Presentation is loading. Please wait.

Presentation is loading. Please wait.

Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,

Similar presentations


Presentation on theme: "Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,"— Presentation transcript:

1 Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop, Barcelona, Spain

2 Connect. Communicate. Collaborate Contents Roaming acitivity in GEANT2 (JRA5, SA5) eduroam technology eduroam service –organisation –infrastructure elements –supporting elements Current status and plans

3 Connect. Communicate. Collaborate GEANT2 & roaming JRA5: Roaming and Authorisation –How to organise access to resources in the research and education area in a sufficiently safe and easy to handle way? –Work items: roaming (eduroam), AAI (eduGAIN), uSSO –JRA5 roaming vision: To build a roaming infrastructure enabling full mobility of members of the scientific community in Europe SA5: eduroam service activity –continue on JRA5 results in order to build and maintain reliable European eduroam service –provide: open your laptop and be online

4 Connect. Communicate. Collaborate Roaming requirements Identify users uniquely at the edge of the network Enable guest usage Scalable –local user administration and authentication Easy to install and use –at the most one-time installation by the user Open Secure

5 Connect. Communicate. Collaborate eduroam technology Security based on 802.1X –Integration with VLAN assignment –Protection of credentials Authentication based on EAP –Different authentication mechanisms possible by using EAP (Extensible Authentication Protocol) Roaming based on RADIUS proxying –Remote Authentication Dial In User Service –Transport-protocol for authentication information Trust fabric based on: –Technical: RADIUS hierarchy –Policy (federation agreement): Documents/contracts that define the responsibilities of user, institution, NREN and the respective federation

6 Connect. Communicate. Collaborate RADIUS server University B RADIUS server University A XYZnet Central RADIUS Proxy server Authenticator (AP or switch) User DB Supplicant user joe@university_b.hr Student VLAN Commercial VLAN Employee VLAN data signalling Trust: RADIUS & policy documents 802.1X + EAP (VLAN assignment) eduroam architecture: ubiquitous network access

7 Connect. Communicate. Collaborate eduroam confederation RADIUS hierarchy Connect. Communicate. Collaborate

8 eduroam goes global http://www.eduroam.org

9 Connect. Communicate. Collaborate (European) eduroam service eduroam user experience: open your laptop and be online To provide secure network access inside the confederation boundaries (to the end users) eduroam is a secure international roaming service for members of the European eduroam confederation (a confederation of autonomous roaming services) First steps in transition to service: –Service Definition and Implementation Plan –Policy

10 Connect. Communicate. Collaborate European eduroam confederation principles Members are European NRENs/NROs Members sign European eduroam policy commiting to the organisational and technical requirements Mutual access – no fees (for end users) Authentication at home - Authorisation at visited institution Home institutions are/remain responsible for their users abroad Members promote eduroam in their countries European eduroam may peer with other regions (confederation level)

11 Connect. Communicate. Collaborate Confederated eduroam service Encompasses all the elements necessary to support the Service –confederation infrastructure –establishing trust between the member federations –monitoring and diagnostic facilities –central data repository (eduroam database) –confederation level user support

12 Connect. Communicate. Collaborate eduroam service model national eduroam service (provided by NREN/NRO) eduroam confederation service (provided by OT) eduroam service (governed by SA5)...

13 Connect. Communicate. Collaborate eduroam service elements Technology infrastructure Supporting infrastructure –monitoring and diagnostics –eduroam web site (http://www.eduroam.org) –eduroam database –trouble ticketing system (TTS) –mailing lists

14 Connect. Communicate. Collaborate Users vs. service elements Service elementsUser group End userInst. Level personnelFederation-level personnel Basic monitoring facilitiesYes Full monitoring and diagnostics facilities NoYes (limited to the information regarding the respective inst.) Yes Public access to the eduroam web site Yes Access to the internal eduroam web site NoYes (limited to the information regarding the respective inst.) Yes Public access to the eduroam database Yes Access to the all information in the eduroam database NoYes (limited to the information regarding the respective inst.) Yes TTSNoYes SA5/OT Mailing listsNo Yes Support from OTNo Yes

15 Connect. Communicate. Collaborate eduroam infrastructure

16 Connect. Communicate. Collaborate Monitoring: problem definition Monitor functionality of the eduroam infrastructure –servers –infrastructure –user experience It is not enough to know that host is accessible Ultimate goal is to test real users experience –(very) different workflows at RADIUS servers for Accept and Reject –perform both accept and reject logic tests

17 Connect. Communicate. Collaborate Monitoring: concept Monitoring client is RADIUS client capable of sending various types of RADIUS request (PAP, EAP, …) RADIUS Proxy Server is monitored server IdP RADIUS Server is the server that issues the response thus acting as loop-back server. Its function is to close the tunnel and create standard well format and specified response. This function might be realized on the monitored server (RADIUS proxy server)

18 Connect. Communicate. Collaborate Monitoring servers monitoring database monitoring client TLRS FLRS

19 Connect. Communicate. Collaborate Monitoring infrastructure monitoring database monitoring client TLRS(s) FLRS(s) TLRS(s) FLRS(s)

20 Connect. Communicate. Collaborate Testing on demand monitoring database monitoring client TLRS(s) realm B FLRS(s) realm A FLRS(s)

21 Connect. Communicate. Collaborate eduroam database The information stored in the eduroam database includes: –NRO representatives and respective contacts –Local-institutions (both SP and IdP) official contacts –Information about eduroam hot spots (SP location, technical info) –Monitoring information –Information about the usage of the service NROs: –should provide respective data (general and usage data) –in the defined XML format available at the specified URL address –should be accessible only from the eduroam database server

22 Connect. Communicate. Collaborate User support: problem escalation scenario (1) visited federation fed.-level admin. local institution admin. user home federation fed.-level admin. local institution admin. OT 1,2 3 4

23 Connect. Communicate. Collaborate User support: problem escalation scenario (2) visited federation fed.-level admin. local institution admin. user home federation fed.-level admin. local institution admin. OT 1,2 3 6 4a 5 4b 4

24 Connect. Communicate. Collaborate Implementation plan service definition & policy monitoring web site TTS eduroam database Sep07Jan08Dec07Mar08Feb08Apr08Aug08Feb09 M37M41M40M43M42M44M48M54

25 Connect. Communicate. Collaborate eduroam current status: connected to the TLRSs 33 countries 2 TLRSs

26 Connect. Communicate. Collaborate eduroam current status: monitored TLRS/FLRS monitoring service is in place will be publicly available via www.eduroam.org (end of April 2008)www.eduroam.org further development is planned

27 Connect. Communicate. Collaborate eduroam current status: demographics/user maps demographics info: –no of SPs, IdPs –location of SPs –usage –coverage –contacts user oriented maps based on eduroam database will be publicly available via www.eduroam.org (end of April 2008) www.eduroam.org further development is planned

28 Connect. Communicate. Collaborate http://www.eduroam.org


Download ppt "Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,"

Similar presentations


Ads by Google