Internet Expense Management

 

The TSA Internet Expense Management module is designed to manage all TCP/IP traffic through the internet gateway points between an enterprise private network and the public internet.

 

The system is designed to manage internet traffic allocated to “Subscribers” -  a person or other type of login user (login subscriber) or a device or registered server (device subscriber).

 

Each subscriber is allocated a “Quota Configuration”.  A Quota Configuration defines the rules for quota allocation and quota consumption to be applied to subscribers along with the restrictions to be applied when subscribers are within their quota limits, and when quota limits are exceeded. 

 

Subscribers can view available internet quota and their personal usage history via the IEM web portal.  

Users authenticate with the system when their workstations access the internet.  Most authentication mechanisms are seamless, and require minimal input from users.

 

There are three distinct mechanisms for authenticating users, each with their advantages and disadvantages. These are:

 

  • IAClient (available for Windows, Mac OSX and Linux)

  • Wireless authentication

  • Web Login Interface

The IAClient is small executable designed to start automatically on login, and run as a background process.  It communicates with IAS and automatically authenticates using the user’s Active Directory credentials.

IAClients on workstations communicate to the IA Server and Heartbeat server over HTTP using standard ports, issuing three messages types: 

 

  • Login – issued on machine login, or wake
  • Heartbeat – issued every 5 minutes while a session is active
  • Logoff – issued on machine logoff, sleep or shutdown

 

Where a login request receives no response (IA Server timeout scenario), a special heartbeat message is issued periodically until a response is returned – in this case the response will signal the IAClient to re-issue the login request.