Use cases

Selected use cases on how Radiator can be used – check out more from our blog

 

We use Radiator for our DATA and SMS real-time charging (using Gy Diameter protocol). It sits between our core network elements (SMSC/GGSN) and our online charging system. All our DATA and SMS traffic (national and roaming ) is controlled using this flow. On top of that we use the control function (Gx) to apply throttling on the DATA flow for roaming.

Annaïck Rinderknecht, Devops Manager, IT

Salt Mobile

The authentication proxy in Radiator GBA/BSF Pack is used to authenticate and proxy the Ut interface which is used for supplementary services configuration with VoLTE devices.
Gregory Wille

Proximus Belgium

Radiator multi-factor authentication

Modern services all around the internet offer different multi-factor authentication solutions. They provide stronger security than using only username and password. Multi-factor authentication requires a combination of something the user knows and something the user possesses. One common combination is the username and PIN or password with a physical token, such as a specific device, smart card, or mobile phone. The multi-factor secured service may range from a web service to a network device to a remote VPN (Virtual Private Network) access – wherever stronger security is needed. The VPN devices can authenticate remote employees, the network devices can authorise administrators, and the web services can identify the users with secure multi-factor authentication.

 

All you need is Radiator-based multi-factor AAA service and a free mobile phone app, such as Google Authenticator, Microsoft Authenticator, or some other OTP/TOTP/HOTP app. The authenticator app is paired with Radiator multi-factor AAA service and particular user credentials, and multi-factor authentication are ready to be used. Radiator can combine complementary AAA information and functions from Active Directory, LDAP, and even 3rd party multi-factor services, such as RSA SecurID, YubiKey, Duo Security, and Vasco Digipass. It can check existence and validity of a user from Active Directory, retrieve a proper VPN group, perform multi-factor authentication using TOTP (Time-based One-time Password Algorithm), and then combine the results to a RADIUS authentication and authorisation response, which is sent back to a Cisco ASA VPN device.

More details in our blog

Radiator provides IMSI privacy for EAP-SIM, EAP-AKA and EAP-AKA’ authentication

In many high traffic areas such as sports stadiums, shopping venues, or public transport hubs, mobile carriers may partner with the local Wi-Fi providers to improve coverage and user experience: mobile devices can be automatically connected to Wi-Fi instead of congested cellular network. Internationally, Wi-Fi roaming agreements also allow carriers to lower the cellular roaming costs.

EAP-SIM, EAP-AKA and EAP-AKA’ are SIM-based Wi-Fi authentication methods used to achieve seamless offloading to carrier and partner Wi-Fi, with International Mobile Subscriber Identifier (IMSI) derived from the SIM card acting as a unique identifier for each user.

On the first ever connection to such a Wi-Fi network, the mobile device communicates its permanent subscriber identity information (IMSI), which is then sent to the home operator for authentication. This identity is sent in the clear. A potential 3rd party adversary installing a Wi-Fi sniffer in the vicinity of such networks can harvest permanent identities and track users. This tracking can also be done by the venue or network owner when connecting to the Wi-Fi network.

The solution is to protect user privacy by implementing IMSI encryption for EAP-SIM, EAP-AKA and EAP-AKA’ authentication. As an operator, you can enable IMSI privacy easily: Radiator 3GPP AAA Server handles both encrypted and clear authentication requests. This means IMSI privacy can be offered to devices supporting it without affecting other users.

Starting already from revision 2.5, Radiator SIM Pack supports IMSI encryption as specified in 3GPP S3-170116 document “Privacy Protection for EAP-AKA”, and WBA’s IMSI Privacy Protection for Wi-Fi – Technical Specification. The feature is already implemented by some of our operator customers to cover their AAA server encryptio

More details in our blog

In-flight Connectivity with Radiator

For many of our customers we have been implementing WiFi roaming for different use cases: for example, carriers offloading traffic from their mobile network to WiFi hotspots or for providing VoWiFi (Voice over WiFi) calling to their customers.

One case for Radiator is to implement in-flight connectivity for airline carriers, providing authentication to onboard WiFi that is connected by other means (such as satellite connection) to the internet.

In this scenario, Radiator provides the necessary interfaces for WiFi roaming when subscribers of mobile operators are using their phones during the flight. With smooth WiFi roaming provided by Radiator AAA Server Software, end user devices can connect automatically to the in-flight WiFi network, and continue their use based on the roaming policy agreements between mobile operators and in-flight network operators.

More details in our blog

Hotel management systems

One of the widely seen use cases for Radiator is interoperating with different hotel property management systems (PMS). Radiator is used between the hotel’s PMS and the network equipment that controls internet access in hotel rooms. One of the commonly used systems is Micros Opera that is used by both independent hotels and hotel chains. Many hotels require guests to log in with their name and room number. Radiator then gives access based on customer information it has received from Opera. However, Radiator support is not limited to Opera: it supports any PMS that provides a FIAS interface.

In addition to simply offering unpoliced, complimentary internet access, Radiator provides you more advanced options for revenue generating services. Radiator can, for example, give policy instructions, such as the speed given to the customer – based on the price customer is willing to pay for the internet access. Also, Radiator can pass information to network equipment (such as Mikrotik controllers) about how long the customer can use the internet with their current login without having go through the login process again.

More details in our blog

Eduroam

Radiator Software’s experts have contributed to eduroam* development since 2002. In Finland, Radiator Software provides federation top-level RADIUS service for CSC and Funet since 2003. Radiator Software currently serves over 50% of the top 250 universities in the world, many of them members of eduroam.

Most of the major universities in Finland are Radiator Software’s customers that have Radiator-based eduroam RADIUS solution.  We in Radiator Software deliver both products and services for turn-key deployment of eduroam – like we have provided for many customers since 2003.

*) eduroam (education roaming) is the secure, world-wide roaming access service developed for the international research and education community.

VoWiFi (Voice over Wi-Fi)


Since Wi-Fi calling (VoWiFi) has been introduced into the market, operators have been increasing their indoor coverage to provide better voice coverage to their subscribers and offer new voice models both domestic and roaming. With the new generation devices and automatic SIM authentication, end users will not have to consider if they are connected to a LTE or a Wi-Fi network. In addition to better indoor coverage, VoWiFi brings also other benefits to operators. These benefits include getting back the revenues and control of the calls from the OTT players. Wi-Fi is also a low-cost solution to enhance voice service coverage and at the same time offload traffic from the core network.

Radiator products provide the essential components for the VoWifi authentication. For our customers, VoWiFi authentication is done with our Radiator SIM Pack that includes 3GPP AAA Server – providing all the interfaces for 3GPP and non-3GPP authentication. When combined with Radiator Telco Pack Diameter support for policy control and authentication, your network will be ready for Wi-Fi calling. Radiator integrates with all your evolved packet core and Wi-Fi network elements via 3GPP interfaces.

More details in our blog

Radiator management with Ansible

Nowadays more and more carriers use virtual infrastructure with complicated configurations supporting various technologies. As part of this transition, different network functions like AAA are also virtualized. Virtualization with Radiator AAA server is already supported, but to make the increasingly complicated Radiator configurations easy to manage, we have created Ansible playbooks.

Radiator Software Ansible playbooks offer an easy way to install, configure and control one or several Radiator instances in a single or multiple host environment. When needed, the Radiator environment managed with Ansible can be scaled up or down by increasing the number of Radiator instances in a host, or by deploying Radiator to a completely new existing host. With Ansible playbooks available Radiator instances can be configured to different roles, for example from load balancers to ensure even traffic distribution to worker instances handling the actual authentication or accounting. 

The Radiator Software Ansible playbooks can be run in a cloud-native infrastructure, such as Openstack, as well as on static VMs. As a lightweight configuration management option the Radiator Software Ansible playbooks take only small effort to set up, while maximizing the efficiency once in use.

More details in our blog