Aarna.ml today is announcing the release of Aarna.ml Multi Cluster Orchestration Platform (AMCOP) version 3.4, a pivotal milestone in advancing zero-touch edge orchestration. This release introduces a myriad of enhanced features, improvements, and additions, solidifying AMCOP's capabilities in managing complexity at scale.

Role-Based Access Control (RBAC)

RBAC emerges as a linchpin in security, regulating network access based on organizational roles within Service Management and Orchestration (SMO) in the O-RAN architecture. RBAC not only adds an extra layer of security but also efficiently distributes superuser capabilities across administrators through meticulous privilege management.

O1 Functions and NACM

In O-RAN deployments, the sensitivity of O1 functions necessitates adherence to zero-trust principles. The O1 interface, enforcing confidentiality, integrity, authenticity, and least privilege access control through encrypted transport and the Network Configuration Access Control Model (NACM), thus ensur secure network operations. This standards-based mechanism restricts user access to predefined NETCONF operations and content, integrating authentication and authorization seamlessly.

OAuth 2.0 for Access Management

OAuth takes the reins in generating authorization tokens, managing access for distinct roles within the system. This introduction of an authorization layer, separating the client's role from the resource owner's, ensures secure access to protected resources. Utilizing Access Tokens issued by an authorization server, OAuth adheres to industry standards, providing a robust mechanism for secure resource access.

Keycloak for Authentication and Authorization

Keycloak, a robust open-source identity and access management solution, stands as the AAA provider for Aarna SMO. Within Keycloak's administrative realms, the roles, such as 'system-admin,' 'fault-admin,' and 'performance-admin,' define permissions, ensuring secure authentication and authorization for contemporary web applications.

NETCONF Access Control Model (NACM)

NACM, a standardized approach, ensures robust access control mechanisms within the NETCONF Server. Adhering to industry standards outlined in RFC8341, NACM introduces predefined access control groups aligning with distinct NETCONF client roles, prioritizing compatibility, reliability, and adherence to established industry practices.

In this release of AMCOP, ORAN Specified RBAC/Security Requirements as per O-RAN.WG11.Security-Requirements-Specification.O-R003-v06.00 and MPlane O-RU Device Requirements as per specification - O-RAN.WG4.MP.0-R003-v12.00 are met. The solution architecture, as depicted in Figure 1, showcases the implementation of RBAC with users, roles, domains, and policies.

Solution Architecture of the modules specific to RBAC requirements


In conclusion, AMCOP v3.4 not only addresses security requirements but also enhances orchestration capabilities. The adoption of industry standards and the meticulous integration of access control mechanisms underscore Aarna.ml commitment to providing users with a secure, interoperable, and globally accepted platform for network orchestration. For more details on device-level access requirements, refer to the O-RAN specifications - O-RAN.WG4.MP.0-R003-v12.00.

This release reaffirms Aarna.ml dedication to innovation, security, and the seamless orchestration of multiple network elements, further solidifying its position as a leader in the evolving landscape of network management and orchestration.

Learn more about ACMOP and request a free trial.