SlideShare a Scribd company logo

Fault-tolerant distributed AAA architecture supporting connectivity disruption

Radiator Software
Radiator Software

An introductory presentation of a short paper with same name in the ICUFN2022: The 13th International Conference on Ubiquitous and Future Networks in Barcelona, Spain. The presentation and paper describes our (Karri Huhtanen, Antti Kolehmainen) initial proposal for distributed multi-factor AAA architecture capable of surviving connectivity disruptions. Together with Tampere University we intend to design, implement and deploy the proposed architecture in practice to ensure its validity.

Technology
1 of 11
Download to read offline
FAULT-TOLERANT, DISTRIBUTED AAA ARCHITECTURE SUPPORTING CONNECTIVITY DISRUPTION Karri Huhtanen (Radiator Software), Antti Kolehmainen (Tampere University)
Introduction ● Trend in services is to move from on-premise deployments to service provider or cloud environments. ● Authentication, authorisation and accounting (AAA) is not an exception as a service. ● While it may be true for some or most organisations that the local network services access does not matter if Internet connectivity is down, there are still organisations, which require access to their on-premise network and services even without Internet access => need for fault-tolerant, distributed AAA ● In this short paper, we examine initial design, implementation and deployment issues related to our proposed hybrid architecture model for fault-tolerant distributed AAA architecture
Proposed architecture
Phase 1: Normal situation Centralised AAA is accessible by all the onsite AAA replicas.
Phase 2: Connectivity loss The connectivity between the centralised AAA and onsite AAAs is lost. The onsite AAAs start to operate independently. Log data is buffered on onsite AAAs, but what if there are needs to modify AAA site data?
Phase 3: Divergence of AAA data If the disruption continues longer, the need for local AAA data modifications increases => divergence of AAA data Centralised AAA and onsite AAAs are then out-of-sync between each other.
Phase 4: Connectivity restored: Re-synchronisation of data What happens or should happen when connectivity is restored after a longer disruption is one of the key issues for us to research further. There are different options for AAA data synchronisation: ● DBMS features ● Custom sync. Scripts ● One direction sync. (Centralised AAA overwrites Onsite AAA data) ● etc.
In addition to AAA data re-synchronisation there are research questions like … ● How the Centralised AAA <-> Site AAA communication is secured and authenticated? ● How the site AAA replicas are deployed and provisioned? ● What AAA technologies work in situations like these and with which limitations? ● Do we need additional components, e.g. PKI? ● What is the best way to deploy this kind of architecture? Is it for example possible to utilise software containers deployed in network switches instead of servers?
Most importantly does it work in practice? ● Our approach to solving the research questions is to try to design, implement and deploy the proposed architecture to practice. ● The iterative design based on the empirical research ensured that the found solutions are improved and validated during the process. ● This short paper/presentation is an introduction to the research work and architecture we are developing and we will publish more detailed results later.
Please, feel free to contact authors if interested in this research for further discussion. Any questions from the audience? Karri Huhtanen (Radiator Software) Antti Kolehmainen (Tampere University)
Technologies, protocols, standards being currently considered… Area / Status Confirmed Under consideration To be evaluated / researched AAA Two/Multi-Factor Authentication, TOTP (RFC 6328), RADIUS (RFC 2865), Radius over TLS (RadSec, RFC 6614) TACACS+ (RFC 8907) HOTP (RFC 4226) Communications security TLS, Radius over TLS (RadSec, RFC 6614) OpenVPN, Wireguard IPSEC Database and synchronisation MariaDB (DBMS) sync, one direction sync SQLite sync, custom sync scripts Onsite network security RADIUS, RadSec TACACS+ (RFC 8907) EAP-TLS (RFC 5216) Platforms Linux, containers Cisco industrial switches with container support

Recommended

Resume
ResumeResume
ResumeDHANUSH VK
 
Best practices for application migration to public clouds interop presentation
Best practices for application migration to public clouds interop presentationBest practices for application migration to public clouds interop presentation
Best practices for application migration to public clouds interop presentationesebeus
 
Cyber Resiliency 20120420
Cyber Resiliency 20120420Cyber Resiliency 20120420
Cyber Resiliency 20120420Steve Goeringer
 
Design of network
Design of networkDesign of network
Design of networkAniruddh Brahmbhatt
 
IRJET- Implementation of Dynamic Internetworking in the Real World it Domain
IRJET- Implementation of Dynamic Internetworking in the Real World it DomainIRJET- Implementation of Dynamic Internetworking in the Real World it Domain
IRJET- Implementation of Dynamic Internetworking in the Real World it DomainIRJET Journal
 
Sambit kumar nayak resume
Sambit kumar nayak resumeSambit kumar nayak resume
Sambit kumar nayak resumeSambit Nayak
 
En35793797
En35793797En35793797
En35793797IJERA Editor
 
App Accelerator Playbook
App Accelerator PlaybookApp Accelerator Playbook
App Accelerator Playbookhariyadih
 

Recommended

Resume
ResumeResume
ResumeDHANUSH VK
 
Best practices for application migration to public clouds interop presentation
Best practices for application migration to public clouds interop presentationBest practices for application migration to public clouds interop presentation
Best practices for application migration to public clouds interop presentationesebeus
 
Cyber Resiliency 20120420
Cyber Resiliency 20120420Cyber Resiliency 20120420
Cyber Resiliency 20120420Steve Goeringer
 
Design of network
Design of networkDesign of network
Design of networkAniruddh Brahmbhatt
 
IRJET- Implementation of Dynamic Internetworking in the Real World it Domain
IRJET- Implementation of Dynamic Internetworking in the Real World it DomainIRJET- Implementation of Dynamic Internetworking in the Real World it Domain
IRJET- Implementation of Dynamic Internetworking in the Real World it DomainIRJET Journal
 
Sambit kumar nayak resume
Sambit kumar nayak resumeSambit kumar nayak resume
Sambit kumar nayak resumeSambit Nayak
 
En35793797
En35793797En35793797
En35793797IJERA Editor
 
App Accelerator Playbook
App Accelerator PlaybookApp Accelerator Playbook
App Accelerator Playbookhariyadih
 
BMIS 520IT Infrastructure Project Designing LAN Networks Assign
BMIS 520IT Infrastructure Project Designing LAN Networks AssignBMIS 520IT Infrastructure Project Designing LAN Networks Assign
BMIS 520IT Infrastructure Project Designing LAN Networks AssignJeniceStuckeyoo
 
002 srikanth system &amp; network administrator 8+yrs
002 srikanth system &amp; network administrator 8+yrs002 srikanth system &amp; network administrator 8+yrs
002 srikanth system &amp; network administrator 8+yrsSREEKANTH Kama
 
Updated_CV_Lucky Bhandari_17-11-2015
Updated_CV_Lucky Bhandari_17-11-2015Updated_CV_Lucky Bhandari_17-11-2015
Updated_CV_Lucky Bhandari_17-11-2015lucky bhandari
 
Juniper Networks MetaFabric Architecture
Juniper Networks MetaFabric ArchitectureJuniper Networks MetaFabric Architecture
Juniper Networks MetaFabric ArchitectureGCC Computers
 
Shasank Kumar Jain
Shasank Kumar JainShasank Kumar Jain
Shasank Kumar Jainshasank Jain
 
Visualizing Your Network Health - Driving Visibility in Increasingly Complex...
Visualizing Your Network Health - Driving Visibility in Increasingly Complex...Visualizing Your Network Health - Driving Visibility in Increasingly Complex...
Visualizing Your Network Health - Driving Visibility in Increasingly Complex...DellNMS
 
A Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingA Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingIRJET Journal
 
Building Cloud capability for startups
Building Cloud capability for startupsBuilding Cloud capability for startups
Building Cloud capability for startupsSekhar Mohanty
 
Профессиональные сервисы для Центров Обработки Данных
Профессиональные сервисы для Центров Обработки Данных Профессиональные сервисы для Центров Обработки Данных
Профессиональные сервисы для Центров Обработки Данных TERMILAB. Интернет - лаборатория
 
Enterprise-Grade Networking in OpenStack
Enterprise-Grade Networking in OpenStackEnterprise-Grade Networking in OpenStack
Enterprise-Grade Networking in OpenStackMarten Hauville
 
Netsoft 2020 S4SI Workshop Panel
Netsoft 2020 S4SI Workshop PanelNetsoft 2020 S4SI Workshop Panel
Netsoft 2020 S4SI Workshop PanelChristian Esteve Rothenberg
 
Resume_George
Resume_GeorgeResume_George
Resume_GeorgeGeorge Joseph
 
Resume_George
Resume_GeorgeResume_George
Resume_GeorgeGeorge Joseph
 
Authentication system with Decentralized chat app
Authentication system with Decentralized chat appAuthentication system with Decentralized chat app
Authentication system with Decentralized chat appIRJET Journal
 
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.comTop Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.comPawan Sharma
 
Puppet Camp Amsterdam 2015: Keynote
Puppet Camp Amsterdam 2015: KeynotePuppet Camp Amsterdam 2015: Keynote
Puppet Camp Amsterdam 2015: KeynotePuppet
 
Visualizing Your Network Health - Know your Network
Visualizing Your Network Health - Know your NetworkVisualizing Your Network Health - Know your Network
Visualizing Your Network Health - Know your NetworkDellNMS
 
Wan Nirvana
Wan NirvanaWan Nirvana
Wan Nirvanaanindyar
 
IT HealthCheck
IT HealthCheckIT HealthCheck
IT HealthCheckRISC Networks
 
Audax Group: CIO Perspectives - Managing The Copy Data Explosion
Audax Group: CIO Perspectives - Managing The Copy Data ExplosionAudax Group: CIO Perspectives - Managing The Copy Data Explosion
Audax Group: CIO Perspectives - Managing The Copy Data Explosionactifio
 
openroaming-and-capport-2023-01-30.pdf
openroaming-and-capport-2023-01-30.pdfopenroaming-and-capport-2023-01-30.pdf
openroaming-and-capport-2023-01-30.pdfRadiator Software
 
Suomen eduroam-juuripalvelun uudistukset
Suomen eduroam-juuripalvelun uudistuksetSuomen eduroam-juuripalvelun uudistukset
Suomen eduroam-juuripalvelun uudistuksetRadiator Software
 

More Related Content

Similar to Fault-tolerant distributed AAA architecture supporting connectivity disruption

BMIS 520IT Infrastructure Project Designing LAN Networks Assign
BMIS 520IT Infrastructure Project Designing LAN Networks AssignBMIS 520IT Infrastructure Project Designing LAN Networks Assign
BMIS 520IT Infrastructure Project Designing LAN Networks AssignJeniceStuckeyoo
 
002 srikanth system &amp; network administrator 8+yrs
002 srikanth system &amp; network administrator 8+yrs002 srikanth system &amp; network administrator 8+yrs
002 srikanth system &amp; network administrator 8+yrsSREEKANTH Kama
 
Updated_CV_Lucky Bhandari_17-11-2015
Updated_CV_Lucky Bhandari_17-11-2015Updated_CV_Lucky Bhandari_17-11-2015
Updated_CV_Lucky Bhandari_17-11-2015lucky bhandari
 
Juniper Networks MetaFabric Architecture
Juniper Networks MetaFabric ArchitectureJuniper Networks MetaFabric Architecture
Juniper Networks MetaFabric ArchitectureGCC Computers
 
Shasank Kumar Jain
Shasank Kumar JainShasank Kumar Jain
Shasank Kumar Jainshasank Jain
 
Visualizing Your Network Health - Driving Visibility in Increasingly Complex...
Visualizing Your Network Health - Driving Visibility in Increasingly Complex...Visualizing Your Network Health - Driving Visibility in Increasingly Complex...
Visualizing Your Network Health - Driving Visibility in Increasingly Complex...DellNMS
 
A Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingA Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingIRJET Journal
 
Building Cloud capability for startups
Building Cloud capability for startupsBuilding Cloud capability for startups
Building Cloud capability for startupsSekhar Mohanty
 
Профессиональные сервисы для Центров Обработки Данных
Профессиональные сервисы для Центров Обработки Данных Профессиональные сервисы для Центров Обработки Данных
Профессиональные сервисы для Центров Обработки Данных TERMILAB. Интернет - лаборатория
 
Enterprise-Grade Networking in OpenStack
Enterprise-Grade Networking in OpenStackEnterprise-Grade Networking in OpenStack
Enterprise-Grade Networking in OpenStackMarten Hauville
 
Authentication system with Decentralized chat app
Authentication system with Decentralized chat appAuthentication system with Decentralized chat app
Authentication system with Decentralized chat appIRJET Journal
 
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.comTop Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.comPawan Sharma
 
Puppet Camp Amsterdam 2015: Keynote
Puppet Camp Amsterdam 2015: KeynotePuppet Camp Amsterdam 2015: Keynote
Puppet Camp Amsterdam 2015: KeynotePuppet
 
Visualizing Your Network Health - Know your Network
Visualizing Your Network Health - Know your NetworkVisualizing Your Network Health - Know your Network
Visualizing Your Network Health - Know your NetworkDellNMS
 
Wan Nirvana
Wan NirvanaWan Nirvana
Wan Nirvanaanindyar
 
Audax Group: CIO Perspectives - Managing The Copy Data Explosion
Audax Group: CIO Perspectives - Managing The Copy Data ExplosionAudax Group: CIO Perspectives - Managing The Copy Data Explosion
Audax Group: CIO Perspectives - Managing The Copy Data Explosionactifio
 

Similar to Fault-tolerant distributed AAA architecture supporting connectivity disruption (20)

BMIS 520IT Infrastructure Project Designing LAN Networks Assign
BMIS 520IT Infrastructure Project Designing LAN Networks AssignBMIS 520IT Infrastructure Project Designing LAN Networks Assign
BMIS 520IT Infrastructure Project Designing LAN Networks Assign
 
002 srikanth system &amp; network administrator 8+yrs
002 srikanth system &amp; network administrator 8+yrs002 srikanth system &amp; network administrator 8+yrs
002 srikanth system &amp; network administrator 8+yrs
 
Updated_CV_Lucky Bhandari_17-11-2015
Updated_CV_Lucky Bhandari_17-11-2015Updated_CV_Lucky Bhandari_17-11-2015
Updated_CV_Lucky Bhandari_17-11-2015
 
Juniper Networks MetaFabric Architecture
Juniper Networks MetaFabric ArchitectureJuniper Networks MetaFabric Architecture
Juniper Networks MetaFabric Architecture
 
Shasank Kumar Jain
Shasank Kumar JainShasank Kumar Jain
Shasank Kumar Jain
 
Visualizing Your Network Health - Driving Visibility in Increasingly Complex...
Visualizing Your Network Health - Driving Visibility in Increasingly Complex...Visualizing Your Network Health - Driving Visibility in Increasingly Complex...
Visualizing Your Network Health - Driving Visibility in Increasingly Complex...
 
A Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud ComputingA Comparative Review on Fault Tolerance methods and models in Cloud Computing
A Comparative Review on Fault Tolerance methods and models in Cloud Computing
 
Building Cloud capability for startups
Building Cloud capability for startupsBuilding Cloud capability for startups
Building Cloud capability for startups
 
Профессиональные сервисы для Центров Обработки Данных
Профессиональные сервисы для Центров Обработки Данных Профессиональные сервисы для Центров Обработки Данных
Профессиональные сервисы для Центров Обработки Данных
 
Enterprise-Grade Networking in OpenStack
Enterprise-Grade Networking in OpenStackEnterprise-Grade Networking in OpenStack
Enterprise-Grade Networking in OpenStack
 
Netsoft 2020 S4SI Workshop Panel
Netsoft 2020 S4SI Workshop PanelNetsoft 2020 S4SI Workshop Panel
Netsoft 2020 S4SI Workshop Panel
 
Resume_George
Resume_GeorgeResume_George
Resume_George
 
Resume_George
Resume_GeorgeResume_George
Resume_George
 
Authentication system with Decentralized chat app
Authentication system with Decentralized chat appAuthentication system with Decentralized chat app
Authentication system with Decentralized chat app
 
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.comTop Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
 
Puppet Camp Amsterdam 2015: Keynote
Puppet Camp Amsterdam 2015: KeynotePuppet Camp Amsterdam 2015: Keynote
Puppet Camp Amsterdam 2015: Keynote
 
Visualizing Your Network Health - Know your Network
Visualizing Your Network Health - Know your NetworkVisualizing Your Network Health - Know your Network
Visualizing Your Network Health - Know your Network
 
Wan Nirvana
Wan NirvanaWan Nirvana
Wan Nirvana
 
IT HealthCheck
IT HealthCheckIT HealthCheck
IT HealthCheck
 
Audax Group: CIO Perspectives - Managing The Copy Data Explosion
Audax Group: CIO Perspectives - Managing The Copy Data ExplosionAudax Group: CIO Perspectives - Managing The Copy Data Explosion
Audax Group: CIO Perspectives - Managing The Copy Data Explosion
 

More from Radiator Software

openroaming-and-capport-2023-01-30.pdf
openroaming-and-capport-2023-01-30.pdfopenroaming-and-capport-2023-01-30.pdf
openroaming-and-capport-2023-01-30.pdfRadiator Software
 
Suomen eduroam-juuripalvelun uudistukset
Suomen eduroam-juuripalvelun uudistuksetSuomen eduroam-juuripalvelun uudistukset
Suomen eduroam-juuripalvelun uudistuksetRadiator Software
 
Adding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation serviceAdding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation serviceRadiator Software
 
OpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllOpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllRadiator Software
 
Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Portfolio Updates webinar, 8th and 10th of March 2022Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Portfolio Updates webinar, 8th and 10th of March 2022Radiator Software
 
Routing host certificates in eduroam
Routing host certificates in eduroamRouting host certificates in eduroam
Routing host certificates in eduroamRadiator Software
 
TNC19 Radiator Technical Workshop -- Meet Radiator developers
TNC19 Radiator Technical Workshop -- Meet Radiator developersTNC19 Radiator Technical Workshop -- Meet Radiator developers
TNC19 Radiator Technical Workshop -- Meet Radiator developersRadiator Software
 
TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...
TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...
TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...Radiator Software
 

More from Radiator Software (8)

openroaming-and-capport-2023-01-30.pdf
openroaming-and-capport-2023-01-30.pdfopenroaming-and-capport-2023-01-30.pdf
openroaming-and-capport-2023-01-30.pdf
 
Suomen eduroam-juuripalvelun uudistukset
Suomen eduroam-juuripalvelun uudistuksetSuomen eduroam-juuripalvelun uudistukset
Suomen eduroam-juuripalvelun uudistukset
 
Adding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation serviceAdding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation service
 
OpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllOpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for All
 
Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Portfolio Updates webinar, 8th and 10th of March 2022Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Portfolio Updates webinar, 8th and 10th of March 2022
 
Routing host certificates in eduroam
Routing host certificates in eduroamRouting host certificates in eduroam
Routing host certificates in eduroam
 
TNC19 Radiator Technical Workshop -- Meet Radiator developers
TNC19 Radiator Technical Workshop -- Meet Radiator developersTNC19 Radiator Technical Workshop -- Meet Radiator developers
TNC19 Radiator Technical Workshop -- Meet Radiator developers
 
TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...
TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...
TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...
 

Recently uploaded

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Recently uploaded (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

Fault-tolerant distributed AAA architecture supporting connectivity disruption

  • 1. FAULT-TOLERANT, DISTRIBUTED AAA ARCHITECTURE SUPPORTING CONNECTIVITY DISRUPTION Karri Huhtanen (Radiator Software), Antti Kolehmainen (Tampere University)
  • 2. Introduction ● Trend in services is to move from on-premise deployments to service provider or cloud environments. ● Authentication, authorisation and accounting (AAA) is not an exception as a service. ● While it may be true for some or most organisations that the local network services access does not matter if Internet connectivity is down, there are still organisations, which require access to their on-premise network and services even without Internet access => need for fault-tolerant, distributed AAA ● In this short paper, we examine initial design, implementation and deployment issues related to our proposed hybrid architecture model for fault-tolerant distributed AAA architecture
  • 4. Phase 1: Normal situation Centralised AAA is accessible by all the onsite AAA replicas.
  • 5. Phase 2: Connectivity loss The connectivity between the centralised AAA and onsite AAAs is lost. The onsite AAAs start to operate independently. Log data is buffered on onsite AAAs, but what if there are needs to modify AAA site data?
  • 6. Phase 3: Divergence of AAA data If the disruption continues longer, the need for local AAA data modifications increases => divergence of AAA data Centralised AAA and onsite AAAs are then out-of-sync between each other.
  • 7. Phase 4: Connectivity restored: Re-synchronisation of data What happens or should happen when connectivity is restored after a longer disruption is one of the key issues for us to research further. There are different options for AAA data synchronisation: ● DBMS features ● Custom sync. Scripts ● One direction sync. (Centralised AAA overwrites Onsite AAA data) ● etc.
  • 8. In addition to AAA data re-synchronisation there are research questions like … ● How the Centralised AAA <-> Site AAA communication is secured and authenticated? ● How the site AAA replicas are deployed and provisioned? ● What AAA technologies work in situations like these and with which limitations? ● Do we need additional components, e.g. PKI? ● What is the best way to deploy this kind of architecture? Is it for example possible to utilise software containers deployed in network switches instead of servers?
  • 9. Most importantly does it work in practice? ● Our approach to solving the research questions is to try to design, implement and deploy the proposed architecture to practice. ● The iterative design based on the empirical research ensured that the found solutions are improved and validated during the process. ● This short paper/presentation is an introduction to the research work and architecture we are developing and we will publish more detailed results later.
  • 10. Please, feel free to contact authors if interested in this research for further discussion. Any questions from the audience? Karri Huhtanen (Radiator Software) Antti Kolehmainen (Tampere University)
  • 11. Technologies, protocols, standards being currently considered… Area / Status Confirmed Under consideration To be evaluated / researched AAA Two/Multi-Factor Authentication, TOTP (RFC 6328), RADIUS (RFC 2865), Radius over TLS (RadSec, RFC 6614) TACACS+ (RFC 8907) HOTP (RFC 4226) Communications security TLS, Radius over TLS (RadSec, RFC 6614) OpenVPN, Wireguard IPSEC Database and synchronisation MariaDB (DBMS) sync, one direction sync SQLite sync, custom sync scripts Onsite network security RADIUS, RadSec TACACS+ (RFC 8907) EAP-TLS (RFC 5216) Platforms Linux, containers Cisco industrial switches with container support