Instead of offering authentication only against a text-based user file and local user database, NavisRadius includes authentication "proxies" for Windows Active Directory/NT domains; Unix/etc/passwd; Kerberos; Novell Directory; external databases, such as Oracle or MySQL; LDAP servers; and various hard-token authentication systems, such as SecureID, Defender, SafeWord and VASCO. Although it doesn't natively support NDS and Windows AD, it uses the LDAP interface to authenticate after registering itself as a user with administrative rights. We were surprised to learn NavisRadius doesn't support TACACS+, an AAA protocol based on TCP rather than UDP that is often used for administrative access.
Java 2 is needed because the server builds on the flexible and extensible Java-based PolicyFlow plug-in architecture. We were impressed at how NavisRadius isolated the authorization aspect of RADIUS from authentication and accounting. For example, the USS (Universal State Server) keeps track of all the sessions the server supports and facilitates authorization decisions based on counters in the internal network-session database. We could use this feature to enforce concurrent logon restrictions by the same user name or limit logons to specific realms supported by the server.
User configuration in the Access Manager could be simple (authentication only, with no specified authorization attributes) or complex with access-control lists using multiple authentication sources and user profiles. You can set them on a per-user level or define them as profiles (templates) that are assigned to users.
NavisRadius doesn't manage IP address pools as a tool for concentrating remote-access management (Funk's and Cisco's products do). Being able to allocate an IP address from a RADIUS server-managed pool is useful, especially to assign addresses to users and restrict access based on availability of IP addresses dynamically. Lucent says this is a function of its IP Manager, which integrates with the NavisRadius. However, NavisRadius can assign IP addresses on a per-user basis if the address is included in the user profile or template as a Framed-IP-Address RADIUS attribute. NavisRadius also has a DHCP plug-in that you can use to request that the network DHCP server allocate an IP address for the authenticating user.
We ran into a few glitches while trying to authenticate against AD, especially after we upgraded NavisRadius to version 4.3.2. For example, the server would authenticate the user against AD successfully, but the PolicyFlow would fail to authorize a valid user, even after a fresh install of the server. Ultimately, we had to reboot the machine. It was apparent that the registry entries were not updated with the upgrade. The customizable real-time log feature and the built-in test client helped us resolve this problem, with assistance from Lucent.
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
