Download Pronto Networks for Municipalities for RFIs etc

Executive Overview
Pronto's Metro WiFi OSS platform is a carrier-class software platform, specifically designed for mixed-use,
public wireless, access networks. The Metro WiFi OSS (Pronto OSS) is an open architecture, standards-based,
WiFi service delivery solution that enables rapid, cost-effective wireless broadband deployment and reduces
ongoing operational costs.
As requested in the RFI, the City of San Francisco may choose to designate certain parks, common areas and
other residential and business zones within the city to allow any user with a WiFi device, or otherwise
connected to the network, to gain free and open access to the Network. On the other hand, the City may
simultaneously offer affordable basic access to some users and a higher grade of Internet access to business or
premium users. This type of “drinking fountain” model allows the City to meet the varied requirements of its
demographically and economically diverse constituents.
The Pronto OSS provides centralized real-time Authentication, Subscriber Management, Billing Mediation,
Customer Care, Roaming Settlement and Network Management capabilities.
The main features of our solution include:
-
Support for logical segmentation of the network using VLANs and different QoS for different class of
service, which can be created using the same network infrastructure.
Co existence of free as well as fee based access- hotspots within a Hotzone.
Seamless experience for in-motion users with accurate accounting and billing capabilities.
Location based service offerings with localized content publishing and management
Support for various value added services including voice over IP, home safety using video surveillance,
field staff access etc.
Traffic prioritization and QoS capabilities to meet requirements across varied class of users
Support for mixed-use applications, ranging from Public Safety to Residential, Visitors to Municipal
Employees.
Customizable classes of services and traffic QoS based SLA guarantees.
Turnkey subscriber and customer management platform, a customer self-registration portal, with
integrated credit card payment gateways and integrated billing.
Pronto offers Managed service offering as well to get the Community Wireless Broadband Initiative
started with minimal upfront investment in a back-office data center.
In this response, we provide a brief description of our capabilities, and a comprehensive overview of the Pronto
Product offering.
Solution Highlights
Support for ‘Mixed Use’ Network and Public Safety: Pronto’s broadband wireless platform supports VLANs and
specific QoS set up, which enable the network to be separated for both public and private keeping in mind the
specific needs. Using VLANs the Network can be logically segmented to support different domains of users
(secure access by govt. agencies, secure/open access for public users, residential, business users etc. All the
target users including residents, businesses, institutions, government agencies and visitors can have a separate
network, service plans, quality of service and thus a unique experience meeting or exceeding their specific
desires and expectations.
The Pronto OSS supports logical segmentation of the network through multiple methods to support multiple
“domains” of users.
1. Even on a single LAN, the Pronto solution can be configured to support multiple user types, each with
its own authentication mechanism, and its own pre-defined bandwidth restrictions. The Pronto
Hotzone Service Gateway (PSG) enforces these bandwidth management policies so that WAN link
bandwidth is regulated per user.
2. Users traffic can additionally be partitioned through the use of VLANs. Thus, each user, based on the
SSID he associates with, is confined to a specific VLAN. Different user types can be supported within
each VLAN as well, with different authentication methods available to each.
Specific MAC addresses, and IP addresses, can be configured for special types of access within the Pronto OSS,
and enforced at the PSG.
Flexible Service Plans to Generate Revenue: Pronto’s solution enables Cities like San Francisco to generate
revenue from offering the wireless service by setting up various service plans for various user segments. For
example, the City may offer residents with plans that include access to limited applications on flat monthly
subscription basis whereas businesses may be offered with a plethora of applications at a premium price per
volume/duration of use with guaranteed quality of service. The educational institutions and non-profit
Organizations may have the option of cheaper rates on the basis of their usage; Visitors may have the option to
purchase day passes. Pronto’s solution also has the capability to support pre-paid cards in addition to
subscription plans.
Zero Client Configuration: Pronto’s solution requires no re-configuration of the user’s client settings, thus
enabling easy, trouble free access. Pronto’s solution, for example, automatically adjusts for settings that may
be on a user’s laptop, such as static IP and DNS proxy settings, which would normally hinder access to the
Internet if no adjustment takes place.
Advanced Security: In addition to supporting VLANs which secure city networks by keeping them separate from
general purpose use, Pronto’s solution provides a SSL-encrypted registration and authentication process and
supports corporate VPN clients to allow secure, encrypted access to one’s corporate LAN.
Access Control for Various User Groups: Pronto’s solution is capable of providing various levels of access to
different user groups. Government employees, for example, can be authenticated by the MAC address of their
laptop or PDA, whereas visitors can only be allowed access by supplying a username and password. Finally,
Pronto’s solution can set what network privileges each user group is entitled to, such as simple internet
browsing and corporate VPN access vs. network administrative privileges.
Content Management for Virtual Community Bulletin Boards:
Pronto’s content management system allows content to be delivered to the splash page quickly and
efficiently, thus virtual community bulletin boards. The City can utilize this feature for educational, social,
informational, and economic content for respective user segments to foster growth in each of the sectors.
Pronto’s solution allows writing, editing and publishing updates to the splash page within minutes and to
update information numerous times throughout the day. This offers the City with custom branding options
depending upon the location and SSID, keeping in mind the target users and their needs.
The default /home page which the users access when they log in, thus can be managed well with the
information and business opportunities as per the targeted customer audience at that location. This may
include educational content for students, general community and tourism info for public users at select parks
and common areas etc.
The City may also opt for Pop ups depending upon the requirement, that shall interrupt the users in their
session and make some information available to them. This interrupt page is a live modifiable page of
information, which replaces the splash page. This can be used to contain breaking information about an
emergency and status. In addition an emergency policy can be made to dictate that everyone will be required
to r-authenticate, or show this page before a user can go on to the next page. In this case once the users have
read through the information, they may take a specific action that may be required or may get back to their
own session if not relevant to them. In essence each user may be forced to see the page of information
Value added services (such as VoIP) to Generate Revenue: Pronto’s standards-based platform allows offering
additional services, such as voice, on top of the wireless network. Providing voice in addition to data services
can help the City offer its users with reduced communication costs and provide another revenue opportunity.
Other value added services like virtual gaming, and home security can also be considered as additional revenue
generators.
Virtual Network Operator Ready: Pronto’s solution is multi-tiered, enabling municipalities to sublet its
network, if desired, to other network operators. This enables competing commercial and institutional service
providers not affiliated with the City to gain access to and provide services using the same, single, common
infrastructure.
Integration with legacy and third party systems: The Pronto OSS supports a number of internal applications
that perform customer care, billing, alert processing. This includes the customer instances with prepaid as well
as postpaid subscriptions and the guest users. However, in case there is a need, Pronto OSS can be integrated
with existing systems or third party modules in order to offer seamless experience to the end users. Therefore,
Pronto Subscriber API capabilities that enable this integration are an essential component if the Pronto base
Product offering.
Pronto OSS supports various billing options for the service provider, including billing based on volume,
duration, day of week, time of the day etc. Varied Payment options including credit card and prepaid cards for
an hr / day /month etc are supported. End users can be authenticated in different ways suitable for different
consumer segments. For example the govt. Employees may be authenticated by the MAC address of their
device itself with no extra effort, whereas the external users may be offered with various other choices
available on their personal choices to avail. Virtual Service communities can be created with customized
service plans and have QoS parameters attached to each service plan, depending upon the specific needs of the
community.
Multiple Authentication Realms:
Pronto’s solution is capable of providing various levels of access to different user groups. Public and private
users can coexist on the common network infrastructure and yet be differentiated on the basis of their specific
needs. Through multiple VLANs, Pronto can support different classes of users. Each VLAN can have a
customized login page and different best-suited authentication mechanism and can be treated as a virtual
community. Thus government employees in the City can be authenticated on the basis of the MAC address
whereas the public visitors may have to enter a username password to get authenticated.
Various Authentication mechanisms including the below are supported by Pronto:

Captive Portal:
Captive Portal technique presents the users with a special Web Page so that the Users can provide their
credentials (user Id & password) and thus get authenticated to connect to the Internet.
The Web Pages also called Splash Pages can be customized for each location /VLAN/SSID such that the
content made available is of relevance to the audience using the service. For Example Course content
for students, Business news and analysis for business users, Socio economic data for the non profit
segment etc. can be made available on the splash pages at respective locations. This would also offer
the City with an additional revenue stream through sponsorships and would be a value-add for the users
at these public locations. However the Users can enter their credentials on this page and get
connected to the Internet. The Users shall be authenticated by any of the following:
i.
ii.
iii.
iv.
v.

RADIUS
LDAP
External Database
Roaming Aggregators
802.1x based authentication
USB Key based authentication:
The Pronto OSS supports USB-key based authentication, where the username/password credentials are
configured onto a USB key shipped to the end user by the service provider. The user simply inserts the
USB key into his laptop, and attempts to browse the Internet. The Pronto OSS detects the presence of
the USB key, checks the credentials against its central database, and allows the user access without
having to enter any keystrokes. The USB key can be suspended/activated/cancelled, etc. from the
OSS.

Access control lists:
The Pronto OSS maintains an Access Control list after initial authentication that monitors IP and MAC
addresses. Users can be automatically authenticated by their MAC address in subsequent sessions
thereby bypassing authentication if required or the NOC can control sessions by IP or MAC address if
required.
As new authentication methods become available, the OSS will expand to support them in order to
support Client side requirements.
Quality of Service Management
The Pronto Hotspot Networking System allows wireless bandwidth to be segmented and metered out, on a peruser basis, at each Hotspot location. The QoS levels can be mapped to specific Service Plans. For example,
Commercial Users can be given a dedicated, high-priority portion of the total bandwidth while all Public Users
share the remaining bandwidth at a lower priority.
Pronto’s OSS supports Quality of Service guarantees at the User level by allowing the Service provider to
enforce SLAs on upstream and downstream bandwidth rates (minimum and maximum). The minimum rate
defines a sustained level, and the maximum rate sets the peak level. Once these service plans are defined in
the OSS, when a user subscribes to the service, he is assigned that QoS SLA. This QoS is associated with the
user, not the PSG. So, when the user attempts to login, he is assigned the QoS. Any number of SLAs can be
defined in the system. The values of the bandwidth rates can be set by the Service Provider on a per PSG
level.
All users that subscribed to the Service Plan are subject to the enforcement of this SLA, upon successful login.
When the available bandwidth on the PSG is committed to authenticated users, the OSS provides an option
whether the next user that tries to login get his “SLA enforced”. If the SLA is enforced, even a registered user
is denied access to the network, since the PSG cannot meet the SLA commitments, as bandwidth is already
committed to other users. If the SLA is not enforced, additional users are allowed on to the network.
All users that subscribed to the service plan are subject to the enforcement of this SLA upon successful login.
When the available bandwidth on the PHC/PHG is committed to authenticated users, the OSS provides an
option whether the next user that tries to login get his “SLA enforced”. If the SLA is enforced, even a
registered user is denied access to the network, since the PHC/PHG cannot meet the SLA commitments, as
bandwidth is already committed to other users. If the SLA is not enforced, additional users are allowed on to
the network.
Traffic Management is implemented at the PHG/PHC and it includes:
 Bandwidth partition
 SLA mapping to the defined partition
Bandwidth partition is of four types:
1. Bounded: A partition cannot borrow from any other partition. Thus, if a partition is bounded, then
users of this partition are restricted by bandwidth allotted to it.
2. Unbounded: A partition can borrow from other partitions, subject to availability.
3. Isolated: A partition does not allow other partitions to borrow from it. Thus, if users of this type of
partition were not using the bandwidth, then that BW would go waste.
4. Shared (or not isolated): A partition allows other partitions to borrow from it. This would result in
practically no wastage of the bandwidth when there is a demand for it.
This bandwidth partitioning done at the WISP level can be configured by percentages or actual bandwidth. This
allows the system to apply different treatment strategies to different flows (session) of Internet access, e.g., a
product plan can attach different bandwidth limits to the various applications/services being used. Thus,
municipal users can be prioritized at a higher priority by provisioning them with specific service plans as per
their needs. For specific services like emails (POP), browsing (http), download music (ftp) and talking to
another remote user (VoIP), each of these services can be assigned their own SLAs (Bandwidth limits)
simultaneously.
Custom Branding Options:
Pronto’s platform allows for the initial splash page to be branded across all franchise locations and by each
individual location. Pronto also supports walled garden sites, or unauthenticated free access to a select
number of websites, such as the venue’s website, store locator site, etc. The images on the splash page, as
well as the walled garden links, can be updated easily and frequently, allowing venues to modify the user
interface to reflect new specials or promotions, such as offering 30 minutes of WiFi access with a purchase of
the daily special.
Pronto’s ad management system allows municipalities to potentially generate additional revenue from local
establishments and business partners by placing and charging for targeted ads on the initial splash page.
Pronto’s system tracks the number of impressions as well as the percent of click-throughs.
Scalable Network:
Each Pronto Service Gateway can support an IP range of greater than 10,000 users. While each PSG can
nominally support 2000 concurrent users, this number is based on typical Hotspot/Hotzone usage, since the
actual limitation is based on the amount of traffic sent by each user in the aggregate.
I
I
I
I
Mesh
MeshNetwork
Network
I
I
I
Each PSG has a single 100 Mbps Ethernet interface, and
thus the practical throughput limits of the PSG are
around the 45 Mbps rate. Each PSG can provide QoS for
at least the 2000 concurrent users. Additionally, the
architecture supports multiple PSGs connecting to their
own Internet PoPs, providing a high level of service
reliability, since the user experience, for both the
private and public users, is the same regardless of the
PHG through which they are connected to the Internet.
Pronto has also provided custom PHGs to customers
that can have 1 Gbps Ethernet interfaces as well.
I
IP Management and Client Configuration
When a subscriber’s 802.11 wireless card /modem in his device detects any WiFi SSID in the network, the user
can configure his device to associate that wireless modem with the SSID broadcast. After the radio acquisition
is complete, connectivity at the IP layer is attempted. This process is determined by the network settings of
the client device. In most cases, this would be a DCHP request for an IP address. Such a DHCP request can be
serviced by the PSG by allocating a dynamic IP within the DHCP range at the specific location. However, if the
subscriber has static IP settings pre-configured in the device, then these settings would be automatically
accommodated at the PSG.
The Solution does not require any change in network settings of a laptop, as long as it can associate with the
network. . More explicitly, no change in IP address setting, DNS setting and browser settings are required.
Essentially, the solution will work with private DNS settings and browser proxy settings of the laptop. In the
event a corporation has statically assigned IP address, the solution will continue to work. No new DHCP IP
address will be issued to that user. The system also allows the user to use the service, even if the client device
is “mis-configured” for the location. The user is able to associate to the network and continue using his IP
address setting that may be mis-configured in his client device.
The following are common scenarios that are addressed by the Pronto OSS:



Wireless device has fixed IP address, which may be incompatible with the DHCP address range in use at
the location and may be the same as the fixed IP address of another customer already connected at the
same location;
Wireless device is set to use fixed DNS servers which are not accessible from the location (e.g. they are
located behind a corporate firewall);
Wireless device is set to use a proxy server, which is not accessible from the location.
Once authenticated, the user is able to access the following services:

WWW including web-based email and e-commerce sites

POP3 email services

Corporate email/scheduling/data management services
Outlook/Exchange and Lotus Notes/Domino, etc.

Corporate VPNs
based
on
Microsoft
Services, Accounting and Billing
Pronto OSS provides a flexible, dynamic framework for creating various types of Service Plans for different
Class of Users. Free and Fee Based pricing models are supported on the common network infrastructure. The
solution enables a mix of both the pricing models enabling free Hotzone with fee-based locations or fee-based
Hotzones with free locations.
Enhanced Authentication options are supported including USB key based authentication, MAC based
authentication with support for multiple MAC addresses, 802.11x client based authentication, external
subscriber databases, RADIUS, LDAP and Premium SMS.
Premium SMS based authentication offers service based on SMS messages. This requires integration with
cellular network and the authentication codes are provided through SMS messages. This helps the operators
extend their services and reach out to the entire population of mobile users, especially beneficial for
geographies with high mobile penetration. The solution also supports the operators to give a common bill with
their mobile usage, thus adding convenience for the end users in terms of subscription as well as payment.
Multiple authentication methods can co-exist in a service provider environment, thus empowering operator to
reach out across geographies and demographics leading to higher customer penetration and thus higher
returns. For example, postpaid corporate users with security requirements would prefer 802.1x client based
authentication whereas premium SMS would be the best offer for prepaid mobile young users.
With support for both pre-paid and postpaid billing models, service providers can create a customized offering
that combines web based account activation, account refill options using vouchers, etc. Differential billing
rates can be supported on the basis of time duration, volume of traffic, time, day of the week, customer type,
location, service application, peak off peak definitions etc. Fill-up options for prepaid cards are also available
to the end users. Pronto OSS billing, allows for customized billing between the WISP and the NOC. Both offline
and online modes of subscription and usage are supported. New subscribers or guest users can sign up instantly
to the Public Wireless LAN services through an online registration process in addition to the option of buying
the service offline through coupons or vouchers. It supports features like one time password access, production
and use of prepaid vouchers while facilitating commissions to affiliates and locations.
Prepaid Vouchers can be purchased online through a secure portal, with flexible validity periods of time
determined by the service provider. Subscribers can use blocks of time adding up to a limit or a single
contiguous block of time depending upon the service plan offered by the service provider. The OSS solution
from Pronto provides end-to-end prepaid management with voucher generation, assignment, commissioning,
with zero leakage enforcement and idle session disconnect features.
Once a transaction is complete, the balance usage level in user account is calculated based on business rules
and the balance limit is updated. The system helps the user view their balance usage level through a customer
self-care portal. A follow up scheme helps define the course of actions to be taken whenever the usage level of
a subscriber crosses user-defined thresholds. For postpaid users, the OSS solution is capable of generating bills
centrally while addressing access of WLAN services over geographically different locations.
There can be multiple service plans on offer for the end users, meeting their specific requirements. Premium
business and Occasional nomadic users can be the main revenue generators with their Criterion of quality of
service and specific applications support respectively. The nomadic users can have the option of prepaid passes
for hrs/days/weeks whereas the premium business segment can subscribe to monthly postpaid plans discounted
for higher usage.
Network Monitoring and Remote Management
The Pronto Hotspot OSSTM has fault monitoring capabilities that are designed to support OSS requirements for
carrier-class operations. The OSS monitors the gateway heartbeats from each of the locations under its
purview. The internal database support of the OSS allows for extensive data gathering and record keeping.
At a time interval defined at the NOC, each PSC periodically sends an autonomous message to the PSC.
Because this message is sent through the SOAP/SSL protocol exchanged between the PSC and the OSS, it is
impervious to firewalls and dynamically obtained IP addresses that can provide configuration and monitoring
challenges for the NOC personnel. These periodic messages provide valuable information related to the health
of the network element, and also provides performance and service assurance information related to users
connected to the controller at the location. These remote monitoring capabilities are crucial for the
management of a WiFi network.
When a controller status degrades below acceptable levels, the OSS can respond with a message (payload)
containing reboot instructions, user logoff commands, software upgrades, and the like. The OSS can also be
configured to notify the appropriate personnel of the alert.
The design of the heartbeat/payload response cycle allows the OSS to maintain controller operational health
regardless of the remoteness of the controller location or the local network security configuration (firewalls,
etc). Finally, this mechanism also allows the Pronto OSS to monitor access points that may be subtending from
the PSG at the location. Users’ connectivity to these access points is also monitored at this layer of the
software.
The OSS is also designed to support network management system extensions to support SNMP. This enables
external management systems to perform typical enterprise management tasks on additional access points that
may be subtending from the PSC.
The NOC records heartbeat monitors that report the status of each controller. These reports can be
customized for NOC and WISP or Customer level users with defined roles granting appropriate levels of access
to view the usage levels and status of each controller over which they are responsible. Whenever a controller
experiences out of tolerance conditions, the OSS responds by either correcting the condition directly (payload
downloads) or by notifying the appropriate technical support personnel who can respond to the condition.
Reporting
The OSS provides a comprehensive range of Reports that give details of Sale, Usage, Payment and Accounting,
Dispute Handling, Statistics and allows different types of searches to retrieve information from the system. The
software supports preview of reports before printing.
The OSS supports a wide variety of reports, which include:
o
All details of activity for prepaid cards.
o
Prepaid card sales (online and offline), and subscription sales reports.
o
Service reports showing online refunds, account (new, closed, suspended, and promotional)
reports.
o
Revenue, billing, and payment reports showing sales, refunds, generated bills, credit card
activities, accounts receivables, write offs, and miscellaneous information.
o
Settlement reports showing monthly settlements, roaming usage, roaming settlement, and
cost/margin reports.
o
WISP reports are a WISP-specific subset of these NOC reports, but also include a customer
usage history report, which shows connection details like time and amount of data sent and received.
OSS users can output reports online, print a hard copy, or export to Excel (CSV) or PDF format.