Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet.

Slides:



Advertisements
Similar presentations
Joining eduroam Wireless Roaming for Education and Research.
Advertisements

Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,
Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,
SAVI Requirements and Solutions for ISP IPv6 Access Network ISP-access-01.txt.
McAfee One Time Password
Research on Networks Report on session on Grids & access Klaas Wierenga SURFnet Middleware Services Utrecht, 29 April 2004.
Terena Mobility Taskforce update Klaas Wierenga SURFnet.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
Application Guide For Mesh AP – MAP-3120
Southampton Open Wireless Network The Topology Talk.
Page 1 MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their.
Why eduroam sucks, and how to fix it.
Omniran GPP Trusted WLAN Access to EPC Use Case Analysis Date: Authors: NameAffiliationPhone Max RiegelNSN
TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
10 October 2003 Internet2 members meeting 1 An update on the work of JANET Wireless Advisory Group & The Terena Mobility Taskforce James Sankar UKERNA.
Copyright JNT Association 2006 The JANET Roaming Service.
The Nomadic Network Providing Secure, Scalable and Manageable Roaming, Remote and Wireless Data Services Josh Howlett & Nick Skelton Information Services,
5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.
EduRoam ESA workshop 17 December 2004 Utrecht.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Network Access and 802.1X Klaas Wierenga SURFnet
High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
WLAN Roaming for the European Scientific Community: Lessons Learned , June 9 th, 2004 Carsten Bormann Niels Pollem reporting on the work of TERENA.
TNC 2003 Wireless Campus project Coletta Elisa Marchioro -
High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005
Wbone: WLAN Roaming Based on Deep Security Zagreb, May 22 nd, 2003 Carsten Bormann Niels Pollem with a lot of help from TERENA TF Mobility.
EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004
WLAN Roaming for the European Scientific Community: Lessons Learned , June 9 th, 2004 Carsten Bormann Niels Pollem reporting on the work of TERENA.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
1 Terena Networking Conference 2003 Applying Radius-based Public Access Roaming in the Finnish University Network (FUNET) Sami Keski-Kasari Karri Huhtanen.
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.
What about 802.1X? An overview of possibilities for safe access to fixed and wireless networks Amsterdam, October Erik Dobbelsteijn.
Wireless ambitions Frans Panken I2 Spring meeting 24 april 2012.
AARNet Copyright 2010 Network Operations The eduroam project group
Leading Integration Solutions Provider Turn-key solution for Wireless / Wire-Line ISP and Telephony class 5 systems.
Altai Certification Training Backend Network Planning
Education roaming Secure Wireless Service for Research and Education.
VoIP in Disaster & Emergency Response Voice over IP in Disaster and Emergency Response Team Members: Muhammad Ali Mansoor A. Siddiqui Carlos Loarca de.
RIPE69 – MAT-WG – Wednesday, 5 November 2014 Brook Schofield, GÉANT Association eduroam: The Value of WLAN measurements for the R&E.
High-quality Internet for higher education and research Paul Dekkers April 4th, Turkey.
Michal Procházka, Jan Oppolzer CESNET.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
A Practical Guide for Joining EduRoam EuroCAMP Torino A Practical Guide for Joining EduRoam 4 March 2005 Version 1.6.
High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005
3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.
VoIP Meeting Authentication/Authorization 19/04/2006 Bea Huber, Fabio Vena.
International dialling scheme and Dr.ir. Egon Verharen Innovation management SURFnet bv Tyler Miller Johnson ATNS UNC Chapel Hill.
Wireless Authentication & 802.1X By Gareth Ayres.
Rich Kogut October, 2002 IT Vision/Strategy Working Presentation.
802.1X in SURFnet 22 May 2003.
TERENA TF-Mobility: Roaming for WLANs Tim Chown University of Southampton TF-Mobility WG & UKERNA Wireless Advisory Group.
K. Stoeckigt, E. Verharen, Secure real-time audio/video communication – H.350,
EDUROAM Michael Helm ESnet/LBL 26 Mar EduroamTAGPMA 27 Mar What Is Eduroam? The Roaming Scholar vs the Restricted Wireless Network –I am in.
輔大資工所 在職研一 報告人:林煥銘 學號: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein, Junbiao.
Single Sign-On in the Danish Educational Sector Per Thorboll Deputy director UNI-C.
Connect. Communicate. Collaborate TERENA Networking Conference, 7 june 2005 Eduroam: past, present, and future.
Security for (Wireless) LANs 802.1X workshop 30 & 31 March 2004 Amsterdam.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.
6 June 2004TF-Mobility meeting 6 June TF-Mobility meeting Agenda TF-Mobility Meeting, June Welcome and Update on TF-Mobility to date Discussion.
Deploying Authorization Mechanisms for Federated Services in eduroam Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007.
Integrating multiple wireless access control schemes at NTUA Spiros Papageorgiou, Christos Siaterlis NOC/NTUA.
19 May 2003 © The JNT Association Terena Technical Advisory Council Terena Mobility Task Force
1 Welcome to Designing a Microsoft Windows 2000 Network Infrastructure.
6/12/2016 AEB/Yleisesittely WLAN roaming experiences using Shibboleth TNC 2004, Rhodes 7th of June, 2004 Mikael Linden, Viljo Viitanen,
So how to identify exactly who and what is on your network at any point in time? Andrew Noonan, SE ForeScout February 2015.
10 Years of eduroam (from an idea to a product)
PPPoE Internet Point to Point Protocol over Ethernet
TF-Mobility update TF-EMC2, Barcelona 9 September 2005.
Presentation transcript:

Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet

2 Web-based with RADIUS Internet Docking Network Access Control Device AAA Server WWW-browser RADIUS based Web interface authentication at the University of Tampere The Finnish are scaling their solution by using a hierarchy of RADIUS proxy servers for their national infrastructure

3 Intranet X Docking network Campus Network G-WiN VPN-Gateways DHCP, DNS, free Web Intranet X Docking network Campus Network G-WiN VPN-Gateways DHCP, DNS, free Web VPN SWITCHmobile – VPN solution deployed at 7 universities across Switzerland. Wbone – VPN roaming solution to 4 universities / colleges in state of Bremen. A "virtual campus" initiative in Lisbon, and been testing and developing a VPN & PKI infrastructure. PPPoE – University of Bristol

4 Cross-domain 802.1X with VLAN assignment RADIUS server Institution B RADIUS server Institution A Internet Central RADIUS Proxy server Authenticator (AP or switch) User DB Supplicant Guest Student VLAN Guest VLAN Employee VLAN Authentication at home institution, 802.1X, TTLS (SecureW2), (proxy) RADIUS. One time passwords are also transmitted via SMS to guest users. A RADIUS Hierarchy is proposed to scale this to a European wide solution.

5 Current status Characteristics identified as –802.1X - “The future”, easy to scale, secure but cutting edge, thus expensive. –VPN - Widely available, expensive, secure & hard to scale. –Web based – cheap, widely available, easy to scale, but not secure. Preliminary selection for inter-NREN roaming – in draft, conclusions are –No national solution meets all the requirements. –The group has chosen not to consider the following –Local VPN access. –PKI –An architecture that supports the various national solutions is needed, a three stream approach is recommended…

6 Controlled Address Space for VPN Gateways Design and work plan documentation underway. Interoperability tests of VPN to RADIUS proxy hierarchy agreed. Further work to follow.

7 FCCN RADIUS Proxy servers connecting to a European level RADIUS proxy server UKERNA SURFnet FUNET DFN CARnet Radius proxy hierarchie CESnet RedIRIS UNI-C GRnet

8 Integration? 802.1X –Secure SSID –RADIUS Web-based captive portal –Open SSID –RADIUS PKI-based –Open SSID –No RADIUS

9 Network layout with multiple SSID’s and VLAN assignment

10 Network layout without multiple SSID’s and VLAN assignment

11 Layer 2 design of the interoperability testbed

12 Conclusions It is possible to create an interoperable solution It’s not that hard – especially when you use delievrable H to guide you Future will show if and how these solutions will continue to be in existence Del. H provides also a easy upgrade path