HotSpot Gateway (HSG) Overview

HSG is a HotSpot Gateway to provide guest Internet access with granular user access control and security enforcement. It allows enterprises or venue owners (hotels, malls, clubs, F&B, etc) to offer flexible and differentiated Internet access for guests, VIP members or visitors. 

Sitting at the Internet edge, mbox HSG manages user Internet access through a few key modules:

HotSpot Access Controller combines DHCP server, firewall and bandwidth control engines, granting user Internet access, and enforces their respective rights based on AAA/RADIUS client policies. It intercepts users initial browsing requests and redirects to to a captive portal (also called landing page in many places) for entering authentication credentials and accepting terms, and enforces the authorization (client rights) returned by AAA/RADIUS server for each authenticated users. (Note the HotSpot Access Controller here is not referring to wireless access controller).

One mbox HSG can support multiple instances of HotSpot Access Controller. Typically each instances maps to a different VLAN or network for different access controls (eg. different login/landing pages, different bandwidth control policies), so that we can enforce different user experience for users coming from different networks.

HSG hotspot Access controller supports following features:

HSG captive portal is a built-in web server that prompts user with a customizable web login page. It also interacts with Access Controller and AAA/RADIUS server to enable user credential inputs and integrates with RansNet cloud advertising server to stream landing page ads etc.

HSG AAA server (or RADIUS server) validates user credentials, and passes user access policies (bandwidth per user, session time, volume/usage, etc) to the Access Controller for enforcement.

NOTE: MACC and advertising gateway modules will be covered in separate sections.

1. User hotspot access flow with HSG

When HSG functions as a gateway (eg. in on-premise model), a typical user hotspot access flows as below:

2. User hotspot access flow with MAP/HSA

Because mbox Access Point (MAP) and HSA only have Access Controller, when MAP/HSA is deployed in cloud model (or centralized model, with one MAP at each remote location and one HSG in HQ/Cloud), they must work with external HSG for Captive Portal and RADIUS authentication.

Below is how the flow looks like when MAP/HSA works with a external HSG.

NOTE: MAP does not support in-session ads, and does not support dynamic bandwidth control.

 

NOTE: