opensso deployments
DESCRIPTION
Deployments of OpenSSO. At TheAquariumOnlineTRANSCRIPT
1
Real world deployment with Sun OpenSSO Enterpriseat Verizon Wireless
Ajay Sondhi
1
2
Verizon Wireless OpenSSO Deployment
Verizon Wireless is a leader in wireless voice, data, information and entertainment services Joint venture of Verizon Comms (NYSE: VZ) + Vodafone (NYSE: VOD) 85 million customers 71,000 employees $44 billion annual revenue More than 2,600 retail stores & kiosks One of the most reliable wireless network in the U.S.
● Network coverage: 267M POPs ● Rapid Disaster Response, Portable Cell Site
3
Goals
● Give users a unified experience across all authorized products and services by Single Sign On (SSO) by assigning Account Owner and Account Member roles and multi-line accounts
● Permit standardization across all self-serve platforms by authentication and authorization logic to prevent site intrusion
● Provide seamless integration between Verizon Wireless (VZW) and other lines of businesses (LOBs) to improve customer experience
Benefits
● Easy to integrate new products and services ● Simplified SSO reduces IT cost and improves security
● Access Manager (AM) improves security by authentication & authorization logic
● Enable cross-domain SSO unifies user experience between VZW and ASPs
● Enable customized audit capabilities through AM for log access information and diagnostic information analysis
Verizon Wireless OpenSSO Deployment
4
Verizon Wireless (Technical Requirements)
A Deployment Topology & Architecture that supports
● High Availability
● High Throughput ● High Performance
A flexible Systems Design that supports
● SSO with applications hosted on disparate platforms & containers
● Federation & Liberty Protocols
● Customization at all levels including Authentication, Authorization and Federation
5
Access Manager SSO :● Implemented for both B2C and B2B on Wireless and Broadband ● 50M MyVerizon wireless customers registered online ● 2M logins/day on VZW ● Supports role based access ● 25 different product vendors integrated
Federation : ● Implemented Federation across VZW and VZT for B2C customers ● Implement Federation across VZW and .Net for SMB customers ● Implemented Federation across VZW and VZB for business customers ● Login once & toggle between two distinct My Account websites. ● Convenient access for One-Bill and bundle services
Verizon Wireless OpenSSO Deployment
6
Verizon Wireless (AM SSO Features)
Account Management
● Registration & Login (2M Logins/day) ● Password Management ● Profile & Preference Management
User Authentication
● Cross-Domain Single Sign-On and ● State Management ● Role-based Access Control ● Standard User Authentication System for All External Sites
Customized APIs
● Customized Services for Billing, Handset, Provisioning and Post-Login Functions
7
Verizon Wireless (AM Federation Features)
● Seamless integration between Verizon Wireless
and other Verizon LOBs ● Login once & toggle between two distinct
My Account web sites ● Convenient access for One-Bill and bundle
services ● Cross-sell opportunities on both sites
8
Verizon Wireless Architecture
High Availability
● Geographic redundancy in two data centers (East & West) ● Session failover capabilities with four instances of AM within each data center. ● Six way multi-mastered directory servers across data centers
High Performance
● Over 50M identities ● Over 4000 successful authentications per minute (peak) ● Over 250K active users (peak)● Provide SSO with over 25 ASPs
9
Superior Sun hardware ● Web servers -T2K (Niagra chipset) for superior multithreaded performance ● Directory –x4600 (Opteron chipset) for high disk i/o
Design Choices ● Use of Session Attributes (as opposed to profile) ● Turn off profile notifications from AM to agents ● Segregating the configuration Realm ● Restrict the use of URL policy and J2EE policy mode ● Load balancer configuration to ensure stickiness ● Writing to one master LDAP
Tuning
● OS –Memory, File system and Networking ● AM Tuning ● JVM tuning ● Agent Tuning ● Directory Server Tuning
Verizon Wireless Architecture
10
Questions?
10