Nomadix for Telecomm and Municipalities
From hospitality to telecom to education
Staying connected is good for business - especially when you give your customers the opportunity to connect to reliable and secure Internet access. From the hospitality and healthcare industries to telecom and education, high-speed Internet access (HSIA) is just a click away with Nomadix’s diverse array of solutions.
When people travel, they’ll most likely connect to Wi-Fi at several different locations, each place with its own network configurations. When guests retain a billing relationship with their home service provider, they’ll only need to worry about one bill—no matter how many locations in which they wirelessly access the Internet.
Users can access the Internet through broadband or wireless connections regardless of their device configurations. With Nomadix’s plug-and-play technology, all they have to do is pass the necessary parameters for billing and authentication.
Nomadix-enabled networks facilitate true mobility by creating high-speed Internet access (HSIA) HotZones, which can cover residents, business and government organizations citywide. For example, ad-hoc HotZones can be used for conventions, festivals and emergencies. Access on public transportation can be continuously updated and monitored wirelessly. City employees can use network access to increase productivity while working in the field. By monitoring municipal services in real time via citywide surveillance systems, security and response time will improve.
Local governments can also leverage the same HotZone network, as well as automated muni-services, to generate additional sources of revenue—without incurring additional expenses.
How a gateway works in a telecom environment
Key features for telecommunications
Seamless Internet-Connectivity IP Plug and Play (DAT)
Nomadix’s patented Dynamic Address Translation (DAT) technology offers a true plug-and-play solution that provides transparent broadband network connectivity covering a variety of PC configurations (static IP, DHCP, domain name server [DNS] and proxies), to ensure all users get Internet access without changing settings within their browsers or devices.
With DAT, users have an available DNS redirection functionality, which sends users to local servers closer to their locations. This improves response time and enables plug-and-play access when a subscriber’s DNS server is behind a firewall or on a private intranet.
Intelligent VPN Client Connectivity - INAT
VPN tunneling (PPTP, IPSec) is currently the only safe method for transmitting data across a public access network. A single termination server may refuse connection attempts from multiple address-translated users. This means an established tunnel from an address-translated user may suddenly terminate to accept a connection from a second user using the same source IP address.
INAT solves this problem by cycling through a pool of addresses when translating tunnel connections that have the same endpoint.
Multiple-Mode Authentication (UAM/802.1x/Smart Clients/Radius)
In addition to supporting the secure browser-based Universal Access Method (UAM) via an SSL-established link, Nomadix products simultaneously support port-based authentication using IEEE 802.1x, as well as smart-client solutions by Boingo Wireless, iPass and others. This feature provides maximum end-user and operator flexibility by supporting any type of client—and any type of business relationship on the back end.
Device Authentication (MAC based)
Devices that do not support a browser (PSP, VoIP phones, etc.) can still be authenticated based on the device’s MAC address. This unique method automatically authenticates the MAC address against a RADIUS server while simultaneously supporting other subscriber types via UAM or IEEE 802.1x.
Flexible Billing Methods to Generate Revenues (PMS/Radius/Vouchers/XML)
A Nomadix-enabled network can automatically authenticate, authorize, track and bill users for access based on MAC address, username/password, and/or port identification number. Customizable billing models include the use of credit cards, scratch cards or monthly subscriptions via the Nomadix Service Engine (NSE), and are charged by time, volume or bandwidth used.
The integrated RADIUS client can pinpoint the number and location of connections, bytes sent and received, connect time, etc. for activity logging and tracking. It can also handle vendor-specific attributes (VSAs), such as more advanced services, required by WISPs.
Nomadix’s NSE provides a secure XML application programmer’s interface (API), allowing the access gateway to accept and process XML commands from an external source secured via an SSL for the encoded query string. This enables solution providers or integrators to customize and enhance the installations with value-added capabilities and services.
Fair Bandwidth Usage per User to Enhance Internet-Access Experience
The bandwidth management feature can place a bandwidth usage limit on a per-device basis, ensuring a fair, quality experience for each user. The service provider can allow individual users to dynamically increase or decrease their bandwidth usage without having to disconnect or reestablish a new connection. The NSE can also manage wide area network (WAN) traffic for complete control of overall bandwidth utilization.
Location-Based Information Services (Portal Page/Post Authentication URL/XML)
By using VLANs or port mapping with simple network-management protocol (SNMP), the NSE can determine the location of a device to personalize service and perform security or billing functions depending on the network architecture and vendor.
White-Box Solution - Service Branding
The NSE allows the service provider/venue owner the unique ability to implement branding messaging during five stages of HSIA usage:
- Flash Branding Welcome
- Service Acquisition
- Personalized Content
- Post-Session ‘Thank you and Goodbye’
Business Model: Hotspot Wholesale/Radius Proxy/Realm Based Routing
Network Access Information (NAI) routing capabilities enable multiple service providers to access a HotSpot location (the Wi-Fi wholesale model), allowing each user to solely interact with their chosen provider in a seamless, transparent manner.
Auto Configuration (Centralized Configuration Management)
Nomadix’s unique RADIUS-driven auto-configuration functionality utilizes the mobile operator’s existing infrastructure to provide an effortless and rapid methodology to remotely and cost-effectively configure devices for a network rollout from the network operations center. Once configured, this methodology can also be effectively used to centrally manage configuration profiles for all Nomadix devices in a public access network.
Security Compliance: Subscriber Tracking Log
The NSE tracking logs can be used to monitor all port assignments for public-network users in the case of external site attacking, hacking or illegal use. The HSIA provider can trace users by:
- Time Stamp
- Source IP
- Source Port
- Destination IP
- Destination Port
- Translated IP
- Translated Port
- Translated Destination IP
- Translated Destination Port
- User Details
- MAC Address
- Local IP Assigned
- User Type (RADIUS, PMS, credit card, XML, admin-added etc)
- Username (if available)
The Nomadix access gateway uses our own trusted patented software and functionality instead of open-source patches from third- or fourth-party entities. This means reliability is built in from the start, utilizing a real-time OS to allow for direct development of the gateway by Nomadix.
With the support of a walled garden, the NSE allows providers to utilize promotional opportunities by redirecting unauthenticated users to predetermined sites via landing page links. The NSE adds an additional layer of security for the network by blocking public access until a user is authenticated.
Nomadix offers its Nomadix Service Engine™ (NSE) software on our family of access gateways which provide a full suite of features and functionality that addresses the critical concerns that accompany the deployment of a wireless public access network – the ability to support a wide variety of wireless clients, user authentication, billing, network and user security, management, and support for roaming users coming into the HotZone.
- AG 5800 - The AG 5800 is enabled for high performance solution and scalability. The AG 5800 expands the ability to offer new NSE features with increased high-speed computational intensity. The AG 5800 is designed for deployment from mid to large venues with easy device user count scalability.
- NITO - The Nomadix Internet Traffic Optimizer (NITO) is a powerful high speed and cost-effective appliance designed to give you more from your existing bandwidth. By enabling IT managers to access and review traffic patterns and content usage, the NITO offers visibility and insight for intelligent bandwidth management and allocation. Plus, NITO's web content filtering and network security protect your network and users.
Through its innovative NSE Core embedded in the AG 5000 Metro and AG 5600 Metro, Nomadix addresses the key concerns associated with deployment of a public access network: disparate wireless clients, user authentication, billing, security, management, and roaming.
Supporting Disparate Wireless Clients - Unmanaged public access networks are difficult to access and manage with hundreds and even thousands of disparate nomadic clients with various DHCP, IP Proxy and other configuration settings trying to connect.
With its patented Dynamic Address Translation™ (DAT) and dynamic transparent proxy technologies, Nomadix makes sure everyone gets connected to the HotZone without requiring any changes to the client’s computer settings or without having to install special client-side software.
Nomadix developed DAT to actively monitor every packet transmitted from each device to ensure all packets are correctly configured for the network. If necessary, DAT will perform standard Network and Port Address Translation and supports Application Level Gateways (ALGs) for protocols such as FTP, H.323, PPTP, IPSec, and others. DAT also ensures that a DNS server is always available to a user through the DNS redirection function. This function redirects a user’s DNS requests to a local DNS server closer to the customer’s location—improving the response time and enabling true plug-and-play access when the subscriber’s configured DNS server is behind a firewall or located on a private Intranet. Transparent proxy assures that subscribers who have proxy configured to work with their native network get broadband access in the HotZone.
User Authentication - Regardless of whether cities want to provide free or for-pay WiFi service, or some combination of both, user authentication is important to prevent unauthorized use of the network.
Nomadix provides flexible multi-mode authentication and billing that simultaneously supports browser-based authentication, 802.1x, and Smart Clients. Advanced Standards compliant RADIUS support allows the creation of pre-paid cards or monthly billing plans that support global roaming, or a secure credit card interface can be used for visiting users.
The NSE Core offers a “walled garden’ feature that limits users to pre-selected sites on the Internet prior to completion of authentication. The walled garden can be used to present custom local content or offerings specific to a city or municipality. This selective access control allows localized information and user self-provisioning to be provided in a standard, efficient, low-cost, and convenient way. This also provides an additional layer of security for the Metro Area HotZone by blocking access to the Internet until the user has been authenticated.
Multi-mode Authentication Methods - In addition to supporting the secure browser-based universal access method via SSL, the NSE enables simultaneous support for authentication using IEEE 802.1x as well as Smart Client authentication mechanisms used by companies such as Adjungo Networks, Boingo Wireless, GoRemote, and iPass. Nomadix is only company capable of delivering this type of advanced authentication functionality.
Billing Management - For Metro Area HotZones that are intended to provide access for a variety of user types, including residents who pay for service, government employees who must have service available without charge, and visitors or ad hoc users who may or may not be required to pay for service, the ability to properly manage and account for all users and payment types is of importance. Providing Internet access for a fee can help municipalities recover initial deployment costs, and later provide an ongoing source of revenue for the city or utility.
Nomadix access gateways allow users to be identified and billed according to their Media Access Control (MAC) address, username/password, and/or port identification number. The NSE Core supports a wide variety of billing models, including billing plans that use credit cards, scratch cards, or monthly subscriptions, plus flexibility of billing by different parameters such as time, volume, or bandwidth.
RADIUS - Nomadix offers an integrated RADIUS client with the NSE Core, which allows the municipality to track or bill based upon the number of connections, location of connection, bytes sent and received, connect time, or other parameters. The user database can reside in a central RADIUS server, along with associated attributes for each user. When a user connects into the network, the RADIUS client authenticates the user with the RADIUS server, applies associated attributes stored in that user’s profile, and logs their activity (including bytes transferred, connect time, or other specified parameters). The NSE Core’s RADIUS implementation also handles vendor specific attributes (VSAs) required by municipalities, utility companies, or other PASOs who want to enable more advanced services and billing schemes such as a per device/per month connectivity fee.
XML Interface - Nomadix provides a secure XML Application Programmer’s Interface (API) with the NSE Core that allows the device to accept and process XML commands from an external source for integration with OSS, provisioning, and other network management elements for subscriber management and location/port management. XML commands are sent over the network via SSL to guarantee security. The XML interface enables cities or utilities to customize and enhance the installations with value added capabilities and services.
Security - Security is a formidable challenge for cities and municipalities considering the deployment of a Metro Area HotZone. Cities may want to provide free and easy WiFi access to visitors or ad hoc network users at conventions, festivals, or other events; while at the same time providing highly secure connections to the city’s residents as part of a monthly broadband service. Nomadix addresses this challenge with implementations in the NSE Core that support today’s standards, with the addition of patent-pending technology to improve upon the standards. Virtual Private Network (VPN) tunneling such as PPTP and IPSec is supported, and remains the recommended method for transmitting secure data across a wireless.
In addition to standard VPN support, Nomadix’ products feature its patent-pending iNAT™ functionality, which creates an intelligent mapping of IP addresses to their associated VPN tunnels and allows maximum reusability of expensive public IP addresses required for establishing VPN connections. This creates seamless, secure connections for all users of the Metro Area HotZone – including temporary or ad hoc network users.
The NSE Core also provides Session Rate Limiting (SRL) and MAC filtering capabilities to significantly reduce the risks of Denial of Service (DoS) and virus attacks, which helps ensure network uptime and reliability. Administrators can also block all ICMP packets of non-authenticated users to further protect the network against common DoS attacks. Nomadix also supports tracking logs to support Lawful Intercept initiatives.
Management and Administration - Cities, municipalities, and utilities all face a perpetual shortage of IT support staff and budgets, making the management and administration of a Metro Area HotZone a hot topic. Nomadix addresses these concerns by focusing on standards-based interfaces and automated configuration features.
Devices running the NSE Core can be managed remotely via the built-in Web Management Interface where various levels of administration can be set. The NSE Core also contains a CLI (Telnet and serial) and extensive SNMP support. Management access can be controlled using access control functionality on te NSE and secured using IPSec.
The NSE Core also provides unique RADIUS-driven auto-configuration functions that allow devices to be easily configured for fast network rollout. Once configured, this methodology can also be used to centrally manage configuration profiles for all NSE devices in the Metro Area HotZone.
Support for Roaming Users - As WiFi networks become more common, many users may already have a subscription to WiFi service through their existing service provider. When these users visit a city featuring a Metro Area HotZone, they will want to connect to the city’s network using their existing WiFi subscription.
Nomadix’ NES Zone Roaming service is specifically constructed to support these users, and as more and more service providers around the world join, users will expect to find this functionality wherever they are.