3                                                       XaaS


                                                      Appendix II


               Modelling usage example of NaaS service, NaaS service operational policy and
                                                NaaS resource model

                            (This appendix does not form an integral part of this Recommendation.)

            II.1    Introduction
            In practice, a NaaS CSP can virtualize cloud resources into multiple isolated virtual private clouds (VPCs) and
            provide them to NaaS CSCs. A NaaS CSC can establish and manage the network easily in a typical VPC, for
            example:  deploying  or  removing  virtualized  network  devices  (e.g.,  vRouter  and  vSwitch),  adjusting  the
            topology  of  VPC  networks,  specifying  packet  forwarding  policies,  and  deploying  or  removing  virtualized
            network services (e.g., load balancer, firewalls, databases, DNS). The NaaS functionalities that the NaaS CSC
            can obtain are virtualized and actually performed by VMs located on compute servers, which may be located
            in different geographically distributed data centres, connected through physical or overlay networks.

            The manipulation of the virtualized VPC network may also affect the configuration of physical networks. For
            example, when two new VMs associated to a given VPC are deployed in two different data centres, the VPC
            control  mechanism  needs  to  generate  a  VPN  between  these  two  data  centres  for  the  internal  VPC
            communications.  Therefore,  the  control  mechanism  for  a  VPC  should  be  able  to  adjust  the  underlying
            network at runtime when the NaaS CSC requests changes to the VPC network or service deployment.
            When the NaaS CSC moves from one location to another, which is near to another NaaS CSP's data centre,
            and  in  the  case  the  network  load  between  these  two  data  centres  is  low,  NaaS  CSC's  VM(s)  should  be
            migrated to the new data centre in order to allow for a better user experience.

            As illustrated by Figure II.1, a VPC corresponds to a combination of cloud computing resources with a VPN
            infrastructure to give NaaS CSCs the abstraction of a private set of cloud resources that are transparently and
            securely connected to their own infrastructure. VPCs are created by taking dynamically configurable pools of
            cloud resources and connecting them to enterprise sites with VPNs.


















                                      Figure II.1 – Example of VPC and VPN relationship

            II.2    Modelling usage
            Based on the description given in clause II.1, the VPC service can be modelled as a VPC NaaS service model
            based on its concrete service attributes, including service ID, tenant ID, access bandwidth, access virtualized
            network device, attached virtual service, etc.
            The initial provisioning configuration can be generated based on the VPC NaaS service model, together with
            the corresponding NaaS service operational policy model, which includes the following aspects:
            –       The required services on data centres according to NaaS CSC's profile are allocated;
            –       Services located in multiple distributed data centres are interconnected via e.g., VPNs;





            700