We plan to introduce optical orchestration but at the same time implement a self service portal for wholesale customers. A simplified architecture is shown in Fig a. The customer will have access to his DIY portal ( mainly service provisioning) through web access . The protal itself will be multitenant so multiple customers can use it. We do not plan to expose APIs to customers, we just give them access to the ready to use portal. Every customer will have access to limited functions of the optical orchestration system as per the business agreement.
Questions:
What is the best approach from security point of view to give access to our optical orchestration tool. We do not want to expose it to the internet ? Is it better to have a dedciated customer management server as front end ( Fig b) which itself talk to optical orchestaration in backend and then let the customer only access the multi tenant cutomer managment Server ?
Which TMF APIs would be used by customer management server in north bound and south bound ?
------------------------------
FA khan
------------------------------