A Proposal to <Client Name> Wi-Fi Hotspot Services (A Managed Service Offering) Presented To: <Client Name> Presented By: Pronto Networks, Inc. Executive Summary Pronto Networks is pleased to offer its UniFi OSS MSP services as a response to meet the requirements as stated in the RFP from <Client Name>, for providing city wide municipal wireless system to service the needs of general public, business users, city workers or government employees and visitors. Pronto Networks offers it’s unique capabilities of designing, building and management of a secure and user-friendly Wi- Fi network resulting in staggeringly reducing the operational cost of <Client Name> and hence meeting the requirements of the city. As the leading provider of “mixed- use” service control platforms and Wi-Fi service delivery platforms in the Muni wireless space, we have proven ourselves in similar Wi-Fi deployments throughout the world. Pronto Networks provides an end to end, integrated solutions platform that enable service providers to deploy and manage large wireless networks, including 802.11b/g Wi-Fi, 802.16 WiMax, Mesh Networks, Hot Zones, and next generation wireless networks. The Pronto UniFi OSS is the back-office server software that handles all aspects of the WLAN service provisioning, authentication, and authorization & accounting (AAA), billing, credit card processing and customer registration functions for a public access Wi-Fi network. The UniFi OSS remotely manages all controllers in the network from the Network Operations Center (NOC). Pronto offer its unique capability in meeting the requirements of the <Client Name>, which will help stimulating the economic development and promote business within the community. The mesh Wi-Fi network system will provide comprehensive, street level Internet access and serve as a community wide platform to increase the level of Public Works, Public Safety and Public Access services. Pronto’s UniFi OSS solution also supports a “drinking fountain” model to serve underprivileged communities, providing them with a thin Internet pipe for basic access, whether they are free or supported using context sensitive advertisements. These features are tightly integrated with other Ruthless Pre-emption traffic management features required to support Public Safety and Public Works requirements. Pronto UniFi OSS is a modular, multi-tier platform that includes feature-rich components for: Service creation, activation and maintenance of hotspot and Hotzone locations Implementation of network policies (QoS) and session monitoring capabilities Authentication, Authorization and Accounting (AAA), multiple authentication realms and roaming options Customer care, billing, and payment processing capabilities In this solution, Cisco offers WLAN indoor and outdoor mesh equipment. It offers intelligent wireless mesh solution for mixed-use network deployments where both public safety agencies and residents utilize services on a common wireless infrastructure. The solution is engineered for ease of deployment & management using identical indoor/outdoor management based on LWAPP. The Cisco mesh solution is self-configuring and self-healing. The solution uses zero- touch configuration and uses Cisco’s new adaptive wireless path (AWP) protocol. The solution provides robust embedded security and seamless L3 mobility. The Pronto Cisco joint solution provides the following capabilities: Location based services Enhanced customer service options “Mixed – Use” Networks Different SLAs for different services Support for varied business models - wholesale access, drinking fountain model, free/fee based business model Varied go to market choices – Build for municipality, ISPs and Build own operate model. The solution enables different class of users to have access to ubiquitous, reliable wireless broadband Internet service. The UniFi OSS will help in easy implementation, operation and maintenance of a Wi-Fi hotzone network system to provide wide-range Internet access at all the identified areas. UniFi OSS solution is ideally suited for deployment of Wi-Fi services for a mixed-use network that combines Public Safety requirements with Public Access requirements. Pronto can provide secured access with multiple authentications to varied class users, QoS to every user on the network, a redundant and a scalable network etc. The desire of providing different levels of service to different class of users will also be fulfilled. The Pronto UniFi OSS is an open architecture, standards-based, turnkey Wi-Fi service delivery solution that enables rapid, cost-effective wireless broadband deployment while reducing ongoing operational costs. Our advertisement-supported business models provide municipalities with the options to tap into a revenue stream by offering context-sensitive advertisements on the pages visited by the user. The UniFi OSS has order fulfillment, service assurance and billing capabilities that an Internet service provider requires to operate a network efficiently and allows them to provide differentiated service management through customized location branding and unique realm based service authentication mechanisms. Pronto Hotzones Managed Services Offering: Pronto Networks hosts the OSS software for its MSP customers under its Hotzone Managed Services offering. Under the Managed Services option, Pronto provides all the back-office operations for customers, including 24x7 network management and 24x7 call center support, leveraging its leading OSS software platform. Network infrastructure, installation and commissioning of the network at the locations, etc. are outside the purview of Pronto Networks in this scenario. The highlights of the offering includes shared hosting of the OSS software on the server at our NOC, login page customization, provisioning and activation of service, round the clock remote network management, guaranteed uptime for services, upgrades of the software and training. Below is a description of the services provided as part of Pronto’s Hotzone Managed Services. This offering is covered as part of Pronto Managed Services Agreement. 1. OSS Software: Pronto hosts its OSS software for its customers at its Network Operations Center (NOC) in California, USA. The OSS software is included as part of the service. The software provides all the back-office functionality required to run a public Wi-Fi service, including provisioning, configuration, authentication, access control, security, pre-paid and post-paid billing, remote network monitoring and management, and roaming partners and clearing house services. 2. Server for OSS Software: Pronto owns the high-end servers on which the OSS software is hosted. The client is not charged for the NOC hardware. 3. Gateway/Access Points: Pronto Networks will help procuring the wireless access controllers/gateways. The customer is also responsible for any additional hubs, routers, third party access points, cabling, and other hardware required for each deployment. 4. Backhaul Connectivity: Pronto does not provide backhaul connectivity (such as T1, DSL or cable) to the venue. The venue or the customer typically absorbs this expense. 5. Installation: Pronto does not provide wireless network design, site survey or installation services as part of its Managed Services. The customer is responsible for these activities. 6. Service Provisioning: Pronto assists the customer in provisioning the service by performing the following activities for each deployment: a. Setting up the franchise and location information (i.e., network, payment, and contact info.) b. Pre-configuring the Pronto Hotzone Service Gateway and/or Pronto Service Controller c. Setting up authentication realms and associated Quality of Service (QoS) service plans d. Customizing the splash page & walled garden sites e. Setting up guest accounts and passwords These services are included as part of the Managed Services. If the customer chooses the OSS software option, these services are quoted separately as part of Pronto’s Professional Services. 7. Ad-revenue based Business Models: On the MSP platform, we also offer our customers the option to include some level of advertisements that are offered on the login page, as well as all other Internet pages that are downloaded by the user. These advertisements are context-sensitive; the type of advertisement depends on the type of site visited by the user; and can be configured to be offered to all users, or a smaller set of users, e.g. free users. 8. Network Management: Pronto operates a NOC 24x7 for the purpose of monitoring and managing the Wi-Fi network. Pronto guarantees 98% availability, except for network availability issues outside the control of Pronto, such as problems caused by the customer, users, Internet backbone providers, or electrical blackouts or brownouts. Pronto uses its best efforts to correct any errors within its control. 9. Firmware/Software Upgrades: Pronto provides, at no extra charge, periodic firmware/patch upgrades to all Pronto equipment managed under the Managed Services. Upgrades typically occur once or twice every year. 10. Field Maintenance: In the case where a technical problem cannot be resolved via telephone trouble shooting, the venue may require an on-site trouble call. Pronto does not provide on-site maintenance services in either its Managed Services or OSS software offering. These services are typically provided by a national field services organization, or by the WISP. 11. Call Center Support: Pronto provides multiple options for end-user support under its Managed Services offering. These include a best-effort toll free customer support line, or a planned and defined customer support center, customized based on the requirements. These offerings include consideration for hold times, dedicated customer support telephone lines (toll-free or charged), etc. 12. Training: Pronto provides one three-hour training session on the OSS and the Customer Portal to the customer. The Customer Portal is a web-based interface that allows the customer to monitor the usage and revenue generated at each location. The main features of the Pronto Networks solution include: Support for logical segmentation of the network using VLAN’s and different QoS for different class of service, which can be created using the same network infrastructure. Co existence of free as well as fee based access Options for an ad-revenue supported network to include context-sensitive ads for some users and advertisement-free access for other premium users Seamless experience for in motion users with accurate accounting and billing capabilities Support for a advertisement-supported model Support for various value added services including voice over IP, city safety using video surveillance, and field staff access etc. Traffic prioritization and QoS capabilities to meet requirements across varied class of users Support for mixed-use applications, ranging from Public Safety to Residential, Visitors to Employees Customizable classes of services and traffic QoS based SLA guarantees Turnkey subscriber and customer management platform, a customer self- registration portal, with integrated credit card payment gateways and integrated billing Basic Outdoors Wireless Service The mesh network has to be engineered accordingly to ensure the bandwidth throughput requirements. Government and public safety wireless service The mesh network provides police vehicles an unprecedented access to headquarters critical law enforcement applications. Using laptops in their own vehicles, an immediate enquiry can be made to their own traffic department database, using intranet. This will help in law enforcement e.g. amber alert systems etc. From anywhere in the hot zone, officers can now download the details of any specific vehicle, including high-resolution photos. Every officer will be given a login credential. It facilitates to connect through the database while on the move with any 802.11b/g access device (Laptops/Wi-Fi phones). The access to the real-time data in the field allows traffic police to respond more quickly during emergency situations. Officers will have access to security cameras and hence will be able to monitor city’s strategic points. The network operates entirely on unlicensed spectrum, provides a significant return on investment. In video surveillance application, police will be able to view live video footage on laptops, divert traffic and organize evacuations. Emergency medical workers can send medical data to hospitals while en route and know ahead of time which hospitals can accommodate more patients. These devices will be bought by the police department and will be treated as an access device. The solution supports logical segmentation of the network using VLANs, and using Service Realms within the VLAN, and different QoS for different class of service. This enables the network to be separated for both public safety and public access use. General System Characteristics Support multiple usage classes Pronto’s UniFi OSS solution supports different class of users in the same VLAN. In the same VLAN the wireless Internet service provider can setup various service plans for various user segments. For e.g. residents with plans that include access to limited applications on flat monthly subscription basis whereas businesses may be offered with a plethora of applications like VOIP, video on demand etc. Solution can offer quality of service (QoS) controls for prioritizing various classes of users Pronto’s broadband wireless platform supports VLANs, which enable the network to be separated for both public and private use. Partitioning of the wireless network enables service providers to further classify the offering by segregating certain class of customers to have their own separate partition. Thus there can be a separate network, service plans, and quality of service for citizens, business, education, travelers and government users, while sharing the common infrastructure. Every VLAN will be associated with an SSID. Multiple SSIDs and thus multiple VLANs can be assigned to the same gateway in various situations. Some of these SSIDs could be hidden, e.g. for auto authentication for the Public Safety users etc. The UniFi OSS facilitates WISP to design multiple service plans/offerings on the same VLAN. This is known as captive portal page. Multiple VLANs can be supported with a customized Login Page per VLAN. Even within a single login page, i.e. the same VLAN, the system can simultaneously support different types of users. Simplicity Users can connect to Wireless LAN system via the access points deployed in various locations. Service provider will create multiple VLANs to bring the user’s Internet traffic to a central location. The WLANC will be deployed at the central location to handle authentication requests from all the locations and provide common gateway to the Internet. The WLANC will display a welcome page where the user can enter the prepaid card details. It will also authenticate the guest and allow full access to the Internet for various Internet services like email, chat, VPN, Internet games etc. Multiple authentication methods can co-exist in a service provider environment, thus provide simple “get on to the network” options to users. For example, postpaid corporate users with security requirements would prefer 802.1x client based authentication whereas pre auto MAC auth would be the best allow access without having to enter the Username and Password even for the first time access. A list of MAC IDs is previously entered into the database in this above case. Service Levels Basic Outdoor wireless service: There are numerous service offerings that can be defined. These include a free – but registered (policy acceptance and initial customer ID) – service access, or paid access. The "drinking fountain" model, offers each user, regardless of their ability to pay, at least a minimum amount of bandwidth. This will fulfill the City’s desire of providing free access to citizens and visitors for casual usage. Here, with the help of Pronto’s platform initial splash page can be branded across all franchise locations and by each individual location. The images on the splash page can be updated easily and frequently, allowing venues to modify the user interface to reflect new specials or promotions. The advertising revenue that can be generated from here will help in subsidizing the cost of access in guaranteed indoor wireless service or will help defer on-going cost to the town and will subsidize free access to everyone. Government and public safety enhanced service: As mentioned, with the help of VLAN feature network can be logically segmented to support different domains of users (secure access by govt. employees, secure/open access for public users, students, business users etc. Public safety users will have prescribed level of bandwidth guarantee (QoS) and an unbounded partition for their VLAN. The VLAN will be associated with an SSID. To auto authenticate the government and public safety users, this SSID could be hidden. Guaranteed indoor wireless service: A) High level of network and throughput within buildings Pronto N/A B) Subscription / Fee Pronto Networks Response: Pronto complies with the requirement As per the desire, <Client Name> can offer other wide range of options to the customers in terms of speeds and rates, which can be accommodated in multiple ways with Pronto’s UniFi OSS Platform. For example, the city may choose to offer the Wi-Fi service on a flat fee basis to few specific customers, but charge other customers on the basis of their usage. Pronto’s solution also has the capability to support pre-paid cards in addition to subscription plans. With this option, Pronto can provide passes of various combinations in the form of printed vouchers, and offering users the option of purchasing access cards online for 30 minutes, 1 hour, 2 hours, or any other predetermined period using their credit cards, and the MSP’s online credit card payment processing gateway. Advertising allowed Pronto solution has the capability to customize the login page and web portal seen by users on a specific location basis (i.e. in citywide deployments, hotels, resorts, other eating/drinking establishments, etc.). The users at a particular location will be presented custom branded welcome pages when they login. This option is present in our UniFi OSS software. Customer can advertise (walled garden links etc), display news or can make announcements, also the wireless Internet service provider can provide a list of price plans offered at that particular location. Hence a WISP can provide location specific service plans and other customized offerings. Pronto, as part of its MSP service, provides an option to insert context-sensitive advertisements that run on top of the page visited by the user. A sample is shown here. The advertisements are usually relevant to the user, and the ads can be configured to offer users the option to “opt out” of viewing such ads by subscribing to a different service plan that may have been defined to be “ad-free”. C) Based on the number of pages visited, and based on the number of “click- thru” by the users, a certain amount of revenue is accrued by the municipality that can help in subsidizing the investment in the Wi-Fi service and other portions of the infrastructure. Quality of service Pronto Networks Response: The solution offers different bandwidth guarantees to different type of user. QoS management allows bandwidth partitioning and corresponding SLA mapping. The SLA will include what services a subscriber can access. For example - visitors, employees, public safety employees, free users, virus-infected users etc. can be provisioned for different bandwidths and sets of SLAs. Traffic management is implemented at the PSG and it includes: Bandwidth partition SLA mapping to the defined partition Enhanced Security Our solution will be responsible for the protection of the network resources, the integrity and privacy of the information being interchanged, which expressly includes the means for authentication, access control, integrity, confidentiality, and the administration of the accounts. The UniFi OSS provides security at the IP layers, and the security mechanisms in place are related to the OSS’s handling of user credentials (done thru secure ipsec links), and the options available for the user to setup and use VPN tunnels. We support MAC address filtering also 802.1x and EAP protocols are supported as part of our integrated NAVIS RADIUS server in the Pronto OSS. Solution Supports security features such as Radius AAA and 802.1x support as well as multiple authentication options through external sources, including Radius, MAC based authentication, LDAP, SMS, USB key based authentication, etc. EAP protocols are supported as part of our integrated NAVIS RADIUS server in the Pronto OSS. We support VPN tunneling also. The portal uses secure SSL connection and transfers data using SOAP/XML format. Network Uptime Pronto guarantees 98% availability (NOC), except only availability problems outside the control Pronto, such as problems cause by the customer, users, Internet backbone providers, or electrical blackouts. Pronto uses its best effort to correct any errors within its control. System standards support Wi-Fi Zone Roaming Our solution supports Wi-Fi roaming across multiple networks. The solution facilitates inbound as well as outbound Wi-Fi roaming. The solution provides roaming usage collection data, simplifies setup for multiple Wi-Fi roaming partners, bandwidth limitations for each partner. As per the city’s requirements, inter hot zone roaming will be a default service. Pronto solution also has an option of making inter hot zone roaming service optional. System management, operations, maintenance and support Financial and billing system: This module of OSS enables rating and billing mediation into existing postpaid billing systems, including XML, AAA, and IPDR formats and supports pre-paid billing. It also allows the user to include the Tax components while defining the price plans. Built-in Credit card fraud prevention functionality ensures authenticity and security inherent in the transactions. The wide payment options are enabled as well by integration with various payment gateways as ICICI. Training: Pronto provides three hours training classes to MSP that cover the entire range of topics related to the installation, operation and maintenance of the Pronto OSS and related products. These training classes are available at Pronto’s offices, and can be packaged for delivery at the client site as well. Customer service system: Pronto will provide best-effort toll free customer support line, or a planned and defined customer support center. Radius based support: Pronto complies Centralized management and monitoring Pronto OSS provides GUI based view of the network, which will help ease the monitoring of network and more controlled administration on the network. The GUI based view of the application is fully customizable. It allows the various windows in the application view to be movable according to user’s choice. The technology also provides the ability to view customer details e.g. customer contact details, Gateway details, details with the ability to drill-down based on WISP, location, controller/gateway status, etc. Network management layer of the OSS does mapping and monitoring of network assets. It manages the connectivity between wireless user sessions and the Internet. The OSS communicates with the Access Controller at the Public Wireless Local Area Network (P-WLAN) via SOAP/XML over a secure SSL connection. Users connect through the 802.11x interface to the Access Controllers. Users connecting via a third-party access points embedded with a Pronto agent can also interface with the Network Management Layer over secure (SSL) XML connections. Pronto OSS supports both GUI and CLI for mapping and monitoring SNMP Management The UniFi OSS provides the WISP administrator the ability to create templates for the management of third party AP's using the SNMP protocol. This template is used to remotely configure third party Access Points (AP) connected to the PSC that are not accessible from the Internet. These APs are managed from this module using SNMP protocol, wherein the OSS itself acts as an NMS server. The process of managing the access point from the OSS using the SNMP AP Management tool involves three steps: Upload any of the available standard MIBs. Identify objects from the MIB and create a template to manipulate these objects. Configure AP with appropriate SNMP Admin Template and SNMP parameters. View/Modify the access point from the OSS using the template created.