Verizon Wireless deployed Sun OpenSSO Enterprise across its wireless and broadband lines of business to provide single sign-on for over 50 million customer accounts. This allows customers to access all authorized Verizon products and services with one login. The deployment involved integrating OpenSSO with over 25 vendors and implementing high availability, high performance authentication, and identity federation between Verizon brands. Key aspects included geographic redundancy across data centers, session failover, a highly tuned architecture leveraging Sun hardware, and over 50 million user identities.
2. Verizon Wireless OpenSSO Deployment
Verizon Wireless is a leader in wireless voice, data,
information and entertainment services
Joint venture of Verizon Comms (NYSE: VZ) +
Vodafone (NYSE: VOD)
85 million customers
71,000 employees
$44 billion annual revenue
More than 2,600 retail stores & kiosks
One of the most reliable wireless network in the U.S.
● Network coverage: 267M POPs
● Rapid Disaster Response, Portable Cell Site
2
3. Verizon Wireless OpenSSO Deployment
Goals
Give users a unified experience across all
●
authorized products and services by Single
Sign On (SSO) by assigning Account Owner
and Account Member roles and multi-line
accounts
● Permit standardization across all self-serve
platforms by authentication and authorization
logic to prevent site intrusion
● Provide seamless integration between Verizon
Wireless (VZW) and other lines of businesses
(LOBs) to improve customer experience
Benefits
Easy to integrate new products and services
●
● Simplified SSO reduces IT cost and improves
security
● Access Manager (AM) improves security by
authentication & authorization logic
● Enable cross-domain SSO unifies user
experience between VZW and ASPs
● Enable customized audit capabilities through
AM for log access information and diagnostic
information analysis
3
4. Verizon Wireless (Technical Requirements)
A Deployment Topology & Architecture that supports
High Availability
●
High Throughput
●
High Performance
●
A flexible Systems Design that supports
SSO with applications hosted on disparate platforms & containers
●
Federation & Liberty Protocols
●
Customization at all levels including Authentication, Authorization and
●
Federation
4
5. Verizon Wireless OpenSSO Deployment
Access Manager SSO :
Implemented for both B2C and B2B on Wireless
●
and Broadband
● 50M MyVerizon wireless customers registered
online
● 2M logins/day on VZW
● Supports role based access
● 25 different product vendors integrated
Federation :
Implemented Federation across VZW and VZT for
●
B2C customers
● Implement Federation across VZW and .Net for SMB
customers
● Implemented Federation across VZW and VZB for
business customers
● Login once & toggle between two distinct My Account
websites.
● Convenient access for One-Bill and bundle services
5
6. Verizon Wireless (AM SSO Features)
Account Management
Registration & Login (2M Logins/day)
●
● Password Management
● Profile & Preference Management
User Authentication
Cross-Domain Single Sign-On and
●
● State Management
● Role-based Access Control
● Standard User Authentication System for
All External Sites
Customized APIs
Customized Services for Billing,
●
Handset, Provisioning and Post-Login
Functions
6
7. Verizon Wireless (AM Federation Features)
Seamless integration between Verizon Wireless
●
and other Verizon LOBs
● Login once & toggle between two distinct
My Account web sites
● Convenient access for One-Bill and bundle
services
● Cross-sell opportunities on both sites
7
8. Verizon Wireless Architecture
High Availability
Geographic redundancy in two data
●
centers (East & West)
● Session failover capabilities with four
instances of AM within each data center.
● Six way multi-mastered directory servers
across data centers
High Performance
Over 50M identities
●
● Over 4000 successful authentications per
minute (peak)
● Over 250K active users (peak)
● Provide SSO with over 25 ASPs
8
9. Verizon Wireless Architecture
Superior Sun hardware
Web servers -T2K (Niagra chipset) for superior multithreaded performance
●
● Directory –x4600 (Opteron chipset) for high disk i/o
Design Choices
Use of Session Attributes (as opposed to profile)
●
● Turn off profile notifications from AM to agents
● Segregating the configuration Realm
● Restrict the use of URL policy and J2EE policy mode
● Load balancer configuration to ensure stickiness
● Writing to one master LDAP
Tuning
OS –Memory, File system and Networking
●
● AM Tuning
● JVM tuning
● Agent Tuning
● Directory Server Tuning
9