1 / 22

LDAP ( Lightweight Directory Access Protocol )

LDAP ( Lightweight Directory Access Protocol ). LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate Intranet.

lucretia
Download Presentation

LDAP ( Lightweight Directory Access Protocol )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. LDAP (Lightweight Directory Access Protocol) • LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate Intranet. • LDAP is a "lightweight" (smaller amount of code) version of Directory Access Protocol (DAP), which is part of X.500, a standard for directory services in a network. LDAP is lighter because in its initial version it did not include security features.

  2. LDAP (Lightweight Directory Access Protocol) • LDAP originated at the University of Michigan and has been endorsed by at least 40 companies. Netscape includes it in its latest Communicator suite of products. Microsoft includes it as part of what it calls Active Directory in a number of products including Outlook Express. Novell's NetWare Directory Services interoperates with LDAP. Cisco also supports it in its networking products. • In a network, a directory tells you where in the network something is located. On TCP/IP networks (including the Internet), the domain name system (DNS) is the directory system used to relate the domain name to a specific network address (a unique location on the network). However, you may not know the domain name. LDAP allows you to search for an individual without knowing where they're located (although additional information will help with the search).

  3. LDAP (Lightweight Directory Access Protocol) An LDAP directory is organized in a simple "tree" hierarchy consisting of the following levels: • The root directory (the starting place or the source of the tree), which branches out to • Countries, each of which branches out to • Organizations, which branch out to • Organizational units (divisions, departments, and so forth), which branches out to (includes an entry for) • Individuals (which includes people, files, and shared resources such as printers) An LDAP directory can be distributed among many servers. Each server can have a replicated version of the total directory that is synchronized periodically. An LDAP server is called a Directory System Agent (DSA). An LDAP server that receives a request from a user takes responsibility for the request, passing it to other DSAs as necessary, but ensuring a single coordinated response for the user.

  4. Authentication, Authorization, Accounting (AAA) • Authentication, Authorization, Accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for effective network management and security. • As the first process, authentication provides a way of identifying a user, typically by having the user enter a valid user name and valid password before access is granted. The process of authentication is based on each user having a unique set of criteria for gaining access. The AAA server compares a user's authentication credentials with other user credentials stored in a database. If the credentials match, the user is granted access to the network. If the credentials are at variance, authentication fails and network access is denied.

  5. Authentication, Authorization, Accounting (AAA) • Following authentication, a user must gain authorization for doing certain tasks. After logging into a system, for instance, the user may try to issue commands. The authorization process determines whether the user has the authority to issue such commands. Simply put, authorization is the process of enforcing policies: determining what types or qualities of activities, resources, or services a user is permitted. Usually, authorization occurs within the context of authentication. Once you have authenticated a user, they may be authorized for different types of access or activity.

  6. Authentication, Authorization, Accounting (AAA) • The final term in the AAA framework is accounting, which measures the resources a user consumes during access. This can include the amount of system time or the amount of data a user has sent and/or received during a session. Accounting is carried out by logging of session statistics and usage information and is used for authorization control, billing, trend analysis, resource utilization, and capacity planning activities. • Authentication, authorization, and accounting services are often provided by a dedicated AAA server, a program that performs these functions. A current standard by which network access servers interface with the AAA server is the Remote Authentication Dial-In User Service (RADIUS).

  7. RADIUS Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single administered network point. Having a central service also means that it's easier to track usage for billing and for keeping network statistics. Created by Livingston (now owned by Lucent), RADIUS is a de facto industry standard used by a number of network product companies and is a proposed IETF standard.

  8. F. NGN signaling protocols and QoS mechanisms Signaling Protocols • H.323 • SIP • MGCP • Megaco/H.248 • SIP-T • SIGTRAN • BICC Mechanisms (QoS, Resource Allocation) • MPLS • IntServ • DiffServ

  9. VoIP protocols: 1. H.323, ITU-T • H.323 - first call control standard for multimedia networks. Was adopted for VoIP by the ITU in 1996 • H.323 is actually a set of recommendations that define how voice, data and video are transmitted over IP-based networks • The H.323 recommendation is made up of multiple call control protocols. The audio streams are transacted using the RTP/RTCP • In general, H.323 was too broad standard without sufficient efficiency. It also does not guarantee business voice quality

  10. VoIP protocols: 2. SIP - Session Initiation Protocol, IETF (Internet Engineering Task Force) • SIP - standard protocol for initiating an interactive user session that involves multimedia elements such as video, voice, chat, gaming, and virtual reality. Protocol claims to deliver faster call-establishment times. • SIP works in the Session layer of IETF/OSI model. SIP can establish multimedia sessions or Internet telephony calls. SIP can also invite participants to unicast or multicast sessions. • SIP supports name mapping and redirection services. It makes it possible for users to initiate and receive communications and services from any location, and for networks to identify the users wherever they are.

  11. VoIP protocols : 2. SIP - Session Initiation Protocol, IETF (Internet Engineering Task Force)(Cntd) • SIP – client-server protocol, Rq from clients, Rs from servers. Participants are identified by SIP URLs. Requests can be sent through any transport protocol, such as UDP, or TCP. • SIP defines the end system to be used for the session, the communication media and media parameters, and the called party's desire to participate in the communication. • Once these are assured, SIP establishes call parameters at either end of the communication, and handles call transfer and termination. • The Session Initiation Protocol is specified in IETF Request for Comments (RFC) 2543.

  12. VoIP protocols : 3. MGCP/Megaco/H.248 • MGCP - Media Gateway Control Protocol, IETF [Telcordia (formerly Bellcore)/Level 3/Cisco] • MGCP – control protocol that specifically addresses the control of media gateways • Megaco/H.248 (IETF, ITU) - standard that combines elements of the MGCP and the H.323, ITU (H.248) • The main features of Megaco - scaling (H.323) and multimedia conferencing (MGCP)

  13. SIP-T • SIP-T (SIP for telephones, previously SIP-BCP-T) is a mechanism that uses SIP to facilitate the interconnection of the PSTN with IP. SIP-T defines SIP functions that map to ISUP interconnection requirements. • This is intended to allow traditional IN-type services to be seamlessly handled in the Internet environment. It is essential that SS7 information be available at the points of PSTN interconnection to ensure transparency of features not otherwise supported in SIP. SS7 information should be available in its entirety and without any loss to the SIP network across the PSTN-IP interface.

  14. SIGTRAN • SIGTRAN (for Signaling Transport) is the standard Telephony Protocol used to transport Signaling System 7 signals over the Internet. SS7 signals consist of special commands for handling a telephone call. • Internet telephony uses the IP PS connections to exchange voice, fax, and other forms of information that have traditionally been carried over the dedicated CS connections of the public switched telephone network (PSTN). Calls transmitted over the Internet travel as packets of data on shared lines, avoiding the tolls of PSTN.

  15. SIGTRAN A telephone company switch transmits SS7 signals to a SG. The gateway, in turn, converts the signals into SIGTRAN packets for transmission over IP to either the next signaling gateway. The SIGTRAN protocol is actually made up of several components (this is what is sometimes referred to as a protocol stack): • standard IP • common signaling transport protocol (used to ensure that the data required for signaling is delivered properly), such as the Streaming Control Transport Protocol (SCTP) • adaptation protocol that supports "primitives" that are required by another protocol.

  16. SIGTRAN • The IETF Signaling Transport working group has developed SIGTRAN to address the transport of packet-based PSTN signaling over IP Networks, taking into account functional and performance requirements of the PSTN signaling. For interworking with PSTN, IP networks will need to transport signaling such as Q.931 or SS7 ISUP messages between IP nodes such as a Signaling Gateway and Media Gateway Controller or Media Gateway. Applications of SIGTRAN include Internet dial-up remote access and IP telephony interworking with PSTN.

  17. Bearer Independent Call Control • Bearer Independent Call Control (BICC) is a signaling protocol based on N-ISUP that is used to support NB-ISDN service over a BB backbone network without interfering with interfaces to the existing network and end-to-end services. Specified by the ITU-T in recommendation Q.1901, BICC was designed to be fully compatible with existing networks and any system capable of carrying voice messages. BICC supports narrowband ISDN services independently of bearer and signaling message transport technology.

  18. Bearer Independent Call Control (Cntd.) ISUP messages carry both call control and bearer control information, identifying the physical bearer circuit by a Circuit Identification Code (CIC). However, CIC is specific to time-division multiplexed TDM networks. BICC was developed to be interoperable with any type of bearer, such as those based on asynchronous transfer mode ATM and IP technologies, as well as TDM. BICC separates call control and bearer connection control, transporting BICC signaling independently of bearer control signaling. The actual bearer transport used is transparent to the BICC signaling protocol - BICC has no knowledge of the specific bearer technology.

  19. Bearer Independent Call Control (Cntd.) • The ITU announced the completion of the second set of BICC protocols (BICC Capability Set 2, or CS 2) in July 2001; these are expected to help move networks from the current model - which is based on public-switching systems - to a server-based model. The BICC deployment architecture comprises a proxy server and a media gateway to support the current services over networks based on circuit-switched, ATM, and IP technologies, including third-generation wireless. • The completion of the BICC protocols is an real and important ITU step toward broadband multimedia networks, because it will enable the seamless of circuit-switched TDM networks to high-capacity broadband multimedia networks. The 3GPP has included BICC CS 2 in the UMTS release 4. Among the future ITU-T plans for BICC are the inclusion of more advanced service support and more utilization of proxies, such as the SIP proxy.

  20. SCTP TCP transmits data in a single stream (sometimes called a byte stream) and guarantees that data will be delivered in sequence to the application or user at the end point. If there is data loss, or a sequencing error, delivery must be delayed until lost data is retransmitted or an out-of-sequence message is received. SCTP's multi-streaming allows data to be delivered in multiple, independent streams, so that if there is data loss in one stream, delivery will not be affected for the other streams.

  21. SCTP For some transmissions, such as a file or record, sequence preservation is essential. However, for some applications, it is not absolutely necessary to preserve the precise sequence of data. For example, in signaling transmissions, sequence preservation is only necessary for messages that affect the same resource (such as the same channel or call). Because multi-streaming allows data in error-free streams to continue delivery when one stream has an error, the entire transmission is not delayed.

  22. PSTN Data networks Flexible bandwidth QoS SOFTSWITCH Switch Switch Switch Switch Services Effective transmission G. NGN as converged networks: concluding remarks Voice services for IP-users VoIP

More Related