Copyright AARNet Pty Ltd 2010   Eduroam Services for    ERNet consideration                August 2010         Network Ope...
Copyright AARNet Pty Ltd 2010    Background    •  Involved at UKERNA (now JA.NET)    •  Co-Chaired TF-Mobility group (2002...
Copyright AARNet Pty Ltd 2010Contents•  The problem statement•  The opportunity and value to NRENs•  The current eduroam l...
Copyright AARNet Pty Ltd 2010Problem statement•  Students come with own mobile devices expecting   to connect•  Visiting s...
Copyright AARNet Pty Ltd 2010Opportunities•  Eduroam is tried and trusted - since 2003•  802.1X/RADIUS/RADSSEC and WPA2/AE...
Copyright AARNet Pty Ltd 2010How eduroam works
Copyright AARNet Pty Ltd 2010    Eduroam Infrastructure in AUS - current                                      .au       .h...
Copyright AARNet Pty Ltd 2010    Eduroam Infrastructure in AUS - future                                      .au       .hk...
Copyright AARNet Pty Ltd 2010Current eduroam services landscape•    1800+ sites in Europe (originated there)•    144 sites...
Copyright AARNet Pty Ltd 2010     Eduroam in Asia-Pac     •  AU - AARNet (Australia) - hosts        APAN regional eduroam ...
Copyright AARNet Pty Ltd 2010     Eduroam services at AARNet     •  AARNet       –  Host national and regional “top level”...
Copyright AARNet Pty Ltd 2010     Helpdesk     •  Use        support@eduroam.edu.au        email address     •  Auto creat...
Copyright AARNet Pty Ltd 2010     Helpdesk     •  AARNet helpdesk             •  Standard connection       –  Use         ...
Copyright AARNet Pty Ltd 2010     New opportunities     •  Eduroam beyond the campus        –    On boats – city cat      ...
Copyright AARNet Pty Ltd 2010     New opportunities     •  Eduroam beyond the campus        –    On boats – city cat      ...
Copyright AARNet Pty Ltd 2010     Marketing to user to drive awareness, deployment and use     •    Eduroam group on Faceb...
Copyright AARNet Pty Ltd 2010AU and NZ Eduroam Participants
Copyright AARNet Pty Ltd 2010     Up to 500 unique devices visiting other     universities per week in Australia18   2008
...
Copyright AARNet Pty Ltd 2010     Support     •  Community support is vital     •  Requires 2 FTE dedicated staff        – ...
Copyright AARNet Pty Ltd 2010Current eduroam development landscape•  Strict standards for authentication, authorisation, e...
Copyright AARNet Pty Ltd 2010     National Server monitoring        .nl     .au   .ca    .cn     .hk    .jp     .edu      ...
Copyright AARNet Pty Ltd 2010     Member server monitoring        .nl     .au   .ca       .cn     .hk      .jp       .edu ...
Copyright AARNet Pty Ltd 2010     E2e “federated” service monitoring       We can check all of the external services that ...
Copyright AARNet Pty Ltd 2010     Sheeva Plug (latest versions integrate wifi)         http://www.globalscaletechnologies.c...
Copyright AARNet Pty Ltd 2010     Port Probe & Reporting     my
%vpn
=
(
     




tcp_10000
         =>{port=>10000,name=...
Copyright AARNet Pty Ltd 2010     Eduroam Experience - MyEduroam     CGI on VM collects probe reports     Writes data to a...
Copyright AARNet Pty Ltd 2010     e2e Eduroam Monitoring27
Copyright AARNet Pty Ltd 2010ERNET Opportunities•  Great demo of the value of NREN to leverage university wireless   netwo...
Copyright AARNet Pty Ltd 2010More information•  www.eduroam.org – global eduroam site•  www.eduroam.edu.au - Australian ed...
Copyright AARNet Pty Ltd 2010
Upcoming SlideShare
Loading in …5
×

Eduroam services presentation to ERNET August 2010-j sankar

1,229 views
1,172 views

Published on

A presentation on eduroam to ERNET (India's National education and research operator)

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,229
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Eduroam services presentation to ERNET August 2010-j sankar

  1. 1. Copyright AARNet Pty Ltd 2010 Eduroam Services for ERNet consideration August 2010 Network Operations James SankarDirector, Applications & Services
  2. 2. Copyright AARNet Pty Ltd 2010 Background •  Involved at UKERNA (now JA.NET) •  Co-Chaired TF-Mobility group (2002-2005). •  Developed eduroam to initially 50 sites in UK •  Migrated to Australia –  Service continued and developed via AARNet project group after handover from GrangeNet (3+ years), •  Eduroam and its logo is a registered2 trademark of TERENA
  3. 3. Copyright AARNet Pty Ltd 2010Contents•  The problem statement•  The opportunity and value to NRENs•  The current eduroam landscape – services•  The current eduroam landscape – development•  Opportunities for ERNET to consider going forward•  More Information
  4. 4. Copyright AARNet Pty Ltd 2010Problem statement•  Students come with own mobile devices expecting to connect•  Visiting scholars, researchers bound by complex policies at institutions•  different wireless networks on campus = duplication, waste, security gaps•  Overseas campuses access in another languages or require data roaming.•  Regulations, complexity, cost harming collaboration and wasting resources
  5. 5. Copyright AARNet Pty Ltd 2010Opportunities•  Eduroam is tried and trusted - since 2003•  802.1X/RADIUS/RADSSEC and WPA2/AES for eduroam – can build on opensource FREERADIUS 2•  Full egress internet access on authz service should be ideal as minimum to join•  Most Operating systems now support eduroam•  Man-in-middle attacks stopped via certificates•  Some vendors provide easy to click and install eduroam supplicants
  6. 6. Copyright AARNet Pty Ltd 2010How eduroam works
  7. 7. Copyright AARNet Pty Ltd 2010 Eduroam Infrastructure in AUS - current .au .hk NZ .au .au PNG RADIUS + LDAP RADIUS org1.edu.au + LDAP org2.edu.au AP1 AP2 AP3 AP1 AP2 AP37
  8. 8. Copyright AARNet Pty Ltd 2010 Eduroam Infrastructure in AUS - future .au .hk NZ .au .au PNG RADIUS + LDAP RADIUS org1.edu.au + LDAP org2.edu.au AP1 AP2 AP3 AP1 AP2 AP38
  9. 9. Copyright AARNet Pty Ltd 2010Current eduroam services landscape•  1800+ sites in Europe (originated there)•  144 sites in Australia•  21 sites in Canada•  10 sites in USA (expected to grow to 100)•  Interest from Mauritius, Nepal, India,
  10. 10. Copyright AARNet Pty Ltd 2010 Eduroam in Asia-Pac •  AU - AARNet (Australia) - hosts APAN regional eduroam server •  CN - UESTC (China) •  HK - Hong Kong Polytechnic (Hong Kong) - hosts APAN regional eduroam server •  JP - NII (Japan) •  NZ - New Zealand - NZ sites are hosted by AARNet in Australia •  Papua New Guinea - PNG sites (Divine Word University) are hosted by AARNet in Australia •  TW - TWAREN (Taiwan)10
  11. 11. Copyright AARNet Pty Ltd 2010 Eduroam services at AARNet •  AARNet –  Host national and regional “top level” servers –  Provide support + documentation to connect – www.eduroam.edu.au –  Provide test accounts for bilaterial tests –  Technical workshops –  Eduroam access at key conferences •  Customers –  Provide eduroam coverage on campus (wifi, org servers) –  Provide local support (contacts, docs, website) –  Provide eduroam accounts to their local users to use11 elsewhere
  12. 12. Copyright AARNet Pty Ltd 2010 Helpdesk •  Use support@eduroam.edu.au email address •  Auto creates JIRA job ticket •  Email/Phone support provided •  QUESTNET eduroam helpdesk pics 12
  13. 13. Copyright AARNet Pty Ltd 2010 Helpdesk •  AARNet helpdesk •  Standard connection –  Use process support@eduroam.edu.au –  1. Build your Infrastructure •  802.1X WPA Authentication email address –  2. Choose an Authentication Type –  Auto creates JIRA job –  3. Certificates –  4. Determine your IP address ticket allocation –  Email/Phone support –  5. Traffic Policy provided –  6. Apply to join eduroam –  7. Configure a RADIUS Proxy and get •  Web presence QAd –  8. Build your local eduroam Webpage –  Eduroam coverage via –  9. eduroam @ Home Google Maps –  10. Inform the community –  Services weathermap (in13 development)
  14. 14. Copyright AARNet Pty Ltd 2010 New opportunities •  Eduroam beyond the campus –  On boats – city cat –  On buses – Brisbane buses –  On Islands – Sharke Island, Sydney –  At Health sites – 7+ hospitals for medical researcher access •  Leveraging mobile devices (iphone etc) •  Futures –  Integrate with 3G/4G/5G providers? –  Integrate with Shib/SAML for SSO to online services/content? –  Use of Shibboleth to create temp eduroam accounts for non-participating inst. users to try eduroam at conferences –  PANGEA eduroam development partnership?14
  15. 15. Copyright AARNet Pty Ltd 2010 New opportunities •  Eduroam beyond the campus –  On boats – city cat –  On buses – Brisbane buses –  On Islands – Sharke Island, Sydney –  At Health sites – 7+ hospitals for medical researcher access •  Leveraging mobile devices (iphone etc) •  Futures –  Integrate with 3G/4G/5G providers? –  Integrate with Shib/SAML for SSO to online services/content? –  Use of Shibboleth to create temp eduroam accounts for non-participating inst. users to try eduroam at conferences –  PANGEA eduroam development partnership?15
  16. 16. Copyright AARNet Pty Ltd 2010 Marketing to user to drive awareness, deployment and use •  Eduroam group on Facebook •  Eduroam rocks - http://amplicate.com/rocks/eduroam •  Eduroam animation – www.eduroam.edu.au16 •  Eduroam merchandise -T-Shirts – Stubby holders - User competitions @ events
  17. 17. Copyright AARNet Pty Ltd 2010AU and NZ Eduroam Participants
  18. 18. Copyright AARNet Pty Ltd 2010 Up to 500 unique devices visiting other universities per week in Australia18 2008
 2009
 2010

  19. 19. Copyright AARNet Pty Ltd 2010 Support •  Community support is vital •  Requires 2 FTE dedicated staff –  Technical expert – RADIUS/RADSSEC – current/future –  Services expert – handle helpdesk, customer connect, operate, monitor service, policy enforcement, reporting, marketing etc •  Support to 33 > 50 universities in Aus/NZ •  Support to region (top level, national, org) •  Coordination on tech/policy internationally – TF- Mobility; Top level operator list, workshops, remote hands on support, etc with your staleholders19
  20. 20. Copyright AARNet Pty Ltd 2010Current eduroam development landscape•  Strict standards for authentication, authorisation, encryption is key to universal positive service experience to the end user.•  A sustainable business model to fund the central helpdesk is key.•  A national policy is very important as to monitoring and enforcement.•  There’s a move from RADIUS to RADSSEC for peer-to-peer not hierarchy model•  Global Harmonizing of helpdesk, measurement, monitoring, coverage info is important.•  Developing eduroam in SOE for laptops and mobiles is key to uptake.•  End-to-end actual service process monitoring key requirement for visited, local and service provider support
  21. 21. Copyright AARNet Pty Ltd 2010 National Server monitoring .nl .au .ca .cn .hk .jp .edu … aarnet.edu.au org2.edu.au RADIUS21
  22. 22. Copyright AARNet Pty Ltd 2010 Member server monitoring .nl .au .ca .cn .hk .jp .edu … aarnet.edu.au org2.edu.au RADIUS check testuser@aarnet.edu.au check testuser@org2.edu.au22
  23. 23. Copyright AARNet Pty Ltd 2010 E2e “federated” service monitoring We can check all of the external services that form the federation. How do we check the service from the end user perspective? 1.  Ask a local user? 2.  Send someone to check the service? 3.  Leave a probe....23
  24. 24. Copyright AARNet Pty Ltd 2010 Sheeva Plug (latest versions integrate wifi) http://www.globalscaletechnologies.com/p-22-sheevaplug-dev-kit-us.aspx24
  25. 25. Copyright AARNet Pty Ltd 2010 Port Probe & Reporting my
%vpn
=
(
 




tcp_10000
 =>{port=>10000,name=>"tcp_10000",protocol=>"tcp"},
 




isakmp
 =>{port=>500,name=>"isakmp",protocol=>"udp"},
 




ipsec_nat_t
=>
{port=>4500,name=>"ipsec‐nat‐ t",protocol=>"udp"},
 




pptp
=>
{port=>1723,name=>"pptp",protocol=>"tcp"},
 




l2f
=>
{port=>1701,name=>"l2f",protocol=>"tcp"},
 









);
 my
%web
=
(
 





http
=>
{port=>80,name=>"http",protocol=>"tcp"},
 





https
=>
 {port=>443,name=>"https",protocol=>"tcp"}
 










);
 my
%mail
=
(
 






imaps
=>

 {port=>993,name=>"imaps",protocol=>"tcp"},
 






submission
=>

 {port=>587,name=>"submission",protocol=>"tcp"}
 










);
25
  26. 26. Copyright AARNet Pty Ltd 2010 Eduroam Experience - MyEduroam CGI on VM collects probe reports Writes data to a log -  Log is processed, and provides data for a weathermap Considering NRPE (Remote Nagios) or NSCA (Remote Nagios – passive results) –26 due to rich plug ins.
  27. 27. Copyright AARNet Pty Ltd 2010 e2e Eduroam Monitoring27
  28. 28. Copyright AARNet Pty Ltd 2010ERNET Opportunities•  Great demo of the value of NREN to leverage university wireless networks via ERNET backbone.•  Gather best practice on technical/policy/service•  Create an eduroam federation: test national + org server and federate with APAN servers (managed by AARNet, HK Poly Univ).•  Devise central service helpdesk•  Consider sustainable model for institutions to subscribe•  Provide RADIUS/RADSSEC + eduroam training to deploy eduroam, or assist on-site•  Contribute to eduroam community – mailing lists, eduroam-GWG, help create new federation (eduroam/RADIUS + Shibboleth/SAML for SSO federation.•  Eduroam access being developed for university medical researcher access at hospitals (backhaul via AARNet NREN) to assist researchers to collaborate
  29. 29. Copyright AARNet Pty Ltd 2010More information•  www.eduroam.org – global eduroam site•  www.eduroam.edu.au - Australian eduroam site•  Eduroam group on Facebook•  Eduroam rocks - http://amplicate.com/rocks/eduroam•  Enquiries to support@eduroam.edu.au or•  Direct to me – James Sankar, +613932118438, Skype: jamessankar, email: james.sankar@aarnet.edu.au
  30. 30. Copyright AARNet Pty Ltd 2010

×