Features

VOP Radius is a Radius server specifically designed for service provider and Corporate environments where minimal maintenance and a strong integration with existing installations are strongly desirable. This document lists in exhaustive detail the features supported by VOP Radius.

 

Features   Reliability & Performance Enhancing Features Authentication, Accounting and Integration Capabilities Proxy & Roaming Capabilities Access Control Facilities Troubleshooting & Logging

Back to top Reliability & Performance Enhancing Features VOP Radius has several features that enhance both the performance and the reliability of the Radius server. 32 bit application, Multi-Threaded Design VOP Radius is a 32-bit application, designed to operate in a multi-threaded fashion. Optimized for use with Windows NT 4.0, 2000 or 2003 (workstation & server). More than one CPU can be used on a server concurrently. VOP Radius has been designed to effectively utilize Dual-CPU machines. VOP Watch Monitor Our VOP Watch program is a background application that monitors the state of VOP Radius at all times. Should one of the VOP Radius threads freeze or crash, VOP Watch will restart the application automatically ensuring continuous operation. Authentication Caching Over a specified period of time, an authentication cache can accumulate a list of usernames, passwords and session limits internally until it reaches its capacity in terms of cache lifetime and number of entries. Beyond the cache entry limit and lifetime, new entries simply cycle through (ie: the oldest entries are deleted). Should the connection to the main authentication data source fail (for instance, the SQL server dies), VOP Radius can authenticate from this on-board cache instead. Authentication Fallback Instead of cache backup authentication, you can tell VOP Radius to authenticate against a different data source if the primary authentication method should fail. For instance, if you authenticate against an SQL server during normal operations, you could fallback to text-file authentication as a backup. This way, instead of relying on cached information, you can produce some form of duplicate database and authenticate from it instead. Backup Server at 50% You can purchase a second copy of VOP Radius with a 50% rebate if you intend on using it as a Backup Radius Server for your primary Radius. This gives you even greater redundancy in addition to all the features that come with the application. Configuration Wizard Configure your Radius server quickly with our user-friendly Configuration wizard. It's the best tool for first-time users.

Back to top Authentication, Accounting and Integration Capabilities VOP Radius distinguishes itself with one of the most diverse authentication capabilities in the Radius server market. VOP Radius can authenticate against different types of databases, in addition to multiple data sources based on the realm and can even fallback to another data source in case of failure. Furthermore, VOP Radius is supported by a large number of third party billing solutions. Accounting information can also be written out either in plain text or exported to an ODBC data source. Authentication Protocols VOP Radius can authenticate users using either of the following protocols: PAP, CHAP, MSCHAPv1, MSCHAPv2 and EAP-MD5 Text-File Authentication VOP Radius can authenticate users using either a Livingston format text-file or against the UNIX "passwd" file. Text-file authentication is useful if you're moving away from a UNIX-based Radius to VOP Radius. Use our ODBC Conversion feature to convert positive authentication requests to an ODBC database. NT-SAM Authentication If you store most of your members in the NT Security Access Manager database, VOP Radius can authenticate using that data source. Since the passwords are encrypted and can't be easily extracted, if you want to move to ODBC later on, you can take advantage of our ODBC Conversion feature (as above) to capture positive authentication replies, including clear text passwords, and write them to ODBC. ODBC Authentication This is the most commonly used form of authentication. Since most people who use VOP Radius also use 3rd party billing and accounting solutions, or use their own homegrown solution, VOP Radius can interface with all ODBC compliant databases. 3rd Party Integration VOP Radius seamlessly integrates with several Windows-based billing packages including: Internet Back Office Billing (iBOB), RODOPI, ISP-Power, Platypus, Hawk-I, Emerald and several others, both at the authentication and the accounting level. Authentication by ID VOP Radius can authenticate users using multiple data sources based on the roaming ID. For instance, if someone logs in as user@realm1, you could have this user authenticate against one ODBC data source. If the user on the other hand authenticates as user@realm2, they can get authenticated through another data source You can mix data source types as well. You can also group several different realms under the same data source. Text-File Accounting Aside from Authentication, VOP Radius can also log accounting information. Text-File accounting can be done in two different modes. The first mode is using our VOP proprietary format, useful for troubleshooting and debugging. The other format is the Livingston accounting log format that is used by some third-party applications to update their internal accounting tables. ODBC Accounting VOP Radius can also log accounting packets to an ODBC log that can be read using your billing/member software, or processed with ODBC-compliant report generators like Crystal Reports. Various 3rd party billing applications like RODOPI, Platypus, iBOB and Hawk-I also uses ODBC logging extensively. Brand-Name Support, authenticate for all these network access servers VOP Radius works with 3COM, ACC, Alcatel, Ascend, Nortel, Cisco, Colubris, Computone, Gandalf, IPA, Lantronix, Livingston, Windows RRAS, Patton, RASExpress, Redback, Shiva, Tainet, Telebit, Versanet and any other Network Access Server that supports Radius requests.

Back to top Proxy & Roaming Capabilities VOP Radius can serve as a Proxy & Roaming server. VOP Radius can serve as a proxy to other RADIUS servers so you can easily distribute authentication and accounting packets over your network. Roaming is the ability to proxy packets coming from a local or remote Radius Client (like a NAS) where the authentication data source is actually a remote Radius Server. VOP Radius knows this by the Roaming ID. If a packet is sent using a Roaming ID (ie: user@realm) and that ID is associated with a remote Radius Server, the authentication packet will be routed to that server. Proxy Support Since many Radius servers on the market do not support roaming, caching or dual login control, VOP Radius can be used to act as a Proxy & Backup for another Radius server. Roaming by ID VOP Radius supports Roaming by realm ID. If a user logs in on a local (or even a remote NAS that points at your Radius server) with username@realm, VOP Radius will check its list of servers. If one of them has that realm associated to it, it will route the authentication and accounting packets to that server instead of authenticating the packet locally. Unlimited Realm Support IDs or realms can be either a prefix or a suffix attached to the username. A prefix, for instance, can look like this: realm/username. A suffix tends to be the more common username@realm. You can use them in conjunction with DNIS ID's (below) and can group them together to authenticate against particular remote radius servers. You can also use realms with Authentication by realm ID as per the last feature description. Roaming via DNIS ID Instead of using a realm, VOP Radius will also let you specify a DNIS number. If a person logs in on a NAS to a port with a phone number of 5551212, you can assign that number to a Remote RADIUS server and thus redirect the authentication to that server via the DNIS number (the number the user dialed into). Roaming User Statistics Since a roaming user's authentication and accounting packet gets redirected to a remote Radius server, you still need to know how many people are using your facilities for roaming. We keep track of these via the ODBC accounting even though VOP Radius isn't the final authentication site. That way, you can bill other ISP's who are taking advantage of your roaming facilities. Proxy & Roaming Radius Server support VOP Radius can serve as a Proxy & Roaming server for other Radius servers including: Ascend Radius, 3COM's Radius, Livingston Radius, Merit Radius, Microsoft's Radius server, other VOP Radius servers, and many more. Roaming Network Support VOP Radius is integrated with these roaming networks: US Online, RODOPI Club, Starnet/MegaPOP, InterPass, GRIC Traveler (now GoRemote), iPass and ZipLink.   Back to top Access Control Facilities VOP Radius comes with login-control features that prevent abusive users from taking advantage of your facilities. Most of these are set using customized profile information defined either in an ODBC database or a separate profiles text file. Simultaneous Access Control You can prevent people from logging-on using multiple connections unless they pay for the service. You can set a Port-Limit attribute via a user profile that will restrict users to one, two or more ports. If they attempt to log on to a second port and do not have the permission, the connection on that port will be denied. This feature is also used to control single or dual ISDN logins. Analog or Digital Access Control Prevent people from connecting using an ISDN line if they only have access to standard 56k dialups. You can also do the reverse (i.e. prevent an ISDN user from using a 56k dialup line). Time-of-Day Access Control This feature lets you restrict certain callers to a range of hours they can connect at. This way, you can create "night-owl" accounts for instance where people can get less expensive access if they call at off-peak hours. Day-of-Week Access Control By the same token, you can restrict users in terms of the days they can connect at. For instance, you could create weekends-only or weekdays-only users. Caller-ID Access Control Block or allow access via caller-ID. If you have a recalcitrant user who continuously creates new accounts using fake names and/or credit card information, block his phone number instead! DNIS-ID Access Control If you want to prevent users from logging on using NAS's in one area code but want to allow them in another, you can control that form of access via the DNIS-ID (the number they called). NAS-Port-ID Access Control Restrict callers to using only certain ports on your network access servers. This lets you reserve ports for dedicated dialup or digital connections. NAS-IP-Address Access Control Prevents users from accessing certain NAS's by their IP address. This feature has a similar utility to DNIS-ID Access Control. Also useful for creating "Email only" accounts. Case-Sensitivity VOP Radius has the ability to force case sensitive usernames and passwords. This provides a more secure authentication process. Complete Attributes Support Create customized attributes via ODBC or our profiles.txt file. Works great with third-party billing software like Logisense, RODOPI, iBOB, Platypus, Hawk-i and ISPPower. Supports all standard RFC attributes and a large number of vendor-specific ones as well. Additional Vendor-Specific Attributes If our Radius dictionary is missing some vendor-specific attributes, you can easily add your own.   Back to top Troubleshooting & Logging VOP Radius provides several troubleshooting and logging resources, giving you a complete picture of your authentication operations. Real Time User Listing Using the VOP Radius user interface, you can see at-a-glance who's online, how long the person has been on line and what IP address they are assigned. You can also see how long ports have been vacated, to isolate problem ports. ODBC User Listing The same user listing can be written out in real time to an ODBC file (Access, SQL). This way you can use other monitoring tools and applications of your own design to keep an eye on the Radius server. SNMP & Finger Support These tools are used to synchronize the information displayed about the user and the actual status of the user on their Network Access Server. Sometimes, a NAS will not send proper accounting information that can cause Radius to lose track of the user. SNMP support fixes that problem by querying the NAS for status updates. If a user logs off, and we did not receive an accounting-stop packet, the user will be removed from the user listing regardless. Administrative alerts VOP Radius can email you if a critical error occurs. Send that email to a mail server with mail-to-pager support and you can hear about the problem too! Monitoring Tools VOP Radius will works with both IP Sentry and What's Up Gold. It also supports several Windows performance monitor counters where you can keep an eye on the Radius server graphically. Usage Listings A few sample reports are provided with the application that can generate several summaries and detailed usage logs. You can create your own logs using tools such as Crystal Reports. Configurable logs Several logs can be generated to track accounting, authentication and errors. You can set VOP Radius to log every Radius transaction in a summary form (one line per transaction) or in a very detailed format (full debug turned on) for troubleshooting purposes. Log Archiving VOP Radius can archive these logs monthly or daily as they grow, according to the preferences you set. Support Interface If you're having problems and don't know what to do, VOP Radius can get your server information, bundle it and email it to our support department at the touch of button. It provides us with the information that we need to troubleshoot any problem.