WHAT IS RAIDSS?

RADIUS ADAPTIVE IDSS (or RAIDSS) is a networking protocol that is used for managing authentication, authorization, and accounting (AAA) services. It is commonly used in network access control scenarios, such as for managing user access to network resources like Wi-Fi and other types of internet connectivity.

Here are the main functions of RAIDSS.

  • Authentication: Authenticate users attempting to access a network or service. It verifies the identity of users by checking their credentials, which can include usernames and passwords, digital certificates, or other authentication methods.

  • Authorization: After authentication, it can determine what level of access or permissions a user should have. It can make decisions based on user attributes, group memberships, or other criteria and grant or deny access accordingly.

  • Accounting: It can record and track user activity for billing, auditing, and reporting purposes. This includes logging information about user sessions, data usage, and other network-related activities.

RAIDSS is a highly configurable and scalable radius platform that allows clients to easily customize and control how to authenticate users and record accounting information. It is interoperable with different servers like Network Access Server (NAS) and Broadcast Remote Access Server (BRAS) and can be easily integrated with any OSS system for account provisioning, account modification, package modification and account deletion.

RAIDSS uses multi-threading and multi process technology to support high volume transactions. 

RAIDSS is designed to scale both horizontal and vertical to meet the customer demands.

FEATURES AND BENEFITS

  • Supports small and large virtual ISP and carrier systems.

  • Works reliably in a huge range of environments.

  • Allows easy modification to suit the client’s special requirements.

  • Allows multi-vendor BRAS/NAS support.

  • Performance and scalability for different network architectures.

  • Easy-to-use customer support web dashboard.

  • High-speed authentication that can reach up to 1,000 authentication per second.

  • Real-time health check monitoring with SMS and Email alert.

  • Comes along with web-based server administration panel.

  • On the fly creation of packages/plans.

  • Speed test optimizer per BRAS vendor (speed attributes).

  • Built-in user account management.

  • Dynamic authorization extensions.

  • Supports Centralized, Standalone or Distributed deployment.

  • The network access control solution must be capable of combining Authentication, Authorization and Accounting (AAA) into a single appliance 

  • Supported Protocols: 

    • Password Authentication Protocol (PAP)

    • Protected Extensible Authentication Protocol (PEAP)

    • Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAPv2)

    • Extensible Authentication Protocol-Message Digest 5 (EAP-MD5)

    • Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)

    • Extensible Authentication Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) 

    • Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS)

    • Protected Extensible Authentication Protocol-Transport Layer Security (PEAP-TLS) 

    • Support different basic user authentication methods such as 802.1x, MAC authentication bypass (MAB), and browser-based Web authentication login access for both via wired and wireless networks. 

  • Easy to use tools for creating and comprehending policy set. A hierarchy-defined container is present in every network access policy. For both authentication and authorization, multiple rules creation can support and can be defined for any conditions.

  • Support posture service checks the state of the clients for compliance with security policies

  • Supports use of attributes for authorizing management access to a NetworkAccess Server (NAS).  Both local and remote management are supported, with granular access rights and management privileges to comply with security policies.

  • Able to provide a history of all the commands that have been configured on all the network devices. It must be able to provide or export reports. 

  • Multiple logs setup for GUI and other services. Logs are exportable to CSV for report creation

  • In the event that there are no External identity stores available, the solution must be able to contain all the identities of the users that will access the network. 

  • Able to identify all users accessing the network

  • Able to integrate with External identity sources such as Active Directory (AD), LDAP, RADIUS Token and RSA SecurID servers to obtain user information for authentication and authorization. 

  • Supports role-based access control (RBAC) policies. 

  • Supports Simple Mail Transfer Protocol (SMTP) server for automation of various mail messages

  • Supports rollback of software patches from a previous patch if any errors/bugs are experienced after the patch installation. 

  • Supports certificate-based authentication 

  • Supports guest access management for the administrators. 

HARDWARE SPECIFICATIONS

Server Specification
Triple A Application Server 32 GB RAM or better
8 cores x CPU 3.2GHz or better
1TB SSD or better
Network interfaces that are not limited to 2 x 10
GE Base and 4 x 1 GE Base copper ports.
Note: Licenses must be shared within the whole deployment may it be in distributed/ High Availability setup.
Triple A Database Server 32 GB RAM or better
8 cores x CPU 3.2GHz or better
10TB SSD or better
Network interfaces that are not limited to 2 x 10
GE Base and 4 x 1 GE Base copper ports

Our architecture is designed using distributed workload for high availability and high performance.

Our solution is to avoid service disruption and unplanned downtime with the help of multiple Load Balancers.