Background
The United States Postal Service (USPS), headquartered in Washington, DC, has three large data centers and up to 34 thousand remote postal facilities throughout the United States, including Hawaii and the territories of Guam and Puerto Rico. USPS centralized applications are located on mainframes and servers at its two production centers in Minneapolis, Minnesota, and San Mateo, California. Their distributed applications are located predominantly at approximately 85 district offices.
As of a result of an agency-wide migration from the SNA protocol in 1996, the USPS network has standardized on the TCP/IP protocol. Accounting, payroll, management performance systems, electronic package tracking, and e-mail are just some of the applications served by the Postal Routed Network (PRN).
The Challenge: Universal Access, Variable Privileges
The USPS needed to provide dial-up access to its TCP/IP servers for all remote locations, including USPS employees and selected outside vendors working in remote offices that are equipped only with standalone PCs and modems. "Our overall agency goal," explains Rick Yost, Program Manager of Network Software for USPS,"is to get all of our remote dial-in users connected using customizable user security and centralized management."
Just providing dial-up remote node connectivity to centralized resources wasn't enough. The access rights of each remote postal facility vary on a per-user basis. Some users, for example, need to access accounting, and some don't. The USPS needed a solution that could meet the following criteria:Reliability: Thousands of users depend on the USPS dial-up network for real-time access to centralized resources. With a limited support-staff, the USPS cannot waste scarce network administration technical resources on equipment hardware or software problems.
Customizable user security: Basic dial-up authentication and varied access levels mustbe enabled on a per-user basis.
Scalability: Because of the large population of remote users, the USPS must be able to add bandwidth easily and to centrally manage user security profiles.
Solution
Livingston's ComOSTM operating system and the advanced design of the PortMaster 3 Integrated Access Server's True DigitalTM modem architecture were key reasons for the USPS decision. Used by more than 2,000 ISPs worldwide, ComOS is the most reliable and mature operating system designed specifically for InterNetworking Systems. The centralized manage-ment afforded by Livingston's RADIUS and ChoiceNetTM servers met the requirements set by the USPS for scalable, customized user access privileges.
How ChoiceNet Centralized Filter Management Works
Livingston's ChoiceNet is a dynamic filter management technology that automates the administration of packet filters over widespread InterNetworking Systems networks. ChoiceNet servers provide the packet filters that define access privileges for USPS resource servers and applications, on every user dial-in session.Through its client-server architecture, ChoiceNet eliminates the manual configuration and administration of filter rules on each individual PortMaster 3. ChoiceNet filters are configured once on the ChoiceNet server. They are then referenced by name either on the access device or in a RADIUS user record. When a specific filter name is invoked by a RADIUS-authorized dial-in session, the filter rules are dynamically downloaded from the ChoiceNet server to the PortMaster 3 and implemented for the duration of that user's session. ChoiceNet allows the USPS to scale its InterNetworking Systems network while efficiently maintaining the quality of user access controls.
Figure 1 illustrates the step-by-step process by which the ChoiceNet server exercises permit or deny access to USPS resources throughout the network.ResultsThe USPS has installed banks of Livingston PortMaster 3s with internal modems at each of its three data center locations. Remote users have dial-up connectivity to the PortMaster 3s over an 800 number. Figure 2 shows how ChoiceNet and RADIUS interact with the PortMaster 3 to provide user authentication and authorization as well as resource access to USPS servers throughout their Intranet.
"At each of our three data center locations," Yost explains, "we now have Sun Microsystems servers running Livingston RADIUS and ChoiceNet software, and that has allowed us to do centralized authentication and on-the-fly filtering. Livingston's InterNetworking Systems solution saves us time with the limited amount of network administration resources we have. We're pleased with the PortMaster 3s because of their smaller footprint and the digital modems that enable 56Kbps connectivity. The PRI circuit seems like the way to go, and it has worked out well."
[an error occurred while processing this directive]