UnifiZone Radius AAA - Authentication, Authorization & Accounting

UnifiZone

Radius Scenario

Wireless is emerging as a significant aspect of networking.
The only limit to a wireless network is the radio signal strength. There is no physical method to restrict a system in radio range to be a member of a wireless network.
Wireless networking, more than any other networking technology, needs an authentication and access control mechanism to ensure security.
The 802.11 standard has specified the use of RADIUS Server authentication mechanisms for authenticating user access to the WLAN.

UnifiZone AAA

UnifiZone AAA is our Radius Server appliance for any wireless service provider and can be easily integrate into its own Network infrastructure providing a full managed broadband access and accounting for each subscriber.
Our RADIUS system is capable to manage also wired network in order to become the unique AAA server for the whole network (wired and wireless).
UnifiZone offers a complete Radius server & Billing integration for several scenarios: HotSpot, Wireless Access WDSL, and ISP.
It offers an highly flexible and configurable RADIUS server based on Free RADIUS v2.x with web-based management GUI.

Captive Portal, included, is shown to the users during the first tentative on get access. As option, the Portal send the credentials via SMS and include Credit Card or Paypal payment methods.
Captive Portal can be also customized even for the single Hotspot with media contents and advertising information according to the location of Hotspot.

With Cloud solutions, Customer doesn’t need to buy hardware for Radius Server but only the Hotspots.
The UnifiZone can be configured for two possible cloud's scenarios:

Radius Cloud is the complete WISP solution having his own WiFi network that needs to have a high stable and reliable authentication service.

 Hotspot Cloud is the solution for all those who wish to provide WiFi professional services without having a dedicated infrastructure.



For both cloud solutions, Wi-Fi Users are automatically redirected to the authentication Captive Portal, while the remote Radius verifying the Wi-Fi Area (geo-localization) where users coming from and assign to them a traffic profile according to the their configuration.

Technical description

UnifiZone

UnifiZone has been developed on a robust FreeBSD OS with FreeRadius v2.x, the most advanced, reliable, modular and scalable RADIUS server with powerfull DB based on MySQL. It has an easy web management interface based on PHP5 language.

System Specification - Rack Version

• Rack 1U 19inch or ETSI Standard
• Double Power Supply
• Motherboard with double ethernet card 10/100/1000Mbps
• Intel © Processor at 1,6GHz
• 1 GB Ram
• 3 HardDisk 73GB
• RAID5 configuration (recommended)

Multiple Network Technology

System supports different broadband access network technologies:
HotSpot, HyperLAN, Fixed WiMAX, xDSL.

Wi-Fi Area restriction policy

Enabling user to get the access rights only in defined Hotspot areas

Reseller functionality

Enabling to manage three multilevel chains: wholesaler, reseller, operators

Integrated Captive Portal

Web page for Captive Portal can be customized adding own logo, advertising messages and web link to pages belonging to the walled garden list.

Native functionalities supported:
• Social Network Authentication (Facebook, Google Plus, Twitter, Linkedin)
• Paypal Payment methods
• Password Recovery
• Captcha antispam system
• Geolocalization

Authentication Methods Supported

• UAM with Captive Portal
• PPPoE
• VPN PPTP
• PAP
• CHAP
• EAP-MD5
• EAP-TTLS
• mOTP (mobile OTP)

Billing Management

System manages both prepaid and postpaid billing account and Paypal payment method is also supported.
RadioJungle controls bandwidth in uplink and downlink per single account. Profiles for both time and bandwidth is configurable too.

Graphic User Interface

All the functionality can be accessed by an easy and intuitive web interface based on PHP5. Administrator has a full control, creating new user and defining different policy profiles. One or more profiles can be associated to a single user account or user group.

Report and Logging

Data related to the session and traffic are stored in well organized database based on MySQL. Each information can be recovered by simple steps through the web gui interface. Traffic Log keep track of each site visited from a single account and meets governament regulation according to European directive.

Backup & Restore

Database information is saved in compressed format, reducing drastically the amount of space required on your storage. Once compressed it's downlodable locally and can be easily stored on cd-rom or dvd media. All information stored can be easly restored in DB.

SMS Gateway (optional feature)

Optionally SMS service can be added in "all in one" solution. By SMS, the system is able to identify the user automatically and no other sort of identity document is required. Moreover this service allows the provider to introduce several automation and control of operational process.

Existing regulation

Did you know...

Allow access to the Internet through your router without any authentication and control, is a risk as well as illegal.
Currently in European countries, there are different laws for the protection of children against child pornography and control the illecit use of the Internet communications related to international terrorism.

Therefore is mandatory to trace the user access to their data line to demonstrate its strangeness. Actualy the most secure system is the RADIUS tracking user traffic.

Here are some legislative references in this regard.

March 15th 2006 - Directive 2006/24/EC of European Parliament and of the Council

The Data Retention Directive is more formally knew as "Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC". According to the directive, member states will have to store citizens' telecommunications data for six to 24 months stipulating a maximum time period. Under the directive the police and security agencies will be able to request access to details such as IP address and time of use of every email, phone call and text message sent or received.
link (fonte eur-lex.europa.eu)