Technical Overview July, 2004

Access Gateways AG-2000w Integrated Wi-Fi HotSpot Connectivity Device for Single Cell Venue Deployments NSE Features With High Performance IEEE 802.11b/g Radio Supports up to 50 Simultaneous Users HotSpot Gateway (HSG) Cost Effective, Reliable Networking Device for Small Venue Deployments Transport Agnostic, Capable of Supporting Either Wired or Wireless Networks Supporting up to 150 Simultaneous Users (sold in 50 user increments) Universal Subscriber Gateway II (USG II) High Performance Networking Device for Large Venue Deployments Supporting up to 2,000 Simultaneous Users (sold in 250 user increments)

AG-2000w-HotSpot in a Box AG-2000w- 1x WAN link 1x Wireless Subscriber port IEEE 802.11 b/g subscriber side Factory default: 50 users Internal Database Radius Power over Ethernet (WAN port) Upgrade with Credit Card Module Upgrade with Roaming Module

HotSpot Gateway HotSpot Access Gateway 1x WAN link 2x Subscriber ports Factory default: 50 users Internal Database Radius Upgrade to max. 150 users in steps of 50 users Upgrade with Hospitality Module Upgrade with Credit Card Module Upgrade with Fail-Over Module Upgrade with Roaming Module

Universal Subscriber Gateway II 1x WAN link 2x Subscriber ports Factory default: 250 users Internal Database Radius Upgrade to max. 2,000 users in steps of 250 users Upgrade with Hospitality Module Upgrade with Credit Card Module Upgrade with Fail-Over Module Upgrade with Roaming Module

Nomadix Service Engine Core Solution Element Features Benefits Customer Acquisition Dynamic Address Translation™ - Transparent proxy - Any user gets access Reduces technical support and provisioning costs Service Provisioning Home Page Redirection Walled Garden Delivers local content/services Maximum branding capability for provider and venue - Secure account creation and login Access Control & Authentication Universal Access Method (UAM) Simultaneous support for UAM, and 802.1x, Smart Clients Prevents unauthorized network access Enable multiple authentication models Maximum flexibility for the user and operator - Multiple billing options Billing Plan Enablement Multimode Billing Model Support Multiple Billing Parameters Bill Mirroring Deploy a wide variety of billing models Supports the largest variety of Property Mgmt Systems Bill by volume, time, bandwidth level Advanced Security - iNAT ™ Supports multiple simultaneous VPNs to the same server Global Roaming WISPr Support Allows users to roam between networks while maintaining one billing relationship w/ their provider Traffic Shaping & Service Presentment Bandwidth Management Information and Control Console Management of limited bandwidth ensuring a quality experience for all users User based self-selection of services, increased trial of new service

NSE Modules Hospitality Wide range of Property Management System (PMS) interfaces to enable in-room guest billing for high speed Internet access (HSIA) Includes 2-way PMS for in-room billing in a Wi-Fi enabled network Bill Mirror functionality posts billing records to multiple sources Supports billing over TCP/IP connection to select PMS interfaces

NSE Modules Credit Card Offers secure interface over SSL to enable billing by credit card Bill Mirror functionality allows posting of bill to multiple sources Supports scratch card and promotional codes

NSE Modules Wholesale Roaming Provides advanced Network Access Identifier (NAI) routing capabilities allowing multiple providers to access a HotSpot location supporting a Wi-Fi Wholesale model

NSE Modules High-Availability This module offers expanded network uptime and service availability when delivering high-quality Wi-Fi service To ensure uninterrupted service, our Fail-Over functionality allows a secondary Nomadix Access Gateway to be placed in the network which will take over if the primary device should fail

Service Connectivity Auto-configuration Any computer (DHCP or static IP) can access the service network, regardless of its IP and browser proxy settings. Mary’s Computer Web proxy: None John’s Computer Web proxy: 130.92.75.150 Sam’s Computer Web proxy: 10.1.1.14

Plug & Play Features & Benefits No client side software Plug & Play: The USG automatically adapts to the network settings of any computer No reconfiguration, truck rolls, or tech support calls Transparent HTTP Proxy support (subscriber does not need to disable their proxies). DNS (Domain Name Server) Redirection (Subscriber’s DNS request are redirected to a local server). SMTP server redirection support (subscriber’s outgoing email will be redirected to a local server). Automatic User Tracking, Billing, and Security. Automatically logs the subscribers network settings so there is no need for additional logins. Automatically bills for the service (PMS, Credit card, RADIUS). Provides security by separating subscriber’s traffic from the remote network management traffic.

Dynamic Transparent Proxy This release now supports clients that dynamically change their browser’s proxy status from non-proxy to proxy and/or change their proxy IP address/port number during the session. Also, transparent proxy support has been enhanced by offering support for additional assigned port ranges (e.g. port 911). Non-proxy Proxy

DHCP Server functionality IP Upsell allows for the service provider to offer the subscriber the option to take a private DHCP lease or a public IP lease. Multiple DHCP subnet support. Allows a service provider to assign public or private IP lease to subscribers by port location DHCP Relay. Allows a service provider to use an external DHCP server to many the lease pool.

Nomadix iNAT Support Guarantees transparent VPN connectivity from private IP address subnets; Supports users with static private (e.g. 192.168.x.x) IP addresses without any client IP setting changes; Dynamically adjusts the mode of address translation during the user’s session depending on the packet type; Dramatically heightens the reusability factor of costly public IP addresses; Maintains the security benefits of traditional address-translation technologies

Security – iNAT UDP packet fragmentation support Nomadix invented a new way of intelligently supporting multiple VPN connections to the same termination server at the same time (iNAT), thus solving a key problem of many public access networks. This release of the NSE adds UDP packet fragmentation support to Nomadix’ patent-pending iNAT functionality to provide more seamless support for certificate-based IPSec VPN connections. IPSec client using Certificate Subscribers-side packet capture Network-side packet capture Sample Network Internet

Internal Web Server (IWS) Allows for a quick and easy setup for authenticating new subscribers. Configurable for: Username/Password authentication (optional). PMS, Credit Card or free access billing. Color for Background, Foreground and Fonts. Service Selection, Existing Username, New Username and Contact Info Messages. You can change the font type and add a logo image. Service Selection Login or New Account Verify and Purchase

Local Webserver Upload the required pages and images to the /flash/web directory using FTP. Total file size of all pages and images cannot exceed 200 KB. File names should be labeled using the 8.3 format. Pages can now be served by referencing the URL http://nseip:1111/web/<filename> or at https://nseip:1112/web/<filename> for pre-authenticated end users. The post-authentication pages and images are available at http://nseip:3111/web/<filename>

Local Webserver

IWS Portal Page/External Web Server Subscriber provisioning Walled Garden (service upsell) Central Management of Subscribers Web Based Provisioning Custom Subscriber Experience (Target Your Market) Through XML (eXtensible Markup Language), the USG can interact with a highly customized and feature-rich web server anywhere on the Internet. Example: http://[Your Server IP Address]/[Your Scripts]?UI=000177&UURL=http://208.46.165.157&MA=0050da554787&RN=101&OS=http://204.71.200.74&SC=6302 EWS Sends (via HTTP “Post” Method to http://[USG_IP_Address]:1111/usg/command.xml): <USG COMMAND="USER_ADD" MAC_ADDR="0050da554787"> <USER_NAME>johndoe</USER_NAME> <PASSWORD ENCRYPT="FALSE">doededoe</PASSWORD> <EXPIRY_TIME UNITS="SECONDS">3600</EXPIRY_TIME> <ROOM_NUMBER>101</ROOM_NUMBER> <PAYMENT_METHOD>PMS</PAYMENT_METHOD> <CONFIRMATION></CONFIRMATION> <PAYMENT>4.95</PAYMENT> </USG> Web page portal exposure. Benefits include: Hotel Ability to target markets by location and the local port. MDU Central management of multiple sites. Airport Lounges

Security – Secure XML Unique Nomadix functionality This feature allows the Operator to use Nomadix’ popular XML API using the built-in SSL certificate functionality in the NSE so parameters passed between the Gateway and the centralized web server are secured via SSL. This feature is automatically enabled when the SSL certificate is loaded. Unique Nomadix functionality

Central management of multiple sites. RADIUS Support Enables an ISP to use an existing RADIUS server to authenticate subscribers through the Nomadix USGTM. The USGTM supports following RADIUS attributes: Automatic Account Creation: New subscribers can create an acct instantly. Timestamp User-Name NAS-IP-Address NAS-Port-Id NAS-Port-Type NAS-Identifier Acct-Status-Type Also known as Record-Type (Start/Stop/Alive) Acct-Session-Id Acct-Output-Octets Acct-Input-Octets Acct-Session-Time Acct-Idle-Timeout Acct-Terminate-Cause Acct-Delay-Time Framed-IP-Address Request-Authenticator Nomadix-Bw-Up = USG will receive and send this information. Nomadix-Bw-Down = USG will receive and send this information. Nomadix-Url-Redirection = USG will receive this not give it Nomadix-Ip-Upsell = USG will receive this not give it. This is used for giving a subscriber a public IP address on the same network as the USG. Central management of multiple sites. Profile Groups: A service provider can create service attributes for a "gold", "silver", or "bronze" service. RADIUS Roaming SDU MTU Airport Lounges

Enhanced Roaming – RADIUS Proxy The purpose of the RADIUS Proxy functionality in the NSE is to relay authentication and accounting packets between the parties performing the authentication process. Different realms can be set up to directly channel RADIUS messages to the various RADIUS servers. This functionality can be effectively deployed to: support a wholesale WISP model directly from the edge without the need for any centralized AAA proxy infrastructure support EAP authenticators (e.g. WLAN AP) on the subscriber side of the NSE to transparently proxy all EAP types (e.g. TLS, SIM) and to allow for the distribution of per-session keys to EAP authenticators and supplicants. Step 1: Enable proxy server and define port numbers Step 2: Define NAS IDs per RADIUS service profile (realm)

Enhanced Roaming – NAI Routing Complements the RADIUS Proxy functionality in the NSE to route RADIUS messages depending on the Network Access Identifier (NAI). Both prefix (ISP/username@ISP.net) and suffix-based (username@ISP.net) NAI routing mechanisms are supported. Up to 50 policies can be defined. Together, the RADIUS Proxy and NAI Routing further support the deployment of the Wholesale Wi-Fi model allowing multiple providers to service one location.

WholeSale Model Only one L2TP tunnel needed per ISP.Per User PPP session going through L2TP tunnels to respective ISPs. PPP Sessions initiated on User Login via Gateways portal/Login page. Tunneling based on “Realm” ( prefix or suffix ) specified in the username. Tunnel parameters retrieved via either RADIUS request or pre-configured in HSG. PPP authenticates and specifies IP address for the user. iNAT translates each subscriber’s private address to one provided by own ISP

Tunneled Broadband Access WAN Multiple ISP Tunnel Support Tunneled Broadband Access WAN ISP2 RADIUS ISP1 L2TP Gateway Tunnel endpoint LNS - L2TP Gateway: HotSpot Gateway (HSG) PPPoA ISP1 SUBSCRIBER joe@isp1.com tunneled connection for all ISP1 users tunneled connection for all ISP2 users User name authentication Tunnel authentication based on realm ADSL/ATM Planet SUBSCRIBER mary@isp2.com Internet ISP2 SUBSCRIBER frank@isp2.com ISP2 SUBSCRIBER peter@isp2.com

PMS Integration Adds seamless billing to the Hotel’s PMS (Property Management System). Supported PMS protocols include: Ramesys ImagInn PMS Virtual XL Call Accounting System (XETA Communications) System 21 HOBIC – RS1 HOBIC – TSPS HOBIC – TEST HOBIC – 1BT2 HOBIC – OSPS LMS Micros Fidelio Micros ( 1700/2000/3700/4700/8700 System Software ) Lodging Link (PTI) Holidex (AutoClerk) Hilton 1 Hilton 2 Marriott proprietary PMS ASCII Serial Printer

Billing – Duration-based billing Create billing plans that work in a similar fashion to pre-paid telephone cards. With this functionality, the Internal Web Server (IWS) of the NSE allows the definition of billing plans for time ‘x’ over period ‘y’. Standard billing plans (time x = period y) can be used concurrently. For example, multiple plans with flexible billing event options can be enabled such as: Plan A: 24 hours, 256kbit/s downstream, 128kbit/s upstream, public IP address, $15 Plan B: 8 hours to be used over 5 days, 512kbit/s downstream, 256kbit/s upstream, private IP address, $35 Plan C: 1 week, 1mbit/s downstream, 1mbit/s upstream, public IP address, $99 In addition to credit card billing, Property Management Systems used by hotels are also supported along with the internal data base of the NSE and billing via Nomadix’ secure XML API. Unique Nomadix functionality

Hospitality – Post-paid PMS Nomadix first implemented post-paid PMS billing logic to support the proprietary NH PMS interface. Now, this billing logic has been extended to support all existing PMS interfaces (e.g. all five HOBIC versions, Marriott, Micros Fidelio, etc.). With the new functionality, the hotel guest now has the option to terminate his connection (via the ICC) and be only billed for the actual time he/she was online. Nomadix therefore offers the widest support for guest room billing methods including both pre-paid (i.e. pay-TV type charges) and post-paid (i.e. telephone type charges) methods. Unique Nomadix functionality

Port Mapping SNMP query for: VLAN Tagging with the 802.1Q standard Lucent DSL Terminator Tut Systems Tut MDU Lite Systems RFC1493 Compliant Systems (RC Networks, 3Com, etc…) Allows for identifying the physical location of the subscriber (essential for PMS post billing). VLAN Tagging with the 802.1Q standard Allows for identifying the physical location of the subscriber (essential for PMS post billing).

Pass-Through Addresses Example of Service Provider’s portal page. Subscribers can get to local content without having to purchase access. Service Provider gets an increase in take rate by giving free access to selected partners. Server Provider gets additional revenues from subscribers for referrals even though the subscriber has not yet purchased Internet Access.

Pass-Through Addresses Example of Service Provider’s portal page. If the subscriber tries to go to any web site that is not listed as a passthrough site, they will be redirected to the Service Provider’s Portal Page.

Information Control Console (ICC) Pop-up Information Connection Console The ICC is a pop-up control panel that can be used by the service provider for generating revenues. The ICC will pop up when the subscriber accesses the Internet for the first time after authentication. Features of the ICC are: Service Change Confirmation window Service Selection dropdown menu: Subscriber can upgrade their service level for large downloads. Redirect Banner: 5 banner images or text messages. Display time is set in seconds. Also 4 banners can be set to activate at a specific time. Easy to read, time display window Example Example Redirect Buttons: 8 buttons for redirecting to any URL you specify. Time Remaining Display Logout button when RADIUS is used Redirect button (big): 1 large button for redirecting to any URL you specify. Logout confirmation window

Enhanced Roaming – Intra-session service branding Pop Up Log-Out Button The NSE now lets the administrator define a simple HTML-based pop-up window for explicit logout that can be used as an alternative to the more fully featured ICC. The Pop Up Log-Out button contains the opportunity to display the elapsed/count-down time and one logo for intra-session service branding. HTML-based ICC The existing JAVA-based ICC has been replaced with an HTML/Javascript version to enhance its performance and reduce browser compatibility issues while also allowing its distribution from a centralized location/server.

Enhanced Roaming – End-to-end Service Branding The Nomadix 5-Step Service Branding Methodology Flash Branding Welcome, Service Acquisition & Login Personalized content AAA status Pending Valid 1 2 3 Intra-session branding with definable persistence 4 5 (Splash Page) (Portal Page & Parameter Passing) (Home Page & RADIUS VSA) (ICC or Logout button) Post-session ‘Thank you and Good-bye’ Nomadix functionality (IWS Goodbye Page or RADIUS VSA) Unique Nomadix functionality

Enhanced Roaming – Service Branding at session termination As part of the FIVE step Service Branding Methodology introduced by Nomadix, a Session Termination page option is now available in this release. The Session Termination page is a post session page that can either be defined as a RADIUS VSA or be driven by the internal web server in the NSE. Using the Internal Web Server option means that this functionality is available for all post-paid billing mechanisms (e.g. post-paid PMS). The IWS page displays the details of the user’s connection such as: IP address of the user Type of AAA Start/Stop time Bytes sent/received Freely configurable Hypertext link (in case the ISP wants to link the user back to a sign-up/help page) IWS: Post Session Page RADIUS VSA: Good-bye URL

Security – Session Rate Limiting & MAC filtering Session Rate Limiting (SRL) Reduces the risks of Denial of Service attacks by allowing administrators to throttle the number of DATTM sessions anyone user can take over a given time period. MAC Filtering Once identified, MAC filtering can be used to permanently block a malicious user. Unique Nomadix functionality

Management Direct and Remote Features Command Line Interface (CLI). A terminal session directly connected via a serial cable. Telnet session. Similar to CLI but remotely done. Web Management. Remotely through any Web Browser. FTP (File Transfer Protocol). For managing files in the flash of the Nomadix USGTM. SNMP (Simple Network Management Protocol). Using standerd networking tools. SSH ( Secure Shell ) – SFTP ( Secure FTP )

Network Management – Static Port Mapping This feature allows the network administrator to setup a port mapping scheme that forwards packets received on a specific port to a particular static IP (typically private and mis-configured) and port number on the subscriber side of the NSE. The advantage for the network administrator is that free private IP addresses can be used to manage devices (such as Access Points) on the subscriber side of the NSE without setting them up with Public IP addresses. Several competitive solutions require costly one-to-one NAT for private side device management.

IPSEC Tunnel capability to initiate an IPSec tunnel to pass management and RADIUS traffic securely to an IPSec termination server. Typical management traffic includes ICMP – PING from NOC to edge devices Telnet – Telnet from NOC to edge devices Web Management – HTTP access from NOC to edge devices SNMP SNMP GET from NOC to subscriber-side device (e.g. AP) SNMP SET from NOC to subscriber-side device (e.g. AP) SNMP Trap from subscriber-side device (e.g. AP) to NOC

IPSEC Tunnel

GRE tunneling In order to enable a centralized deployment scenario the NSE now has the ability to form a GRE tunnel to a termination server and route all subscriber traffic through it. This can be used effectively in a centralized solution with a centralized IP allocation scheme. The AG essentially acts as a bridge in this mode.

GRE tunneling

GRE tunneling

High Availability – Fail-over Many large scale highly prominent networks (e.g. tradeshows, convention centers, etc.) require Fail-over support for all devices in the Public-access network. This release of the NSE allows two Nomadix Gateways to act as siblings, where one device will take up the users should the other device become disconnected from the network. As part of this functionality, the settings (except IP settings) between the two devices will be synchronized automatically.

AG2000 Multiple SSID Up to 16 SSID per Gateway Only 1 will be broadcasted. Optional VLAN tagging per SSID SSID portal parameter for specific portal per SSID.

AG2000 Multiple SSID

Airport Application Ethernet Airport Implementation Airport Cologne, Bonn, Germany Oslo Airport, Norway (Data Equipment) Schiphol Airport, The Netherlands

Hotspot Application Wireless/Ethernet Switch

Hotel Application