A Practical Guide for Joining EduRoam

EuroCAMP TorinoA Practical Guide for Joining EduRoam

chris.myers@grangenet.net4 March 2005

Version 1.6

Contents

• What’s this EduRoam thing?• Is there a community?• What is in it for me?• Local NREN EduRoam portal.• Team Requirements.• Local Wireless Implementation.• Radius implementation.• Layer 8.

What’s this EduRoam thing?• EduRoam is a Federated Authentication Trust Framework

• For wireless networks

• Which allows roving researchers to login

• With their standard user name and password

• To wireless networks at participating organizations

• Around the world

• To access resources at their home or local institution.

Contents

• What’s this EduRoam thing?• Is there a community?• What is in it for me?• Local NREN EduRoam portal.• Team Requirements.• Local Wireless Implementation.• Radius implementation.• Layer 8.

Is there a community?

Dec 2004 There are over 350 participating institutions

Global Participants EduRoam

Is there a community?

Camp Delegates declare YES! to Interest in EduRoam trials at The Australian Middleware Camp 2004.

Developing a local community.• Performed extensive PR campaign.• Concept presentations to RNO’s

– Technical – Management levels.

• Web presents established.• Target meetings with critical path

organizations.• Email and news release campaign.• Track release propagation via web

trends.• Presentations at conferences and

meetings.

Contents

• What’s this EduRoam thing?• Is there a community?• What is in it for me?• Local NREN EduRoam portal.• Team Requirements.• Local Wireless Implementation.• Radius implementation.• Layer 8.

What is in it for me?Users

– On demand network access.

• Mobility

• Coverage

• Security

• Performance

• user-friendly environment– The ability to work on collaborative e-science projects.– Reduced costs due to VoIP calls using SIP or H323 over

wireless.– The ability to use your own laptop computer and PDA’s– A reduction in productivity loss in visiting other institutions.

What is in it for me?

NRENs–A value add services. –The encourage and support of collaborative environments.

–Support for network access for guests.–Answer user demand for coverage, security and performance.

–Solution for Inter University Conferences. (with safe wireless)

What is in it for me?

Turn key solution for

–A local authentication framework.

–A global authentication framework.

–A interconnect policy framework to base other systems on.

Contents

• What’s this EduRoam thing?• Is there a community?• What is in it for me?• Local NREN EduRoam portal.• Team Requirements.• Local Wireless Implementation.• Radius implementation.• Layer 8.

Local NREN EduRoam Portal.

Local NREN EduRoam Portal.

Elements of a portal

•Local information •Services•Participants•Policies•Technology

•International links•Information for roaming

•Mail lists•How to contact Groups

Local NREN EduRoam Portal.

Data Mining

•Who’s interested.

•Where are they from.

•Are you hitting your targets

Local NREN EduRoam Portal.

•Did any one read the news release•Put links in your news release (this helps)

•How can I exploit this information

Local NREN EduRoam Portal.

Feed Back and help.

•Feed back is important.•for the program.•for the NREN.•for the Institute.•For the user.

•Use detailed user guides on portal•Put in links to the WIKI forum.•The user that can help themselves don’t call.

WIKI forum page

Contents

• What’s this EduRoam thing?• Is there a community?• What is in it for me?• Local NREN EduRoam portal.• Team Requirements.• Local Wireless Implementation.• Radius implementation.• Layer 8.

Team RequirementsWhat people are required for EduRoam

–The wireless people• Basic wireless administration skills.

–The directory people• Average Radius administrative skills.

–The security people.• Average firewall/ACL skills

–The desktop support.• Basic to Average skills

• Its not about the technology that’s easy.

Team Requirements

What the people require from EduRoam –Trust.

• Policy.

• Reactive, collaborative, community.

• Policy.

–For the NREN press the flesh.

• Its all about the People.

Contents

• What’s this EduRoam thing?• Is there a community?• What is in it for me?• Local NREN EduRoam portal.• Team Requirements.• Local Wireless Implementation.• Radius implementation.• Layer 8.

Local Wireless Implementation

802.1x Tools• SecureW2 Alfa & ArissSecureW2 for Windows platforms is the cost effective and most robust client solution for deploying 802.1X networks. The SecureW2 Client enables EAP-TTLS using the standard Microsoft IEEE 802.1X Client currently available for Windows 2000, Windows XP and Pocket PC 2003.

• Now open source

Local Wireless Implementation

• Under Security, Encryption Manager.

• Select VLAN in drop down box under Set Encryption Mode and Key for VLAN.

• Select Cipher in Encryption Modes.

• Select TKIP in Cipher drop down box.

• Clear Encryption keys.• Select Encryption key 2.

Cisco 1200 Series Access Point setup for EduRoam

Local Wireless Implementation

• Under Security, SSID Manager.• Select eduroam SSID.• Under Authentication Settings,

Methods Accepted.• Select open Authentication with EAP in

the drop box.• Select Network EAP.• Under Authentication Settings, Server

Properties.• Select Customize.• Under Priority 1 select your RADIUS

servers address.

Contents

• What’s this EduRoam thing?• Is there a community?• What is in it for me?• Local NREN EduRoam portal.• Team Requirements.• Local Wireless Implementation.• Radius implementation.• Layer 8.

Radius Implementation

• Create National radius server.• Federate to international server.

–Good service selling point.

• Create institutional Radius services. • Create test accounts.

–On all sites

• Radius Tools–Free RADIUS - A most excellent free radius server

Radius Implementation• Deliver cookie cuts. (AUS example)

– config for end user to connect to national server

– realm DEFAULT {– type = radius– authhost = 203.22.212.134:1812– accthost = 203.22.212.134:1813– secret = XXXXXXXXXXXX– nostrip– }

– client 203.22.212.134 {– shortname = national-au-eduroam1– secret = XXXXXXXXXX– }

Radius Implementation

Radius Implementation

Radius Implementation

Contents

• What’s this EduRoam thing?• Is there a community?• What is in it for me?• Local NREN EduRoam portal.• Team Requirements.• Local Wireless Implementation.• Radius implementation.• Layer 8.

Layer 8Layer 8

–Can be your friend.• They want the service.• They can see the business drivers.• Will divert resources to the project.

–Can be your enemy.• They Can have unrealistic expectations. • The work policy triggers lawyers.• Lawyer means money and long documents.

Layer 8

Know your Landscape–What is out there. –What does the community want.–Can you meet there requirements.–Can you control expectation. –Can you deliver the service.–Were can you go for help

Layer 8

An EduRoam deployment requires six deliverables;–Inter University Access Policy.–Acceptable use Policy.–Interconnected Trusted Wireless Federation.–Security Framework Model.–EduRoam branded Web Portal.–Inter continental Global Federation.

Layer 8

• Minimum Service levels. (AUS)–EduRoam SSID broadcasted.

• (if technically possible on AP).–802.1x WPA TKIP EAP-TTLS–http, https & VPN pass though permitted.–Radius Server.–EduRoam portal at site.

Security is locally enforced.So you are in control of your environment.

EduRoam Links

International linkshttp://www.eduroam.org

http://www.eduroam.nl/en/index.shtmlhttp://www.eduroam.edu.au

http://www.terena.nl/tech/task-forces/tf-mobility/http://www.ja.net/development/aa/lin/index.html

email enquiriesjoin@eduroam.org

gwg-eduroam@eduroam.edu.auapan-eduroam@eduroam.edu.au

enquiries@eduroam.edu.au

EuroCAMP 2005

Thankyou

Please Join the EduRoam

http://www.grangenet.net