Platform functions
0 programming, with a professional and easy to use IoT system to meet their own needs
  • Multi-vendor interfacing
  • High Performance Engine
  • Push Strategy
  • Multi-level permissions
  • Private Network Interfaces
  • Authentication Methods
  • MAC unaware
  • secondary certification
  • 802.1X
  • billing strategy
  • Page customization
  • Financial Management
  • Statistical Analysis
  • Self-opening
  • Multilingual
  • Multi-vendor  interfacing
    Multi-vendor interfacing
    It can interface with Huawei, ZTE, H3C, Ericsson, Bell Alcatel, Cisco, JUNIPER, ARUBA, Huanchuang, Hanming, Digital China, Boda, Mikrotik, AIFL, Bihaiwei, PANABIT and other manufacturers' equipment.
  • High Performance Engine
    High Performance Engine
    The authentication response speed reaches more than 4000+ times per second. More than 20 times the performance of similar products in the industry.
    Compatible with CMCC's high-performance Portal engine, the response speed per second to more than 4000 times, support for multi-machine load balancing.
    Hash-based efficient database design, 10,000 users and a million users no difference in performance.
    Single-machine deployment supports a maximum of one million user management.
    Support WEB server, PORTAL, RADIUS, database independent deployment.
     
  • Push Strategy
    Push Strategy
    Push the content of the designated PORTAL page to the designated user at the designated time and place
    Push page supports different content display for mobile and PC
  • Multi-level permissions
    Multi-level permissions
    Administrator customization: Multiple levels of administrators can be set in the system. Administrator roles can be preset. Such as operator, administrator, fee collector, maintenance staff, partner, etc. Each administrator can set different permissions
     
    Independent agent permissions: agents are customized by the administrator and can set permissions. Agents have independent operating interface, and the administrator does not interfere with each other to enhance security
     
    Regional and project management crossover: regional management can be set at unlimited levels; project management by different operators; regional and project management permissions crossover, can be set flexibly
     
    Different administrators do not interfere with each other: different administrators with different rights have different management rights; they cannot access the users and contents of other administrators' rights
     
  • Private Network Interfaces
    Private Network Interfaces
    When deploying public network address in the cloud
    Support any IP address NAS device access
    RADIUS protocol supports arbitrary IP access authentication
    Support multiple device access authentication
     
  • Authentication Methods
    Authentication Methods
    Multiple Authentication Methods
    Platform-based PORTAL design flexibility
    Basically all the authentication methods seen in the market can be implemented
  • MAC unaware
    MAC unaware
    Support MAC-aware fast authentication of major manufacturers' AC/BRAS/switches and other devices
    Wireless network adopts perceptionless authentication to log in. When user devices log in wireless network for the first time, the MAC address of the devices will be bound to the account, and thereafter when using wireless network again, the backend system will detect the MAC address and the bound devices will be automatically authenticated to access the Internet directly.
  • secondary certification
    secondary certification
    Docking with operators, supporting a variety of secondary authentication methods, including
    PPPOE dial-up secondary authentication
    AAA forwarding secondary authentication
    PORTAL secondary authentication
  • 802.1X
    802.1X
    802.1X is a port-based authentication policy (where a port can be a real physical port or a logical port like a VLAN, and for wireless LANs the "port" is a channel)
     
    The ultimate goal of 802.1X authentication is to determine whether a port is available or not. For a port, if the authentication is successful then the port is "opened" and all messages are allowed to pass through; if the authentication is not successful then the port is kept "closed" and only 802.1X authentication messages are allowed to pass through EAPOL.
  •  billing strategy
    billing strategy
    Annual, monthly, daily billing
    Hourly billing
    Precise traffic billing
    Prepaid/Postpaid
    No billing strategy
  • Page  customization
    Page customization
    Authentication page customization: users can easily use any web editing language to design their own authentication page style, as well as the style of the authentication success page, and also set the time for the authentication success page to be displayed.
    WEB editing: PORTAL authentication page, which can be edited through the WEB management interface, can be modified and edited for pictures, text, links, colors, authentication methods, etc., to make it meet the usage requirements of different scenarios.
    URL jumping: support for forced jumping to a URL after successful user authentication.
    Terminal adaption: the authentication page will push different forms of authentication pages depending on the terminal type, such as PC and cell phone pushing different PORTAL pages, or Android and IOS pushing different PORTAL pages.
    Authentication front-end separation: support authentication front-end page and Portal server separation, users can specify the front-end WEB authentication page address at will.
     
  • Financial Management
    Financial Management
    User recharge account
    User top-up renewal
    Financial order records
    Sales report statistics
    User billing records
    User self-service payment
    Business reconciliation function
  • Statistical Analysis
    Statistical Analysis
    Active terminal statistics, number of registered users trend, number of online users trend, registration type statistics, Internet access terminal statistics
    Account online rate statistics, online user rate statistics, per capita Internet hours, per capita Internet traffic, authentication failure record table
    PORTAL push log, package user ratio, number of expired users statistics, number of renewed users statistics
  • Self-opening
    Self-opening
    The system comes with a user self-service platform, so users can open their own accounts, top up their own accounts and renew their own accounts.
    Users can use their own account to log in and achieve the following functions.
    Query basic information
    Query order information
    Self-service off-line
    Query Internet history
    Self-service payment function
    Self-service registration for new users to pay for Internet access
  • Multilingual
    Multilingual
    Multi-language support
    Default support for English and Chinese
    Additional language support can be extended upon request
Seamless connection with major brand manufacturers
Compatible with domestic and foreign mainstream network equipment, covering 90% of the market, providing wired and wireless heterogeneous network authentication solutions for enterprises and businesses.
对接厂商
Application Industry
  • University WIFI billing
  • Factory dormitory WIFI
  • Enterprise Internet Certification
  • Satellite WIFI charges
  • 高校WIFI计费
    University WIFI billing
    Blue Ocean Excellence authentication and billing platform is applicable to WIFI authentication and billing projects in universities and vocational schools.
    It can provide operators with an easy-to-use, easy-to-manage and powerful full-featured campus authentication and billing platform.
     
  • 工厂宿舍WIFI
    Factory dormitory WIFI
    WIFI certified Internet access suitable for corporate dormitory centralized living
    By adopting a fully self-service i registration and payment process, the user's account opening and Internet access rate is improved
    Flexible tariff packages, more suitable for the characteristics of the rapid mobility of factory employee
  • 企业上网认证
    Enterprise Internet Certification
    Provide authentication access and auditing for corporate Internet access
    Password login for employees
    Provide SMS or code login for visitors
    Provide two-factor authentication for enterprises with high encryption requirements
    Linkage authentication with enterprise OA and other three-party authentication systems
  • 卫星WIFI收费
    Satellite WIFI charges
    渔船卫星转WIFI精准流量计费,货轮卫星转WIFI精准流量计费,游艇卫星转WIFI精准流量计费,野外营地卫星转WIFI精准流量计费,偏远地区卫星转WIFI精准流量计费
Authentication method
Support different scenarios and multiple authentication methods
  • 多分支统一认证
  • Text message authentication
  • 账号密码认证
  • 协助扫码认证
  • 一键登录认证
  • 802.1X认证
  • 无感知认证
  • 二次转发认证
  • APP对接认证
  • 哑终端准入
  • AAA转发
  • ​PPPoE代拨
  • 针对目前商场、连锁酒店等商家企业在无线网络建设及运营中存在的问题,商场、连锁酒店的无线接入认证解决方案需要满足以下需求:
    1、用户可以通过手机获取密码短信的方式方便的接入到无线网络中,只需要填写自己的手机号码接收密码短信即可;
    2、可以对接商家原有的会员系统,使会员可以直接在认证页面输入会员号进行上网;
    3、可以强制要求在认证页面下载APP,通过手机APP认证上网;
    4、商家企业可以对认证页面进行高度定制,页面支持多种设计语言,以实现对认证页面自由设计的需求;
    5、方便管理,能够对接入无线网络中的用户进行上网时间、上传下载速度及使用流量等方面的控制管理。
  • SMS authentication: a convenient and fast wireless real-name authentication method
    SMS authentication is widely used in enterprises, supermarkets, airports, stations, bank online stores, chain stores and other scenarios because of its convenient and fast authentication attributes and its ability to achieve real-name authentication.
     
     
    Tips.
    1、International SMS requirements.
     
    We met a foreigner at a party, and when we all opened our phones to search for WiFi, he shook his head helplessly and said that international SMS was not supported here. At that time, I was thinking "why not use the NatShell", NatShell SMS channel is compatible with domestic and international SMS channel, especially the airport such as more domestic and foreign users, the user network demand for places.
     
    2、Special field customization and audit requirements
     
    Customer: I want to add "visitor name" and "ID number" on the page to facilitate our visit statistics.
    NatShell: "Can be achieved"
    Customer: I also want to add "Company to which the visitor belongs" and "Reason for visit".
     
    NatShell: "Can be realized"
  • 账号密码认证

    针对企业员工,或是内部交费的用户,推荐使用用户名密码认证,用户只需在弹出的PORTAL页面上输入帐号密码,即可上网,简单易用。

      
  • 协助扫码:访客上网认证的最佳方式

    采用访客与被访人一对一扫码的方式对来访人进行授权。适用于网络安全性要求高的企业临时性访客使用。当访客进入访问网络空间,需被访人扫描二维码并进行授权,然后访客才可以使用网络,这种一对一的访客准入形式使得入网访客有迹可循,也在最大程度上保证了网络准入的安全。

    此认证方式优势:

    1、一对一认证授权加强企业对访客及被访人的审计追溯;

    2、2、仅允许用户在规定授权时间内使用。

    无线准入认证方式(图4)
      

    小贴士:

     

    1、访客信息谁来写?

    客户:被访人(企业员工)填写信息需要一个一个的问没有访客自己填方便,访客信息可否由访客来写。

    蓝海卓越:可在后台设置由访客来写还是企业员工来写,另外访客字段“访客姓名、手机号、所属公司、来访是由”也可以根据需要选择。

    2、协助扫码认证的好处?

    客户:与短信、微信相比,协助扫码认证的好处在哪?

    蓝海卓越:

    (1)短信微信认证属于自助式连接方式,协助扫码是只有在授权后才允许使用网络,防止了企业外来人员随意占用企业带宽,影响上网速度。

    (2)通过授权时间段控制上网时间,防止访客二次来访时仍然能上网的情况,否则如果被访人换了,一对一审计就失去了意义。

  • 一键认证

    适用于为了简化客户接入无线网络的步骤、节省客户时间、以及保护客户个人隐私的上网认证方式。



     

    应用场景

    一般适用于各种临时性活动场合,供用户进行临时性上网等使用场景。

    认证流程

    使用该方式上网较为简单,用户进入到无线覆盖范围,终端连接无线Wi-Fi,点击登录按钮。即可开始上网。如下图所示:

    小贴士:

     

    1、是否能与我现有的OA系统对接?

    客户:我们公司已经有现成的OA系统,我并不想进行两套系统的帐号维护,可否实现网络认证的兼容?

    蓝海卓越:蓝海卓越网络认证平台可对接第三方OA类平台,为企业提供安全稳定的认证体验。

    2、是否能与我公司的会员CRM系统对接?

    客户:我们公司的CRM系统里有大量的客户信息,我想让我的会员直接认证上网是否可以?

    客户:我们是一家商业公司,不定期会对会员提供优惠便利,是否可以将认证系统与会员CRM系统对接,在用户连接网络时看到一定的广告内容。

  • 802.1X认证:强安全认证

    802.1X认证,基于二层网络的强安全认证方式,与Portal、双因素认证结合实现无线空口加密及账号安全加固。

    无线准入认证方式(图7)
      

    小贴士:

     

    1、无线802.1X、Portal组合认证

    802.1X基于二层网络的认证方式,可实现无线空口加密传输,保护无线网络安全;

    Portal认证,可加固认证账号及密码的安全性;

    802.1X+Portal同时实现账号密码加固及无线空口加密传输。

    2、win7及以下版本的操作系统是否支持802.1X认证?

    win7 及以下802.1X配置繁琐,运维成本较高,对于win7及以下电脑建议使用Portal认证方式。

  • MAC无感知认证是一种基于MAC地址对用户的网络访问权限进行控制的认证方法,它不需要用户安装任何客户端软件。设备在启动了MAC地址认证的设备上线以后,即启动对该用户的认证操作。认证过程中,不需要用户手动输入用户名或者密码。若该用户认证成功,则允许其访问网络资源,否则该用户的MAC地址就被添加为静默MAC。在静默时间内(可通过静默定时器配置),来自此MAC地址的用户报文到达时,设备直接做丢弃处理,以防止非法MAC短时间内的重复认证。

    蓝海卓越MAC无感知认证默认启用,只需在对应的AC/BRAS/网关设备上配置启用MAC无感知认证即可。

    常见场景:

    1、企业办公场景:认证后且授权时间内,假如用户离开网络再次进入网络时,终端无需认证自动连接

    2、多分支无线漫游:如果多个分支机构统一部署蓝海卓越认证服务器,用户从一个分支到另一个分支可实现网络自动连接。

  • 通常是用于和运营商对接的收费场景,如高校、景区、工厂等环境,用户的帐号先在蓝海卓越的认证平台进行第一次认证,认证失败则直接拒绝,认证成功后,再将认证请求提交到运营商的BRAS和AAA进行认证


     
  • 通过第三方APP与蓝海卓越无线认证系统对接,实现用户上网身份认证,为第三方APP业务增加功能点,为终端用户提供增值服务,或是以企业自有 APP 作为登录 WIFI 认证入口,帮助增加 APP 的下载使用量。

    APP认证是由APP代替用户发起http请求,重定向到APP下载页面,APP根据终端系统下载相应的APP软件,安装完成并成功注册之后APP访问互联网。下图是后台认证流程:

     

    无线准入认证方式(图8)
      

  • 哑终端准入,基于终端合规的安全性准入过程。通过检测终端合规性条件,区分企业派发设备与权限认证,最终实现只有企业派发的终端才允许进入企业内网。


    应用价值

    加强对企业内部无线上网设备的统一管控制,如无线打印机、特殊手持终端、医疗终端等设备。

    认证流程

    哑终端认证是通过设备的MAC地址进行准入认证,需要预先将设备的MAC地址录入到蓝海卓越认证系统中。
    认证方式结合MAC无感知进行,当设备接入网络,自动完成认证,当设备离网,自动下线。
    设备更换后,原有设备MAC地址从认证系统中删除,则该设备就不能再进行联网。

  • AAA转发,通常用于和运营的AAA系统对接,由校园的计费平台将BRAS的认证请求直接转发到运营商AAA进行鉴权的一种认证方式。


    适用场景:
    地市运营商具备自主对接AAA权限;
    同一个校园网内多运营商同时接入,共享校园内网;
    校园运营商与运营商对接实现全自动开户缴费。
    优势:
    保障校方校园网信息化的自主性
    扁平化结构清晰,高性能的业务接口,业务对接环节简单
    学生自助绑定:学生登录自助服务平台订购运营商套餐和绑定学生卡号,与一卡通联动划扣。
    计费后台开放独立权限,运营商营业厅直接访问校方计费后台手动批量绑定
    全业务接口:运营商根据全业务接口开发,自动开户绑定,开发简便
    运营商接口:我方根据运营商接口协议开发

  • PPPoE一对一代拨,是由校园运营商建设校园网,由三大运营商提供带宽和帐号接入到校园出口,校园运营商为学生提供上网帐号,学生在客户端使用802.1x、IPoE、Portal、PPPoE等方式与代拨网关建立认证连接,再通过代拨网关自动转换为运营商帐号密码,实现一对一代拨上网。

    一对一代拨所有的收费由三大运营商收取,由校园运营商和三大运营商共同控制学生的上网认证,最终进行收入分帐。
Deployment mode
It supports multiple deployment methods to help you easily build your own billing platform
Local & Cloud
  • 私有部署
    将云平台部署在用户自己的服务器上,可进行数据的内网隔离。
    优点:数据安全性高,服务器性能强,长期成本低。
    缺点:多项目管理不方便,对接收费流程较复杂。
  • 公有云部署
    将系统部署在阿里、腾讯、华为等公有云上,可以方便的进行远程管理。
    优点:多项目管理方便,对接收费流程简单,远程管理难度低,通过云服务商的安全防护等级高。
    缺点:长期成本较高,部分保密性强的单位,无法使用。
  • 租用方式
    通过向蓝海卓越租用云服务的方式,使用自己的计费系统。
    优点:前期成本低,部署简单,即开即用,升级维护由厂商负责。
    缺点:大型的运营商,要求自行搭建,或是对数据安全要求性较高,则不适合使用此种方式。
Recommended specifications
Recommended Hardware Specifications
Links: NatShell BaiDu
底部公司简介
Chengdu Starry Blue Ocean Network Technology Co., Ltd. was established in 2004, is a one-stop comprehensive service provider integrating software development, sales and service.The company is a double-soft certified enterprise, ISO9000 certified enterprise, and has more than 10 software copyrights.
The main products include wired authentication and billing, wireless access, wireless PORTAL authentication, satellite traffic accurate billing, multi-functional proxy dialing flow control gateway, wireless AC/wireless AP and other products and solutions.
  •  Tel:028-86679789
     Phone:13980098139
     Q Q:5172660
  • Official Account
    Official Account
  • 微信号
    WeChat Code
copyright©Chengdu Xingrui Blue Ocean Network Technology Co., Ltd Address:405, Block D, Boya City Plaza, Yahe North Second Road, Zhonghe Street, High tech Zone, Chengdu City
备案号:蜀ICP备09030039号-2 Support:BaiDu