Google Bandwidth Control Solutions for Telecom, ISP, Hospitality & Education: 2014

Tuesday, 11 March 2014

Bandwidth Management in Educational Campuses

Internet, wired or wireless, has become an indispenable and vital commodity of the modern education system. It is not only a source of information but also provides avenues for transactions like payment of fees, payment of utility bills, banking, online shopping etc. But as it is rightly said that with Good comes the Evil, there are multiple threats associated with the usage of internet. The growing number of cyber offences over the years have led to the adoption of advanced secuirty mechanisms by various institutions.

Inventum provides comprehensive bandwidth management solutions that allow network administrators to monitor, control and optimize the usage of Internet within their institutions. Inventum Service Gateways provide a 'plug n play' single box solution eliminating the need of deploying and managing multiple appliances to manage large and complex networks. Some of the key features of the Inventum Service Gateway includes;
  • Authentication of users through unique username & password providing an additional layer of security whenever users try to access internet
  • Monitor and control usage of bandwidth by creating seperate plans for faculty, students and visitors. Each plan having different rules in terms of download quota, download speed, access or denial to certain websites etc.
  •  The ability to block unwanted sites and objectionable content that may lead to excessive wastage of bandwidth
  • Extensive graphical reports of usage pattern of students allow administartors to analyse student behaviours and apply different rules for different group of students
  • Storing history of websites visited by users from their devices keeps the institution within legal boundaries and it can keep a check on terrorist activities
  • Flexi charging allows the institution to provide free Internet access to staff and students while charging visitors and guests for the same
The above solution is scalable to millions of users and allows centralized bandwidth management of multiple institutions within the same group that may be located at different locations. The availability of such solutions allows network administrators to sleep sound instead of having sleepless nights.

Bandwidth Management for the largest Exhibition Centre in UAE

Background


This case study describes the use of Inventum Internet Gateway in a large independent or stand-alone exhibition centre. The primary objective of using the gateway device was to provide and manage exhibitor, visitor & staff Internet Access services.

Quick facts:
·         12 halls which offer event organizers inter-connected and flat-roofed floor space of 73,000sqm
·         19 ‘Capital Suite’ meeting rooms that can host between 20 to 200 delegates
·         Conference Halls with a capacity of up to 1,000 guests 
·         Network access required for exhibitors, event visitors (e.g. conferences, banquets, special events) and staff
·         Leased circuits for exhibitors & Wi-Fi for visitors were the primary means of connectivity
·         Internet Connectivity of up to 1Gbps

Key Requirements


1.      Authenticate, control and track every Internet session
2.      Securely provide Hi-Speed Internet Access for Exhibitors, Visitors & Staff
3.      Four forms of Internet services were required:
a.       Paid Service to Exhibitors – hourly, daily, weekly
b.      Free Internet to select Visitors
c.       Sponsored Wi-Fi by Exhibitors for Conference and Events – Using shared codes 
d.      Leased Circuits to Exhibitors (10-100 Mbps)
4.      Personalized Internet Services
5.      Prioritize VIP user traffic
6.      Firewall protection and filter unwanted websites (as may be mandated by law)
7.      Lawful tracking of user sessions for various law enforcement agencies

The Solution


Inventum proposed its L1 Gateway (formerly known as MSG 3200) as the ideal solution to address all the requirements drafted by the exhibition centre. The gateway was installed in the central data center of the exhibition centre.
The various solution components are discussed below:


Hotel Internet Management diagram

 

                        Diagrammatic Representation of Customer Deployment

 

Authentication & Control

The exhibition center wanted the ability to offer various services to its visitors, exhibitors and staff without configuring any network element. A single box in the network was required that would allow creating subscribers, policies and billing through an intuitive user interface.

Every exhibitor required a different kind of service with varying SLA/network quality levels. Also, unlike visitor authentication over web page, every exhibitor would bring their own network equipment that would need to be authenticated at a layer 2 level since the network equipment could be anything from routers to set top boxes with no user interfaces.

The Inventum gateway was configured to authenticate visitors via a web page which provides access through a sign-up process. Access to exhibitors was provided by means of the operations engineers creating an “account” in the gateway device with the policies based on the plan selected by the exhibitor for the required duration. Staff authentication was done via a web authentication page available only over a hidden and secured SSID connected on a different VLAN.

Secure Network

Since exhibitors, visitors and staff would be using the same network, it was ensured that the transmissions were kept secure while sharing the same network infrastructure. Most Wi-Fi access points provide the ability to simultaneously allow both “open” & “secure” wireless channels called SSIDs. The SSID name is what end users see on their computers when attempting to connect to the Wi-Fi access point.

Exhibition centre can enable two SSIDs:
1.      Open SSID for visitors
2.      Secure SSID for staff

Each SSID’s traffic was segregated into different virtual networks each technically called a VLAN. The VLAN ensures that while the network may be physically the same, logically the users & their traffic are completely separated with guaranteed security.
The traffic handling for each category of customer was also done differently. For example, an exhibitor may sign up for 10Mbps to 100Mbps plan, and hence needs to be routed out via dedicated PPPoE links. The QoS required by the exhibitors may be on a sharing basis (Contention Ratio) or dedicated and are hence charged accordingly.

The visitors would vary during each exhibition and hence traffic for the visitor’s flows via a pool of PPPoE links configured in load balancing. Each PPPoE link has uplink capacity of 100Mbps.

Similarly, the staff users would be routed via a 10Mbps dedicated leased circuit provided by the national carrier.

ISP Internet Link

The Internet line was provided by national carrier and provides the pipe to the Internet.

The Internet line was plugged into the one of the ports on the Internet gateway & the exhibition centre’s local network inter-connecting the Wi-Fi AP was also plugged into the gateway. The Internet gateway thus became the transit point for all traffic traversing to & from the Internet.

For redundancy & load balancing, the Internet gateway allows more than one ISP link to be used by the centre. Having 2 links makes the service more reliable and also allows centre to send premium visitor traffic through a more premium link.

Internet Service Plans

The business centre sells Internet PIN cards created from the gateway device with many different plans to suit any requirements. Following are some sample plans.

1 Hour Plan
            Service Type  : Hi Speed Internet
Validity           : Must use in single go & expires after 1 hour
            Speed              : 2 Mbps
            Price               : $W

24 hour Plan
            Service Type  : Hi Speed Internet
            Validity           : Use anytime during 24 hours from first use
            Speed              : 2 Mbps
            Price               : $X

Weekly Plan
Service Type  : Hi Speed Internet
            Validity           : Use anytime during 7 days from first use
            Speed              : 2 Mbps
            Price               : $Y

Each card carries a unique code which will be used by the exhibitors or visitors to access the Internet. These cards could be paid, free or sponsored by the exhibitors and provided free to visitors of the exhibition. Alternatively, the venue owner can create a common conference password to authenticate and allow Internet access to all the participants.

Personalized Services

The gateway device allowed the exhibition centre to provide personalized services to each exhibitor by providing customized login pages specific to the requirements of each exhibitor. The exhibition centre would also provide customized/branded PIN cards to exhibitors to allow them to achieve the desired results from their media campaign.
The gateway device allows the exhibition centre to provide premium bandwidth to the exhibitors or VIP guests while the free users contend for a best effort service. This allows the venue owner to fairly distribute bandwidth based upon user, location or type of service without making any changes in their existing network infrastructure.
The fair bandwidth distribution feature is important as some visitors may usurp bandwidth from other guests if they start heavy downloads.

Comply with the Law

In the interest of national security, many governments have made it mandatory for all publically accessible Internet services to keep logs of all websites and applications visited by their users. Often venue owners running such services are also required to comply with this requirement.

Inventum’s gateway device provides a comprehensive logging & search feature that allows venue owner to comply with lawful requirements.


Block Objectionable or Illegal Content

Exhibition centre may wish to filter out objectionable content from being available over their Internet system. The gateway allows the venue owner to selectively block content by:
·         Specific websites
·         Specific URL (e.g. a specific video on YouTube)
·         Specific categories of content (e.g. Adult, Violence)
·         Specific networks

Load Balancing

With plenty of Internet bandwidth providers and thousand’s of concurrent Internet users, the exhibition centre was desirous of achieving the maximum uptime with load balancing capabilities on Internet uplinks. The Inventum Internet Gateway conformed to 6 PPPoE load balance links for ~ 60 Mb throughputs along with;
·         Dual redundant, hot swappable power supply
·         Redundant internal storage
·         Capability of running second gateway in HA mode.

Works with all Devices

The proposed solution supports all Wi-Fi enabled devices such as smartphone’s, laptops, tablets & iPads.

Conclusion


The solution proposed & implemented in the exhibition centre goes beyond the simple requirements & also delivers key differentiators:

1.      Authenticate, monitor & control users and bandwidth without making any changes in their existing network components
2.      Ability to do premium services – service differentiation is important in the hospitality industry
3.      Support virtually any Internet device – guests can access internet on all supported devices
4.      Customized Services – guarantees each exhibitor a truly personalized experience
5.      Maximum uptime using load balance facility with capability of running the second gateway device in HA mode.



Sunday, 2 March 2014

Versatile Plug 'n' Play Bandwidth Management Appliance

Inventum S1 Service Gateway / Service Controller. Versatile plug 'n' play appliance that can be used as a Router or as a Gateway and can flawlessly handle upto 500 concurrent users. Create subscriber accounts, authenticate subscribers through unique username & password, perform pre pay and post pay billing, filter content based on user profiles, load balance traffic, create user logs of sites visited and apps used etc.

Bandwidth management appliance


Ideal for small ISP / WISP ( internet service providers), Educational Campuses, Hotels serving Internet to Guests & Visitors, SME providing Internet facility to staff.

For detailed information log on to https://www.inventum.net/products/msc

Thursday, 6 February 2014

Authentication, Authorisation and Accounting


Inventum’s UNIFY is a user centric operations & billing platform that allows communication service providers to rapidly deliver volume metered, differential bandwidth services based on subscriber identity, traffic flow, location & time of access. Using the UNIFY™, broadband providers can rapidly deliver personalized & dynamic revenue generating services.

Inventum AAA ( Authentication, Authorization and Accounting )

Inventum AAA Solution


Inventum’s multi-protocol AAA system is a robust authentication, authorization & accounting platform for use in broadband networks. The AAA operates as a centralized solution and includes user or subscriber database, policy database, RADIUS templates (VSA), custom request routing, proxy processing & several other features packaged as a single, browser managed application.

Designed for high transaction environments, the AAA is available on both RISC & x86 architectures with high availability options, scaling to millions of concurrent subscribers.

Key benefits


Blazing Fast Authentication - Uses Reduced Instruction set Computing architechture to enable thousands of secure transactions per second without overloading server CPU.

Easy Integration - AAA solution can be easily integrated with leading 3rd party systems including B-RAS, ServiceDelivery Routers (SDR), VoIP switches, IPTV systems, DPI Controllers, WiMAX infrastructure, WLAN controllers, Home Location Register, Signal Transfer Point (STP) & SDP.

Multiple Data Repositories
- Support multiple data stores including LDAP for extremely high TPS systems, RDBMS, text files, virtually anything. RFC compliant RADIUS server solution pre-integrated with subscriber & service databases, authentication & charging modules

Role Based Administration Portals
- Role based system administration portal that allows all stakeholders to directly create, deliver and manage next generation communication services.

Product & Service Management - Define pre, advance & post pay services with integrated policy information such as network QoS & charge pulse.

Fully Standards Compliant - Support for the latest IETF RFC standards, WiMAX forum, 3GPP & WBA. IEEE 802.1x support including EAP, PEAP and extensions such as EAPSIM & WPA-AKA.