NSE WiFi hotspots
Nomadix Service Engine
Wi-Fi HotSpot Rollouts
Copyright © 2008 Nomadix, Inc. All Rights Reserved.
30851 Agoura Rd.
Suite 102
Agoura Hills, CA 91301
White Paper
Sheet 2 of 10
White Paper
The growth in Wi-Fi connectivity is leading many network operators to start deploying public
access Wi-Fi service as an additional service offering. Responding to the issues of connectivity,
security, billing and roaming created when deploying Wi-Fi HotSpots, Nomadix sells its
Nomadix Service Engine (NSE) embedded software suite on our family of Access Gateways to
address this high growth market.
The NSE offers the most comprehensive set of
features and functionality on our line of Access
Gateways. Our Access Gateways are capable of
servicing any type of HotSpot – from a large,
multi-cell location like an airport to a small,
single cell coffee shop.
1. HOSPITALITY - AG 3xxx/5xxx
This module provides the most extensive range of CERTIFIED Property Management System
(PMS) interfaces to enable in-room guest billing for High-Speed Internet Access (HSIA).
This module also includes one-way and two-way PMS interfaces for in-room billing in a WI-FI
Bill mirroring of records to multiple destinations is also provided within this module. In addition,
a driverless printing option (“Click to Print”) provides the capability for a subscriber to send print
jobs to a designated server and have the charge billed to the room.
Fail-Over functionality provides expanded network uptime and service availability by utilizing a
second Nomadix Gateway that is regularly updated by the primary gateway to take over if the
primary device should fail.
Provides additional flexibility in architecting your network by configuring an NSE enabled
Access Gateway to support Layer 3, WLAN, MESH and other routed networks on the subscriber
side of the Nomadix device.
This module is useful where, for example, different departments each require a separate logical
network (with typical routed connections between them), but it is desired that users on each
network are still able make use of the Nomadix subscriber features with respect to the public
P/N 230-1036-001
Sheet 3 of 10
White Paper
This item is a special factory part number which configures the AG 5600 and packages the
Routed Subscriber and High Availability modules with user count upgrades to create an AG5600
Metro Gateway that supports up to 4000 users.
Partnering with Nomadix allows the standardization of service offerings across a wide range of venue
types, from the small single cell deployment to a large multi-cell environment, utilizing our complete
line of Access Gateways.
The Access Gateways running the NSE leverage Nomadix’ market-leading experience gained over 11
years of real world deployment experience shipping over 65,000 units. Placing a Nomadix Access
Gateway at the edge of the network leverages a centralized provisioning system to maximize
customer acquisition and retention while securing the very edge of the network.
Our complete solution allows a service provider to quickly provide broadband access over a large
footprint of locations to mobile users to generate incremental revenue streams.
P/N 230-1036-001
Sheet 4 of 10
White Paper
Nomadix Service Engine Overview
The NSE provides a range of features needed for the successful deployment of wired and Wi-Fi
public access service. The following key areas are addressed by the NSE deployed on a Nomadix
Access Gateway:
Customer Acquisition
Provisioning of Service
Access Control and Authentication
Billing Plan Enablement
Policy-based Traffic Shaping
Customer Acquisition
Nomadix’ Dynamic Address Translation
Nomadix’ patented Dynamic Address Translation (DAT) technology provides transparent
broadband network connectivity as users travel between different locations—without requiring
any changes to their computer’s settings or special client-side software—ensuring that everyone
gets easy access to the network. A Nomadix-enabled network allows providers to acquire new
customers in a cost effective method.
End User
No client-side software or changes to the
PC’s configuration are required to get
connected to the network.
Translates End
User’s Network
P/N 230-1036-001
Dynamic Address
Sheet 5 of 10
White Paper
Nomadix developed DAT to actively monitor every packet transmitted from each device to
ensure all packet are correctly configured for the network that computer is expecting. If
necessary, DAT will perform standard Network and Port Address Translation and supports
Application Level Gateways (ALGs) for protocols such as FTP, H.323, PPTP, IPSec, etc., to
ensure the customer gains network access without having to reconfigure their PC or load client
side software.
DAT also ensures that a DNS server is always available to a user through the DNS redirection
function. This function redirects a user’s DNS requests to a local DNS server closer to the
customer’s location—improving the response time and enabling true plug-and-play access when
the subscriber’s configured DNS server is behind a firewall or located on a private Intranet.
Service Provisioning
Home Page Redirection
Once connected to the public access network, Nomadix’ Home Page Redirection feature
intercepts the user’s browser settings and directs them to a web site to securely sign up for service
or log in if they have a pre-existing account.
The Home Page Redirect (HPR) feature of the NSE enables the network to intercept the Internet
browser’s home page setting and redirect it to a new portal page determined by the Public Access
Service Operator (PASO) or HotSpot owner. When redirecting the customer to a new home page,
P/N 230-1036-001
Sheet 6 of 10
White Paper
the original home page (Origin Server) is passed as a parameter to the portal so the customer can
still access their default home page after the local or personalized page has been presented.
HPR also allows unique redirects on a per subscriber basis per a RADIUS attribute stored in that
customer’s account.
Service Branding
The NSE offers the unique ability to provide a 5 step service branding experience for the provider
and HotSpot owner.
Flash Branding
& Login
AAA status
branding with
‘Thank you and
(ICC or Logout
(IWS Goodbye
Page or RADIUS
Nomadix functionality
(Splash Page)
(Portal Page &
(Home Page &
Nomadix offers redirection opportunities pre and post authentication as well as at service
disconnect for maximum service branding capability for both the service provider and the venue
Location-based Identification
Depending on the network architecture and vendor, the NSE can determine the physical location
of the user to personalize the service presentation and perform security or billing functions. This
is achieved by using aggregation equipment that supports port based IEEE 802.1q VLANs or
using the integrated SNMP Manager to query the Bridge MIB (RFC 1493 or certain proprietary
MIBs) to determine the physical port associated with the user’s MAC address and each packet it
came through.
A user visiting an airport can receive a Web page that contains flight schedules specific to that
terminal based upon the port they are connecting into. The end user doesn’t need to know where
they are physically located to receive services, and since identification is performed in the
network, it is secure and can be used for a billing function based upon the port they have plugged
P/N 230-1036-001
Sheet 7 of 10
White Paper
Service Awareness
The NSE can drive a HTML/Javascript window down to each customer’s Internet browser
providing them with the ability to self-select services and upgrade their bandwidth and billing
options in real-time.
Nomadix’ patented Information and Control Console (ICC) also allows the premise owner or
service provider to send custom messages and advertising directly to the screen of the customer.
For Pre-paid usage, the ICC displays a dynamic “time” field to inform customers of the time
remaining or expired on their account.
Multi-mode Authentication and Access Control
The NSE provides an additional layer of security for the public access Wi-Fi network by blocking
access to the Internet until the user has been authenticated. The NSE also offers the ability to only
allow access to a pre determined “Walled Garden” area of the web prior to authentication.
Tri-Mode Authentication
In addition to supporting the secure Browser-based Universal Access Method via SSL, Nomadix
simultaneously supports Port-based Authentication using IEEE 802.1x and authentication
mechanisms used by Smart Clients by companies such as Boingo Wireless, GoRemote and iPass.
Nomadix products enable multiple authentication models providing the maximum amount of
flexibility to the end user and to the operator by supporting any type of client entering their
network and any type of business relationship on the back end.
Billing Plan Enablement
A Nomadix-enabled network can automatically authenticate, authorize, track, and bill users for
access. Users can be identified and billed according to their Media Access Control (MAC)
address, username/password, and/or port identification number.
The NSE supports a wide variety of billing models enabling the deployment of profitable public
access networks. Our solutions allow providers or venue owners to create billing plans using
credit cards, scratch cards or enable monthly subscriptions—then bill by a host of different
parameters including time, volume, or bandwidth.
P/N 230-1036-001
Sheet 8 of 10
White Paper
Nomadix offers an integrated RADIUS client with the NSE allowing the service operator to track
or bill based upon the number of connections, location of the connection, bytes sent and received,
connect time, etc. The customer database can exist in a central RADIUS Server, along with
associated attributes for each user. When a customer connects into the network, the RADIUS
client authenticates the customer with the RADIUS Server, applies associated attributes stored in
that customer’s profile, and logs their activity (including bytes transferred, connect time, etc.).
Our RADIUS implementation also handles vendor specific attributes (VSAs), required by
WISPs—that want to enable more advanced services and billing schemes such as a per device/per
month connectivity fee.
XML Interface
Nomadix provides a secure XML Application Programmer’s Interface (API) with the NSE
allowing the Access Gateway to accept and process XML commands from an external source for
integration with OSS, provisioning, and other network management elements for subscriber
management and location/port management. XML commands are sent over the network via an
SSL tunnel in the form of an encoded query string. The XML interface enables solution providers
and integrators to customize and enhance the installations with value added capabilities and
Advanced Security
The NSE enhances today’s standards, enabling the secure deployment of large scale public access
networks, regardless of the standards supported at the client, enabling a solution that covers the
wide variety of clients that will roam into the location.
VPN tunneling (PPTP, IPSec) remains the recommended method for transmitting data across a
wireless network for mobile workers wishing to connect back to their corporate resources.
Nomadix’ products feature its patented iNAT functionality that creates an intelligent mapping of
IP Addresses and their associated VPN tunnels allowing multiple tunnels to be established to the
same VPN server creating a seamless connection for all the users at the public access location.
Nomadix also allows tracking logs to support Lawful Intercept initiatives.
Denial of Service Management
The NSE also provides Session Rate Limiting (SLR) and MAC filtering capabilities to
significantly reduce the risks of Denial of Service (DoS) attacks helping ensure network uptime
and reliability. Administrators can also block all ICMP packets of non-authenticated users to
further protect the network against common DoS attacks.
P/N 230-1036-001
Sheet 9 of 10
White Paper
Policy-based Traffic Shaping
The Bandwidth Management feature is part of the NSE Core functionality and enables the
providers to limit bandwidth usage on a per device (MAC Address/User) basis. This ensures
every user has a quality experience by placing a bandwidth ceiling on each device accessing the
network so every user gets a fair share of the available bandwidth.
The bandwidth for each device can be defined asymmetrically for both upstream and downstream
data transmissions. The service provider can also allow the individual user to increase or decrease
their bandwidth by the minute—or on an hourly, daily, weekly, or monthly basis—without having
to disconnect or re-establish a new session.
The NSE can also manage the WAN Link traffic providing complete bandwidth management
through the public access location. Bandwidth Management shapes traffic going over the WAN
Link to prevent its over-utilization. The NSE queues traffic from overly busy instances in time
and sends the packets over the WAN Link when a lull in traffic occurs.
A key issue in the cost-effective mass-deployment of Wi-Fi HotSpot networks is an automated
process to configure edge devices during initial installation as well as to centrally manage critical
configuration parameters from the Network Operations Center. Such an automated process can
lower site installation costs by removing the need to employ highly-trained personnel to perform
the setup of the equipment.
The NSE provides a unique RADIUS-driven Auto-Configuration functionality that utilizes the
existing infrastructure of a provider to deliver an effortless and rapid methodology to configure
devices for fast network roll-out. Once configured, this methodology can also be effectively used
to centrally manage configuration profiles for all NSE devices in the public access network.
P/N 230-1036-001
Sheet 10 of 10
White Paper
Access Gateways
Nomadix’ family of Access Gateways are dedicated networking devices that can be placed in a
variety of public access locations, from a small coffee shop to a large international airport –
regardless of the deployment type, Nomadix has the right solution to fit your needs.
-Small Venue
Number of Cells
-Dual Cell
AG 5500 And
AG 5500 Metro
-Single / Dual Cell
AG 3100
-Large Venue
AG 2300
Number of Users
Nomadix recommends the AG 5600 running the NSE for deployment in large public access
locations such as airports and convention centers and the AG 5600 Metro Bundle for
Metropolitan HotZones and Digital Cities. The AG 3100 can be used when deploying Wi-Fi
service in mid-sized locations and the AG 2300 is the ideal HotSpot for single cell, small site
The NSE is specifically designed for broad based Wi-Fi HotSpot rollouts allowing providers to
quickly and cost effectively deploy profitable Wi-Fi service.
P/N 230-1036-001
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF