TRAFFIC MANAGEMENT
Discover the Enea TLS Manager – Delivering secure connectivity management for enterprise services through HTTP header enrichment
Enea TLS Manager enables mobile network operators to maintain full visibility and control over HTTPS traffic through intelligent, secure termination of encrypted sessions. Built for high-performance environments, it facilitates advanced traffic management and HTTP header enrichment — helping operators deliver differentiated enterprise services, enforce policies, and integrate real-time context, even when traffic is encrypted.
TLS Manager supports secure traffic termination and inspection for the following key use cases:
In today’s networks, these capabilities are essential to manage encrypted traffic effectively while still delivering value-added services, maintaining security policies, and ensuring a seamless user experience.
As HTTPS adoption grows, mobile network operators face new challenges in managing subscriber-aware services. Traditionally, HTTP Header Enrichment has allowed operators to seamlessly authenticate users, route traffic based on location or identity as well as personalize services and apply content policies. However, encryption hides these headers, making it difficult to enforce policies or enable enterprise-grade services. Enea TLS Manager solves this challenge by enabling selective and secure HTTPS mediation — decrypting traffic when appropriate, applying traffic management policies, and re-encrypting it before forwarding — all while remaining compliant with operator policies and privacy standards.
Enea’s traffic management capabilities provide the technological foundation needed to fulfill our ‘subscribe once, source from many, pay for what you use’ model, which is radically transforming how consumers experience mobile services across our LATAM operations.
Enea’s technology allows us to effectively manage all our streaming data, including encrypted video, resulting in a very positive impact on subscriber QoE
TELUS is proud to partner with Enea and give our customers a better experience while watching videos
The innovative solution from Enea has been impressive. They have demonstrated their expertise and backed it up with excellent levels of service
Secure Traffic Manager and RAN Congestion Manager effectively manage encrypted and non-encrypted traffic, reduce RAN congestion and improve subscribers’ quality of experience.
TLS Manager enables operators to enrich HTTPS traffic with unspoofable, real network identifiers — such as subscriber ID or IP address — in a secure and privacy-compliant manner. This is essential for:
Operators can selectively offload or re-encrypt traffic based on destination, source IP, or domain name. This supports:
TLS Manager can invoke enrichment and policy actions based on dynamic context, such as:
User session type (identified via HTTP data)
TLS Manager acts on all relevant traffic flows to enable secure and intelligent service delivery:
Transparently intercepts both encrypted (HTTPS) and unencrypted (HTTP) traffic
Decrypts TLS traffic using operator-approved certificates
Re-encrypts traffic using operator or content provider certificates
Facilitates advanced traffic management services without compromising privacy
Trusted worldwide, the Enea Network Traffic Management portfolio is deployed by leading operators such as:
TLS Manager acts as a transparent TLS tunnel endpoint, securely decrypting HTTPS traffic and making the content visible to licensed Enea Traffic Management services. When a user initiates a secure connection (e.g., via a browser or app), the solution provides a CSP-approved substitute certificate, impersonating the origin server while preserving end-user trust and privacy.
Operators can manually load substitute certificates for selected origin servers. TLS Manager validates each certificate against the user’s root store to maintain trust. This targeted approach ensures HTTPS header enrichment only occurs on predefined domains, minimizing exposure.
Using IP address filtering (IPv4 or IPv6 ranges with CIDR notation), TLS mediation can be selectively applied to specific sites or services. This ensures that only traffic requiring enrichment or inspection is decrypted, optimizing resource use and aligning with regulatory policies.
TLS Manager integrates with licensed Enea Openwave Traffic Management modules. Once HTTPS traffic is decrypted, these services can be invoked on a per-session basis for applications such as:
TLS Manager includes a centralized Operations, Administration & Management (OAM) GUI, offering mobile network operators a single point of control across all deployed Enea Traffic Management products. This simplifies configuration, monitoring, and policy enforcement.
The TLS Manager solution is deployed inline at the Gi interface, processing all IP traffic flowing through the operator’s network. It uses a high-performance Vector Packet Processing (VPP) module to intercept, inspect, and extract relevant metadata at both ingress and egress points. This data feeds into the Contextual Application Orchestration engine for real-time service logic execution.
Enea TLS Manager enables operators to enrich, route, and optimize encrypted web traffic — unlocking enterprise use cases while preserving trust and transparency. Reach out to our team to explore how Enea can help transform your network’s capabilities through secure, intelligent HTTPS Header Enrichment.
HTTP Header Enrichment is a technique primarily used by mobile network operators (MNOs) to insert additional information into HTTP headers as data passes through their networks. By enriching these headers with user and device identifiers—such as IMEI, IMSI, MSISDN, or UID—MNOs enable downstream servers to identify subscribers and devices more accurately. This process supports enhanced user identification, service personalization, and more effective traffic management.
Request Interception: When a user’s device sends an HTTP request (e.g., accessing a website), the request passes through the mobile operator’s gateway or proxy.
Header Modification: The gateway enriches the HTTP header by inserting additional fields, such as subscriber IDs (e.g., MSISDN), device information, or network details.
Forwarding: The enriched request is then forwarded to the destination web server.
Processing: The server uses the enriched data for purposes like authentication, personalization, or analytics.
Seamless User Authentication: Automatically identify users via subscriber IDs without requiring manual login.
Personalized Services: Enable location-based offers or customized content delivery using enriched data.
Zero-Rated Applications: Tag traffic for specific apps to ensure users aren’t charged for data usage.
Traffic Steering & Analytics: Route traffic based on user attributes or gather insights for decision-making.
Enterprise Services: Securely enrich HTTPS traffic with subscriber metadata for authentication and localized service deliver
Enhances user experience through personalization and seamless access.
Enables new monetization opportunities for MNOs by offering differentiated services.
Supports advanced traffic management and policy enforcement.
TLS (Transport Layer Security) is a cryptographic protocol used to secure data transmitted over the internet — most commonly seen in HTTPS connections. It encrypts the communication channel between web browsers and servers to protect user privacy and prevent data tampering or interception. As mobile networks become increasingly encrypted, operators need solutions like TLS Manager to safely inspect and manage traffic without compromising user trust.
