Manage WiFi Access in Captive Portal Hotspots and Co-Working Spaces

More and more retail, hospitality, and co-working space operators recognize that providing WiFi internet access is more than a simple customer amenity. Instead, it is a great way to build customer and brand loyalty, increase engagement, gain customer insight, and upsell new services.

For example:

  • A retail store can offer in-store promotions and influence shoppers based on known preferences
  • A restaurant or coffee house can deliver ″good-today-only″ coupons to on-site customers
  • A hotel chain can enable perks such as free WiFi to loyalty program members
  • A co-working space can effectively control access, and meter and charge tenants for WiFi service

Requirements

To deliver a consumer-friendly hotspot captive portal experience, a merchant or business owner must architect a solution that satisfies the following requirements:

  • Simple user interface – Customers must be able to easily access the portal and get internet access via a browser based login.
  • Ability to gather information – Network owners must be able to derive value from the service offering by capturing customer names or other desired information, or measure and record usage.
  • Content delivery mechanism, to deliver targeted ads, discount offers, and other information to influence customer behavior.
  • Seamless integration with a back-end data store, whether it be a simple SQL database or a self registration or third-party guest management system.
  • Ability to deliver service level according to customer – Portal owners must be able to configure network connections to enforce service access policies, including session time limits or bandwidth throttling.

A robust, easy-to-implement captive portal based hotspot system comprises the following elements:

  • Access points enabled with screen redirect / captive portal support such as those from Meraki, Cisco, Ruckus, Aruba, Motorola.
  • Captive Portal web server, either built-in or external, which provides the portal interface, user sign-on, and content delivery mechanisms.
  • Back-end data store against which the portal will authenticate users, such as a VIP or Customer Loyalty program database, a self-registration system or a guest management system such as those employed by large hotel chains.
  • Cloud-hosted RADIUS server, such as Cloudessa RADIUS, which handles customer authentication, service level configuration, and usage tracking.

Cloudessa RADIUS

The RADIUS server is a key component of the WiFi Captive Portal infrastructure, providing a multi-layer authentication service that lets portal merchants and owners control who gets on their network and what they are able to do; it also provides comprehensive user and usage insight and data.

Cloudessa RADIUS offers the following benefits to businesses and venues offering captive portal-based WiFi network access:

  • Cost-effective – As a hosted cloud-based service, Cloudessa RADIUS requires no physical footprint, and significantly reduces capital and operating expenses by eliminating server hardware and software costs as well as administrative complexity. Cloudessa RADIUS’s usage-based pricing enables network owners to pay only for the services they need. (You can also run Cloudessa RADIUS in a private cloud on a virtual machine; click here for more information, and refer to Example 2 below.)
  • Capable of configuring customer service levels – Cloudessa RADIUS can authorize specific user network privileges such as session time limits or bandwidth restrictions, allowing network owners to offer the services that make sense for their business.
  • Compatible with a wide variety of back-end data stores – Cloudessa RADIUS can validate credentials against a wide array of user stores, including a native MySQL database, or external stores such as LDAP or SQL databases, Active Directory, or cloud-based user stores such as Google Apps. A powerful API is also available to automate the interaction with third party self-registration programs, VIP & Customer Loyalty Program databases, and user / guest management systems.
  • Support for WiFi AP’s and Captive Portal functionality from leading vendors. Cloudessa RADIUS works with any RADIUS-compatible WiFi AP, Controller, or Gateway supporting Universal Access Method (UAM) base screen redirect, including Cisco, Meraki, Ruckus, Aruba, Motorola and other leading WiFi vendors.
  • Usable in public or private cloud - You can use Cloudessa RADIUS in the public cloud, where you can take advantage of a shared multi-tenant infrastructure. You enjoy the cost savings and management simplicity of RADIUS-as-a-Service, while critical user data stays under your control. Or, deploy Cloudessa RADIUS on a virtual machine running in a private cloud, data center, or individual or regional locations.

Example 1. Public Cloud: Cloudessa RADIUS Service Authenticates Access to Captive Portal via Browser-Based Login

Cloudessa RADIUS Manages Captive Portal Access

This diagram illustrates a hotspot implementation that is based entirely in the public cloud. Here, a user — located, for example, in a retail store, hotel, or co-working space — gains WiFi access via a browser-based login to a Captive Portal from a WiFi network managed by a Cloud Controller Platform.

When using a browser-based login to authenticate a user to a Captive Portal, the Cloud Controller Platform sends the authentication request to Cloudessa RADIUS, which then authenticates the user against an existing user data store, or new credentials issued by a guest management or payments platform, stored in an LDAP or SQL database.

Once the user is authenticated, Cloudessa RADIUS returns authorization attributes to the WiFi AP or Controller to configure user specific network privileges such as session time limits, time of day or bandwidth restrictions, VLAN assignment, and other configurable gateway parameters.

Cloudessa RADIUS then records all authentication and accounting activity to log files, which can be aggregated with other network and user store information to create a comprehensive view of user and session data for customer analytic and billing purposes.

Example 2. Private Cloud: Captive Portal Browser Based Login via Cloudessa RADIUS Virtual Appliance

Cloudessa RADIUS Manages Captive Portal Access

This diagram illustrates a WiFi hotspot implementation where Cloudessa RADIUS and the WiFi Controller are located in a private cloud, for example a private enterprise or carrier data center. Here, a user – located, for example, in a hotel, conference center, or co-working space – gains WiFi access via a browser-based login to a Captive Portal on a WiFi network managed by a WiFi Network Controller on the local network.

When using a browser-based login to authenticate a user to a Captive Portal, the AP or the WiFi Network Controller sends the authentication request to the Cloudessa RADIUS Virtual Appliance, which then authenticates the user against a supplementary user store, or new credentials issued by a guest management or payments platform, stored in an LDAP or SQL database.

Once authenticated, Cloudessa RADIUS authorizes specific user network privileges such as session time limits, time of day restrictions, VLAN assignment, and other configurable gateway parameters.