Service Management & Orchestration (SMO) is the O-RAN component that oversees all orchestration, management, and automation of RAN elements in O-RAN networks. It supports the O1, A1 and O2 interfaces and uses the TLS (Transport Layer Security) to secure communicate to devices in the O-RAN network. Learn more about O-RAN Architecture and the SMO. This blog is a primer on how we set up SMO & TLS connectivity.
TLS is a cryptographic protocol that provides secure communication over a network by encrypting the data that is transmitted between two endpoints. In the case of O-RAN SMO, TLS is used to encrypt the communication between the SMO and devices in the network to ensure that the data is protected from unauthorized access.
First set up SMo GUI with SSL. SDNR is already configured and is listening for HTTPS on port 8443, but the port is not forwarded in the service by default. To use SMO with https, we need to forward port 8443 from SDNR Pod. Enable TLS Connection on RU/DU Simulators and then forward TLS port on RU/DU. Then set up TLS connectivity on Netconf device. To support clients connecting using TLS, configuration files tls_keystore.xml, tls_truststore.xml, and tls_listen.xml needs to be merged into sysrepo configuration of modules ietf-keystore, ietf-truststore, and ietf-netconf-server, respectively. After doing so, a NETCONF client can connect using client.crt certificate and client.key private key and having ca.pem CA certificate set as trusted. Now configure SMO to connect with Netconf Device using TLS certificates. We need the following certs:
To Establish TLS based connection, we need to perform the following steps on SMO:
It is important to note that TLS connectivity is just one aspect of securing the O-RAN network. Other security measures such as authentication, authorization, and access control are also needed to ensure the security of the network.