Campus Wi-Fi Solution


Campus Wi-Fi networks operated by universities, schools, convention centers, airports & other venue owners have become multi-purpose. No longer restricted to trusted users (e.g. staff   employees), visitors or untrusted users are also being provided Internet access over shared Wi-Fi infrastructure. Securing & managing network access to such different types of users is proving to be a complex challenge for campus owners.

 

 

Challenges


  • Individual User Controls – Personalized authentication & network policies for each user. For example, even within the trusted group, certain users may have faster speeds or restricted locations from which they can access the Wi-Fi network. Controls can extend to connection speed, permissible hours for access, quotas, routing rules, security policy & more.
  • Visitor Wi-Fi Pass – Securely allowing your visitors & contractors to use Internet access is another challenge. Most campuses share a common password (WEP or WPA2-PSK) which ends up being shared or public over time, providing little security.
  • Filter Content – User specific filtering of content is an often cited requirement of campus owners. Educational establishments may wish to block adult content, while corporations may want to block social networking. Whatever be the case, having greater control over the content being viewed by employees & visitors is more desirable than ever before.
  • Traffic Shaping – Ensuring that traffic flows for specific applications may be prioritized over others. Guarantee a certain level of user experience by managing bandwidth distribution amongst connected users.
  • VIP Routing – Ensuring that visitors are not impacting trusted network traffic is an important requirement of any campus network. Equally important is diverting or routing users over different WAN or Internet gateways.
  • Device & User Lockdown – With so many Wi-Fi enabled devices, administrators are looking for ways to authroize specific users with specific devices. Session lock-down discourages password sharing & consequently network adbuse. For example, administrators may wish to block users from sharing password between their work laptops & personal tablets on the trsuted campus network.
  • Accountability – With growing security concerns, particularly from unverified visitors in public hotpsots, most campus owners are looking for ways to track the network activity of Wi-Fi users. Desirable features are audit trails, log of websites visited & any malicious activity alerts.

 

 

 

All-in-One Solution


Inventum's service gateways offer a single-stop solution for campus networks. The all-in-one service gateway combines the functions of a router, firewall (UTM), NAC, user directory & more in a browser managed, ready-to-deploy appliance. Administrators can directly connect WAN & LAN links to the appliance for end-to-end operations & management of their Wi-Fi networks.

 

Service Gateway deployed in Campus Network with 2 ISP links

Multiple functions of the Gateway

Sample service gateway deployment in a campus with hotspots, academic building & residential Internet access. The depiction shows two separate ISP links which are load balanced. For example, hotspot traffic (green line) is always sent to ISP #2 which is a non-premium link for visitors. Internally, the service gateway divides networking (data place) from business functions (control plane). Feature modules are added using software license keys, allowing administrators to purchase only what they need. Configurations ranging from 50 to 50,000 concurrent users are available.

 

 

Key Features


  • All-in-one Magic – forget a rack full of equipment; service gateway deftly combines a router, firewall, content filter, user database, policy server, AAA, WAN load balancer, monitoring system & more in an easy to administer appliance. Most importantly, the service gateway is compatible with all Wi-Fi access points.
  • IP Router – typically installed as the Internet gateway in a network, the service gateway provides complete IPv4/v6 routing capability. ISP link(s) can be directly connected to the gateway.
  • ISP Link Load Balancer– share or distribute user traffic across one or more ISP links. Deliver the highest uptime to your users by enabling automatic failover on ISP links. The service gateway automatically isolates inactive WAN links & does a rule based diversion of traffic to other "good" links.
  • Comprehensive Network Services – DHCP, NAT, SNAT, RADIUS, DNS, PPPoE & many other services are built-in on the service gateway.
  • Network Security & Threat Management – unique user virtualization technology allows the service gateway to personalize security, route & filter settings for each individual user. For example, each user can be routed to different gateways, have personalized firewall & filtering rules. The service gateway protects against common network attacks.
  • Category Based Content Filtering – Using Inventum's cloud based filtering service, administrators can filter out objectionable content by specifying categories such as adult, social networking, banking, etc. Content filters may be personalized for each user allowing administrators to treat visitors & untrusted users differently.
  • AAA System – Authenticate & account for each user's network usage. Set monthly quotas, fair use policies & even bill (prepay of postpaid) for hotspot right from the gateway! No external server or billing system required. The gateway provides detailed reports as well as invoices if required.
  • Visitor One-Time-Password (OTP) & Voucher System – An excellent tool to do away with shared passwords, the gateway allows visitors to request a one-time-password from a login page. The password is generated by the gateway & may be delivered to the user by email or SMS. Each password is pre-linked to a service set by the administrator that defines connection speed, content filters, security rules, download quotas, logon schedule & routing information.
  • User Dashboard & Portal – service gateway includes a login (captive) portal that forces users to authenticate. The same portal can also present usage statistics & server as a self-service dashboard for registered users.

 

Signup for a personalized demonstration of Inventum Campus WiFi Solution. Our qualified pre-sales staff will be happy to conduct a one-on-one web conference to provide in-depth information on our solution.