Ruijie RG-SAM+ Security

 

RG-SAM+ Security Accounting Management System

  • Ruijie RG-SAM+ is a proven comprehensive authentication and accounting system based on RADIUS. The RG-SAM+ has served more than 20 million users in 1168++ universities over the past 14 years. The RG-SAM+ has integrated with most of the available authentication modes including 802.1X, Web, PPPoE, IPoE and remote VPN access. This platform also supports access control, unified network access/egress access control, gateway and flattened authentication modes. The RG-SAM+ hence offers remarkable flexibility for users to formulate the best solution to meet their needs.With the single unified authentication platform, the RG-SAM+ fully supports access control
Specifications Description
User Authentication Support multi-service unified authentication through variety of access methods such as wired, wireless, 802.1X, PPPoE, VPN, Web, and gateway or egress access. The same user also can access different services based on different needs and requirement.
Support MAC Address Bypass (MAB) authentication for devices which cannot support IEEE 802.1x protocol.
Support credential (username, password) security encryption and management through https, MS-CHAPv2, PEAP.
Access Control Support comprehensive authentication policy management with at least the combination of who, how, what, where and when information criteria.
Support account binding with IP, MAC, access switch IP, port though wired access; support account binding with the user MAC, AP MAC binding, SSID, wireless switches IP through wireless access.
Support restriction control on users’ static IP or dynamic IP access method.
Support flexible control of the access periods such by day / week / holiday time or customized duration. Different access time interval control to allow the users access the network or internet with different independent policy.
Support region / zone policy control according to user’s IP and NAS IP, this can prevent specific area to have internet access
Seamless Authentication Support seamless authentication for 802.1x, Web-Authentication and Wireless access. The registered user is only required to login once and the authentication system will able to recognize and allow the user to login to network without any username / password input in the future whenever the user access the network / wireless in the authenticated zone.
Support seamless authentication based on location.
Support seamless authentication with different accounting/billing policy.
Support wireless and dot1x seamless authentication with LDAP encrypted mode.
Support seamless authentication for certain hardware equipment through MAC address.
Support flexibility option for user to enable or disable the seamless authentication when necessary.
Authentication Performance Support high availability clustering technology (RG-AC), effectively solve the performance limitations of single server failover with high-speed services synchronization to ensure high availability and flexible scalability. At the same time, high availability clustering technology enables synchronization of information between multiple servers can support cross-regional roaming account, disaster recovery and continuous system operation.
MAC authentication performance: 2500/sec
IPOE performance: 1000/sec
Support external captive portal for better performance and resiliency.
Support web portal performance monitoring.
Big Data Operation Support 1000w online details queries.
Support 5w user export.
 

Egress Bandwidth and Quota Policy

(Required to interact with N18K/MSC, RSR77, ACE or compatible gateway)

Support quota management feature that will intelligently identify the user traffic destination so that quota management will only be applied to Internet access but not the intranet or LAN access for the each individual user at the same time.
Administrator has an option to put the user account in suspend mode or automatically switch to lowest fair usage policy if that particular user has reached the quota threshold.
Support different bandwidth according to user.
Support 100K online users bandwidth policy.
Support by user or by IP bandwidth policy.
User Management Support number of device limitation can be authenticated per user and allow user to automatic register the device on the first successful login access.
Support unified user management such as user info viewing / management, detail log by username, online user statistic, access control, user notification, website redirection, online / offline log, MAC/IP binding control and other comprehensive features to help administrator manage the authentication system easily.
Provide the functions of flexible account pre-opening and account pre-destroyed. These will automatically achieve a large group of user such as students graduated from campus to reduce administrator workload and improve productivity. This also helps to save investment by release the user count.
Support powerful log function. This function enables record and query of the RADIUS service logs, system logs, manager operation logs such as password changes, user Web self-help logs, and bill server logs, and this is helpful for audit. Working with the RG-elog, the RG-SAM+ provides analysis and inquiry functions based on user’s NAT log and URL log.
Support flexible authority customization. Hierarchical management must be available and support up to 3 levels of authorized management and menu access.
Support customized inquiry. Different administrators can have their own inquiries and their recent inquiry search can be saved for future use.
Support batch management operations such as batch modification of user information, batch information importing, batch information modification, batch binding and unbinding functions to reduce the workload of the administrator and prevent human error during the data entry process.
Support batch user information import through flexible import policy. All the import activities will be logged.
Support automatic user blocking function based on customization policy.
Support an option to blacklist user with customize notification message and flexibility effective periods such as range of date, time, or permanent.
Accounting Policy Support web authentication accounting / billing policy by month, duration, or traffic usage.
Support flexible accounting / billing such as by day, month, traffic usage, duration, customized period, or customized rule such as accounting / billing exception for a week.
Support policy management by area / location and service classification by area. Different users in different areas may access to different services. For example, in the reading area and student hostel area, a student can use different access services and proper accounting policies with the same account.
Support option to enable authentication mode with fees charging / billing and virtual fee charging with accounting for statistic purpose.
Account Management Account management, account flow management, manual account login, account / billing report management.
Operation Management Support visible star-map containing information of online user distribution and amount.
Support online user management, online user analysis, online usage ranking, detailed online management, network repair management, log management, wireless roaming management, and the system can generate the operational reports automatically.
Support intelligent maintenance functions such as automatically monitor, maintain and backup database files and operation status to reduce manual workload as well as minimize the risk of data lost.
Support at least 3 months’ comprehensive logs for security audit purposes. The log must contain the username, MAC, IP address, login date and time, network access devices, switch port, AP Mac, SSID, gateway IP, internet usage, internet log and other details to prove the end-to-end track record of user activities.
With the powerful data export function, the RG-SAM+ can output all reports in the Excel format. This facilitates double-check of data outside the system and provides data for other systems or units.
Self-service Portal Support customizable self-service platform which users can self-register, bind / unbind devices, change password, check quota, change plan, refer to FAQ and report a problem to reduce the administrator workload.
Support guest account set up on self-service platform. Authorized staff can authenticate guest by enabling temporary internet access for the guest with predefined policy such as maximum number of guest allow, maximum internet usage period and default redirect page after login. This also allows the administrator to trace the guest activities responsible by that particular staff.
User Monitoring Must support user star map that enables to show all the wired and wireless users on a campus map with user visual density indication to help administrator understand the user behavior for future project planning.
Support dynamic real-time graphs or charts to show the current online user number, online user location, online user by regional distribution, access method and other information.
Guest Management Must support easy guest authentication methods such as SMS and verification code.
Support QR code authentication so that guests can login to the network and internet by scanning a QR code without relying on the administrator to authorize it manually.
Support 3rd-party RADIUS authentication integration.
3rd-party Integration Support Microsoft Windows Active Directory (AD) domain integration, including seamless Single-Sign-On integration for a complete 802.1X authentication and Windows AD authentication.
Support the integration with LDAP server to obtain user identity information to achieve unified authentication.
Support rich interfaces for further development such as the digital campus one-card system.
Support standard web service interface based on SOAP protocol, other application can get user information such as user ID, group, user real name, online status through the web service interface.
End Point Compatibility Support the latest Windows, Mac desktops and support for Apple, Android mobile device platforms.
Support dual stack IPv4/IPv6 protocol.
Support device-based portal page and automatic screen fit feature for various screen resolution mobile device platform.