An Access Controller for Every Need
We have optimized the Enea Aptilo Access Controller for working together with the Enea Aptilo Wi-Fi SMP delivering true unique capabilities. Enea Aptilo Wi-Fi SMP also has specific adaptations for all leading access point controllers and high-performance gateways from our partners. For some use cases, it still makes sense to deploy the Enea Aptilo AC behind existing third-party access gateways to enable functionality that cannot otherwise be obtained.
The same Enea Aptilo AC software can be installed on two different certified standard hardware options:
- An industry-standard server (Std AC) handling 2,000 concurrent users.
- An eight-server cluster (Macro AC) handling 12,000 concurrent users. The setup consists of one load balancer, one backup node, and six traffic-taking nodes.
Deploying the Aptilo AC as redundant pairs with one backup node or in a redundant cluster with one backup node serving several traffic nodes is recommended.
Depending on the business model and integration level, the Enea Aptilo AC can be locally, regionally, or centrally placed in the network, catering to several separate sites.
Flexible Deployments Models
The Enea Aptilo AC software runs on standard hardware scaling from 2,000 to 12,000 concurrent users with real-life complex authentication and charging use cases. It can be either locally or centrally deployed in the network and connects to the Enea Aptilo SMP/SMP-S via Internet or private LAN through secure VPN connections.
With up to 12,000 concurrent capacity from a single server cluster, we can provide an end-to-end solution for large-scale carrier Wi-Fi networks, especially with a distributed deployment model. For networks with a central deployment model requiring hundreds of thousands of concurrent users on a single gateway, we recommend a high-capacity access gateway from Benu, Cisco, Ericsson, Huawei, or Nokia.
Access Control and Policy Enforcement
The Enea Aptilo AC is purpose-built for access control, usage monitoring, and policy enforcement in Wi-Fi networks. Apart from the inherent support for Enea Aptilo SMP/SMP-S, it can look up policies from external AAA and policy nodes via RADIUS pull.
The Enea Aptilo AC dynamically handles user sessions, quality of service, and routing from the local network to the Internet. Together with the Service Profiles, defined in the Enea Aptilo SMP or SMP-S, the Enea Aptilo AC constitutes a powerful tool for handling differentiated services with prioritization of traffic on the user level.
In the sample Service Profile “Premium,” the main service is capped to 50 Mbit/s of total bandwidth allowance for the “premium” user. Listed below the main service are services that can be capped or defined as unlimited; these are prioritized within the main service. Optionally an additional service can be defined outside the main service and prioritized on the same level. This ensures extra capacity is left for, e.g., real-time critical applications, even if the bandwidth of the main service is consumed.
The automatic bandwidth balancer feature of the Aptilo AC distributes available bandwidth between all active sessions according to the priorities set in the service profiles. A service can be automatically throttled down to a specific capacity if the prepaid quota has been depleted to a specified level.
Multiple firewall rules can be defined and tied to a specific service profile. This allows flexible traffic control based on the service profile, e.g., to allow traffic on ports 80 and 443 but deny everything else.
It is possible to specify in the service profile that the traffic must go through a specific WAN interface or VLAN. This feature is handy, for instance, for separating the private and public traffic in Smart City networks and for routing to different Internet gateways in a wholesale operation.
Other key features
A secure authentication and payment processing environment with SSL encrypted communication between the clients and the Enea Aptilo SMP/SMP-S. Secure VPN tunnel for other communication between the Aptilo Access Controller and the Enea Aptilo SMP/SMP-S. Built-in firewall functionality to protect from non-authorized usage. Whitelisting (“Walled Garden”) and blacklisting of configurable sites. IP-address spoofing protection through session window monitoring.
Ease of management
Support for remote software upgrades and updates. Enea Aptilo AC also supports SNMP network management for single or multiple SNMP trap destinations. Access Points (AP) can be created in Enea Aptilo SMP using the Aptilo AC MIB with the snmpwalk and snmpset commands. The Enea Aptilo AC has SNMP integration towards access points for collecting usage statistics. The AC periodically fetches statistics from the access points, for example, the number of connected users per access point. This feature enables traffic pattern analysis down to the AP level in the Wireless Network.
The Aptilo Access Controller blocks users from access to the external network until successful authentication and authorization are attained. It also supports the distribution of client IP addresses (DHCP). It offers custom DNS support to resolve user-defined host names to user-defined IP-address.