Data Sheet V-6.

Empowering Networks for Business

-Next Generation Sterlite Tech AAA

Key Highlights
› Ubiquitous AAA for multiple
networks
› 150+ Deployments
› Support of multiple
business models
› Carrier Grade Scalability
and Reliability
› Broad multi-vendor
interoperability
› Configurable Service Flow
› RADIUS, Diameter &
RDBMS Server integration
Overview
A robust AAA server is a preliminary requirement to propel the growth that comes with the launch of new
services and an increasing subscriber base. Sterlite Tech AAA offers an access agnostic Carrier grade
AAA. It supports deployments from 10K concurrent sessions scalable and expandable to more than 1
million concurrent sessions. It can be deployed as a centralized AAA for multiple networks LTE, 3G,
WiMAX, GPRS, EDGE, EV-DO, CDMA2000 1x,UMTS, WiFi, Dialup / ISDN, and VoIP/ NGN, DSL, Cable,
FTTX or as standalone for each services. Sterlite Tech AAA centrally manages the authentication of
subscribers, devices & authorizes them for appropriate level of service and ensures reliable accounting
of usage. Sterlite Tech AAA competently manages the busiest of networks, easily scales to
accommodate growing business needs.
Sterlite Tech AAA is a part of Sterlite Tech CSM – Core Session Management platform that offers a
flexible framework to CSP's for Diameter and RADIUS stack. It offers a pre-integrated platform that
allows operators with a wider choice, greater flexibility, and facilitates tighter product integration and
addresses a wide range of access networks. Sterlite Tech AAA is compliant to the latest 3GPP/3GPP2,
IPV4 & IPV6, Wi-FI, WiMAX NWG specifications with approved standards of IETF, ETSI, ANSI and other
governing communication standards.
Wi-Fi Calling Multiple VoD Plans LTE WiFi Internetworking
Shared Data Plan Bandwidth Boost Authentication of Network Components

› Built in support for RADIUS Analytics & Reports Access Method & Control Authorization Concurrency Check

& Diameter eliminates need Mobile Data offload Time based plans IPoE

for custom mediation Captive Portal Authentication Session Management Load balancer
solution Fraud Detection
› Personalized services and
Use cases
management
Next Generation - Sterlite Tech AAA

Server manager Authentication & Authorization

Analytics EMS
(GUI) EAP, PAP , CHAP MS Chapv2, LDAP, Credit based, Location

Accounting Session Manager Quota Manager CDR Management

3GPP AAA Proxy AAA Elite CG MAP GW

Configurable Service Flow | SNMP| Programmable AAA I VSA I Single SPR

RADIUS + DIAMETER STACK

COTS Virtualization layer

COTS Hardware & Storage

Gateways

BNG/BRAS PDSN LI WAG/Controller ASN

DPI HLR/HSS P-GW GGSN CMTS

Networks

Fixed Line CDMA WIFI WiMAX 2G, 3G LTE

 Sterlite Tech AAA Data Sheet

Key Features Session Parameters & Profile, IPOE based on Option 82

› Transparent Authentication for all the Network Elements with
— Flexible Authentication Methods
Single AAA Instance with single SPR entry.
Sterlite Tech AAA authenticates remote usernames and
passwords against a wide range of authentication databases
— Efficient Authorization based on
(subscriber repository) to ensure compatibility with the network.
› Access Policy based on time, concurrent policy based on user
identity, policy group
› LDAP-based Authentication
› Diameter/RADIUS Policy based on any Diameter/RADIUS
Sterlite Tech AAA support authentication against subscriber
attributes such as NAS-IP, MAC, BSID, time-of-day, days-of-
credentials stored in LDAP directories, Sterlite Tech AAA can
weeks
integrate with multiple LDAP servers to support load balancing
› Check Item based on any Diameter/RADIUS attribute such as
and failover scenarios.
NAS-IP-Address, BSID, MAC or combination of them
› Calling-station-ID based checking where user can be restricted
› RDBMS-based Authentication
to specific list of MAC-addresses
Sterlite Tech AAA supports authentication against credentials
stored in SQL databases from Oracle and any rich set of Java
— Real time Accounting
Database Connectivity (JDBC) or ODBC 2.0-compliant
databases (Oracle, MySQL, and , PostgreSQL, MS-SQL Sterlite Tech AAA offers a scalable carrier-grade platform to
Server). handle thousands of accounting requests per second in realtime,
on suitable hardware, and caters to the busiest of networks. It's
- Sterlite Tech AAA authenticates users based on the type of
highly reliable accounting capabilities, eliminates duplicate
service
usage records ensures delivery of all accounting data to your
- Authentication based on a group of customers
billing systems.
- The subscribers can also be authenticated based on their
access source like DHCP Option-82 parameters
› Export CDRs
Sterlite Tech AAA can seamlessly integrate with the accounting
› HSS/ HLR Based Authentication
and billing systems. RADIUS accounting log files can be
Sterlite Tech AAA enables Diameter Communication with HSS
exported in spreadsheets, xml, pdf and database formats using
(Home Subscriber Server). HSS and HLR Authentication
the reports Tool
supported over 3GPP SWx and Gr'/ D' interface respectively.

› Header Support in Accounting Request Packets and CSV File

› Credit-based Authentication
Sterlite Tech AAA provides an option of including the header
Sterlite Tech AAA can authenticate subscribers based on their
packet with all standard attributes and required vendor-specific
Credit Limit using the Credit Limit attribute in LDAP or the
attributes in the accounting request packet and CSV files. It also
database. The authentication will succeed only if the subscriber
provides a configurable option to choose specific attributes to
has credit balance.
be written in the CSV file and delimiter for the attributes. CSV
creation is very flexible in terms of managing order of attribute
› PAP /CHAP Support and naming convention of CSV files.
Sterlite Tech AAA supports PAP / CHAP protocols for
authentication through LDAP, database and users file. On › Forward Accounting Data to Database, and CSV file
enabling CHAP support, Sterlite Tech AAA encrypts the plain
Sterlite Tech AAA provides support for multiple storage types
text password stored in LDAP, the database or the users file. It
such as database and csv file. It stores all accounting requests
compares it with the encrypted password received in the
in all configured storages. The accounting data stored in these
RADIUS packet.
can be pulled into a central billing system for charging
customers based on their usage.
› EAP Authentication
Sterlite Tech AAA supports RADIUS and Diameter Multi- › Rollover capabilities for CDRs
Extensible authentication protocol (EAP) and attribute
Sterlite Tech AAA offers extensive support of file rolling based
definitions with support for vendor specific attributes in
on combination of size & time based file rolling or combination of
authentication packet. It support following EAP methods - EAP-
size & no. of records based or time based rolling greatly helps
TLS , EAP-TTLS , EAP-TTLS with MS-CHAP, PAP & MSCHAP V2
manageability of CDRs.
,EAP AKA ,EAP SIM, , EAP-AKA', EAP-PEAP.

— Policy Management
› Authentication based on parameters
Policies can be defined at the driver level, system level, rate plan
MSISDN, IMSI, Username / Password, APN, MAC, Location,
level, and the account level for authenticating and authorizing
users. For this Sterlite Tech AAA supports:
 Sterlite Tech AAA Data Sheet
› Check, Reject, and Reply Items for authentication
RADIUS Policies can be configured with check, reject and reply
items for authenticating users based on RADIUS standard or
vendor specific attributes. Checks can be implemented on the
origination of the authentication request, called station ID,
calling station ID and type of service. Necessary responses can
be given using reply items and requests can be turned down
using reject items in the RADIUS Policy.
› Multiple Checks, Reject, and Reply Items for Authentication
Sterlite Tech AAA can check for a single standard or vendor
specific attribute multiple times. This facilitates a check on an
attribute for a list of values. The check will be made for all the
values for the specified check item. Befitting responses can be
given based on reject and reply items in the RADIUS Policy.
› Precedence Order and Logic
Multiple RADIUS Policies can be configured for a single
customer. There is a possibility here that there are multiple
check items created on the same attribute. The same applies to
reject and reply items. Sterlite Tech AAA has an inbuilt
precedence order and logic for handling such situations.
— Static and Dynamic IP Pool Management
Sterlite Tech AAA provides IP pool management to maintain a list
of used and free IP addresses. An IP pool can be bound with a
network Access Server (NAS) and at Subscriber level. IP
Assignment can be configured based on group, realm, profile &
NAS. IP addresses are allocated to the end-user from selected
pool. Dynamic IP Address will be reserved/freed based on the
network attachment and detachment of subscriber.
— Advanced Proxy Capabilities
Proxy forwarding based on realm, ANI(Automatic number
identification) , DNIS (Dialed Number Identification Service) and
NAS-IP-Address support. Sterlite Tech AAA provides an option to
forward request to another AAA server based on any RADIUS
attribute. It also allows to select the matching pattern for the
attribute. Strip Support including prepend/append & regex, with
choice of removing the realm pattern from a username with Sterlite
Tech AAA. It also allows to configure whether to forward the
request to another AAA server or to authenticate locally after
removing the username. Elite AAA supports broadcasting the
Authentication and Accounting request to multiple AAA Servers.
Sterlite Tech AAA also supports Enhanced Proxy Communication
for Sequential Proxy communication and co-relation with external
systems, with adherence to RFC for proxy chaining and policy
implementation in roaming.
— Mediation
The mediation features of Sterlite Tech AAA enables export CDRs
stored in proxy and main AAA server's local database, CSV file,
from where it can be fetched by the rating engine. It provides
configurable options for including header information in the CSV
file. The CSV format allows to store both standard and vendor-
specific attributes. CSV files can be classified based on the NAS-
IP-address. CSV files are rotated on a daily basis . Eliminates the
need for custom mediation solutions
Sterlite Tech AAA supports RADIUS & Diameter in the same
instance so there is no need of any custom mediation for protocol
conversion.
› Active Mediation
Sterlite Tech AAA supports Parlay, EJB and RADIUS Protocol.
Sterlite Tech AAA can integrate with 3rd Party Rating and PPS
(Prepaid Server) for Real time credit control and real time
accounting through Rating API.
— Charging gateway
Sterlite Tech AAA charging gateway integrates to operator OCS or
Billing system over diameter or over JAVA RMI for real time
prepaid services.
› Protocol conversions supported
DIAMETER, JAVA API , HTTP/SOAP
— Hot-lining Support
Supports redirecting users with no balance in their account or for
upgrading their balance. It helps prevent excessive- & fraudulent
service usage. A subscriber can be redirected at the start of the
session or in mid session. Sterlite Tech AAA supports user profile
based hot lining, Rule based hot lining, mid session hot lining or
new session hot lining.
— Multiple Protocol Support
› RADIUS, Diameter, SIP, Parlay, Java, CORBA, SOAP/HTTP,
XML, LDAP, Telnet
› PAP,CHAP, MS-CHAPv2, EAP, MIP, MIPv6
› UAM, PPPoE, EJB, SNMP & TCP/IP, IPv6, GTPP
— Carrier Grade Reliability
Sterlite Tech AAA allows Operators to meet stringent uptime
requirements with reliable state-of-the-art features. These include
but are not restricted to the following features:
› Failover Support
Sterlite Tech AAA supports Intelligent Load balancing & failover
with various aliveness checking. It enables configure LDAP and
proxy servers to keep your services up and running even in
cases where a server fails or suffers a bottleneck. The requests
are diverted to an alternate server which handles the requests
until the failed server is up again. Timeout and number of
request to determine a failure are also configurable.
› Connection Pooling
Sterlite Tech AAA supports cluster and connection pooling to
 Sterlite Tech AAA Data Sheet
ensure that a connection is readily available when one is
needed. Instead of keeping a request on hold until it creates a
connection on demand, it fetches an unused connection from
the pool, thus ensuring speedy processing.
› Virtualization
- Supports OS Virtualization and multi-core architecture, where
multiple instances can run on same server
- Virtualization support with deployable in-premise and on
cloud
› Supported Hypervisors
- RHEV, Hyper-V, CITRIX, Xen, VMWare, ESXi, KVM, Openstack
with KVM, Amazon AWS, Microsoft Azure
› Reliability to support rapid business expansion. With 99.999%
availability.
— Subscriber Management
Centralized customer profile - Management of prepaid and
postpaid subscribers within common infrastructure. Subscriber
Profile information like QoS policy, static IP address, dynamic
p olicy checks, a uthorization configurations etc. can be
configured with subscriber data. This subscriber information can
be updated by BSS systems using HTTP SOAP and/or HTTP
RESTful APIs.
— Server Manager
Sterlite Tech CSM s erver m anager offers a centralized
configuratable GUI used to manage multiple Sterlite Tech AAA,
Sterlite Tech CG, Sterlite Tech DSC systems from centralized
location.
Sterlite Tech AAA's Server manager helps
› Centrally Manage Multiple Sterlite Tech AAA server instances
and multiple authentication, accounting and SNMP service
instances through server manager GUI.
- Export/Import all Server Instances configuration.
- Roll Log based on Time & Volume.
- Reload the Cache Configuration without stopping the server
—
Resource Manager & Session Manager
› Sterlite Tech AAA resource manager helps , centrally manage
multiple resource manager server instances and IP pool
management services through server manager GUI
› Resource manager is used for protocol conversion from
RADIUS to Diameter, RADIUS to JAVA-JMI
› View, disconnect, purge and download active sessions details
through session manager. Search active session based on
several parameters like username, NAS IP address, group
name and idle time.
› It supports SNMP counters &aAlerts for
- IP pool management
- RM charging services – counters available for charging
service
— Monitoring & Maintenance
› Sterlite Tech AAA supports SNMP. It provides with real time logs
& reports and real time stats through SNMP. It also offers
protection from SNMP trap flood. Operator team can view
system KPI from dashboard. It also supports HTTP Adapter in
Sterlite Tech AAA for KPIs all the MIBs are accessible through
Web browser and JMX client like jconsole or NMS Systems.
› Dashboard Monitoring
- TPS, Memory usage of system
- Authentication & accounting packets processed
- Authentication response messages
- TRAP listener (errors on dashboard)
- RADIUS client wise messages processed
• Graphical format
• Numeric (No. of Requests / Responses)
- Data source / drivers availability
• Status of each datasource available on GUI
- Dashboard personalization / ACL System
— Secure Wired 802.1x Network Access
Sterlite Tech AAA provides network access to authorized users
authenticated against the designated database, when they are
connecting via wired 802.1X.
Authentication in this case is based on user identity rather than on
the ethernet port to which they're plugged. It passes the required
information to the switch allowing it to dynamically configure the
port's behaviour based on the user's authorization information.
The EAP-MD5 protocol it uses, beefs up credential security,
ensuring that users' login credentials are not stolen; mutual
authentication of client and server takes place, to prevent a user
from being duped into connecting to a rogue network; and ensures
data privacy. Sterlite Tech AAA supports secure access over
HTTPS with X.509 certificate via SSL. Supports encryption and
key rotation based on IEEE 802.1x and Wi-Fi protected access
(WPA/WPA2)
— Access Policy, Group policy and Concurrent policy support
With configurable concurrent sessions for each user. Different
rights & policies can be grouped in a number of ways to form
different access groups
› Enables operator to perform following actions
- Creating access groups to grant access to modules
- Creating staff members to operate server manager
- Staff management
— Vo WiFi
Sterlite Tech AAA 6.8 now supports VoWIFI business case with
release of Diameter 3GPP Service Policy support; it will enable the
operators with below use case
› EAP-SIM, EAP-AKA and EAP-AKA' over 3GPP enabled SWm
› Devices that do not support the EAP-SIM/AKA method
› Intelligent support for both HLR and HSS based hybrid networks
 Sterlite Tech AAA Data Sheet
› Policy based information fetching and decision making from
existing PCRF
› Complete control for configuring a 3GPP business flow
› Multiple service handlers to customize service policy for business
requirement
— Enhanced Transaction Logging Architecture
Sterlite Tech AAA offers enhanced transaction logger for RADIUS
and Diameter packets with a simplified single line summary about
request and response processed by server. Scenarios of failure
can now be understood with request & response logging reducing
the time to solution for the problem. It also comes with highly
customized logging architecture based on business requirement
with Multiple plugin configuration possibility for dynamic logging,
Different logging format for different call flow design and separate
logging files for different service flows.
— System wide global Plug-In configuration support in AAA
With Sterlite Tech AAA the plug-in configuration has been
centralized with global plug-in management this will enable with
the following:
› Single plug-in for multiple service moved to Global Configuration
from AAA Instance Level
› Multiple universal plug-in managers for RADIUS and Diameter
› Reusability of plug-in to multiple AAA instances
› Multiple plug-in configuration – to avoid lengthy configurations in
single plugin
› Reduce configuration error and time
— GUI access for Custom Business logic via scripting
Sterlite Tech AAA now comes with GUI for groovy plugins to easily
create, modify and support custom business logic or dynamic
business change into the network directly from the GUI. With
newly developed GUI it would reduce time to market through ease
of management, reuse of the groovy plugin from the centralised
GUI.
— Operating System Support
Sterlite Tech AAA supports following Operating System.
› Linux Red Hat
› Sun Solaris
— Key Deployment Features
› Deployment Architecture 1 + 1, N+1 Active-Active or Active
Stand by mode
› Geographical cluster separation Active-Active
Why Sterlite Tech AAA
— Highly Flexible and Configurable system
Sterlite Tech AAA is designed keeping the dynamic requirement of
Operators, it offers great flexibility in configuration
› Single screen for defining Authentication and Accounting policy
there by greatly reducing chances for errors and time for
configuration.
› Configurable Service Flow
Sterlite Tech AAA also offers configurable service flow, it allows
operator to define the service flow from a single view through
easy drag and drop handlers. Single Service Handlers can be
added multiple times to achieve Call Flow Requirement.
Sterlite Tech AAA now has support for both Diameter and
RADIUS support in the service flow handlers as mentioned
below. The handler based architecture enables operational
team to define the business service flow as required from a
single GUI.
› Authentication Service Handler
› Diameter Proxy Handler
› Diameter Broadcast Handler
› CDR Handler
› Authorization Handler
› Plugin Handler
› Profile Lookup Handler
› Diameter/RADIUS Broadcast Handler
› Advanced Translation Mapping
Dynamic Mapping of Attributes from one to another with the
possibility to change the protocols either from RADIUS to
Diameter, Diameter to Diameter, RADIUS to RADIUS, RADIUS to
WebService with an extensive use of Java Expression Libraries.
› Dashboard view of system performance
Operator team can see the system performance from the same
GUI.
— Smart Over load Protection with Priority Queue
To ensure a consistent user experience operators need to ensure
to manage effectively the network fluctuations caused in the
network, Sterlite Tech AAA offers multi levels of threshold
protection to handle TPS spikes in the network gracefully, which
improve the service availability for the connected sessions and
revenue assurance for the operators.
— Programmable Sterlite Tech AAA
To deal with unanticipated requirements of security and
interworking, Sterlite Tech AAA is engineered with an advanced
scripting capability to customize special policy needs and solve
interoperability challenges, enabling network operators to
program and automate policy-based configuration changes with
plug-in script support. Sterlite Tech AAA has specific built in
adaptor hooks which enable service providers with agile product
based development, specific on site customization and flexibility
to configure in translating protocols for creating new services. This
feature is upgrade compatible, flexible, can easily drive custom
logic and enables faster time to market
— Broad Multi-vendor Support & Integration
 Sterlite Tech AAA Data Sheet

Sterlite Tech AAA ably fits into any network environment and works › Wi-Fi Calling (VoWi-Fi)
with the widest variety of network access equipment. The broad › Mobile Data Offload
multi-vendor support it provides allows easy integration of legacy › Shared Device plans
systems with new systems.
› IPoE based Authentication
› It supports most of the back-end authentication databases, and
› Volume on demand
is compatible with the latest authentication, provisioning, and
› Session Management
billing systems.
› Anti Fraud & Secure Access
› Sterlite Tech AAA easily interoperates with other AAA servers,
ensuring smooth communication with other service providers › QOS based Authorization
and enterprise customers. › Access Method Authorization
› Seamless interaction with multiple external AAA servers and › Access Control Authorization
roaming partners. › Monetary and Quota Re Authorization
› Standard based charging gateway, prepaid adapter modules to › Location Services
address prepaid charging. › Block Sites
› Pre-integrated SS7/Sigtran stack supporting MAP gateway › Restriction of User Login Based on MAC-Address (Calling-
allows integration with mobile network elements such as the Station-ID)
HLR.
› Restriction of User Login Based on BS-ID (Base Station)
› Support for 3GPP and non-3GPP interworking.
› Restriction of User Login Based on Time
› Supports simple IP (SIPv4) & Mobile IP (MIPv4), PMIPv4,
› Authentication & Redirection Policy for Factory Default User
CMIPv4, IPv4.
› DIAMETER Re-Authentication
› Seamless integration with BREW Gateway, WAP Gateway, IN
› Concurrent User Session Control
Platform, third party PPS and PDSN, ASN Gateway, GGSN/SGS/
wih multiple PDP Contexts & VPN and VPDN Support. › Multiple REALM Support
› Real-time session management to enable mobility, roaming, › Auto Session Closure for Stale Sessions
security, and usage tracking and r eal- t ime session › Redirection upon FUP
disconnection based on re-authorization functionality. › Midnight Bandwidth Boost Service
› Diameter based Wi-Fi Use Cases
— Multi Network Support › Authentication of Network Components
Sterlite Tech AAA supports multiple networks such as LTE, 3G, › Device based Policy
WiMAX/NWG, GPRS, EDGE, EV-DO, CDMA2000 1x,UMTS, WiFi, › Peak off Peak Plans
Dialup/ ISDN,VoIP/ NGN, DSL, Cable & FTTH.

— Performance
Compliance to Standards
Sterlite Tech AAA can be deployed on platform supporting JDK
1.6 version or above, it supports 1500 TPS on 8 Core CPU x 2 of › 3GPP , 3GPP2
2.4 Ghz & 64GB RAM. › IETF Enriched AAA RFC Compliance
› Femto AAA
— Use Cases supported › WiMAX NWG 1.3 & 1.5 Compliant
› Time of Day or Day of week Authorization › WiSpr 2.0
› LTE- Wi-Fi interworking › ETSI TISPAN

Sterlite Tech CSM Platform Products Include

AAA PCRF DSC CG

Sterlite Tech AAA Data Sheet

About Sterlite Technologies:

Sterlite Technologies Ltd [BSE: 532374, NSE: STRTECH], is a global technology leader in smarter digital
infrastructure. With a pure-play telecom focused business that develops & delivers optical communication
products, network & system integration services and OSS/BSS software solutions, Sterlite Tech has sales
network in six continents. The Company has manufacturing presence in India, China & Brazil, and aims to
transform everyday living by delivering smarter networks. With a strong portfolio of over 130 patents, Sterlite Tech
is home to India's only Centre of Excellence for broadband research. Projects undertaken by the company include
intrusion-proof smarter data network for the Armed Forces, rural broadband for BharatNet, Smart Cities'
development, and establishing high-speed Fibre-to-the-Home (FTTH) networks.

Office

STCC17/DS-AAA/0305
Sterlite Technologies Limited
Block 6, Magnet Corporate Park,
Nr. Sola Flyover, Thaltej, Ahmedabad - 380059 INDIA
Phone: +91 - 79 - 66065606 Fax: +91 - 79 - 26407640

Sales & Marketing

Mumbai Tel : + 91 - 22 - 61435100 Fax : + 91 - 22 - 61435151
Delhi Tel : + 91 - 11 - 47540400 Fax : + 91 - 11 - 41589760
Pune Tel : + 91 - 20 - 67083000
Dubai Tel : + 971 - 4 - 204 5391/5390/5392
Mauritius Tel : + 230 9481739

For queries or demo email us : sales@sterlite.com

www.sterlitetech.com

© Copyright 2017 Sterlite Technologies Ltd. All Rights Reserved.