Skip to main content

tSM Adaptive Service Orchestration

The tSM Adaptive Service Orchestration (ASO) module is responsible for orchestrating the activation of network services on physical and virtual devices. It bridges the gap between service orders in the OSS/BSS and the actual configurations applied to network resources, aligning with TM Forum’s Fulfillment and Activation processes. This module ensures that once a service is ordered or changed, the necessary network elements are configured automatically (or with minimal manual intervention) to deliver that service. In designing these capabilities, the module follows industry best practices – it adheres to TM Forum frameworks (e.g. handling Resource Facing Services (RFS) in accordance with TM Forum’s information models) and leverage leading network automation tools and protocols like Netconf or Ansible for flexibility and scalability. The result is a comprehensive activation engine that can drive end-to-end network provisioning workflows efficiently and securely.

Automation Methods and Integrations

Modern networks consist of diverse devices and management systems, so the Service Activation module supports a wide range of automation methods to communicate with them. It goes beyond basic NETCONF/YANG or Ansible automation to include various southbound interfaces and protocols:

  • Standard APIs (REST/RESTCONF/SOAP) – The module can interface with network controllers and Network Management Systems (NMS/EMS) via REST or SOAP APIs. For example, it can connect to vendor management platforms (like FortiManager or Cisco DNA Center) to push configurations through their published APIs. It also supports RESTCONF for devices that expose YANG models over HTTP, aligning with modern programmability standards.

  • NETCONF/YANG – For devices supporting NETCONF, the module can send YANG-based configuration changes directly. This allows structured, transaction-safe updates to network elements. Using YANG data models ensures that configurations are model-driven and validated.

  • Ansible and Automation Platforms – The activation workflows can leverage Ansible playbooks for device configuration (tSM modules | DataLite tSM). This opens up a broad ecosystem of pre-built roles and collections (for instance, Cisco IOS/XR modules) to execute configuration tasks. The module can trigger these playbooks as part of a process, integrating with existing automation scripts the operator may have.

  • Direct CLI over SSH – In cases where devices only offer a CLI (SSH/Telnet) interface or when using proprietary command syntaxes, the module supports direct SSH communication. This means it can log in to network devices and execute CLI commands programmatically as part of the activation sequence. Such CLI-driven automation can be combined seamlessly with API-based tasks in the same workflow, ensuring even legacy or non-API devices can be included in automated service delivery.

  • Proprietary Protocols & NMS Integration – The architecture is extensible to support vendor-specific or proprietary protocols (for example, TL1 for certain transport network elements) through custom connectors. Additionally, if a service provider uses an existing NMS/OSS for activation, this module can integrate with those systems instead of or alongside direct device communication. In practice, service activators can be configured on demand or selected from a library of pre-built connectors/adapter scripts depending on the target system.

By supporting multiple methods, the Service Activation module ensures “connect anything to anything” capability – enabling unified automation across heterogeneous network environments. Operators can choose the best interface per device or service: whether pushing a config via a controller API, running an Ansible playbook, or sending commands over SSH, all are orchestrated under one module.

Zero-Touch Provisioning (ZTP) Support

The Service Activation module fully supports Zero-Touch Provisioning (ZTP) scenarios to streamline the deployment of new network devices and services. Zero-touch provisioning means automating the provisioning of infrastructure components with little or no manual intervention, using predefined steps or configurations (Automating Infrastructure with Zero-Touch Provisioning: A Comprehensive Guide). In practice, this module can integrate with ZTP processes so that when a new device comes online (for example, a router or switch being powered on for the first time), it is automatically recognized and configured with baseline settings and service-specific parameters.

General ZTP Process: A new device might boot up and reach out to a provisioning server or orchestration system (via DHCP options, phone-home mechanisms, etc.). The Service Activation module can capture this event and trigger an automated activation workflow for that device. Based on the device type and the expected network service (as defined in the Service Catalog), the module will apply the necessary configuration – for instance, loading an initial software image, pushing a base configuration template, and then applying specific service configurations ( VLANs, routing protocols, etc.) required for that device’s role.

By embracing ZTP, the module helps achieve faster deployment and reduced errors. New network elements can be deployed in bulk without engineers manually configuring each one, improving time-to-service and consistency. This is particularly useful for large rollouts (e.g. rolling out hundreds of cell site routers or customer premise equipment) where manual provisioning would be impractical. The module’s support for a variety of automation methods (API, Ansible, CLI) means it can execute ZTP on different vendor devices – for example, using a vendor’s ZTP API or simply applying config via SSH if needed. In summary, ZTP capabilities in the Service Activation module allow networks to come online ready for service with minimal human touch, following the industry trend of fully automated infrastructure provisioning.

Execution Plane Logic and Safeguards

Activating network services often means making real-time changes on live devices, which necessitates careful control and safeguards. The Service Activation module includes additional execution plane logic that runs within the network environment (close to the devices) to ensure that automation actions are carried out safely, efficiently, and securely. Key aspects of this execution plane logic include throttling, security, and error handling:

  • Throttling & Concurrency Control: The module prevents overwhelming the network or devices by controlling how automation tasks are executed in parallel. It can limit the number of simultaneous requests to a single device or API and enforce a maximum number of activations per second across the device or network. For example, if activating 100 devices, the system might stagger the operations (e.g. 10 at a time) to avoid spiking network load or hitting device CPU limits. Throttling policies are configurable to match the capacity of the infrastructure, ensuring that performance is not degraded by the automation itself.

  • Security Measures: Security is enforced at every step of execution. All communication channels (REST, NETCONF, SSH, etc.) use secure protocols and authenticated sessions. The execution plane can be deployed on-premises or in a trusted zone of the network, which means device credentials and sensitive data do not have to leave the secure environment. Role-based access control (RBAC) ensures that only authorized processes or users can trigger certain activation tasks, and all actions are logged for audit purposes. Additionally, the module can incorporate policy checks before execution – for instance, verifying that a configuration change meets security compliance rules or running a pre-check script. These measures align with industry best practices to protect network integrity during automated operations.

  • Error Handling & Recovery: The Service Activation workflows are built to handle errors gracefully. If a step in the activation process fails – say a device doesn’t respond or a configuration push is rejected – the system will catch that failure and apply a predefined strategy. This may include automatic retries (e.g. try the command again after a short delay, up to a set number of attempts) or executing fallback logic (perhaps using an alternate method or server). For example, if an API call fails, the module might retry, and if it still fails, fall back to an SSH command as a backup method if available. All failures are logged with details, and the system can generate alerts or tickets to notify operations teams if human intervention is required.

    Another critical aspect of error handling is transaction management and rollback. The activation processes can be designed such that if a multi-step workflow fails mid-way, any changes made by earlier steps can be rolled back to leave the network in a consistent state. For instance, if three configurations were applied across different devices and the fourth one fails, the module can automatically undo the first three (using stored previous values or default templates) if defined in the process. This way, partially activated services don’t linger in an undefined state. Rollback and compensation actions are modeled in the process design, ensuring that even complex service activations can be safely unwound when something goes wrong.

These execution-plane capabilities (throttling, security, and error handling) are typically deployed as part of the module’s runtime environment in the network. They act as a safeguard layer, much like an execution controller, to make sure the automation is robust. In essence, the Service Activation module not only orchestrates the “happy path” of provisioning but also manages the operational realities of networks – controlling pace, securing access, and handling the unexpected – to deliver reliable outcomes.

Service Catalog and Process Selection

Service Fulfillment vs. Service Activation

In a telco service fulfillment process, many steps occur from the time an order is placed to the time a service is live. The tSM Service Ordering module (fulfillment engine) manages the end-to-end workflow – validating orders, decomposing services, coordinating with service and network inventory, and orchestrating tasks. Service Activation, by contrast, is a focused subset of fulfillment: it deals exclusively with pushing the final configurations to network devices (routers, switches, etc.) to activate the service. In other words, Service Ordering handles the what and when of fulfillment (breaking an order into CFS/RFS tasks, scheduling field work, etc.), while Service Activation handles the how at the device level – the last-mile execution of changes on the network. This clear separation ensures that complex orchestration (service decomposition, workflow management) is handled in the Service Ordering domain, leaving Service Activation to focus on applying configurations as the final step in the provisioning chain.

Role of Service Design and Network Inventory

Service Activation does not decide what should be configured on the network – that is determined upfront during Service Design and resource assignment. In the fulfillment workflow, after an order is decomposed into technical services, a Service Design phase (sometimes called design & assign) selects the specific resources needed. The system consults a Network Inventory (a “source of truth” like NetBox or an IPAM system) to perform feasibility checks and reserve appropriate resources. For example, if a customer ordered a new VPN service, the Service Design might determine which router and port to use, which IP addresses or VLAN IDs to allocate, etc., by querying the inventory for available options. The Network Inventory responds with the chosen resource instances (e.g. Device A, Port 3, IP 10.1.1.0/30), effectively assigning them to the service order. All of these decisions – what device, which port, what IP – are made before activation begins, ensuring that Activation has a complete blueprint to follow.

Once the design phase is complete, Service Activation is triggered with a specific set of inputs: the who/what/where details for configuration. This typically includes the target device identifiers, interface or resource names, and configuration parameters that were pre-selected. Activation’s job is purely to execute these predefined changes on the network. It does not need to compute new values or decide alternate paths; it simply implements the configuration as designed. This separation of concerns means you can update service design rules or inventory assignments (for example, use a different IP pool or device model) without changing the activation logic – Activation will always “do as it’s told.” In tSM, this pattern is explicit: the Service Design stage requests the inventory for resource allocation, then Service Activation automatically or manually activates the allocated resources. If an activation can be automated, tSM will invoke the appropriate device-specific automation (script, API call, etc.); if not, the process might create a manual task (e.g. a technician to configure something by hand) – but in both cases, the content of the change is dictated by the design. The key point is that Service Activation knows how to configure, but it doesn’t choose what to configure – the “what” is determined by the service catalog specifications and inventory decisions made earlier in the fulfillment process.

Service Activation vs. Network Monitoring

It’s important to distinguish activating a service from monitoring a service once it’s running. Network Monitoring systems (such as Zabbix, Nagios, or OpenNMS) are separate tools dedicated to observing network performance and health. Their role is to continuously keep track of the network’s health and performance, collecting metrics (e.g. via SNMP or agents) and raising alerts if something goes wrong (Network Monitoring - Zabbix). For instance, a monitoring tool will measure bandwidth usage, device CPU load, interface status, uptime, and so on, and notify operators of outages or threshold breaches (Network Monitoring - Zabbix) (Compare network management vs. network monitoring | TechTarget). Service Activation, on the other hand, is not concerned with metrics or alerts – it is a one-time (or rare) event per order that makes a configuration change to enable or modify a service. Activation is about deployment, whereas monitoring is about oversight.

In practice, these two domains are loosely coupled: after Service Activation configures the network device for a new service, the monitoring systems will detect the new configuration (for example, a new interface coming online) and start tracking its status. There may be slight integration points – for example, an activation process might send an API call to a monitoring system to add the newly provisioned elements into the monitoring inventory – but the activation module itself does not perform ongoing checks or performance analysis. In a TM Forum TAM (Telecom Application Map) context, Service Activation is a fulfillment function (part of Service Provisioning), whereas monitoring belongs to the assurance realm (Service Assurance/Performance Management). This separation ensures that provisioning processes can be optimized for speed and accuracy of configuration changes, while monitoring processes are optimized for real-time data collection and fault management. Simply put, applying configurations (activation) and checking network status (monitoring) are distinct tasks handled by different tools and modules. A system like tSM focuses on the former, and it would typically integrate with or feed into external monitoring solutions for the latter – for example, once a service is activated, the network inventory and monitoring tools can be updated to begin tracking the new service’s KPIs, but those steps are outside the scope of the Activation module’s responsibilities.

Service Activation Process Flow

To understand how Service Activation fits into the end-to-end provisioning cycle, consider the typical flow of a service order through to activation, and how it interfaces with inventory and monitoring systems. The diagram below illustrates this flow:

Process Steps:

  1. Service Order Initiation: A customer’s order (for a new service or a change to an existing service) kicks off the fulfillment process. In tSM, this is handled by the Service Ordering module, which receives the order details (what product/service is requested) . The order is validated and then decomposed into technical actions. For example, a high-level product like “Business Internet 100Mbps” might decompose into several Customer-Facing Services (CFS) and Resource-Facing Services (RFS) – such as creating an Internet access service instance, allocating an IP block, configuring a router interface, etc. The Service Ordering (fulfillment engine) figures out all these needed tasks and their sequence.

  2. Service Design & Resource Allocation: Before any device configuration happens, the orchestrator performs a service design phase. It consults the Service Catalog to understand the technical specifications of the requested service (which resources and configurations are required) and then interacts with the Network Inventory to allocate concrete resources . The inventory system (e.g. a database of available ports, IP addresses, VLANs, etc.) checks what resources are free and suitable. It might run feasibility checks (is there a free port in the customer’s serving area? is there an available IP from the correct subnet?) and then assigns specific resources to the order. For instance, the inventory could return something like: Device=Router123, Port=Gi1/0/5, VLAN=210, IP=10.20.30.40 as the pieces needed for this service. These assignments are typically recorded in the service order and in the inventory (to avoid duplicate assignments and to maintain records of which resource is used for which service). At this stage, what needs to be configured is fully determined – but nothing is actually changed on the network yet.

  3. Triggering Service Activation: Once the design is complete and resources are allocated, the fulfillment workflow invokes Service Activation. The activation module receives the specifics of the service instance and the resources to configure. In our example, it would get an input like: activate service X on Router123’s interface Gi1/0/5 with VLAN 210 and IP 10.20.30.40. Along with resource data, the activation function references a predefined configuration template or script associated with the service (often defined during service design or in the catalog). Service Activation then executes the required configurations on the network devices. This could involve calling device APIs, pushing CLI commands via an SSH/NETCONF adapter, running an Ansible playbook, or even sending requests to an SDN controller – whichever method is appropriate for the device and context. The key is that Activation uses automation to deliver the configuration to the device. For simple services, this might be a single API call (e.g., instruct a controller to provision the service). For more complex cases, it could be a sequence of actions (e.g., fetch the device’s current config, apply a patch, verify the result, etc.), possibly with error handling or even human approval steps in between. Regardless of complexity, all these actions happen within the Service Activation workflow as a discrete subprocess of the overall order fulfillment.

  4. Applying Configuration to Network Devices: The network device receives the configuration commands from the activation module and applies them, enabling the new service. For example, the router configures interface Gi1/0/5 into VLAN 210, sets the IP address, adjusts QoS settings, and so forth as instructed. The device (or the activation script) will typically return a status indicating success or failure of the config change. If successful, the service is now active on the network. If there’s an error (maybe the port was administratively down, or a configuration conflict occurred), the Activation module can capture that and either attempt a rollback or mark the activation as failed. tSM’s design includes modeling of rollback steps at the activation level – meaning if part of the config process fails, it can attempt to undo any partial changes to leave the network in a known state. Once the device confirms the changes, Service Activation reports back to the orchestration layer (Service Ordering) that the activation task is completed (or that it encountered an issue). The order workflow can then proceed to the next steps (for example, service validation or closure).

  5. Service Activation Completion and Handover to Monitoring: After a successful activation, the service order can be closed out as Fulfilled, and the new service is officially in Production. At this point, responsibility for the service’s ongoing health transitions to network monitoring and assurance processes. The devices configured will now be watched by monitoring systems (like Zabbix/Nagios) as part of regular operations. These tools may immediately start polling the newly configured interfaces and IPs – for instance, Zabbix will begin to “collect SNMP metrics... and monitor network device health” for the new service elements (Network Monitoring - Zabbix). If any issues arise later (like the interface goes down, or errors increase), the monitoring system will generate alarms or even trigger automated healing if configured (Compare network management vs. network monitoring | TechTarget). It’s worth noting that the Activation module’s job is done at this stage; it does not actively communicate with monitoring tools in real-time, though it might have fed some data to inventory that monitoring uses. In a fully integrated environment, the inventory system updated by fulfillment can inform the monitoring system about new resources to watch, but this is an off-line integration. The separation ensures that Activation can be completed swiftly without waiting on or interacting with live monitoring feedback. Any post-activation verification (ping tests, service tests) can be modeled as separate steps or automated test tasks outside the core activation transaction, sometimes as part of a “service validation” step following activation.

Through this flow, we see that Service Activation is triggered by the fulfillment process (service order), receives input from the design/inventory stages, and then carries out configurations on devices, handing off to assurance (monitoring) after completion. Each component has a clear role, making the overall system scalable and maintainable.

Triggering Activation and Integration in a TM Forum Architecture

In a TM Forum–compliant architecture (following TMF’s Frameworx and Open APIs), the interactions described above correspond to well-defined components and interfaces. Service Activation is typically invoked by the OSS workflow once a service order is ready for implementation. For example, when a service order is orchestrated via the TMF641 Service Ordering API, the OSS order management (Service Ordering module) would reach a step where it needs to activate a service – at that point, it would call on a Service Activation function (this could be an internal process or an external activation engine) to perform the network changes. The inputs to this activation step come from the Service Catalog and Service Inventory: the Service Catalog (often exposed via TMF633 API) provides the definitions of the service and its configuration options, and the Service Inventory (TMF638) holds the specific resource instances allocated for this service. In our earlier example, the catalog would define that an “Internet Access” service requires a router interface, IP, etc., and the inventory would have determined the actual router interface Router123:Gi1/0/5 and IP 10.20.30.40. Those inputs are passed into the activation process.

Service Activation, as a component, interacts with other network automation and management systems rather than end-users. It may use southbound integrations to network controllers or element managers (for instance, using a Cisco NSO via API, or pushing configs through an Open Daylight SDN controller, or directly interfacing with devices via protocols like NETCONF). The trigger for Activation is always an upstream request (e.g., from the service order orchestration or an API call in an integrated environment). In TMF terms, older specifications like TMF640 were dedicated to Service Activation and Configuration, though in modern implementations this is often handled as an extension of the order fulfillment process using open orchestration platforms.

Once activation is complete, the Service Inventory is updated to reflect the service’s new state (active) and to record details like configuration parameters or resource associations. This ensures a closed-loop consistency: the inventory knows which resources are now in use, and the customer service is marked as fulfilled. The Service Order (through TMF641) can send a notification or update back to the BSS layer confirming that the service is up and running. At the same time, monitoring and assurance systems (aligned with TMF interfaces for performance and fault management) are now monitoring the service. Although monitoring is outside the scope of fulfillment, a TMF-aligned OSS will ensure that alarms or quality metrics (e.g., via TMF642 for performance management) feed back into the system if something goes wrong, possibly generating trouble tickets or repair orders if needed.

In summary, Service Activation is the glue between service design and network operation: it takes the outputs of design (from the catalog and inventory) and executes them on the network, under the command of the service order workflow. It remains insulated from why or what is being requested – those are catalog and design concerns – and instead focuses on how to apply the request reliably. This modular approach, exemplified by tSM’s architecture, follows TM Forum best practices by separating concerns: product catalog, service order/fulfillment, service activation, inventory, and monitoring each handle their piece of the service lifecycle. The result is a streamlined activation process that can be automated end-to-end, improving speed and consistency (for instance, providers have seen 70% faster activation times by automating this process), all while maintaining data integrity and compliance with a standard telecom operations framework.

Main Functional Areas

The Service Activation module covers several functional areas critical to network fulfillment and operations. Its capabilities can be grouped into three main categories:

  • Service Provisioning (Add/Change/Delete) – Handling the end-to-end activation for new services, modifications to existing services, and service deactivation. This includes orchestrating all tasks required to add a new service, change or modify service parameters (upgrade bandwidth, change routing, etc.), or delete/decommission a service. The module ensures that each of these operations is carried out consistently across all affected network components, updating the service inventory as needed. For example, a “Modify” might trigger additional steps like gracefully updating live configurations with minimal impact. All provisioning operations are managed through well-defined processes to maintain service continuity and data integrity.

  • Operation-Specific Tasks (Upgrades, Rollouts, Migrations) – Supporting network-wide or bulk operations beyond individual customer services. The module can run workflows for software upgrades (e.g. upgrading firmware on a set of devices with proper sequencing and checks), rollouts of new network features or configurations across multiple sites, and migrations of services (for instance, moving customers from an old platform to a new one). These tasks often involve coordination across many devices and services, and the Service Activation module leverages its automation methods and throttling logic to perform them efficiently. By using the same orchestration engine, even large-scale changes (like a mass update of router configs) are handled in a controlled, auditable manner.

  • Security and Compliance Processes – Executing security-related configurations and checks as part of network operations. This includes automating the deployment of security policies (for example, updating firewall rules, applying access control lists, enabling encryption features) in the network devices as services are activated or changed. It also covers periodic or on-demand security compliance tasks, such as ensuring device configurations meet standards or remediating vulnerabilities. The module can be used to roll out security patches or new certificates across the network using a standardized process. These security processes benefit from the module’s error handling (to ensure changes don’t lock out devices or cause outages) and rollback capabilities if a security change needs to be reverted. By integrating security tasks into the service activation framework, the system helps enforce security by design – every service activation can include relevant security steps, and dedicated security operations can be automated just like any other network change.

All these functional areas are unified under the Service Activation module, which means the same platform that turns up a customer service can also drive network maintenance and security changes. This unified approach ensures consistency (the network state is always managed through a controlled process) and provides a single point of configuration management for the network. Furthermore, it supports the closed-loop lifecycle of services – from initial provisioning to changes during its life, and eventually to removal – with full traceability at each step. By covering provisioning, operations, and security, the Service Activation module serves as a cornerstone of network automation, ensuring that services are delivered rapidly, network changes are executed reliably, and security is maintained continuously as part of the activation processes.