Real world deployment with
Sun OpenSSO Enterprise
at Verizon Wireless
Ajay Sondhi
1

Verizon Wireless OpenSSO Deployment
Verizon Wireless is a leader in wireless voice, data,

information and entertainment services
 Joint venture of Verizon Comms (NYSE: VZ) +
Vodafone (NYSE: VOD)
 85 million customers
 71,000 employees
 $44 billion annual revenue
 More than 2,600 retail stores & kiosks
 One of the most reliable wireless network in the U.S.
● Network coverage: 267M POPs
● Rapid Disaster Response, Portable Cell Site
2

Verizon Wireless OpenSSO Deployment
Goals
Give users a unified experience across all
●
authorized products and services by Single
Sign On (SSO) by assigning Account Owner
and Account Member roles and multi-line
accounts
● Permit standardization across all self-serve
platforms by authentication and authorization
logic to prevent site intrusion
● Provide seamless integration between Verizon
Wireless (VZW) and other lines of businesses
(LOBs) to improve customer experience
Benefits
Easy to integrate new products and services
●
● Simplified SSO reduces IT cost and improves
security
● Access Manager (AM) improves security by
authentication & authorization logic
● Enable cross-domain SSO unifies user
experience between VZW and ASPs
● Enable customized audit capabilities through
AM for log access information and diagnostic
information analysis
3

Verizon Wireless (Technical Requirements)
A Deployment Topology & Architecture that supports
High Availability
●
High Throughput
●
High Performance
●
A flexible Systems Design that supports
SSO with applications hosted on disparate platforms & containers
●
Federation & Liberty Protocols
●
Customization at all levels including Authentication, Authorization and
●
Federation
4

Verizon Wireless OpenSSO Deployment
Access Manager SSO :
Implemented for both B2C and B2B on Wireless
●
and Broadband
● 50M MyVerizon wireless customers registered
online
● 2M logins/day on VZW
● Supports role based access
● 25 different product vendors integrated
Federation :
Implemented Federation across VZW and VZT for
●
B2C customers
● Implement Federation across VZW and .Net for SMB
customers
● Implemented Federation across VZW and VZB for
business customers
● Login once & toggle between two distinct My Account
websites.
● Convenient access for One-Bill and bundle services
5

Verizon Wireless (AM SSO Features)
Account Management
Registration & Login (2M Logins/day)
●
● Password Management
● Profile & Preference Management
User Authentication
Cross-Domain Single Sign-On and
●
● State Management
● Role-based Access Control
● Standard User Authentication System for
All External Sites
Customized APIs
Customized Services for Billing,
●
Handset, Provisioning and Post-Login
Functions
6

Verizon Wireless (AM Federation Features)
Seamless integration between Verizon Wireless
●
and other Verizon LOBs
● Login once & toggle between two distinct
My Account web sites
● Convenient access for One-Bill and bundle
services
● Cross-sell opportunities on both sites
7

Verizon Wireless Architecture
High Availability
Geographic redundancy in two data
●
centers (East & West)
● Session failover capabilities with four
instances of AM within each data center.
● Six way multi-mastered directory servers
across data centers
High Performance
Over 50M identities
●
● Over 4000 successful authentications per
minute (peak)
● Over 250K active users (peak)
● Provide SSO with over 25 ASPs
8

Verizon Wireless Architecture
Superior Sun hardware
Web servers -T2K (Niagra chipset) for superior multithreaded performance
●
● Directory –x4600 (Opteron chipset) for high disk i/o
Design Choices
Use of Session Attributes (as opposed to profile)
●
● Turn off profile notifications from AM to agents
● Segregating the configuration Realm
● Restrict the use of URL policy and J2EE policy mode
● Load balancer configuration to ensure stickiness
● Writing to one master LDAP
Tuning
OS –Memory, File system and Networking
●
● AM Tuning
● JVM tuning
● Agent Tuning
● Directory Server Tuning
9

Questions?
10