MPP

The guest access portal MPP is a highly flexible solution that supplies your guests, visitors, external employees as well as private devices of your own staff with network access. The access rights can be individually adjusted by the group of users.

The MPP acts as a gatekeeper between the guest access networks and the internet, as depicted in the following chart:

Your guests connect via a wireless or wired network connection and try, for instance, to access the internet. The traffic of these guests is separately sent via the company network through specific VLANs or VPNs to the MPP servers. Depending on the source area (e.g. location/building, VLAN, IP range), the user is assigned a profile that defines the following aspects:

  • Which portal is displayed to the user (e.g. for the placement of location-dependent contents and promotion)
  • Which website or further network resources can be used freely and free of charge (so-called open gardens) by guests
  • Which authentication or self-service possibilities are provided to guests. In addition to entering user name and password, it is possible to create dynamic accounts (e.g. by entering the mobile phone number, e-mail address or credit card data)
  • Whether the user can be routed to commercial service providers like Swisscom, Sunrise, Ipass, Boingo.

The MPP can be optimally integrated in existing peripheral systems such as Radius/LDAP databases, clinical information systems, visitor batch systems etc. It is also possible to age local accounts offering full flexibility according to the following Picture:

 

  • An account typically consists of a login name (user name, mobile phone number, name of the event etc.) and a password with freely definable length.
  • An account can have different statuses: "verified" (meaning that the registration has been completed), "unverified" (meaning that no registration has been carried out) or "suspended“"(meaning that the account has been deactived).
  • With a profile, the user is assigned a template of routing and firewall rules. Thereby, it is defined what the user is actually allowed to do and where he is routed to (internet, provider X, VLAN Y etc.)

  • Accounts may have different validities:

    • Fixed validity period "from … to " (e.g. for events, monthly or annual ticket)
    • Validity for a defined period as of first login (scratch card principle), regardless of the time spent online

  • An "exclusive" access means that only one device () can use it at the same time. As soon as another user logs in with the same account, the access logged-in first gets unlogged. A "multiple" account can be used by several devices at the same time what especially makes sense in seminars.
  • The user can be forced to amend his/her password after the first login. This primarily makes sense for personal accounts.
  • The URL defines where the user is routed to after successful login. In our case, the user is routed to the portal created by the company Giordano.
  • Via #, the number of allowed visits can be limited for an account. So, it can be defined for instance that only five free accesses can to be obtained per 30 minutes.

In case several accounts shall be generated, they can be exported as csv or printed and distributed/sold on pre-formatted labels/cards (e.g. Zweckform).

Guest Account agement in the Intranet

The reservation system is a web application which typically runs in the customers' intranet. It enables different groups of administrators to age accounts. The user authentication is executed via own LDAP of the company. The application is multi-tenant which means that each user group can view, create, activate or deactivate the own account. You have full freedom regarding the creation of account types per tenant.

Enhancements

The MPP has a highly flexible XML-RPC API. Hence, tasks like user creation can easily be integrated into existing guest applications.

 

Functions

Services

DNS Master / Resolver
DHCP Server / Relay
NTP Client

Authentication

Lokale Datenbank
RADIUS
LDAP (Generic LDAP, Microsoft Active Directory)
Captcha
SMS
CSV Daten
E-Gate

Network

Ethernet-Interfaces (Hardware abhängig)
IEEE 802.1q (VLAN)
GRE, VPN
Routing

Accounting

Syslog
Radius

Administration

Dediziertes Reservationssystem (=Sponsoring-/Device Portal)
Web Interface
Konsole

Landing Page

Frei gestaltbare Portalseite

o   Pro Netzwerk

o   Pro User-Agent (Windows CE, iPhone etc.)

Dynamisch kontrollierte Portalseite (z.B. für die Einblendung von Werbung)
I-Frames
Smart-Client Support (z.B. iPass, Boingo etc.)

Hardware

Appliance oder eigene Hard¬ware (Debian GNU/Linux 5.0 Lenny kompatibel)
VMware ESX

Redundancy

Master/Backup-System (VRRP)
Synchronisierte Benutzer-Datenbank 
Synchronisierbare Systemkonfiguration

Session

ARP
DHCP Leases / Tracking
Public IP Address Pool

Profile

Source-/Destination-IP
TCP/UDP Source-/Destination- Port 
Next Hop
NAT/PAT
Mehrere Profile pro Provider
Bandbreitenbeschränkung

Monitoring

Sessions
Performance / System-Load
Aktive DHCP-Leases
Daemon / Netzwerk Status

API

XML-RPC