490 likes | 789 Views
SIGMA SBR Carrier 7.0. Agenda. The product: SBR Carrier 7.0 Converged Carrier grade AAA New WiMAX module New Pricing model Use cases (for wireline & wireless) Use case Pricing Migrating from legacy SBR products Literature. The product: SBR Carrier 7.0 Converged Carrier grade AAA.
E N D
Agenda • The product: SBR Carrier 7.0 • Converged Carrier grade AAA • New WiMAX module • New Pricing model • Use cases (for wireline & wireless) • Use case • Pricing • Migrating from legacy SBR products • Literature
SBR/SPE SBR/SIM SBR/MIM SBR/SPE SBR/HA SBR/HA SBR/Carrier AAA Evolution to FMC and WiMAX Wireline GSM/UMTS WiMAX WiFi/UMA CDMA
A centralized AAA Architecture that supports all access technologies and user credentials is an important element of the NGN network A benefit of centralizing AAA is that it allows for the centralization of subscriber session information on the networks Enhancement to service delivery and new services can be delivered by leveraging this active subscriber database. Applications/ Services LDAP PKI Sessions UMA DSL Femtocell GPRS/UMTS WiMAX One AAA to Manage All Access
Step 1:SBR Carrier v 7.0(Now!!) • Modular AAA for Wireless and Wireline carriers • Standalone AAA server • combining all previously existing Juniper AAA carrier functionality into 1 modular product • Adding a mobile WiMAX module SNMP LDAP GUI CLI OSS Interfaces Optional modules SQL Scripting RADIUS LDAP Mobility modules Authentication modules SMS Auth * WiMAX Mobility CDMAMobility* SIM auth Back-Ends HLR Gateways Front-Ends SBR Carrier Core Proxy RADIUS *CDMA mobility and SMS auth EFT only in v7.0
SBR Carrier Core SBR Carrier Core • Built on Industry-proven SBR SPE technology! • Open and flexible AAA functionality regardless of end user access technology (through RADIUS, EAP, Http-digest), integrated into 1 platform • Supports SQL or LDAP based user repository, regardless of DB schema • Advanced service delivery features • Carrier grade proxy engine and filtering features • Virtualization support • Network integration features + • All 3GPP support built into SBR Carrier Core • Comes with all EAP methods enabled out of the box (except SIM/AKA): MD5, LEAP, GTC, POTP, PEAP, TLS,TTLS • Supports unlimited virtualization (directed realms) • Multiple additional optional features available
SBR Carrier 7.0 core new features • Location based profiles • Enables policy granularity on location basis • Access technology based policy • Available in 2 flavors: • Location based profiles for users • Location based profiles for groups SBR Carrier 7.0 • Improved Management • Web delivered Administration UI • Downloadable to any station • No permanent UI install • A browser is sufficient • UI managed EAP configuration • UI based filter management • Administration audit logs ensuring administration accountability • Enhanced scripting features • Enabling precise implementation of custom service and business logic • Providing unparalleled flexibility in implementing and growing service and business logic • JavaScript realm selection and JavaScript filter selection can: • Query and modify any AVP • Query LDAP or SQL databases • Flexible sub-TLV support • Support for sub-TLV’s in the core AAA engine • allow any sub-TLV requirement to be configured in the AAA core
SBR Carrier: Authentication Modules, Mobility Modules and Optional Modules SIM authentication methods for PWLAN and UMA • SIM authentication and authorization (against HLR over SS7 or SIGTRAN) • Kineto INC S1 interface (UMA & Femtocell) SIM auth SMS Auth * SMS OTP provisioning and authentication methods CDMA Mobility module • CDMA mobility, resource assignment and prepaid features • CDMA RevA QoS support CDMAMobility* JavaScripting module • LDAP JavaScripting • JavaScripted Filters • Core routing JavaScripting Scrip ting *CDMA mobility and SMS auth EFT only in v7.0
WiMAX WiMAX in SBR Carrier 7.0 • Modular approach, SBR Carrier Core + • WiMAX Module for wireline integration (EAP-TLS, EAP-TTLS) • WiMAX module + SIM authentication module for GSM/UMTS integration (EAP-AKA) • WiMAX Module + CDMA mobility module for CDMA integration • WiMAX mobility management: • Mobile IP v4 support • ASN and CSN authentication authorization • ASN and CSN key management • WiMAX resource management • Home Agent Management • Home Address (IP-address) Management • WiMAX QoS support • Charging • Roaming: H-AAA and V-AAA • Standards: WiMAX Forum NWG Stage 3 rev. 1.0, 1.1 and 1.2 compliant
DB DB • Modular Carrier Grade AAA • Available standalone or with HA cluster • combining all previously existing carrier functionality into 1 product • Adding central address allocation, concurrency and Session Control modules Step 2:SBR Carrier v 7.2 (March 2009) Xml/ https** SNMP LDAP GUI CLI SQL* OSS Interfaces Optional modules SQL Address Allocation Session Control Concur rency Scripting RADIUS LDAP Mobility modules Authentication modules WiMAX Mobility CDMAMobility SIM auth SMS auth Back-Ends HLR Gateways Front-Ends SBR Carrier Core Proxy RADIUS HA Cluster Session DB * Only in combination with Session control module
SQL/LDAP/CLI/Https RADIUS/RADIUS CoA SBR Carrier Non-Stop AAA and Service Delivery IPTV Home VoIP Internet Video Telephony Mobile VoIP Video Roaming FMC Push to Talk FR VPN ATM VPN PSTN Provider Unique Services Service Applications SBR Session DB cluster Policy & Control Wireless Access Network Wireless Access Data Center Edge Core CPE
SBR Carrier 7.2: New Optional Modules In-session service changes • RADIUS CoA based • XMLoverHttps and CLI (scripting) based interfaces • Applications: In session Hotlining, Legal Intercept, Disconnect, Prepaid, Tiered Services Session Control User/ Group based concurrency • Requires HA Cluster session DB for enforcement across the network • Concurrency limitations on a per-user basis • Concurrency limitations on a configurable attribute Concur rency Centralized IP-address allocation • Requires HA Cluster session DB for central ip-address pool management • All SBR Carrier Frontend AAA nodes use the same address pools • Splitting of address pools per AAA no longer required Address Allocation
Juniper SBR/AAA functions in WiMAX network • Network Attachment: Securely attach a user/device (or both to the network), and manage its session keys throughout the session lifetime • Mobility Management: Manage a user’s mobility throughout the session lifetime. • Resource Management: Assign and manage a user’s network resources • User IP-Addresses • Home Agent assignment • Quality of Service: Manage and assign a user’s WiMAX QoS flows and authorize their activation • Billing: Provide user/session and QoS flow (service session) based accounting to billing and reconciliation systems • Roaming: Act as a Visited or Home AAA in roaming scenario’s. Ensure proper authentication and billing
Internet • Upon tunnel initiation the CSN will generate a RADIUS request to the AAA server to request the mobility keys for the subscriber • The RADIUS server will respond with the access-accept that will include the mobility keys allowing the CSN to grant the subscriber an IP session on the network • The ASN-GW is relay agent between MS and AAA • If the authentication is successful the AAA server responds to the ASN-GW with an accept message that provides all the information necessary for the ASN-GW to initiate a Mobile IP tunnel for the subscriber to the CSN SBR Carrier in WiMAX NAP Network Access Provider NSP Network Service Provider RADIUS Application Service Provider Steel-Belted Radius Steel-Belted Radius H-AAA V-AAA RADIUS EAP/RADIUS • After MS connects to the radio network, it will be challenged by the ASN-GW to authenticate • The Extensible Authentication Protocol (EAP) is the protocol used for credential exchange in WiMAX • The MS can respond to the identity request with either • Device Credentials • A certificate is used for device authentication • User Credentials • A USIM or a username/password can be used for user authentication • Both device and User Credentials • A device certificate and username/password are used Mobile IP Tunnel EAP/ PKMv2 ASN GW CSN-GW Network Access Provider MS Connectivity Service Provider Mobile Core • Once the ASN-GW receives the access accept message from the AAA server it will use the information in the request to initiate a Mobile IP tunnel to the CSN
Standard Attachment methods supported with WiMAX mobility key generation EAP/TTLS SQL LDAP EAP/TLS PKI SBR/Carrier EAP/SIM-AKA SS7 HLR SIGTRAN • EAP methods support WiMAX mobility key generation • EAP-TTLS implementation from the pioneer of the protocol (Funk) • EAP-SIM/AKA implementation proven in countless PWLAN/UMA solutions • Support for other EAP protocols: MD5, LEAP, GTC, POTP, PEAP
WiMAX Mobility Management • Mobile IP key derivation: • Derive mobile keys and store them for re-authentication or handover • When Implementing SBR Carrier in clustered configuration, these keys are available to ALL of the SBR Carrier frontend servers in subsequent transactions • Mobile IP key distribution: • Distribute Mobile IP keys to Foreign Agent (ASN-GW) • Distribute Mobile IP keys to Home Agent • Mobile IP resource assignment: • Manage Home Agent resources • HoA (Home Address) Assignment RADIUS EAP RADIUS ASN CSN EAP Access [ Aggregation ] ASN-GW HA
Home Agent Management and Assignment • Simple Home Agent Assignment: • Fixed HA is assigned to the ASN on authentication • Dynamic Home Agent Assignment: • Primary-backup HA assignment • Home Agent Load Balancing • Round Robin HA assignment • Weighted Round Robin HA assignment Dynamic HA Assigment 70% load HA Assignment Access Accept HA 30% load HA
FA SBR Carrier roaming features • Act as Home AAA • Network attachment, mobility management, resource management, billing, QoS, Service delivery, … • Act as a Visited AAA • Mobility management, resource management, billing, QoS, … • Advanced proxy features: • Support for multiple proxy realms • Proxy load balancing • Proxy fast fail groups • Advanced filtering and scripting: • Inbound and Outbound • Remove, add and change attributes • Scripting allows custom attribute manipulation and DB access Home Network 1 Realm1 Realm1 Realm2 V-AAA Home Network 2 AAA server in Fastfail Outbound filter SBR as H-AAA SBR as V-AAA Home Network Inbound filter Visited Network
WiMAX access network QoS • Access network QoS profile transmitted to ASN-GW: • Access network QoS • Subscriber and Service QoS • Uplink/downlink rate limiting • QoS AAA modes: • HAAA: subscriber based QoS • VAAA: roaming peer based: Enforce visited network QoS over home network provided QoS • Types of QoS profiles: • HAAA: Subscriber/group based • Home network QoS • Roaming QoS • VAAA: Ability to rewrite QoS profile attributed by HAAA LDAP SQL QoS Profile ASN CSN Access ASN-GW HA
SBR Carrier Pricing 4 different types of SKU’s: • SBR Carrier core base server • Additional concurrent session licenses • Additional optional modules • HLR gateways licenses
SBR Carrier Core SBR Carrier Core server: SBR-CAR-AAA • The base server license, representing the SBR Carrier Core functionality. • Licensed on a per server basis: • Customer needs to purchase 1 license per instance he has running in his network, regardless of the fact those instances are running on separate hardware or within virtual domains on the same hardware.
SBR Carrier Concurrent User Licenses Additional concurrent user licenses • Concurrent sessions for the whole customer site • Licensed on a site basis: • ordered on top the SBR Carrier Core base model to expand on the number of concurrent sessions licensed in the product (concurrently attached to the network) • This is a cumulative license: For example if the customer purchases another 50,000 sessions, the customer is licensed for 100,000 sessions total. • The number of sessions are measured as concurrent sessions in the AAA session database. • The customer has the right to apply additional concurrent session licenses to all SBR Carrier servers on his site.
Concurrent User Licenses Example A customer requires a basic redundant AAA server (2 licenses) and estimates that he requires a total of 250,000 concurrent users on his site. The customer will need to order: • 2 X SBR-CAR-AAA, which will give him the ability to install SBR Carrier on 2 servers, with 100,000 concurrent users (the base license comes with 50,000 concurrent users, X2) • The customer still needs 150,000 concurrent users (for a total of 250,000 concurrent users) so will need to order SBR-CAR-ADD-50K and SBR-CAR-ADD-100K = 2 SBR Carrier AAA + 250,000 concurrent users
SBR Carrier Optional Modules Additional optional modules licenses: • Unlocks extra functionality on top of the SBR Carrier Core license • Licensed on a per server basis: • optional modules can be unlocked by an additional feature license key. • SBR Carrier core license needs to be present to unlock functionality • Customer needs to purchase 1 license per instance of SBR Carrier he wants the functionality unlocked on.
SBR Carrier HLR Gateways HLR Gateways for Authentication & Authorization on backend HLR • Required to use HLR as backend database for SIM based authentication, in combination with SIM authentication module (SBR-CAR-SIM) • Licensed on a per server basis: • ordered on top the SBR Carrier Core base model and SIM authentication module to allow authentication on a backend HLR • SQL and LDAP backends are part of the SBR Carrier Core license, the HLR backend is not • Customer needs to purchase 1 license per instance of SBR Carrier he wants the functionality unlocked on. • The customer can choose either SIGTRAN or SS7 based HLR gateways.
Service pricing • Service pricing now fully in line with Juniper corporate model. • All service is minimal 24/7 (Core support) • Limited support (Formerly Funk) 8/5 is not offered on the SBR Carrier product line and will be discontinued on all SBR Service Provider products • Direct Core support is approx 20% of product price (formerly 25%) • Partner Core support is approx 15% of product price
SBR Carrier in PPP and DHCP scenario’s • ERX & MX local DHCP server • authenticates subscriber on SBR AAA and SBR returns local DHCP pool name • authenticates subscriber on SBR AAA and SBR returns ip address from a pool SBR manages Premium Content RADIUS RADIUS PPP Core Transit Point/ Internet DHCP
Migrating customers from Legacy SBR products • Legacy products: • SBR/SPE • Optionally JavaScripting module • Migration package for each SBR/SPE server under valid maintenance contract: • SBR Carrier Core (SBR-CAR-AAA) • Additional 50K concurrent user license (SBR-CAR-ADD-50K) • Additional 100K concurrent user license (SBR-CAR-ADD-100K) • Optionally JavaScripting Module (SBR-CAR-JSC) • Cost: minimal, TBD • Why migrate: • SBR Carrier is a true converged AAA that will allow the Carrier to extract additional value from its subscriber base • SBR Carrier has a future • Better performance/scalability: SBR Carrier is tested and dimensioned for newer HW with better performance/scalability • More value in the base package • More options to expand and provide higher value per subscriber • Free 150K concurrent user license for every migrated SPE license
SBR Carrier in 3GPP networks Service and policy Subsriber Databases 2G- SGSN BTS BSC Identity and Policy repositories • Base Switching Station (GSM): TDMA • Data technologies (2.5G): • GPRS (60-80kbps) • EDGE (100-200kbps) GGSN Billing platforms Service Gateways HLR Service platforms SS7 signaling Network SBR Carrier GGSN Node-B 3G-SGSN Packet Backbone Network Intranets/Internet RNC • UTRAN (UMTS): WCDMA • Data technologies (3G): • UMTS (384kbps) • HSDPA (1Mbps-3.6Mbps)
Migrating customers from Legacy SBR products • Legacy products: • SBR/SPE • Optionally JavaScripting module • Migration package for each SBR/SPE server under valid maintenance contract: • SBR Carrier Core (SBR-CAR-AAA) • Additional 50K concurrent user license (SBR-CAR-ADD-50K) • Additional 100K concurrent user license (SBR-CAR-ADD-100K) • Optionally JavaScripting Module (SBR-CAR-JSC) • Cost: minimal, TBD • Why migrate: • SBR Carrier is a true converged AAA that will allow the Carrier to extract additional value from its subscriber base • SBR Carrier has a future • Better performance/scalability: SBR Carrier is tested and dimensioned for newer HW with better performance/scalability • More value in the base package • More options to expand and provide higher value per subscriber • Free 150K concurrent user license for every migrated SPE license
HLR / AUC SBR Carrier in UMA / Femtocell Environments Services & Applications UMA Subscriber Database Policy & Control SS7 / SIGTRAN LDAP / SQL AAA server identifies / differentiates traffic and routes to appropriate back-end for authentication RADIUS Wm S1 Transport GSM UMA Mobile Phone Gn Gb Backbone /Edge Router Security Gateway Gb Gi IPsec Tunnel Mobile Services A Up Broadband IP network A Odyssey Access Client 802.1x UMA Network Controller Broadband Services Router
Migrating customers from Legacy SBR products • Legacy products: • SBR SIM server • Migration package for each SBR/SPE server under valid maintenance contract: • SBR Carrier Core (SBR-CAR-AAA) • SIM authentication module (SBR-CAR-SIM) • JavaScripting Module (SBR-CAR-JSC) • Cost: minimal, TBD • Why migrate: • SBR Carrier is a true converged AAA that will allow the Carrier to extract additional value from its subscriber base • SBR Carrier has a future • Pricing for concurrent subs is lower than SIM server • Better performance/scalability: SBR Carrier is tested and dimensioned for newer HW with better performance/scalability • More value in the base package • More options to expand and provide higher value per subscriber • 50K concurrent subscribers in base package vs 1K in SIM server
Internet SBR Carrier in WiMAX NAP Network Access Provider NSP Network Service Provider RADIUS Application Service Provider Steel-Belted Radius Steel-Belted Radius H-AAA V-AAA RADIUS EAP/RADIUS Mobile IP Tunnel EAP/ PKMv2 ASN GW CSN-GW Network Access Provider MS Connectivity Service Provider Mobile Core
Migrating customers from Legacy SBR products • Legacy products: • None! • SBR Carrier is the first product that support true Mobile WiMAX
Cisco Access Registrar • Knockoffs: • Not as feature rich as SBR Carrier • Manageability not as good • SBR Performance is better • Requires programming in TCL or C for advanced features that are simply configurable in SBR • No EAP-AKA support, EAP-SIM support requires ITP • No IPv6 support • No native Oracle support • Watch out for: • RADIUS CoA support in base package • Aggressive discounting in turnkey solutions • Pricing: CPU (Core) based • Base Server (1 CPU/Core): $35,000 • Additional $10,000 per CPU/Core • SIM support more expensive and requires ITP product for HLR connectivity
Bridgewater AAA service controller • Knockoffs: • Very basic base feature package, SBR Carrier Core comes with a lot more features packed in the base package • Everything is an option (from EAP to accounting to assigning an ip-address) • Base package with 10K subs already more expensive then SBR Carrier core with 50K subs • List price overall 3 to 10 times as expensive as SBR Carrier, based on functionality • Requires expensive pro-services for expansion or custom business logic • Comes with integrated subscriber database, no support for existing subscriber databases. SBR can integrate with existing infrastructure • No EAP-SIM and EAP-AKA HLR support • Watch out for: • Good entry level price for 1K subs basic package, which allows customer penetration, anything beyond that is very expensive • Aggressive marketing • Company focus, this is their only product • DCHP server support • Integrated subscriber database can be an asset if that is a customer requirement • Pricing: subscriber based • Fully subscriber based • Everything is optional
Apertio (NSN) One-AAA • Knockoffs: • Pretty basic feature package acquired from AAA vendor focusing on German market • SBR Carrier is more mature and feature rich, has a large install base • Most of NSN’s customers are running SBR • Comes with integrated subscriber database, no support for existing subscriber databases. SBR can integrate with existing infrastructure • No EAP-SIM and EAP-AKA HLR support • No WiMAX support (NSN is selling SBR Carrier into WiMAX opportunities), but they are working on it • Watch out for: • Pure subscriber based pricing allows good entry level price, but scales out higher then SBR Carrier • Aggressive discounting in turnkey solution • The centralized subscriber management • Integrated HLR/HSS/AAA package • Integrated subscriber database can be an asset if that is a customer requirement • NSN approaching customers they have sold SBR to for a migration • Pricing: subscriber based • Fully subscriber based, estimated between $0.80 - $1.20/sub