Automating Security Operations in Telecommunication Networks with GitOps

Loading...
Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Date
2024
Department
Major/Subject
Je-Ruei Yang
Mcode
SCI3113
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
Language
en
Pages
70+8
Series
Abstract
5G network operators are continuously seeking more efficient methods for network security management. Concurrently, GitOps has emerged as a novel and effective approach to manage applications, configurations, and infrastructure. However, there has been limited research on integrating these two advancements. This thesis explores the integration of GitOps into telecommunication network security operations, proposing a new workflow to address the challenges in traditional methods. We identify the challenges presented in conventional network security operations and introduce a new workflow based on the GitOps principles. Our work includes designing a declarative model to describe and store resources in Git repositories and implementing GitOps operators to ensure alignment between the desired state in Git repositories and the actual state of the managed network. Additionally, we incorporate various validation strategies within the continuous integration pipeline to enhance the robustness of the workflow. The evaluation of the workflow involves case studies that compare traditional and GitOps workflows in real-world scenarios, such as updating security configuration, establishing experimental environments, performing disaster recovery, and detecting configuration drift. The analysis shows that the GitOps workflow improves efficiency, visibility, and traceability, eases disaster recovery, and automates configuration drift correction. The findings suggest that mobile network operators should consider adopting the GitOps workflow to enhance their overall security operations.
Description
Supervisor
Aura, Tuomas
Thesis advisor
Reijonen, Joel
Keywords
GitOps, telecommunication network, configuration management, network security management, network automation
Other note
Citation