The Apollo Anywhere Platform consists of the following three major components:
Figure 1 – The Apollo Anywhere Platform
The Apollo Anywhere Client and Apollo PAS provide a remote user (i.e., a user who cannot be physically connected to a LAN or Cloud environment) with access to LAN or Cloud services via an encrypted Layer 2 VPN tunnel. There are two distinct connectivity configurations:
Both configuration options remove the uncertainty of using unreliable wide area networks allowing critical applications to transfer vital information in mobile and remote environments.
Together the Apollo Anywhere Client and Apollo PAS deliver application and service resilience by providing recovery from dropped connections and diversity through transparent integration of multiple different bearer technologies. If one connection fails then Apollo will seamlessly move the connection over to another network interface. If all connections fail then Apollo performs acknowledgement and buffering at both ends of the connection to keep applications aware and awake. This results in a simple, secure, resilient, optimized and manageable wide area connection between remote devices and LAN or Cloud networks.
The Apollo Platform does not require users to make any changes to existing applications, IP communication stacks or network interface cards/modems. It is transparent to existing Layer 3 encryption technologies whilst itself providing an option to use Apollo’s Layer 2 encryption.
Extensive reporting and data gathering is performed by the Anywhere Client and PAS which is then relayed to the Apollo Management Server where it can be accessed using APIs. Manipulation and analysis of this data enables users to: perform detailed analysis of usage data in support of cost control; stream remote asset location to GIS mapping systems; perform remote device auditing of status, firmware and software versions, networks visited, real-time bandwidth available, battery levels; and also, create and send alerts based on observed events and enable secure messaging services.
The Apollo Anywhere Client is installed as an NDIS driver on Microsoft Windows PCs and presents itself as an Ethernet adapter to the remote device’s Windows IP stack. The Anywhere Client is configured to act, in all respects, like a conventional LAN card. The remote device recognizes the Anywhere Client as a LAN connection, rather than a remote access connection, enabling the user to run any LAN application without modification.
The VPN established between the Anywhere Client and the PAS is an L2TP tunnel with extensions that provide for faster TCP/IP recovery in case of the inevitable packet loss that can take place on congested radio and backhaul links and optimization.
The Apollo PAS is the termination point of the incoming VPN tunnels created by each of the Apollo Anywhere Clients and handles the management of any outgoing tunnels that link the PAS to remote sites. The PAS is the termination point of the user-session tunnels, compression and encryption and as such can perform traffic shaping and priority traffic management. Each PAS is a AAA server and supports multiple service configurations and profiles. Each profile is able to have its own authentication rules and be managed by its own RADIUS Server or unique authentication method type. These RADIUS Servers can be housed on the different remote LANs, using the tunnels between the PAS and the remote networks to pass authentication requests and responses creating a common managed platform with federated user management and authentication.
The PAS reports the current status of the Anywhere Client sessions including the bandwidth of each connection, their data throughput, compression rates, identity of the party logging on and their e-mail address, connection, disconnection and reconnect events, failed authentication events, the type of data device being used, the version of the Anywhere Client software deployed and related information. This wealth of information is exposed via SNMP or through the Apollo Management Server’s Customer Care relay agent where it made available through APIs to a variety of applications and services.