Trace Id is missing
October 26, 2021

Nokia improves security posture, tightly manages sensitive data in AI service with Azure Arc

Based in Finland, Nokia is a leading telecommunications company with operations around the world. One of the many valuable services it offers is a telco AI ecosystem called AI & Analytics, Virtualization, Automation (AVA) for its carriers to help optimize their networks and service delivery. Nokia created a successful proof of concept (POC) to validate an updated architecture using Microsoft Azure Arc. Now, Nokia is able to deploy, operate, and monitor the AVA applications running in the customer’s preferred cloud, while meeting the data regulatory needs for different countries.

Nokia

“With Azure Arc, we gained a standard way to deploy, operate, and monitor the Nokia AVA use cases deployed in a customer’s preferred cloud—for example AWS, GCP, Azure, or private cloud.”

Kalyanjeet Gogoi, Head of Engineering & Technology, BA Cognitive Services, Cloud and Network Services, Nokia

Communication of the future

Though perhaps best known for its mobile phones, Nokia existed long before such devices were introduced. The telecommunications giant has been serving customers for more than 155 years. Over the past 20 years, the company has continued to evolve, expanding into 130 countries and spending €129 billion (USD150 billion) in research and development. 

Nokia has been expanding its AI analytics offerings. The company wanted to provide a way for its carrier customers (for example, AT&T, Sprint) to optimize networks based on a variety of rich data sources. It created a telco AI analytics application suite, called Nokia AVA, which gathers data from network elements, operations support systems, and more, in order to provide deep AI-based insights and corrective measures for operators to efficiently run their networks.

The collecting and processing of the data is highly confidential and controlled by different legislation in different countries, and sometimes a datacenter must be in the same country as the customer. Due to the range of data regulatory requirements in various countries the operators are required to keep the data in their own network or the country while running the Nokia AVA Suite. This imposes the need for the AVA suite to be able to run on a customer’s preferred cloud available in their country or network—for example, AWS, GCP, the customer’s Microsoft Azure instance—other than the Nokia-managed Azure cloud. 

Nokia faced a lot of complexity in finding the right architecture to meet these customer requirements while keeping a simple and cost-effective operational model. 

Centralized deployment, operations, and monitoring

Nokia wanted to create an architecture that was scalable, highly secure, and flexible, while still being able to deploy, operate, and monitor it from a centralized place in a cost-effective manner. Nokia decided to adopt Microsoft Azure Arc to evolve AVA architecture to bridge the gaps.  

“With Azure Arc, we gained a standard way to deploy, operate, and monitor the Nokia AVA use cases deployed in a customer’s preferred cloud—for example AWS, GCP, Azure, or private cloud,” says Kalyanjeet Gogoi, Head of Engineering & Technology, BA Cognitive Services, Cloud and Network Services at Nokia.

The Nokia AVA architecture that uses Azure Arc is composed of two main parts. One is a Nokia-owned Azure subscription where all the services related to deployment, monitoring, connectivity, and security are sitting, and the other is the customer cloud that will offer a Kubernetes stack onto which Nokia AVA applications will be deployed. The two clouds are communicating in a highly secure way via VPN and HTTPs. With this architecture, the customer can consume the Nokia AVA use-cases outcome and services seamlessly without the data exiting the customer’s cloud.

By taking advantage of Azure Arc capabilities, Nokia can deploy use cases onto the target Kubernetes cluster offered by the customer cloud. If an artifact gets changed, the changes are automatically detected and deployed on the customer’s Kubernetes stack. 

“With Azure Arc–enabled Kubernetes, we can work directly with the customer’s cloud, as we can project the customer’s Kubernetes cluster into Nokia owned Azure subscription” says Paolo Tornaghi, Technology & Architecture CoE Leader, BA Cognitive Services, Cloud and Network Services at Nokia. “From the centralized Nokia Azure monitor we will see the remote Kubernetes resources, and the user experience is outstanding because we see them like the cluster was on Azure.”

Improved security, proven concept

Along with Azure Arc and Azure Arc–enabled Kubernetes, Nokia conducted a proof of concept (POC)—combining other Azure services to validate the Azure Arc–enabled AVA architecture and enhance overall security posture while delivering the Nokia AVA service to its customers. The company uses Azure Defender, which works seamlessly with Azure Arc to protect the company’s hybrid environment. In Microsoft Azure Storage and Microsoft Azure Key Vault, Nokia hosts the highly confidential artifacts and takes advantage of Microsoft Azure Monitor and Azure Monitor Logs to monitor the Nokia AVA applications.

At the same time, data sovereignty requirements of Nokia’s customers are fully respected because the data is going to stay on their cloud and not transferred elsewhere. “We had a very good experience working on this POC with Microsoft, and the Microsoft engineers worked closely with us on a day-to-day basis,” says Gogoi. “We successfully ran this proof of concept with one of our use cases, which was already very well architected with Azure Kubernetes Service.” 

Nokia is in the process of productizing the updated Nokia AVA service and will soon begin production. The company plans to onboard customers to this new architecture in early 2022. Continues Gogoi, “Existing customers will continue on the earlier version of AVA, which is fine for now because they won’t experience any service disruption. We have a lot of flexibility with Azure to update the architecture for the existing use cases.”

Efficient, trustworthy customer experience

Nokia achieved its goal to create a more consistent infrastructure management approach. “By using Azure Arc along with Monitor, it’s easier to monitor and operate the customer use cases whether the AVA is being deployed on Azure or another cloud,” says Tornaghi. “That simplifies life for us and our customers. With Azure Arc, we’ve become more efficient and have a high degree of control over what we deploy.”

By updating Nokia AVA’s architecture, not only is Nokia better able to serve its customers with varying data needs all over the world, it can also help to ensure data compliance and peace of mind. For example, many customers in the Middle East want to avoid a public cloud and have instead created their own cloud environment. “Some customers want us to use their cloud to deploy our analytics service,” says Gogoi. “Before Azure Arc, it was impossible for us to do that efficiently.” 

Nokia has always been vigilant about protecting customer data, but with this updated architecture, it can protect customers more than ever before because of the fact that the data will stay in the customer’s cloud. Concludes Gogoi, “We are confident that our customers can get their use cases deployed without compromising data sovereignty.”

Find out more about Nokia on Twitter, Facebook, and LinkedIn.

“From the centralized Nokia Azure monitor we will see the remote Kubernetes resources, and the user experience is outstanding because we see them like the cluster was on Azure.”

Paolo Tornaghi, Technology & Architecture CoE Leader, BA Cognitive Services, Cloud and Network Services, Nokia

Take the next step

Fuel innovation with Microsoft

Talk to an expert about custom solutions

Let us help you create customized solutions and achieve your unique business goals.

Drive results with proven solutions

Achieve more with the products and solutions that helped our customers reach their goals.

Follow Microsoft