Philippe Hanset ANYROAM LLC phanset@anyroam.net 8/23/13 Great Plains Network

eduroam is a NET+ Service www.internet2.edu/netplus/eduroam/ www.eduroam.us This work has received support from 8/23/13 Great Plains Network

eduroam is provided by 8/23/13 Great Plains Network

eduroam is The ease of use of cellular for Wi-Fi (even internationally, users are not charged) A bungee cord for WPA-2 enterprise An automatic guest-access provisioning tool 8/23/13 Great Plains Network

eduroam is not A replacement for your existing guest access It is a complement to what you already have to make your infrastructure compatible with others Your users can join eduroam when traveling You can welcome eduroam users on your campus A VPN to your home institution 8/23/13 Great Plains Network

Technology Overview eduroam is EAP insensitive (but requires a tunneled EAP-method like PEAP or EAP-TTLS Encryption Initial authentication between device and home RADIUS traffic between device and WLAN Great service for Identity Based Networking Reminder: WPA-2 enterprise (AKA 802.1X) is a Layer 2 protocol 8/23/13 Great Plains Network

eduroam in the US 8/23/13 Great Plains Network

Let’s not forget 8/23/13 Great Plains Network

Growth in one year 8/23/13 Great Plains Network

eduroam Worldwide 8/23/13 Great Plains Network

Time consuming ? Connect your RADIUS to the eduroam federation Shared Secret and IP address exchange Create RADIUS rules Exchange test credentials Check Firewall(s) Create an SSID and assign a network (even your existing guest network) Inform your community about eduroam Very little load on Help Desk 8/23/13 Great Plains Network

How to join? www.eduroam.us, click on “Join eduroam-US” (left side bar) Welcome message a more formal NET+ agreement is in the works Peering Process (to VA and to KS) 8/23/13 Great Plains Network

Policies No Web portal between authentication and Internet Users always contact Home Helpdesk first 6 Months RADIUS logs retention Handling of abuse Block users (MAC, REALM, CUI) DMCA complaints 8/23/13 Great Plains Network

Business Model Included in Membership fee for Internet2 members $500 initial setup coming soon (when NSF funding dries out) Yearly fee for non-members ~10 cents per student per year Large entities (school systems) model being discussed 8/23/13 Great Plains Network

Free eduroam tools eduroam companion for iOS and Android eduroam CAT (802.1X installer) http://cat.eduroam.org Coming up: As part of InCommon Certificate Service: InCert (www.internet2.edu/incert) 8/23/13 Great Plains Network

eduroam Companion 8/23/13 Great Plains Network

eduroam Companion (cont.) 8/23/13 Great Plains Network

eduroam only (native) … Less Network Name (SSID) confusion VLAN assignment done based on REALM (e.g. @local.edu ≠ @remote.edu) CAT tool for all of campus Saves on Help Desk Saves on existing installer cost Branding ? 802.11u will make SSIDs irrelevant in a few years 8/23/13 Great Plains Network

Resources Administrator Guide at eduroam.us and also eduroam.org Internet2 discussion list for eduroam administrators: https://lists.internet2.edu/sympa/info/netplus-eduroam-admins TF-MNM (a TERENA resource) Our team will help you from A to Z 8/23/13 Great Plains Network

Contact us… support@anyroam.net 8/23/13 Great Plains Network