handlink iss-6000 presentation
TRANSCRIPT
ITWare Pty Ltd
TEL: +61-3-9018-7150FAX: +61-3-8610-1981
[email protected]://www.itware.com.au
Sales Department
ISS-6000
V3.00
Internet SubscriberServer III
ISS-6000Internet Subscriber Server III
The Internet Subscriber Server III is a free-standing or rack-mounted intelligent gateway with a LAN port, WAN port, a serial port for system management and administration, and
Designed for use in the medium to large environment such as large hotels, university campuses and airports, the Internet Subscriber Server III acts as an hotspot access controller and provides instant Internet access, advanced security and network management.
a dedicated PMS port for connecting the unit to a customer’s Property Management System, and capable of supporting up to 1024 simultaneous users.
The Integrated Solution for The Integrated Solution for medium to large medium to large
HotSpotsHotSpots
IP Plug and PlayZero ConfigurationOutgoing E-mail RedirectionTransparent HTTP Proxy
AAA and BillingWeb-based Internet AccessRADIUS AAA Support10 Billing ProfilesOn-line Selective ServiceStatic AccountsDynamic Accounts
SecurityLayer 2 IsolationVPN Pass through Secure HTML Login PageAdministration Access ControlPass through IP/MAC Address
ManagementLAN Device ManagementReal-time Session List SyslogSNMP
MiscellaniesPass Through IP/MAC AddressVarious WAN ConnectionsPublic/Private Service
Marketing ServiceCustomized Login PageLogin Page RedirectionAdvertisement LinkWalled Garden
Manage BandwidthEqual BandwidthClass of Service
Hotel PMSPMS IntegrationPort-Location MappingLowest Total Cost Ownership
IP Plug and Play
“Zero Configuration” Internet Access
Outgoing Email Redirection
Transparent HTTP Proxy
”Zero Configuration” Internet AccessEasy-to-Use, Plug-and-Play Internet AccessHandlink’s unique IP Plug&Play (iPnP) technology allows subscribers to connect with ease for broadband access without having to re-configure any of their device IP settings including DHCP, DNS, Proxy and dynamic and static IP address assignments.
Ethernet / VDSL / HomePNA Switch
Dynamic IPFixed Global IPFixed Private IPDHCP ClientHTTP Proxy
ADSL Modem
Wireless AP
Outgoing Email RedirectionThe ISS-6000 will redirect subscriber’s original message of E-mail according to SMTP rules and sent it out via the specified SMTP server. This function could help subscribers to send E-mail via the local SMTP server when their default SMTP server is out of work or don’t allow connecting from Internet.
Original SMTP Server Setting:mail.handlink.com.tw
Original SMTP Server Setting:192.168.100.3
Pre-installed Email Server 210.66.77.88
Send M
ail Send Mail
• Relay function of this SMTP Server must be enabled.• Subscribers no need to modify the SMTP setting for their laptop.
All SMTP packet from Subscribers will be re-directed to specified SMTP Server which pre-installed by service provider.
Transparent HTTP ProxySupports common proxies acting as a proxy server. This function could help subscribers without changing proxy settings to eliminate support calls related to client proxy settings. (only support HTTP proxy).
Proxy Server Enable Proxy Server Disable
HTTP
Even subscriber’s browser has proxy server setting, the ISS-6000 could work as proxy server to serve this laptop.
Subscriber do not need to change the proxy setting of his laptop.
AAA and Billing
Web-based Internet Access RADIUS AAA Support Static Accounts Dynamic Account 10 Billing Profile On-line Selective Service
Web-based Internet AccessThe “Login page” displays prompting the subscriber to enter the username and password for the first time Internet access. Subscribers without valid username and password cannot access Internet.
WITH valid credential WITH valid credentialWITHOUT valid credential
Blocked
Login Page Login PageLogin Page
ADSL Modem
Wireless AP
RADIUS AAA Support
Internet Access Request (Open Browser)
Send “Login Page” to subscriber
Enter username and password
Access Allow or Deny
Authentication Request
Authentication Reply
Subscriber ISS-6000 RADIUS Server
• Authentication and Accounting service
• Secondary RADIUS redundancy
• VSA (vendor specific attribute) support
Login Page
10 Billing ProfilesThe administrator can define up to 10 billing profiles. The billing time base can be minute, hour, day, week, month and unlimited.
On-line Selective ServiceSubscribers can choose from the pre-defined service selections (billing profiles) when login if PMS implemented.
Static AccountsStatic Accounts can be created and managed by a series of specific number like hotel rooms. Static Accounts can be used for PMS billing without 802.1Q tag-based VLAN infrastructure or Port-Location Mapping Infrastructure. You have three ways to create static accounts, batch create or import from the stored accounts or manually.
Handlink Port-location mappinginfrastructure
GeneralInfrastructure
802.1Q Tag-based VLANInfrastructure
Dynamic Accounts1. Clicking on the button on the Account Generator Printer connected with ISS-6000 LAN port. 2. Clicking on the 4 pre-defined buttons from the Web-based Dynamic Account Operator.
You have two ways to operate the accounts:
Click
AG-200E
Switch
AG-200E Account Generator Printerwith Ethernet Port
RJ-45/ POERJ-45/ POEPortPort
AG-200E
Security
Layer 2 Isolation
VPN Pass through
Secure HTML Login Page
Administration Access Control
Pass through IP/MAC Address
Layer 2 Isolation
ADSL Modem
This enables every wireless or wired subscriber to be not able to communicate with each other even they are within same subnet. That is the best solution for Hotspot security. Nobody allows his/her computer’s data to be shared with anyone else.
VPN Pass through
IPSec VPN Server
PPTP VPN Server
Mail FTP
Mail FTP
Secure Tunnel
IPSec VPN Client
PPTP VPN Client
VPN Passthrough provides the subscribers who want to run his VPN or secure tunneling client software to connect to his/her company’s VPN server.
Company A
Company B
The ISS-6000 supports only Encapsulating Security Payload (ESP) tunnel mode. This is the most common mode of establishing IPSec tunnels. In the rare case that a subscriber is using one of the other methods, then it would be necessary for this user to be given a public IP address. Other IPSec methods are Authentication Header (AH) transport and tunnel mode and ESP transport mode.
SSL Login Page/AdministrationWe use Secure HTML Login Page through SSL to protect username and password while LAN users login. That enables security authentication within the network.
ADSL Modem
SSL Secure Login Page and Administrative Page
Subscriber Login’s Username/Password are encrypted, therefore even the packets are captured ,hackers still uneasily to know the username/password.
Username =????????Password =?????????
Wireless AP
Administration Access ControlThe ISS-6000 integrates a secure administration access control list that checks the source (IP address) of administrator logins. A login is permitted only if a match is made with the list contained on the ISS-6000. If a match is not made, the login is denied, even if a correct login name and password are supplied.
Specified IP AddressFor Administration
IP Address without in the list
LAN Device ManagementThe administrator can directly remote control the devices under the LAN via ISS-6000 and check the status (OK/Fail) of the LAN devices.
Administratorhttp://
210.66.37.22:60006
Global IP http://210.66.37.22
ADSL /Cable Modem
Wireless APWireless Gateway
Real-time Session List
Administrator
Global IP 210.66.37.22
Wireless AP Wireless AP
Network Management PC
The remote site administrator could monitor the real time usage status of ISS-6000 via Session list page.
HomePNA Switch
SyslogISS-6000 provide 5 categories of logs which will send to specified Syslog server. Network manager can know the network status according to the following logs.
1. System Category System information System Boot Notice System Manager Activity information2. Accounting Account Created Subscriber Trace Logged-in Users3. Billing Billing Log
Syslog Server
ADSL /Cable Modem
4. LAN Devices Management LAN Devices Information LAN Devices Alarm5. Alert Administration Access Fail
E-mail Server
SNMP ManagementThe ISS-6000 supports SNMP (Simple Network Management Protocol). Each unit acts as an SNMP agent so that the network connecting status and configuration information may be accessed remotely through the SNMP manager, which enables centralized traffic and fault monitoring.
MIB Browser
SNMP Agent
SNMP Port 1611. Get2. Get Next3. Get Bulk4. Set
Port 162 UDP Packet1. Port Enable/Disable2. Boot Up3. Reset
MIB-II Standard Support
Miscellanies
Pass Through IP/MAC Address
Various WAN Connections
Public/Private Service
Pass Through IP/MAC AddressPass Through IP/MAC address is useful for VIP users without authentication and for devices that do not have a web browser (cash registers, for example) or that are connected with LAN port (wireless access points, for example).
Guest orSubscriber
Guest orSubscriber
Guest orSubscriber Hotel Staff Hotel
Manager
VIP Guest orSubscriber
ADSL Modem/Cable Modem
Built-in Auth./RADIUS Auth. Enabled
No Authentication
Various WAN ConnectionsThe system provides alternative WAN connection such as PPPoE, PPTP, DHCP Client or Static IP for service provider to establish their service networking quickly and easily.
PPTP
PPPoE
DHCP Client
Static IP
Public/Private Service
DHCP Client
xDSL/Cable Modem
Wireless AP
WAN IP: 211.21.1.1Subnet: 255.255.255.0Gateway: 211.21.1.20
LAN IP: 10.59.1.1Subnet: 255.255.255.0
Use Public IPUse Private IPDHCP Client
Public IP: 211.21.1.2~211.21.1.12
Marketing Service
Customized Login Page
Login Page Redirection
Advertisement Link
Walled Garden
Customized Login PageThe ISS-6000 provides the standard login page for subscribers to input username and password. However, some service providers like hotels, coffee shops and airports may want to show their customized page or redirect their hosted page for promotion or corporate image, therefore ISS-6000 allows service provider or venue owner to specify or modify the login page. Standard Login Page
TOP Frame
Bottom Frame
Frame Login Page
Login Page Redirection
Login Page
Web Server
Login Page
www.test.com/login.html
Advertisement LinkThe system allow service provider to input 10 URL links for advertisement link purpose.
www.yahoo.com
www.msn.com
www.microsoft.com
Walled GardenWe prepare ten URL links that allows subscriber to access the specific Web pages even they didn’t have a username or password. It’s free trying and can use for advertisement.
Equal Bandwidth
Up=64kbpsDown=256kpbs
Up=64kbpsDown=256kpbs
Up=64kbpsDown=256kpbs
Up=64kbpsDown=256kpbs
ADSL/Cable Modem
The function enables administrator to limit bandwidth usage on a per user basis (MAC address). That prevents users from consuming a disproportionately large amount of bandwidth so every user gets a fair share of the available bandwidth.
Class of ServiceThe function enables administrator to limit bandwidth usage according to the RADIUS vendor-specific attribute or billing profile setting (Built-in authentication). This allows every user to have a different service quality for Internet bandwidth.
Up=16kbpsDown=64kpbs
Up=16kbpsDown=64kpbs
Up=128kbpsDown=128kpbs
Up=512kbpsDown=512kpbs
ADSL /Cable Modem
Hotel PMS
PMS Integration
Port-Location Mapping
Lowest Total Cost Ownership
PMS IntegrationThe ISS-6000 support the major brand PMS system ( Micros Fidelio, Marriott and Spectrum MK II) and Proprietary PMS system , to enable Hotels to perform in-room billing.
Proprietary PMS
TM
Port-Location MappingThe ISS-6000 supports 802.1Q Tag-based VLAN infrastructure. The ISS-6000 uses a Port-Location Mapping table to manage the assigned ports and ensure accurate billing for service used by a particular port.
In-Room port-location mapping can be achieved by defining what Location/VLAN ID’s to listen for and what billing profile to associate with it. It is used to have the ISS-6000 automatically identify what port a machine is connecting on.
ADSL /Cable Modem
Port 1Ethernet / VDSL / HomePNA Switch
Port 2 Port 3
Room 1001 Room 1002 Room 1003 Room 1004
Port 4Port (VLAN ID)
Location
Port-Location Mapping Table
PMS
Lowest Total Cost OwnershipIn general, the high-costly 802.1Q Tag-based VLAN infrastructure is a MUST to be accompanied with other ISS-6000-like products.
However, ISS-6000 also can work with PMS without costly 802.1Q Tag-based VLAN infrastructure. Handlink’s VDSL / HomePNA / Ethernet product series are port-location mapping infrastructure, which are the best and lowest TCO and partner with ISS-6000, to replace the costly 802.1Q Tag-based VLAN infrastructure.
In conclusion, the ISS-6000 is the most flexible access controller with PMS and infrastructure in the world.
Handlink Port-location mappinginfrastructure
GeneralInfrastructure
802.1Q Tag-based VLANInfrastructure
Scenario B
Scenario A
Scenario A
Scenario A- Subscriber LoginLogin Page
Popup Information Window after login successfully
Information Window
Subscriber Login
Scenario A
Hotel PMS
ADSL/Cable Modem
RADIUSServer
Network Operating Center
BillingServer
E-mailServer
NetworkManagement
HANDLINK ISS-6000
Guest Room FloorRoom #201 Room #202
Hotel Front Desk Operater
Account Assign Account Printout
Lobby,Café,Restaurant Floor
Access Point
Ethernet Switch
Home PNA/VDSL Switch
Login Page
RS-232 LineRJ-11 Telephone LineRJ-45 CAT5 Line
Scenario B - Subscriber LoginLogin Page Information Window
Subscriber Login
Popup Information Window after login successfully
Scenario B
Hotel PMSEthernet Switch
ADSL/Cable Modem
RADIUSServer
Network Operating Center
BillingServer
E-mailServer
NetworkManagement
HANDLINK ISS-6000
Guest Room FloorRoom #201 Room #202 Room #301
Account Generator PrinterAG-200E
Home PNA/VDSL Switch
Login Page
Assign IP address
Enable PMS Support
RS-232 LineRJ-11 Telephone LineRJ-45 CAT5 Line
Port-Location Mapping VLAN Tag
Scenario C - Subscriber LoginLogin Page Information Window
Subscriber Login
Popup Information Window after login successfully
Scenario C
Guest Room Floor
Lobby,Café,Restaurant Floor
Hotel PMS
ADSL/Cable Modem
RADIUSServer
Network Operating Center
BillingServer
E-mailServer
NetworkManagement
HANDLINK ISS-6000
Room #201 Room #202
Account Assign Account
Printout
Access Point
Ethernet Switch
Home PNA/VDSL Switch
Login Page
Create Dynamic AccountsRoom #301
Define Billing Profile
Hotel Front Desk Operater
ISS-6000 can help you…•Integrated Solution for rapid deployment
The ISS-6000 is a complete access controller for medium to large hot-spots. It can serve up to 1024 simultaneous users and it is an ideal hotspot solution to be deployed in the hotels, coffee shops, airports and other sites that commonly host business travelers and offers instant high-speed Internet connections. It is perfect for Hotspot application!
•Deliver instant PnP connectivity serviceWith its IP Plug and Play technology, the ISS-6000 helps solve connectivity problems by offering instant Internet access without the need for configuration changes to the client computer or any resident client-side software and allows guests to send E-mail as usual without changing E-mail SMTP server settings even if their configured mail server is unavailable or behind a corporate firewall.
•Complete user authentication and accountingThe ISS-6000 works with industry-standard RADIUS server that is allowed administer to control user's login name and password to fully support AAA (Authentication, Accounting and Authorization).
ISS-6000 can help you…•Sophisticated Remote Management
The ISS-6000 enables you to manage all your underlying network devices with Syslog messaging, SNMP and LAN devices Management to reduce maintenance overhead.
•Comprehensive securityThe ISS-6000 provides a fully-secure operating environment with VPN pass through, SSL certificate, and Layer 2 Isolation V-LAN Security.
•Enhance Local and Personalized ServiceThe login and logout pages are fully customizable. The ISS-6000 has the ability to let you redirect end users to your advertising web pages, increase your potential for revenue and customize locations where end-users can visit free (walled garden).
•Hotel PMS IntegrationThe ISS-6000 works with hotel Micros Fidelio/Marriott, Spectrum MK II PMS billing system that is allowed hotel to fully support PMS billing system of Internet Access.
•Built-in AAA/Billing SystemThe ISS-6000 has built-in AAA and billing system that is allowed manager to control user for Internet access and billing mechanism individually without any external AAA server and billing server.
Wi-Fi Hot SpotLarge Scale Hotspot Solution
Ethernet Switch / PoE Switch
ADSL / Cable Modem
Network Operation Center
RADIUSServer
BillingServer
ServiceServer
Wireless STAWireless AP
Hotel VDSL Phoneline SolutionVDSL infrastructure
ADSL / Cable Modem
ControlCenter
1F Open Area
VDSL Modem
Hotel PMS System
2F Room201
VDSL ModemNotebook with
Ethernet Interface
Wireless AP
RS-232 LineRJ-11 Telephone LineRJ-45 CAT5 Line
Guest Room
LobbyPoolCoffee shopRestaurantsGardens……
DSLAM/PBX
Wireless STA Enjoy Internet with freedom
RADIUS Server
VDSL Switch
Hotel HomePNA Phoneline SolutionHomePNA infrastructure
ADSL / Cable Modem
ControlCenter
1F Open Area
Hotel PMS System
2F Room201
HomePNA ConverterNotebook with
Ethernet Interface
Wireless AP
Guest Rooms
LobbyPoolCoffee shopRestaurantsGardens……
DSLAM/PBX
Wireless STA Enjoy Internet with freedom
HomePNA Converter
RS-232 LineRJ-11 Telephone LineRJ-45 CAT5 Line
RADIUS Server
HomePNA Switch