Syed Hashmi Founder and CEO AdvOSS Farhan Zaidi Co-Founder & CTO AdvOSS Fawad Pasha VP Sales AdvOSS

Download Syed Hashmi Founder and CEO AdvOSS Farhan Zaidi Co-Founder & CTO AdvOSS Fawad Pasha VP Sales AdvOSS

Post on 15-Dec-2015




1 download

Embed Size (px)


<ul><li>Slide 1</li></ul> <p>Syed Hashmi Founder and CEO AdvOSS Farhan Zaidi Co-Founder &amp; CTO AdvOSS Fawad Pasha VP Sales AdvOSS Slide 2 Agenda 1. Quick overview of AAA 2. Authentication use cases 3. Authorization use cases 4. Accounting use cases Focus: To signify the demands on AAA Applications to realize new use cases Slide 3 Bridge between Service Delivery &amp; Core Slide 4 AAA Applications Authentication handles who intends to use the service Authorization handles what service they want to use Accounting handles how much of the service was used Slide 5 AAA Applications Each AAA request is now handled by a respective AAA Application that interfaces with different functions in core network over multiple interfaces. Slide 6 Authentication Previously main use case was identification of users. Slide 7 Authentication: New Use Cases Automatic Authentication Exclusivity of devices Control of Mobility Identity Theft Prevention Account Sharing Prevention Load Sharing among VLANs Slide 8 Authentication: New Use Cases Lawful intercept Virtual Operators IP Address Allocation CPE sharing Unsubscribed Users Roaming Slide 9 Automatic Authentication Used for automated login of user Technology used: Reverse IP Lookup Interface to HSS Slide 10 Exclusivity of Devices Operator may want to exclude devices or CPEs not issued by it. Tech Features: Certificate based authentication (EAP-TLS) Slide 11 Control of Mobility For Business or Regulatory reasons, the operator may like the users not to be able to connect beyond a given geographical area of access Tech used: Hunt Groups Access Control Lists Slide 12 Identify Theft Protection Users should not be able to login using stolen IDs or devices. Two factor or multi-factor authentication needs to be supported Tech Used: EAP-TTLS Slide 13 Account Sharing Prevention Operator for its business, regulatory or other needs, may not want more than one user to share a single account. Tech Used: Concurrency Check EAP-TTLS Interface to HSS Slide 14 Load Sharing among VLANs For larger networks, operator may need to distribute subscribers across multiple VLANs Tech Used: Subscriber Zoning VLAN management Load Balancing Algorithms Slide 15 Lawful Intercept AAA is usually an appropriate layer to comply with Lawful Intercept requirements of Real-Time and Near Real-Time monitoring of Signalling and/or media streams Available technologies: Forking Proxies AAA based routing Rule based engines Slide 16 Virtual Operators Support for multiple virtual operators sharing access network Tech Used: Realm Hunt Group based Zoning Rule Based Engine Forking proxies Slide 17 IP Address Allocation Maintenance of IP addresses and subnets Tech Used: IP repository IP Pools zoning Slide 18 Allowing device Sharing Allowing multiple users to share a single device Tech Used: Combination of EAP-TLS and UserName/Password authentication Slide 19 Unsubscribed Users Unsubscribed users should be able to get access on the fly using their PINs Tech Used: Interfaces to Voucher Management Interface to HSS or other Subscriber Management Interface to Provisioning Engine EAP-TTLS Slide 20 Roaming Roaming allows home users to get access from visited networks and vice versa. Technologies used: Realm based routing Origin zoning in Policy Slide 21 Authentication Responses Replying with network entry parameters Mixing pre-paid and post-paid subscribers Policy Enforcement and Bearer Binding Slide 22 Network Entry Parameters In response of Authentication, the AAA gives the complete enforcement profile to the enforcement function. This is a detailed response on how is the service to be delivered. Bandwidth, QoS, allowed features etc. are all part of this response Slide 23 Pre-Paid behavior identification Based on Authentication, the type of user is identified to enforce Pre-paid behavior. For strictly pre-paid or PAYG (Pay As You Go) users, continuous authorizations or re- authorizations may be initiated. Slide 24 Bearer Binding Depending on the nature of enforcement point, some information may have to be sent to Bearer Binding functions Slide 25 Authorization Initial Authorization Re-Authorizations Slide 26 Subscription Authorization Checking if Subscription is available for the asked Service and if it is valid at the time of request Tech Used: HSS Subscription Manager Slide 27 Pre-paid Quota Authorization Application needs to keep counts of authorized quotas of both usage, duration and events and have arrangements to consume or refund them as needed. Tech Used Session Management Quota Management Charging Application Slide 28 Pre-Paid Credit Authorizes enough credit for the Session Tech Used: Charging Application Rating Engine Slide 29 Concurrency Enforcing concurrency limits on individual subscribers Tech Used: Session Management Profiles from HSS Slide 30 Destination Control For Destination based services, the requested resource may need to be authorized. Tech Used: Request Authorization Request Zoning Policy Management Slide 31 Capacity &amp; QoE Taking care of capacity issues on ingress and egress and with vendors Tech Used: Policy Server Request Zoning Session Management Slide 32 QoS Asked QoS capability is matched with subscription information to allow/disallow request Tech used Capability Matching Flow based authorization Interface to HSS Slide 33 Time of Day restrictions Service may be restricted based on time of day or other temporal criteria Tech Used: Policy Server Interface with Rating Engine Slide 34 Access Method Control and Charging If operator supports multiple access methods (Fiber, Cable, Copper, Wi-Max, Wi-Fi), they may like to restrict users not to be able to access using other methods or they may like to be able to charge them separately. Technology: IP Address Zoning Policy Server Slide 35 Routing Least Cost Routing or Policy Based Routing for termination of session Tech Used: LCR (Least Cost Routing) Capacity Management Policy Server Slide 36 Authorization of Multiple Services AAA can authorize multiple services for the same user Tech Used Service Manager Service Offering Manager Interface to HSS Slide 37 Subscription Add-Ons Add-on based profiles Tech Used: HSS User Profile Manager Slide 38 Personalization Personalization allows users to change default behaviour as per their own preferences. Tech used: ID based profiles User Profiles Slide 39 Re-Authorization Prepaid Quota Reservation Changed QoS including VAS Slide 40 Authorization Responses If all authorizations are passed, authorization may respond with the following: Allowed Duration or Usage before Re-Authorization will be needed or session is disconnected Suggested Routing information if AAA is also doing the Routing towards terminators or vendors Slide 41 Accounting Start Accounting Interim Accounting Stop Accounting Slide 42 Start Accounting Hot lining Session Management Service Management Slide 43 Hot-Lining Subscriber is re-directed to a Hot-Lining Application such as a captive portal to perform some remedial action before resuming service usage Technologies used: Accounting application Policy Server CRM (self-care portal) Slide 44 Session Management Sessions are inserted, modified and deleted for real-time monitoring, business intelligence and several types of reporting Technologies used: Accounting application Management GUI Slide 45 Interim Accounting Real-Time Charging Time based pricing Time based quotas Fair-Usage Policies Time based restrictions Hot-Lining Service Management Alerting Slide 46 Real-Time Charging Online charging based on time, volume or events Technologies used: Accounting Application Rating &amp; Charging engine Slide 47 Time based Pricing Price is modified based on service used in different time slots of the day. Technologies used: Accounting Application Rating &amp; Charging Policy Server Slide 48 Time-based Quotas Service quotas are allocated to subscribers based on different time slots in the day Technologies used: Accounting Application Quota Manager Policy Server Slide 49 Fair-Usage policies Subscribers on unlimited plans are gradually reduced the level of service if they consume service units too soon as per Service Provider policy Technologies used: Accounting Application Policy Server HSS Slide 50 Alerting Bill Day Alerts Bill Shock Alerts Grace period Alerts Technologies used: Accounting Application Alerting application Slide 51 Stop Accounting Revenue Assurance QoS Monitoring OTT (over the top) Applications Slide 52 Revenue Assurance CDR writing on multiple points in the network Slide 53 Near Real-Time QoS Monitoring Quality of service for different routes, destination, origins, access methods etc. is monitored in real-time. They include ASR, ACD, PDD, QoS etc. Tech Used: Interface to QoS monitoring application. Slide 54 General Purpose Use Cases Real-Time Monitoring Service Assurance OTT (Over the Top) and Flow Based Accounting Slide 55 Service Assurance Bypassing different interfaces to assure service continuity in case of system and network failures Slide 56 Service Management Service experience and usability is modified based on policy rules, subscriber life cycle events and subscribers monetary credit etc. Technologies used: Accounting Application Policy Server HSS Slide 57 AdvOSS Solution Radius / Diameter Server Policy Server PCRF Compliant HSS SDP AAA Applications Hot-lining / Captive Portal Slide 58 Optional Products: Quota Manager Charging Engine Billing Engine Voucher Management System Provisioning Engine Mediation Slide 59 Thank You For any further query and business with us please feel free to contact us at Suite 120, 10691 Shellbridge Way Richmond, BC V6X 2W8, Canada Tel: +1 (604) 800 0269 </p>