A HEART OF STEEL

Looking at the runaway success of the Totalise ISP concept

and one of the software secrets of its break with tradition

In the fast-moving world of Internet Service Providers, the name Totalise is one that has been attracting a lot of attention.

Its phenomenal growth has been fuelled in large part by an imaginative idea of giving shares to its customers on a usage basis and this smart move has opened up expansion plans around the world for the company.

Announcing plans for a flotation of the company on AIM as well as launches in Australia and South Africa, Chief Executive Officer, Dr. Peter Gregory, said: "Totalise was started as a quasi-mutual ISP with a unique business model and vision of the future which has proved both popular and successful. We took a lot of trouble to ensure that Members had the majority of shares in the company very early on, and at the current time the majority of the issued shares in the company have been given free of charge to our users.

"By giving away these 'marketing shares', we have not only pioneered a new 'Third Way' between mutual societies and stock market-listed financial institutions, but have grown our subscriber base dramatically in a very short space of time. All of this was done without spending millions of pounds on advertising or other costly forms of marketing and promotion, unlike many of our competitors.”

At the heart of the success of this share scheme of course is careful accounting and a remarkable product called Steel Belted RADIUS.

Robin Johnson, xxx, explained “We have used it to obtain accounting data in real time, which is very important as we operate a share based loyalty scheme that requires us to know exactly how and when users have been connected with us.”

Important though it is, accounting is only one side of the coin, of course. Authentication was also a prime mover for installing Steel Belted RADIUS.

“We particularly liked SBR because it is very flexible. It allows us to authenticate users against our Oracle DB and it is flexible enough to be configured to work with a wide range of proxy servers.

“Although Radius is a standard, it is one that very few staff and ISP companies have expertise in. SBR helps overcome that because it is so straightforward.

“Sure, there are shareware products that we could have used but as a commercial organisation we need to be able to guarantee high quality support.

“We have been using SBR in the UK for 15 months. In Aus, we have been using it for two months - but not live at the present time because we are waiting to launch the ISP service post Olympics. 

“We decided to use it in Australia because we were very happy with the reliability of the product, it has never failed us in 15 months and we were impressed by the level of support we received from Network Utilities, who supplied us with  the product.

“In Australia we have used it in a more sophisticated way because ISPs in Australia are subscription based and SBR has allowed us to implement a pay as you go system for internet access, controlling the amount of time users can dial-in for according to how many credits they have purchased and subsequently used and restricting their access to just our web servers if they run out of credits – this allows them to dial in and purchase more credits but not to do anything else.

“In the future we may well use the ISP version of this product (we currently use the enterprise version) since we will need to allow other companies to dial-in via our services and we will therefore need to handle multiple domain names.”

The Service Provider Edition delivers a total RADIUS solution on the scale required by Internet Service Providers and carriers.

In use on numerous service provider networks worldwide, Steel-Belted Radius/SPE provides the power and flexibility that is needed to manage the delivery of enhanced services to customers. It also integrates well with all aspects of an ISP’s  NOC, from customer authentication and service delivery to the back-office accounting and billing system.

The RADIUS Concept

 Increasingly, Internet-connected enterprise customers are outsourcing their dial-in capabilities to eliminate the hassle of owning and maintaining remote access servers, modems, and phone lines. Frequently, a secondary requirement of these outsource customers is to be able to maintain control of the authentication component of remote access, even though they’ve outsourced the equipment component.

And, more and more customers are also demanding "roaming" services from their Internet Service Provider, so they can have local Internet access wherever they travel.

“While these services represent significant opportunities for Telcos and ISPs, a critical capability which must be in place is a method for secure, centralized authentication of remote and Internet users. Without this, offering these services becomes nearly impossible.” said Michele Lewington, Managing Director of Network Utilities.

To meet these authentication requirements,— RADIUS (Remote Authentication Dial In User Service) — emerged as a new standard. RADIUS, which is supported by the leading remote access server, firewall, and VPN vendors, provides a standard way for these gateways to communicate with a central server for the purpose of authenticating users, authorizing their access to the network, and accounting on their presence.

One feature of RADIUS is the ability to forward authentication requests received by one RADIUS server to a second RADIUS server which contains the appropriate authentication information. This "proxy RADIUS" capability – which lets users be authenticated at a different location from where they are actually dialing in to – is what makes it possible to offer both enterprise-based authentication to an ISP’s outsource customers and roaming services to its Internet access customers.

Michele Lewington, Managing Director of Network Utilities, believes that “While traditional UNIX-based RADIUS shareware has been able to satisfy some of these requirements, this has been at a significant installation, maintenance, and support cost. In contrast, Steel-Belted Radius is  a full-function RADIUS server that provides strong proxy RADIUS capabilities in a product that runs out-of-the-box in your familiar NetWare, Windows NT, or UNIX environment.”

Product Overview

Developed by Funk Software, Steel-Belted Radius is a complete implementation of the RADIUS standard that runs as a native application in your Novell NetWare, Windows NT, or Solaris (available Q4 1997) environment. On a Novell server, it runs as a set of NetWare Loadable Modules (NLMs); on a Windows NT server, it runs as a set of NT services.

Steel-Belted Radius can process authentication requests from any RADIUS client, including remote access servers from 3Com, Ascend, Bay Networks, and Cisco, firewalls from Raptor, Check Point, Cisco, and Ascend, and VPN routers from New Oak Communications and VPNet.

Steel-Belted Radius is powerful enough to be appropriate for installation both at an ISP POP or on an enterprise customer LAN.

• On site, its powerful proxy RADIUS capabilities let it forward authentication requests to the RADIUS server with the appropriate information – whether it’s at another ISP POP, or at the customer LAN. Steel-Belted Radius can also receive and process proxy RADIUS requests from other RADIUS servers.
• On a customer LAN, its tight integration with NetWare and Windows NT allows remote access users – whether they’re connecting via a corporate data outsource service provider or via a remote access gateway on the LAN – to be authenticated against the passwords and groupings already created in NetWare or Windows NT.

These powerful capabilities let an ISP:

• Use remote access equipment from a variety of vendors while maintaining a common security model and administrative interface
• Easily offer roaming services to customers – including access to commercial web-based services such as WebTV
• Provide corporate data access to customers, while letting them maintain control over the authentication of users onto their LAN, using the network operating system directory of names and passwords that’s already in place.
• Easily integrate their service with the enterprise security architecture that’s already in place at their customer’s location. With Steel-Belted Radius, an ISP’s equipment will always be compatible with its customers’.

Get centralized accounting and reporting of all remote access to the network, and view the real-time status of all currently connected users. Steel-Belted Radius supports RADIUS accounting, and is fully compatible with ISP reporting and billing software

Conclusion

ISP’s are busy providing new remote access technologies including higher-speed analogue modems and ISDN to their enterprise customers. To leverage this investment, ISP’s can provide corporate data outsource services to their enterprise customers without the tremendous overhead in managing user-level authentication and authorization issues, or supporting "freeware" RADIUS servers at customer sites.

Most enterprise customer environments today are already using Novell NetWare or Microsoft Windows NT authentication to manage access. It makes sense for customers to use their existing infrastructure to manage all types of remote access for authentication, authorization, and accounting. Plus, this yields increased control, since all access is managed locally and can be audited with full assurance that all entries into the LAN can be accounted for.

The major remote access and firewall vendors support Steel-Belted Radius, so investment in NetWare and Windows NT is protected.

Steel-Belted Radius provides a complete solution to centralizing authentication and accounting for all remote access. Because it integrates proxy RADIUS authentication with the existing NetWare or Windows NT databases, it simplifies administration. And because it runs as an NLM or Windows NT service right on the network file server, it does not require expensive and difficult-to-manage hardware devices. Steel-Belted Radius provides the most sophisticated management technologies available today.