We all know the burden of having to remember the myriad of usernames and passwords we use to log in to various systems and applications. User accounts, e-mail, web sites, online banking – the list goes on. Some platforms require a username, others an e-mail address. Many applications have different password complexity requirements and password expiration times, and of course, you shouldn’t be using the same password for all your accounts. To simplify and harmonize our products’ user experience, we use single sign-on for our WebPortal, which handles user authentication and manages access rights.

Single sign-on

Single sign-on (SSO) allows users to access multiple related but independent systems, using the same credentials. This means a user can log in to system A, then switch to a connected system B without having to log in again. Similarly, single sign-off means that the user can log out from system B and the session in system A will also be invalidated.

There are several techniques and protocols that can be used to implement SSO, for example, Kerberos, SAML or OpenID. Most of them use some form of central authentication service that provides an interface for connected systems to validate user credentials.

Seamless integration into our WebPortal

Another method to implement SSO is called Web Access Management (WAM). It is the underlying technology we use for the R&S mobile network testing WebPortal. The WebPortal handles user authentication and provides access to different back-end applications, for example SmartMonitor. In the near future, it will also include other products such as our innovative web-based post-processing solution.

Why is this great? The integration of these applications into the portal is seamless. The user is neither required to access different products individually nor does he have to remember where these applications are physically located. Everything can be done through a single portal. Most importantly, all applications are web-based, and this means goodbye to remote desktop connections.

single sign-on

Architectural overview of an example WAM setup

What can users achieve using the portal?

An example: the RF Engineer can set up and configure test campaigns; the Driver can start preconfigured campaigns and perform data collection during a drive test; the Post Processing Engineer can import these measurements and run detailed analysis jobs; and the Deployment Manager can view and sign off generated reports – all this is possible through a single front-end that connects to multiple, highly scalable back-ends.

Through the WebPortal, different back-end applications might also communicate with each other. This allows automated chaining of data collection, post-processing, and report generation tasks across different back-end systems.

How does this scale horizontally?

The post-processing application might run across multiple processors and databases, but as cube calculations and algorithms can be very demanding on the hardware, you might consider adding additional machines. You might also prefer to use separate machines for different projects or customers.

New applications, such as additional post-processing instances, can be easily connected to the WAM at runtime: simply set up a new physical server (or clone a virtual one), install the our software, and point it to the WebPortal (the portal credentials must be provided). And … that’s it! There’s no downtime and users don’t even need to log out. As soon as the new application is registered, they will see a popup letting them know that the application is available and ready for use.

As far as users are concerned, they access a single platform, each user with his own username and password. Users are assigned specific roles that control available applications or application features. The result is a user interface that is very integrated and easily extensible but also allows each user to focus on the task at hand.

In the next part of this series, I’ll delve deeper into user role management.