Click here to Subscribe

BPL
LMDS
GPU
VoP
OLED
DSP
Opera Browser
The FCC
More...

View this feed in your browser

Other Services:


Search All Issues, Conference Reports and Tutorials

Web Services Summit

Fair Use or Copyright?

Deregulation Smoke and Mirrors

More...
 

Ecutel Tutorial


Ecutel Background

Ecutel was formed in 1996 by two former Department of Defense software information network experts. After three years of development, Viatores was first released to a limited audience in May 1999, and made available to the public in May of 2001. Viatores combines standards-based security and mobility protocols IPSec and Mobile IP to enable users to roam in the office on wireless and wired LANs or outside on public networks, all while maintaining their connection to the home network.

Viatores Mobile Private Network (MPN) Software

A true mobile system like Ecutel is offering enables continuous activity, even when a user changes their point of attachment to the network. This means that a session begun within an office, could be continued, without rebooting, in another office, in a parking lot, or in an airport - using the same client. This is very different than portable computers and the networks we have today, which although portable, do not offer the ability for a continuous connection.

There are two versions of the Viatores MPN software - an enterprise edition and a WLAN edition for home users. For our discussion, we will concentrate on the enterprise version.

The enterprise edition enables mobile devices to roam between private networks, public networks and private visiting networks using a variety of communication networks including:

  • Wireless Local Area Networks (LANs) - 802.11
  • Wired LANs - Ethernet
  • Wide Area Networks (WANs)
  • VLANs - With layer 3 switch
  • Wireless Public Networks - GPRS, GSM-Data, CDMAone, D-AMPS, DoCoMo, HS-CSD
  • Wired Public Networks - POTS, ISDN, DSL, Cable

The underlying protocols that facilitate this system are Mobile IP and IPSec. Mobile IP allows seamless network travel so that users can have secure but spontaneous communications. IPSec offers added security.

Viatores operates at the network layer of the TCP/IP stack, because it is far enough above the Link-layer to remain independent of the physical link. The system allows a user to use the same IP address as on his/her corporate network.

The software also enables workers to cross firewalls without compromising corporate network security or the security of the visited networks. This is done using layered tunneling using IP-in-IP and HTTP encapsulations.

Software Components

Viatores server - This "home agent" is the core component of the system. It resides within the corporate network and is responsible for encryption, authentication and traffic management.

Viatores client - Software on the client device is responsible for functions including device discovery, communication with the server components, authentication and encryption/decryption.

Viatores gateway - Located outside the firewall, the gateway provides a portable device for the user. It is responsible for authenticating traffic directed to the server, before forwarding it across the firewall.

Viatores relay point - Located on the network the mobile computer is visiting, the relay point provides routing services while the client is attached to a foreign network. Essentially, the relay point routes traffic between the server and client.

Viatores Multiplexer (MUX) - The MUX is used by the system to accept HTTP-only traffic and direct it to the server. This component can be located inside or outside the firewall.

Viatores manager - The manager is an offline component used by the network for user configuration, key management and policy distribution. This can reside on any machine and is able to communicate with the server, relay point, gateway and individual clients.

Terms

Essential to the Viatores system are several standards and protocols including Mobile IP, IPSec and tunneling.

Mobile IP - Standard proposed by a working group within the International Engineering Task Force (IETF) which allows a mobile node to use two IP addresses: a fixed home address which is static and used to identify TCP connections, and a care-of address that changes at each new point of attachment. When the mobile node moves, it registers its new care-of address with its home agent. Packets are directed through the home agent, from home network to the new registered address. This process is called redirection.

IPSec - A set of protocols developed by the IETF to support the secure exchange of packets at the IP layer. IP allows a packet to be addressed and inserted into a communication system. TCP/IP then is needed to establish a connection between the two participants, so that they can send messages back and forth. IPSec supports Transport and Tunnel encryption which encrypts only the data portion of each packet (leaves the header unencrypted) as well as Tunnel mode which encrypts both the header and payload. IPSec requires that the sender and recipient share a public key, which allows the receiver to authenticate the sender using digital certificates. This process uses a protocol called Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley).

Tunneling - A technology that allows data to flow between networks. Tunneling works by encapsulating a network protocol within a packet on the second network. Tunneling is also called encapsulation.

 

 

Additional sources of information*

Ecutel Viatores Product Info
Mobile Networking Through Mobile IP tutorial


*The WAVE Report is not responsible for content on additional sites 11/29/01

Comments?
E-mail webmaster
Page updated 1/24/07
Copyright 4th Wave Inc, 2007

  
1996 1997 1998 1999 2000 2001 2002 2003 2004 2005