NI&S AAA Documentation

External Dependecies

NI&S's AAA system relies on a few services not presented by it's own infrastructure, and are supplied by other entites of VT Division of IT.

VMware/vCenter

The first of these depencies is vCenter, which manages the virtual machines that host many of the AAA System servers. The NI&S Systems Operations (NISSO) team is responsible for managing the virtualization config in vCenter.

Minimal access may be available to AAA System admins here: vcenter.nis.vt.edu.

However, any changes to the virtualization must be requested of NISSO, ideally with a ticket in Service Now. Tickets can be assigned to NIS-Systems.

Enterprise Directory

Virginia Tech's Secure Identity Services manages several services crucial to the function of the AAA System. Primary among these is the Enterprise Directory (ED), which presents identification data of VT-affiliates.

ED stores a pid password which is used by affiliates to access the vast majority of their networked services. For customer convenience, both Clearpass and several FreeRADIUS instances use ED as the authentication backing their own customers' access.

ED is also the authoritative source for the network password which VT-affiliates use to access eduroam and vpn services. This network password is replicated to the AAA System directories, and any changes to it must be made in ED and then allowed to propigate downstream to the AAA System.

Clearpass also leverages some of the more sensitive user data stored in ED to support role-based access for users. An ED-ID Service is maintained (along with an associated certificate) allowing the secure retrieval of that data. This ED-ID Service must be renewed yearly.

Requests for support should be directed to Identity Management Customer Support, and Service Now tickets can be assigned to IMCS.

The replication of network passwords from ED to the AAA System directory is handled with a software client designed and maintained by NI&S's own Software Development team. That team's Senior Director can be contacted for assistance, and tickets should be assigned to NIS-Software Development.

ATLAS

The NI&S Software Development team also maintains a database indirectly used by the AAA System, called ATLAS. This database stores authorization data related to VT-affiliates subscriptions to wireless and vpn services.

Similarly to Enteprise Directory, this data is replicated from ATLAS to the AAA System directory, via a software client managed by the Software Development team.

That team's Senior Director can be contacted for assistance, and tickets should be assigned to NIS-Software Development.

Password/Cert Repository

NI&S Network Operations use a combination of Pass, GPG, and GitLab to maintain two repositories for their passwords and certificates. The AAA System manages all of its admin passwords and certificates in these two stores.

• Password Store
• Certificate Store

For access to the stores, or assistance with their management, contact the Wireless Networking Team.