Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright The JNT Association 2010TNC 20101 Mark O’Leary June 2010.

Published byHarmony Peart Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright The JNT Association 2010TNC 20101 Mark O’Leary June 2010."— Presentation transcript:

1 Copyright The JNT Association 2010TNC 20101 Mark O’Leary June 2010

2 Copyright The JNT Association 2010TNC 20102 Free effort? Visualising eduroam Transition to RadSec Restoring visualisation: IF-MAP Trivial solution?

3 Copyright The JNT Association 2010TNC 20103 An NREN’s primary role is delivery of the network But we do try to be members of the broader educational community Arguably, there is a ‘social responsibility’ obligation on us to provide opportunities for student engagement with our activities

4 Copyright The JNT Association 2010TNC 20104 University IT courses increasingly use ‘real-world’ project activities to provide students with experience –The University of Southampton runs a five week ‘Group Design Project’ for MSc students each year –JANET(UK) ‘plays the customer’ for a GDP team –3 rd year of collaboration

5 Copyright The JNT Association 2010TNC 20105 We specify an achievable task with a programming component The students do the work, and communicate their ongoing management of the project We provide feedback that contributes towards their assessment Valuable learning experience and useful deliverables: win-win!

6 Copyright The JNT Association 2010TNC 20106 GDP 08/09 Wireless Location Awareness

7 Copyright The JNT Association 2010TNC 20107 GDP 09/10 Visualising eduroam Thanks to: –Sam Miller –Dan Stoner –Richard Clarke –Lesley Oakey –Dr Tim Chown

8 Copyright The JNT Association 2010TNC 20108 GDP 10/11 Another eduroam-related project Watch this space!

9 Copyright The JNT Association 2010TNC 20109 “A picture is worth a thousand words” The pattern of eduroam transactions is complex –difficult to spot even broad trends Is eduroam successful? –A fundamental question. –possibly more of a talking point in the UK than elsewhere?

10 Copyright The JNT Association 2010TNC 201010 Analytical –Usage patterns & levels Diagnostic –Error conditions highlighted, geographically located Promotional Tool –Compelling picture of usage –Unattended demo mode

11 Copyright The JNT Association 2010TNC 201011 Privacy protection: don’t display data that allows an individual users travels to be inferred. –Blurring: temporal aggregation –Blurring: image manipulation techniques –Authorisation: role-based data release policies

12 Copyright The JNT Association 2010TNC 201012

13 Copyright The JNT Association 2010TNC 201013 Roaming sites ‘Flight map’ transaction arcs Bar chart activity monitoring

14 Copyright The JNT Association 2010TNC 201014

15 Copyright The JNT Association 2010TNC 201015

16 Copyright The JNT Association 2010TNC 201016

17 Copyright The JNT Association 2010TNC 201017

18 Copyright The JNT Association 2010TNC 201018

19 Copyright The JNT Association 2010TNC 201019

20 Copyright The JNT Association 2010TNC 201020 Current eduroam design is based on binary peering, so the originator of requests to be proxied at the national level is always obvious. However, standard RADIUS ‘shared secret’ security is considered by some to be imperfect

21 Copyright The JNT Association 2010TNC 201021 “RADIUS over TCP/TLS” – advanced standardisation, split into multiple documents Secures the RADIUS packet exchange, but removes any hints to the origin of the roaming transaction! Monitoring and visualisation will be increasingly undermined as RadSec adoption increases

22 Copyright The JNT Association 2010TNC 201022 MAP = Metadata Access Point Developed by the Trusted Computing Group (TCG), as part of the Trusted Network Connect (TNC) suite of standards

23 Copyright The JNT Association 2010TNC 201023 Standardises the kind of data gathering we currently use SNMP and Syslog for Aggregates and correlates data from disparate systems Allows arbitary extensions to support new use cases without the limitations of a global schema Allows ‘subscription’: automatic notification of changes Simple to implement!

24 Copyright The JNT Association 2010TNC 201024 IF-MAP was designed for use cases internal to the network domain –Primarily for ‘next generation’ NAC What if we adapted it to allow inter- domain sharing of metadata?

25 Copyright The JNT Association 2010TNC 201025 RadSec RadSec undermines centralised logging of originating visited Metrics Service metric unreliable! Logging Restore logging by publishing (anonymised?) roaming events to an externally-readable MAP instance. Subscription Central IF-MAP at the core subscribes to all exposed MAP data; aggregation/visualisation Restored Monitoring restored!

26 Copyright The JNT Association 2010TNC 201026 RadSec RadSec undermines centralised logging of originating visited Metrics Service metric unreliable! Logging Restore logging by publishing (anonymised?) roaming events to an externally-readable MAP instance Subscription Central IF-MAP at the core subscribes to all exposed MAP data; aggregation/visualisation Restored Monitoring restored!

27 Copyright The JNT Association 2010TNC 201027 1.Enable RADIUS proxies to log directly to an IF-MAP instance a)Directly modify one or more RADII? b)PERL module or similar to allow arbitrary logs (and services) to be tailed into IF-MAP 2.Secure a MAP instance such that it may be exposed outside the organisation firewall a)Authentication/Authorisation – Federation? b)Improved server security model

28 Copyright The JNT Association 2010TNC 201028 “Tri via” – the meeting of three roads Traditional site for placement of community noticeboards ~100 A.D. So, if we are doing this for eduroam... Does collecting a lot of ‘trivial’ local data give a more valuable emergent picture of larger scale features?

29 Copyright The JNT Association 2010TNC 201029 Many classes of metadata are of interest between community members –Domain ‘network weather’ –Shared intelligence (IDS etc.) Some classes of metadata could usefully be aggregated at the JANET core –JRS/eduroam stats is just one example...

30 Copyright The JNT Association 2010TNC 201030 Are there any questions? Mark.O’Leary@ja.net

Download ppt "Copyright The JNT Association 2010TNC 20101 Mark O’Leary June 2010."

Similar presentations

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.
Key Multi-domain GÉANT Network Services June 2011.

Key Multi-domain GÉANT Network Services June 2011.
Intro. Website Purposes  Provide templates and resources for developing early childhood interagency agreements and collaborative procedures among multiple.

Intro. Website Purposes  Provide templates and resources for developing early childhood interagency agreements and collaborative procedures among multiple.
Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,

Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,
Www.ja.net/roaming Copyright JNT Association 2006 The JANET Roaming Service.

Copyright JNT Association 2006 The JANET Roaming Service.
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
An Overview. BizLink BizLink is a Social Networking platform for business. It allows colleagues to come together, ask questions, share resources, form.

An Overview. BizLink BizLink is a Social Networking platform for business. It allows colleagues to come together, ask questions, share resources, form.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Virtual Collaboration with SharePoint Instructor: Michael Curry.

Virtual Collaboration with SharePoint Instructor: Michael Curry.
QAD Business Intelligence CAUG October 10, 2011 Bill Wermes QAD California User Group.

QAD Business Intelligence CAUG October 10, 2011 Bill Wermes QAD California User Group.
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Sebastian Smith ○ Lance Hutchinson ○ Ben Damonte ○ Jennifer Knowles ○ Dr. Monica Nicolescu ○ Dr. Sergiu Dascalu Department of Computer Science and Engineering,

Sebastian Smith ○ Lance Hutchinson ○ Ben Damonte ○ Jennifer Knowles ○ Dr. Monica Nicolescu ○ Dr. Sergiu Dascalu Department of Computer Science and Engineering,
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Wireless LAN Topology Visualiser Project Supervisor: Dr Arkady Zaslavsky Project Team Members: Jignesh Rambhia Robert Mark Bram Tejas Magia.

Wireless LAN Topology Visualiser Project Supervisor: Dr Arkady Zaslavsky Project Team Members: Jignesh Rambhia Robert Mark Bram Tejas Magia.
The Web is perhaps the single largest data source in the world. Due to the heterogeneity and lack of structure, mining and integration are challenging.

The Web is perhaps the single largest data source in the world. Due to the heterogeneity and lack of structure, mining and integration are challenging.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 August 15th, 2012 BP & IA Team.

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 August 15th, 2012 BP & IA Team.
Chapter 17: Watching Your System BAI617. Chapter Topics Working With Event Viewer Performance Monitor Resource Monitor.

Chapter 17: Watching Your System BAI617. Chapter Topics Working With Event Viewer Performance Monitor Resource Monitor.

Similar presentations

Ads by Google