Nokia Container Services

Nokia Container Services is a turn-key Containers as a Service (CaaS) offering

for deploying, orchestrating, monitoring and managing containers and
container-based applications for Telco cloud use cases. It offers critical
functions that support always-on services including access controls, security,
and high availability.

Cloud computing in all market segments is moving

towards containerized workloads and applications,
based on microservices. The evolution to cloud-
based microservices promises greater agility and
granular scalability than the large and monolithic
Virtualized Network Functions (VNFs). Tools to
manage and govern the cloud computing world are
changing too, and this is where Nokia Container
Services plays.
Nokia Container Services (NCS) packages the
necessary tools and capabilities for carrier grade,
container-based cloud infrastructure. It offers
Communications Service Providers (CSPs) turn-key
Containers-as-a-Service (CaaS) virtualization on
which to deploy their network, OSS, and BSS.
NCS provides CaaS functionality for deployment of
containerized applications in private clouds, public
clouds, and on bare metal. The platform is multi-
vendor, multi-tenant and carrier grade.
Nokia has embraced Kubernetes as the core of the
NCS platform. To that end, Nokia pre-integrated
dozens of best-of-breed Open Source components
and built automation tooling around them, which
help you streamline operations and support agility
improvements and TCO reductions that are critical
for your commercial success, especially in 5G.
With NCS, you have the freedom to deploy
anywhere. Nokia can support your transition from
current infrastructure to containerized deployments.
Benefits
• Deploy anywhere: NCS can be deployed on a
plethora of platforms: bare metal (on reference
hardware configurations), CBIS (or other
OpenStack), VMware, AWS EC2 and Azure.
• Automated application Life Cycle Management
(LCM): Kubernetes-based LCM using Helm charts
• Configuration flexibility: A variety of Container
Networking Interface (CNI) choices are available
including: Calico, DANM, Multus, SRIOV, DPDK and
others. Storage types that are supported include:
Ceph, Cinder, Rook, and local storage.
• Serviceability and automation: Automated
cluster management. Monitoring by Prometheus/
Zabbix for fault and performance management
and Elasticsearch for logs.
• Security: Multi-tenancy integrated into user
management, Role Based Access Control (RBAC),
Single Signon (SSO), and Harbor integrated
as the multi-tenant registry. The design is
based on Nokia Design for Security, including
operating system and Kubernetes best practices.
Networking security with network policies and
traffic separation.
• NCS is Cloud Native Computing Foundation
(CNCF) certified

1 Data sheet
Nokia Container Services
Logical architecture
and main functions
NCS leverages Kubernetes for container
management and orchestration. In this way, NCS
supports deployment and life cycle management
of software applications that are composed as
microservices running on Docker or other container
runtimes. NCS supports multiple container runtime
options, as well as leveraging Kubernetes pluggable
interfaces for networking and storage integration
and Helm for package management.
Nokia Container Services (NCS)
Cluster services
Application
services
High availability
Automated operations
Container runtime Kubernetes
Operating system
Anyplace
An NCS system consists of an NCS manager
node to deploy and manage the NCS system,
3 control nodes to run the K8s control plane and
a varying number of worker/edge nodes to run the
application workloads. NCS also provides support
for a small footprint.
Edge nodes are a special type of worker node
designed to interface with the external network,
and it provides a proxy for data traffic in and out
of the NCS cluster.
For Virtual Machine (VM) based deployments, one
NCS system can support hundreds of worker/
edge node VMs. NCS uses Terraform providers to
interface to the APIs of the virtual infrastructure
For bare metal deployments, NCS is certified on
reference hardware which can be configured for
small deployments with shared worker/storage
nodes to large deployments with dedicated
storage and monitoring/logging servers.
2 Data sheet
NCS cluster services
NCS provides complete life cycle management
functions to users for NCS management after
deployment, including:
• Scale-in/scale-out: Infrastructure scaling
operations which allow addition or removal of
nodes from a cluster. When NCS is deployed over
bare metal, this activity is triggered via the NCS
Manager, in a single, automated step. Auto-scale
is also supported.
• Control node recovery: Control nodes are not
scalable, and this NCS Manager-driven operation
automates the recovery of the node.
• Heal: Operation is used to recover a failed
Security
node. In bare metal deployments, the operation
Multi-tenancy reinstalls the OS and recovers all services running
on the node.
• Upgrade & rollback
• Backup & restore: Backup and restore of
infrastructure configuration is supported.
• Cluster monitoring, alarming, and logging.
Application services
• NCS provides Helm to support application
installation and management.
• All standard Helm lifecycle events are supported,
plus NCS enhances Helm with plugins for heal,
scale in/out, and backup/restore.
• Istio service mesh provided as an optional add-on.
High Availability (HA)
• Redundancy is built into all key NCS system
components.
• Node groups/labeling/affinity rules, etc. are
supported to control workload placement on
nodes and across availability zones.
Multi-tenancy
• NCS is a multi-tenant platform with features
provided using namespaces and resource quotas
to provide isolation between tenant applications.
Per tenant user management via RBAC is provided
to restrict user access to only the select tenant’s
application.
Nokia Container Services
Security In-service software upgrade
Nokia Container Services provides security settings Nokia Container Services can be upgraded to
to address configuration management using new releases, while remaining in service. Failed
automated hardening tools that address the related components can be recovered automatically.
standards, customers and best-practice security A configurable backup and restore function based
requirements. The RBAC mechanism allows the on customer preferences is available.
operator to restrict user authorized actions on
a system. The permissions to perform certain
operations are assigned to specific roles and
users based on its policies.

Product characteristics
Networking IPv4, IPv6, load balancing, CNIs (Calico, Multus, DANM, Weave, IP VLAN, MAC VLAN, vhost-user, Host
device, SRIOV)
Storage CSI Manila, CEPHFS, Cinder, CephRBD, Rook, GlusterFS, local storage, local disk (bare metal), vSphere
(vCenter), EBS (AWS), Azure Disk (Azure)
Logging & Monitoring Elascticsearch, Prometheus, Zabbix
Application life cycle events Install/delete, scale-in/scale-out, heal, disaster recovery, upgrade/rollback, update configuration,
backup/restore
Services Backup & restore, DNS, high availability, local Docker registry, local Helm chart repository
Security TLS, Role Based Access Control (RBAC), pod security policy (PSP), Center for Internet Security (CIS)
benchmark, Nokia Design for Security (DFSEC) and General Data Protection Regulation (GDPR)
Cluster lifecycle events Install/uninstall, scale-in/scale-out, heal, disaster recovery, upgrade/rollback
Operating systems CentOS
Notes:
1 Some configurations will require additional certification by services.

About Nokia
We create the technology to connect the world. Powered by the research and innovation of Nokia Bell Labs, we serve communications service providers, governments,
large enterprises and consumers, with the industry’s most complete, end-to-end portfolio of products, services and licensing.

From the enabling infrastructure for 5G and the Internet of Things, to emerging applications in digital health, we are shaping the future of technology to transform the
human experience. networks.nokia.com

Nokia operates a policy of ongoing development and has made all reasonable efforts to ensure that the content of this document is adequate and free of material errors
and omissions. Nokia assumes no responsibility for any inaccuracies in this document and reserves the right to change, modify, transfer, or otherwise revise this publication
without notice.

Nokia is a registered trademark of Nokia Corporation. Other product and company names mentioned herein may be trademarks or trade names of their respective owners.

© 2020 Nokia

Nokia Oyj
Karaportti 3
FI-02610 Espoo, Finland
Tel. +358 (0) 10 44 88 000

Document code: SR2008046501EN (September) CID207821