Download - Syed Hashmi Founder and CEO AdvOSS Farhan Zaidi Co-Founder & CTO AdvOSS Fawad Pasha VP Sales AdvOSS
New AAA Business Use Casesfor Wi-Max and 4G Networks
Syed HashmiFounder and CEO
AdvOSS Farhan ZaidiCo-Founder &
CTOAdvOSS
Fawad Pasha
VP SalesAdvOSS
Agenda
1. Quick overview of AAA2. Authentication use cases3. Authorization use cases4. Accounting use cases
Focus: To signify the demands on AAA Applications to realize new use cases
Bridge between Service Delivery & Core
AAA ApplicationsAuthentication handles ‘who’ intends to use
the serviceAuthorization handles ‘what’ service they
want to useAccounting handles ‘how much’ of the service
was used
AAA ApplicationsEach AAA request is now handled by a respective ‘AAA Application’ that interfaces with different functions in core network over multiple interfaces.
AuthenticationPreviously main use case was identification of users.
Authentication: New Use CasesAutomatic AuthenticationExclusivity of devicesControl of MobilityIdentity Theft PreventionAccount Sharing PreventionLoad Sharing among VLANs
Authentication: New Use CasesLawful interceptVirtual OperatorsIP Address AllocationCPE sharingUnsubscribed UsersRoaming
Automatic AuthenticationUsed for automated login of userTechnology used:Reverse IP LookupInterface to HSS
Exclusivity of DevicesOperator may want to exclude devices or CPEs not issued by it.Tech Features:Certificate based authentication (EAP-TLS)
Control of MobilityFor Business or Regulatory reasons, the operator may like the users not to be able to connect beyond a given geographical area of accessTech used:Hunt GroupsAccess Control Lists
Identify Theft ProtectionUsers should not be able to login using stolen IDs or devices. Two factor or multi-factor authentication needs to be supportedTech Used:EAP-TTLS
Account Sharing PreventionOperator for its business, regulatory or other needs, may not want more than one user to share a single account.Tech Used:Concurrency CheckEAP-TTLSInterface to HSS
Load Sharing among VLANsFor larger networks, operator may need to distribute subscribers across multiple VLANsTech Used:Subscriber ZoningVLAN managementLoad Balancing Algorithms
Lawful InterceptAAA is usually an appropriate layer to comply with Lawful Intercept requirements of Real-Time and Near Real-Time monitoring of Signalling and/or media streamsAvailable technologies:Forking ProxiesAAA based routingRule based engines
Virtual OperatorsSupport for multiple virtual operators sharing access networkTech Used:RealmHunt Group based ZoningRule Based EngineForking proxies
IP Address AllocationMaintenance of IP addresses and subnetsTech Used:IP repositoryIP Pools zoning
Allowing device SharingAllowing multiple users to share a single device Tech Used:Combination of EAP-TLS and
UserName/Password authentication
Unsubscribed UsersUnsubscribed users should be able to get access on the fly using their PINsTech Used:Interfaces to Voucher
ManagementInterface to HSS or other
Subscriber ManagementInterface to Provisioning
EngineEAP-TTLS
RoamingRoaming allows home users to get access from visited networks and vice versa.Technologies used:Realm based routingOrigin zoning in Policy
Authentication ResponsesReplying with network entry parametersMixing pre-paid and post-paid subscribersPolicy Enforcement and Bearer Binding
Network Entry ParametersIn response of Authentication, the AAA gives the complete enforcement profile to the enforcement function.
This is a detailed response on ‘how’ is the service to be delivered. Bandwidth, QoS, allowed features etc. are all part of this response
Pre-Paid behavior identificationBased on Authentication, the type of user is identified to enforce Pre-paid behavior. For strictly pre-paid or PAYG (Pay As You Go) users, continuous authorizations or re-authorizations may be initiated.
Bearer BindingDepending on the nature of enforcement point, some information may have to be sent to Bearer Binding functions
AuthorizationInitial AuthorizationRe-Authorizations
Subscription AuthorizationChecking if Subscription is available for the asked Service and if it is valid at the time of requestTech Used:HSS Subscription Manager
Pre-paid QuotaAuthorization Application needs to keep counts of authorized quotas of both usage, duration and events and have arrangements to consume or refund them as needed.Tech UsedSession ManagementQuota ManagementCharging Application
Pre-Paid CreditAuthorizes enough credit for the SessionTech Used:Charging ApplicationRating Engine
ConcurrencyEnforcing concurrency limits on individual subscribersTech Used:Session ManagementProfiles from HSS
Destination ControlFor ‘Destination’ based services, the requested resource may need to be authorized.Tech Used:Request AuthorizationRequest ZoningPolicy Management
Capacity & QoETaking care of capacity issues on ingress and egress and with vendorsTech Used:Policy ServerRequest ZoningSession Management
QoSAsked QoS capability is matched with subscription information to allow/disallow requestTech usedCapability MatchingFlow based authorizationInterface to HSS
Time of Day restrictionsService may be restricted based on time of day or other temporal criteriaTech Used:Policy ServerInterface with Rating Engine
Access Method Control and ChargingIf operator supports multiple access methods (Fiber, Cable, Copper, Wi-Max, Wi-Fi), they may like to restrict users not to be able to access using other methods or they may like to be able to charge them separately.Technology:IP Address ZoningPolicy Server
RoutingLeast Cost Routing or Policy Based Routing for termination of sessionTech Used:LCR (Least Cost Routing)Capacity ManagementPolicy Server
Authorization of Multiple ServicesAAA can authorize multiple services for the same userTech UsedService ManagerService Offering ManagerInterface to HSS
Subscription Add-OnsAdd-on based profilesTech Used:HSS User Profile Manager
PersonalizationPersonalization allows users to change default behaviour as per their own preferences.Tech used:ID based profilesUser Profiles
Re-AuthorizationPrepaid
Quota ReservationChanged QoS including VAS
Authorization ResponsesIf all authorizations are passed, authorization may respond with the following:Allowed Duration or Usage before Re-
Authorization will be needed or session is disconnected
Suggested Routing information if AAA is also doing the Routing towards terminators or vendors
AccountingStart AccountingInterim AccountingStop Accounting
Start AccountingHot liningSession ManagementService Management
Hot-LiningSubscriber is re-directed to a Hot-Lining Application such as a captive portal to perform some remedial action before resuming service usageTechnologies used:
Accounting applicationPolicy ServerCRM (self-care portal)
Session ManagementSessions are inserted, modified and deleted for real-time monitoring, business intelligence and several types of reportingTechnologies used:
Accounting applicationManagement GUI
Interim AccountingReal-Time ChargingTime based pricingTime based quotasFair-Usage PoliciesTime based restrictionsHot-LiningService ManagementAlerting
Real-Time Charging
Online charging based on time, volume or eventsTechnologies used:
Accounting ApplicationRating & Charging engine
Time based Pricing
Price is modified based on service used in different time slots of the day.Technologies used:
Accounting ApplicationRating & ChargingPolicy Server
Time-based QuotasService quotas are allocated to subscribers based on different time slots in the dayTechnologies used:
Accounting ApplicationQuota ManagerPolicy Server
Fair-Usage policies
Subscribers on unlimited plans are gradually reduced the level of service if they consume service units too soon as per Service Provider policyTechnologies used:
Accounting ApplicationPolicy ServerHSS
AlertingBill Day AlertsBill Shock AlertsGrace period Alerts
Technologies used:Accounting
ApplicationAlerting
application
Stop AccountingRevenue AssuranceQoS MonitoringOTT (over the top) Applications
Revenue AssuranceCDR writing on multiple points in the
network
Near Real-Time QoS MonitoringQuality of service for different routes, destination, origins, access methods etc. is monitored in real-time. They include ASR, ACD, PDD, QoS etc.Tech Used:Interface to QoS monitoring application.
General Purpose Use CasesReal-Time MonitoringService AssuranceOTT (Over the Top) and Flow Based
Accounting
Service AssuranceBypassing different interfaces to assure
service continuity in case of system and network failures
Service ManagementService experience and usability is modified based on policy rules, subscriber life cycle events and subscriber’s monetary credit etc.Technologies used:
Accounting ApplicationPolicy ServerHSS
AdvOSS SolutionRadius / Diameter ServerPolicy Server
PCRF CompliantHSSSDP
AAA ApplicationsHot-lining / Captive Portal
Optional Products:Quota ManagerCharging EngineBilling EngineVoucher Management SystemProvisioning EngineMediation
Thank You
For any further query and business with us please feel free to contact us at
[email protected]://advoss.com
Suite 120, 10691 Shellbridge WayRichmond, BC V6X 2W8, Canada
Tel: +1 (604) 800 0269