Providing campus-wide, wireless Internet access allows an education institution to showcase leading edge
technology and helps them attract top-notch students and faculty. It also provides these institutions an opportunity
to generate new revenue and offer new applications, such as VoIP services, surveillance monitoring, campus
Offering secure Wi-Fi access throughout a large campus, as well as satellite campuses, is not easy especially when
there are some strongly divergent requirements to consider:
a. Single-login credentials across the network, and to partners and affinity programs
b. Preserve existing WLAN infrastructure of access points – wireline and wireless
c. Provide secure access for all – predefined set of students, transients visitors and other temporary
users, without requiring proprietary applications on the client device.
d. Integrated to existing payment gateways, and other APIs for accounting and reporting
e. Quality of Service guarantees and Service Level Agreements to various classes of users
Sun’s integrated offering offers precisely such a solution. The solution comprises of products from Sun
Microsystems, Pronto Networks and Nortel Networks. In the diagram nearby, technologies from Pronto Networks
focus on the functions in the Controller, the Portal Gateway, and Policy Management of the subscriber’s identity.
The Pronto Networks solution includes the Pronto
OSS that resides in the data center, and a Pronto
Hotspot Controller/Gateway that resides on the
network side of the Access Network.
The Access network consists of the wireline or the
wireless infrastructure at the campus. This can be
any first generation access network or a second
generation Nortel campus wireless network (mesh
or enterprise). There are significant benefits to
such a second generation wireless network
including rogue AP detection, secure traffic
options, automatic AP range modification, etc.
These benefits are described elsewhere.
Sun Microsystems provides the additional
capabilities of Single Sign-On, LDAP services, and
the Java Enterprise Suite of solutions.
This document focuses on the features directly related to the components provided Pronto Networks. The Pronto
OSS and the PHG provide the following features in this solution:
Offer centralized user management and service control over existing WLAN equipment
Web based login
o Same user credentials across campuses
o No proprietary client required on user device
Differentiable service plans for visitors and differentiable plans at each locations
Per user QoS for Students/Faculty/Staff
Easily Modified Splash Page for Bulletin Boards
February, 2005 Pronto Proprietary and Confidential Page 1
Product Overview – Pronto Networks OSS and Pronto Hotzone Gateway
Pronto has developed a standards-based, WLAN back-office solution that is Layer 3-based, enabling it to work with
any type of backhaul, including fixed wireless, satellite, cable, DSL, etc. Pronto’s solution is also compatible with
mesh technology, Wi-Fi switches and leading WLAN access points, enabling large areas such as common grounds
and stadiums to be covered and to maximize investments in existing WLAN equipment.
Pronto’s centralized architecture enable users to logon with the same username/password across campuses, and
can even allow users to be identified by the unique ID of their laptop or PDA. Institutions are able to recoup their
investment by charging different service plans to various user groups and by offering new services such as VoIP
and ad placements. Finally, the Pronto solution, can be leveraged for new applications such as a campus-wide
Key features of the Pronto OSS include:
Below is a brief summary of the key capabilities enabled by Pronto’s solution for the education
- Campus-wide coverage: Pronto’s technology is backhaul independent, enabling it to work with any
type of backhaul, including fixed wireless, DSL, cable, T1, and satellite. Pronto’s solution is also
compatible with mesh networking technology and Wi-Fi switches which can be used to provide Wi-Fi
coverage across large areas, such as common areas and stadiums.
- Co-Existence with Existing WLAN Equipment: Pronto’s standards-based, open solution is
compatible with WLAN equipment from leading vendors (such as Cisco and Proxim), allowing
institutions to leverage their existing investment in wireless infrastructure.
- Same User Credentials Across Campuses: Pronto’s centralized architecture enable students and
faculty to use the same user credentials, such as username and password, whether they are on the
main campus or a satellite campus. Full time students and faculty can also be automatically
authenticated by the MAC address of their laptop, PDA or phone, allowing them to securely gain access
to the network without having to logon each time.
- Subscriber Management, QoS Controls: Pronto’s solution enables IT staffs to monitor who’s on
the network at all times and to control access to the network. Pronto’s solution also allows for the
allocation of bandwidth at the user level and the ability to disable abusers of the network who may be
using a disproportionate amount of bandwidth or sending spam.
- Separate, Secure Network for Students/Faculty vs. Visitors: Pronto’s solution supports VLANs
and multiple SSIDs, effectively separating the network for private and public use. Pronto’s solution can
also allow full-time students and faculty to have greater access to institutional resources than visitors,
- Multiple Authentication Realms: provides Radius AAA and 802.1x support as well as multiple
authentication options through external sources, including Radius, LDAP, SMS, USB key based
authentication, Sun Identity Management solution, Virtual Network Operators such as AOL etc.
- Brandable and Easily Modified Splash Page and Information Portal: Pronto’s platform allows
the institution to brand the initial splash page and add walled garden links, or unauthenticated free
access to a select number of websites. This capability enables colleges/universities to develop a
customized resource center available to every student or professor when they logon. Links to the
February, 2005 Pronto Proprietary and Confidential Page 2
career resource center, libraries, concerts, and calendars on the initial home page provides a useful
informational portal to all users. Pronto’s technology enables these links and images to be updated
frequently and easily.
- VoIP, Surveillance and Other New Services: Pronto’s open platform can be integrated with VoIP
phone systems, enabling students/faculty to place VoIP phone calls anywhere on campus.
Colleges/universities can offer VoIP as an additional service to students to recoup some of the revenue
lost due to students choosing cell phone plans over traditional telephone subscriptions. The wireless
infrastructure can also be leveraged to improve campus-wide security, as security cameras deployed in
parking lots, labs, walkways between buildings, and public transportation waiting areas can use the
wireless network to transmit real-time images to a centralized surveillance center.
- Roaming Services: manages roaming agreements with telco carriers and major aggregators,
including iPass, GRIC and Boingo and offers Inter-WISP roaming. Provides integrated clearing,
settlement and reconciliation.
- Differentiable Service Plans to Maximize Revenue: Pronto’s service management features
enable institutions to offer different plans to full time students, faculty, continuing education students
and visitors. A college/university, for example, may decide to offer free access to full time students and
faculty but hourly plans for continuing education, or part-time students, and 90-minute plans or day
passes for visitors. Pronto’s solution has this pricing flexibility by user group, enabling institutions to
recoup their investment and even generate a new revenue stream from offering different plans. These
service level plans can be provided based on user Is, pre-paid card or guest access card, or credit card
The Pronto OSS can be installed on Linux and Solaris operating systems. The PHC and PHG run on Linux
and has several differentiating features, including:
Formatted: Bullets and Numbering
-Full-featured OSS/BSS for AAA, billing and network management
-Plug-n-play access device for easy deployment
-Ability to tier billing and customer service offerings for wholesale and retail customers
-Customizable splash screens per location (i.e., per gate)
-Quality of Service (QoS) controls for prioritizing various classes of users
-Roaming agreements with major aggregators and settlement and reconciliation functions
-Ability to integrate with 3rd party access points
-Advanced WLAN security features
Pronto’s technology was designed and is able to accommodate both large and small deployments, from airports to
cafées. Pronto’s technology was also designed for a cost-effective roll-out and management of these
networks.Pronto is capable of providing the following:Technical Highlights:
Plug and Play Installation and Enhanced Security
February, 2005 Pronto Proprietary and Confidential Page 3
The Pronto Hotspot Controller (PHC) is an intelligent, plug-and-play IP network access controller / router /
gateway for any number of external, third party Wi-Fi access points. The PHC directly connects to any
802.11b access point or router to support up to 100 concurrent connections per PHC. The controller hosts
TCP/IP network services as well as WLAN-specific access, security and other application services. The PHC
is self-configuring and remotely managed, with installation requiring only a broadband connection to the
The Pronto Hotspot Gateway( PHG) Software acts exactly as the PHC, though intended for larger
implementations. The PHG software can be installed on any hardware platform that supports RedHat Linux
AS 2.1. The number of concurrent subscribers supported can be scaled according the hardware
configuration. For example a standard 2MB RAM, 1 RU , 2 CPU system can support up to 2000 concurrent
Location Specific Branding and Content
Each location can present a uniquely branded user interface when the Wi-Fi client device connects to the
PHC/ PHG. The interface may also include a Web ‘portal’ through which users may access location-specific
information and other services without requiring authentication to the wireless network. The custom
interfaces are managed and updated centrally via the Pronto OSS. The LAN interface supports multiple
VLANs (upto 4096), and users connecting to each VLAN can be directed to its own splash page with a
separate set of service plans, authentication methods, walled gardens, etc. A sample splash page is shown
In a decentralized architecture, Pronto is able to customize the splash page and web portal seen by users
per specified location (i.e., per gate, check-in area, eating/drinking establishments, etc.) The web portal is
both designed and managed by PrDifferentiated Authentication Options beyond RADIUS
February, 2005 Pronto Proprietary and Confidential Page 4
Pronto’s OSS includes a Lucent Navis RADIUS server, Sun Application Server Software, an Oracle Database
as part of the OSS Software. The Pronto OSS also supports other authentication, authorization and
accounting (AAA) methods to manage access and billing of users. These could include authenticating
against even an external database, such as an external RADIUS database, or a institutions LDAP repository
that may contain the campus’ library user database, student records, etc. Credit cards, pre-paid cards,
monthly subscription plans and customized bandwidth usage plans are also supported for roamers and
visitors to the campus, whether they are temporary students or conference attendees, as well as roaming
settlements with aggregators such as Boingo, iPass, and GRIC, or other national or international roaming
partner that may choose to have an agreement with the educational institution.
Remote Monitoring of locations and Users (thru Firewalls and NATs)
The Pronto OSS Software allows wireless bandwidth to be segmented and metered out on a per-user basis
at each location. The QoS levels can be mapped to specific service plans. For example, faculty users can
be given a dedicated, high-priority portion of the total bandwidth while all public users share the remaining
bandwidth at a lower priority. Connectivity for all users connected to the location, and the PHC/ PHG itself,
can be monitored from the NOC.
The PHC/PHG sends a message periodically to the NOC communicating its health. This information
includes currently authenticated users, network traffic parameters, and other configuration information. If
any faults are detected, alerts at the NOC trigger troubleshooting and diagnostic activities to ensure that
there is minimum disruption of service. If needed, the PHC or 3rd party controller can even be restarted
Pronto is capable of providing wholesale users higher priority on the WLAN network by isolating bandwidth
for these users, while allowing retail users access to the remaining bandwidAn extensible architecture to
integrate with other commercial packages for Billing, Trouble Ticketing, and Customer Care
Flexible Billing for Wholesale and Retail Users: Pronto has the ability to bill retail users via their credit
cards for ad hoc usage and wholesale users via monthly invoices. Pronto’s solution is already technically
integrated with the three major aggregators: iPass, GRIC and Boingo. Pronto also has the capability of
billing by throughput (i.e., by packets or MBs.)
Pronto OSS Software– Description of Features
In the following sections, we present an overview of the capabilities of the Pronto OSS. These sections are
designed to give the user a summary of all the features. The areas covered are:
Network coverage and architecture flexibility
Service Selection and Location branding options
Access Controller / Gateway Features
Access Point and other Location-based hardware features
Network and Service Management, and QoS features
Fulfillment, Service Level Assurance, and Billing Integration capabilities
1. User Experience
February, 2005 Pronto Proprietary and Confidential Page 5
The Pronto OSS supports client devices without requiring any configuration changes by the user. Thus, even if the
client device has built-in network settings, the PHC/PHG accommodates the user’s settings, greatly enhancing the
user experience at the location.
Users attempting to access the Internet are presented with a portal or splash page. The portal page gives the user
the following options:
(a) He can enter the one-time password from a printed voucher;
(b) He can create a new account with a user name and password of his choice;
(c) He can enter a user name and password.
(d) He can visit websites in a location-specific “walled garden” without needing to authenticate.
Alternatively, the user may log on to the network using a roaming partner’s “smart client”. Smart clients provided
by Boingo, GRIC and iPass are currently supported.
If the user is authenticated (via the portal page or using a smart client), his web browser may display another
redirect page, which may be specific to the location or his roaming partner. If no post-authentication redirect page
has been set up, the user sees his home page. At the same time, a pop-up window appears with a “log out” button
and, if the user is using any form of pre-paid account, and the counter reaches zero, his session is interrupted and
his web browser displays the portal page again.
The system allows the user to use the service even if the client device is “misconfigured” for the location. The user
is able to associate to the network and continue using his IP address setting that may be misconfigured in his client
device. If IP address settings are for some corporate statically assigned IP address, the solution will continue to
work with that IP address. No new DHCP IP address will be issued to that user. The solution does not require any
change in network settings of a laptop as long as it can associate with the network. More explicitly, no change in IP
address setting, DNS setting and browser settings are required. Essentially, the solution should work with private
DNS settings and browser proxy settings of the laptop.
The following are common scenarios that are addressed by the Pronto OSS:
(a) Wireless device has fixed IP address which may be incompatible with the DHCP address range in use at the
location and may be the same as the fixed IP address of another customer already connected at the same
(b) Wireless device is set to use fixed DNS servers which are not accessible from the location (e.g. they are
located behind a corporate firewall);
(c) Wireless device is set to use a proxy server which is not accessible from the location.
Once authenticated, the user is able to access the following services:
WWW including web-based email and e-commerce sites
POP3 email services
Corporate email/scheduling/data management services based on Microsoft Outlook/Exchange and Lotus
Users can connect to the network over various types of interfaces (802.11a/b/g, mesh router). The organization
can provide subscribers various authentication methods (username/password, prepaid, ext RADIUS, SMS, LDAP
repositories, etc), while serving all hotspots locations from a single server with centralized user management and
centralized pre-paid card management.
This centralized mechanism includes centralized billing and invoicing, and account management and registration
2. Network Coverage & Architecture choice flexibility
February, 2005 Pronto Proprietary and Confidential Page 6
Pronto’s OSS enables flexibility in terms of the network used for deployment. The Pronto OSS features user level
service plans that can be allocated globally at the highest level without requiring individual location configuration.
In addition, location specific price plans based on time of day can be super-imposed. Each location can be
configured to easily have multiple service offerings.
The Pronto OSS allows maximum flexibility in terms of network topology and service delivery options. These
a. The Hotspot is behind corporate firewalls owned by external entities where the organization may or
may not have access to manage or change the configuration. The Pronto OSS can be deployed
independent of the type of IP backhaul connectivity available at the location. These include:
i. Static IP address available at the location
ii. Dynamic IP address assigned at the location (cable modem or private network private IP
b. The solution features centralized billing, settlements, and other core back office functions. The Pronto
OSS allows the organization to manage all the elements in the network from a central NOC. These
management functions include:
i. Service management – Service Plans, Price plans, Location branding, etc.
ii. Network management – Network Monitoring, Network Diagnostics, User Management, and
iii. Centralized Authentication, Billing, and Customer Relationship Management
c. Business Model Flexibility
i. Wholesale/Retail models - Organizations can allocate portion of the software to other
wholesale WISPs or customers, while retaining control of network operations functions. These
WISPs scan be permitted to setup franchises and manage the business processes for their
portion of the network.
ii. The solution offers commercial flexibility in agreements between organization / franchisee /
iii. The following types of Roaming and Settlement capabilities are supported.
1. Unilateral roaming – All subscribers can roam within a Hotspot Network
2. Bilateral roaming – Solution enables sharing of subscriber information for roaming with
a contracted external organizations who have their own Hotspot network
3. Aggregators / Clearinghouses roaming – Support for aggregators and clearing houses
such as Boingo / iPass / GRIC, etc is required.
3. Service Selection and Location Branding options
a. Multiple authentication choices are available for the subscriber.
b. One can setup various types of prepaid accounts (online/offline)
c. Multiple WiFi Service options are provided.
i. Service usage can be charged according to a variety of units, schemes and rates.
ii. Service can be defined as transaction rates, period rates and ‘annual’ rates.
iii. Billing can include time based or volume based billing and can provide bill view enquiry of
charge details. Accounts are made invalid once exhausted.
iv. Hotspot billing allows subscribers to sign up instantly to Public Wireless LAN services through a
on-line registration process.
v. It also provide facilities like
1. sell one-time password access,
2. produce and use prepaid vouchers,
3. give commissions to affiliates and locations
February, 2005 Pronto Proprietary and Confidential Page 7
vi. OSS supports pre-paid vouchers that can be purchased online through a secure portal, with
flexible validity periods of time determined by the organization or through offline printed
vouchers. This flexibility includes:
1. flexibility of use
a. subscriber can use blocks of time adding up to a limit determined during
b. subscriber is required to use in a single contiguous block of time
2. should expire at a time determined during generation of the vouchers
vii. Supports differential billing rates based on service, location, customer type, and time of day.
viii. Two billing models are supported viz. pre-paid and a post- paid model.
d. The Hotspot management system is capable of generating bills centrally while addressing access of
WLAN services over geographically different locations.
e. Billing can be integrated with Property Management Systems, e.g. Micros Fidelio Property
Management Systems ; enables the guest to pay for the WiFi service on his Hotel bill, etc.
f. The Hotspot management system can interface with other billing applications through APIs
g. End to end prepaid management with voucher generation, assignment, commissioning, with zero
leakage enforcement and id-session disconnect.
h. Subscription based services including recurring fees and usage fees.
i. Credit card clearing
j. Flat rate or usage based rating (time, volume)
k. Charge based on time of day /day of week.
l. Capable of providing detailed, customizable invoices and session reports.
m. Organizations can create a customized offering that combines web based account activation, account
refill using vouchers, etc.
n. Pre-paid account balance management: Once a transaction is complete, the balance usage level in
user account is calculated based on business rules and the balance limit will be updated. The system
helps the user to view the balance usage level for each subscriber. A follow-up scheme helps to define
the course of actions to be taken whenever the usage level of a subscriber crosses user defined
o. Service offering based on SMS messages. Integration with cellular network for authentication based
on SMS message, wherein the authentication codes are provided realtime based on SMS messages,
and the billing is integrated with subscriber’s cellular phone bill.
p. Service offering flexibility in using other means of authentication
i. External subscriber databases, RADIUS, LDAP and others (In some cases, additional post-
installation integration is required)
ii. USB key based authentication
q. The OSS provides a comprehensive range of reports gives details of sale, usage, payment and
accounting, dispute handling, statistics and allows different types of searches to retrieve information
from the system. The software supports preview of reports before printing.
r. Location based service offerings
i. common network wide offering of service plans
ii. can have location specific packages (branding + price plans + time of day)
s. Multiple splash pages are supported – Different sets of users (on different VLANs), can be configured
to receive different splash pages, and hence different service offerings, based on which SSID/VLAN
they are associated in the WLAN network.
4. Access Controller / Gateway Features
When a subscriber’s 802.11 wireless modem detects any Wi-Fi SSID in the network the user can configure his
device to associate that wireless modem with the SSID broadcast. After the radio acquisition is complete,
connectivity at the IP layer is attempted. This process is determined by the network settings of the client device.
In most cases, this would be a DCHP request for an IP address. Such a DHCP request can be serviced by the
February, 2005 Pronto Proprietary and Confidential Page 8
PHC/PHG. However, if the subscriber has static IP settings pre-configured in the device, then these would be
automatically accommodated at the PHC/PHG.
The subscriber can ensure the security of the wireless session between the client device and the network by
establishing a secure VPN session using pptp or other protocols. These secure sessions can be terminated at the
In all the cases above, the subscriber’s username/password is used in the establishment of the secure VPN tunnel.
There is a side effect, however. Since the packets between the client device and the PHC/PHG are now encrypted,
this affects the performance of the user’s session.
During the above process, the Wi-Fi service delivery network would have associated an IP address with the client
laptop’s MAC address; or more precisely, the MAC address of the Wireless 802.11 card. This visibility to the MAC
address and the association of a specific subscriber to this MAC address now opens up various service management
and subscriber management capabilities.
When the association with the client’s MAC address is registered at the PHC/PHG, the network can now be
configured to offer MAC-based authentication to subscribers. This would enable the employee’s client devices to
automatically authenticate in a secure manner across the entire organization. Subscribers that are authenticated
based on their MAC address do not have to go through a username/password authentication process. In either
event, MAC based authentication or username/password authentication, and the client device is now visible at the
NOC. This enables NOC technical support personnel to monitor subscriber Wi-Fi usage, and provide enhanced call-
Capturing a user’s MAC address enables subscriber identification, subscriber monitoring, and differentiated options
for service plans .Besides MAC based auto-authentication, the Pronto OSS offers the ability to require
authentication to additional mechanisms.
For visitors to the organization, the solution enables the user’s outgoing emails to be re-routed to an SMTP server
provided by the organization (in case the user’s default SMTP server is inaccessible or will not accept messages
from the location). The system also allows the user to establish a successful VPN session between his wireless
device and a corporate VPN server, even if other members have already established VPN sessions at the same
February, 2005 Pronto Proprietary and Confidential Page 9
The solution also supports employees of the location or other internal users at its wireless locations to
automatically login. The following authentication options for internal users are also supported:
(a) Transparent authentication based on MAC address;
(b) Transparent authentication based on Windows user name and password;
(c) Transparent authentication based on MAC address plus Windows user name and password;
(d) Authentication based on user name and password entered in portal page;
(e) Authentication based on MAC address plus user name and password entered in the portal page.
Access Control Lists – The Pronto OSS allows the organization to define specific IP addresses at each location that
do not require authentication.
USB Key based authentication – The Pronto OSS supports USB-key based authentication, where the
username/password credentials are configured onto a USB key shipped by the organization. The user simply
inserts the USB key into his laptop, and attempts to browse the Internet. The Pronto OSS detects the presence of
a USB key, checks the credentials against its central database, and allows the user without him having to enter any
keystrokes. The USB key can be suspended/activated/cancelled, etc. from the OSS.
VLANs – The PHC/PHG can be configured to support multiple VLANs on its LAN interface. This allows the
organization to offer different captive portals, splash pages, and associated service authentication options to each
5. Network and Service Management Features
The Pronto OSSTM has fault monitoring capabilities that are designed to support OSS requirements for network
operations management. The OSS monitors controller PHC/ PHG heartbeats from each of the locations under its
purview. The internal database support of the OSS allows for extensive data gathering and record keeping. At a
time interval defined at the NOC, each PHC/PHG periodically sends an autonomous message to the OSS. Because
this message is sent through the SOAP/SSL protocol exchanged between the PHC/PHG and the OSS, it is
impervious to firewalls and dynamically obtained IP addresses that can provide configuration and monitoring
challenges for the NOC personnel. These periodic messages provide valuable information related to the health of
the network element, and also provides performance and service assurance information related to users connected
to the controller at the location. These remote monitoring capabilities are crucial for the management of a Wi-Fi
When a controller status degrades below acceptable levels, the OSS can respond with a message (payload)
containing reboot instructions, user logoff commands, software upgrades, and the like. The OSS can also be
configured to notify the appropriate personnel of the alert.
The design of the heartbeat/payload response cycle allows the OSS to maintain controller operational health
regardless of the remoteness of the controller location or the local network security configuration (firewalls, etc).
Finally, this mechanism also allows the Pronto OSS to monitor access points that may be subtending from the
PHC/PHG at the location. Users’ connectivity to these access points is also monitored at this layer of the software.
The OSS is also designed to support network management system extensions to support SNMP. This enables
external management systems to perform typical enterprise management tasks on additional access points that
may be subtending from the PHC/PHG.
The NOC records heartbeat monitors that report the status of each controller. These reports can be customized for
NOC and WISP or Customer level users with defined roles granting appropriate levels of access to view the usage
levels and status of each controller over which they are responsible. Whenever a controller experiences out of
tolerance conditions, the OSS responds by either correcting the condition directly (payload downloads) or by
notifying the appropriate technical support personnel who can respond to the condition.
February, 2005 Pronto Proprietary and Confidential Page 10
Network configuration management provides the flexibility to meet the varied needs organizations. The Pronto
OSS is designed such that the only requirement for a controller to connect is that it be able to obtain an IP
address. For operators who need network devices to have static IP addresses, the controller can be configured
with a static IP address. For operators relying on PPPoE, the controller can be configured to obtain its IP address
using PPPoE. However, for the majority of hotspot operators, especially those with little or no network
infrastructure at the hotspot location, the controller obtains its network access through DHCP, providing
connectivity at a reduced cost. The common goal of this design is to achieve a high degree of reliability when the
controller is connected and turned on by non-technical staff. This auto-configuration capability is essential to
meeting the needs of the typical hotspot operation.
Once the controller comes on line and connects to the OSS, the OSS downloads the appropriate configuration for
that controller. At this point, the controller, capable of supporting multiple SSIDs simultaneously, can start servicing
the log on authentication requests from RADIUS, SMS, LDAP, Boingo, iPass, and GRIC users.
In addition, during initialization, the service profiles including the location branding, white-listed sites, walled
gardens, etc. are also downloaded to the PHC / PHG. These service management features, allowing differentiated
services, are thus provided during PHC/PHG initialization at the location.
The OSS creates a stateless network edge management environment wherein a variety of servers provides the
appropriate services to edge devices (controllers). From the controller perspective, the connection is plug and play.
This combination of ease of use and flexibility allows Wi-Fi deployment in environments that would otherwise not
be possible or economically practical.
Pronto’s OSS supports Quality of Service guarantees at the User level by allowing the Organization to enforce SLAs
on upstream and downstream bandwidth rates (minimum and maximum). The minimum rate defines a sustained
level, and the maximum rate sets the peak level. Any number of SLAs can be defined. The values of the
bandwidth rates can be set by the organization on a per PHC/PHG level.
A brief description of the QoS implementation is provided here. The QoS parameters are defined at the service plan
level in the OSS as an SLA. It is enforced locally at the Pronto Gateway (PHG) level by the IP address of the
subscriber. In the Controller Management section of the Pronto OSS, one defines the uplink/downlink bps on the
WAN interface of the PHC/PHG. Typically, in the campus environment, the downstream bandwidth is the key
value, since we are primarily concerned about Web browsing.
Specific Users can be assigned to a specific Plan. Plans have SLAs associated with them. SLAs have
min/max uplink and downlink bandwidths defined to them. SLAs also have an override option where the
NOC admin can define whether additional subscribers are allowed to enter the network. For example, for a
visitor user, the SLA of min 28K, max 56K, could be deployed. For a faculty user, they might have a min
56K, max 256K SLA, but it would not usually be enforced as you might want the faculty to always have
access to as much bandwidth that is available at that time, even though you may not be able to meet the
56K minimum guarantee.
When multiple users connect wirelessly, the SLA they have been assigned is enforced, getting at least the
minimum bandwidth or if permitted as part of the SLA, they can burst up to their maximum bandwidth.
The key to remember is that SLAs are determined by the type of user logging in, not by allocating the link
bandwidth to different SLAs. For example, if all visitor subscribers logged in, they would all be enforced in
the example above, and if all faculty users logged in, then it is first come first served for the minimum
February, 2005 Pronto Proprietary and Confidential Page 11
Traffic Management is implemented at the PHG/PHC and it includes:
SLA mapping to the defined partition
Bandwidth partition will be of four types:-
1) Bounded: A partition can not borrow from any other partition. Thus, if a partition is bounded, then
users of this partition are restricted by bandwidth allotted to it.
2) Unbounded: A partition can borrow from other partitions, subject to availability.
3) Isolated: A partition does not allow other partitions to borrow from it. Thus, if users of this type of
partition are not using the bandwidth, then that BW would go waste.
4) Shared (or not isolated): A partition allows other partitions to borrow from it. This would result in
practically no wastage of the bandwidth when there is a demand for it.
This bandwidth partitioning done at the WISP level can be by percentages or actual bandwidth. This allows the
system to apply different treatment strategies to different flows (session) of Internet access, e.g., a product plan
can attach different bandwidth limits to applications/services being used. For specific services like emails (POP),
browsing (http), download music (ftp) and talking to another remote user (VoIP), each of these services can be
assigned their own SLAs (Bandwidth limits) simultaneously.
This is how the PHC/PHG behaves in a standalone environment. One would have to understand how the other
parts of the network behave in order to design the most optimum solution from a network perspective. This QoS
implementation will evolve to have multiple queues that can be prioritized per traffic management standards.
The PHG can also support 802.1x and web-based traffic. If there is a service realm associated with an 802.1x
authentication request, then it would become part of the QoS. One would not need the PHG/PHG for
authentication per se, but one would use it for QoS, but for management of the throughput of the gateway. The
PHC/PHG is designed to provide QoS over a congested/contentious network interface. The Pronto QoS
mechanism, coupled with the Nortel AP architecture can be of tremendous value in providing secure, reliable SLAs
in a mixed use network for educational institutions.
Additional NOC functionality includes:
All GUI interfaces are web-capable and usable by non-specialists, although access to configuration menus
and private data is limited to authorized users. The organization can allow location partners and
retail/wholesale organizations to access reports covering their locations/customers on-line without being
able to view reports relating to other location partners/organizations
RADIUS-based AAA server is built into the OSS Server.
Network management, maintenance and configuration of access points and gateways installed at remote
locations. This includes the ability to perform any configuration that can be performed locally, including
Billing, provisioning and CRM. This includes the ability to bill organizations on a wholesale basis, and
handle vouchers and credit card payments; the ability to query and amend customer records to deal with
common enquiries (e.g. lost passwords, usage and payment disputes); and the ability to produce
management reports (e.g. usage in period, usage by location, usage by organization).
6. Pronto Customer Deployments – Access Points connected to PHC/PHGs in the field
In Pronto’s existing deployments, the following WiFi access points, Wireless Mesh Routers, and other Wireless
elements have been used. In all these cases, these elements are connected the LAN interface of the PHC or PHG
at the location. This is not intended to be a comprehensive list, just a recent snapshot of Pronto’s deployments.
- Netgear WG302, ME102, ME103
- D-Link DWL-1000AP+, 900AP+(3.07b1), DWL-7200
- Linksys WAP54G
February, 2005 Pronto Proprietary and Confidential Page 12
- Proxim AP-4000, AP-2000, AP-600, AP-700
- 3Com 7250 AP
- Cisco Aironet 350
- Cisco Aironet 1200
- Cisco 1231
- YDI – Ether-Ant Type III and AP Plus devices
- Tropos – External 5110 and Internal 3110
- Nortel – 7220, 7215, and 7250 Mesh Networking Equipment
- Vivato – VA2200 AP/Bridge
- Engenius – AP NL-3054CB3 Plus Deluxe, NL-2611 CB3+
- Valuepoint SuperAP500 IA18
7. Subscriber APIs
Pronto OSS customers can augment the basic Internet access and VPN service with value-added services, such as
Email integration in this platform, using Subscriber APIs available in the Pronto OSS.
Real-time information related to subscribers is always at a premium for a service provider. There is always a need
for the subscriber related information entered in one application in the service provider’s domain to be available to
the other operational and business processes and systems existing in the service provider’s network.
Pronto’s Subscriber API capabilities are designed to address this requirement. The Subscriber APIs are used to
provide a communication interface between the external applications used by the service provider to the end user,
such as customer care systems and billing systems, and the Pronto OSS to provide a seamless usage experience to
It consists of the interfaces and implementations required for exporting and importing customer related data to and
from external vendors. The primary features are:
Support for Import and Export of Data from Multiple User Types – Pronto’s Subscriber APIs
provide support for exchange of data of multiple user types at the WISP end, e.g. customer profiles,
payment options selected, etc.
Open Standards Based Communication - Pronto’s Subscriber APIs provide Open Standards based
(WSDL/XML Based) communication between the external applications and the Pronto OSS.
February, 2005 Pronto Proprietary and Confidential Page 13
8. Firewalls, Spam Filters, Content Filtering, Anti-virus add-ons
Pronto Networks’ customers have successfully used the following products for various add-on capabilities in
conjunction with the Pronto Hotspot Networking Solution. The features provided by these products include
integrated firewall, antivirus, content-filtering, intrusion detection and prevention, anti-spam, etc.
Sonicwall – TZ170, SoHo3
Fortninet – Fortigate60, Fortigate100a
Controller detects virus infected end user/s and isolate/disable them from the network. This is achieved by defining
an SLA for ACL’s, White-listed Sites and Virus Infected Clients. This information is sent to the PHC during the
February, 2005 Pronto Proprietary and Confidential Page 14