Wednesday, March 23, 2016

Deploying flexible Radiator AAA for Cisco ASR/CSR VPN

The increased use of Cisco ASR/CSR and its IPSEC VPNs with IKEv2 creates new challenges for authentication, authorisation and accounting (AAA) software. The first challenge is interoperability, especially when Cisco’s implementation of IKEv2 requires EAP-MSCHAPv2 to be used for VPN user authentication.

Most AAA server softwares support MSCHAPv2 for RADIUS authentication, but only few have support also for MSCHAPv2 encapsulated inside EAP protocol. Radiator supports them both. What is more, with Radiator it is possible to separate the MSCHAPv2 from EAP by terminating the EAP tunnel in Radiator and forwarding the inner MSCHAPv2 to other authentication servers or services.

The Radiator’s ability to separate MSCHAPv2 from EAP protocol makes it possible to use Radiator as a flexible proxy for various authentication sources (see Figure 1) such as Windows Active Directory, One-Time-Password (HOTP/TOTP) services, RSA / Yubikey / Duo Security tokens etc. For some authentication sources, Radiator works as the actual endpoint for AAA service reducing the need of multiple separate authentication servers or appliances sitting in your network.



EAP_MSCHAPv2.png
Radiator EAP - MSCHAPv2 Architecture

Do you want to know more?

This is a popular use case and we have been been contacted by several customers who need to separate MSCHAPv2 from EAP protocol. This functionality is one reason why Radiator AAA Server is called 'The Swiss Army Knife of AAA Servers'. Radiator provides various protocols and can be used as a proxy in different environments – often with configurations that are provided without additional charge when purchasing the license.

For more information, please contact our team at info@open.com.au

Monday, March 14, 2016

Radiator VNF in OpenStack environment

OpenStack is the leading cloud infrastructure choice for operator Network Function Virtualisation (NFV) and Software Defined Networking (SDN) infrastructures. Several vendors, such as Ubuntu, Red Hat, and Suse, provide complete implementations for OpenStack. To ensure that Radiator VNF is easily deployed on top of various private and public cloud infrastructures, it is delivered as standard Linux distribution packages and the configuration management system handles the installation and configuration process automatically.

Instead of maintaining several large specialised virtual host images, Radiator VNF is deployed on top of your existing Linux operating system. There is no need to change the operating system, you can continue using your familiar Linux distribution with its licences, update and security services.

The basic architecture of Radiator VNF combined with OpenStack is described in the image below.


Instead of replacing the existing OpenStack controller functions and components, Radiator VNF works together with them and extends the OpenStack components if needed. Radiator VNF Manager utilises Heat and other cloud infrastructure orchestrator APIs to create, delete, and scale VNF instances and components. 

Using Radiator VNF Manager gives the additional flexibility and extended control granularity for scaling virtual AAA (authentication, authorisation, accounting) functions. It also makes it easier to adapt Radiator VNF  to any cloud infrastructure. All Radiator VNF components are also designed and implemented to securely communicate across compute nodes, which makes it possible to distribute Radiator VNF components flexibly without limiting the components within a single compute node. 

Configuring Radiator VNF components do not require any manual interaction. Every configuration task is done automatically via Radiator VNF configuration management system, not by configuring each Radiator VNF component individually. This, combined with flexible component scaling, makes Radiator a true NFV solution.

Would you like to know more?

The Radiator VNF brings its well-known flexibility and extendability to the NFV world. Enhanced with configuration provisioning, automated scaling, and platform independency, Radiator VNF continues to be the Swiss army knife of AAA software also inside cloud infrastructures. If you are interested to learn more, please contact info@open.com.au for more information.