ETSI TS 128 533 V18.4.0 (2025-01)

TECHNICAL SPECIFICATION
5G;
Management and orchestration;
Architecture framework
(3GPP TS 28.533 version 18.4.0 Release 18)

3GPP TS 28.533 version 18.4.0 Release 18 1 ETSI TS 128 533 V18.4.0 (2025-01)

Reference
RTS/TSGS-0528533vi40
Keywords
5G
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871

Important notice
The present document can be downloaded from the
ETSI Search & Browse Standards application.
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format on ETSI deliver repository.
Users should be aware that the present document may be revised or have its status changed,
this information is available in the Milestones listing.
If you find errors in the present document, please send your comments to
the relevant service listed under Committee Support Staff.
If you find a security vulnerability in the present document, please report it through our
Coordinated Vulnerability Disclosure (CVD) program.
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
No representation or warranty is made that this deliverable is technically accurate or sufficient or conforms to any law
and/or governmental rule and/or regulation and further, no representation or warranty is made of merchantability or fitness
for any particular purpose or against infringement of intellectual property rights.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.

Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2025.
All rights reserved.
ETSI
3GPP TS 28.533 version 18.4.0 Release 18 2 ETSI TS 128 533 V18.4.0 (2025-01)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The declarations
pertaining to these essential IPRs, if any, are publicly available for ETSI members and non-members, and can be
found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to
ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the
ETSI IPR online database.
Pursuant to the ETSI Directives including the ETSI IPR Policy, no investigation regarding the essentiality of IPRs,
including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not
referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become,
essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its
Members. 3GPP™, LTE™ and 5G™ logo are trademarks of ETSI registered for the benefit of its Members and of the
3GPP Organizational Partners. oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and of ®
the oneM2M Partners. GSM and the GSM logo are trademarks registered and owned by the GSM Association.
Legal Notice
This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP).
The present document may refer to technical specifications or reports using their 3GPP identities. These shall be
interpreted as being references to the corresponding ETSI deliverables.
The cross reference between 3GPP and ETSI identities can be found at 3GPP to ETSI numbering cross-referencing.
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI
3GPP TS 28.533 version 18.4.0 Release 18 3 ETSI TS 128 533 V18.4.0 (2025-01)
Contents
Intellectual Property Rights . 2
Legal Notice . 2
Modal verbs terminology . 2
Foreword . 5
Introduction . 5
1 Scope . 6
2 References . 6
3 Definitions and abbreviations . 9
3.1 Definitions . 9
3.2 Abbreviations . 9
4 Service Based Management Architecture (SBMA) . 9
4.1 Management Services (MnS) . 9
4.2 MnS components . 10
4.2.1 Introduction. 10
4.2.2 MnS component type A . 10
4.2.3 Management information . 10
4.2.3.1 MnS component type B . 10
4.2.3.2 MnS component type C . 10
4.2.4 MnS producer profile . 11
4.3 Combination of MnS components . 11
4.4 Management capability exposure governance . 11
4.5 Management Function (MnF) concept . 13
4.6 Management data analytics ca pability . 14
4.7 Management service discovery . 15
4.7.1 Introduction. 15
4.7.2 Void . 15
4.7.3 MnS discovery service . 15
4.8 Management capability support in multiple tenant environment . 15
4.9 Access control capability . 15
4.9.1 Authentication service . 15
4.9.2 Authorization service . 16
5 Architecture reference model . 17
5.1 General concepts . 17
5.1.1 Management service producers, consumers and exposure . 17
5.1.2 Interactions between management service producer and management service consumer . 18
5.2 Management interactions with NFV MANO . 21
5.3 Management service deployment based on ZSM framework. 21
5.4 Management interactions with NWDAF . 22
5.5 Using Management Services to support multiple players interoperability . 22
6 Void . 23
Annex A (informative): Example of deployment model with utilization of management
services . 24
A.1 Utilization of Management services in network and subnet layers . 24
A.2 Utilization of management services in network function management . 24
A.3 Utilization of management services by Exposure Governance Management Function (EGMF) . 25
A.4 Utilization of interface to NFV-MANO by the producer of management services . 26
A.5 Management Data Analytics Service (MDAS) . 27
ETSI
3GPP TS 28.533 version 18.4.0 Release 18 4 ETSI TS 128 533 V18.4.0 (2025-01)
A.6 Utilization of management services in functional management architecture . 28
A.7 Utilization of management data analytics services . 29
A.8 An example of deployment scenario for network and network slice . 29
A.9 Deployment examples of ONAP platform consuming 3GPP MnS(s) . 31
A.9.1 Integration with ONAP DCAE collection framework utilizing 3GPP MnS(s) . 31
A.9.2 Integration with ONAP controller utilizing 3GPP MnS(s) . 31
A.10 Management domain provided management services mapped with ZSM . 32
Annex B (normative): Solutions for management of 5G network and network slicing . 34
Annex C (informative): Example of mapping Management Services (MnS) to pre-Rel-15
management framework . 35
Annex D (normative): Access control workflow . 36
D.1 Explicit authentication and authorization . 36
D.2 Implicit authentication and authorization . 38
Annex E (informative): 5G specifications overview . 40
Annex F (informative): Usage of CRUD operations and NRM fragments to support
management capabilities in SBMA . 42
Annex G (informative): Change history . 44
History . 46

ETSI
3GPP TS 28.533 version 18.4.0 Release 18 5 ETSI TS 128 533 V18.4.0 (2025-01)
Foreword
This Technical Specification has been produced by the 3rd Generation Partnership Project (3GPP).
The contents of the present document are subject to continuing work within the TSG and may change following formal
TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an
identifying change of release date and an increase in version number as follows:
Version x.y.z
where:
x the first digit:
1 presented to TSG for information;
2 presented to TSG for approval;
3 or greater indicates TSG approved document under change control.
y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections,
updates, etc.
z the third digit is incremented when editorial only changes have been incorporated in the document.
Introduction
The management of the 3GPP network is provided by management services. The service based architecture and
interfaces support various management services of vastly different requirements on network configuration, network
performance, and network fault supervision. The 3GPP network management architecture evolves supporting operators'
design and management of their service oriented networks.
ETSI
3GPP TS 28.533 version 18.4.0 Release 18 6 ETSI TS 128 533 V18.4.0 (2025-01)
1 Scope
The present document defines the network management and orchestration architecture SBMA for 3GPP networks
including network slicing. The use cases and requirements are specified in TS 28.530 [3].
SBMA applies to 5G.
2 References
The following documents contain provisions which, through reference in this text, constitute provisions of the present
document.
- References are either specific (identified by date of publication, edition number, version number, etc.) or
non-specific.
- For a specific reference, subsequent revisions do not apply.
- For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including
a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same
Release as the present document.
[1] 3GPP TR 21.905: "Vocabulary for 3GPP Specifications".
[2] Void
[3] 3GPP TS 28.530: "Management and orchestration of networks and network slicing; Concepts, use
cases and requirements".
[4] 3GPP TS 28.541: "Management and orchestration of 5G networks; Network Resource Model
(NRM); Stage 2 and stage 3".
[5] 3GPP TS 28.552: "Management and orchestration of 5G networks; Performance measurements
and assurance data".
[6] 3GPP TS 28.554: "Management and orchestration of 5G networks; 5G End to end Key
Performance Indicators (KPI)".
[7] 3GPP TS 32.425: "Telecommunication management; Performance Management (PM);
Performance measurements Evolved Universal Terrestrial Radio Access Network (E-UTRAN)".
[8] 3GPP TS 28.531: "Management and orchestration of 5G networks; Provisioning; Stage 1".
[9] 3GPP TS 28.532: "Management and orchestration; Management services".
[10] 3GPP TS 28.500: "Telecommunication management; Management concept, architecture and
requirements for mobile networks that include virtualized network functions"
[11] 3GPP TS 28.510; "Telecommunication management; Configuration Management (CM) for mobile
networks that include virtualized network functions; Requirements".
[12] 3GPP TS 28.511; "Telecommunication management; Configuration Management (CM) for mobile
networks that include virtualized network functions; Procedures".
[13] 3GPP TS 28.512; "Telecommunication management; Configuration Management (CM) for mobile
networks that include virtualized network functions; Stage 2".
[14] 3GPP TS 28.513: "Telecommunication management; Configuration Management (CM) for mobile
networks that include virtualized network functions; Stage 3".
[15] 3GPP TS 28.515; "Telecommunication management; Fault Management (FM) for mobile
networks that include virtualized network functions; Requirements".
[16] 3GPP TS 28.516: "Telecommunication management; Fault Management (FM) for mobile
networks that include virtualized network functions; Procedures".
ETSI
3GPP TS 28.533 version 18.4.0 Release 18 7 ETSI TS 128 533 V18.4.0 (2025-01)
[17] 3GPP TS 28.517: "Telecommunication management; Fault Management (FM) for mobile
networks that include virtualized network functions; Stage 2".
[18] 3GPP TS 28.518: "Telecommunication management; Fault Management (FM) for mobile
networks that include virtualized network functions; Stage 3".
[19] 3GPP TS 28.520: "Telecommunication management; Performance Management (PM) for mobile
networks that include virtualized network functions; Requirements".
[20] 3GPP TS 28.521: "Telecommunication management; Performance Management (PM) for mobile
networks that include virtualized network functions; Procedures".
[21] 3GPP TS 28.522: "Telecommunication management; Performance Management (PM) for mobile
networks that include virtualized network functions; Stage 2".
[22] 3GPP TS 28.523: "Telecommunication management; Performance Management (PM) for mobile
networks that include virtualized network functions; Stage 3".
[23] 3GPP TS 28.525: "Telecommunication management; Life Cycle Management (LCM) for mobile
networks that include virtualized network functions; Requirements".
[24] 3GPP TS 28.526: "Telecommunication management; Life Cycle Management (LCM) for mobile
networks that include virtualized network functions; Procedures".
[25] 3GPP TS 28.527: "Telecommunication management; Life Cycle Management (LCM) for mobile
networks that include virtualized network functions; Stage 2".
[26] 3GPP TS 28.528: "Telecommunication management; Life Cycle Management (LCM) for mobile
networks that include virtualized network functions; Stage 3".
[27] ETSI GS NFV 003: "Network Functions Virtualisation (NFV); Terminology for Main Concepts in
NFV V1.3.1 (2018-01)".
[28] Void
[29] ETSI GS ZSM 002: "Zero-touch Network and Service Management (ZSM); Reference
Architecture V.1.1 (2019-08)".
[30] 3GPP TS 23.288: "Architecture enhancements for 5G System (5GS) to support network data
analytics services".
[31] 3GPP TS 23.501: "System Architecture for the 5G system".
[32] 3GPP TS 28.622: "Telecommunication management; Generic Network Resource Model (NRM)
Integration Reference Point (IRP); Information Service (IS)".
[33] IETF RFC 8446: "The Transport Layer Security (TLS) Protocol Version 1.3".
[34] IETF RFC 4253: "The Secure Shell (SSH) Transport Layer Protocol".
[35] 3GPP TS 28.100: "Management and orchestration; Levels of autonomous network".
[36] 3GPP TS 28.533: "Management and orchestration; Architecture framework".
[37] 3GPP TS 28.535: "Management services for communication service assurance; Requirements ".
[38] 3GPP TS 28.536: "Management services for communication service assurance; Stage 2 and stage
3".
[39] 3GPP TS 28.537: "Management and orchestration; Management capabilities".
[40] 3GPP TS 28.538: "Management and orchestration; Edge Computing Management".
[41] 3GPP TS 28.540: "Management and orchestration; 5G Network Resource Model (NRM); Stage
1".
[42] 3GPP TS 28.550: "Management and orchestration; Performance assurance".
ETSI
3GPP TS 28.533 version 18.4.0 Release 18 8 ETSI TS 128 533 V18.4.0 (2025-01)
[43] 3GPP TS 32.421: "Telecommunication management; Subscriber and equipment trace; Trace
concepts and requirements".
[44] 3GPP TS 32.422: "Telecommunication management; Subscriber and equipment trace; Trace
control and configuration management ".
[45] 3GPP TS 32.423: "Telecommunication management; Subscriber and equipment trace;Trace data
definition and management".
[46] 3GPP TS 28.312: "Management and orchestration; Intent driven management services for mobile
networks".
[47] 3GPP TS 28.557: "Management and orchestration; Management of Non-Public Networks (NPN);
Stage 1 and stage 2".
[48] 3GPP TS 28.404: "Telecommunication management; Quality of Experience (QoE) measurement
collection; Concepts, use cases and requirements".
[49] 3GPP TS 28.405: "Telecommunication management; Quality of Experience (QoE) measurement
collection; Control and configuration".
[50] 3GPP TS 28.406: "Telecommunication management; Quality of Experience (QoE) measurement
collection; Information definition and transport".
[51] 3GPP TS 28.631: "Telecommunication management; Inventory Management (IM) Network
Resource Model (NRM) Integration Reference Point (IRP); Requirements".
[52] 3GPP TS 28.632: "Telecommunication management; Inventory Management (IM) Network
Resource Model (NRM) Integration Reference Point (IRP); Information Service (IS)".
[53] 3GPP TS 28.633: "Telecommunication management; Inventory Management (IM) Network
Resource Model (NRM) Integration Reference Point (IRP); Solution Set (SS) definitions".
[54] 3GPP TS 28.623: "Telecommunication management; Generic Network Resource Model (NRM)
Integration Reference Point (IRP); Solution Set (SS) definitions".
[55] 3GPP TS 32.130: "Telecommunication management; Network sharing; Concepts and
requirements".
[56] 3GPP TS 28.310: "Management and orchestration; Energy efficiency of 5G".
[57] 3GPP TS 28.104: "Management and orchestration; Management Data Analytics".
[58] 3GPP TS 28.313: "Self-Organizing Networks (SON) for 5G networks".
[59] 3GPP TS 28.314: "Management and orchestration; Plug and Connect; Concepts and
requirements".
[60] 3GPP TS 28.315: "Management and orchestration; Plug and Connect; Procedure flows".
[61] 3GPP TS 28.316: "Management and orchestration; Plug and Connect; Data formats".
[62] 3GPP TS 28.555: "Management and orchestration; Network policy management for 5G mobile
networks; Stage 1".
[63] 3GPP TS 28.556: "Management and orchestration; Network policy management for 5G mobile
networks; Stage 2 and stage 3".
[64] ETSI GS NFV-IFA008 (V4.3.1): "Network Functions Virtualisation (NFV) Release 4;
Management and Orchestration; Ve-Vnfm reference point - Interface and Information Model
Specification".
[65] ETSI GS NFV-IFA013 (V4.3.1): "Network Function Virtualisation (NFV); Release 4;
Management and Orchestration; Os-Ma-nfvo reference point - Interface and Information Model
Specification".
ETSI
3GPP TS 28.533 version 18.4.0 Release 18 9 ETSI TS 128 533 V18.4.0 (2025-01)
[66] 3GPP TS 28.105: " Management and orchestration; Artificial Intelligence / Machine Learning
(AI/ML) management "
[67] 3GPP TS 28.317: "Management and orchestration;Self-configuration of Radio Access Network
Entities (RAN NEs) "
[68] 3GPP TS 28.111: "Management and orchestration;Fault management"
[69] 3GPP TS 28.318 "Management and Orchestration; Network and services operations for energy
utilities"
[70] 3GPP TS 28.319 "Management and orchestration; Access Control for Management services"
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the terms and definitions given in 3GPP TR 21.905 [1] and the following
apply. A term defined in the present document takes precedence over the definition of the same term, if any, in 3GPP
TR 21.905 [1] or NFV-MANO [27].
Exposure governance management function: Management Function entity with the role of management service
exposure governance.
Management Service (MnS): set of offered management capabilities.
Management Function (MnF): logical entity playing the roles of Management Service consumer and/or Management
Service producer.
Network Function (NF): defined in TS 23.501[31].
NOTE: In 3GPP NRM, the Network Functions are modeled using ManagedFunction IOCs (e.g. AMFFunction) and
its sub-classes.
3.2 Abbreviations
For the purposes of the present document, the abbreviations given in 3GPP TR 21.905 [1], TS 28.530 [3], in NFV-
MANO [27] and the following apply. An abbreviation defined in the present document takes precedence over the
definition of the same abbreviation, if any, in 3GPP TR 21.905 [1].
CM Configuration Management
LCM Lifecycle Management
MDAS Management Data Analytics Service
MnF Management Function
MnS Management Service
NF Network Function
NFV-MANO Network Functions Virtualisation Management and Orchestration
PM Performance Management
SBMA Service Based Management Architecture
4 Service Based Management Architecture (SBMA)
4.1 Management Services (MnS)
The fundamental building block of the Service Based Management Architecture (SBMA) is the Management Service
(MnS). A MnS is a set of offered capabilities for management and orchestration of network and services. The entity
ETSI
3GPP TS 28.533 version 18.4.0 Release 18 10 ETSI TS 128 533 V18.4.0 (2025-01)
producing an MnS is called MnS producer. The entity consuming an MnS is called MnS consumer. An MnS provided
by an MnS producer can be consumed by any entity with appropriate authorisation and authentication.
An MnS producer offers its services via a standardized service interface composed of individually specified MnS
components.
Figure 4.1.1: MnS producer and MnS consumer
4.2 MnS components
4.2.1 Introduction
A MnS is specified using different independent components. A concrete MnS is composed of at least two of these
components. Three different component types are defined, called MnS component type A, MnS component type B and
MnS component type C. These components are defined in the following clauses.
4.2.2 MnS component type A
The MnS component type A is a group of management operations and/or notifications that is agnostic with regard to the
entities managed. The operations and notifications as such are hence not involving any information related to the
managed network. These operations and notifications are called generic or network agnostic.
For example, operations for creating, reading, updating and deleting managed object instances, where the managed
object instance to be manipulated is specified only in the signature of the operation, are generic.
4.2.3 Management information
4.2.3.1 MnS component type B
MnS component type B refers to management information represented by information models representing the managed
entities. A MnS component type B is also called Network Resource Model (NRM).
MnS component type B examples are:
1) Network resource models as defined in TS 28.622 [32].
2) Network resource models as defined in TS 28.541 [4]
4.2.3.2 MnS component type C
MnS component type C is performance information of the managed entity and fault information of the managed entity.
The following are examples of Management service component type C:
1. Alarm information as defined in TS 28.111 [68].
ETSI
3GPP TS 28.533 version 18.4.0 Release 18 11 ETSI TS 128 533 V18.4.0 (2025-01)
2. Performance data as defined in TS 28.552 [5], TS 28.554 [6] and TS 32.425 [7].
4.2.4 MnS producer profile
A MnS producer is described by a set of meta data called MnS producer profile. The profile holds information about the
supported MnS components and their version numbers. This may include also information about support of optional
features. For example, a read operation on a complete subtree of managed object instances may support applying filters
on the scoped set of objects as optional feature. In this case the MnS profile should include the information if filtering is
supported.
4.3 Combination of MnS components
A MnS is composed by a MnS component type A and
- a MnS component type B, or
- a MnS component type B and a MnS component type C.
The instances of management services carry information about specified management service components in the
metadata attributes. Figure 4.3.1.illustrates examples of management service instances with various management
service components of type A, type B and type C:

Figure 4.3.1: Example of Management Service and component type A, B and C
4.4 Management capability exposure governance
As precondition for Management Service exposure governance offer, producer of management capability exposure
governance should have access to:
An association between information about specified management service components and instances of management
services.
NOTE: The detail creation of an association is left for implementation and out of scope of 3GPP standardization.
ETSI
3GPP TS 28.533 version 18.4.0 Release 18 12 ETSI TS 128 533 V18.4.0 (2025-01)
Management capability exposure governance provides exposure governance on basic elements of management function
service based interface:
1) Management service component type A
2) Management service component type B
3) Management service component type C
As described in Figure 4.4.1 left hand part, when there is a Management Service A exposure without exposure
rd
governance, Management Service A Consumer (e.g. 3 party) can access all management capability offered by
Management Service A Producer.
As described in Figure 4.4.1 right hand part, when Management Service A is exposed with applied exposure
governance it becomes Management Service A'. Management Service A' Consumer can access Management Service A'
after following steps:
- Management Service A, exposed by Management Service A Producer, is consumed by Management Service A
Consumer;
- Management Service B, exposed by Management Service B Producer, is consumed by Management Service B
Consumer (e.g. operator) who is authorized to access offered management capabilities exposure governance(s);
- Management Service B Consumer (e.g. operator) request a specified exposure governance on Management
Service A;
- Management Service A' Producer produces Management Service A' based on applied exposure governance on
consumed Management Service A.
NOTE: The Management Service A Consumer, the Management Service A' Producer and Management Service B
Producer can be represented as a single Management Function e.g. a single MnF).

Figure 4.4.1: Management capability exposure governance applied on
exposed Management Service A
ETSI
3GPP TS 28.533 version 18.4.0 Release 18 13 ETSI TS 128 533 V18.4.0 (2025-01)
4.5 Management Function (MnF) concept
A Management Function (MnF) is a logical entity playing the roles of MnS consumer and/or MnS producer.
A Management Service produced by MnF may have multiple consumers. The MnF may consume multiple Management
Services from one or multiple Management Service producers. An example of a MnF playing both roles (Management
Service producer and consumer) illustrated in the figure 4.5.1 below.

Figure 4.5.1: Example of Management Function and Management Services
Management Function can be deployed as a separate entity or embedded in Network Function to provide MnS(s).
Following figure 4.5.2 shows an example (on the left) which MnF deployed as a separate entity to provide MnS(s) and
another example (on the right) which MnF is embedded in Network Function to provide MnS(s):

Figure 4.5.2 Examples of MnS deployment scenario
Management Functions may interact by consuming Management Services produced by other Management Functions.
The figure 4.6.2 below illustrates multiple scenarios:
- MnF1 produces Management Service MnS-a;
- MnF2 consumes Management Service MnS-a produced by MnF1 and produces Management Services MnS-b
and MnS-c;
- MnF3 produces Management Service MnS-c;
- MnF4 consumes Management Service MnS-b produced by the MnF2;
- MnF5 consumes Management Services MnS-c produced by the MnF2 and MnF3, and in turn produces the same
Management Service MnS-c. The behaviour of MnF5 may be seen as aggregation of Management Services
MnS-c.
ETSI
3GPP TS 28.533 version 18.4.0 Release 18 14 ETSI TS 128 533 V18.4.0 (2025-01)

Figure 4.5.2: An example of interactions between Management Functions
NOTE: The specification of a MnF is out of scope of the present document.
4.6 Management data analytics capability
Mobile networks have the capability to support a wide variety of services and requirements. This, along with increasing
flexibility of the network may present management and operational challenges and complexities. The management
system can therefore benefit from management data analytics services for improving networks performance and
efficiency to accommodate and support the diversity of services and requirements. The management data analytics
utilize the network management data collected from the network (including e.g. service, slicing and/or network
functions related data) and make the corresponding analytics based on the collected information. The information
provided by PM analytics can be used to optimize network performance, and the information provided by FM analytics
can be used to predict and prevent failures of the network. MDAF can be deployed at different levels, for example, at a
domain level (e.g. RAN, CN, network slice subnet) and/or in a centralized manner (e.g. at a PLMN level).

Figure: 4.6.1: Service based architecture for management data analytics
ETSI
3GPP TS 28.533 version 18.4.0 Release 18 15 ETSI TS 128 533 V18.4.0 (2025-01)
4.7 Management service discovery
4.7.1 Introduction
The MnS consumer in an operator’s management system need to discover the availability of MnS instances provided by
other MnS producer(s). In order to enable the MnS instances to be discovered by MnS consumer, the MnS needs to be
discoverable to the operator’s management system when the MnS instance become operative.
4.7.2 Void
4.7.3 MnS discovery service
The MnS discovery service enables MnS consumer to discover management capabilities of MnS producer(s).
4.8 Management capability support in multiple tenant
environment
In 3GPP management sytem, tenant represents a group of MnS consumers associated with the management capabilities
they are allowed to access and consume. The 3GPP management system provides multi-tenancy support, by associating
different tenants with different sets of management capabilities. Every tenant may be authorized to access and consume
those MnSs that the operator makes available to this tenant based on SLA.
4.9 Access control capability
4.9.1 Authentication service
Authentication service producer provides identity management capabilities to provision MnS consumer/producer, group
of MnS consumers/producers and authentication policies for the identities.
Authentication service producer provides capabilities for authentication of MnS consumer explicitly or implicitly.
NOTE 1: Explicit authentication: MnS consumer interacts directly with authentication service producer to acquire
authentication assertion to interact with MnS producer or authorization service producer.
NOTE 2: Implicit authentication: MnS consumer interacts indirectly with authentication via MnS producer, to
establish a secure session.
NOTE 3: Certificate issued by trusted CA is used by MnS consumer/producer to authenticate the authentication
service producer. E.g. a MnS consumer access the authentication service through Transport Layer
Security (TLS) (see [33]), then the MnS consumer/producer could authenticate the producer through
validating the signature signed with certificate of the producer issued by the trusted CA.
NOTE 4: Generally, certificate issued by trusted CA is used by MnS consumer to authenticate a MnS producer.
E.g. when a MnS consumer accesses the MnS through TLS (see [33]) or SSH (see [34]), the MnS
consumer could authenticate the MnS producer through validating the signature signed with certificate of
the producer issued by the trusted CA.
Authentication Service producer can be deployed at different levels, for example, at a domain level (e.g. in RAN, CN,
domain) and/or in a centralized manner (e.g. at a PLMN level).
NOTE 5: If the MnS consumer and the MnS producer to be accessed are inside the same domain, Authentication
Service producer may be deployed at domain level to support authenticating the MnS consumer explicitly
or implicitly. If the MnS consumer and the MnS producer to be accessed are in the different domain,
Authentication Service producer is deployed in a centralized manner to support authenticating the MnS
consumer explicitly or implicitly.

ETSI
3GPP TS 28.533 version 18.4.0 Release 18 16 ETSI TS 128 533 V18.4.0 (2025-01)
Domain
Centralized
Authentication
Authentication
Service
Service
Centralized Authentication Domain Authentication
Service Producer Service Producer

Figure 4.9.1-1: Authentication capability on service based architecture
4.9.2 Authorization service
Authorization service producer provides management capabilities to provision access permissions on MnSs for a MnS
consumer or a group of MnS consumers.
Authorization service producer provides capabilities to grant permissions to a MnS consumer explicitly or implicitly.
NOTE 1: Explicit authorization : MnS consumer interacts with authorization service producer, to acquire access
token to interact with MnS Producer. MnS Producer enforces access control by verifying the access
token. A token may include a list of permissions with conditions and a digital signature signed by the
authorization service producer.
NOTE 2: Implicit authorization : MnS Producer enforces access control using local policies which might be
preconfigured locally or synchronized from centralized authorization service producer for the current
authentication context.
Authorization Service producer can be deployed at different levels, for example, at a domain level (e.g. in RAN, CN,
domain) and/or in a centralized manner (e.g. at a PLMN level). The Centralized Authorization Service producer can be
named as Cross Domain Authorization Service producer.
NOTE 3: Authorization Service producer may be deployed at domain level to support access control between MnS
consumer and producer inside the same domain. Specifically, an domain Authorization Service producer
may be deployed together with management service producer. Authorization Service producer is
deployed in a centralized manner to especially to support access control between MnS consumer and
producer from different domains.
Domain
Centralized
Authorization
Authorization
Service
Service
Centralized Authorization Domain Authorization
Service Producer Service Producer

Figure 4.9.2-1 Authorization capability on service based architecture
ETSI
3GPP TS 28.533 version 18.4.0 Release 18 17 ETSI TS 128 533 V18.4.0 (2025-01)
5 Architecture reference model
5.1 General concepts
5.1.1 Management service producers, consumers and exposure
The management services for a mobile network with or without network slicing may be produced by any entity. For
example, it can be a Network Functions (NF), or network management functions. The entity may provide (produce)
such management services as, for example, the performance management services, configuration management services
and fault supervision services.
The management services can be consumed by another entity, which may in turn produce (expose) the service to other
entities. Figure 5.1.1-1 shows an example of the management service X which is initially produced by the entity A
which is an NF , then consumed by another entity B which is a network management function. Then entity B in turn
exposes it to the entity C.
Entity C
The network management
service X is consumed
The network management
service X is produced (exposed)
Entity B
The network management
service X is consumed
The network management
service X is produced
Entity A
Figure 5.1.1-1. Example of producers and consumers of the management service
ETSI
3GPP TS 28.533 version 18.4.0 Release 18 18 ETSI TS 128 533 V18.4.0 (2025-01)
Figure 5.1.1-2 shows another example of the management service X which is produced by the entity A which is a NF,
then entity B processes the information and produce management service Y and exposes it to the entity C.
Entity C
The network management
service Y is consumed
The network management
service Y is produced (exposed)
Entity B
The network management
service X is consumed
The network management
service X is produced
Entity A
Figure 5.1.1-2. Example of producers and consumers of management services
5.1.2 Interactions between management service producer and
management service consumer
The interactions between the management service producer and management service consumer
...