Skip to main content
Versa Networks

Configure Passive Authentication for VMS

  1. Last updated
  2. Save as PDF

Versa-logo-release-icon.pngFor supported software information, click here.

Versa Messaging Service (VMS) is a services platform that enhances the scalability of Versa services and applications. VMS is built by leveraging state-of-the-art open source technologies such as Kubernetes and Docker.

The following are some of the main features of VMS:

  • Handles data such as critical network performance information, security updates, and passive authentication data such as user-to-IP address mapping
  • Manages highly dynamic data that is streamed to each Versa Operating System™ (VOS™) device to keep it updated
  • Processes a high volume and a large scale of data

VMS is a component of the Versa headend as shown in the following figure.

vms-in-headend.PNG

VOS devices use VMS to support passive authentication, using it to check and confirm user identity without requiring any specific action to authenticate users. For passive authentication, VMS handles high volumes of streamed data and disseminates this data to VOS devices deployed across a network. 

VMS circulates user–IP address mappings to VOS devices over two channels:

  • Real-time channel—Streams data in near real-time from VMS servers to VOS devices that are configured to receive the user–IP address mappings.
  • Bulk update channel—Creates a snapshot of the current user–IP address mappings available to VOS devices at a configurable interval. VOS devices use the bulk update channel to synchronize the user–IP mappings when the real-time channel is not available.

VMS includes the following components:

  • Database—The database receives the user–IP address bindings from the Microsoft Active Directory (AD) server using a Windows Management Instrumentation (WMI) agent. If the full set of user–IP address mappings is requested, the response is received as a bulk update. The WMI Agent subscribes only to certain AD events.
  • Messaging server—Publishes real-time user–IP address mappings to devices that subscribe to receive incremental updates for the version installed on the device. Incremental updates are published only if the incremental update is greater than the full update version.
  • Package builder—Provisions the update for devices and informs Versa Director about the availability of a new full update of the user–IP address mappings database.
  • WMI agent—Receives and passes on notifications from AD to VMS to update VMS entries, and learns about new events. The WMI agent publishes incremental updates to the real-time messaging server. For more information, see Install and Configure the WMI Agent.
  • VOS devices—Search for user–IP address mapping in the local VOS database. If a VOS device receives the traffic from a user whose IP address is present in its user–IP address mapping, the configured user or group policies are evaluated and policies are applied. To authenticate users who are not authenticated using passive authentication (for example, WiFi users and guest users), you must configure VOS with active authentication using SAML or Kerberos. VMS supports user–IP address mappings for IPv6 addresses. Currently, however, Versa Networks does not support IPv6 as a transport from VMS to VOS devices.

Configure a Messaging Server

To configure a messaging server, you add a messaging server and then associate it with an authentication profile whose authentication type is set to "passive."

Add a Messaging Server

  1. In Director view:
    1. Select the Administration tab in the top menu bar.
    2. Select the Appliances in the left menu bar.
    3. Select a device name in the main panel. The view changes to Appliance view.
  2. Select the Configuration tab in the top menu bar.
  3. Select Others others-icon.png > Organization associate-organization-icon.png> Messaging Service messaging-service-icon.PNGin the left menu bar.

    messaging-service-main.PNG
  4. Click the Add icon. In the Add Messaging Service Server popup window, enter information for the following fields.

    add-messaging-service-server.PNG
     
    Field Description

    Name

    (Required)

    Enter a name for the messaging server.

    Value: Text string from 1 through 127 characters

    Default: None
    Description Enter a text description for the VMS messaging server.
    Routing Instance Select the routing instance through which the VMS messaging server is reachable.
    CA Chain Select the certificate authority (CA) chain to use for the server.
    Port

    Enter the port number for the VMS messaging server.

    Default: 3074

    Address

    		  
    • FQDN
    		 Enter the fully qualified domain name of the messaging server.
  5. Click OK.

Associate an Authentication Profile with a VMS Server

To associate a user or group authentication profile with a VMS messaging server:

  1. In Director view:
    1. Select the Administration tab in the top menu bar.
    2. Select Appliances in the left menu bar.
    3. Select a device name in the main panel. The view changes to Appliance view.
  2. Select the Configuration tab in the top menu bar.
  3. Select Object and Connectors objects-connectors-icon.png > Connectors Connectors-Icon.png> Users/Groups users-groups-icon.png > Authentication > Profiles in the left menu bar.
  4. Click the add-icon.png Add icon. The Add Authentication Profile popup window displays. For more information, see Configure an Authentication Profile in the Configure User and Group Policy article.

    add-authentication-profile-vms.PNG
  5. In the Authentication Type field, select Passive.
  6. In the VMS Profile field, select the messaging server you configured in Configure a Messaging Server, above.
  7. Click OK.

Supported Software Information

Versa Director Releases 22.1.4 (with a build dated 11-10-2024 or later) and later support all content described in this article.
VOS Releases 22.1.4 (with a build dated 11-10-2024 or later) and later support all content described in this article.
Versa Analytics Releases 22.1.4 (with a build dated 11-10-2024 or later) and later support all content described in this article.
VMS Releases 5.1.1 and later support all content described in this article.