Open Networking & Edge Summit 2020

Virtualization is evolving to containerized workloads orchestrated by Kubernetes because of simpler deployment and management than with virtual machines. However, there are concerns that containers are not as secure as virtual machines, and that Kubernetes orchestration can introduce additional risks.

These concerns, both real and perceived, will be described by the speakers, with specific concentration on the risk to the security of the container isolation model. The heart of the talk is a presentation of joint efforts by CNTT and ONAP to define practical security architectures, controls and tests for NFVi with Kubernetes that addresses the realities of such deployments, such as ensuring isolation among cloud native network functions (CNF) with differing operating system privilege requirements. Finally, the speakers present both hardware and software isolation solutions for sandboxing less trusted Edge workloads.