The modern telecom market demands unprecedented flexibility, rapid service deployment, and robust security from operators. However, the growth of most players remains constrained by outdated, monolithic BSS/OSS (Business/Operations Support Systems). Transitioning to full-scale 5G networks is impossible without a fundamental shift in approach: operators must transform rigid infrastructure into a scalable, cloud-native environment.
The primary challenge is that the telecom core cannot be shut down for a simultaneous update. Modernization must occur without interrupting critical business processes. The only viable scenario is a phased transition through the creation of integration layers and the gradual replacement of legacy components with microservices.
Why monolithic BSS/OSS and legacy protocols have become points of failure
Historically, telecom architecture was built as a monolith, where billing logic, traffic routing, and profile management were tightly coupled. Any change or the launch of a new service requires re-compiling a significant portion of the system, which critically slows down development and innovation.
Beyond flexibility limitations, legacy architecture has fundamental security vulnerabilities. Outdated signaling protocols (SS7 and Diameter) lack modern built-in authentication mechanisms. According to the ENISA Threat Landscape 2025 report, a significant number of security incidents affect critical entities, and the exploitation of signaling protocol vulnerabilities remains a constant threat to mobile networks. These gaps are actively used to organize complex fraud schemes. According to the CFCA Global Fraud Loss Survey 2025, global losses from telecom fraud are estimated at approximately $41.82 billion annually, confirming the inability of legacy systems to independently withstand modern threats.
ODA and SBA concepts: architectural guidelines
To overcome the limitations of monoliths, the global industry has standardized two key approaches: Open Digital Architecture (ODA) from TM Forum and Service-Based Architecture (SBA) from 3GPP.
The ODA concept involves replacing monolithic BSS/OSS with a component-based, API-first architecture. This allows for the deployment of a set of standardized, loosely coupled modules for autonomous operations. Operators gain the ability to update or replace individual blocks without risking the stability of the entire billing system.
Meanwhile, the SBA architecture (defined by 3GPP for 5G Core) is the primary driver for transitioning networks to cloud-native principles. It transforms traditional network elements into software-based network functions that interact via API, ensuring dynamic scaling and resource optimization.
The Strangler Fig strategy: how to dismantle a monolith
Attempting to replace the core using a "Big Bang" strategy almost always leads to massive failures. The most effective and safe approach is the Strangler Fig pattern, which consists of three key stages:
- Creating an API-first integration layer: A gateway is deployed over the monolith, intercepting external requests and translating them into a format the legacy system understands.
- Phased decoupling: Individual functions are isolated into independent modules compatible with ODA. New transactions are processed in a cloud-native environment, significantly accelerating time-to-market for new services.
- Migrating functions to SBA: Network functions are gradually moved from proprietary hardware to a 3GPP-compliant architecture for the 5G core.
Security during the transition period and fraud prevention
The shift to open APIs and cloud-native environments changes the threat landscape. During the hybrid phase, where legacy and new components operate in parallel, SS7/Diameter signaling traffic requires strict isolation. This is achieved through modern signaling firewalls and gateways.
Simultaneously, the Zero Trust principle is applied to protect microservices and APIs. Combined with a component-based architecture, this allows for more effective traffic analysis and reduces the risk of financial losses from fraud.
Integration layers based on UnityBase for a smooth transition
In the telecom practice of the Intecracy Group alliance—a group of independent companies linked by partner agreements and share exchanges—the modernization of legacy systems, OSS/BSS integration, and the construction of transit architectures are often based on the UnityBase platform. UnityBase is a full-stack JavaScript low-code/model-driven platform, developed collectively by companies within Intecracy Group (where InBase serves as a key, but not sole, developer).
For the phased transition of telecom infrastructure, the platform serves as a reliable integration foundation. Using a unified Domain metadata model, UnityBase allows for the rapid generation of REST APIs to connect the legacy core with new microservices. This ensures seamless integration of legacy systems with modern digital platforms.
For projects with high load and security requirements (critical for telecom operators), official documentation recommends using the Enterprise (EE) or Defence (DE) commercial editions. These provide built-in audit trail mechanisms, Row-Level Security (RLS), Role-Based Access Control (RBAC), and the ability to deploy on-premises for full control over critical infrastructure.
Telecom infrastructure maturity levels during the transition to cloud-native
| Maturity Level | Architecture Description | Security and Integration Features |
|---|---|---|
| Level 1: Legacy Monolith | Closed proprietary hardware, monolithic BSS/OSS. | SS7/Diameter protocols without modern built-in encryption. |
| Level 2: Hybrid Integration | API-first layers over the monolith, connecting legacy to external digital services. | Basic signaling traffic monitoring via perimeter gateways. |
| Level 3: ODA-Compliant | Component-based BSS/OSS architecture, modular interaction via open APIs. | Isolation of legacy protocols, encryption of inter-service traffic. |
| Level 4: Cloud-Native (SBA) | Fully microservice-based 5G core architecture (3GPP). | Built-in security (Zero Trust) at the API level, dynamic fraud protection. |
Phased modernization through the implementation of ODA-compliant components and the deployment of reliable integration layers allows operators to minimize service interruption risks and create an adaptive infrastructure for the 5G standard.
FAQ
How can I modernize legacy telecom billing without the risk of stopping transactions?
The process is carried out using the Strangler Fig model. First, a parallel microservice integration layer is created to handle new requests. The legacy system continues to function as a source of historical data until all its functions are phased into new modules compatible with the ODA concept.
What is Open Digital Architecture (ODA)?
ODA is an architectural standard from the TM Forum that proposes replacing monolithic BSS/OSS with a component-based ecosystem. Modules in such an architecture interact via open APIs, allowing for rapid service updates and autonomous operations.
How can I protect the network from SS7 and Diameter vulnerabilities during the hybrid phase?
To minimize risks, legacy traffic must be isolated. Specialized signaling gateways and firewalls are used to analyze incoming connections. Simultaneously, a Zero Trust architecture is deployed for new cloud-native components, where every API request requires strict authentication.