Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

LKNOG3 - Tapping into the ISPs

18 views

Published on

Presentation by Prof. Roshan Ragel at the LKNOG3 conference, Colombo 2019

Published in: Internet
  • Be the first to comment

  • Be the first to like this

LKNOG3 - Tapping into the ISPs

  1. 1. 1 Tapping into the ISPs LEARN’s Perspective Roshan Ragel BSc Eng, Ph.D. Consultant Presented at LkNOG3 on the 2nd of Oct 2019 in Colombo
  2. 2. 2 Content 1. LEARN: Preamble 2. LEARN and the ISPs a. Connectivity b. Eduroam c. Identify Access Management
  3. 3. 3 LEARN - PREAMBLE
  4. 4. § Formulated to establish Lanka Education And Research Network (LEARN), the NREN (National Research and Education Network) of Sri Lanka, as a Limited Guarantee Company 2009. § Membership 16 Full Members 15 Associate Members 15 Affiliate Members § The Operation of LEARN is Governed by the Articles of Association of LEARN (2009). § Managed by the LEARN Board of Directors, one member each from the full member institutions. 4 LEARN
  5. 5. 5 16 Full Members
  6. 6. 6 15 Associate Members
  7. 7. 7 15 Affiliate Members
  8. 8. 8 LEARN - HISTORY
  9. 9. 10 LEARN – Connectivity Backbone
  10. 10. 11 LEARN – Network
  11. 11. 12 LEARN – Member VPLS (Virtual Private LAN Service) Universities University of Colombo Eastern University University of Jaffna University of Kelaniya University of Moratuwa Open University of Sri Lanka University of Peradeniya Rajarata University University of Ruhuna Sabaragamuwa University South Eastern University University of Sri Jayawardenapura Uva-Wellassa University University of the Visual and Performing Arts Wayamba University Bhiksu University of Sri Lanka Buddhist & Pali University of Sri Lanka General Sir John Kotelawala Defense University Ocean University of Sri Lanka Sri Palee Campus Vocational Training Institutes Sri Lanka – German Training Institute (SLGTI) Sri Lanka Institute of Advanced Technological Education (SLIATE) Informatics Institute of Technology Research Institutes Arthur C Clarke Center for Modern Technologies (ACCMT) Industrial Technology Institute (ITI) National Institute of Fundamental Studies (NIFS) National Aquatic Resources Agency (NARA) National Science Foundation (NSF) National Engineering Research and Development Center (NERDC) Postgraduate Institutes Postgraduate Institute of Agriculture (PGIA) Postgraduate Institute of Medicine (PGIM) Postgraduate Institute of Humanities and Social Sciences (PGIHS)
  12. 12. 13 LEARN – Member Backup VPLS (Virtual Private LAN Service) Universities University of Colombo Eastern University University of Jaffna University of Kelaniya University of Moratuwa Open University of Sri Lanka University of Peradeniya Rajarata University University of Ruhuna Sabaragamuwa University South Eastern University University of Sri Jayawardenapura Uva-Wellassa University University of the Visual and Performing Arts Wayamba University General Sir John Kotelawala Defense University
  13. 13. 14 2Gbps Highest local link bandwidth § University of Peradeniya § University of Moratuwa 10Mbps Lowest local link bandwidth § Members with the higher bandwidths also have separate backup links from a second service provider § 300 Mbps - 1 Gbps→ 100 Mbps § > 1Gbps → 200 Mbps 77Connections Optical Fiber Member Connection - Summary
  14. 14. 15 LEARN as an NREN
  15. 15. 17 A long term (15 years) 100G Asia-Europe Backbone § Asiapacific-Europe Ring (AER) MoU (Putrajaya, 22 July 2019) • CAE-1 (AARNet, GÉANT, NORDUnet, SingAREN, SURFnet, TEIN*CC) and NICT, NII (Japan) • Extensive backup links ensure network resilience and boost connectivity between Asia and Europe for R&E
  16. 16. 18 LEARN – QoS International Connectivity (average to Chennai and Singapore from Colombo/LEARN core) • Availability - 99.8% • Delay - 20ms • Jitter - 4ms • Packet loss – 0 (for non-congested fiber circuits) Local Connectivity (End Users to Colombo/LEARN core) • Availability - 99.5% • Delay – 4ms (end users to the LEARN core) • Jitter - 2ms • Packet loss – 0 (for non-congested fiber circuits) Delay Jitter Packet LossAvailability
  17. 17. 19 LEARN – Services Overview
  18. 18. 20 BdREN NKN MyREN SingAREN VinaREN LEARN Network Services IP Connectivity IPv6 Virtual Circuit/VPN Muticast NTP Service Optical Wavelength 24x7 Monitoring BdREN NKN MyREN SingAREN VinaREN LEARN Security Services & Identity CERT/CSIRT DDoS Mitigation Vulnerability Scanning Anti-Spam Solution EduRoam InterFederation
  19. 19. 21 BdREN NKN MyREN SingAREN VinaREN LEARN Hosting/Collocation Services DNS Hosting Cloud Storage Filesender IaaS SaaS Web Hosting Email Server Hosting BdREN NKN MyREN SingAREN VinaREN LEARN Other Services Consultancy/Training Videoconferencing Domain Name Register IP Address Allocation Virtual Learning Web/Desktop conference
  20. 20. 22 LEARN – Services eduroam
  21. 21. 23 How eduroam works eduroam is built with • IEEE 802.1X (A standard for port based Network Access Control) and • RADIUS (Remote Authentication Dial-In User Service).
  22. 22. IRS - Institutional Radius Server Main Connectivity Topology for IRS’s ac.lk xxx.ac.lk APAN TLS
  23. 23. IRS - Institutional Radius Server Main Connectivity Topology for IRS’s ac.lk xxx.ac.lk APAN TLS xxx.ac.lk
  24. 24. IRS - Institutional Radius Server Main Connectivity Topology for IRS’s ac.lk aa.xxx.ac.lk APAN TLS xxx.ac.lk
  25. 25. bb.xxx.ac.lk IRS - Institutional Radius Server Main Connectivity Topology for IRS’s ac.lk aa.xxx.ac.lk APAN TLS xxx.ac.lk
  26. 26. bb.xxx.ac.lk IRS - Institutional Radius Server Main Connectivity Topology for IRS’s ac.lk aa.xxx.ac.lk APAN TLS xxx.ac.lk
  27. 27. eduroam and LEARN - Timeline
  28. 28. 30 eduroam - Current Members 1 13 1 1 1 1 Institute Joined Date Open University of Sri Lanka 2015/09 University of Kelaniya 2015/09 University of Peradeniya 2015/10 University of Colombo, School of Computing 2015/11 University of Moratuwa 2016/03 Faculty of Engineering, University of Ruhuna 2016/06 Informatics Institute of Technology 2016/12 University of the Visual and Performing Arts 2017/10 Sabaragamuwa University 2017/10 Uva-Wellassa University 2018/10 Industrial Technology Institute 2018/10 Faculty of Medicine, University of Kelaniya, Ragama 2018/10 Arthur C Clarke Institute for Modern Technologies 2018/10 Faculty of Technology, University of Ruhuna 2019/05 University Grants Commission (UGC) 2019/06 University of Colombo 2019/07 South Eastern University 2019/08 1
  29. 29. § Increase the number of eduroam IRS’s § Awareness programs for Academics, Students, Researchers, etc. § Awareness poster campaign § Extend eduroam coverage to selected public places § REQUEST to ISPs eduroam - Future Plans
  30. 30. 32 LEARN – Services Identity Access Management (IAM)
  31. 31. The Model Centered on the User Identifier (NetID) - A single unique University wide identifier bound to the individual user and used at log-in to provision: Authentication Quickly verify user identities (Who you are?) Authorization Control users access (What you can access?) Administration Manage user privileges by role, group, status, etc. Allows for fine-grained policy application
  32. 32. Federated Identity Current mechanisms • Assume applications are within the same administrative domain. • Adding an external user means creating an account in your ID system. • This could result in the new user having access to more than just the intended application. Federated Identity Management (FIM) • Securely shares information managed at a users home organization with remote services. • It doesn’t matter if the service is in your administrative domain or another. It’s all handled the same way. Identity Provider Service Provider Access Authenticate Service Provider
  33. 33. Federated Identity § A Service Provider (SP) relies on the AuthN at the IdP, consumes the information the IdP provided and makes it available to the application. Access Authentication (AuthN) takes place where the user is known Identity Provider (IdP) publishes authentication and identity information about its users Authorization (AuthZ) happens on the service's side
  34. 34. Federated Identity § The first principle within federated identity management is the active protection of user information § Protect the user’s credentials § Only the IdP ever handles the credentials § Protect the user's personal data, including the identifier § A customized set of information gets released to each SP
  35. 35. Identity Providers Organisations with users run Identity Providers § Provide a login page § Provides a mechanism for consent of attribute release § Login page is branded to the organisation § Login against the organisation LDAP or AD § Manages password reset § Provisions and de-provisions accounts § Agrees to the federation policies Can be used for campus Single Sign-on as well as federated SSO!
  36. 36. Service Providers Run by organizations that have something to offer the federation community § Hands off authentication to IdPs § Obtains attributes from IdPs § Agrees to the federation policies
  37. 37. Federated Identity Management SP – Service Provider IdP – Identity Provider
  38. 38. Traditional Approach Collaboration Identity Institutional Identity Cloud Google Docs amara1234@gmail.com collaborator1234@gmail.com amara@inst.ac.lk collaborator1234@university.ed.uk Institutional infrastructure @ inst amara@inst.ac.lk collaborator1234@inst.ac.lk amara@inst.ac.lk collaborator1234@university.ed.uk
  39. 39. FIM Approach Collaboration Identity Institutional Identity Cloud amara@inst.ac.lk collaborator1234@university.ed.uk amara@inst.ac.lk collaborator1234@university.ed.uk Institutional infrastructure @ inst amara@inst.ac.lk collaborator1234@university.ed.uk amara@inst.ac.lk collaborator1234@university.ed.uk
  40. 40. https://liaf.ac.lk Introducing LEARN IAF
  41. 41. Federation Registry https://fr.ac.lk
  42. 42. Discovery Service https://fds.ac.lk
  43. 43. LIAF Architecture eduroam NRO eduroam IRS fr.ac.lk Web based GUI IDP User Database
  44. 44. Killer App? Introduced Zoom Video Conferencing with Federated Access using SATOSA SAML Proxy https://learn.zoom.us Did an informational seminar to Technical / Non Tech 200 users on 12th July 2019
  45. 45. Institute Joined Date Industrial Technology Institute - Sri Lanka 2018-11-06 Faculty of Medicine, University of Kelaniya 2018-11-28 Faculty of Technology, University of Ruhuna 2018-12-20 University of Colombo School of Computing 2019-06-07 University of the Visual and Performing Arts 2019-06-12 University Grants Commission - Sri Lanka 2019-06-12 University of Kelaniya - Sri Lanka 2019-06-13 University of Moratuwa 2019-06-14 IDP for LEARN Staff 2018-10-16 Faculty of Engineering, University of Ruhuna 2019-06-21 Uwa Wellassa University 2019-07-04 Faculty of Medicine, University of Ruhuna 2019-07-10 University of Colombo 2019-08-08 University of Peradeniya 2019-08-17 South Eastern University 2019-08-23 University of Ruhuna 2019-08-28 University of Sri Jayawardenapura 2019-09-05 Current Members 1 10 1 1 1 3
  46. 46. LEARN as a Service Provider § LEARN maintains a local indico instance as an event manager, opened to all through eduGAIN with Research and Scholarship Entity Category, Uses eduTEAMS as discovery service. § eduTEAMS is a IDP discovery service provided by eduGAIN to identify participating IDP’s https://indico.learn.ac.lk
  47. 47. 49 LEARN is a Member of eduGAIN
  48. 48. § Increase the number of IDPs § More awareness programs for Academics, Students, Researchers, etc. § extend eduroam coverage to selected public places so that people will be interested more on Identity enabled Services § Implement Monitoring and Analysis tools § Introduce SAML based authentication to all other LEARN provided services + increase SPs § Hire some additional staff to be dedicated on LIAF activities – partially done § Request from ISP's to enable LIAF to their services, opening doors to 1000's of academics and students § Include gov.lk portals through LGN (Lanka Government Network) Future Plans
  49. 49. § LEARN and the ISPs § Connectivity § eduroam § Identity Access Management (IAM) Summary § TEIN*CC § Thilina Pathirana, LEARN § Internet Sources Acknowledgement
  50. 50. Thank you! 52

×