Juniper Networks Steel-Belted Radius EAP Expansion Module

Steel-Belted Radius EAP Expansion Module Overview:

The SBR EAP EM is an add-on to Juniper Networks Steel-Belted Radius Service Provider Edition (SBR SP) RADIUS/Authentication, Authorization and Accounting (AAA) server that lets operators offer secure 802.11 wireless LAN-based services to their customers. The SBR EAP EM is based on the IEEE security standard 802.1X, and supports the strong wireless LAN (WLAN) security protocols EAP-TTLS (Tunneled Transport Layer Security) and EAP-TLS (Transport Layer Security). By adding SBR EAP EM to your existing SBR SP deployment, you can offer subscribers the secure access from public venues they’ve been demanding.

Juniper Networks Steel-Belted Radius EAP Expansion Module (SBR EAP EM) enables you to target new subscribers who require secure Internet access, plus offer enterprise customers public access for their users that is as secure as their WLAN access at work. Enterprise users have the added convenience of being able to use the same client software and credentials, whether they’re connecting at work or at a hotspot.

Juniper Networks SBR SP and SBR EAP EM fully support the roaming environment you’ve already put in place. When your subscribers connect over other providers’ networks, the use of SBR EAP EM and its supported strong security protocols lets you rest assured that your customers’ names and credentials will remain private.

SBR EAP EM puts you on the cutting edge of access technology, and positions you well to tap into these lucrative new revenue opportunities.

Features & Benefits:

Strong WLAN Security

The joint SBR SP and SBR EAP EM solution provides everything you need to support secure 802.1X-based access to your network.

SBR SP enables you to provide wireless subscriber access control by authenticating users against a backend database of user credentials, granting access only to those users who are in your database or in one of your customer’s database. The WLAN security protocols supported in SBR EAP EM include EAP-TTLS, EAP-PEAP (Protected Extensible Authentication Protocol), EAP-FAST and EAP-TLS for additional layers of security to fully protect your customers’ access. These protocols offer strong security over a wireless link and across untrusted networks, fully protecting credential and data security.

Numerous Service and Deployment Options

Juniper Networks SBR SP and SBR EAP EM offer you the flexibility you need to set up hotspot access services any way you wish, ensuring that you can accommodate the requirements of all of your customers. For the subscriber relationships you manage directly, if you deploy EAP-TTLS, EAP-PEAP or EAP-FAST, you can set up user names and passwords in your SQL, LDAP, Solaris NIS, or other backend database. What’s more, when you offer existing subscribers secure WLAN access, there are no changes required to their credentials or configurations. This allows you to fully integrate your secure WLAN users with other users to whom you may be offering other types of services, such as VPN or dial up access.

If you’re deploying EAP-TLS, you can set up user certificates in any Certificate Authority, and for your enterprise customers, you can elect to authenticate subscribers against the authentication database and scheme already in place on their network. This can be accomplished via a standard proxy RADIUS request to the enterprise RADIUS server.

Features	Features Description	Benefits
Secure public WLAN access	Offers secure public WLAN access based on 802.1X	Let’s you tap into new revenue opportunities Provides tools for carrier-hosted secure enterprise services, allowing you to target new services to the enterprise Allows you to flexibly set up secure access services to meet your business model
Authetication and billing system integration	Easy integration into existing authentication and billing systems	Allows you to authenticate secure hotspot users against your existing credentials database or the enterprise database Supports your existing business and roaming relationships
Security	Provides strong WLAN security	Fully protects login credentials and data on the wireless link and across untrusted networks Enables flexibly handling of any security requirements, including user name/password or certificate-based logins Compatible with Juniper Networks Odyssey Access Client, a secure, easily deployed 802.1X client

System Requirements:

Together with SBR SP, the SBR EAP EM runs on Solaris 9 and 10 SPARC Edition, and on Windows XP Workstation, Windows Server 2003 and Windows Vista.

SBR Series Software Comparison:

Model:	SBR Service Provider Edition	SBR High Availability Server	SBR Mobile IP Module	SBR SIM Server
Hardware	Sun UltraSPARC workstation or equivalent The SBR Administrator requires a monitor that supports 256+ colors	Sun UltraSPARC workstation	Sun UltraSPARC workstation	Sun UltraSPARC workstation
Operating System	Sun Solaris 9 SPARC Platform Edition 8/03 (or later) Sun Solaris 10 SPARC Platform Edition 3/05 (or later) See Installation Manuals for Solaris 9 and 10 Patches requirements Desktop manager Gnome2-metacity or CDE-dtwm	Solaris 8 or 9 Refer to the ReleaseNotes.txt file for information on Solaris patches required by Steel-Belted Radius. Desktop manager Solaris 8: CDE-dtwm OpenWin-olwm Solaris 9: Gnome2-metacity CD-dtwm	Solaris 8 or 9 Refer to the ReleaseNotes.txt file for information on Solaris patches required by Steel-Belted Radius. Desktop manager Solaris 8: CDE-dtwm OpenWin-olwm Solaris 9: Gnome2-metacity CD-dtwm	Solaris 8 or 9 Refer to the ReleaseNotes.txt file for information on Solaris patches required by Steel-Belted Radius. Desktop manager Solaris 8: CDE-dtwm OpenWin-olwm Solaris 9: Gnome2-metacity CD-dtwm
Memory	At least 256 megabytes of working memory (512 megabytes for servers with more than 10,000 RADIUS users.)	256 megabytes of working memory (512 megabytes for servers with more than 10,000 RADIUS users.)	256 megabytes of working memory (512 megabytes for servers with more than 10,000 RADIUS users.)	256 megabytes of working memory (512 megabytes for servers with more than 10,000 RADIUS users.)
Disk Space	325-650 megabytes of local (not NFS) disk space; Hard disk space requirements depend on the system's product configuration. Solaris version of SBR Administrator requires at least 81 megabytes of local disk space.	Installing the SBR Series server software requires at least 234 megabytes of local (not NFS) disk space. Hard disk space requirements depend on the system's product configuration.	Installing the SBR Series server software requires at least 234 megabytes of local (not NFS) disk space. Hard disk space requirements depend on the system's product configuration.	Installing the SBR Series server software requires at least 234 megabytes of local (not NFS) disk space. Hard disk space requirements depend on the system's product configuration.
Networking	TCP/IP must be configured.	TCP/IP must be configured.	TCP/IP must be configured.	TCP/IP must be configured.
Perl Support	Perl version 5.8.3 is required to use the auto-restart feature of SBR Service Provider Edition.	Perl (version 5.8.3 or later)	Perl (version 5.8.3 or later)	Perl (version 5.8.3 or later)
Database (optional)	The Solaris version of SBR Service Provider Edition supports any SQL database server that is Open Database Connectivity (ODBC) compliant for RADIUS authentication and accounting. Although Oracle versions 8.0.0, 9.0.0, and 10.0.0 are supported, versions 8.1.7, 9.2.0 and 10.2.0 are recommended. See Installation Manual for Oracle 10 Patch requirements.	The Solaris version of Steel-Belted Radius supports any SQL database server that is Open Database Connectivity (ODBC) compliant for RADIUS authentication and accounting. Although Oracle versions 8.0.0 and 9.0.0 are supported, versions 8.1.7 and 9.2.0 are recommended.	The Solaris version of Steel-Belted Radius supports any SQL database server that is Open Database Connectivity (ODBC) compliant for RADIUS authentication and accounting. Although Oracle versions 8.0.0 and 9.0.0 are supported, versions 8.1.7 and 9.2.0 are recommended.	The Solaris version of Steel-Belted Radius supports any SQL database server that is Open Database Connectivity (ODBC) compliant for RADIUS authentication and accounting. Although Oracle versions 8.0.0 and 9.0.0 are supported, versions 8.1.7 and 9.2.0 are recommended.
Web Browser	Mozilla Firefox 1.5-1.7 and 2.0 Netscape Navigator 6.00, 7.x, and 8.1 SBR Administrator works with the following browser on Solaris 10: Mozilla 1.7 Requires Java Runtime Environment (JRE) version 1.4.2 or later.	Netscape Hotjava Mozilla/Firefox Opera	Netscape Hotjava Mozilla/Firefox Opera	Netscape Hotjava Mozilla/Firefox Opera
Adobe Reader (optional)	Adobe 6.0 or later	Adobe 6.0 or later	Adobe 6.0 or later	Adobe 6.0 or later

Documentation:

Download the Juniper Networks Steel-Belted Radius EAP Expansion Module Datasheet (PDF).