Unified Data Management (UDM)

Introduction about the Unified Data Management (UDM)

The Unified Data Management (UDM) is a key control plane function in the 5G Core (5GC) network architecture. It acts as the central brain for managing and storing all subscriber-related data, authentication credentials, security context, and service subscriptions. It is the evolution of the 4G Home Subscriber Server (HSS) and the 2G/3G Home Location Register (HLR), adapted for the cloud-native, Service-Based Architecture (SBA) of 5G.

 

What are the details of a Unified Data Management (UDM)?

  1. History and Evolution of the Unified Data Management
  2. Core Utility and Functionality of the UDM
    1. What is the UDM Used For?
    2. Key Functions of the UDM
  3. Technical Integration and Data Model
    1. Integration with Other Systems
    2. Technical Data Model and Key Interfaces
  4. UDM Ownership for MVNOs and IoT Companies
    1. Why Own an UDM?
    2. Advantages and Disadvantages of UDM Ownership
  5. Organizational Impact of UDM Ownership?
  6. Redundancy and High Availability
  7. Impact of 4G, 5G, and 6G on the UDM
  8. Frequently Asked Questions about the UDM
  9. Summary

History and Evolution of the Unified Data Management

The journey to the Unified Data Management (UDM) began with the HLR in 2G and 3G, which was a monolithic database for subscriber profiles. The 4G HSS evolved this by separating some authentication functions but still held the primary data store. The 5G architecture introduced a fundamental split: the UDM focuses on the logic and management of subscriber data, while the actual persistent storage is handled by a separate entity, the Unified Data Repository (UDR). This separation is crucial for cloud-native deployment, enabling massive scale, better redundancy, and simpler service integration via APIs. The evolution is:

Generation

2G/3G
4G (LTE)
5G

Component

HLR & AuC
HSS
UDM & AUSF

Functional Entities

HLR (Database) + AuC (Security)
HSS (Unified Database and Security)
UDM (Database) + AUSF (Security)

Core Utility and Functionality of the UDM

What is the UDM Used For?

The Unified Data Management (UDM) is used to provide a single, consistent view of a subscriber across all 5G services and access types (e.g., cellular, Wi-Fi, fixed-line access). Its primary purpose is to ensure that a user is correctly identified, securely authenticated, and provisioned with the correct services according to their contract. Implementing the UDM is non-negotiable for a 5G-capable Full MVNO that wants to own its customer identity.

Key Functions of the Unified Data Management

Lets investigate the core functions of the Unified Data Management (UDM):

  • Service-Based Architecture (SBA) Interface: Exposes subscriber data and policy management functions via standardized HTTP/2-based APIs, allowing other Network Functions (NFs) like the AMF or SMF to consume data directly.
  • Authentication Credential Processing: Works with the Authentication Server Function (AUSF) to generate the necessary security material (Authentication Vectors) used to verify the user’s SIM (USIM) and allow access to the network.
  • Subscription Data Retrieval: Manages the definition of the user’s subscription profile (e.g., service entitlements, roaming permissions, Quality of Service (QoS) profile) and retrieves this data from the separate UDR storage function.
  • Session Binding: Tracks the network functions (AMF and SMF) currently serving the user, allowing the network to locate the user for incoming calls or data sessions.
  • Roaming Management: Stores and provides the necessary data and policy context for inbound and outbound roaming scenarios.
  • Subscriber Identity Management: Manages and stores the permanent 5G subscriber identifier (SUPI – Subscription Permanent Identifier) and its mapping to the phone number (MSISDN).

Technical Integration and Data Model

Integration with Other Systems

The Unified Data Management (UDM) is a central NF in the 5G core. Examine its key integration points, which occur primarily over the Service-Based Interface (SBI) using HTTP/2:

  • UDR (Unified Data Repository): Communicates via the Nudm interface. The UDM provides the logic and access control; the UDR is the actual persistent database where the subscription data resides. This is a critical separation in 5G.
  • AUSF (Authentication Server Function): Communicates via the Nudm interface to provide SUPI and generate security credentials during user registration and authentication.
  • AMF (Access and Mobility Management Function): Communicates via the Nudm interface to retrieve subscriber profiles and mobility restrictions during network attachment.
  • SMF (Session Management Function): Communicates via the Nudm interface to retrieve session-related subscription parameters for establishing PDU sessions.
MVNO Index - core network elements

Technical Data Model and Key Interfaces

The UDM does not store the permanent data itself but manages the access to the data model in the UDR. This model includes:

  • Subscription Profile: A detailed 5G-specific record of all authorized services, including QoS parameters, maximum sessions, and allowed roaming partners.
  • Security Credentials: Cryptographic keys and algorithms used for SIM authentication and network integrity protection.
  • Session Information: A dynamic record of which AMF (for mobility) and SMF (for data session) are currently serving the subscriber.

UDM Ownership for MVNOs and IoT Companies

Why Own an UDM?

For a Full MVNO or a specialized IoT provider, owning the Unified Data Management (UDM) is the highest level of strategic independence. Consider that the UDM is the absolute source of truth for “who the customer is” and “what services they are entitled to.” Owning it allows the company to:

  • Issue its own 5G-ready SIMs and eSIMs without relying on the host MNO for SIM provisioning.
  • Define unique service policies that the host MNO cannot restrict or interfere with (e.g., specific QoS for IoT traffic).
  • Control the entire authentication process, which is vital for security and regulatory compliance.

Advantages and Disadvantages of UDM Ownership for MVNOs/IoT Companies

Full Identity Control: Owns SUPI management and authentication keys, enabling eSIM and multi-IMSI services.

Cloud-Native Scalability: Designed for virtualization (CNF), offering highly flexible scaling for rapid IoT growth or peak consumer traffic.

Fast Time-to-Market: Quickly activate new service features or profiles via direct data updates without reliance on MNO processes.

Security Responsibility: Must maintain highly secure, carrier-grade security for cryptographic keys and sensitive subscriber data.

Complex Integration: Requires robust, error-free HTTP/2 interface integration with all host MNO network functions (like the AMF).

High Availability Mandate: Any failure results in all subscribers being unable to attach, authenticate, or access services.

Organizational Impact of UDM Ownership

Analyzing the organizational impact of owning a Unified Data Management (UDM):

Operational Impact: Requires DevOps teams with expertise in cloud-native technologies (Kubernetes/Containers) and HTTP/2 based SBI protocols. Strict data governance and automated CI/CD pipelines are necessary for secure, zero-downtime provisioning of subscriber data across redundant UDR sites.

Technical Impact: The UDM logic must be designed for massive horizontal scaling, leveraging cloud-native principles. It requires low-latency, high-bandwidth communication with the separate UDR storage function and the AUSF for fast profile lookups and authentication vector retrieval.

Financial Impact: Involves significant Capital Expenditure (CapEx) for high-performance UDM software licenses and highly secured, geo-redundant storage infrastructure (UDR). The primary financial return is enabling advanced, high-margin 5G services (like network slicing) and the complete avoidance of MNO fees for subscriber management.

Security Impact: The UDM/UDR is the single source of truth for all subscriber data and security policies. Robust network segmentation, API security (Mutual TLS), and continuous monitoring are mandatory to prevent unauthorized data extraction and protect subscriber privacy.

Redundancy and High Availability

MVNO Index - core network elements redundant

The UDM is the single source of subscriber truth, making its resilience absolutely non-negotiable. Implement a geo-redundant, active-active N+N cluster for both the UDM logic function and the UDR storage layer. Since the UDM logic is stateless (data is in the UDR), recovery is extremely fast. However, the UDR must ensure zero data loss and instantaneous synchronization across all redundant sites to maintain service continuity.

    Impact of 5G and 6G on the HSS

    The UDM architecture (logic separated from data storage) is a paradigm shift. In future networks:

    • Centralized Identity for All Services: The UDM/UDR is likely to become the centralized identity management system for 5G mobile access, fixed broadband access, and even enterprise IT systems, simplifying user credential management across disparate networks.
    • Edge Data Management: For latency-sensitive applications (e.g., AR/VR, industrial IoT), localized, stripped-down instances of the UDR may be deployed at the network edge to provide ultra-low-latency subscriber profile lookups, managed centrally by the core UDM.

    Frequently Asked Questions about the Unified Data Management (UDM)

    1. What 4G network function did the UDM replace?

    The UDM is the functional evolution of the Home Subscriber Server (HSS) from 4G LTE networks.

    2. What is the relationship between the UDM and the UDR?

    The UDM is the logic/management function that processes data and interfaces with other NFs. The UDR (Unified Data Repository) is the separate, persistent storage function where the actual subscriber data resides.

    3. What protocol does the UDM use to communicate in the 5G Core?

    The UDM primarily uses the HTTP/2 protocol for its Service-Based Interface (SBI) communications, moving away from the Diameter protocol used in 4G.

    4. What is the UDM's role during a subscriber's initial network attachment?

    The UDM works with the AUSF to perform Authentication and provides the AMF with the subscriber’s Subscription Profile (service entitlements and restrictions).

    5. What is the 5G equivalent of the IMSI that the UDM manages?

    The UDM manages the 5G identifier known as the SUPI (Subscription Permanent Identifier), which is the secure, permanent identity of the subscriber.

    Summary

    The Unified Data Management (UDM) is the intelligent logic layer in the 5G core that manages all subscriber profiles, authentication, and service entitlements, relying on the UDR for persistent storage. Owning the UDM is the defining characteristic of a 5G-capable Full MVNO, granting complete control over customer identity, security, and the flexibility to roll out innovative, customized service plans.

    Core Network Elements

    Legacy Core (2G/3G)

    MVNO Index - Authentication Center (AuC) - banner
    MVNO Index - Equipment Identity Register (EIR)
    MVNO Index - Signaling Transfer Point (STP)
    MVNO Index - Gateway GPRS Support Node (GGSN)
    MVNO Index - Home Location Register (HLR)
    MVNO Index - Gateway Mobile Switching Center (GMSC)
    MVNO Index - Short Message Service Center (SMSC)

    Evolved Packet Core (4G/LTE)

    MVNO Index - Online Charging System (OCS)
    MVNO Index - Offline Charging System (OFCS)
    MVNO Index - Serving Gateway (SGW)
    MVNO Index - Home Location Register (HLR) (2)
    MVNO Index - Packet Network Data Gateway (PGW)
    MVNO Index - Mobility Management Entity (MME)
    MVNO Index - Diameter Routing Agent (DRA) - banner
    MVNO Index - Policy and Charging Rules Function (PCRF)

    5G Core (5GC)

    MVNO Index - Service Communication Proxies (SCP)
    MVNO Index - Access and Mobility Management Function (AMF)
    MVNO Index - Session Management Function (SMF)
    MVNO Index - Unified Data Management (UDM)
    MVNO Index - Unified Data Repository (UDR)
    MVNO Index - User Plane Function (UPF)
    MVNO Index - Network Repository Function (NRF)
    MVNO Index - Policy Control Function (PCF)

    Cross-Generation Services

    MVNO Index - Session Border Controller (SBC)