AAA & Access Management – Scale up for the New Year
Identity and Access management are at the heart of authorization and auditing for the use of telecom network. The AAA, has been the key component for enforcing authentication, authorizations and accounting mechanisms, interfacing fixed and radio accesses in varying forms to data networks. Its major functions are validating user identity and verify their level of access to the network and track/audit user activity.
Due to their centralized role they become challenging to replace once deployed. As I am writing this, we are approaching the holiday season – and one could say that it feels like a AAA is for Life and not just for Christmas. In computing there is an old operational adage, ‘Never Touch a Running System’, but we should ask, in fact, is this false economy? Taking a strategic look at AAA’s evolution can develop operational transformation and drive new business.
In brief highlight, the AAA is a critical part of any large scale network’s security and business framework, ensuring:
- Mobile Broadband Access
- Device Authentication
- Fixed Line access control for cable and broadband solutions
- VoWiFi solutions for low-cost coverage expansion
- Network Resource consumption tracking
These and many other use cases make Access Manager a core entity of a telco’s service capabilities and network infrastructure. It’s central role also mean that continued safe, stable, and reliable performance is key to the overall operations. Any strategic move on access management is therefore a combination of capability, resilience and stability.
It is also worth noting that many of the interfaces and functions that initially began life as custom, vendor specific inventions, have become main-s
tream features on the later software evolution of Access Servers/AAA. The importance of this for a telco is that choice and software evolution is now a credible option. Th
at said, the strategic considerations around access management should not just be ‘more of the same’ in different packaging. A more considered view is how access can be leveraged
to create build new revenue use cases. In effect, can the essential data it holds and manages be used to drive new integrations. For instance, VoWiFi roaming holds a significant promise for generating new revenues for operators by leveraging a low-cost access to provide roaming over WiFi as an alternative to traditional roaming.
An example of business leverage, in a large telco in Europe Enea is addressing fixed and mobile use cases in an integrated solution providing mobile broadband to implement the home APN, and corporate APN, and VoWiFi for fixed users. This involves different interfaces integrated into the same solution e.g., diameter SWm and SWx, RADIUS authentication and accounting, and different authentication methods. Providing an integrated, virtualized solution across eleven sites and generating new enterprise-based revenue for the telco.
At the heart of this is device authorization, and the association with dynamically assigned data paths that it is using. In simple data terms the IP addresses allocated in real time which are used and re-used as connections established. This forms the backbone of accounting and auditing the network. Additional revenue use cases for creating services around IP address assignment have been created by Enea with our customers.
- These involve identity and policy establishment via query interface (i.e., using IP address as a key for reverse lookup).
- Single sign on O-Auth token exchange for users/IP for registered applications – e.g. for streaming using authorization and policy to dynamically generate single sign token for major streaming applications.
- Service authorization/restriction based on IP address range – i.e., assigning rights to a service like VoWifi based on source IP address.
As the arbiter for access the SLA for access management functions is rightly stringent, failure on these systems leads to access failure, loss of transactional integrity and revenue impairment, so transforming these systems is a careful path. The maturing knowledge of virtualized environments and software infrastructure mean that scaling with VNF (and CNF) models, is a practical path, operationally.
In concluding the software strategy for the critical function of authentication, authorization and accounting must be considered for cost, scale, revenue generation and cross network access enablement. In that mode of thinking we promote the Enea Access Manager, built on years on experience, operational in large scale telecom environments, with the standard interfaces required and deployment form factors needed for software transformation to virtualized environments. The Enea Access Manager has been deployed in more than 40 Operator networks, including several large Tier 1 Telecom Organizations.
For more information contact us @ Enea