OpenSSO Deployments

3,332 views

Published on

Deployments of OpenSSO. At TheAquariumOnline

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,332
On SlideShare
0
From Embeds
0
Number of Embeds
17
Actions
Shares
0
Downloads
110
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

OpenSSO Deployments

  1. 1. Real world deployment with Sun OpenSSO Enterprise at Verizon Wireless Ajay Sondhi 1
  2. 2. Verizon Wireless OpenSSO Deployment Verizon Wireless is a leader in wireless voice, data,  information and entertainment services  Joint venture of Verizon Comms (NYSE: VZ) + Vodafone (NYSE: VOD)  85 million customers  71,000 employees  $44 billion annual revenue  More than 2,600 retail stores & kiosks  One of the most reliable wireless network in the U.S. ● Network coverage: 267M POPs ● Rapid Disaster Response, Portable Cell Site 2
  3. 3. Verizon Wireless OpenSSO Deployment Goals Give users a unified experience across all ● authorized products and services by Single Sign On (SSO) by assigning Account Owner and Account Member roles and multi-line accounts ● Permit standardization across all self-serve platforms by authentication and authorization logic to prevent site intrusion ● Provide seamless integration between Verizon Wireless (VZW) and other lines of businesses (LOBs) to improve customer experience Benefits Easy to integrate new products and services ● ● Simplified SSO reduces IT cost and improves security ● Access Manager (AM) improves security by authentication & authorization logic ● Enable cross-domain SSO unifies user experience between VZW and ASPs ● Enable customized audit capabilities through AM for log access information and diagnostic information analysis 3
  4. 4. Verizon Wireless (Technical Requirements) A Deployment Topology & Architecture that supports High Availability ● High Throughput ● High Performance ● A flexible Systems Design that supports SSO with applications hosted on disparate platforms & containers ● Federation & Liberty Protocols ● Customization at all levels including Authentication, Authorization and ● Federation 4
  5. 5. Verizon Wireless OpenSSO Deployment Access Manager SSO : Implemented for both B2C and B2B on Wireless ● and Broadband ● 50M MyVerizon wireless customers registered online ● 2M logins/day on VZW ● Supports role based access ● 25 different product vendors integrated Federation : Implemented Federation across VZW and VZT for ● B2C customers ● Implement Federation across VZW and .Net for SMB customers ● Implemented Federation across VZW and VZB for business customers ● Login once & toggle between two distinct My Account websites. ● Convenient access for One-Bill and bundle services 5
  6. 6. Verizon Wireless (AM SSO Features) Account Management Registration & Login (2M Logins/day) ● ● Password Management ● Profile & Preference Management User Authentication Cross-Domain Single Sign-On and ● ● State Management ● Role-based Access Control ● Standard User Authentication System for All External Sites Customized APIs Customized Services for Billing, ● Handset, Provisioning and Post-Login Functions 6
  7. 7. Verizon Wireless (AM Federation Features) Seamless integration between Verizon Wireless ● and other Verizon LOBs ● Login once & toggle between two distinct My Account web sites ● Convenient access for One-Bill and bundle services ● Cross-sell opportunities on both sites 7
  8. 8. Verizon Wireless Architecture High Availability Geographic redundancy in two data ● centers (East & West) ● Session failover capabilities with four instances of AM within each data center. ● Six way multi-mastered directory servers across data centers High Performance Over 50M identities ● ● Over 4000 successful authentications per minute (peak) ● Over 250K active users (peak) ● Provide SSO with over 25 ASPs 8
  9. 9. Verizon Wireless Architecture Superior Sun hardware Web servers -T2K (Niagra chipset) for superior multithreaded performance ● ● Directory –x4600 (Opteron chipset) for high disk i/o Design Choices Use of Session Attributes (as opposed to profile) ● ● Turn off profile notifications from AM to agents ● Segregating the configuration Realm ● Restrict the use of URL policy and J2EE policy mode ● Load balancer configuration to ensure stickiness ● Writing to one master LDAP Tuning OS –Memory, File system and Networking ● ● AM Tuning ● JVM tuning ● Agent Tuning ● Directory Server Tuning 9
  10. 10. Questions? 10

×