2906 - 在 T-Mobile 构建云原生 5G 网络.pdf

1、Se ni or MT S:Pa tr ick Wils onIBM TechXchangeSession 2906Building a Cloud-Native 5G Network at T-Mobile2Why Cloud-Native for 5G?ScaleMillions of devices,dynamic workloadsAgilityRapid rollout,upgrades,innovationEconomicsShared platform,vendor flexibilityTelco ITUltra-low latency,geo-distribution,car

2、rier-grade SLAs3T-Mobiles Cloud VisionUnified cloud-native platform for 5G+beyondAutomation-first:self-service,policy-driven,GitOpsMulti-vendor,standards-based,API-first designSecurity-first:Zero trust built in,not bolted on4High-Level Cloud ArchitectureCaaSRed Hat OpenShift+OCP VirtualizationNFViCO

3、TS hardware,Redfish mgmtAutomationTerraform,Ansible,Service Orchestrator(IBM RIA)OperationsSevOne,NOI,observability stackSecurity-FirstVault,Zero Trust,compliance automation5CaaS Layer OpenShiftEnterprise Kubernetes for telco-grade workloadsFull CNF certification+Operator ecosystemStandardized lifec

4、ycle mgmt across large-scale clustersFlexible:Core data center RAN edge(SNO)AI-ready:Built-in ML/AI pipelines and toolchainsSecurity-first:PKI,Vault Secret Operator,GitOps enforcement6Virtualization Layer OCP VirtualizationUnified platform:Kubernetes+VMs,same OpenShift stackDedicated clusters simpli

5、fy lifecycle+supportMigration path:VNFs today,CNFs tomorrowSingle operations model across VM+CNF environments7Secrets&Identity Hashicorp VaultSecurity-first:centralized secrets,policy-enforced accessPKI at scale:cert-manager+PKI vendor integrationKubernetes-native:Vault Secrets Operator(no app-side

6、creds)Automated rotation;zero standing privileges8Infrastructure as Code TerraformDeclarative,Git-driven IaC for multi-domain provisioningStandardized workspaces:SDN,DNS,CaaS,Hardware,VaultStrong audit+rollback via Git+TFE stateSeparation of concerns:platform teams own their modulesTelco IT:IaC must