SlideShare a Scribd company logo
1 of 50
Download to read offline
1
Tapping into the ISPs
LEARN’s Perspective
Roshan Ragel
BSc Eng, Ph.D.
Consultant
Presented at LkNOG3 on the 2nd of Oct 2019 in Colombo
2
Content
1. LEARN: Preamble
2. LEARN and the ISPs
a. Connectivity
b. Eduroam
c. Identify Access Management
3
LEARN - PREAMBLE
§ Formulated to establish Lanka Education And Research Network (LEARN), the
NREN (National Research and Education Network) of Sri Lanka, as a Limited
Guarantee Company 2009.
§ Membership
16 Full Members 15 Associate Members 15 Affiliate Members
§ The Operation of LEARN is Governed by the Articles of Association of LEARN
(2009).
§ Managed by the LEARN Board of Directors, one member each from the full
member institutions.
4
LEARN
5
16 Full Members
6
15 Associate Members
7
15 Affiliate Members
8
LEARN - HISTORY
10
LEARN – Connectivity Backbone
11
LEARN – Network
12
LEARN – Member VPLS
(Virtual Private LAN Service)
Universities
University of Colombo
Eastern University
University of Jaffna
University of Kelaniya
University of Moratuwa
Open University of Sri Lanka
University of Peradeniya
Rajarata University
University of Ruhuna
Sabaragamuwa University
South Eastern University
University of Sri Jayawardenapura
Uva-Wellassa University
University of the Visual and Performing Arts
Wayamba University
Bhiksu University of Sri Lanka
Buddhist & Pali University of Sri Lanka
General Sir John Kotelawala Defense University
Ocean University of Sri Lanka
Sri Palee Campus
Vocational Training Institutes
Sri Lanka – German Training Institute (SLGTI)
Sri Lanka Institute of Advanced Technological
Education (SLIATE)
Informatics Institute of Technology
Research Institutes
Arthur C Clarke Center for Modern Technologies (ACCMT)
Industrial Technology Institute (ITI)
National Institute of Fundamental Studies (NIFS)
National Aquatic Resources Agency (NARA)
National Science Foundation (NSF)
National Engineering Research and Development Center
(NERDC)
Postgraduate Institutes
Postgraduate Institute of Agriculture (PGIA)
Postgraduate Institute of Medicine (PGIM)
Postgraduate Institute of Humanities and Social Sciences (PGIHS)
13
LEARN – Member Backup VPLS
(Virtual Private LAN Service)
Universities
University of Colombo
Eastern University
University of Jaffna
University of Kelaniya
University of Moratuwa
Open University of Sri Lanka
University of Peradeniya
Rajarata University
University of Ruhuna
Sabaragamuwa University
South Eastern University
University of Sri Jayawardenapura
Uva-Wellassa University
University of the Visual and Performing Arts
Wayamba University
General Sir John Kotelawala Defense University
14
2Gbps
Highest local link bandwidth
§ University of Peradeniya
§ University of Moratuwa
10Mbps
Lowest local link bandwidth
§ Members with the higher bandwidths
also have separate backup links from
a second service provider
§ 300 Mbps - 1 Gbps→ 100 Mbps
§ > 1Gbps → 200 Mbps
77Connections Optical Fiber
Member Connection - Summary
15
LEARN as an NREN
17
A long term (15 years) 100G Asia-Europe Backbone
§ Asiapacific-Europe Ring (AER) MoU (Putrajaya, 22 July 2019)
• CAE-1 (AARNet, GÉANT, NORDUnet, SingAREN, SURFnet, TEIN*CC) and NICT, NII (Japan)
• Extensive backup links ensure network resilience and boost connectivity between Asia and Europe
for R&E
18
LEARN – QoS
International Connectivity
(average to Chennai and Singapore
from Colombo/LEARN core)
• Availability - 99.8%
• Delay - 20ms
• Jitter - 4ms
• Packet loss – 0
(for non-congested fiber circuits)
Local Connectivity
(End Users to Colombo/LEARN core)
• Availability - 99.5%
• Delay – 4ms
(end users to the LEARN core)
• Jitter - 2ms
• Packet loss – 0
(for non-congested fiber circuits)
Delay Jitter Packet LossAvailability
19
LEARN – Services
Overview
20
BdREN
NKN
MyREN
SingAREN
VinaREN
LEARN
Network Services
IP Connectivity IPv6
Virtual Circuit/VPN Muticast
NTP Service Optical Wavelength
24x7 Monitoring
BdREN
NKN
MyREN
SingAREN
VinaREN
LEARN
Security Services & Identity
CERT/CSIRT DDoS Mitigation
Vulnerability Scanning Anti-Spam Solution
EduRoam InterFederation
21
BdREN
NKN
MyREN
SingAREN
VinaREN
LEARN
Hosting/Collocation Services
DNS Hosting Cloud Storage
Filesender IaaS
SaaS Web Hosting
Email Server Hosting
BdREN
NKN
MyREN
SingAREN
VinaREN
LEARN
Other Services
Consultancy/Training Videoconferencing
Domain Name Register IP Address Allocation
Virtual Learning Web/Desktop conference
22
LEARN – Services
eduroam
23
How eduroam works
eduroam is built with
• IEEE 802.1X (A standard for port based Network Access Control) and
• RADIUS (Remote Authentication Dial-In User Service).
IRS - Institutional Radius Server
Main Connectivity Topology for IRS’s
ac.lk
xxx.ac.lk
APAN TLS
IRS - Institutional Radius Server
Main Connectivity Topology for IRS’s
ac.lk
xxx.ac.lk
APAN TLS
xxx.ac.lk
IRS - Institutional Radius Server
Main Connectivity Topology for IRS’s
ac.lk
aa.xxx.ac.lk
APAN TLS
xxx.ac.lk
bb.xxx.ac.lk
IRS - Institutional Radius Server
Main Connectivity Topology for IRS’s
ac.lk
aa.xxx.ac.lk
APAN TLS
xxx.ac.lk
bb.xxx.ac.lk
IRS - Institutional Radius Server
Main Connectivity Topology for IRS’s
ac.lk
aa.xxx.ac.lk
APAN TLS
xxx.ac.lk
eduroam and LEARN - Timeline
30
eduroam - Current Members
1
13 1
1
1
1
Institute Joined Date
Open University of Sri Lanka 2015/09
University of Kelaniya 2015/09
University of Peradeniya 2015/10
University of Colombo, School of Computing 2015/11
University of Moratuwa 2016/03
Faculty of Engineering, University of Ruhuna 2016/06
Informatics Institute of Technology 2016/12
University of the Visual and Performing Arts 2017/10
Sabaragamuwa University 2017/10
Uva-Wellassa University 2018/10
Industrial Technology Institute 2018/10
Faculty of Medicine, University of Kelaniya, Ragama 2018/10
Arthur C Clarke Institute for Modern Technologies 2018/10
Faculty of Technology, University of Ruhuna 2019/05
University Grants Commission (UGC) 2019/06
University of Colombo 2019/07
South Eastern University 2019/08
1
§ Increase the number of eduroam IRS’s
§ Awareness programs for Academics, Students, Researchers, etc.
§ Awareness poster campaign
§ Extend eduroam coverage to selected public places
§ REQUEST to ISPs
eduroam - Future Plans
32
LEARN – Services
Identity Access Management
(IAM)
The Model
Centered on the User Identifier (NetID) - A single unique University wide
identifier bound to the individual user and used at log-in to provision:
Authentication
Quickly verify user identities
(Who you are?)
Authorization
Control users access
(What you can access?)
Administration
Manage user privileges by role, group, status, etc.
Allows for fine-grained policy application
Federated Identity
Current mechanisms
• Assume applications are within the
same administrative domain.
• Adding an external user means creating
an account in your ID system.
• This could result in the new user having
access to more than just the intended
application.
Federated Identity Management (FIM)
• Securely shares information managed
at a users home organization with
remote services.
• It doesn’t matter if the service is in your
administrative domain or another. It’s all
handled the same way.
Identity
Provider
Service
Provider
Access Authenticate
Service
Provider
Federated Identity
§ A Service Provider (SP) relies on the AuthN at the IdP, consumes the
information the IdP provided and makes it available to the application.
Access
Authentication (AuthN)
takes place where the user
is known
Identity Provider (IdP)
publishes authentication
and identity information
about its users
Authorization (AuthZ)
happens on the service's
side
Federated Identity
§ The first principle within federated identity management is the active
protection of user information
§ Protect the user’s credentials
§ Only the IdP ever handles the credentials
§ Protect the user's personal data, including the identifier
§ A customized set of information gets released to each SP
Identity Providers
Organisations with users run Identity Providers
§ Provide a login page
§ Provides a mechanism for consent of attribute
release
§ Login page is branded to the organisation
§ Login against the organisation LDAP or AD
§ Manages password reset
§ Provisions and de-provisions accounts
§ Agrees to the federation policies
Can be used for campus Single Sign-on as well as
federated SSO!
Service Providers
Run by organizations that have something to offer the federation community
§ Hands off authentication to IdPs
§ Obtains attributes from IdPs
§ Agrees to the federation policies
Federated Identity Management
SP – Service Provider
IdP – Identity Provider
Traditional Approach
Collaboration Identity Institutional Identity
Cloud
Google Docs
amara1234@gmail.com
collaborator1234@gmail.com
amara@inst.ac.lk
collaborator1234@university.ed.uk
Institutional infrastructure
@ inst
amara@inst.ac.lk
collaborator1234@inst.ac.lk
amara@inst.ac.lk
collaborator1234@university.ed.uk
FIM Approach
Collaboration Identity Institutional Identity
Cloud
amara@inst.ac.lk
collaborator1234@university.ed.uk
amara@inst.ac.lk
collaborator1234@university.ed.uk
Institutional infrastructure
@ inst
amara@inst.ac.lk
collaborator1234@university.ed.uk
amara@inst.ac.lk
collaborator1234@university.ed.uk
https://liaf.ac.lk
Introducing LEARN IAF
Federation Registry
https://fr.ac.lk
Discovery Service
https://fds.ac.lk
LIAF Architecture
eduroam NRO
eduroam
IRS
fr.ac.lk
Web based GUI IDP
User Database
Killer App?
Introduced Zoom Video Conferencing with Federated Access using SATOSA SAML Proxy
https://learn.zoom.us
Did an informational seminar to Technical / Non Tech 200 users on 12th July 2019
Institute Joined Date
Industrial Technology Institute - Sri Lanka 2018-11-06
Faculty of Medicine, University of Kelaniya 2018-11-28
Faculty of Technology, University of Ruhuna 2018-12-20
University of Colombo School of Computing 2019-06-07
University of the Visual and Performing Arts 2019-06-12
University Grants Commission - Sri Lanka 2019-06-12
University of Kelaniya - Sri Lanka 2019-06-13
University of Moratuwa 2019-06-14
IDP for LEARN Staff 2018-10-16
Faculty of Engineering, University of Ruhuna 2019-06-21
Uwa Wellassa University 2019-07-04
Faculty of Medicine, University of Ruhuna 2019-07-10
University of Colombo 2019-08-08
University of Peradeniya 2019-08-17
South Eastern University 2019-08-23
University of Ruhuna 2019-08-28
University of Sri Jayawardenapura 2019-09-05
Current Members
1
10 1
1
1
3
LEARN as a Service Provider
§ LEARN maintains a local indico instance as an event manager, opened to all through
eduGAIN with Research and Scholarship Entity Category, Uses eduTEAMS as discovery
service.
§ eduTEAMS is a IDP discovery service provided by eduGAIN to identify participating IDP’s
https://indico.learn.ac.lk
49
LEARN is a Member of eduGAIN
§ Increase the number of IDPs
§ More awareness programs for Academics, Students, Researchers, etc.
§ extend eduroam coverage to selected public places so that people will be
interested more on Identity enabled Services
§ Implement Monitoring and Analysis tools
§ Introduce SAML based authentication to all other LEARN provided services +
increase SPs
§ Hire some additional staff to be dedicated on LIAF activities – partially done
§ Request from ISP's to enable LIAF to their services, opening doors to 1000's
of academics and students
§ Include gov.lk portals through LGN (Lanka Government Network)
Future Plans
§ LEARN and the ISPs
§ Connectivity
§ eduroam
§ Identity Access Management
(IAM)
Summary
§ TEIN*CC
§ Thilina Pathirana, LEARN
§ Internet Sources
Acknowledgement
Thank you!
52

More Related Content

Similar to LKNOG3 - Tapping into the ISPs

February Board of Governors Presentation
February Board of Governors PresentationFebruary Board of Governors Presentation
February Board of Governors Presentationdcaryll
 
BOG Presentations
BOG PresentationsBOG Presentations
BOG Presentationsdcaryll
 
Education Roaming and Identity Federation Development
Education Roaming and Identity Federation DevelopmentEducation Roaming and Identity Federation Development
Education Roaming and Identity Federation Developmentirfanullahkhan64
 
Internet Measurements Infrastructure at KENET
Internet Measurements Infrastructure at KENETInternet Measurements Infrastructure at KENET
Internet Measurements Infrastructure at KENETInternet Society
 
Future Networks for Learning and Teaching
Future Networks for Learning and TeachingFuture Networks for Learning and Teaching
Future Networks for Learning and TeachingJamesDiffin
 
SUPPLY CHAIN MANAGEMENT UNIVERSITY OF NORTHERN PHILIPPINES, AN ACADEMIC INSTI...
SUPPLY CHAIN MANAGEMENT UNIVERSITY OF NORTHERN PHILIPPINES, AN ACADEMIC INSTI...SUPPLY CHAIN MANAGEMENT UNIVERSITY OF NORTHERN PHILIPPINES, AN ACADEMIC INSTI...
SUPPLY CHAIN MANAGEMENT UNIVERSITY OF NORTHERN PHILIPPINES, AN ACADEMIC INSTI...Arpee Callejo
 
Associate Consultant_Talluru_Vuddara_Anusha
Associate Consultant_Talluru_Vuddara_AnushaAssociate Consultant_Talluru_Vuddara_Anusha
Associate Consultant_Talluru_Vuddara_AnushaAnu Venkat
 
Application of FOSS in University Libraries in Sri Lanka
Application of FOSS in University Libraries in Sri LankaApplication of FOSS in University Libraries in Sri Lanka
Application of FOSS in University Libraries in Sri LankaUniversity
 
Infor bullet-mba-2011-12
Infor bullet-mba-2011-12Infor bullet-mba-2011-12
Infor bullet-mba-2011-12ahsanrabbani
 
An Insight on Pro-Green: Professional Online Diploma - The experience of PRO...
An Insight on Pro-Green: Professional Online Diploma - The experience of  PRO...An Insight on Pro-Green: Professional Online Diploma - The experience of  PRO...
An Insight on Pro-Green: Professional Online Diploma - The experience of PRO...UNIMED - Mediterranean Universities Union
 
C poe edld 5362 information technology strategic plan for lscs w-narratives
C poe   edld 5362 information technology strategic plan for lscs w-narrativesC poe   edld 5362 information technology strategic plan for lscs w-narratives
C poe edld 5362 information technology strategic plan for lscs w-narrativesCarolyn Poe
 
Cpoe EDLD 5362 information technology strategic plan for lscs w-narratives
Cpoe EDLD 5362 information technology strategic plan for lscs w-narrativesCpoe EDLD 5362 information technology strategic plan for lscs w-narratives
Cpoe EDLD 5362 information technology strategic plan for lscs w-narrativesCarolyn Poe
 
C poe edld 5362 information technology strategic plan for lscs w-narratives
C poe   edld 5362 information technology strategic plan for lscs w-narrativesC poe   edld 5362 information technology strategic plan for lscs w-narratives
C poe edld 5362 information technology strategic plan for lscs w-narrativesCarolyn Poe
 

Similar to LKNOG3 - Tapping into the ISPs (20)

February Board of Governors Presentation
February Board of Governors PresentationFebruary Board of Governors Presentation
February Board of Governors Presentation
 
BOG Presentations
BOG PresentationsBOG Presentations
BOG Presentations
 
Education Roaming and Identity Federation Development
Education Roaming and Identity Federation DevelopmentEducation Roaming and Identity Federation Development
Education Roaming and Identity Federation Development
 
Internet Measurements Infrastructure at KENET
Internet Measurements Infrastructure at KENETInternet Measurements Infrastructure at KENET
Internet Measurements Infrastructure at KENET
 
Eduroam network
Eduroam networkEduroam network
Eduroam network
 
Future Networks for Learning and Teaching
Future Networks for Learning and TeachingFuture Networks for Learning and Teaching
Future Networks for Learning and Teaching
 
SUPPLY CHAIN MANAGEMENT UNIVERSITY OF NORTHERN PHILIPPINES, AN ACADEMIC INSTI...
SUPPLY CHAIN MANAGEMENT UNIVERSITY OF NORTHERN PHILIPPINES, AN ACADEMIC INSTI...SUPPLY CHAIN MANAGEMENT UNIVERSITY OF NORTHERN PHILIPPINES, AN ACADEMIC INSTI...
SUPPLY CHAIN MANAGEMENT UNIVERSITY OF NORTHERN PHILIPPINES, AN ACADEMIC INSTI...
 
Associate Consultant_Talluru_Vuddara_Anusha
Associate Consultant_Talluru_Vuddara_AnushaAssociate Consultant_Talluru_Vuddara_Anusha
Associate Consultant_Talluru_Vuddara_Anusha
 
Application of FOSS in University Libraries in Sri Lanka
Application of FOSS in University Libraries in Sri LankaApplication of FOSS in University Libraries in Sri Lanka
Application of FOSS in University Libraries in Sri Lanka
 
Infor bullet-mba-2011-12
Infor bullet-mba-2011-12Infor bullet-mba-2011-12
Infor bullet-mba-2011-12
 
GOPINATH ME
GOPINATH MEGOPINATH ME
GOPINATH ME
 
saylee_resume
saylee_resumesaylee_resume
saylee_resume
 
An Insight on Pro-Green: Professional Online Diploma - The experience of PRO...
An Insight on Pro-Green: Professional Online Diploma - The experience of  PRO...An Insight on Pro-Green: Professional Online Diploma - The experience of  PRO...
An Insight on Pro-Green: Professional Online Diploma - The experience of PRO...
 
RDM @ Edinburgh - Arkivum Workshop
RDM @ Edinburgh - Arkivum WorkshopRDM @ Edinburgh - Arkivum Workshop
RDM @ Edinburgh - Arkivum Workshop
 
C poe edld 5362 information technology strategic plan for lscs w-narratives
C poe   edld 5362 information technology strategic plan for lscs w-narrativesC poe   edld 5362 information technology strategic plan for lscs w-narratives
C poe edld 5362 information technology strategic plan for lscs w-narratives
 
Gareth Frith
Gareth FrithGareth Frith
Gareth Frith
 
File_1614248802_brochure_file.pdf
File_1614248802_brochure_file.pdfFile_1614248802_brochure_file.pdf
File_1614248802_brochure_file.pdf
 
Cpoe EDLD 5362 information technology strategic plan for lscs w-narratives
Cpoe EDLD 5362 information technology strategic plan for lscs w-narrativesCpoe EDLD 5362 information technology strategic plan for lscs w-narratives
Cpoe EDLD 5362 information technology strategic plan for lscs w-narratives
 
C poe edld 5362 information technology strategic plan for lscs w-narratives
C poe   edld 5362 information technology strategic plan for lscs w-narrativesC poe   edld 5362 information technology strategic plan for lscs w-narratives
C poe edld 5362 information technology strategic plan for lscs w-narratives
 
GMRIT Profile v1.pptx
GMRIT Profile v1.pptxGMRIT Profile v1.pptx
GMRIT Profile v1.pptx
 

Recently uploaded

Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Internet of Things Presentation (IoT).pptx
Internet of Things Presentation (IoT).pptxInternet of Things Presentation (IoT).pptx
Internet of Things Presentation (IoT).pptxErYashwantJagtap
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationMarko4394
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 

Recently uploaded (17)

Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in  Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in  Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Internet of Things Presentation (IoT).pptx
Internet of Things Presentation (IoT).pptxInternet of Things Presentation (IoT).pptx
Internet of Things Presentation (IoT).pptx
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 

LKNOG3 - Tapping into the ISPs

  • 1. 1 Tapping into the ISPs LEARN’s Perspective Roshan Ragel BSc Eng, Ph.D. Consultant Presented at LkNOG3 on the 2nd of Oct 2019 in Colombo
  • 2. 2 Content 1. LEARN: Preamble 2. LEARN and the ISPs a. Connectivity b. Eduroam c. Identify Access Management
  • 4. § Formulated to establish Lanka Education And Research Network (LEARN), the NREN (National Research and Education Network) of Sri Lanka, as a Limited Guarantee Company 2009. § Membership 16 Full Members 15 Associate Members 15 Affiliate Members § The Operation of LEARN is Governed by the Articles of Association of LEARN (2009). § Managed by the LEARN Board of Directors, one member each from the full member institutions. 4 LEARN
  • 11. 12 LEARN – Member VPLS (Virtual Private LAN Service) Universities University of Colombo Eastern University University of Jaffna University of Kelaniya University of Moratuwa Open University of Sri Lanka University of Peradeniya Rajarata University University of Ruhuna Sabaragamuwa University South Eastern University University of Sri Jayawardenapura Uva-Wellassa University University of the Visual and Performing Arts Wayamba University Bhiksu University of Sri Lanka Buddhist & Pali University of Sri Lanka General Sir John Kotelawala Defense University Ocean University of Sri Lanka Sri Palee Campus Vocational Training Institutes Sri Lanka – German Training Institute (SLGTI) Sri Lanka Institute of Advanced Technological Education (SLIATE) Informatics Institute of Technology Research Institutes Arthur C Clarke Center for Modern Technologies (ACCMT) Industrial Technology Institute (ITI) National Institute of Fundamental Studies (NIFS) National Aquatic Resources Agency (NARA) National Science Foundation (NSF) National Engineering Research and Development Center (NERDC) Postgraduate Institutes Postgraduate Institute of Agriculture (PGIA) Postgraduate Institute of Medicine (PGIM) Postgraduate Institute of Humanities and Social Sciences (PGIHS)
  • 12. 13 LEARN – Member Backup VPLS (Virtual Private LAN Service) Universities University of Colombo Eastern University University of Jaffna University of Kelaniya University of Moratuwa Open University of Sri Lanka University of Peradeniya Rajarata University University of Ruhuna Sabaragamuwa University South Eastern University University of Sri Jayawardenapura Uva-Wellassa University University of the Visual and Performing Arts Wayamba University General Sir John Kotelawala Defense University
  • 13. 14 2Gbps Highest local link bandwidth § University of Peradeniya § University of Moratuwa 10Mbps Lowest local link bandwidth § Members with the higher bandwidths also have separate backup links from a second service provider § 300 Mbps - 1 Gbps→ 100 Mbps § > 1Gbps → 200 Mbps 77Connections Optical Fiber Member Connection - Summary
  • 15. 17 A long term (15 years) 100G Asia-Europe Backbone § Asiapacific-Europe Ring (AER) MoU (Putrajaya, 22 July 2019) • CAE-1 (AARNet, GÉANT, NORDUnet, SingAREN, SURFnet, TEIN*CC) and NICT, NII (Japan) • Extensive backup links ensure network resilience and boost connectivity between Asia and Europe for R&E
  • 16. 18 LEARN – QoS International Connectivity (average to Chennai and Singapore from Colombo/LEARN core) • Availability - 99.8% • Delay - 20ms • Jitter - 4ms • Packet loss – 0 (for non-congested fiber circuits) Local Connectivity (End Users to Colombo/LEARN core) • Availability - 99.5% • Delay – 4ms (end users to the LEARN core) • Jitter - 2ms • Packet loss – 0 (for non-congested fiber circuits) Delay Jitter Packet LossAvailability
  • 18. 20 BdREN NKN MyREN SingAREN VinaREN LEARN Network Services IP Connectivity IPv6 Virtual Circuit/VPN Muticast NTP Service Optical Wavelength 24x7 Monitoring BdREN NKN MyREN SingAREN VinaREN LEARN Security Services & Identity CERT/CSIRT DDoS Mitigation Vulnerability Scanning Anti-Spam Solution EduRoam InterFederation
  • 19. 21 BdREN NKN MyREN SingAREN VinaREN LEARN Hosting/Collocation Services DNS Hosting Cloud Storage Filesender IaaS SaaS Web Hosting Email Server Hosting BdREN NKN MyREN SingAREN VinaREN LEARN Other Services Consultancy/Training Videoconferencing Domain Name Register IP Address Allocation Virtual Learning Web/Desktop conference
  • 21. 23 How eduroam works eduroam is built with • IEEE 802.1X (A standard for port based Network Access Control) and • RADIUS (Remote Authentication Dial-In User Service).
  • 22. IRS - Institutional Radius Server Main Connectivity Topology for IRS’s ac.lk xxx.ac.lk APAN TLS
  • 23. IRS - Institutional Radius Server Main Connectivity Topology for IRS’s ac.lk xxx.ac.lk APAN TLS xxx.ac.lk
  • 24. IRS - Institutional Radius Server Main Connectivity Topology for IRS’s ac.lk aa.xxx.ac.lk APAN TLS xxx.ac.lk
  • 25. bb.xxx.ac.lk IRS - Institutional Radius Server Main Connectivity Topology for IRS’s ac.lk aa.xxx.ac.lk APAN TLS xxx.ac.lk
  • 26. bb.xxx.ac.lk IRS - Institutional Radius Server Main Connectivity Topology for IRS’s ac.lk aa.xxx.ac.lk APAN TLS xxx.ac.lk
  • 27. eduroam and LEARN - Timeline
  • 28. 30 eduroam - Current Members 1 13 1 1 1 1 Institute Joined Date Open University of Sri Lanka 2015/09 University of Kelaniya 2015/09 University of Peradeniya 2015/10 University of Colombo, School of Computing 2015/11 University of Moratuwa 2016/03 Faculty of Engineering, University of Ruhuna 2016/06 Informatics Institute of Technology 2016/12 University of the Visual and Performing Arts 2017/10 Sabaragamuwa University 2017/10 Uva-Wellassa University 2018/10 Industrial Technology Institute 2018/10 Faculty of Medicine, University of Kelaniya, Ragama 2018/10 Arthur C Clarke Institute for Modern Technologies 2018/10 Faculty of Technology, University of Ruhuna 2019/05 University Grants Commission (UGC) 2019/06 University of Colombo 2019/07 South Eastern University 2019/08 1
  • 29. § Increase the number of eduroam IRS’s § Awareness programs for Academics, Students, Researchers, etc. § Awareness poster campaign § Extend eduroam coverage to selected public places § REQUEST to ISPs eduroam - Future Plans
  • 30. 32 LEARN – Services Identity Access Management (IAM)
  • 31. The Model Centered on the User Identifier (NetID) - A single unique University wide identifier bound to the individual user and used at log-in to provision: Authentication Quickly verify user identities (Who you are?) Authorization Control users access (What you can access?) Administration Manage user privileges by role, group, status, etc. Allows for fine-grained policy application
  • 32. Federated Identity Current mechanisms • Assume applications are within the same administrative domain. • Adding an external user means creating an account in your ID system. • This could result in the new user having access to more than just the intended application. Federated Identity Management (FIM) • Securely shares information managed at a users home organization with remote services. • It doesn’t matter if the service is in your administrative domain or another. It’s all handled the same way. Identity Provider Service Provider Access Authenticate Service Provider
  • 33. Federated Identity § A Service Provider (SP) relies on the AuthN at the IdP, consumes the information the IdP provided and makes it available to the application. Access Authentication (AuthN) takes place where the user is known Identity Provider (IdP) publishes authentication and identity information about its users Authorization (AuthZ) happens on the service's side
  • 34. Federated Identity § The first principle within federated identity management is the active protection of user information § Protect the user’s credentials § Only the IdP ever handles the credentials § Protect the user's personal data, including the identifier § A customized set of information gets released to each SP
  • 35. Identity Providers Organisations with users run Identity Providers § Provide a login page § Provides a mechanism for consent of attribute release § Login page is branded to the organisation § Login against the organisation LDAP or AD § Manages password reset § Provisions and de-provisions accounts § Agrees to the federation policies Can be used for campus Single Sign-on as well as federated SSO!
  • 36. Service Providers Run by organizations that have something to offer the federation community § Hands off authentication to IdPs § Obtains attributes from IdPs § Agrees to the federation policies
  • 37. Federated Identity Management SP – Service Provider IdP – Identity Provider
  • 38. Traditional Approach Collaboration Identity Institutional Identity Cloud Google Docs amara1234@gmail.com collaborator1234@gmail.com amara@inst.ac.lk collaborator1234@university.ed.uk Institutional infrastructure @ inst amara@inst.ac.lk collaborator1234@inst.ac.lk amara@inst.ac.lk collaborator1234@university.ed.uk
  • 39. FIM Approach Collaboration Identity Institutional Identity Cloud amara@inst.ac.lk collaborator1234@university.ed.uk amara@inst.ac.lk collaborator1234@university.ed.uk Institutional infrastructure @ inst amara@inst.ac.lk collaborator1234@university.ed.uk amara@inst.ac.lk collaborator1234@university.ed.uk
  • 44. Killer App? Introduced Zoom Video Conferencing with Federated Access using SATOSA SAML Proxy https://learn.zoom.us Did an informational seminar to Technical / Non Tech 200 users on 12th July 2019
  • 45. Institute Joined Date Industrial Technology Institute - Sri Lanka 2018-11-06 Faculty of Medicine, University of Kelaniya 2018-11-28 Faculty of Technology, University of Ruhuna 2018-12-20 University of Colombo School of Computing 2019-06-07 University of the Visual and Performing Arts 2019-06-12 University Grants Commission - Sri Lanka 2019-06-12 University of Kelaniya - Sri Lanka 2019-06-13 University of Moratuwa 2019-06-14 IDP for LEARN Staff 2018-10-16 Faculty of Engineering, University of Ruhuna 2019-06-21 Uwa Wellassa University 2019-07-04 Faculty of Medicine, University of Ruhuna 2019-07-10 University of Colombo 2019-08-08 University of Peradeniya 2019-08-17 South Eastern University 2019-08-23 University of Ruhuna 2019-08-28 University of Sri Jayawardenapura 2019-09-05 Current Members 1 10 1 1 1 3
  • 46. LEARN as a Service Provider § LEARN maintains a local indico instance as an event manager, opened to all through eduGAIN with Research and Scholarship Entity Category, Uses eduTEAMS as discovery service. § eduTEAMS is a IDP discovery service provided by eduGAIN to identify participating IDP’s https://indico.learn.ac.lk
  • 47. 49 LEARN is a Member of eduGAIN
  • 48. § Increase the number of IDPs § More awareness programs for Academics, Students, Researchers, etc. § extend eduroam coverage to selected public places so that people will be interested more on Identity enabled Services § Implement Monitoring and Analysis tools § Introduce SAML based authentication to all other LEARN provided services + increase SPs § Hire some additional staff to be dedicated on LIAF activities – partially done § Request from ISP's to enable LIAF to their services, opening doors to 1000's of academics and students § Include gov.lk portals through LGN (Lanka Government Network) Future Plans
  • 49. § LEARN and the ISPs § Connectivity § eduroam § Identity Access Management (IAM) Summary § TEIN*CC § Thilina Pathirana, LEARN § Internet Sources Acknowledgement