA) and virtual test agents (VTA), including load testing. Service-level
agreement (SLA) validation must support compliance. End-to-end assurance must
provide rapid fault isolation/resolution between Radio, Mobile core and
application servers, to rapidly identify if it was private 5G gear or an
enterprise issue. Self-test functions for enterprise customers should be
available.
Spirent’s approach is to empower operation and management (O&M), by validating
private 5G network performance prior to and following activation. Utilize
state-of-theart test tools powered by next-generation lab and test
automation solutions for active service performance by testing and
validating that all the infrastructure and functions of largely software-based
architecture can work together as intended with compliance to 3GPP standards.
Support SLAs and ongoing change management by emulating L2-7 traffic from
demarcation points inside and outside the network. Actively inject traffic
24/7 or on demand.
The solution should provide end-to-end visibility with proactive analytics and
automated troubleshooting from lab to live, and deliver these benefits:
· Accelerated Time-to-Mission Launch. Achieve up to 10x faster turn-up of new
network functions and services.
· Optimized User Experience. Proactively discover and resolve issues before
users are impacted.
· Reduced Costs. Avoid hours of manual troubleshooting and SLA violation
penalties.
Active Virtual Test Agent
Public Network Core
Apps
Customer Premises
Devices
RAN
EDGE Core
Apps
Figure 6. Use Case: Active Assurance and SLA management
11
SPIRENT WHITE PAPER
Lifecycle Management and Assurance Continuous Testing. The USG’s private
network validation requirements should guarantee reductions in total cost of
ownership (TCO), while delivering agile high-performance private (5G)
networks. Any service provider offering private 5G network services must meet
the needs of a wide range of emerging enterprise, public, and IoT use cases.
The private 5G network (PN) must provide clients with dedicated 5G
connectivity, edge computing and a portfolio of vertical-specific value-added
services. These PNs are complex due to multiple components and a fast release
lifecycle of software. Traditional ways of testing connectivity are not
suitable to manage this framework of services.
Spirent recommends utilizing continuous integration, deployment, and testing
(CI/CD/CT) processes with a state-of-the-art test platform powered by a
nextgeneration lab and test automation solutions to support O&M, and
proactively assure service performance. Leveraging low-touch automated
lifecycle management, continuously test and validate that all the
infrastructure and functions of largely software-based architecture so that
they can work as intended with compliance to 3GPP standards and also support
SLAs and ongoing change management.
The solution should provide a low-touch automated CI/CD/CT solution that
improves the time (often 3x) it takes to test and validate functionality,
performance, and security throughout the lifecycle of a private 5G network
stack.
Cloud
Cloud Region
Landslide Core Validation Mobile Core OSS/BSS
Value-Added Service Independent SW Vendors
Customer Premises
Premises
Customer Devices
RAN
Internet
Local Network
Platform
5G Automation Platform
Robot
python
Framework
Orchestrator
Cloud Edge
Landslide Core Validation
Control plane
Value-Added Service
LOCAL
BREAK
S1
Data plane
OUT
Independent SW Vendors
Figure 7. Use Case: Telefónica’s lifecycle management test framework. (Read
the Telefónica white paper.)
Note: The Continuous Monitoring and Continuous Testing components can be
implemented separately, or in concert with each other.
12
SPIRENT WHITE PAPER
Spirent Technology Platforms Supporting U.S. Government Networks Validation
and Assurance
Network Acceptance. Spirent’s industry-leading testing solutions offer
comprehensive solutions for effective network acceptance, performance, and
quality assessment and optimization of the network.
The Umetrix platform
Assuring network readiness for mission-critical applications and services
requires a solution set that measures performance in a scientific and
repeatable way. Successful delivery relies on measuring what matters. The
Umetrix solution suite allows active testing of video, voice, and data
services from an end user perspective. For greater detail, refer the
datasheets linked in the table below:
Umetrix Video Umetrix Data Umetrix LM Umetrix Voice
Umetrix Datasheets https://www.spirent.com/assets/u/umetrix_video_datasheet https://www.spirent.com/assets/u/umetrix_data_datasheet https://www.spirent.com/assets/u/ds-umetrix-voice-lm https://www.spirent.com/assets/u/umetrix_voice_datasheet
Lifecycle management and assurance. Proactively assure service performance and
ongoing change management: continuous integration, deployment, and testing
(CI/CD/CT); continuous monitoring (CM/Active Test).
VisionWorks
VisionWorks is a comprehensive active assurance solution that enables
expansive visibility and performance optimization with automated, end-to-end
network service and experience assurance. Active testing uses virtual test
agents (or existing probes) deployed throughout to produce and leverage
synthetic traffic injected into the network to proactively identify issues
before customers are affected. It leverages the discovered data to detect
irregularities and automatically initiates troubleshooting test procedures to
isolate problem domains.
Spirent VisionWorks Active Assurance provides active testing and monitoring of
5G networks and devices. Spirent assures connections at every point to enable
higher quality of service. VisionWorks completely automates testing processes
such as verification of end-user service quality and isolation of problems to
a specific network segment. VisionWorks provides intelligent and automated
active test and assurance across the lifecycle of the evolving 4G/5G hybrid
network to enable service agility, cost reductions, network efficiencies, and
increased revenues.
13
SPIRENT WHITE PAPER
Key Highlights. VisionWorks provides critical insights and automation to optimize performance across every service and network layer. Key solution capabilities include:
· Affordable to Scale. Virtual or small-form factor test platforms can provide a significantly lower cost option than traditional passive probes. Combining passive and active solutions are proving to be more cost-efficient and practical from a widespread rollout perspective. Active assurance represents a solid strategy for keeping costs under control while still meeting stringent performance requirements.
· End-to-End Coverage. The ability to pair passive data with active assurance closes visibility gaps. Reduce customer churn by solving problems faster. Troubleshoot complex issues in any part of the network because probes are virtualized.
· Flexible Deployment. Cloud-native architecture provides deployment flexibility allowing agents to be turned up, decommissioned, and redeployed easily. Adaptable monitoring solution that changes with your network. Virtualization and the move to cloud networks reduces the costs of active testing by an order of magnitude, laying the foundation for network operators to broadly adopt this proven approach.
· Proactive Visibility. From deployment activation testing to links with intermittent
usage, active assurance verifies performance without relying on actual customer
traffic. For network slicing, avoid SLA violations or subpar service delivery that may
incur fees or decrease customer satisfaction.
Automation Pipelines
Spirent VisionWorks
End-to-End Visibility
Proactive Analytics
Open APIs
Automated Troubleshooting
VisionWorks Active Test Agents
Mobile
Fixed
Access
Backhaul Aggregation
Core
Datacenter
Network Data
Inventory & Topology Passive Probes & Network Telemetry
Data Lake
Figure 8. VisionWorks system overview.
14
SPIRENT WHITE PAPER
Conclusions and Takeaways U.S. Government private networks require a
comprehensive testing and assurance strategy which is vital to the successful
launch and operation of its mission-critical objectives. That strategy should
be incorporated into project planning ahead of service provider and technology
selection. An assurance mindset leads to achievement of performance,
reliability and security goals and effective management of project timelines.
From a test and validation perspective, Spirent shares these takeaways to help
the U.S. Government achieve its mission-critical objectives.
· A multi-faceted validation approach for U.S. Government site deployment is
recommended: Network Acceptance Testing Ensure the network delivers on the
requirements. Assess service quality and end user experience for video, voice,
data, and other projected use cases. Identify performance issues and
optimization opportunities. Infrastructure Validation Testing – Assess
infrastructure performance in the lab ahead of vendor selection, design and
implementation. Security Testing Assess network and device security before
launch and as part of a continuous security framework to identify and mitigate
vulnerabilities. Lifecycle Management and Assurance Proactively assure
service performance and ongoing change management and fault isolation through
automated active assurance solutions.
· Technology Platforms. Choosing a vendor-neutral testing partner with a suite
of technology platforms that work in unison to ensure quality in all aspects
of the complex network solution is table stakes for success, while adopting a
range of testing technologies can lead to significant gaps in the testing
solution design.
15
SPIRENT WHITE PAPER
How Spirent Managed Solutions Can Help The choice of testing partner in
validating private networks is critical to success of the solution. On
occasions, some private network adopters allow various vendors to test their
constituent components with the assurance that the vendors know the technology
best and bring their deep bench of experience to test their products on the
customer’s behalf. A problem may exist, however, with a testing approach that
does not account for the complexity of all the other elements and
configurations within a private network solution. Also, the vendor products
are often tested in `ideal’ controlled settings, separate from the customer’s
private network environment. In doing so, a real-world environment
representing the private network does not exist. A vendor-neutral approach in
testing partners is essential to ensure comprehensive and reliable private
network validation results.
As a vendor-neutral industry leader in test and measurement, Spirent has been
a pioneer since the advent of network, wireless and GNSS testing, validation,
and assurance, and has provided services to customers across a broad range of
global industries. These varied business sectors include global navigation
satellite systems, aircraft, and automotive manufacturers, as well as
telecommunications and wireless service providers, network equipment
manufacturers, petroleum, education, the media, financial institutions and
stock exchanges, technology enterprises and publishing giants. Spirent also
services governments worldwide, which includes military and space agency
projects.
Spirent solution delivery value. This experience of managing large programs
and datasets for over 20 years includes nationwide device and benchmarking
programs. Over 1,500,000 miles have been driven in live networks, with nearly
2,000 device models evaluated and certified before going to consumers. This
involved more than 12,000 user experience tests performed and certified in the
lab and over 28,000 tests performed and certified in live networks. More than
40,000,000 calls and data sessions have been monitored and reviewed for
accuracy. Benefits have included:
· Made recommendations that allowed a major U.S. operator to improve market 5G
traffic and throughput by 40% and 50%, respectively
· Identified serious user experience issues on over 800 device models, saving
wireless operators from support and return costs and poor customer
satisfaction
· Helped wireless operators successfully launch new networks and services
including 5G-NSA, 5G-SA and VoNR, MEC, 4G/VoLTE, and more
16
SPIRENT WHITE PAPER
Spirent’s broad slate of services offerings. When our customers don’t have the
expertise, time or resources to perform testing and assurance functions
internally, Spirent offers a suite of managed solutions to perform these
functions as a Service. One of these is Spirent’s Lab as a Service (LaaS)
solution which provides state-of-theart cloud-based test lab optimization and
automation to reduce manual errors and accelerate testing. With a single pane
of glass visibility and unified reporting, multiple organizations securely
access physical and virtual lab resources for comprehensive utilization and
management, reducing power consumption. Supporting wider testing objectives,
Spirent’s Test as a Service (TaaS) combines our test expertise, products and
automated test campaign management capabilities into a bundled service that
allows us to quickly deliver testing functions and seamlessly integrate these
with other operator functions. Fit4Launch Testing as a Service for 5G Mobile
Devices is a TaaS offering from Spirent Managed Solutions. As a pioneer in lab
and test automation solutions, Spirent has well-established solution delivery
expertise in LaaS and TaaS for cloud-based and automated CI/CD continuous
testing of multivendor communication service provider (CSP) solutions enabling
webscale agility and mature DevOps efficiencies. Built on the foundation of
our Managed Solutions Lab as a Service and Test as a Service solution
packages, we deliver a robust return on investment in the process, applying
the latest cloud and virtualization techniques to usher in a new era of
highly-efficient automated testing. Spirent Managed Solutions also includes
SecurityLabs within its comprehensive suite of offerings and holistic approach
to performance and cybersecurity testing. Drawing from expertise in private
networks, 5G and a host of other technology frameworks, our experienced
cybersecurity team offers comprehensive security testing solutions utilizing
Spirent’s advanced testing platforms and realistic simulation of real-world
attacks tailored to deliver optimal ROI. Learn more about Spirent’s Managed
Solutions.
17
SPIRENT WHITE PAPER
About Spirent Communications Spirent Communications (LSE: SPT) is a global leader with deep expertise and decades of experience in testing, assurance, analytics and security, serving developers, service providers, and enterprise networks. We help bring clarity to increasingly complex technological and business challenges. Spirent’s customers have made a promise to their customers to deliver superior performance. Spirent assures that those promises are fulfilled. For more information visit: www.spirent.com
Americas 1-800-SPIRENT +1-800-774-7368 sales@spirent.com
Europe and the Middle East +44 (0) 1293 767979 emeainfo@spirent.com
Asia and the Pacific +86-10-8518-2539 salesasia@spirent.com
© 2024 Spirent Communications, Inc. All of the company names and/or brand names and/or product names and/or logos referred to in
this document, in particular the name “Spirent” and its logo device, are either registered trademarks or trademarks pending registration
in accordance with relevant national laws. All rights reserved. Specifications subject to change without notice.
Rev A | 08/24