ANTlabs

    SG 5 Update #13

    This update adds the following:  

       – PMS System Compatibility: Resolved an issue that caused non-web-based PMS systems to stop functioning correctly.

       – HA Failover Performance: Fixed a problem on some SG 5200 deployments where failover took longer than expected.

       – LDAP Authentication Fix: Addressed an issue where admin GUI login via LDAP authentication failed when the LDAP server used LDAP_OPT_REFERRALS.

       – Account Expiry Issue: Fixed a bug where user accounts created through the account printer expired immediately after creation. 

    Note: This update shall also update the HA peer node without having to failover, provided the HA peer node is already patched up to Update 12.
    So, you would need to ensure that both HA nodes are patched up to Update 12 and then apply Update 13 to take advantage of this feature (automatic patching of HA peer without failing over). 

    Release Date: 22 Apr 2025
    PackageName:13.SG5000_base-sys-hotfix-20250417-01.pkg
    MD5 Checksum:65d6cecab6ed043ebedba6642a2c262b
    File size: 6.6 MB

    SG 5 Update #12

    This update adds the following:

         – Updated 10GE Network Driver: Enhanced compatibility and performance for SG 5200 and IG 4210S models. Note: manual reboot is required for the updated driver to take effect.

         – Fixed SSL Certificate Recognition Issue: Resolved a problem where the system failed to recognize the custom SSL certificate if its domain name contained uppercase letters.

         – Resolved Admin GUI Access Blockage: Fixed the issue where a rare race condition could prevent access to the admin GUI.

    Release Date: 3 Apr 2025
    PackageName: 12.SG5000_base-sys-hotfix-20250402-01.pkg
    MD5 Checksum: 15a7c9c4ff6a42c5d926cbb1986bab05
    File size: 318 KB

    SG 4 Update #52

    This update updates the default ezxcess.antlabs.com SSL certificate. The new certificate expiry is February 2026.

    Update Release No. 52
    Release Date: 20 Mar 2025
    Update File Name: 52.SG4000_base-hotfix-certificate-20250217-01.pkg
    MD5 Checksum: 675e1970f4b944cb095dd334f345c34b

     

    IG 4 Update #52

    This update updates the default ezxcess.antlabs.com SSL certificate. The new certificate expiry is February 2026.

    Update Release No. 52
    Release Date: 20 Mar 2025
    Update File Name: 52.IG4000_base-hotfix-certificate-20250217-01.pkg
    MD5 Checksum: 33c6a0dbc4a4812770e6fb970c9567fe

    SG 5 Update #11

    This update adds the following enhancements:

    • Downstream login
    • Credit Card Authentication – support for more payment gateways:
    • Cybersource Unified Checkout
    • Note: ASP 2.0.6 is required to support this.
    • Bank of Maldives Connect API
    • Note: ASP 2.0.3 is required.
    • PMS Authentication – new support for Mews PMS
    • Bigger fonts and clearer instructions to guide user to switch to Safari for social media login (Facebook, Google) on iOS devices
    • Note: this Safari-switching feature has been available at the Admin GUI > Authentication > Settings

    • Update ezxcess.antlabs.com SSL certificate – new expiry in February 2026

    • New dashboard.now for downstream users to view the logged-in success page or the landing page before login

    • PMS-related enhancements
    • New diagnostics page for Shiji Cloud PMS
    • Guest information check based on room code
    • Posting
    • With SkyTouch /CONNECT PMS (Events Webhook), the gateway’s web API shall accept any Content-Type header beginning with application/json

    • Add Sync Now feature to Date & Time settings page to allow the admin user to have system time synced up with the NTP server immediately

    • System Log enhancement
    • Remote syslog enhancement
    • New option to use TCP connection to the remote server
    • New option to use RFC 3339 date/time format, e.g. 2025-12-31T23:59:59+02:00
    • New option to customize the host name that shows in the log entries

    • Support incoming SFTP-mode SCP operations

    • CLI enhancements
    • Support for | pipe operator to direct stdout of one program to stdin of another
    • Hit Tab key for auto-complete of commands, folders and file names
    • Many more commands
    • New non-elevated mode commands to support troubleshooting
    • New supervisor mode commands, including
    • mgmt to display/change management port IP settings
    • wan to display/change WAN IP settings
    • Note: existing CLI sessions will not work properly after applying this update. Please logout of existing CLI sessions and login again to access the new CLI commands.

    • Security enhancements:
    • Allow Admin GUI’s Remote Access page to optionally configure Ciphers, Key Exchange Algorithms, Message Authentication Codes (MACs)
    • Note: OpenSSH configuration format is required for the input. Multiple ciphers must be comma-separated.
    • Resolve various SSH vulnerabilities – CVE-2023-48795, CVE-2023-51385, CVE-2024-6387
    • Prevent after-login downstream web proxy access to management network
    • Prevent management port IP from appearing in the output of a downstream traceroute to an upstream IP
    • Web proxy (used by HTTPS domain walled garden) upgrade to include CVE-2023-25076 vulnerability fix
    • Prevent revealing of web server version via a web-accessible file

    • Performance enhancements:
    • Upgrade web server and tune its per-client connection and request rate limits
    • Online Certificate Status Protocol (OCSP) stapling for custom SSL certificate so user checking the certificate’s validity gets a faster response

    • Admin GUI enhancements:
    • Display configured web-filter profile number when viewing plan via ASP page’s View Plans
    • Remove checks that are not needed from Go-live System Checks

    • Applying consistency across the various product models
    • 15 plan-based relogin zones
    • 30 event locations

    • Other system component updates:
    • Client manager update to stop performing legacy license check on startup
    • New scan_data API to open camera to scan boarding pass or passport and scan_add to post up to ASP the data that has been scanned
    • Note: ASP 2.0.6 is required to accept the data from scan_add and show in reports
    • Update auth_logout API and login session manager module to support sending up the session termination cause to ASP
    • auth_logout now supports a new optional termination_reason input that accepts any of the RFC 2866-defined Acct-Terminate-Cause code values
    • account_add API to return a more informative error message when account already exists
    • social_init API to return an error for Instagram. Instagram has deprecated its login API since December 2024 so the ANTlabs gateway can no longer support Instagram login as a downstream authentication method.
    • Update NTP client to update hardware clock whenever date/time is set via NTP

    *This update includes the following fixes:

    • Downstream-related issues
    • Multi-WAN load balancing-related issues
    • Client manager issues
    • ASP settings sync issues
    • Admin GUI issues
    • CLI fixes
    • API fixes
    • Fix report-related issues
    • Lawful intercept fix
    • Fix some gateways having wrong QoS setup
    • Other system component fixes

    *Note: You may check the full details of the updates in the Partner Portal under the Product Update & Patches tab, inside the SG 5 Patch Release/Technical Notes folder.

    This update does not automatically reboot the gateway. The enhancements and fixes take effect upon applying the update. Admin GUI updates require relogin to the GUI to see the new changes.

    Release Date: 17 March 2025
    PackageName: 11.SG5000_base-sys-bulk05-20240910-01.pkg
    MD5 Checksum: 7865661b1fea441adf3d7287a548bde8 (updated 19 Mar 2025)
    File size: 115 MB

    SG 5 Update #10

    This update adds the following enhancements:

      – Kernel upgrade
          • Better performance
          • Enhanced support for vSG
                • VMXNET3 paravirtual network driver support
                • Updated drivers for passthrough compatibility with more network card hardware

      – Client manager upgrade
          • IP conflict event to include target IP address (typically the client’s gateway address) for informed troubleshooting
          • IP conflict events caused by gratuitous ARP not to trigger arpdIpConflictTrap SNMP trap
          • Handle ARP packet with both IP and VLAN location change

      – Removed bootloader serial I/O for the hardware gateway appliances
          • Prevent PMS serial traffic from pausing the boot cycle

    This update fixes the issue where TM, the epoch timestamp field, in the lawful intercept log is always zero.

    On successful application of this update, the gateway will reboot automatically.

    Release Date: 17 March 2025
    Update File Name:10.SG5000_base-sys-kernel-20240829-01.pkg
    MD5 Checksum: cab736b61506fc2b0ae446e307c23660
    File size: 73 MB

    Seamless Wi-Fi on the Seven Seas:

    ANTlabs Powers Elcome and Starlink Partnership

    ANTlabs is boldly going where no Wi-Fi has gone before

    The maritime industry has long struggled with delivering reliable, high-speed internet at sea. In an era where staying connected is vital for quality of life at sea, Elcome International, a leading maritime systems integrator, partnered with SpaceX’s Starlink to offer a revolutionary satellite broadband service. At the core of this solution is ANTlabs’ SG5 Gateway and ASP Cloud Wi-Fi Services Management platform, enabling seamless connectivity and advanced bandwidth controls that are powerful and flexible for maritime vessels worldwide.

    The Challenge

    Providing internet connectivity at sea has traditionally been an expensive and limited endeavor. Maritime operators faced challenges such as:

    • High Costs: Legacy systems imposed high fees on operators and users, restricting widespread access.
    • Limited User Control: Absence of robust tools for bandwidth management, prepaid systems, or volume tracking caused inefficiencies.
    • Poor User Experience: Frequent connectivity interruptions and lack of roaming capabilities frustrated users.
    • Fragmented Solutions: With various Wi-Fi vendors providing access points across fleets, operators needed a unified platform capable of integrating diverse systems seamlessly.

    To address these, Elcome required a robust backend solution that could pair with Starlink’s low-latency satellite service. ANTlabs delivered the critical components to make this a reality.

    The Solution: ANTlabs’ Role

    Elcome launched its groundbreaking “WELCOME” internet service in mid-2024, powered by Starlink’s satellite technology and ANTlabs’ Wi-Fi Services infrastructure. Officially unveiled during a press release in Dubai, the service represents a milestone for maritime connectivity with availability in all international waters and territorial waters of 70 countries. The service boasts bandwidth of up to 350 Mbps and average latency below 99ms.

    ANTlabs’ Contributions

    1. SG5 Gateways: High-performance gateway devices connecting onboard users to the Starlink satellite network. Robust security and seamless integration with Elcome’s maritime systems.
    2. ASP Wi-Fi Services Management Platform:
    • Prepaid Internet Plans: Enables users to purchase data bundles or subscriptions at prices starting from $3, ensuring cost-effective access.
    • Efficient Volume Tracking and Analytics: Operators and users alike benefit from data updates every minute, ensuring near real-time monitoring
    • Roaming Capabilities: Users can retain their data plans when switching vessels.
    • Payment Gateway Integration: Offers seamless online payment options.  Multiple payment options make access simple and stress-free, including seamless Stripe payment integration to ensure safe and secure transactions at sea.

    What sets ANTlabs apart is its unique combination of deep R&D expertise and proven leadership in delivering connectivity solutions for hospitality and telecommunications industries. With over two decades of innovation, ANTlabs has been a trusted partner for hotel groups, Telcos, and ISPs, delivering scalable, user-centric solutions that set industry standards. Applying this extensive experience to the maritime sector has enabled ANTlabs to solve complex connectivity challenges with unmatched reliability and flexibility.

    These solutions form the backbone of WELCOME’s service delivery, providing connectivity to over 1,500 vessels by late 2024, with plans for thousands more in 2025.

    Impact and Results

    Since its launch, WELCOME has significantly improved the quality of internet access for crew members at sea:

    • Enhanced Crew Welfare: Crew members enjoy consistent, high-speed connectivity to stay in touch with family, access entertainment, and participate in online learning.
    • Roaming Benefits: With WELCOME, crew members can use the data they purchase on one WELCOME-equipped vessel on another, ensuring seamless connectivity as they move between ships.
    • Collaborative Opportunities: Elcome plans to partner with content and service providers to extend the reach of their products via WELCOME, further enriching the crew’s experience.

    Voices from the Frontline

    “We are excited to introduce WELCOME, a game-changing maritime internet service that will revolutionize how ships and offshore installations stay connected at sea.” – Asneed Ameer, Senior Manager Connectivity at Elcome (Elcome International).

    Key Features at a glance

    • High-Speed Internet: With bandwidth of up to 350 Mbps and average latency below 99ms, the WELCOME service ensures efficient communication and data transfer at sea.
    • Flexible Payment Options: Affordable and customizable prepaid plans starting at $3 cater to diverse user needs.
    • Roaming Across Vessels: Seamless connectivity for crew members who frequently change ships, ensuring they stay connected as they move.
    • Global Coverage: The service is available in all international waters and the territorial waters of over 70 countries.
    • Enhanced Crew Experience: Partnerships with content and service providers will offer additional benefits, extending access to entertainment, education, and more.
    • Vendor Agnostic: Seamlessly integrates with diverse Wi-Fi access solutions, enabling broad scalability across fleets.

    Conclusion

    ANTlabs is proud to have provided the technological foundation behind Elcome’s WELCOME service, combining advanced satellite capabilities with user-centric features. By enabling high-speed internet access, cost-effective prepaid models, and real-time management tools, ANTlabs empowers Elcome to redefine personal connectivity at sea. As the rollout continues across thousands of vessels, ANTlabs remains committed to driving innovation and supporting the maritime industry’s digital transformation. With unmatched R&D capabilities and a proven track record of solving connectivity challenges, ANTlabs stands as the technology leader uniquely equipped to deliver global-scale solutions that enhance the onboard experience for crew and passengers alike.

    Full disclosure: This article was written with a little help from AI—think of it as having Lt. Data from the Starship Enterprise assist with the writing. Seamless, precise, and a bit futuristic—just like the Wi-Fi we’re rolling out across the Seven Seas!

    Ask ANTlabs

    ASP 2.0 Update #7

    Enhancements

    • • Implemented a monitoring system to collect, store, and analyze data from a wide range of monitored devices, systems, and services
    • • Upgraded Secure Remote Access Tool to version 8.8 for enhanced security and performance
    • • Improved portals to allow configuration of slider start and end times
    • • Enhanced authentication server to enable automatic database restarts
    • • Implemented a new full sync command to resolve the data synchronization issue
    • • Changed database storage engine for improved consistency
    • • Disable strict data mode to turn off stricter data handling and integrity checks
    • • Created a new scheduled task to regenerate session usage data, addressing the issue where the session usage chart was empty when a user logged out the next day
    • • Changed the “Airline” column to “Flight Number” in the ASP Scan Report

    Bug Fixes

    • • Fixed Network Time Protocol configuration to ensure that all connected systems maintain accurate and consistent time
    • • Fixed the bug where the user device information was missing
    • • Fixed the issue where old authentication log files were not being cleaned up
    • • Fixed the issue of the user creation debug log file growing continuously and introduced an option to disable logging
    • • Fixed the issue of the database log file continuously growing
    • • Fixed the issue where the global account failed to log in the second time using the same device and access point, returning an error that the user was already logged in
    • • Fixed the issue that prevented the database server from starting
    • • Fixed the database HA failover issue
    • • Fixed the issue where gateway patch installation via ASP failed when the patch file was large

    ASP VERSION: 2.0.7
    RELEASE DATE: 18 Dec 2024

    Musings of a Discerning (and Nerdy) Traveller:

    How Breakfast Reminds Me of Hotel Wi-Fi

    Okay, hear me out: As a self-proclaimed hotel tech nerd (occupational hazard, I know) who travels a lot, I’ve developed a particular appreciation for the details that turn a routine stay into something exceptional. Crisp satin sheets—Madonna was onto something there—paired with a pillow menu for neck support, refillable Nespresso capsules at the ready, and a “fix it in 20 minutes” attitude that keeps everything running smoothly. While most guests might swoon over skyline views or sip on a crisp, easy-drinking Prosecco, my inner geek is drawn to something else entirely.

    I see guest experiences like breakfast buffets through a distinctly geeky lens—think user authentication, QoS, and integrated PMS databases. If that sounds strange, well, you’ve clearly never compared your Eggs Royale to retrieving elite status membership from the PMS. Let’s fix that.

    Picture this scenario: It’s early morning, and I head down to the hotel’s breakfast buffet, looking forward to a decent meal before a day packed with meetings and emails. At the entrance stands a grinning trainee-of-the-day. She’s holding a clipboard and chirps, “Good morning, Sir. Room number, please?”

    Under my breath, I mutter, “Ah… a cheap or no HSIA gateway,” referring to High-Speed Internet Access—just as an online gateway checks your credentials before granting you web access, this trainee is essentially a human “portal” controlling my entry to breakfast. I provide my room number (like inputting a username), she checks a printout (a low-tech guest database), ticks a box (permission granted), and waves me in.

    Doesn’t even authenticate my credentials,” I grumble quietly. Simple enough, sure, but still something’s missing.

    But as I navigate the buffet stations, I realize there’s indeed something missing—no recognition that it’s my 20th stay at the hotel, no personalized greeting, no sense that I’m anything more than “Room Number X.” Don’t get me wrong, I’m not expecting a VIP trumpet fanfare, but it’s a bit like having to log into a captive portal every single morning. I have “access” to the service (breakfast), but no memory of who I am, no saved settings, and no elite-user bandwidth. It’s just a one-size-fits-all login that grants me entry but offers none of the personalization I’ve earned. I’m being treated the same as a one-time tourist from the tour group that just arrived last night. I might be tempted to quote my neighbor’s room number next time, just to test the system. 😉

    Now, let’s fast-forward to the next day. The trainee calls in sick. This time, the duty manager is at the entrance—think of this as an upgraded HSIA gateway, one that’s integrated with the property management system (PMS) and loyalty database. The moment I show up, I get a warm, “Welcome back! Glad to see you again.” Suddenly, I’m not just a room number. “Ah-ha! This is a better HSIA gateway with auto-relogin and seamless PMS integration. Facial recognition too?” I muse. It’s as if the network has recognized my device and credentials from yesterday, automatically granting me higher QoS (Quality of Service) and remembering that I’m a returning “user” with premium privileges. No re-entering details, no guessing who I am—just seamless, automated recognition.

    Let’s take it a step further. Later in the week, with 95% occupancy—it’s all hands on deck—and the Executive Lounge Supervisor steps in to help at breakfast. She spots me and says, “Hi, Mr. Ang. Not breakfast in the Lounge today? Missing your Eggs Royale, I presume?” I grin, “Well, I felt like exploring the main buffet’s selections and indulging in some carbs at the noodle station today.” Without missing a beat, she offers to have the Lounge chef whip up my usual—extra hollandaise, extra smoked salmon, no muffin Eggs Benedict—still respecting my low-carb preferences. “We’ll have them sent down in about 10 minutes,” she says, ensuring that I can enjoy my favorite dish here in the main restaurant. “Ah, they are using our ANTlabs HSIA gateway with the Guest Experience platform,” I noted with glee, maintaining my composure. It’s as if this “intelligent system” (the hotel’s integrated IT infrastructure and loyalty membership database) has cached my preferences, dietary quirks, and past orders. Every staff member is effectively connected to the same central “profile server,” no matter their department or role. No re-authentication, no awkward “Actually, I’m a Diamond member” explanations. Instead, the experience flows smoothly, like a well-orchestrated suite of backend services instantly retrieving my data and applying it wherever I log in.

    Of course, not every property can count on having a seasoned lounge supervisor at every breakfast shift, and with inevitable staff turnover, ensuring that even a new trainee can access a guest’s profile on demand is priceless.  But with the right IT system, you can empower any team member to be instantly “brought up to speed,” replicating that personal touch and guest familiarity no matter who’s on duty.

    Before you think I’m stretching the analogy too far, hear me out again: Surveys consistently show that breakfast and Wi-Fi are among the most important factors for travelers. If the hotel let anyone walk into the breakfast buffet unchecked, they’d run out of premium fare in no time, turning a special perk into a chaotic free-for-all. Likewise, if Wi-Fi were open to the entire neighborhood, legitimate guests would struggle with sluggish speeds. Authentication, integration with loyalty programs, and differentiated service ensure that the right people enjoy the right benefits—maintaining quality and exclusivity for those who matter most.

    Here’s another thought: I spend maybe 30 to 45 minutes at the breakfast buffet, but I’m glued to my laptop or phone for hours each evening—working, streaming, and video-calling loved ones. My engagement with Wi-Fi far exceeds my time at the buffet, so shouldn’t the quality of connectivity command at least as much attention (and budget) as breakfast?

    In fact, it may cost less to provide quality Wi-Fi and personalized digital services for an entire year than what the breakfast operation spends on gourmet coffee beans and teas in a single month. When you break it down, the investment in IT infrastructure, loyalty integration, and personalized service is not just a hospitality nicety—it’s a strategic, cost-effective move that pays off in loyalty, satisfaction, and glowing word-of-mouth.

    If I know I’m getting a carefully curated experience all around, I’m not going to ditch this hotel for a modest discount elsewhere. I’ll happily remain a loyal guest, indulging in Eggs Royale one day and working over blazing-fast Wi-Fi the next—because both the culinary and the digital experiences are tailored just for me.

    Full disclosure: I used AI to help fine-tune my ideas and even generate the accompanying image. But rest assured, the Eggs Royale scenario—and the way I savor them—are 100% my own invention. The geeky analogies linking breakfast buffets and Wi-Fi were mine as well. No AI yet can replicate my low-carb preferences or extra hollandaise indulgences!

    #Hospitality #HotelTech #GuestExperience #LoyaltyPrograms #DigitalTransformation #HSIA #HotelWi-Fi #ANTlabsHospitality

    Ask ANTlabs

    Publication Date: 30 Sep 2024

    Key Changes in iOS 18

    iOS 18 introduces a significant update in how devices manage MAC address randomization, enhancing user privacy. The feature, known as “Rotate Wi-Fi Address,” will change the MAC address of a device every 2 weeks. In the example below, the Private Wi-Fi Address setting for the particular Wi-Fi network has been set to “Rotating”, meaning that MAC Address randomization is enabled on the iOS device.


    iOS 18 MAC Randomization Feature – Under Settings->Wi-Fi->
    Click the “i” to see the “Private Wi-Fi Address” Setting

     


    Rotating value indicates MAC Randomization in effect

    Impact on Non-Secure SSIDs

    For hotels offering public or guest Wi-Fi, this can create challenges. Guests who return after two weeks may experience login prompts as if they’re connecting for the first time. For long-stay guests, iOS 18’s MAC address randomization will cause them to see the login page again every two weeks, even if they’ve previously connected. As the network no longer recognizes their device, this disrupts what should be a seamless reconnection process.

    Negative Effect on Guest Experience

    Frequent re-authentication could frustrate returning guests, particularly those expecting uninterrupted access after an initial login. In an environment where guest satisfaction is paramount, these repeated prompts may lead to negative feedback, even though it’s caused by Apple’s privacy updates.   Another critical issue is that hotel Wi-Fi networks lose the ability to retain their guest device and status recognition, preventing network services from providing differentiating services like higher bandwidth for elite members, or auto-completion of guest details and accord privileges reserved for elite members.

    Solutions to Consider

    Short-Term Solution: Guests can disable MAC randomization for your network through their device settings, but this solution places the responsibility on them.  To do so, guests can select “Fixed” under the Private Wi-Fi address setting.

    A Long-Term Strategy: To mitigate these disruptions, consider integrating network solutions designed to handle iOS 18’s privacy features without affecting the guest experience. At ANTlabs, we specialize in networking solutions like Hotspot 2.0 or Wi-Fi profile that address these changes head-on, ensuring smooth and consistent connectivity for your guests while keeping their privacy intact.

    Next Steps

    Now is the time to explore more robust, long-term options. Contact ANTlabs to discuss how we can help your network adapt to these changes, improving both guest satisfaction and network management efficiency.

    Talk to us to know more about ANTlabs Hotspot 2.0 solutions to solve the MAC Randomization issue.

    Source:  Apple Support – Use private Wi-Fi addresses on Apple devices (Scroll to the section “Learn how this feature works”)