There has been more news lately about some high-profile botnets, and the latest was one of the largest ever seen in Internet history, causing Internet slowdowns to hundreds of millions of users. The scale was orders of magnitude larger than anything seen before, affecting the very core Internet routers that make the Internet function. As mobile networks evolve to all-IP networks, these are the very security concerns operators should be focused on.

In this latest episode, attackers first targeted Spamhaus, and then the security company hired to break the attack, CloudFlare. A domino-effect ensued for any and all companies and groups associated with either Spamhaus or CloudFlare, peaking with a stream of data as big as 300 billion bits per second, which compromised sites – slowing them down or making them unavailable – for as many as nine days.

At the core of the assault was a powerful botnet — a network of thousands of remotely controlled, infected computers that caused a distributed denial of service (DDoS) attack. That attack is expected to be re-launched in upcoming days, according to Internet chatter, and it is causing security experts like Kaspersky Labs to note that DDOS-type activity is increasing rapidly, and far more malicious than fraudulent service and network security breaches of the past.

How Can DSRs and Policy Servers Help Mobile Operators?

For mobile operators, the rise in malicious attacks highlights a need to go beyond a socialized approach where one appliance is trusted as a security gateway. It pushes everyone toward a multi-layered-security approach, where operators protect the core, the transport layer and the application layer from rogue sites.

The Diameter Signaling Router (DSR) and Policy Server (PCRF) can strengthen security at particularly the control and application layers. Because botnets exploit routing software and servers, DSRs and Policy Servers play a role in preventing amplifications that otherwise get out of control and bring down networks.

For example, in our recent whitepaper, “Multi-layer Security for the Digital Lifestyle Provider,” we describe Access Control(ACL) Lists, Topology Hiding, Encryption, Congestion Control and other security measures augmented by the DSR and/or PCRF.

We look at the ways in which operators can add layers of protection, such as by implementing topology hiding, which protects the network host names from a DDOS. and we look at how encryption can be used for safeguarding subscriber data.

All in all, the operators’ strategies have to be proactive and multi-layered in order to prevent access from unknown partners or rogue sites. There’s no question the growing sophistication of services, and the mobilization and social revolution underway will mean not only innovation, but also more malicious security threats among operators and the third parties with which they will work – intentionally or not.

The ability to “virtualize” is critical for operators evolving toward ThinkingNetworks™.

Network Function Virtualization (NFV) implementations and virtualization of the Evolved Packet Core (EPC), as well as systems outside the EPC (e.g., billing), can significantly reduce network costs and help operators become more efficient in matching resources to network and service demands. NFV gives service providers the ability to elastically assign compute and storage resources through a software-only approach.

Assigning resources only where needed is important when it comes to Diameter network elements, especially the Diameter Signaling Router (DSR) and Policy Server (PCRF), which have to be “cloud ready” in order to successfully control LTE EPC functions.

Virtualization will essentially partition the resources of a hardware platform into unique “virtual machines.” These virtual machines replicate standalone functions currently supported on separate hardware. If more compute resources are needed to support a Diameter function, any available hardware can be chosen and a new instance of the virtual machine created by the hypervisor.

The same hardware could also be used to support instances of a policy function at the same time, if enough compute resources exist. It’s that ability to dynamically allocate additional compute and storage resources when needed – using a common pool of hardware – that makes virtualization so important.

The move to NFV implementations will mean operators expand virtual functions to support multiple regions, or extend functions to other partners as part of their cloud offerings. For example, MVNOs or multinational operators looking to put their packet core into the cloud can manage all services and countries through one implementation.

A Closer Look At NFV

At Tekelec, we have developed the Orchestrator, which determines through analytics and other inputs when additional resources are needed. The Orchestrator instructs the Virtualizer (the hypervisor) to create another instance of a function. The Virtualizer creates additional resources, and other instances of the DSR or PCRF per the Orchestrator’s instructions.

Since the Orchestrator is the function that determines what, when, and where additional compute and storage resources are needed, it goes into action when traffic levels in the Diameter network increase. It identifies the rise in traffic and determines if additional DSR or PCRF resources are needed to support the rise in traffic.

Once the Virtualizer implements the new instance of DSR or PCRF, the IP Flow Manager directs IP flows to the new instance of the function (since routing tables will not reflect newly configured hardware).

The communication and cooperation among these components gives networks the ability to expand and contract based on real-time traffic conditions. That capability will become invaluable to operators trying to balance the need for innovative services with the need to maintain network performance levels – both essential to the customer experience.

Telecom Asia today quoted Gulzar Azad, Mobile Partnerships Lead – India and APAC at Google during this week’s LTE Asia event in Singapore (where Tekelec has made partnership and customer-win announcements).

Azad stressed that mobile operators need to think in terms of service delivery, not data plans, meaning they have to go beyond monthly subscription fees and add value to the types of services OTT players, content providers and others are currently driving.

He suggested operators expand their thinking on limiting their networks so they can better capitalize on the likes of Facebook, Google Plus and others by using them as platforms on top of which they can build multiple channels for not only local or regional audiences, but also global ones. By aggregating, augmenting and adding their own content, mobile operators can do more to create and monetize services tied to their own brands.

All mobile operators pushing for success will have to start thinking of themselves as “digital lifestyle providers,” and with that comes a need to work harmoniously with OTT, M2M, cloud, mobile advertising and mobile payment services.

Making It Happen
Mobile operators moving toward this type of business model will be required to work with third parties (whether social networks, OTT or mobile advertisers). That means orchestration, and lots of it, will be needed to expose policies, subscriber data, charging data, and analytics – all critical to LTE services.
Additionally, it will require operators scale for the millions of new devices populating LTE networks, and accommodate the multi-session nature of new devices.

These challenges all point to a need for a new Diameter network (NDN), as Diameter is the protocol that facilitates policy and charging rules for new business models and the protocol that ensures secure interconnection among partners and privacy for subscriber information.

As revealed last week in the Tekelec LTE Diameter Signaling Index®, global signaling traffic will grow more than three times faster than mobile data traffic over the 2011-2016 period, reaching nearly 47 million Diameter messages per second (MPS) by 2016 (a 252% CAGR over the forecast period).

Roaming, concurrent data sessions, video streaming, QoS guarantees and behavioral changes via social networking over mobile devices will all account for these tremendous surges in Diameter signaling traffic and will mean DSRs and other elements of an NDN will grow in importance.

There was plenty of speculation before the Olympics that networks inside and out of the Olympic village would be taxed heavily enough to cause problems. Yesterday’s news that Olympic officials asked spectators and athletes to “take it easy” with Twitter traffic (as it was interfering with the GPS used to track competing cyclists) just added to the predictable, albeit at times “harsh” online criticism of the Joint Operators Olympic Group (JOOG). Of course, O2 and BT Group Plc (BT/A) and others in JOOG went to great lengths to accommodate the digital needs of the 6 million people expected to descend on Olympic park, preparing to carry 60 gigabits of data every second – four times that possible during the Beijing games – and using WiFi offload through 500,000 hotspots in Olympic Park and throughout London.

Despite some of the criticism around data speeds and overall performance, the work toward data detours and network buildouts has worked overall to accommodate the enormous number of streaming videos and photos traversing networks thus far. In fact, we wrote last week that these Olympics would serve as a “microcosm” for operators researching the potential impact of data surges on Diameter signaling.

The outages before the Olympics and the networks’ performance during the Olympics, are important analogies to what operators will face with the proliferation of smart devices and the impending explosion of Machine-to-Machine connections.

We will continue to analyze and address issues around network congestion, signaling storms and revenue opportunities as these trends pick up momentum.

Download the free white paper.

By Matt Hatton, Director of Machina Research

Mobile telephony is probably the world’s most successful technology: there are in excess of 5 billion mobile connections worldwide, representing an unprecedented level of technology penetration. To date, MNOs worldwide have built successful businesses based on selling voice, SMS and data connectivity to individual handset users. Recently, business dynamics have changed slightly with the introduction of mobile broadband and mobile content data services. On the whole, MNOs have coped reasonably well with the arrival of these services although it’s not all been plain sailing as illustrated by continuing fears about exponential data traffic growth and concerns about being relegated to a bit-pipe role. One thing that has helped MNOs is that the underlying business logic is broadly the same: sell a device to a person which they use to access services for which they pay. MNOs may have needed to do some work on the network and create a few product management teams for the new services but it hasn’t required a fundamental shift in how they do business. It is a moot point whether they will cope as successfully with the arrival of machine-to-machine (M2M).

As we set out in the table below, in almost every conceivable way, M2M is different from the services MNOs provide today. The most obvious change, from the perspective of industry-watchers is that expectations for traffic, ARPU and revenue are completely different. This has some implications for how MNOs manage the cost of serving those customers. They must keep it as low as possible if they are to be able to cope with ARPU of less than EUR0.5/month. Also, a new consideration within the M2M market is that data volumes per connection are typically sufficiently low that installation costs are often a more significant financial consideration than on-going data transmission costs. MNOs must adapt their tariffing to reflect this dynamic.
Other immediate differences stem from the fact that M2M communication is typically a component of a wider offering, rather than a service in itself. As a result there is often no active end-user. This has implications for swapping providers, complaint handling and device management. M2M is an enabler, and the more transparent the M2M component of an overall service is, the better. In many cases the end user may not even be aware that the device is connected at all.

Furthermore, M2M connectivity is often mission-critical. In many cases customers are entrusting a key part of their business to telcos. Examples include smart metering, insurance tracking devices for cars, a range of fleet management telemetry services and, of course, mobile connected medical devices. As a result customers will have very different expectations over quality-of-service and service level agreements compared to voice and data services where best effort was often enough. Conversely, latency is often not an issue with M2M connections: devices are often connected via M2M with a view to maintaining a certain level of timeliness of information, but without a requirement for real-time information. For instance, smart meters may take meter readings at quarter-hourly intervals, but there may be no urgency in when they are delivered to the utility.

MNOs must also revise their channels and sales strategies. The sale of M2M connectivity by MNOs is often B2B2C: an MNO’s M2M connectivity solution must be integrated into a product which is then provided to a consumer. As a result MNOs must build completely new channel arrangements including identifying sectors they should address via direct and indirect channels. They must also secure sales in an aggressively competitive B2B environment while at the same time delivering a solution that is sufficiently polished and intuitive for a consumer market.

Matt Hatton is a Director of Machina Research, the world’s leading advisors on M2M and mobile broadband strategy. This blogpost is based on an article that Machina Research wrote for the the Machine-to-Machine Insight Report in the June/July issue of Mobile Europe magazine. Matt also maintains his own blog: The Wireless Noodle

New smartphones, tablets, and machine-to-machine devices are providing a compelling mobile experience by allowing people to engage their social networks, conduct business, and manage their day-to-day activities. This new, interactive mobile experience is bringing about a revolution in mobile broadband service models as service providers experiment with innovative ways to monetize mobile broadband, attract and retain customers, and efficiently manage network resources.

Join Tekelec for a webinar on July 13. The webinar will highlight four use cases that demonstrate how service providers can implement network and subscriber intelligence to monetize mobile broadband, including:
• Personalized service tiers
• Simplified services for the multi-device customer
• Adding value to over-the-top applications
• Casual usage and loyalty programs

To sign up, click here.

By Joanne Steinberg, Strategic Marketing Director

The M2M industry is rapidly expanding, with analyst firms estimating that we’ll have 50 billion connected devices by 2020. So how can service providers benefit from this proliferation in machine-enabled devices? Here are some of the interesting use cases I’ve seen for M2M services:

• Using policy and device profiles and usage characteristics to create tailored service plans that can be based on connections, transactions, or the amount and frequency of data transmissions.  An example would be allowing electricity meters to securely connect to the network and send data only at certain times of day or when required.
• Being able to offer a variety of service level agreements. For example, a tablet device needs to download new ebooks quickly but infrequently, and usually only from one website. In this case, there is an established model for purchases, where connectivity becomes an add-on or revenue share. The bandwidth needed to read the book is low. On the other hand a traffic surveillance camera with automatic backup to online storage will send large amounts of data.
• M2M services can also monitor the traffic and usage patterns for a smart car and leverage this intelligence to evolve the smart car service and marketing approach.
• And finally there are some important security use cases, such as tracking a machine’s usage and if a threshold is exceeded, an alert or location look up can be sent to ensure the device is not stolen or broken. 

Machine-to-Machine (M2M) services are one of the most significant revenue growth areas for global service providers. However, the rapidly-evolving M2M services environment presents significant challenges in terms of scalability, device management, quality of service, radio-access interoperability, and security. Joanne Steinberg, director of strategic marketing at Tekelec, examines a few of the M2M challenges and opportunities service providers are facing.

Q1:  How do you see the M2M market evolving over the next few years?

J.S.: The M2M market is growing very rapidly and is expected to reach $57B by 2014 and 50 billion connected devices by 2020, according to research firms Strategy Analytics and Analysys Mason. This market is entering a new phase that is characterized by the rapid growth in broadband services, which includes an evolution to multimedia solutions for the smart home, the smart car, and the smart city. More devices we are all familiar with such as home appliances, electricity meters, our cars, and traffic cameras now have embedded wireless sensors, chips, or RFID tags.  This is resulting in a proliferation of new M2M-enabled devices. And finally, real-time information, quality of service, and usage-based business models are becoming more common. These trends are resulting in the need for more intelligent, sophisticated, and scalable M2M network controls.

Q2: What are some of the key service provider challenges in the M2M market?

J.S.: From a strategic point of view they are looking at how they can transform from wholesale connectivity providers to end-to-end M2M service providers that includes integrated device, applications, and managed services offers.  An example of this would be shifting from providing Internet service to a home to providing a smart home solution that includes home energy management, security, and multimedia entertainment.

Another key challenge is scalability.  We are talking about managing hundreds of thousands or millions of devices per “customer,” which can have a lot of variability in terms of transaction volumes, connection frequency, traffic patterns, the amount of network resources they consume, the applications they use, and the quality of service requirements. All these devices also need to be provisioned, updated, and maintained.

Finally, the ‘machine’ service model is very different than the ‘human’ service model. M2M services often have low average revenue per ‘user’ yet they can be highly profitable because of high machine volumes coupled with lower costs in terms of customer acquisition, churn, and usage.  

Q3: What are the key components of an intelligent M2M service delivery platform?

J.S.: The key components are:

• A device data management system to provision devices and track, and manage device profiles, locations, and usage information. This system also ensures device security, identity and address management. It is also important that this system has open application interfaces to enable web services.
• Policy management to define policies that allow service providers to apply different qualities of service to different machines and implement flexible service plans using quotas based on transactions, connections, time of day, location, applications, or data usage to generate revenues. 
• Diameter Signaling Router  to scale the policy, charging, authentication and mobility management information and enable roaming and service portability. 
• The Performance intelligence Center to monitor M2M services and network performance and analyze data to identify trends, diagnose problems and optimize device and service performance.
• Messaging services  such as alerts and notifications based on real-time events and usage play an important role including secure and reliable store and forward messaging.

The M2M solution needs to be able to help service providers deliver solutions for devices and applications that have diverse needs, ranging from sending a single business critical message to high-quality video surveillance over the mobile network.