PortAuthorityTM Flexible, Powerful, Scalable Access Policy Management (PDF format) Your customers demand reliable access to an expanding array of access services. To create and manage these services, enforce authorization policies and account for usage, you need powerful, scalable tools - access management software that can adapt to meet your ever-changing operational requirements. Lucent Technologies PortAuthorityTM RADIUS server software products offer an unparalleled solution - one that is powerful and scalable, yet offers the flexibility that you need, along with a level of service and support that only Lucent NetCare(r) can deliver. PortAuthority leverages Lucent's extensive background in access control software. After all, we invented the RADIUS protocol and have continued to make enhancements for a broad spectrum of customers that ranges from large carriers to the corporate enterprise. PolicyFlow Architecture Developed using the cross-platform capable Java programming language, PortAuthority is based on Lucent's unique PolicyFlowSM architecture. Its foundation is a core RADIUS Authentication, Authorization and Accounting (AAA) server module which manages the fundamental access management tasks. Extensible, plug-in software modules enable the construction and management of specific policies that integrate into your existing management infrastructure. Highlights Next-generation, JavaTM-based, plug-in architecture offers unparalleled flexibility. Lucent-developed plug-ins support user directories, data analysis tools and billing services. Works seamlessly in new and existing installations. A comprehensive, customizable, well-supported solution. The core AAA server module connects to PolicyFlow plug-ins through documented Application Programming Interfaces (APIs). The plug-ins manage all authentication, authorization (policy decisions), and accounting functions. Plug-ins also provide interfaces to data sources such as user directories (UNIX password files, NT Domain, NIS+, LDAP, text files), accounting data repositories (RADIUS accounting detail files, Kenan billing files), address assignment pools, and session configuration databases. Powerful Application Support Network managers use provided configuration files to easily create sophisticated, simultaneous policy flows. These AAA processing paths are comprised of multiple chained plug-ins which execute unique policies in conjunction with external data sources. All plug-ins in the PolicyFlow can be configured to respond to divergent forks in the policy decision path, such as success or failure conditions, allowing unprecedented control over access policies. Using the PolicyFlow feature-set, PortAuthority enables you to support a vast range of service applications, from simple corporate and/or Internet access, to sophisticated InterNetworking Systems outsourcing applications including tunneling, proxy RADIUS and roaming. Stateful Resource Management Lucent understands that guarding against abuses in resource usage is critically important. PortAuthority RADIUS server products feature PortAuthority products feature the User Concurrency Control Server (UCCS),a built-in session control server which limits the number of sessions permitted on a per user or per realm basis. For port wholesaling providers, the Universal State Server (USS) enforces group limits and manages loading of logical port and/or modem groups. PortAuthority and Billing Solutions Clearly, effective policy management is more than just simple access control. Collecting and analyzing usage information for billing, departmental charge-backs and security purposes is equally important. PortAuthority's PolicyFlow architecture offers the necessary flexibility to address these needs as well. The basic Lucent-developed accounting plug-in creates standard Lucent 'detail' file output files. Other plug-ins are available, or can be written, to support virtually any billing or accounting system, including those from companies like Kenan Systems (now part of Lucent Technologies), Solect, Portal, and others. Configuration and Management Sophisticated access policies require a well-defined, easy to use management interface. PortAuthority RADIUS server products provide a variety of remote and local management options. A command line interface (CLI) is available for local control, while internal web (http) and telnet servers allow for easy remote management. Creating system status and activity reporting web pages is as easy as writing an html script and including special PortAuthority reporting variables. The web server also supports a simplified Common Gateway Interface (CGI) and Java applets. PortAuthority RADIUS Server Products PortAuthority-RS PortAuthority-RS is a turnkey, full-featured RADIUS package for small to medium-sized access service providers. PortAuthority-RS includes a User Concurrency Control Server (UCCS) option for limiting sessions on a per user or per realm basis. PortAuthority RS is licensed per server and is available Third quarter 1999. PortAuthority-ACS PortAuthority-ACS (Advanced Control System) is suitable for large subscriber-oriented providers who require additional flexibility to implement access service policies. PortAuthority-ACS includes the core AAA server and all released Lucent-developed plug-ins with API support, including support for NIS+ and LDAP directories. PortAuthority-ACS also includes the UCCS for enforcing per user and per realm based session limits. Software licensing for PortAuthority ACS is tiered, based on the number of users supported. PortAuthority-CMS PortAuthority-CMS (Connection Management System) has been specifically designed to support port wholesaling applications. PortAuthority-CMS includes the core AAA server, all released Lucent-developed plug-ins, the Universal State Server (USS) for limiting sessions on per user, realm and DNIS bases, and a bundled single server license of TRU RADIUS software from Telco Research to perform usage and access analysis reporting. Software site licensing for PortAuthority-CMS is tiered, based on the number of access ports deployed. Carrier Class Access Policy Management Lucent Technologies PortAuthority RADIUS server family delivers a carrier class, standards-based, highly customizable AAA access policy management solution. Its multi-threaded PolicyFlow architecture scales to support high-performance access hardware and mutually interdependent subsystems such as databases, file systems and directories. And PortAuthority has been proven through rigorous use in large-scale service provider environments. Technical Specifications Platform compatibility: The PortAuthority suite is compatible with most Java server platforms 1.4 and newer. At the present, installers are only provided for Microsoft Windows NT and Solaris. Requires Java Runtime Environment version 1.16 on Microsoft Windows NT 4.0 or Java Runtime Environment 1.1.7 on Solaris Sparc 2.5.1. RADIUS Authentication, Authorization and Accounting (AAA) Server: IETF RFC 2138 and 2139 standards compliant RADIUS server Multivendor RADIUS client support Multiple authentication and proxy forwarding keys User login exception notification facility Full or authentication only proxying User login "stoplists" with optional logging Support for NAS groups Multiple RADIUS dictionaries Flexible, Powerful Architecture: Platform independent: written in Java Compatibility mode for ease of conversion Extensible plug-in architecture Flexible data sources (LDAP, passwords, NIS+, etc.) Custom accounting plug-ins for billing system compatibility Plug-ins can be linked to create custom authentication and accounting policy flows Supports multiple name spaces Built-in command line interface, http and telnet servers Configuration syntax checking (lint filters) Powerful, scriptable test client Extensive logging features, including syslog support Access can be controlled by user of group of user Advanced troubleshooting and debugging features