AAA Server
Shortcuts
What is AAA?
AAA stands for Authentication, Authorization, and Accounting. AAA is an important server and policy control framework that enables CSPs to control how their subscribers access and consume data service over any IP based broadband network. Containing the user information, the AAA server mainly interacts with network access, Gateway servers, Databases, and Directories. AAA intelligently control the access, enforce policy, audit usage, and provide necessary bill related information.
Authentication – Are you a valid user?
The first A in AAA stands for Authentication. Authentication is the method – identifying a valid user; ensuring that a user enters a valid username and password before accessing the network granted.
The Radius server verifies the user’s credential with the credentials stored in the database, if such credentials match, the user is granted access to the network or vice versa.
Authorization – What services are you permitted to use with constraint resources?
Following Authentication in AAA, second A stands for Authorization. Users gain authorization for using different services, after authentication. Authorization is a process of determining what type of services a user is permitted to use with constraint resources.
Accounting – How much time and data you have used?
The last A in AAA stands for Accounting. This is the final process. Radius Server tracks the customer’s data usage through Accounting and customers are billed accordingly. Accounting is carried out by authentication and authorization. It is used for billing, resource utilization, and planning for the data capacity.
A server performing Authentication, Authorization, and Accounting is known as the AAA server.
AAA RADIUS
RADIUS has the following messages at its disposal to control all of the phases in the AAA process:
Access-Request: The RADIUS server sent a request to access Authentication and Authorization to a network.
Access-Accept: The RADIUS server sent in response to an Access-Request message. This message notifies the client of his Authentication and Authorization which he corresponds to by contributing the necessary attributes.
Access-Reject: The RADIUS server sent in response to an Access-Request message. This message informs the client that his request has been rejected with the explanation of the reason.
Access-Challenge: The RADIUS server sent in response to the Access-Request message. This message is sent to the client with a challenge that the client must respond to.
Accounting-Request: A RADIUS client sent to specify information about the connection that has been accepted. It can start or stop the accounting.
Accounting-Response: The RADIUS server sent in response to an Accounting-Request message. This message notifies the correct reception of the request and starts the session’s process.
As the telecommunication network evolves, so does the role of AAA. The need for centralized authentication, authorization, and accounting has grown as the need for centralized identity management. It is imperative in the modern telecommunications landscape to have a robust AAA Server that performs not only basic AAA functions but also more advanced functions.
Technical Specifications:
H8AAA comply with the following RFC Standards:
RFC 2865 — Remote Authentication Dial-In User Service
RFC 2866 — RADIUS Accounting
RFC 2868 — RADIUS Attributes for Tunneling Support
RFC 2869 — RADIUS Extensions
RFC 2548 — Microsoft Vendor-Specific RADIUS Attributes
RFC 2809 — Compulsory Tunneling via RADIUS
RFC 2882 — NAS Requirements: Extended RADIUS Practices
RFC for SNMP
RFC2618 — RADIUS-Authentication-Client-MIB
RFC2619 — RADIUS-Authentication-Server-MIB
RFC2620 — RADIUS-Accounting-Client-MIB
RFC2621 — RADIUS-Accounting-Server-MIB
H8AAA Server enables the following features for all Telecommunications Networks:
Multi-Service Support:
Designed to support multiple services, H8AAA Server is able to provide a centralized session and Identity management system for a variety of services and networks, ranging from data, voice, video, and content.
Centralized Identity Management:
H8AAA Server provides a centralized location for subscriber data, including login and session management parameters. This provides a secure, centralized location for subscriber information, streamlining network, and assuring network of login details by utilizing cryptographic algorithms.
High Performance:
H8AAA Server is extremely high-performing. Even on entry-level hardware, H8AAA Server can achieve an average of 900-1000 AAA reqs/seconds. A high-performing solution decreases churn by creating a highly responsive system that maximizes the efficiency of network elements.
Support for SNMP & Proxy:
Support for SNMP & Proxy plays a pivotal role. SNMP is an important feature from a monitoring and maintenance point of view as well. Proxy is the key point for 3rd party integration from a partner communication point of view. H8AAA Server provides support for both SNMP and Proxy.
Session Management:
H8AAA Server prevents revenue leakage via active session management for prepaid and postpaid subscriber types. H8AAA Server tracks usage in real-time to enforce session disconnect policies and even offers quota-based policy management to enable the network elements to maintain session-based volume quota.
Session Caching:
Comprehensive, real-time information on any given subscriber’s session is available to network elements that require it. H8AAA Server stores session information from multiple clients.
Vendor Neutrality and Standard Compliancy:
H8AAA Server is vendor-neutral because it comes from a pure B/OSS player instead of a hardware vendor. A vendor-neutral and standard-compliant AAA solution allows providers to choose a mixed brand, best-of-breed networks at inception, and as the network grows, saving money at network launch and beyond.
Dynamic Authorization and Disconnect:
The H8AAA Service Framework’s RADIUS dynamic request support allows RADIUS servers to initiate user-related operations, such as a termination operation, by sending unsolicited request messages to the router. Without the RADIUS dynamic request feature, the only way to disconnect a RADIUS user is from the router, which can be cumbersome and time-consuming in large networks.
How AAA server helps operators to maximize ROI on their investment:
Secure Access Control:
AAA security enables mobile and dynamic security. Without AAA there is static security. AAA security designed to enable you to dynamically configure the type of authentication and authorization you want. AAA security increased flexibility and control access configuration and scalability, access to authentication methods such as RADIUS, TACACS+, and use of multiple backup systems.
Enhance Customer Experience:
With the help of the AAA server, the operator can offer better customer experience through seamless session updates whenever the customer:
• Purchase a Bandwidth speed
• Exceed their fair usage policy
• Renew their prepaid account
Monitor Usage:
AAA monitor the usage. It ensures that the customer uses the resources for the allotted time and Data. If the user has used the allotted data and time is finished, then the AAA server denied access to the user.
Monetize wifi Access:
AAA helps businesses to unlock new revenue using the carrier wifi solutions. The AAA server:
• Access time and data
• Enable location-based services
• Assist operators in enhancing monetizing opportunities
Height8’s AAA is a carrier-grade access control server with support RADIUS, DIAMETER, and TACACS+ protocols in a single stack. Work flow-based request processing architecture enables the central deployment of the H8AAA server to serve different types of services. The solution is access agnostic and can support any vendor with standard protocols.
Built on 35+ years of AAA expertise, Height8 software-based platform delivers industry-leading performance, stability, reliability, and flexibility.