avsystem aaa avsystem aaa - pivotel (pty) ltd · lightweight radius implementation what diff...
TRANSCRIPT
![Page 1: AVSystem AAA AVSYSTEM AAA - Pivotel (Pty) Ltd · LIGHTWEIGHT RADIUS IMPLEMENTATION What diff erentiates AVSystem AAA from other solu-tions available on the market is its proprietary,](https://reader031.vdocuments.net/reader031/viewer/2022020316/5b61c0007f8b9a36488cbbd3/html5/thumbnails/1.jpg)
1
Copyright 2016 by AVSystem
AVSystem AAA
AVSYSTEM AAA
www.avsystem.com
![Page 2: AVSystem AAA AVSYSTEM AAA - Pivotel (Pty) Ltd · LIGHTWEIGHT RADIUS IMPLEMENTATION What diff erentiates AVSystem AAA from other solu-tions available on the market is its proprietary,](https://reader031.vdocuments.net/reader031/viewer/2022020316/5b61c0007f8b9a36488cbbd3/html5/thumbnails/2.jpg)
AVSystem AAA2
Copyright 2016 by AVSystem
Every day telecommunication operators are facing new challenges and threats. In this fast and constantly evolving environment, there is a growing demand for fl exible, versatile and secure solutions, which, at the same time, can be easily adjusted to changing hard-ware-park, new services and statutory requirements. Both access control and accounting are the areas that need such solutions the most. In response, AVSystem has created its latest product, AVSystem AAA.
Introduction
![Page 3: AVSystem AAA AVSYSTEM AAA - Pivotel (Pty) Ltd · LIGHTWEIGHT RADIUS IMPLEMENTATION What diff erentiates AVSystem AAA from other solu-tions available on the market is its proprietary,](https://reader031.vdocuments.net/reader031/viewer/2022020316/5b61c0007f8b9a36488cbbd3/html5/thumbnails/3.jpg)
3
Copyright 2016 by AVSystem
AVSystem AAA
KEY FEATURES
PIPELINE-ORIENTED PROCESSING
From the very initial stage, AVSystem AAA has been designed for fl exible, fast and adaptable operations. Pipeline-oriented processing turned out to be the key to achieve this goal. Instead of presenting a well-de-fi ned (hard-coded) processing fl ow including all the after-eff ects, options, possibilities and corner-cases, AVSystem AAA allows the administrator to defi ne both the desired pipeline and the fl ow of operations. More-over, the administrator can decide in detail what data is to be parsed, transformed or discarded to speed up processing. A great eff ort was put into the design of a pipeline defi nition, tools and helpers allowing the user to focus on business logic, requirements, data and se-curity rather than on spending endless time investigat-ing the undocumented fl ows in monolithic solutions. Last but not least, multiple-protocol support off ered by AVSystem AAA enables full integration with external billing, marketing, monitoring and reporting systems.
LIGHTWEIGHT RADIUS
IMPLEMENTATION
What diff erentiates AVSystem AAA from other solu-tions available on the market is its proprietary, light-weight and robust implementation of Radius Authenti-cator, which enables extremely fast and effi cient parsing and creation of Radius responses. It is a crucial element to provide extremely high throughputs necessary for handling both day-to-day high-demand operations in a present network and high-density accounting and monitoring.
MULTI-MASTER ARCHITECTURE
AVSystem AAA provides full out-of-the-box support for multi-node & multi-master oriented architec-tures. Moreover, unique clustering and visualization technologies enable a free and unobstructed fl ow of information between nodes as well as full syn-chronization of both operational and historicaldata.AVSystem AAA also provides additional Data Safe House, a redundant database that enables recov-ery of the vital network data in case of disaster.
Figure 1 System layout
![Page 4: AVSystem AAA AVSYSTEM AAA - Pivotel (Pty) Ltd · LIGHTWEIGHT RADIUS IMPLEMENTATION What diff erentiates AVSystem AAA from other solu-tions available on the market is its proprietary,](https://reader031.vdocuments.net/reader031/viewer/2022020316/5b61c0007f8b9a36488cbbd3/html5/thumbnails/4.jpg)
AVSystem AAA4
Copyright 2016 by AVSystem
USER-FRIENDLY UI
The system is delivered with Web-based, user-friendly UI allowing system configuration and maintenance as well as providing access to:
• Authentication and accounting data
• Account details
• Historical information
• Current state of the network
• Troubleshooting views for network issues
• Group and domain management
• GIS integration for supported networks
• CDR policy/format configuration
• Reporting system
• Online user management
MULTIPLE DATA SOURCES
Thanks to a flexible definition of pipeline, which can be tailored to specific needs of the network, the operator gains a great market advantage and ability to define all the delivered services. Furthermore, the pipeline de-
scription engine provides multiple data sources ena-bling import of data from external systems (LDAP or BSS servers), export of data to external storage (e.g. detailed logs required by a local jurisdiction) or ad-vanced integration with existing third-party systems (e.g. invoicing or policy enforcement solution).Built-in default internal storage allows the operator to quickly deploy services without the need for any exter-nal sources or components. Internal storage will also enable long-term retention and an overview of histor-ical data.
Examples:
• Numbers of sessions and their data load
• User login history, times, lengths, data loads ora physical line the authentication was performed upon
• Current active sessions
Figure 2 Internal architecture of system components
![Page 5: AVSystem AAA AVSYSTEM AAA - Pivotel (Pty) Ltd · LIGHTWEIGHT RADIUS IMPLEMENTATION What diff erentiates AVSystem AAA from other solu-tions available on the market is its proprietary,](https://reader031.vdocuments.net/reader031/viewer/2022020316/5b61c0007f8b9a36488cbbd3/html5/thumbnails/5.jpg)
5
Copyright 2016 by AVSystem
AVSystem AAA
BUILT-IN TROUBLESHOOTING
MODULE
Thanks to an built-in troubleshooting engine, the ad-ministrator can fully monitor every action, message or transfer of data to AAA system. Due to the unique position of the system in the network, such a module makes monitoring and troubleshooting of the network problems, even those related to CPE which are nor-mally very difficult to find, much easier in enterprise networks.
ANY ACCESS TECHNOLOGY
AVSystem AAA was designed to flexibly adapt to the used hardware-park and constant demand for ser-vices. Thanks to such design, it can be safely used in heterogeneous environments in which multiple tech-nologies such as DSL, WiMAX, LTE, WiFi, VoIP, FAP are being orchestrated.
MODULAR TECHNOLOGY
Even though the pipeline description engine is ex-tremely versatile, its usage would have been extreme-ly complicated without tools and helpers hiding all or most of the technological hurdle from the user. AVSys-tem AAA provides such helpers in multiple tool-orient-ed modules.
Helpers:
• INTERNAL DATA STORAGE for system operations,authentication data, logs and accounting
• RADIUS AUTHENTICATOR (Radius+basedsouth-bound interface)
• UI (Web-based User Interface)
• LDAP CONNECTOR (verification of credentialsagainst third party LDAP-based storage)
• SQL CONNECTOR (verification of credentials andexport of authentication and accounting data to ex-ternal SQL-based storage)
• IP ASSIGNER (assignment and tracking of IP
address usage based on defined pools and dynamic transfer of pool-chunks between NASes)
• IP TRACKER (helper enabling easy storage of IPassignment history, automatic rolling of such data aswell as set of tools for searching in the dataset)
• LOGGER (logging of both authentication and accounting data to multiple file formats, including logrolling)
• DICTIONARY (definition of human-readable labelsand value parsing/serializing for vendor-specific at-tributes)
• DIAMETER AUTHENTICATOR (diame-ter-based south-bound interface)
• TACACS AUTHENTICATOR (TACACS-basedsouth-bound interface)
• KERBEROS CONNECTOR (verification of creden-tials against existing kerberos-based infrastructure)
• REST CONNECTOR (verification of credentialsand data import/export from/to external third-partysystem via REST)
• TR101 (support for PPPoE intermediate agent,TR-101 parameters)
• PAP/CHAP credentials processor
• EAP credentials processor
• CHARGING MEDIATION (for pre/postpaidaccounting by integration with external billingsystem)
• Other modules and tools
REPORTING CAPABILITIES
Universal data-mining and reporting engine enables periodic creation of reports related to end users’ activ-ity and provides a useful source of information about the utilization of resources. Accounting mistake pre-vention mechanisms are also delivered thanks to de-tailed logs and increased redundancy.
![Page 6: AVSystem AAA AVSYSTEM AAA - Pivotel (Pty) Ltd · LIGHTWEIGHT RADIUS IMPLEMENTATION What diff erentiates AVSystem AAA from other solu-tions available on the market is its proprietary,](https://reader031.vdocuments.net/reader031/viewer/2022020316/5b61c0007f8b9a36488cbbd3/html5/thumbnails/6.jpg)
AVSystem AAA6
Copyright 2016 by AVSystem
INTEGRATION WITH
AVSYSTEM UMP
AVSystem AAA integrates seamlessly with AVSystem’s fl agship product - Unifi ed Device Management Plat-form (UMP). End-to-end service deployment, analysis of all the data within the scope of single reference, usage of DHCP option 82 as well as TR-101 data en-hancements in zero-touch provisioning scenarios are only some of the benefi ts resulting from this integra-tion.
ENTERPRISE WIFI:In a modern IT infrastructure, security is an extremely important factor. However, end users also require a high degree of mobility as well as unlimited access to every-day resources. That is the reason why WiFi Networks are becoming so popular nowadays. Most of present access points can easily support secure authentication technologies such as WPA2-Enterprise; however, they also require an external server to confi rm user rights to access the network and/or additional arguments to manage such access.
AVSystem AAA is an ideal solution for WiFi Networks since it provides:
• Secure authentication in the networks of multipleaccess points
• Easy-to-use and fl exible GUI allowing registrationof accounts, access points as well as tracking the user activity
• Out of the box high-availability for demanding mission-critical networks
• Ability to track user location and restrict it
• Overview of current activity
• Detailed accounting of traffi c / connection
![Page 7: AVSystem AAA AVSYSTEM AAA - Pivotel (Pty) Ltd · LIGHTWEIGHT RADIUS IMPLEMENTATION What diff erentiates AVSystem AAA from other solu-tions available on the market is its proprietary,](https://reader031.vdocuments.net/reader031/viewer/2022020316/5b61c0007f8b9a36488cbbd3/html5/thumbnails/7.jpg)
7
Copyright 2016 by AVSystem
AVSystem AAA
DSL Network
• End-user authentication based on: previous logginghistory, connection location, BRAS/DSLAM used
• Authentication of both PPPoE/PPPoAand RFC1483-based connections
• Secure setup of 4Play environments with Data, VoIP,IPTV and Femtocells
• IP-Addresses assignment based on various internalpolicies
• Detailed tracking of user authentication compliantwith local statutory requirements
Mobile Environments
• Secure end-to-end authentication and authorization of the users
• Central authentication for both WiMAX and LTE
• Support for EAP-TLS and EAP-TTLS authenticationschemes
• Out-of-the-box support for vendor-specific parameters
• Location tracking/locking for mobile users
WiFi Environments
• Secure authentication and authorization
• Support for open and enterprise access points
• Support for WPA2-Enterprise
• Support for WiFi Off-Load
• Detailed tracking of user authentication and localization
VoIP Environments
• Decrease in soft-switch load by external authentication
• Location tracking/locking for mobile users
• Detailed accounting of the user resources
• Denial of access for pre-paid / suspicious users
SUPPORTED ENVIRONMENTSAVSystem AAA can simultaneously support multiple service structures and environments.
![Page 8: AVSystem AAA AVSYSTEM AAA - Pivotel (Pty) Ltd · LIGHTWEIGHT RADIUS IMPLEMENTATION What diff erentiates AVSystem AAA from other solu-tions available on the market is its proprietary,](https://reader031.vdocuments.net/reader031/viewer/2022020316/5b61c0007f8b9a36488cbbd3/html5/thumbnails/8.jpg)
AVSystem HQ , R&D Department
Radzikowskiego 47d31-315 Kraków, Poland
+48 12 619 47 00 [email protected] www.avsystem.com
AVSYSTEM AAA