Radius Servers

INMARSAT BGAN, SBB, FBB, GSPS,LINK, M2M DEMAND THE OPERATOR TO AUTHENTICATE DATA SESSIONS USING RADIUS AUTHENTICATION + USING RADIUS TO ASSIGN IP ADDRESSES.

STEEL BELTED RADIUS

Inmarsat radius servers are based on juniper steelbelted radius servers, we do offer to implement radius functionality on these radius servers but the free alternative Freeradius offer the exact same functionality.

FREE RADIUS

Freeradius is today one of the most used radius server on the market, we custimize freeradius setup to handle the needed satellite authentication – including IMSI authentication so data sessions can get assigned without username & password. It is still possible to handle multiple IP addresses on a satellite device.

IMSI Authentication

Radius servers will perform two main task – Authentication of simcards and assignment of IP addresses. IP assignment on Inmarsat simcards can be based on IMSI only, on Username plus Password only or a combination.

Redundant Radius Servers

Minimum of two radius servers will need to be installed to provide the needed redundancy capability. Both will be added to Inmarsat radius list to allow Inmarsat to perform the needed failover functionality. POP Manager will maintain the data replication between the two radius servers to ensure that they are in sync.

Radius Provisioning

Provisioning of IP addresses as well as terminal IMSI numbers are done using POP Manager that will allow initial provisionig as well as edit capability.

POP Manager and Radius Servers

  • Recommend to be using Unity POP Manager for Inmarsat I4
  • Recommend to let Unity manage Inmarsat GX IP ranges
  • Unity will request POP manager for IP address type
  • Private Static – Private Dynamic – Public Static – Public Dynamic
  • IP addresses can be used in two modes on Inmarsat I4 transparent or modem mode – in modem mode will NAT typically be used on satellite device.
  • Unity will allow user to select 4 types of IP addresses
  • Unity will through call to POP Manager request actual IP address – that can be based on the options listed further in these slides
  • POP Manager send the assigned IP address if static back to Unity when provisioning into the two radius servers have taken place and IP address have been configured in the firewalls based on initial profile.

Multiple IP Addresses on a Terminal

Multiple assigned data sessions on a terminal demand several IP addresses to be added – a terminal can handle up to 11 PDPcontects – that each will require an IP address to be assigned. Inmarsat deliver the standard 3GPP fields in the radius requests, these can be used as special radius attributes in authentication and IP assignment.

IPAM – IP Management

POP IP management are done through integrated IPAM server functionality, POP Manager will provision the needed IP data + authentication data into radius servers and at the same time provision associated firewall profil into firewalls.

Radius Logging

Radius configuration will be set to be logging all incoming radius requests as well as all outgoing responses to offer a complete record of the work flow taking place.

System Integration Overview

Unity will perform end to end connectivity in a simple way and at the same time allow end users to manage firewall.

UNIVERSAL SATELITTE DATA POP ENVIRONMENT THAT HANDLE INMARSAT BGAN, FBB, SBB, GSPS, LINK, M2M, GX, IRIDIUM CERTUS, THURAYA IP, INTELSAT, VIASAT VSAT, 4G AND LTE AUTHENTICATION, ROUTING AND SECURITY.