SDX Components > Infrastructure Components

Infrastructure Components

The SDX software interoperates with network management software available from other vendors to create a scalable implementation for managing subscribers and subscriber authentication.

AAA RADIUS Server

RADIUS enables remote access servers to communicate with a central server to authenticate subscribers and authorize their access to the requested system or service. RADIUS allows a company to maintain subscriber profiles in a central database that all remote servers can share. With a central service, it is easier to track usage for billing and to keep network statistics. The router provides RADIUS accounting and authentication, while the SAE provides SAE accounting and authentication.

We provide the Merit RADIUS application as a convenience to get started. We recommend that service providers move to a more sophisticated RADIUS server, such as the Interlink RAD-Series RADIUS or the Funk Steel-Belted RADIUS application, or integrate the SDX software with some other currently used RADIUS server. The SDX software works with other AAA RADIUS systems; however, we test and support system integration only with Merit, RAD-Series RADIUS Server, and Funk Steel-Belted RADIUS software.

You can use any RADIUS server for authentication and accounting that is compliant with these standards:

• RFC 2882—Network Access Servers Requirements: Extended RADIUS Practices (July 2000)
• RFC 2869—RADIUS Extensions (June 2000)
• RFC 2865—Remote Authentication Dial In User Service (RADIUS) (June 2000)

When a provider uses the SDX schema to integrate the RADIUS server with the directory, the SDX software provides the highest level of subscriber control. For example, when subscriber information is stored in the directory, the SDX software can provide a list of services for each individual subscriber.

The less integration the RADIUS server has with the directory, the less control the SDX software provides for individual subscribers. For example, subscribers may have to be grouped based on criteria such as domain name, router, or interface.

The SDX software can work without a RADIUS server. The SDX software can use either LDAP authentication and flat-file accounting, or it can rely on plug-ins to perform authentication and accounting.

Directory

The directory is the integration point for systems that interact with the SDX software. The directory also serves as a repository for customer information, license information, service definitions, policies, and SAE configurations. We provide the OpenLDAP directory with the SDX software as a convenience to demonstrate the capabilities of the product. We recommend that you use a more sophisticated directory server, such as DirX directory server, eTrust Directory, Oracle Internet Directory, or Sun ONE Directory Server in a production environment.

For the SDX software to work, all the information must be provisioned in the directory. We provide basic tools, such as SDX Admin and Policy Editor, to help provision the information into the directory. An external OSS can also provision all or part of the information directly through the LDAP interface or indirectly through an application such as DirXmetahub.

If you want to store data for use with the SDX software in a storage medium other than a directory, such as a database, you can develop data integrators that read your data from a storage medium, and write the data to a directory for use with the SDX software. The SDX software provides a data integration suite comprises a set of processors that perform different data management tasks.

LDAP Version 3

The SDX software employs LDAP version 3 to interact with directories. The SDX software is compatible with any LDAP version 3-compliant directory, but some integration work might be necessary, such as for the following requirements:

• Schema extension—This mandatory requirement must be completed as outlined in Directories in the SDX Integration Guide.
• Access control—This is an important function for wholesale/retail applications and for enterprise scenarios.
• Virtual list view control—Requirements are described in LDAP Extensions for Scrolling View Browsing of Search Results—draft-ietf-ldapext-ldapv3-vlv-09.txt (June 2003 expiration). This requirement is important when you run the eventing system.

Prepackaged Integration

We provide prepackaged integration for:

• OpenLDAP directory server—Open source directory included with SDX software. The OpenLDAP add-on package contains the UMC schema.
• DirX directory server—Optional add-on package offered with the SDX software. This directory is based on the Siemens DirX Solutions product.
• eTrust Directory—Optional add-on package offered with the SDX software. The directory server is a product of Computer Associates International, Inc.
• Oracle Internet Directory—Optional add-on package offered with the SDX software. This directory is a software component in the Oracle Application Server 10g.
• Sun ONE Directory Server—Sun Microsystems product included with Solaris 9. The SDX software's Sun ONE Directory Server add-on package also contains the UMC schema for Sun ONE Directory Server.

Third-Party Directory Servers

For information about the directory servers that you can integrate with the SDX software, see the SDX Release Notes. The SDX software is designed to work with directory servers that are robust, scalable, and suitable for the carrier market.

Sample Data

We provide sample data in LDAP Data Interchange Format (LDIF) to demonstrate how to provision the directory for different application scenarios. You can use the sample data as a starting place when developing or configuring specified applications of the SDX software. The SDX documentation provides references to the sample data to show sample implementations.

Directory Eventing and Failover

Many SDX components, such as the SAE, policy engine, and SDX Admin, are designed to run nonstop. These components get most of their configuration and provisioning data from the directory. If the data in the directory changes, it is not necessary to manually reload the data into affected components. The SDX directory client running in each of these components detects changes that affect the component, and the appropriate updates are made.

The SDX directory client is configured with a list of directory servers to use: one primary and any number of backups. If connectivity to the primary directory is lost, the directory client switches to an available backup directory server. If connectivity to the primary directory is restored, the SDX directory client detects the connection and switches back to the primary directory. This capability makes it possible to fine tune SDX deployments for added levels of availability and performance.

Web Application Server

The SDX software provides the JBoss application server. This application server is J2EE compliant and supports the J2EE applications that the SDX software offers. J2EE application servers include a Web application server.

The Web application server supports Java Server Pages (JSP) technology. JSP pages are Web pages that contain Java code and JSP tags (similar to HTML tags) embedded in normal HTML. The Java code and JSP tags produce dynamic HTML content and invoke the SAE functionality. For example, the sample residential and enterprise portals are Web applications that operate inside a Web application server.

We have tested the SDX software with other application servers. For a list of the application servers that we have tested with the SDX software, see the release notes.