More and more retail, hospitality, and co-working space operators recognize that providing WiFi internet access is more than a simple customer amenity. Instead, it is a great way to build customer and brand loyalty, increase engagement, gain customer insight, and upsell new services.

For example:

Secure WiFi Access in Captive Portal Hotspots and Co-Working Environments

Flexible, Integrated, Cost-Effective Service Delivery

Solution Brief

A retail store can offer in-store promotions and influence shoppers based on known preferences

A restaurant or coffee house can deliver “good-today-only” coupons to on-site customers

A hotel chain can enable perks such as free WiFi to loyalty program members

A co-working space can effectively control access, and meter and charge tenants for WiFi service

RequirementsTo deliver a consumer - friendly hot spot captive portal experience, the a merchant or business owner must architect a solution that satisfies the following requirements:

Simple user interface – Customers must be able to easily access the portal and get internet access via a splash screen or browser based login similarly simple interface.

Ability to gather information – Network owners must be able to derive value from the service offering by capturing customer names or other desired information, or measure and record usage.

Content delivery mechanism, usually through the browser's splash screen sign-on page to deliver targeted ads, discount offers, and other information to influence customer behavior.

Seamless integration with a back-end data store, whether it be a simple SQL database or a self registration or third-party guest management system.

Ability to deliver service level according to customer – Network Portal owners must be able to configure network connections to enforce service access policies, including according to session length limits, time limits or bandwidth throttling.

A robust, easy-to-implement captive portal based hotspot system comprises the following elements:

Access points enabled with screen redirect / captive portal support such as those from Meraki, Cisco, Ruckus, and Aruba, Motorola.

Captive Portal web server software, either built-in or external, which provides the portal interface, user sign-on, interface and content delivery mechanisms.

Back-end data store against which the portal will authenticate users, such as, such as a VIP or Customer Loyalty program database, which could range anywhere from a SQL database you create yourself to a commercially available a self-registration system or a guest management system such as those employed by large hotel chains.

Cloud-hosted RADIUS server, such as Cloudessa RADIUS, which handles customer authentication, service level configuration, and usage tracking.

2/3

Cloudessa RADIUSThe purpose of this document is to illustrate the role Cloudessa The RADIUS server is a key component of the WiFi Captive Portal infrastructure, RADIUS plays in a hotspot implementation.

Cloudessa RADIUS sits at the core of a hotspot implementation, providing a multi-layer authentication service that lets network portal merchants and owners control who gets on their network and what they are able to do; while it also providing comprehensive user and usage insight and data.

Cloudessa RADIUS offers the following benefits to businesses and venues offering hotspot captive portal - based WiFi network access.

Cost-effective – As a hosted cloud-based service, Cloudessa RADIUS requires no physical footprint, and significantly reduces capital and operating expenses by eliminating server hardware and software costs as well as administrative complexity. Cloudessa RADIUS's usage-based pricing enables network owners to pay only for the services they need. (You can also run Cloudessa RADIUS in a private cloud on a virtual machine; click here for more information, and refer to Example 2 below.)

Capable of configuring customer service levels – Cloudessa RADIUS can authorize specific user network privileges such as session time limits or bandwidth restrictions, allowing network owners to offer the services that make sense for their business.

Compatible with a wide variety of back-end data stores – Cloudessa RADIUS can validate credentials against a wide array of user stores, including a native MySQL database, or external stores such as LDAP or SQL databases, Active Directory or cloud-based user stores such as Google Apps. A powerful API is also available to automate the interaction with third party self-registration programs, VIP & Customer Loyalty Program databases, or user / guest management systems.

Support for WiFi AP's and Captive Portal functionality from leading vendors. Cloudessa RADIUS works with any RADIUS-compatible WiFi AP, Controller, or Gateway supporting Universal Access Method (UAM) base screen redirect, and seamlessly integrates with any captive portal system that supports RADIUS, including built-in and external captive portal functionality from including Cisco, Meraki, Ruckus, Aruba, Motorola and other leading WiFi vendors.

Usable in public or private cloud - You can use Cloudessa RADIUS in the public cloud, where you can take advantage of a shared multi-tenant infrastructure. You enjoy the cost savings and management simplicity of RADIUS-as-a-Service, while critical user data stays under your control. Or, deploy Cloudessa RADIUS on a virtual machine running in a private cloud, data center, or individual or regional locations.

This diagram illustrates a hotspot implementation that is based entirely in the public cloud. Here, a user - located, for example, in a retail store, hotel, or co-working space – gains WiFi access via “Sign-on Splash”a browser- based login to a Captive Portal from a WiFi network managed by a Cloud Controller Platform.When using Sign-on Splasha browser- based login to authenticate a user to a Captive Portal, the Cloud Controller Platform sends the authentication request to Cloudessa RADIUS, which then authenticates the user against an existing supplementary user store, or new credentials issued by a guest management or payments platform, stored in an LDAP or SQL database.Once authenticated, Cloudessa RADIUS returns authorization attributes to the WiFi AP or Controller to authorizes specificconfigure user specific network privileges such as session time limits, time of day or bandwidth restrictions, VLAN assignment, and other configurable gateway parameters.Cloudessa RADIUS then records all authentication and accounting activity to log files, which can be aggregated with other network and user store information to create a comprehensive view of user and session data for customer analytic and billing purposes.

Example 1. Public Cloud: Cloudessa RADIUS Service Authenticates Access to Captive Portal via Browser Based Login

Cloudessa, Inc.2225 East Bayshore Road, Suite 200Palo Alto, CA, 94303P

3/3

For full details on Cloudessa RADIUS, help with a deployment, or to join the Cloudessa Partner program, please visit www.cloudessa.com.

This diagram illustrates a WiFi hotspot implementation where Cloudessa RADIUS and the WiFi Controller are located in a private cloud, for example a private enterprise or carrier data center. Here, a user – located, for example, in a hotel, conference center, or co-working space – gains WiFi access via a browser based login to a Captive Portal on a WiFi network managed by a WiFi Network Controller on the local network.

When using a browser-based login to authenticate a user to a Captive Portal, the AP or the WiFi Network Controller sends the authentication request to the Cloudessa RADIUS Virtual Appliance, which then authenticates the user against a supplementary user store, or new credentials issued by a guest management or payments platform, stored in an LDAP or SQL database.

Once authenticated, Cloudessa RADIUS authorizes specific user network privileges such as session time limits, time of day restrictions, VLAN assignment, and other configurable gateway parameters.

Example 2. Private Cloud: Captive Portal Browser-Based Login via Cloudessa RADIUS Virtual Appliance