Print this page

Features and Benefits

Forced web-browser redirection with captive portal web application

Redirect selected end-user web requests to a local captive portal web application that features:

Integrated database for local credential storage. Simple and effective management of end-user credentials via a local SQL database with an AJAX web application GUI.

External database connectivity for credential challenge and response (e.g., via RADIUS, LDAP, WISPr, etc.). Integrate with other AAA mechanisms to reduce credential management overhead.

Extensible framework built using Ruby on Rails, eRuby and XML. Quickly and easily extend the portal web application to do anything imaginable through cutting edge Web 2.0 tools with an active open source community and ample availability of skilled developers.

Zero operator intervention end-user multi-tier self-provisioning billing system

Bill end-users for tiered levels of access and premium services either recurring or one time via a several methodologies, including:

Credit card processing engine supporting over forty payment gateways. Fully integrated into the captive portal web application and internal end-user database enabling zero operator intervention end-user self provisioning.

Single and multiple use coupon code generator and management. Easy implementation and operation of alternative direct and reseller revenue models (e.g., pre-paid, micro-payment, bulk payment, etc.).

Zero cost service support. Specific support that simplifies management of networks designed with zero direct revenue generation (e.g., session intercession by MAC address, authorization via shared password, etc.)

Role-based AAA policy enforcement engine

Fully automated enforcement of per-user policies with a broad spectrum of target identification and policy template options including:

Identify and assign roles to end-users through nearly any mechanism imaginable, including but not limited to credential capture via portal, IP address, subnet, VLAN, MAC address, etc.

Identify and group applications by server IP address, source port(s), destination port(s) and DPI signature.

One-click assignment of policy templates to end-user roles, application groups and authenticated databases of end-users. Fully automated enforcement of per-user policy over a dynamic end-user population.

Per-user traffic shaping

Specifically designed for zero operator intervention end-user provisioning of premium services including:

Real-time restriction of bandwidth utilization on a per-user basis to operator specified rate limits. Zero operator intervention provisioning of rate limits for end-users based on a broad spectrum of criteria, including but not limited to payments applied at the captive portal, RADIUS vendor specific attributes and pre-defined lists of MAC addresses.

Guarantee an operator specified minimum bandwidth to certain end-users on a per-user basis. Enables operator to up-sell end-users premium service packages such as VoIP enablement with zero operator intervention provisioning.

Enforce usage quotas over the end-user base over an operator specified time scale. Enables operator to control consumption of bandwidth over long range time scales (e.g., 5 GB per month) while allowing higher instantaneous speeds. Automated zero intervention provisioning of quota additions purchased via captive portal.

Hard packet prioritization guarantees that packets from operator specified end-users are forwarded before any others. Several levels of operator configurable priority. Enables operators to sell premium offerings for prioritized access for business customers, end-users with servers and other scenarios.

Web experience manipulation

Complete control over the end-user world wide web experience with specific support for advertising and premium service revenue generation mechanisms such as:

Periodically redirect web requests to specially designed interstitial advertising templates delivered via the captive portal mechanism.

Arbitrarily rewrite any or all web pages that end-users experience. Inject advertising, insert banners, communicate operator service messages inline with the end-user web experience.

Simplified integration of pre and post authentication captive portal advertising with integrated payload rotation services.

Content filtering based on URL pattern matching with automatic synchronization with publicly available blocklists.

Advanced client-side link control and routing

Reduce monthly recurring costs and increase network reliability through several unique features including:

Aggregate several uplinks to achieve the equivalent throughput of a single large link. Leverage multiple cost effective DSL and cable modem uplinks to acquire large volumes of bandwidth at a low monthly recurring cost.

Automatically failover between uplinks. Detect uplink status and manages pools of uplinks. Optionally designate certain uplinks as backup-only to support shadow leased line, satellite or WWAN backup scenarios.

Relate uplink pools to groups of end-users. Enable operators to offer premium services based on routing policy such as business and VPN customers access to high performance leased lines while sending residential customers and bulk traffic to low cost DSLs and cable modem.

Simultaneously utilize a diverse array of uplink carriers. Enables operators to work with as many carriers as desired without cross carrier configuration. Avoid complex, problematic and costly peering arrangements and special routing protocols. All carrier diversity is handled inside the gateway from the customer side of the telco demarc.

Fully integrated unified threat management system

Specific features and bias for expanding operator revenue generation opportunities such as:

Stateful firewall to dynamically alter packet filtering of based end-user group, IP address or MAC address. Designate filtering targets by DNS names, IP address and/or TCP ports. Full integration with billing engine enables operators to use filtering policy as an enabler of premium service offerings.

Behavioral intrusion detection capabilities to quickly identify abusive end-users. Also can be used to detect malicious hosts attacking the rXg from the WAN.

DPI engine that enables signature matching. Compatible with industry standard rule formats that are widely available for detecting viruses, worms, malware, DoS attacks and other common problems.

Behavioral and signature based malicious identification are integrated with the policy enforcement engine, enabling the operator to isolate and temporarily or permanently penalize, quarantine or black-hole abusive end-users. All systems are also fully integrated with all available end-user communication vectors including but not limited to captive portal, interstitial redirection and message injection via payload rewriting.

IPsec VPN concatenation with integrated CA

Originate and terminate site-to-site IPsec VPNs to ease management of large scale networks.

Concatenate host-to-site IPsec VPNs from the WAN to enable secure remote access to privately addressed LANs.

Concatenate host-to-site IPsec VPNs from the LAN that enable operators to offer secure connectivity as a premium service.

Fully integrated CA can issue certificates when certain billing plans are purchased enabling zero operator intervention provisioning of premium secure connectivity to end-users.

Core networking services

Fully featured core network services enable operators to reduce operational and maintenance costs and potentially even be used to generate additional revenue. Subsystems include:

Completely configurable DHCP server. Full integration with end-user management to enable simplified option passing to end-user devices and fixed assignment of addresses.

Full DNS server with full primary and secondary zone control. Dynamic DNS clients to ease remote access and operational

RADIUS server with full integration into internal database. Enables operators to use the captive portal web application as a centralized billing and end-user management system with third-party authentication mechanisms.

Bulk email subsystem with fully customizable templates that can easily broadcast direct marketing materials to part or all of the end-user population.

Full spectrum graphical instrumentation package

Monitor every aspect of the system and network performance and health in real-time. Web-based AJAX-enabled graphical user interface enables remote access via any web browser while offering desktop usability. Some of the many features include:

Visualization package enables graphing of all instruments. Operator specified time scales and graphic sizes. Supports multiple parallel output formats. Real-time graph updates via AJAX in the web-based administrative console.

Monitor the status of network nodes. Poll nodes for status and collect uptime data. Report failures to operators in real-time.

Customizable system and network resource consumption dashboards. Complete information about entire subsystems in a single glance. Real-time updates via AJAX make the dashboards ideal for presentation on NOC displays.

Comprehensive and persistently stored auditing package

Complete surfing history of every end-user. Generate reports on what domains are accessed by end-user login, MAC address, IP address groups and much more. Have complete cognizance over the surfing habits of your end-user population. Target advertising based on surfing profiles. Sell end-user surfing data to aggregators.

Report on instantaneous transfer rates as well as download quota consumption. Persistent storage of data allows operator to see trends over the long term. Enables operator to understand the end-user population and create offerings to maximize profitability.

Understand the health of the network and the gateway. Track utilization and resource consumption trends over days, weeks, months and even years. Enables operators to plan, budget and forecast for expansion and optimize usage of deployed assets.


Previous page: Deployment Examples
Next page: Advertising