Spirent Recommendations for Success User Guide

Recommendations for Success

“`html

Specifications:

• Product: Spirent White Paper

• Testing Strategies for U.S. Government Private Network
  Modernization

• Usage: Infrastructure validation, security testing, Wi-Fi
  security assessment

Product Information:

The Spirent White Paper provides recommendations and testing
strategies for U.S. Government private network modernization. It
includes methodologies for live network active field tests,
infrastructure validation, security management, and Wi-Fi security
assessment.

Product Usage Instructions:

Infrastructure Validation:

Spirent software and hardware are utilized for validating the
performance and scalability of network infrastructure. The Spirent
TestCenter platforms facilitate end-to-end testing under real-world
stress conditions for mission-critical applications.

Security Testing:

– Ensure dedicated network resources for specific functions and
locations
– Follow cybersecurity best practices and specific security
recommendations for private 5G networks
– Engage in rigorous testing in both development and live
environments
– Include repeatable validation of network performance

Wi-Fi Security Assessment:

Perform a comprehensive Wi-Fi security assessment starting with
a site survey to map the network and identify rogue access points.
Tests include coverage through various phases to ensure network
security.

FAQ:

Q: What are the key considerations for testing private 5G

networks?

A: Key considerations for testing private 5G networks include
infrastructure validation, security management, and Wi-Fi security
assessments tailored to the network environment and supported
applications.

“`

SPIRENT WHITE PAPER
Recommendations for Success
Testing Strategies for U.S. Government Private Network Modernization

SPIRENT WHITE PAPER
Introduction Successful planning, launch and operation of networks under a broad range of U.S. Government (USG) enterprise network modernization programs require a partner with a proven track record, cutting-edge technology and expertise in all phases of wireless network launch. In this white paper, we make key recommendations to foster comprehensive achievement of U.S. Government performance and coverage goals in a reliable and secure network, drawn from extensive background in the delivery of critical test and validation solutions. The topics of this white paper include:
· Overview and Summary of Recommendations · Network Acceptance: Validating Network and Device Performance for Key Services · Infrastructure Validation: Ensuring the Infrastructure Performs and Scales · Security: Managing the Complex Threat Surfaces of U.S. Government Networks · Assurance: Actively Managing Performance During Network Operations · Spirent Technology and Platforms Supporting U.S. Government Networks Validation
and Assurance · Conclusions and Takeaways · How Spirent Managed Solutions Can Help
Overview and Summary of Recommendations A comprehensive testing and assurance strategy is vital to the successful launch and operation of any mission- critical private network. That strategy should be incorporated into project planning ahead of network technology selection. A full lifecycle mindset leads to achievement of performance, reliability and security goals, and effective management of project timelines. Spirent’s testing approach is informed by decades of assuring wireless networks, from 2G thru 5G. Our latest 5G-driven innovations in tools and methodologies apply for any RAN technology direction chosen by the USG for the test enterprise network modernization. To ensure quality of service (QoS) in individual private networks, the Government must incorporate comprehensive validation solutions that enable effective launch and operation of the network, devices and services. To achieve this, Spirent recommends adopting launch and testing strategy factors in the following critical components:
· Network Acceptance Testing ­ Ensure the network delivers on the requirements. Assess service quality and end user experience for video, voice, data, and other projected use cases. Identify performance issues and optimization opportunities.
· Infrastructure Validation Testing ­ Assess infrastructure performance in the lab ahead of vendor selection, design, and implementation.
· Security Testing ­ Assess network and device security before launch and as part of a continuous security framework to identify and mitigate vulnerabilities.
· Lifecycle Management and Assurance ­ Proactively assure service performance and ongoing change management and fault isolation through automated active assurance solutions.
1

SPIRENT WHITE PAPER
Network Acceptance ­ Validating Network and Device Performance for Key Services
To ensure success in individual network initiatives, the Government needs to answer critical questions: Does the network have the capacity for the performance and QoS that you require? Is coverage of the private network sites comprehensive, both outdoors and indoors? Where must optimization take place to meet your requirements? For video use cases, does the network enable delivery of reliable video feeds without freezing, buffering, or poor-quality frames? For voice use cases, can you reliably place and hold calls and hear both parties clearly? A focus on performance will ensure that traffic flows reliably and that the network can support target services, regardless of RAN technology. Assessment Areas. A comprehensive approach to testing the private network should include the following:
· Coverage and Spectrum ­ Outdoor/indoor heatmaps and band utilization: Ensure coverage and signal-to-noise performance across the entire private network site and within surrounding buildings. Pre-launch analysis of actual band usage and received signal confirms design goals are met, identify areas that need improvement, and offer optimization opportunities. State-of-the art tools are required to collect, analyze, and produce heatmap views of the sites and environs.
· Capacity ­ Loading limits and impact on performance: Assess both the radio and backhaul capacity supported by the network with next-gen traffic generation solutions. Test with both multi-user point and spread single-user solutions. Multi-user tests will exercise the network’s ability to carry end- to-end volume. Construct the tests to mimic expected video traffic as well as future voice and data services. Capacity testing will characterize how performance degrades with volume and pinpoint where optimization or investment is required.
· Devices ­ Assess with relevant devices, phones, tablets, and IoT: Test with the devices expected to be on the network. If that is not possible, use solutions that allow you to emulate the traffic footprint of the required device set.
· Performance and QoE ­ Data, video, voice handovers latency: Assess video, voice, and data performance and quality from the perspective of the end user. Good RF does not always mean good quality of experience (QoE). This means using quantified scientific measures that help you identify relative weak performance and measure the efficacy of network optimizations. Use QoE best- in-class tools like Umetrix Video, Voice, and Data.
· Applications ­ Emulate data footprint of critical apps: As with devices, test with the actual applications/services you intend to carry on the network or use tools that emulate the data footprint of those services.
· App Endpoints ­ Cloud, on-prem edge, public edge: Placement of application services has a critical impact on performance, especially for latency- sensitive use cases. Use a test solution that allows testing to all possible service endpoints from cloud to edge.
2

SPIRENT WHITE PAPER

Methodology. Spirent’s approach: Live network active field tests from actual UEs to Spirent data servers placed at the edge and in the cloud.
· Measure: Use state-of-the-art tools to actively drive user traffic over the network in stationary and both drive and walk mobility scenarios.
· Analyze and Report: Generate statistical and geographical views of all performance indicators. Correlate video, voice, and data KPIs to underlying RF performance. Identify areas for service and network optimization.
· Optimize: Modify designs to address opportunities uncovered in acceptance testing. Confirm efficacy of changes.

MEASURE

ANALYZE

REPORT

OPTIMIZE

· Stationary, walk, drive
· Active test data, voice, video, location

· Coverage · Capacity · Bandwidth · Latency · Voice · Video · Location · Security

· KPI Statistics
· Good/fair/poor scoring
· Optimization recommendations

· Design modifications
· Ongoing performance monitoring

Figure 1. Typical Private Network site acceptance field testing

UEs with App Emulation

e/gNodeB

NiB

On-Premises Outpost / Private
Public MEC or Local / Availability Zones

Cloud

Figure 2. Sample Private Network

3

SPIRENT WHITE PAPER

Infrastructure Validation: Ensure your Infrastructure Performs and Scales

Spirent software and hardware has been used by U.S. Government customers for more than two decades to validate the performance and scalability of their network infrastructure. The Spirent TestCenter platforms enable end-to-end testing of network infrastructure to ensure it performs under real-world stress conditions for missioncritical applications.
Spirent TestCenter covers the entire gamut of testing, from core network infrastructure, to remote sites, to validate their performance across throughput, latency, packet drops, and many other metrics. Additionally, the tools enable quick pinpointing of potential problems during testing before they have operational impact. As new network elements are designed into existing networks, testing with Spirent TestCenter ensures that the evolving network performance continues to meet the USG’s interconnectivity and interoperability needs.

Security: Managing the Complex Threat Surfaces of U.S. Government Private Networks

USG private networks should provide dedicated network resources for specific functions and locations, offering benefits like enhanced control over data, improved security, and lower latency. However, this type of network, including private 5G networks, also presents unique security challenges. The vulnerabilities and threats must be understood and mitigated if a private 5G network’s true potential is to be realized.

Testing strategies should be tailored to the specifics of the private 5G network environment and the applications it supports. This involves following best practices of cybersecurity and the specific security recommendations for private 5G networks.

In the process, security will be an unyielding expectation for all stakeholders in Government private network ecosystems. To assure a private 5G network’s trustworthiness, service providers must engage in rigorous and comprehensive testing in both the development and live environments is crucial. Testing considerations must include:

· Network security assessment – Available devices, servers, workstations, services, ports

· Privilege escalation – Unauthorized access to services, sensitive information, databases

· Network segmentation and slicing – Security of 5G-LANs, network slices, access rules, virtual firewall rules analysis

· Isolation review – In the case of shared RAN, how the private segment is separated from the SP network and subscribers

· 5G hardware – Router security analysis, configuration, security rules, administrative interfaces, etc.

· Applications security assessment – Management and Orchestration Applications

· Security of IoT devices in the network

· Network Security and Application Performance Validation – Highly scalable,

repeatable validation of network performance

4

SPIRENT WHITE PAPER
Wi-Fi Security Assessment Wi-Fi security assessment ensuring thorough coverage through various phases starting with a site survey to map the Wi-Fi network and identify rogue access points. Although not exhaustive, below is a list of tests performed during the wireless security testing:
· Site survey and enumerate wireless networks · 802.11 network reconnaissance · Enumeration of authentication protocols · Testing access control · Testing segregation between guest and corporate network · Identify weakly encrypted networks · Capture and analyze wireless network traffic to gain information about internal
systems and wireless network peers · Access point configuration review, including:
­ Network design and architecture ­ Policies ­ RADIUS server configuration review (if any) ­ Rules review for access control, filtering, authentication/authorization, logging
and segmentation
5

SPIRENT WHITE PAPER

Private Network and Private 5G Network Security Testing. Spirent recognizes that private 5G network solutions are architected in multiple ways, where individual implementations vary in a variety of bespoke environments which require a proven approach. With many years of experience, Spirent SecurityLabs is an established leader delivering testing solutions which includes an extensive focus on 5G and 5G MEC (multi-access edge computing) security. With this well-established and comprehensive background, SecurityLabs created an essential testing strategy to assess the security posture of the private 5G network solution before deployment, to identify and prioritize mitigation of vulnerabilities. SecurityLabs has established the following approach to proactive identification of private 5G network vulnerabilities and to assist with mitigating risk.
The testing strategy includes, but is not limited to, the criteria found below:
· Platform security and integrity ­ This covers operations, administration, and management (OA&M) security, interface security, user authentication ­ multifactor authentication or PKI-based ­ certificate authentication, encryption, key and certificate management systems, and strong cryptographic algorithms.
· Virtualization and Containerization ­ This includes weak secrets management, insufficient pod/container isolation, inadequate patch management, no resource limits, misconfigured network policies, lack of restrictions on container images to private registry, lack of mTLS and unrestricted pod-to-pod communication.
· Applications and APIs ­ Testing assesses authentication, authorization, input validation (SQL, XSS, etc.), error handling, security misconfiguration, sensitive data exposure, business logic testing, API path discovery, unauthenticated API, broken access control, insecure deserialization, insufficient session expiration, lack of resources and rate limiting, sensitive information disclosure in JWT token, and application path disclosure.
· Network Security ­ This testing assesses insecure PKI setup, misconfigured firewall rules, insecure network segmentation, inadequate, misconfigured or missing network access control (NAC), unpatched network devices, data exfiltration and egress protection bypass, privilege escalation, unsecured network services, unsecured protocols, security misconfigurations, insufficient authentication, default credentials, insufficient privileged account management, insufficient network isolation and segmentation.
· Hardware Security ­ Testing covers unencrypted communications, hardcoded keys, device firmware analysis, binary code analysis, insecure boot process, JTAG/UART review, fuzzing, underlying software and application evaluation, and unencrypted communication.

Fig. A: Deployment as isolated network

Fig. B: Deployment with shared RAN

Fig. C: Deployment with shared RAN and control plane

Fig. D: NPN deployed in public network

Public network

Public network services

Public network

Public network services

Public network

Public network services

Public network

Public network services

Local path

Optional connection

Local path

Local path

Non-public network services

Non-public network services

Non-public network services

Figure 3. Private 5G Network connectivity architecture

Non-public network services
6

SPIRENT WHITE PAPER
Vulnerability Management. Vulnerability management is a critical component of any cybersecurity program, especially within a 5G environment where potential vulnerabilities could have wide-ranging impacts. A high-level list of SecurityLabs’ testing solution components for a 5G vulnerability management program include:
· Vulnerability Scanning ­ Objectives are to ensure these scans cover all devices, network, applications, and systems in the 5G environment; categorize asset and identified impactful weaknesses; utilize continual validation against remediation efforts of vendor.
· Patch Management Testing ­ Testing ensures the patching process occurs in a timely manner or follows the appropriate policy and/or schedule and that additional vulnerabilities are not introduced. Also, check that patches are properly applied and fully address the identified vulnerabilities and that patches are signed by the developer.
· Configuration Management Testing ­ This covers tests that ensure all devices and systems are securely configured and accurately identify and mitigate insecure configurations.
· Risk Assessment Testing ­ The risk assessment process properly verifies and prioritizes vulnerabilities based on factors such as potential impact, exploitability, and business importance.
· Penetration Testing ­ Regularly conducted to simulate an attack on the 5G network and assess effectiveness of vulnerability mitigation measures by attempting to exploit identified vulnerabilities.
· Incident Response Integration Testing ­ This involves testing the integration of the vulnerability management process with the incident response plan to verify that the detection of a serious vulnerability triggers the necessary incident response procedures.
· Remediation Verification ­ Tests are re-run to confirm that the vulnerability is indeed fixed and validate that no regressions occurred.
· Threat Intelligence Integration Testing ­ The effectiveness of threat intelligence feeds for the VM program are assessed to verify that emerging threats and vulnerabilities are identified and mitigated.
· Security Awareness and Training Testing ­ Ensure staff are trained to recognize and handle vulnerabilities effectively and evaluate the efficacy of training through periodic testing or quizzes.
7

SPIRENT WHITE PAPER

N3IWF Security. N3IWF is a Non-3GPP Interworking Function. This element of the 5G SBA (Service-Based Architecture) is responsible for interworking between untrusted non3GPP networks and the 5G Core. The secure establishment of IPSec Tunnel between UE and N3IWF must be ensured which involves testing all the required protocols (EAP, IKEv2, and IPSec).
Additional security testing includes: confidentiality and integrity protection of NAS signaling messages (UE & AMF) That pass through N3IWF; User plane data protection between UE and UPF; Proper handling of N2 signaling from SMF by the N3IWF; Encapsulation and decapsulation of packets for IPSec and N3 Tunneling; Secure authentication of the UE by this NF using the EAP method; Authorization; Proper handling of DoS and DDoS; Handling of malicious, malformed packets or unexpected protocol messages testing; Secure storage and handling of encryption keys and other sensitive information.

N1 (for 3GPP
access) NAS

N2
NGAP/SCTP
N1 (for non3GPP access)
NAS

IPSec tunnel IPSec tunnel

for CP

for UP

Y1

Y2

UE NWu
GRE/ESP/IKEv2/EAP

N11

AMF

SMF

N2 NGAP/SCTP

N4 PFCP

N3 GTP-U

GTP-U tunnel for UP

N6

N31WF

UPF

DN

N3

GTP-U

N9

Protocols used in communication

Figure 4. Architecture for 5GC network with untrusted non-3GPP access network.
Accounting for New Cybersecurity Frameworks. Any new private network must include the following security technologies to ensure their architecture is up to date with the current industry security best practices.

· Secure Access Service Edge (SASE). A cloud-centric distributed security architecture securing users and applications as opposed to subnetworks and IP resources.
· Zero Trust and Zero Trust Network Access (ZTNA). Eliminating the notion of trust, necessitating that access must be granted for each application transaction.
· Transport Layer Security (TLS). Use of encryption targeted at preventing malicious unauthorized altering of transmitted data between endpoints and eavesdropping.

· Mutual authentication. Where the sender and recipient must verify the other party is genuine and trusted.

8

SPIRENT WHITE PAPER

Network Security and Application Performance Validation. Highly scalable, repeatable validation of network performance, QoE, and security effectiveness are required for success with on-prem, public cloud, hybrid cloud and cloud- native network infrastructure. To achieve this, an advanced and proven testing platform must be incorporated in the validation strategy.

CyberFlood

Spirent CyberFlood is a a state-of-the-art, powerful, and easy-to-use, easy- to-use test solution that generates realistic application traffic and malicious threat vectors to test the performance, quality of experience (QoE), and security effectiveness of app-aware networking devices and end-to-end deployments.

CyberFlood assessments are user configurable and are based on latest protocols, applications, malwares, and attacks that are updated continuously through Spirent TestCloud repository (containing over 3,500 applications, over 6,000 attacks and over 100,000 malwares).

CyberFlood solution architecture consists of the CyberFlood Controller (responsible for assessment configuration, execution, and reporting) and CyberFlood Test Agents (responsible for emulation of inter-agent exchanges of malicious/non-malicious traffic). This allows mixing attacks and applications to verify and analyze network security effectiveness under load as well the impact of security policies on QoE. Realistic hacker behavior can be emulated with evasion techniques or encrypting attacks to push security solutions to their limits. For malware testing, CyberFlood provides infected host emulation, as well as malware binary transfer-based security testing. Also, unique applications and vulnerabilities can quickly be imported to create custom test scenarios. CyberFlood sensitive information emulation provides pre-existing templates or users can import custom file sets to quickly assess Data Loss Prevention (DLP) policies. Support for security industry frameworks such as NetSecOPEN and MITRE ATT&CK® are built into CyberFlood solution as well.

SD-WSUANDNI -EWDAGNE SD-EWDAGSDNE-WUANNI

Test Agent
IPP DNS DNP URL MDR
Internet
Subscriber
SERVICE EDGE

SUDN-IWEASNDD-GEWAN

Private Cloud and Branches

· Test agents can be deployed in a distributed, hybrid environment
· Scalable emulation of real application workloads and threat vectors that recreate network traffic patterns
· Test cases, methodologies that can be used throughout the network lifecycle ­ design, deployment, and on-going assurance

Figure 5. CyberFlood Solution Overview.

9

SPIRENT WHITE PAPER
Key Highlights. CyberFlood’s key solutions capabilities include: · Multi- domain Scale. CyberFlood quickly and accurately assesses and validates the performance, scalability, and security efficacy of systems such as next- generation firewalls and DPI solutions, across on-prem, cloud, and cloud- native deployments, including IDS/IPS, SD-WAN, SASE, and others. · Intuitive Functionality. CyberFlood is specifically designed for ease of use. It can be deployed quickly, and its web-based UI makes it easy to design tests no matter what user experience level, and so you can test now, not months from now. Combined with the CyberFlood RESTful API interface users can easily integrate their test cases into their CI/CD/CT pipeline for continuous and ongoing testing and compliance validations. · Comprehensive Realism. Test scale and efficacy of application and security policies are provided with hyper- realistic, repeatable application mixes, and threat emulations. The variety of applications available in the TestCloud library enables users to customize the application parameters and traffic mixes that are representative of their network traffic profiles. · Detailed Reporting: CyberFlood solution provides live reporting while assessments are in progress and final reporting at the end of assessment which can be annotated and archived as needed. The reports are contextual in relation to the type of assessment underway, for example, the Threat Assessment reports include details of attack vectors, including vulnerability information, call flows, and packet captures.
10

SPIRENT WHITE PAPER

Assurance: Actively Managing Performance During Network Operations
Lifecycle Management and Assurance ­ Continuous Monitoring. The USG’s requirements should guarantee business outcomes through reduced downtime, increased operational efficiency, increased survivability, and optimized security. The solution must support proactive and automated activation of change management to accelerate deployment using a combination of over-the-air (OTA) and virtual test agents (VTA), including load testing. Service-level agreement (SLA) validation must support compliance. End-to-end assurance must provide rapid fault isolation/resolution between Radio, Mobile core and application servers, to rapidly identify if it was private 5G gear or an enterprise issue. Self-test functions for enterprise customers should be available.
Spirent’s approach is to empower operation and management (O&M), by validating private 5G network performance prior to and following activation. Utilize state-of-theart test tools ­ powered by next-generation lab and test automation solutions ­ for active service performance by testing and validating that all the infrastructure and functions of largely software-based architecture can work together as intended with compliance to 3GPP standards. Support SLAs and ongoing change management by emulating L2-7 traffic from demarcation points inside and outside the network. Actively inject traffic 24/7 or on demand.
The solution should provide end-to-end visibility with proactive analytics and automated troubleshooting ­ from lab to live, and deliver these benefits:
· Accelerated Time-to-Mission Launch. Achieve up to 10x faster turn-up of new network functions and services.
· Optimized User Experience. Proactively discover and resolve issues before users are impacted.
· Reduced Costs. Avoid hours of manual troubleshooting and SLA violation penalties.

Active Virtual Test Agent

Public Network Core

Apps

Customer Premises

Devices

RAN

EDGE Core

Apps

Figure 6. Use Case: Active Assurance and SLA management
11

SPIRENT WHITE PAPER
Lifecycle Management and Assurance ­ Continuous Testing. The USG’s private network validation requirements should guarantee reductions in total cost of ownership (TCO), while delivering agile high-performance private (5G) networks. Any service provider offering private 5G network services must meet the needs of a wide range of emerging enterprise, public, and IoT use cases. The private 5G network (PN) must provide clients with dedicated 5G connectivity, edge computing and a portfolio of vertical-specific value-added services. These PNs are complex due to multiple components and a fast release lifecycle of software. Traditional ways of testing connectivity are not suitable to manage this framework of services.
Spirent recommends utilizing continuous integration, deployment, and testing (CI/CD/CT) processes with a state-of-the-art test platform ­ powered by a nextgeneration lab and test automation solutions ­ to support O&M, and proactively assure service performance. Leveraging low-touch automated lifecycle management, continuously test and validate that all the infrastructure and functions of largely software-based architecture so that they can work as intended with compliance to 3GPP standards and also support SLAs and ongoing change management.
The solution should provide a low-touch automated CI/CD/CT solution that improves the time (often 3x) it takes to test and validate functionality, performance, and security throughout the lifecycle of a private 5G network stack.

Cloud
Cloud Region

Landslide Core Validation Mobile Core OSS/BSS

Value-Added Service Independent SW Vendors

Customer Premises
Premises

Customer Devices

RAN

Internet
Local Network

Platform
5G Automation Platform

Robot

python

Framework

Orchestrator

Cloud Edge

Landslide Core Validation

Control plane

Value-Added Service

LOCAL

BREAK

S1

Data plane

OUT
Independent SW Vendors

Figure 7. Use Case: Telefónica’s lifecycle management test framework. (Read the Telefónica white paper.)
Note: The Continuous Monitoring and Continuous Testing components can be implemented separately, or in concert with each other.
12

SPIRENT WHITE PAPER

Spirent Technology Platforms Supporting U.S. Government Networks Validation and Assurance
Network Acceptance. Spirent’s industry-leading testing solutions offer comprehensive solutions for effective network acceptance, performance, and quality assessment and optimization of the network.
The Umetrix platform
Assuring network readiness for mission-critical applications and services requires a solution set that measures performance in a scientific and repeatable way. Successful delivery relies on measuring what matters. The Umetrix solution suite allows active testing of video, voice, and data services from an end user perspective. For greater detail, refer the datasheets linked in the table below:

Umetrix Video Umetrix Data Umetrix LM Umetrix Voice

Umetrix Datasheets https://www.spirent.com/assets/u/umetrix_video_datasheet https://www.spirent.com/assets/u/umetrix_data_datasheet https://www.spirent.com/assets/u/ds-umetrix-voice-lm https://www.spirent.com/assets/u/umetrix_voice_datasheet

Lifecycle management and assurance. Proactively assure service performance and ongoing change management: continuous integration, deployment, and testing (CI/CD/CT); continuous monitoring (CM/Active Test).
VisionWorks
VisionWorks is a comprehensive active assurance solution that enables expansive visibility and performance optimization with automated, end-to-end network service and experience assurance. Active testing uses virtual test agents (or existing probes) deployed throughout to produce and leverage synthetic traffic injected into the network to proactively identify issues before customers are affected. It leverages the discovered data to detect irregularities and automatically initiates troubleshooting test procedures to isolate problem domains.
Spirent VisionWorks Active Assurance provides active testing and monitoring of 5G networks and devices. Spirent assures connections at every point to enable higher quality of service. VisionWorks completely automates testing processes such as verification of end-user service quality and isolation of problems to a specific network segment. VisionWorks provides intelligent and automated active test and assurance across the lifecycle of the evolving 4G/5G hybrid network to enable service agility, cost reductions, network efficiencies, and increased revenues.

13

SPIRENT WHITE PAPER

Key Highlights. VisionWorks provides critical insights and automation to optimize performance across every service and network layer. Key solution capabilities include:

· Affordable to Scale. Virtual or small-form factor test platforms can provide a significantly lower cost option than traditional passive probes. Combining passive and active solutions are proving to be more cost-efficient and practical from a widespread rollout perspective. Active assurance represents a solid strategy for keeping costs under control while still meeting stringent performance requirements.

· End-to-End Coverage. The ability to pair passive data with active assurance closes visibility gaps. Reduce customer churn by solving problems faster. Troubleshoot complex issues in any part of the network because probes are virtualized.

· Flexible Deployment. Cloud-native architecture provides deployment flexibility allowing agents to be turned up, decommissioned, and redeployed easily. Adaptable monitoring solution that changes with your network. Virtualization and the move to cloud networks reduces the costs of active testing by an order of magnitude, laying the foundation for network operators to broadly adopt this proven approach.

· Proactive Visibility. From deployment activation testing to links with intermittent

usage, active assurance verifies performance without relying on actual customer

traffic. For network slicing, avoid SLA violations or subpar service delivery that may

incur fees or decrease customer satisfaction.

Automation Pipelines

Spirent VisionWorks

End-to-End Visibility

Proactive Analytics
Open APIs

Automated Troubleshooting

VisionWorks Active Test Agents

Mobile

Fixed

Access

Backhaul Aggregation

Core

Datacenter

Network Data
Inventory & Topology Passive Probes & Network Telemetry
Data Lake

Figure 8. VisionWorks system overview.

14

SPIRENT WHITE PAPER
Conclusions and Takeaways U.S. Government private networks require a comprehensive testing and assurance strategy which is vital to the successful launch and operation of its mission-critical objectives. That strategy should be incorporated into project planning ahead of service provider and technology selection. An assurance mindset leads to achievement of performance, reliability and security goals and effective management of project timelines. From a test and validation perspective, Spirent shares these takeaways to help the U.S. Government achieve its mission-critical objectives.
· A multi-faceted validation approach for U.S. Government site deployment is recommended: ­ Network Acceptance Testing ­ Ensure the network delivers on the requirements. Assess service quality and end user experience for video, voice, data, and other projected use cases. Identify performance issues and optimization opportunities. ­ Infrastructure Validation Testing – Assess infrastructure performance in the lab ahead of vendor selection, design and implementation. ­ Security Testing ­ Assess network and device security before launch and as part of a continuous security framework to identify and mitigate vulnerabilities. ­ Lifecycle Management and Assurance ­ Proactively assure service performance and ongoing change management and fault isolation through automated active assurance solutions.
· Technology Platforms. Choosing a vendor-neutral testing partner with a suite of technology platforms that work in unison to ensure quality in all aspects of the complex network solution is table stakes for success, while adopting a range of testing technologies can lead to significant gaps in the testing solution design.
15

SPIRENT WHITE PAPER
How Spirent Managed Solutions Can Help The choice of testing partner in validating private networks is critical to success of the solution. On occasions, some private network adopters allow various vendors to test their constituent components with the assurance that the vendors know the technology best and bring their deep bench of experience to test their products on the customer’s behalf. A problem may exist, however, with a testing approach that does not account for the complexity of all the other elements and configurations within a private network solution. Also, the vendor products are often tested in `ideal’ controlled settings, separate from the customer’s private network environment. In doing so, a real-world environment representing the private network does not exist. A vendor-neutral approach in testing partners is essential to ensure comprehensive and reliable private network validation results.
As a vendor-neutral industry leader in test and measurement, Spirent has been a pioneer since the advent of network, wireless and GNSS testing, validation, and assurance, and has provided services to customers across a broad range of global industries. These varied business sectors include global navigation satellite systems, aircraft, and automotive manufacturers, as well as telecommunications and wireless service providers, network equipment manufacturers, petroleum, education, the media, financial institutions and stock exchanges, technology enterprises and publishing giants. Spirent also services governments worldwide, which includes military and space agency projects.
Spirent solution delivery value. This experience of managing large programs and datasets for over 20 years includes nationwide device and benchmarking programs. Over 1,500,000 miles have been driven in live networks, with nearly 2,000 device models evaluated and certified before going to consumers. This involved more than 12,000 user experience tests performed and certified in the lab and over 28,000 tests performed and certified in live networks. More than 40,000,000 calls and data sessions have been monitored and reviewed for accuracy. Benefits have included:
· Made recommendations that allowed a major U.S. operator to improve market 5G traffic and throughput by 40% and 50%, respectively
· Identified serious user experience issues on over 800 device models, saving wireless operators from support and return costs and poor customer satisfaction
· Helped wireless operators successfully launch new networks and services including 5G-NSA, 5G-SA and VoNR, MEC, 4G/VoLTE, and more
16

SPIRENT WHITE PAPER
Spirent’s broad slate of services offerings. When our customers don’t have the expertise, time or resources to perform testing and assurance functions internally, Spirent offers a suite of managed solutions to perform these functions as a Service. One of these is Spirent’s Lab as a Service (LaaS) solution which provides state-of-theart cloud-based test lab optimization and automation to reduce manual errors and accelerate testing. With a single pane of glass visibility and unified reporting, multiple organizations securely access physical and virtual lab resources for comprehensive utilization and management, reducing power consumption. Supporting wider testing objectives, Spirent’s Test as a Service (TaaS) combines our test expertise, products and automated test campaign management capabilities into a bundled service that allows us to quickly deliver testing functions and seamlessly integrate these with other operator functions. Fit4Launch Testing as a Service for 5G Mobile Devices is a TaaS offering from Spirent Managed Solutions. As a pioneer in lab and test automation solutions, Spirent has well-established solution delivery expertise in LaaS and TaaS for cloud-based and automated CI/CD continuous testing of multivendor communication service provider (CSP) solutions enabling webscale agility and mature DevOps efficiencies. Built on the foundation of our Managed Solutions Lab as a Service and Test as a Service solution packages, we deliver a robust return on investment in the process, applying the latest cloud and virtualization techniques to usher in a new era of highly-efficient automated testing. Spirent Managed Solutions also includes SecurityLabs within its comprehensive suite of offerings and holistic approach to performance and cybersecurity testing. Drawing from expertise in private networks, 5G and a host of other technology frameworks, our experienced cybersecurity team offers comprehensive security testing solutions utilizing Spirent’s advanced testing platforms and realistic simulation of real-world attacks tailored to deliver optimal ROI. Learn more about Spirent’s Managed Solutions.
17

SPIRENT WHITE PAPER

About Spirent Communications Spirent Communications (LSE: SPT) is a global leader with deep expertise and decades of experience in testing, assurance, analytics and security, serving developers, service providers, and enterprise networks. We help bring clarity to increasingly complex technological and business challenges. Spirent’s customers have made a promise to their customers to deliver superior performance. Spirent assures that those promises are fulfilled. For more information visit: www.spirent.com

Americas 1-800-SPIRENT +1-800-774-7368 sales@spirent.com

Europe and the Middle East +44 (0) 1293 767979 emeainfo@spirent.com

Asia and the Pacific +86-10-8518-2539 salesasia@spirent.com

© 2024 Spirent Communications, Inc. All of the company names and/or brand names and/or product names and/or logos referred to in

this document, in particular the name “Spirent” and its logo device, are either registered trademarks or trademarks pending registration

in accordance with relevant national laws. All rights reserved. Specifications subject to change without notice.

Rev A | 08/24

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>