| Reliability & Performance Enhancing Features |
|
VOP Radius has several features that enhance both the performance
and the reliability of the Radius server.
|
32 bit application,
Multi-Threaded Design |
VOP Radius is a 32-bit application, designed to
operate in a multi-threaded fashion. Optimized for use with
Windows NT 4.0 (workstation & server). Due these design choices,
more than one CPU can be used on a server concurrently. VOP
Radius has been designed to effectively utilize Dual-Pentium
machines. |
| VOP Watch Monitor |
Our VOP Watch program is a background application
that monitors the state of VOP Radius at all times. Should one
of the VOP Radius threads freeze or crash, VOP Watch will restart
the application automatically ensuring continuous operation. |
| Authentication Caching |
Over a specified period of time, an authentication cache
can accumulate a list of usernames, passwords and session
limits internally until it reaches its capacity in terms of
cache lifetime and number of entries. Beyond the cache entry
limit and lifetime, new entries simply cycle through (ie:
the oldest entries are deleted).
Should the connection to the main authentication datasource
fail (for instance, the SQL server dies), VOP Radius can authenticate
from this on-board cache instead.
|
| Authentication Fallback |
Instead of cache backup authentication, you can
tell VOP Radius to authenticate against a different datasource
if the primary authentication method should fail. For instance,
if you authenticate against an SQL server during normal operations,
you could fallback to text-file authentication as a backup.
This way, instead of relying on cached information, you can
produce some form of duplicate database and authenticate from
it instead. |
| Backup Server at 50% |
You can purchase a second copy of VOP Radius with
a 50% rebate if you intend on using it as a Backup Radius Server
for your primary Radius. This gives you even greater redundancy
in addition to all the features that come with the application. |
| Configuration Wizard |
Configure your Radius server quickly with our
user-friendly Configuration wizard. It's the best tool for first-time
users. |
| |
| Authentication, Accounting
and Integration Capabilities
|
|
VOP Radius distinguishes itself with one of the most diverse
authentication capabilities in the Radius server market.
VOP Radius can authenticate against different types
of databases, in addition to multiple data sources based
on the realm and can even fallback to another datasource
in case of failure. Furthermore, VOP Radius is supported
by a large number of third
party billing solutions. Accounting information
can also be written out either in plain text or exported
to an ODBC datasource.
|
| Text-File Authentication |
VOP Radius can authenticate users using either
a Livingston format text-file or against the UNIX "passwd" file.
Text-file authentication is useful if you're moving away from
a UNIX-based Radius to VOP Radius. Use our ODBC Conversion feature
to convert positive authentication requests to an ODBC database. |
| NT-SAM Authentication |
If you store most of your members in the NT Security
Access Manager database, VOP Radius can authenticate using that
datasource. Since the passwords are encrypted and can't be easily
extracted, if you want to move to ODBC later on, you can take
advantage of our ODBC Conversion feature (as above) to
capture positive authentication replies, including clear text
passwords, and write them to ODBC. |
| ODBC Authentication |
This is the most commonly used form of authentication.
Since most people who use VOP Radius also use 3rd
party billing and accounting solutions, or use their
own homegrown solution, VOP Radius can interface with
all ODBC compliant databases. |
| 3rd Party Integration |
VOP Radius seamlessly integrates with several
NT-based billing packages
including: Internet Back Office Billing (iBOB), RODOPI,
ISP-Power, Platypus, Hawk-I, Emerald and several others,
both at the authentication and the accounting level. |
| Authentication by ID |
VOP Radius can authenticate users using multiple
datasources based on the roaming ID. For instance, if someone
logs in as user@realm1, you could have this user authenticate
against one ODBC datasource. If the user on the other hand authenticates
as user@realm2, they can get authenticated through another datasource
You can mix datasource types as well. You can also group several
different realms under the same datasource. |
| Text-File Accounting |
Aside from Authentication, VOP Radius can also
log accounting information. Text-File accounting can be done
in two different modes. The first mode is using our VOP proprietary
format, useful for troubleshooting and debugging. The other
format is the Livingston accounting log format that is
used by some third-party applications to update their internal
accounting tables. |
| ODBC Accounting |
VOP Radius can also log accounting packets to
an ODBC log that can be read using your billing/member software,
or processed with ODBC-compliant report generators like Crystal
Reports. Various 3rd party billing applications like RODOPI,
Platypus, iBOB and Hawk-I also uses ODBC logging extensively. |
| Brand-Name Support, authenticate
for all these network access servers |
VOP Radius works with 3COM, ACC, Ascend, Bay
Networks, Cisco, Computone, IPA, Lantronix, Livingston, Microsoft's
NT RRAS, Redback, Shiva, Tainet, Telebit, USRobotics, Versanet
and any other Network Access Server that supports Radius requests. |
| |
| Proxy & Roaming Capabilities |
|
VOP Radius can serve as a Proxy & Roaming server.
VOP Radius can serve as a proxy to other RADIUS servers
so you can easily distribute authentication and accounting
packets over your network. Roaming is the ability to
proxy packets coming from a local or remote Radius Client
(like a NAS) where the authentication datasource is
actually a remote Radius Server. VOP Radius knows this
by the Roaming ID. If a packet is sent using a Roaming
ID (ie: user@realm) and that ID is associated with a
remote Radius Server, the authentication packet will
be routed to that server.
|
| Proxy Support |
Since many Radius servers on the market don't
support roaming, caching or dual login control, customers often
get VOP Radius to act as a Proxy & Backup for another Radius
server. |
| Roaming by ID |
VOP Radius supports Roaming by realm ID. If a
user logs in on a local (or even a remote NAS that points at
your Radius server) with username@realm, VOP Radius will check
its list of servers. If one of them has that realm associated
to it, it will route the authentication and accounting packets
to that server instead of authenticating the packet locally. |
| Unlimited Realm Support |
IDs or realms can be either a prefix or a suffix
attached to the username. A prefix, for instance, can look like
this: realm/username. A suffix tends to be the more common username@realm.
You can use them in conjunction with DNIS ID's (below) and can
group them together to authenticate against particular remote
radius servers. You can also use realms with Authentication
by realm ID as per the last feature description. |
| Roaming via DNIS ID |
Instead of using a realm, VOP Radius will also
let you specify a DNIS number. If a person logs in on a NAS
to a port with a phone number of 5551212, you can assign that
number to a Remote RADIUS server and thus redirect the authentication
to that server via the DNIS number (the number the user dialed
into). |
| Roaming User Statistics |
Since a roaming user's authentication and accounting
packet gets redirected to a remote Radius server, you still
need to know how many people are using your facilities for roaming.
We keep track of these via the ODBC accounting even though VOP
Radius isn't the final authentication site. That way, you can
bill other ISP's who are taking advantage of your roaming facilities. |
| Proxy & Roaming Radius
Server support |
VOP Radius has served as a Proxy & Roaming server
for other Radius servers including: Ascend Radius, 3COM's Radius,
Livingston Radius, Merit Radius, Microsoft's Radius server,
other VOP Radius servers, and many more ... |
| Roaming Network Support |
VOP Radius is used by a large segment of the customers
who use these roaming networks: US Online, RODOPI Club, Starnet/MegaPOP,
InterPass, GRIC Traveler, iPass and ZipLink. |
| |
| Access Control Facilities |
|
VOP Radius comes with several login-control features that
prevent abusive users from taking advantage of your facilities.
Most of these are set using customized profile information
defined either in an ODBC database or a separate profiles
text file.
|
|
Simultaneous
Access Control
|
You can prevent people from logging-on using multiple
connections unless they pay for the service. You can set a Port-Limit
attribute via a user profile that will restrict users to one,
two or more ports. If they attempt to log on to a second port
and do not have the permission, the connection on that port
will be denied. This feature is also used to control single
or dual ISDN logins. |
Analog or Digital
Access Control |
Prevent people from connecting using an ISDN line
if they only have access to standard 56k dialups. You can also
do the reverse (ie: prevent an ISDN user from using a 56k dialup
line). |
Time-of-Day
Access Control |
This feature lets you restrict certain callers
to a range of hours they can connect at. This way, you can create
"night-owl" accounts for instance where people can get less
expensive access if they call at off-peak hours. |
Day-of-Week
Access Control
|
By the same token, you can restrict users in terms
of the days they can connect at. You could create weekends-only
or weekdays-only users for instance. |
Caller-ID
Access Control |
Block or allow people in via caller-ID. If you
have a recalcitrant user who continuously creates new account
with you using fake names and/or credit card information, block
his phone number instead! |
DNIS-ID
Access Control |
If you want to prevent users from logging on using
NAS's in one area code but want to allow them in another, you
can control that form of access via the DNIS-ID (the number
they called). |
NAS-Port-ID
Access Control
|
You can restrict callers to using only certain
ports on your network access servers. This lets you reserve
ports for dedicated dialup or digital connections. |
|
NAS-IP-Address
Access Control
|
Prevents users from accessing certain NAS's by
their IP address. This feature has a similar utility to DNIS-ID
Access Control. Also useful for creating "Email only" accounts. |
| Case-Sensitivity |
VOP Radius has the ability to force case sensitive
usernames and passwords. This provides a more secure authentication
process. |
| Complete Attributes Support |
Create customized attributes via ODBC or our profiles.txt
file. Works great with third-party billing software like RODOPI,
iBOB, Platypus, Hawk-i and ISPPower. Supports all standard RFC
attributes and a large number of vendor-specific ones as well. |
| Additional Vendor-Specific
Attributes |
If our Radius dictionary is missing some vendor-specific
attributes, you can easily add your own. |
| |
| Troubleshooting
& Logging |
|
VOP Radius provides several troubleshooting and logging
resources, giving you a complete picture of your authentication
operations.
|
| Real Time User Listing |
Using the VOP Radius user interface, you
can see at-a-glance whose online, how long the person
has been on line and what IP address they are assigned.
You can also see how long ports have been vacated, to
isolate problem ports. |
| ODBC User Listing |
The same user listing can be written out
in real time to an ODBC file (Access, SQL). This way you
can use other monitoring tools and applications of your
own design to keep an eye on the Radius server. |
| SNMP & Finger Support |
These tools are used to synchronize the
information displayed about the user and the actual status
of the user on their Network Access Server. Sometimes,
a NAS will not send proper accounting information that
can cause Radius to lose track of the user. SNMP support
fixes that problem by querying the NAS for status updates.
If a user logs off, and we did not receive an accounting-stop
packet, the user will be removed from the user listing
regardless. |
| Administrative alerts |
VOP Radius can Email you if a critical error
occurs. Send that Email to a mail server with mail-to-pager
support and you can hear about the problem too! |
| Monitoring Tools |
VOP Radius will works with both IP Sentry
and What's Up Gold. It also supports several NT performance
monitor counters where you can keep an eye on the Radius
server graphically. |
| Usage Listings |
A few sample reports are provided with the
application that can generate several summaries and detailed
usage logs. Ideally, you can create your own logs using
tools such as Crystal Reports. |
| Configurable logs |
Several logs can be generated to track accounting,
authentication and errors. You can set VOP Radius to log
every Radius transaction in a summary form (one line per
transaction) or in a very detailed format (full debug
turned on) for troubleshooting purposes. |
| Log Archiving |
Since the above logs can get pretty big,
VOP Radius can archive these logs monthly or daily, depending
on your preference. |
| Support Interface |
If you're having problems and don't know
what to do, VOP Radius can get your server information,
bundle it and Email it to our support department at the
touch of button. It provides us with the information that
we need to troubleshoot any problem |
|
