Service Description

The Central Authentication service uses a Microsoft Active Directory domain installed on Windows 2012 R2 servers leveraging virtual machine infrastructure dispersed among multiple data center locations for high availability and fault tolerance. The Central Authentication System (CAS) provides a highly available authentication and directory services solution for PAAS, IAAS, and Managed Hosting customers.

What is Included

The primary focus of the CA-RBAC service is to establish Elevated Privilege (EP) controlled access into hosted resources. All data center infrastructure and hosted customer systems inside the data center’s logical security boundaries use the system today. For servers and various other forms of resources which reside within the USDA UTN TIC such as IAAS or Managed Hosting, the CA-RBAC service can be extended into other boundaries for customers. If a domain trust is required to establish pass-through authentication services from a different credential store or identity provider, the NITC’s CA-RBAC system can support that type of interconnectivity.

How We Charge

• A flexible cost structure that allows customers to pay only for the devices that are connected to the Central Authentication System.
• All maintenance is inclusive in the monthly utilization fee.

Service Level Metrics

* - NITC reserves the option to schedule routine infrastructure maintenance activities on Sundays between 1800 to 2400 hours Central Time.

Cost Saving Tips

• If device no longer used, make sure to request decommission so that device is no longer billed for CA-RBAC service.

Additional Information

• If external authentication or RBAC systems need to interface with the CA-RBAC service, an Interconnection Security Agreement (ISA) will be established between organizations. The ISA will define how the interconnectivity will be used, any risks, and what security controls are associated with the interconnectivity for both parties.