1. Nera
Managed IP
Transparent IP Service Over
Inmarsat Mobile Packet Data System (MPDS)
Peter Coffman VP NAM / Oddvieg Tretterud Senior Engineer M2M Solutions
2. Managed IP Service
Managed, reliable IP based
satellite service
Secure VPN between Enterprise
and Inmarsat network access
point
Global coverage through one
interface
Includes “always on” capability
for on-demand polling
Allows for use of private, static
IP addresses
Well suited for
Customers who already have
an application, but need Wide
Area Wireless coverage
Fixed, long term installations
L2TPL2TP SBSHLES
Inmarsat MPDS NetworkEnterprise
Workstation
Workstation
Workstation
IPSec
Firewall
Server
M2M Gateway
VPN MiniPC
MPDS
modem
AT cmd
IP
Remote SiteRouter
Router
IP service
Nera Support
3. Nera Offering
Network services with airtime
Inmarsat Mobile Packet Data (MPDS)
Real time IP based data service
Support
Satellite packet data terminal
Tailor made for data use
ATEX approved for use in hazardous environments
MiniPC
Controls satellite terminal and maintains the communication link
Allows for embedded applications
“Always on” capability provided through a hosted gateway and tailor
made connection software on the client side
24/7 monitoring of
The VPN connection
Data sessions with remote sites
VPN server can be provided as an option
4. Managed IP - Value Add
Allows for closer monitoring and follow up of each remote client
M2M Gateway maintains tunnels with several Inmarsat Home Land Earth Stations (HLES)
Provides a secure VPN connection from the Enterprise into the MPDS network over the Internet
Provides one physical point of access
Only one single VPN from Enterprise to Gateway is required to reach any site globally
Remote sites can use multiple Inmarsat stations for redundancy through one Enterprise VPN
Enables Enterprise users to poll, to request data or to initiate data transfers to the
remote clients any time
Allows use of static, private IP addresses
One IP address uniquely identifies the remote user
Corporate side can route outbound traffic based on IP address without need for additional mapping
arrangements
“Always on” data connection support is made possible through
Administering and handling of own IP addresses
Client Connection software
Remote client optimized recovery software to prevent need for human attention or
intervention
Managed service reduces complexity and need for customer involvement
Wide Area Wireless communication is operated by network experts
Customers can focus on core business
5. Gateway functions
Maintain and monitor
secure tunnels with
Inmarsat HLES’s
Enterprises
Authorize end users
Administer, manage and
assign IP addresses to
clients
Maintain data connections
Routes data
Generate statistics
One customer interface to
multiple HLES’s
LNS
Radius
Wireless Matrix
M2M Gateway
RT
Server
VPN
SBS
HLES
1
Secure
Internet
LAC
Inmarsat Service Provider SBS
HLES
1
Secure
Internet LAC
SBS
HLES
1
Secure
Internet LAC
Inmarsat Service Provider
HLES 1
HLES 2
HLES 3
MPDS
modem
IP Mini
PC
Remote Site
MPDS
modem
IP Mini
PC
Remote Site
MPDS
modem
IP Mini
PC
Remote Site
6. Remote Side
MiniPC
Supports embedded
applications
Low power consumption
Small form factor
Software for
Automatic set up
Monitoring of connection
Mechanism to recover from
error situations without human
intervention
Satellite terminals supported
NWC Data
F55
MiniPC Nera World Communicator Data
7. L2TP tunnel
L2TP tunnel
Ethernet
Cisco
Router
Customer Host
PC
PC
IP address 2IP address 1
Private IP range
Subnet
E.g. 10.142.X.X
Transparent IP Option 1: Router behind firewall
Customer Host
Transparent IP Option 2: No firewall
Gateway
Firewall
MPDS
modem
MiniPC
Remote Side
IP address assigned,
E.g. 10.142.2.19Ethernet
Cisco
Router
Customer Host
PC
PC
IP address 1
Private IP range
Subnet
E.g. 10.142.X.X
GatewayIPSec tunnel
MPDS
modem
MiniPC
Remote Side
IP address assigned,
E.g. 10.142.2.19
Address 1 and 2 must be
within the same subnet
Information needed from customer:
1) NWC Data satellite terminal’s forward ID
2) Public IP address (1) for router
3) Public IP address (2) for firewall (Option
1 only)
4) IP subnet used
5) IPSec preshared key
6) IPSec encryption method
a) DES-56
*)
b) 3DES-168
7) IPSec IKE proposal for Phase 1
a) 3DES with SHA1,
Diffie-Hellman group 2 (1024 bits)
b) 3DES with MD5,
Diffie-Hellman group 2 (1024 bits)
c) DES with SHA1,
Diffie-Hellman group 2 (1024 bits)
d) DES with SHA1,
Diffie-Hellman group 1 (768 bits) *)
e) DES with MD5
Diffie-Hellman group 1 (768 bits)
*)
*)
Recommended
IPSec tunnel
Inmarsat
HLES
Inmarsat
HLES
Architecture
8. Parameter Registration
Input needed from customer
MPDS modem’s Forward ID
Destination IP address (server
to communicate with)
IP address of VPN server
IP address of firewall (when
applicable)
Subnet used
IPSec pre-shared key
IPSec encryption method
IPSec IKE
Nera assigns
Client’s IP address