Aptilo Access Controller Data sheet

In the sample Service Profile At a Glance “Premium” to the right, the main service is capped to 8 Mbit/s of total The Aptilo Access Controller™ (AC) gateway is bandwidth allowance for the purpose-built for access control, usage monitoring “premium” user. Listed below the and policy enforcement in Wi-Fi networks. It runs main service are services that can be on standard hardware and features true client plug- and-play functionality. The AC dynamically handles capped or defined as unlimited, these user sessions, QoS and routing from the local are prioritized within the main service. network to the Internet. Optionally an additional service can be Depending on the business model and integration defined outside the main service and level, the Access Controller can either be locally, prioritized on the same level. regionally or centrally placed in the network, catering to several separate sites. This ensures that there is additional capacity left for e.g. real-time critical applications even if the bandwidth of the main service is The AC software can assume 3 different roles; Load Balancer (front-end), Traffic node (back-end) and consumed. Specific firewall and route policies can be set for each Backup node. Service Profile. The automatic bandwidth balancer feature of the Aptilo AC distributes available bandwidth between all active sessions TM The Aptilo Access Controller (AC) forms according to the priorities set in the service profiles. A service can be part of a state-of-the-art platform from automatically throttled down to a certain capacity if the pre-paid Aptilo Networks that facilitates the creation quota has been depleted to a specified level. of wireless broadband access services. The Aptilo AC, together with the Aptilo Service Scalability & Redundancy - an AC for every need Management Platform™ (SMP) and Service The Aptilo Access Controller software runs on standard hardware Portal™ (SPA), forms a comprehensive, scaling from 2000 to 12.000 concurrent users. Depending on the seamless solution that creates unique business model and integration level, the Access Controller can either capabilities for administration and control of be locally, regionally or centrally placed in the network, catering to services in Wi-Fi networks. The solution several separate sites. enables Wi-Fi services in large public service In a cluster configuration the AC software can assume three different provider networks and semi-public places roles: Load Balancer, Traffic node and Backup node. such as airports, hotels, shopping malls, conference centers and networks in metropolitan areas as well as guest Internet access on enterprise campuses. Access Control and Policy enforcement The Aptilo Access Controller is purpose-built for access control, usage monitoring and policy enforcement in Wi-Fi networks. It can lookup policies from AAA and PCRF via RADIUS pull. Aptilo AC runs on standard hardware and features true client plug-and-play functionality. It dynamically handles user sessions, QoS and routing from the local network to the Internet. Together with the Service Profiles defined in the Aptilo Service Management Platform (SMP) the AC constitutes a powerful tool for handling differentiated service bundles with The Aptilo AC can be deployed behind third-party Wi-Fi access prioritization of traffic on the user level. gateways and Wi-Fi access point controllers to enable functionality

that cannot otherwise be achieved, in these cases the Aptilo AC becomes a critical service enabler.

Authentication & User Session Network Capabilities Session Management User interaction IP-address Management Routing Session kill “Plug & Play”, zero config. DHCP Server Policy based routing Service Profile change: Different Built-in Captive portal DNS Server Source based routing QoS, Routing, Firewall etc Walled garden, free sites Custom DNS (operator defined) Dynamic and Static NAT Auto re-authentication Captive portal based on subnet Multi subnet option Static route support Quota support Multi NIC support OSPF routing protocol

User authentication RADIUS Plug-and-Play IP-address Assignment Mobile IP FA Support Device/MAC (Automatic login) Static IP Support Static Mobile node pass-through Intelligent 802.1x proxy Proxy auto detection DHCP client and server Authorized Networks HTTPS NX domain handling Proxy ARP Security Associations Smart-client support Proxy http handling

WEB-server for WISPr login

Custom RADIUS attributes

Service Profiles (Aptilo SMP) Automatic login Network Structure Location Mapping Hierarchical service definitions, Support for SIM Authentication LAN VLAN (802.1q) handling Mapping of subnet to location main service with underlying HTTP request based on MAC WAN - VLAN (802.1q) handling Mapping of APs to location sub-services HTTP request based on cookie Support for external http proxy RADIUS Option 82 for location QoS cap, priority, guarantee Client discovery based on MAC Multi NIC support identification

QoS tagging DSCP (DiffServ) Client discovery based on DHCP Local subnets Firewall rules e.g. white lists option 82 Routed remote subnets

Routing e.g. different VLAN

Policy Enforcement Monitoring & Management Per session QoS Per access controller QoS Handling Local Nodes SNMP Enforcement of the QoS Policies Bandwidth limit in / out (bps) Monitoring of access points, SNMP v1, v2, v2c and v3 set in the service profiles TCP Connection limit per user xDSL routers etc through icmp Allow SNMP requests Yes/No Automatic Bandwidth Balancer Radius Bandwidth Override ping or SNMP Allow traps / trap hosts Dynamic Bandwidth Throttling Management of nodes in the Multiple trap destinations DiffServe private address space through DSCP Aptilo SMP

Policy Lookup Time of Day Service Control Management Reporting RADIUS policy lookup (Pull) from Allow / disallow users at a Management interfaces: SSH, Mail AAA / PCRF certain time of day based on the HTTPS, RS-232 Multiple trap hosts Policy lookup triggered by service profile Management via Aptilo SMP Aptilo SMP escalation through VPN Session Duration , Data Volume Differentiated policy and rating Support for external syslog Remote software upgrade and Change of Authorization based on time-of-day and day of server (CoA) week. Multi-Config. from Aptilo SMP

Redundancy & Scalability Security AC in traffic node role AC in load balancer role VPN Network Security Back-end Access Controller(s) Front-end DHCP Server Tunnel carries authentication Built in Firewall taking the traffic load Distributes clients over the information to the Aptilo SMP Dos and DDos protection Scaling up by adding more different traffic nodes Tunnel allows placement behind IP Address Spoofing protection traffic nodes Round Robin DHCP firewall and NAT Black- and white-lists Green lists, allow incoming

traffic from certain addresses AC in backup role High availability functions Legal Intercept VPN pass-through for IPSec, One-to-many redundancy for Internal monitoring with auto- Collection of tracking table for PPTP and L2TP VPNs traffic and load balancer nodes recovery TCP and UDP session data: PCI compliant (Payment Card Number of backup nodes is Hot standby Source IP/Port, Destination Industry)

dependent on the required level Synchronization of settings to IP/Port, NAT IP/Port, Timestamp of high-availability backup ACs Routing to wiretapping server

Platform Integration and API’s Server AC hardware requirements Hotel Property Management System (PMS) via serial cable 2.000 concurrent users per server

Certified HW: Standard Servers (single server or blade server) with at least two physical network interfaces. At least 2 GB RAM, 4 GB if > 1000 sessions

SMP = Aptilo Service Management PlatformTM

About Aptilo Networks Aptilo Networks is a leading provider of systems to manage mobile data services for Wi-Fi, WiMAX and 3G/LTE AMERICAS networks, including . Aptilo’s carrier-class solutions boast pre-integrated authentication, policy +1-866 861 3900 control and charging functions to maximize the capabilities of the wireless network and fast-track deployments while minimizing impact on existing systems. They feature a multitude of interfaces and APIs for seamless integration to APAC external systems of choice. Aptilo’s solutions are delivered as software licenses, or as a hosted, cloud-based service +60 3 2780 6900 using the Aptilo Managed Service™ from one of our many regional data centers located worldwide, or handled www.aptilo.com remotely by Aptilo’s experts from servers at the customer premises. With proven interoperability with all leading [email protected] EMEA vendors in the wireless ecosystem, Aptilo’s solutions are currently in operation in more than 60 countries. +46-8 5089 8900 V4 08-13 © Copyright Aptilo Networks