1

Real world deployment with Sun OpenSSO Enterpriseat Verizon Wireless

Ajay Sondhi

1

2

Verizon Wireless OpenSSO Deployment

Verizon Wireless is a leader in wireless voice, data, information and entertainment services Joint venture of Verizon Comms (NYSE: VZ) + Vodafone (NYSE: VOD) 85 million customers 71,000 employees $44 billion annual revenue More than 2,600 retail stores & kiosks One of the most reliable wireless network in the U.S.

● Network coverage: 267M POPs ● Rapid Disaster Response, Portable Cell Site

3

Goals

● Give users a unified experience across all authorized products and services by Single Sign On (SSO) by assigning Account Owner and Account Member roles and multi-line accounts

● Permit standardization across all self-serve platforms by authentication and authorization logic to prevent site intrusion

● Provide seamless integration between Verizon Wireless (VZW) and other lines of businesses (LOBs) to improve customer experience

Benefits

● Easy to integrate new products and services ● Simplified SSO reduces IT cost and improves security

● Access Manager (AM) improves security by authentication & authorization logic

● Enable cross-domain SSO unifies user experience between VZW and ASPs

● Enable customized audit capabilities through AM for log access information and diagnostic information analysis

Verizon Wireless OpenSSO Deployment

4

Verizon Wireless (Technical Requirements)

A Deployment Topology & Architecture that supports

● High Availability

● High Throughput ● High Performance

A flexible Systems Design that supports

● SSO with applications hosted on disparate platforms & containers

● Federation & Liberty Protocols

● Customization at all levels including Authentication, Authorization and Federation

5

Access Manager SSO :● Implemented for both B2C and B2B on Wireless and Broadband ● 50M MyVerizon wireless customers registered online ● 2M logins/day on VZW ● Supports role based access ● 25 different product vendors integrated

Federation : ● Implemented Federation across VZW and VZT for B2C customers ● Implement Federation across VZW and .Net for SMB customers ● Implemented Federation across VZW and VZB for business customers ● Login once & toggle between two distinct My Account websites. ● Convenient access for One-Bill and bundle services

Verizon Wireless OpenSSO Deployment

6

Verizon Wireless (AM SSO Features)

Account Management

● Registration & Login (2M Logins/day) ● Password Management ● Profile & Preference Management

User Authentication

● Cross-Domain Single Sign-On and ● State Management ● Role-based Access Control ● Standard User Authentication System for All External Sites

Customized APIs

● Customized Services for Billing, Handset, Provisioning and Post-Login Functions

7

Verizon Wireless (AM Federation Features)

● Seamless integration between Verizon Wireless

and other Verizon LOBs ● Login once & toggle between two distinct

My Account web sites ● Convenient access for One-Bill and bundle

services ● Cross-sell opportunities on both sites

8

Verizon Wireless Architecture

High Availability

● Geographic redundancy in two data centers (East & West) ● Session failover capabilities with four instances of AM within each data center. ● Six way multi-mastered directory servers across data centers

High Performance

● Over 50M identities ● Over 4000 successful authentications per minute (peak) ● Over 250K active users (peak)● Provide SSO with over 25 ASPs

9

Superior Sun hardware ● Web servers -T2K (Niagra chipset) for superior multithreaded performance ● Directory –x4600 (Opteron chipset) for high disk i/o

Design Choices ● Use of Session Attributes (as opposed to profile) ● Turn off profile notifications from AM to agents ● Segregating the configuration Realm ● Restrict the use of URL policy and J2EE policy mode ● Load balancer configuration to ensure stickiness ● Writing to one master LDAP

Tuning

● OS –Memory, File system and Networking ● AM Tuning ● JVM tuning ● Agent Tuning ● Directory Server Tuning

Verizon Wireless Architecture

10

Questions?

10