ITWare Pty Ltd

TEL: +61-3-9018-7150FAX: +61-3-8610-1981

handlinksales@itware.com.auhttp://www.itware.com.au

Sales Department

ISS-6000

V3.00

Internet SubscriberServer III

ISS-6000Internet Subscriber Server III

The Internet Subscriber Server III is a free-standing or rack-mounted intelligent gateway with a LAN port, WAN port, a serial port for system management and administration, and

Designed for use in the medium to large environment such as large hotels, university campuses and airports, the Internet Subscriber Server III acts as an hotspot access controller and provides instant Internet access, advanced security and network management.

a dedicated PMS port for connecting the unit to a customer’s Property Management System, and capable of supporting up to 1024 simultaneous users.

The Integrated Solution for The Integrated Solution for medium to large medium to large

HotSpotsHotSpots

IP Plug and PlayZero ConfigurationOutgoing E-mail RedirectionTransparent HTTP Proxy

AAA and BillingWeb-based Internet AccessRADIUS AAA Support10 Billing ProfilesOn-line Selective ServiceStatic AccountsDynamic Accounts

SecurityLayer 2 IsolationVPN Pass through Secure HTML Login PageAdministration Access ControlPass through IP/MAC Address

ManagementLAN Device ManagementReal-time Session List SyslogSNMP

MiscellaniesPass Through IP/MAC AddressVarious WAN ConnectionsPublic/Private Service

Marketing ServiceCustomized Login PageLogin Page RedirectionAdvertisement LinkWalled Garden

Manage BandwidthEqual BandwidthClass of Service

Hotel PMSPMS IntegrationPort-Location MappingLowest Total Cost Ownership

IP Plug and Play

“Zero Configuration” Internet Access

Outgoing Email Redirection

Transparent HTTP Proxy

”Zero Configuration” Internet AccessEasy-to-Use, Plug-and-Play Internet AccessHandlink’s unique IP Plug&Play (iPnP) technology allows subscribers to connect with ease for broadband access without having to re-configure any of their device IP settings including DHCP, DNS, Proxy and dynamic and static IP address assignments.

Ethernet / VDSL / HomePNA Switch

Dynamic IPFixed Global IPFixed Private IPDHCP ClientHTTP Proxy

ADSL Modem

Wireless AP

Outgoing Email RedirectionThe ISS-6000 will redirect subscriber’s original message of E-mail according to SMTP rules and sent it out via the specified SMTP server. This function could help subscribers to send E-mail via the local SMTP server when their default SMTP server is out of work or don’t allow connecting from Internet.

Original SMTP Server Setting:mail.handlink.com.tw

Original SMTP Server Setting:192.168.100.3

Pre-installed Email Server 210.66.77.88

Send M

ail Send Mail

• Relay function of this SMTP Server must be enabled.• Subscribers no need to modify the SMTP setting for their laptop.

All SMTP packet from Subscribers will be re-directed to specified SMTP Server which pre-installed by service provider.

Transparent HTTP ProxySupports common proxies acting as a proxy server. This function could help subscribers without changing proxy settings to eliminate support calls related to client proxy settings. (only support HTTP proxy).

Proxy Server Enable Proxy Server Disable

HTTP

Even subscriber’s browser has proxy server setting, the ISS-6000 could work as proxy server to serve this laptop.

Subscriber do not need to change the proxy setting of his laptop.

AAA and Billing

Web-based Internet Access RADIUS AAA Support Static Accounts Dynamic Account 10 Billing Profile On-line Selective Service

Web-based Internet AccessThe “Login page” displays prompting the subscriber to enter the username and password for the first time Internet access. Subscribers without valid username and password cannot access Internet.

WITH valid credential WITH valid credentialWITHOUT valid credential

Blocked

Login Page Login PageLogin Page

ADSL Modem

Wireless AP

RADIUS AAA Support

Internet Access Request (Open Browser)

Send “Login Page” to subscriber

Enter username and password

Access Allow or Deny

Authentication Request

Authentication Reply

Subscriber ISS-6000 RADIUS Server

• Authentication and Accounting service

• Secondary RADIUS redundancy

• VSA (vendor specific attribute) support

Login Page

10 Billing ProfilesThe administrator can define up to 10 billing profiles. The billing time base can be minute, hour, day, week, month and unlimited.

On-line Selective ServiceSubscribers can choose from the pre-defined service selections (billing profiles) when login if PMS implemented.

Static AccountsStatic Accounts can be created and managed by a series of specific number like hotel rooms. Static Accounts can be used for PMS billing without 802.1Q tag-based VLAN infrastructure or Port-Location Mapping Infrastructure. You have three ways to create static accounts, batch create or import from the stored accounts or manually.

Handlink Port-location mappinginfrastructure

GeneralInfrastructure

802.1Q Tag-based VLANInfrastructure

Dynamic Accounts1. Clicking on the button on the Account Generator Printer connected with ISS-6000 LAN port. 2. Clicking on the 4 pre-defined buttons from the Web-based Dynamic Account Operator.

You have two ways to operate the accounts:

Click

AG-200E

Switch

AG-200E Account Generator Printerwith Ethernet Port

RJ-45/ POERJ-45/ POEPortPort

AG-200E

Security

Layer 2 Isolation

VPN Pass through

Secure HTML Login Page

Administration Access Control

Pass through IP/MAC Address

Layer 2 Isolation

ADSL Modem

This enables every wireless or wired subscriber to be not able to communicate with each other even they are within same subnet. That is the best solution for Hotspot security. Nobody allows his/her computer’s data to be shared with anyone else.

VPN Pass through

IPSec VPN Server

PPTP VPN Server

Mail FTP

Mail FTP

Secure Tunnel

IPSec VPN Client

PPTP VPN Client

VPN Passthrough provides the subscribers who want to run his VPN or secure tunneling client software to connect to his/her company’s VPN server.

Company A

Company B

The ISS-6000 supports only Encapsulating Security Payload (ESP) tunnel mode. This is the most common mode of establishing IPSec tunnels. In the rare case that a subscriber is using one of the other methods, then it would be necessary for this user to be given a public IP address. Other IPSec methods are Authentication Header (AH) transport and tunnel mode and ESP transport mode.

SSL Login Page/AdministrationWe use Secure HTML Login Page through SSL to protect username and password while LAN users login. That enables security authentication within the network.

ADSL Modem

SSL Secure Login Page and Administrative Page

Subscriber Login’s Username/Password are encrypted, therefore even the packets are captured ,hackers still uneasily to know the username/password.

Username =????????Password =?????????

Wireless AP

Administration Access ControlThe ISS-6000 integrates a secure administration access control list that checks the source (IP address) of administrator logins. A login is permitted only if a match is made with the list contained on the ISS-6000. If a match is not made, the login is denied, even if a correct login name and password are supplied.

Specified IP AddressFor Administration

IP Address without in the list

Management

LAN Device Management

Real-time Session List

Syslog

SNMP

LAN Device ManagementThe administrator can directly remote control the devices under the LAN via ISS-6000 and check the status (OK/Fail) of the LAN devices.

Administratorhttp://

210.66.37.22:60006

Global IP http://210.66.37.22

ADSL /Cable Modem

Wireless APWireless Gateway

Real-time Session List

Administrator

Global IP 210.66.37.22

Wireless AP Wireless AP

Network Management PC

The remote site administrator could monitor the real time usage status of ISS-6000 via Session list page.

HomePNA Switch

SyslogISS-6000 provide 5 categories of logs which will send to specified Syslog server. Network manager can know the network status according to the following logs.

1. System Category System information System Boot Notice System Manager Activity information2. Accounting Account Created Subscriber Trace Logged-in Users3. Billing Billing Log

Syslog Server

ADSL /Cable Modem

4. LAN Devices Management LAN Devices Information LAN Devices Alarm5. Alert Administration Access Fail

E-mail Server

SNMP ManagementThe ISS-6000 supports SNMP (Simple Network Management Protocol). Each unit acts as an SNMP agent so that the network connecting status and configuration information may be accessed remotely through the SNMP manager, which enables centralized traffic and fault monitoring.

MIB Browser

SNMP Agent

SNMP Port 1611. Get2. Get Next3. Get Bulk4. Set

Port 162 UDP Packet1. Port Enable/Disable2. Boot Up3. Reset

MIB-II Standard Support

Miscellanies

Pass Through IP/MAC Address

Various WAN Connections

Public/Private Service

Pass Through IP/MAC AddressPass Through IP/MAC address is useful for VIP users without authentication and for devices that do not have a web browser (cash registers, for example) or that are connected with LAN port (wireless access points, for example).

Guest orSubscriber

Guest orSubscriber

Guest orSubscriber Hotel Staff Hotel

Manager

VIP Guest orSubscriber

ADSL Modem/Cable Modem

Built-in Auth./RADIUS Auth. Enabled

No Authentication

Various WAN ConnectionsThe system provides alternative WAN connection such as PPPoE, PPTP, DHCP Client or Static IP for service provider to establish their service networking quickly and easily.

PPTP

PPPoE

DHCP Client

Static IP

Public/Private Service

DHCP Client

xDSL/Cable Modem

Wireless AP

WAN IP: 211.21.1.1Subnet: 255.255.255.0Gateway: 211.21.1.20

LAN IP: 10.59.1.1Subnet: 255.255.255.0

Use Public IPUse Private IPDHCP Client

Public IP: 211.21.1.2~211.21.1.12

Marketing Service

Customized Login Page

Login Page Redirection

Advertisement Link

Walled Garden

Customized Login PageThe ISS-6000 provides the standard login page for subscribers to input username and password. However, some service providers like hotels, coffee shops and airports may want to show their customized page or redirect their hosted page for promotion or corporate image, therefore ISS-6000 allows service provider or venue owner to specify or modify the login page. Standard Login Page

TOP Frame

Bottom Frame

Frame Login Page

Login Page Redirection

Login Page

Web Server

Login Page

www.test.com/login.html

Advertisement LinkThe system allow service provider to input 10 URL links for advertisement link purpose.

www.yahoo.com

www.msn.com

www.microsoft.com

Walled GardenWe prepare ten URL links that allows subscriber to access the specific Web pages even they didn’t have a username or password. It’s free trying and can use for advertisement.

Manage Bandwidth

Equal Bandwidth

Class of Service

Equal Bandwidth

Up=64kbpsDown=256kpbs

Up=64kbpsDown=256kpbs

Up=64kbpsDown=256kpbs

Up=64kbpsDown=256kpbs

ADSL/Cable Modem

The function enables administrator to limit bandwidth usage on a per user basis (MAC address). That prevents users from consuming a disproportionately large amount of bandwidth so every user gets a fair share of the available bandwidth.

Class of ServiceThe function enables administrator to limit bandwidth usage according to the RADIUS vendor-specific attribute or billing profile setting (Built-in authentication). This allows every user to have a different service quality for Internet bandwidth.

Up=16kbpsDown=64kpbs

Up=16kbpsDown=64kpbs

Up=128kbpsDown=128kpbs

Up=512kbpsDown=512kpbs

ADSL /Cable Modem

Hotel PMS

PMS Integration

Port-Location Mapping

Lowest Total Cost Ownership

PMS IntegrationThe ISS-6000 support the major brand PMS system ( Micros Fidelio, Marriott and Spectrum MK II) and Proprietary PMS system , to enable Hotels to perform in-room billing.

Proprietary PMS

TM

Port-Location MappingThe ISS-6000 supports 802.1Q Tag-based VLAN infrastructure. The ISS-6000 uses a Port-Location Mapping table to manage the assigned ports and ensure accurate billing for service used by a particular port.

In-Room port-location mapping can be achieved by defining what Location/VLAN ID’s to listen for and what billing profile to associate with it. It is used to have the ISS-6000 automatically identify what port a machine is connecting on.

ADSL /Cable Modem

Port 1Ethernet / VDSL / HomePNA Switch

Port 2 Port 3

Room 1001 Room 1002 Room 1003 Room 1004

Port 4Port (VLAN ID)

Location

Port-Location Mapping Table

PMS

Lowest Total Cost OwnershipIn general, the high-costly 802.1Q Tag-based VLAN infrastructure is a MUST to be accompanied with other ISS-6000-like products.

However, ISS-6000 also can work with PMS without costly 802.1Q Tag-based VLAN infrastructure. Handlink’s VDSL / HomePNA / Ethernet product series are port-location mapping infrastructure, which are the best and lowest TCO and partner with ISS-6000, to replace the costly 802.1Q Tag-based VLAN infrastructure.

In conclusion, the ISS-6000 is the most flexible access controller with PMS and infrastructure in the world.

Handlink Port-location mappinginfrastructure

GeneralInfrastructure

802.1Q Tag-based VLANInfrastructure

Scenario B

Scenario A

Scenario A

User Experience

Scenario A

Scenario B

Scenario C

Scenario A- Subscriber LoginLogin Page

Popup Information Window after login successfully

Information Window

Subscriber Login

Scenario A

Hotel PMS

ADSL/Cable Modem

RADIUSServer

Network Operating Center

BillingServer

E-mailServer

NetworkManagement

HANDLINK ISS-6000

Guest Room FloorRoom #201 Room #202

Hotel Front Desk Operater

Account Assign Account Printout

Lobby,Café,Restaurant Floor

Access Point

Ethernet Switch

Home PNA/VDSL Switch

Login Page

RS-232 LineRJ-11 Telephone LineRJ-45 CAT5 Line

Scenario B - Subscriber LoginLogin Page Information Window

Subscriber Login

Popup Information Window after login successfully

Scenario B

Hotel PMSEthernet Switch

ADSL/Cable Modem

RADIUSServer

Network Operating Center

BillingServer

E-mailServer

NetworkManagement

HANDLINK ISS-6000

Guest Room FloorRoom #201 Room #202 Room #301

Account Generator PrinterAG-200E

Home PNA/VDSL Switch

Login Page

Assign IP address

Enable PMS Support

RS-232 LineRJ-11 Telephone LineRJ-45 CAT5 Line

Port-Location Mapping VLAN Tag

Scenario C - Subscriber LoginLogin Page Information Window

Subscriber Login

Popup Information Window after login successfully

Scenario C

Guest Room Floor

Lobby,Café,Restaurant Floor

Hotel PMS

ADSL/Cable Modem

RADIUSServer

Network Operating Center

BillingServer

E-mailServer

NetworkManagement

HANDLINK ISS-6000

Room #201 Room #202

Account Assign Account

Printout

Access Point

Ethernet Switch

Home PNA/VDSL Switch

Login Page

Create Dynamic AccountsRoom #301

Define Billing Profile

Hotel Front Desk Operater

Conclusion

ISS-6000 can help you…

ISS-6000 can help you…•Integrated Solution for rapid deployment

The ISS-6000 is a complete access controller for medium to large hot-spots. It can serve up to 1024 simultaneous users and it is an ideal hotspot solution to be deployed in the hotels, coffee shops, airports and other sites that commonly host business travelers and offers instant high-speed Internet connections. It is perfect for Hotspot application!

•Deliver instant PnP connectivity serviceWith its IP Plug and Play technology, the ISS-6000 helps solve connectivity problems by offering instant Internet access without the need for configuration changes to the client computer or any resident client-side software and allows guests to send E-mail as usual without changing E-mail SMTP server settings even if their configured mail server is unavailable or behind a corporate firewall.

•Complete user authentication and accountingThe ISS-6000 works with industry-standard RADIUS server that is allowed administer to control user's login name and password to fully support AAA (Authentication, Accounting and Authorization).

ISS-6000 can help you…•Sophisticated Remote Management

The ISS-6000 enables you to manage all your underlying network devices with Syslog messaging, SNMP and LAN devices Management to reduce maintenance overhead.

•Comprehensive securityThe ISS-6000 provides a fully-secure operating environment with VPN pass through, SSL certificate, and Layer 2 Isolation V-LAN Security.

•Enhance Local and Personalized ServiceThe login and logout pages are fully customizable. The ISS-6000 has the ability to let you redirect end users to your advertising web pages, increase your potential for revenue and customize locations where end-users can visit free (walled garden).

•Hotel PMS IntegrationThe ISS-6000 works with hotel Micros Fidelio/Marriott, Spectrum MK II PMS billing system that is allowed hotel to fully support PMS billing system of Internet Access.

•Built-in AAA/Billing SystemThe ISS-6000 has built-in AAA and billing system that is allowed manager to control user for Internet access and billing mechanism individually without any external AAA server and billing server.

Wi-Fi Hot SpotLarge Scale Hotspot Solution

Ethernet Switch / PoE Switch

ADSL / Cable Modem

Network Operation Center

RADIUSServer

BillingServer

ServiceServer

Wireless STAWireless AP

Hotel VDSL Phoneline SolutionVDSL infrastructure

ADSL / Cable Modem

ControlCenter

1F Open Area

VDSL Modem

Hotel PMS System

2F Room201

VDSL ModemNotebook with

Ethernet Interface

Wireless AP

RS-232 LineRJ-11 Telephone LineRJ-45 CAT5 Line

Guest Room

LobbyPoolCoffee shopRestaurantsGardens……

DSLAM/PBX

Wireless STA Enjoy Internet with freedom

RADIUS Server

VDSL Switch

Hotel HomePNA Phoneline SolutionHomePNA infrastructure

ADSL / Cable Modem

ControlCenter

1F Open Area

Hotel PMS System

2F Room201

HomePNA ConverterNotebook with

Ethernet Interface

Wireless AP

Guest Rooms

LobbyPoolCoffee shopRestaurantsGardens……

DSLAM/PBX

Wireless STA Enjoy Internet with freedom

HomePNA Converter

RS-232 LineRJ-11 Telephone LineRJ-45 CAT5 Line

RADIUS Server

HomePNA Switch