AAA RADIUS Software, AAA Server, RADIUS servers
AAA RADIUS Server, RADIUS Software
AAA RADIUS Server AAA RADIUS Software AAA RADIUS Authentication AAA RADIUS Protocol AAA Server, AAA Software Linux RADIUS Server AAA RADIUS Servers

RADIUS Server Application for Network Service Providers

AxxessAnywhere - Oslo, Norway

AxxessAnywhere(www.axxessanywhere.com) develops remote access solutions for network service providers who want to deliver a mobile office product tailored to corporate needs, and build the foundation for a sound and increasing revenue stream.

In Europe it is common for service providers to sell solutions directly to enterprises.  When integrating or developing a remote access system, it is important that it works jointly with the service provider and end-user customer (enterprises) in mind. 
AAA RADIUS Server Software partnership

Both systems integrators and service providers struggle with delivering a fully integrated and end-user friendly remote/home office solution to their customers, regardless of the technology – dial-up, VPN, or wireless LAN.  For service providers, end-user provisioning, subscription management, billing, and support are challenging issues.

AxxessAnywhere’s product addresses and solves these challenges with its True Mobile Office solution.  The True Mobile Office technology is comprised of three components:  a highly customizable Windows client (called Connection Maker™), a brandable and tailorable provisioning/self-service Web system for administrators and end-users, and Identity Routing ™ servers that provide the authentication and authorization of end-users and dynamic configuration of network components.  A back-end billing module delivers billing data directly into service providers’ billing systems.

Following is a description of AxxessAnywhere’s application, including how the company uses Interlink Networks’ flexible RAD-Series RADIUS server in its mobile access solution, and how they customized the RAD-Series RADIUS Server through the Software Developer’s Toolkit to achieve their goal of seamless, simple, mobile data communication.

Application Description

AxxessAnywhere delivers a software framework to IP service providers and systems integrators for remote access, i.e. home office and mobile office connections.  The service provider or systems integrator defines each of the services that are to be provided:  dial-up, VPN-based access over the Internet, two-factor/token authentication, wireless LAN, etc. 

The service delivery framework covers the following aspects:

  • Database-stored service definitions that include definitions for how to provision, service usage restrictions, authentication and authorization definitions, as well as pricing model and billing procedures.
  • Automatic service provisioning of new corporations and individuals, including software installs and configurations (web-based administration + PC client called Connection Maker™ automating the provisioning process).
  • End-user laptop/desktop connection  help for simple and secure connections to the corporate Intranet through the Connection Maker™.
  • Continuous and automatic updates of service definitions and configurations to the end-users’ laptop/desktop.
  • Authentication and authorization of individual users based on the services the user subscribes to.  If the end-user is allowed, the requesting access device(s) are configured with correct setup information for this specific corporate user belonging (tunneling, access groups, IP address, netmask, etc). The Connection Maker™ can configure Windows parameters that cannot be transferred over an authentication request, such as WINS/DNS servers, web proxy server settings, search domain, running of scripts/programs, etc.
  • CDR-type billing records for import into IP service providers’ billing systems.

Below is an example diagram of AxxessAnywhere’s Web Service-based Identity Routing Server (IDr Server) which evaluates the AAA RADIUS server’s requests.   Firewalls, network access devices, and routers forward the authentication requests to the RAD-Series RADIUS Server.  Using the RAD-Series RADIUS Server Software Developer’s Toolkit (SDK), AxxessAnywhere developed a set of plug-in modules that receive these requests, extract the request information, and then contact the IDr Server.

Powerful AAA RADIUS Server

The IDr Server bases its response on the username and realm (the identity of the originating access server), as well as any other RADIUS Server attribute/value pair received (e.g. caller-id, service requested, etc).

In addition, the user is member of a group and a corporation.  Service and authentication information can be assigned to the user through such memberships.  An example is that one corporation subscribes to a VPN with regular passwords, while another has two-factor authentication as a service option.  Even though the authentication request will be the same in the two cases, the IDr Server will look up the user and determine whether two-factor authentication should be applied.  Also, the user’s group and corporate memberships are not related to the user’s realm, thus allowing users who share the domain name part of the email address (i.e. both @mycompany.com) to be authenticated differently.

The IDr Server relies on the RADIUS Server to perform the “mechanics” of authentication, including RADIUS and authentication protocol handling.  The database-backed IDr Server thus acts as a service-conscious evaluator and information provider to the RADIUS Server.  For example, check/deny/reply (policy commands) can be fed dynamically back through the plug-in modules to the RADIUS Server where the policy evaluation is done.  Such policies can be applied to groups or corporation or even single users through the web-based provisioning system.

Why Interlink Networks' RADIUS Server was Selected

AxxessAnywhere evaluated other RADIUS servers, including those from Funk Software, FreeRADIUS, Cisco, and, Radiator.  The RAD-Series RADIUS Server was selected for its:

  1. RADIUS Server Customization Capabilities.  The RADIUS Server SDK provides total flexibility and control in usage of functionality was a key selling point.
  2. RADIUS Server Scalability and Reliability.  As AxxessAnywhere provides its True Mobile Office as a fully branded and centrally hosted service with a carrier-grade Service Level Agreement, the RADIUS servers needed to be highly scalable and reliable.
  3. RADIUS Authentication Schemes.  The server offered comprehensive support of various authentication schemes and issues related to supporting all kinds of network access devices and proxy servers.  AxxessAnywhere relies on Interlink Networks to tackle the issues around RADIUS authentication schemes and network access devices.  An ever-lasting stream of new authentication protocols and network access servers can then be accessed through the well-known an API interface of the RADIUS Server.
  4. Linux Platform Support.  Linux, as a cost-effective platform was a prerequisite to deliver end-user services for AxxessAnywhere.  The RAD-Series RADIUS Server natively supports the Linux platform.

RAD-Series RADIUS Server Optional Modules

AxxessAnywhere purchased the RAD-Series RADIUS Server and the optional SDK to meet their application needs.

The RADIUS Server authenticates wireless LAN users via strong 802.1x authentication, and adds support for the most common EAP variants used for wireless LAN authentication, including EAP-MD5, LEAP, TLS, TTLS, PEAP-MSCHAPv1 and PEAP-GTC.
                                                                                                                
The RADIUS Server SDK provides a set of easy-to-implement and modular tools to help you extend the capabilities of the RADIUS Server.  With the toolkit, AxxessAnywhere was able to create custom plug-in RADIUS modules that add functionality, including:

  • Authenticating users stored in any data source, including off-the-shelf and proprietary databases
  • Tracking and controlling usage based on unique billing systems
  • Implementing highly customized authorization schemes
  • Adding support for unique access hardware.

 Conclusion:
                                                               
AxxessAnywhere has developed the technology to address customers’ needs for seamless and simple remote data communication.  True Mobile Office solution, is a winning solution: End-users get secure, hassle-free, flat fee access when and where they want it; Corporations get secure intranet access, cost control, and an increased mobile workforce; and the Service Provider gets additional revenues through increased network usage.

The AxxessAnywhere solution is built on Interlink Networks RAD-Series RADIUS Server.  The RADIUS Server's scalability, flexibility, and customizability allows AxxessAnywhere to scale in terms of number of end-user accounts on inexpensive hardware, with excellent reliability.  AxxessAnywhere is able to address almost any issue that arises in handling AAA RADIUS requests from their customers’ networks, which can be built on equipment from almost any vendor.   All of this is made possible by customizing the RADIUS functionality of the RAD-Series RADIUS Server.

Copyright 2006-2008 Interlink Networks, LLC. All Rights Reserved.
Site Design by Five Sparrows, LLC
Powered by Online Tech Dedicated Servers