Through its innovative NSE Core embedded in the AG 5000 Metro and AG 5600 Metro, Nomadix addresses the key concerns associated with deployment of a public access network: disparate wireless clients, user authentication, billing, security, management, and roaming.
Supporting Disparate Wireless Clients
Unmanaged public access networks are difficult to access and manage with hundreds and even thousands of disparate nomadic clients with various DHCP, IP Proxy and other configuration settings trying to connect.
With its patented Dynamic Address Translation™ (DAT) and dynamic transparent proxy technologies, Nomadix makes sure everyone gets connected to the HotZone without requiring any changes to the client’s computer settings or without having to install special client-side software.
Nomadix developed DAT to actively monitor every packet transmitted from each device to ensure all packets are correctly configured for the network. If necessary, DAT will perform standard Network and Port Address Translation and supports Application Level Gateways (ALGs) for protocols such as FTP, H.323, PPTP, IPSec, and others. DAT also ensures that a DNS server is always available to a user through the DNS redirection function. This function redirects a user’s DNS requests to a local DNS server closer to the customer’s location—improving the response time and enabling true plug-and-play access when the subscriber’s configured DNS server is behind a firewall or located on a private Intranet. Transparent proxy assures that subscribers who have proxy configured to work with their native network get broadband access in the HotZone.
Regardless of whether cities want to provide free or for-pay WiFi service, or some combination of both, user authentication is important to prevent unauthorized use of the network.
Nomadix provides flexible multi-mode authentication and billing that simultaneously supports browser-based authentication, 802.1x, and Smart Clients. Advanced Standards compliant RADIUS support allows the creation of pre-paid cards or monthly billing plans that support global roaming, or a secure credit card interface can be used for visiting users.
The NSE Core offers a “walled garden’ feature that limits users to pre-selected sites on the Internet prior to completion of authentication. The walled garden can be used to present custom local content or offerings specific to a city or municipality. This selective access control allows localized information and user self-provisioning to be provided in a standard, efficient, low-cost, and convenient way. This also provides an additional layer of security for the Metro Area HotZone by blocking access to the Internet until the user has been authenticated.
Multi-mode Authentication Methods
In addition to supporting the secure browser-based universal access method via SSL, the NSE enables simultaneous support for authentication using IEEE 802.1x as well as Smart Client authentication mechanisms used by companies such as Adjungo Networks, Boingo Wireless, GoRemote, and iPass. Nomadix is only company capable of delivering this type of advanced authentication functionality.
For Metro Area HotZones that are intended to provide access for a variety of user types, including residents who pay for service, government employees who must have service available without charge, and visitors or ad hoc users who may or may not be required to pay for service, the ability to properly manage and account for all users and payment types is of importance. Providing Internet access for a fee can help municipalities recover initial deployment costs, and later provide an ongoing source of revenue for the city or utility.
Nomadix access gateways allow users to be identified and billed according to their Media Access Control (MAC) address, username/password, and/or port identification number. The NSE Core supports a wide variety of billing models, including billing plans that use credit cards, scratch cards, or monthly subscriptions, plus flexibility of billing by different parameters such as time, volume, or bandwidth.
RADIUS - Nomadix offers an integrated RADIUS client with the NSE Core, which allows the municipality to track or bill based upon the number of connections, location of connection, bytes sent and received, connect time, or other parameters. The user database can reside in a central RADIUS server, along with associated attributes for each user. When a user connects into the network, the RADIUS client authenticates the user with the RADIUS server, applies associated attributes stored in that user’s profile, and logs their activity (including bytes transferred, connect time, or other specified parameters). The NSE Core’s RADIUS implementation also handles vendor specific attributes (VSAs) required by municipalities, utility companies, or other PASOs who want to enable more advanced services and billing schemes such as a per device/per month connectivity fee.
XML Interface - Nomadix provides a secure XML Application Programmer’s Interface (API) with the NSE Core that allows the device to accept and process XML commands from an external source for integration with OSS, provisioning, and other network management elements for subscriber management and location/port management. XML commands are sent over the network via SSL to guarantee security. The XML interface enables cities or utilities to customize and enhance the installations with value added capabilities and services. Security
Security is a formidable challenge for cities and municipalities considering the deployment of a Metro Area HotZone. Cities may want to provide free and easy WiFi access to visitors or ad hoc network users at conventions, festivals, or other events; while at the same time providing highly secure connections to the city’s residents as part of a monthly broadband service.
Nomadix addresses this challenge with implementations in the NSE Core that support today’s standards, with the addition of patent-pending technology to improve upon the standards. Virtual Private Network (VPN) tunneling such as PPTP and IPSec is supported, and remains the recommended method for transmitting secure data across a wireless.
In addition to standard VPN support, Nomadix’ products feature its patent-pending iNAT™ functionality, which creates an intelligent mapping of IP addresses to their associated VPN tunnels and allows maximum reusability of expensive public IP addresses required for establishing VPN connections. This creates seamless, secure connections for all users of the Metro Area HotZone – including temporary or ad hoc network users.
The NSE Core also provides Session Rate Limiting (SRL) and MAC filtering capabilities to significantly reduce the risks of Denial of Service (DoS) and virus attacks, which helps ensure network uptime and reliability. Administrators can also block all ICMP packets of non-authenticated users to further protect the network against common DoS attacks. Nomadix also supports tracking logs to support Lawful Intercept initiatives.
Management and Administration
Cities, municipalities, and utilities all face a perpetual shortage of IT support staff and budgets, making the management and administration of a Metro Area HotZone a hot topic. Nomadix addresses these concerns by focusing on standards-based interfaces and automated configuration features.
Devices running the NSE Core can be managed remotely via the built-in Web Management Interface where various levels of administration can be set. The NSE Core also contains a CLI (Telnet and serial) and extensive SNMP support. Management access can be controlled using access control functionality on te NSE and secured using IPSec.
The NSE Core also provides unique RADIUS-driven auto-configuration functions that allow devices to be easily configured for fast network rollout. Once configured, this methodology can also be used to centrally manage configuration profiles for all NSE devices in the Metro Area HotZone.
Support for Roaming Users
As WiFi networks become more common, many users may already have a subscription to WiFi service through their existing service provider. When these users visit a city featuring a Metro Area HotZone, they will want to connect to the city’s network using their existing WiFi subscription.
Nomadix’ NES Zone Roaming service is specifically constructed to support these users, and as more and more service providers around the world join, users will expect to find this functionality wherever they are.