Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Roaming for Higher Education and Research

Published byElfrieda Phelps Modified over 9 years ago

Similar presentations

Presentation on theme: "Wireless Roaming for Higher Education and Research"— Presentation transcript:

1 Wireless Roaming for Higher Education and Research
Joining eduroam Wireless Roaming for Higher Education and Research EuroCAMP ver 2.7

2 Global working Group

3 Global Working Group A Global Working Group has been setup.
There is an open list to share The first meeting was at EuroCAMP 2005 The second meeting was held after the I2 members meeting. The third meeting was yesterday We have a conference call when required.

4 Global Working Group What are we doing.
Working on standards and systems for safe roaming internationally. eduroam NG (next generation). Peering policies and frameworks. There are representatives from Europe, USA and ASIA PAC

5 Global Working Group Current eduroam environment
Hierarchy of radius proxies shared key security Manual configuration of all links

6 Global Working Group Future eduroam environment Radius discovery
PKI secured links Via radiator, diameter or FreeRADIUS versions Possible SHIB attribute passing.

7 Future direction and update
The APAN Region Future direction and update

8 What is eduroam’s core requirement?
eduroam allows roving researchers to log-in, with their usual “user name/password”, to wireless networks at participating campuses around the world and transparently get access to resources. This is the mission statement This is what we needs to be delivered

9 Eduroam in APAN Region Federated Interest in Australia Taiwan Japan
17 sites Taiwan 51 sites Interest in Japan China Korea New Zealand AU University in Vietnam

10 National Science and Technology Program for Telecommunications
Global Cross-Campus WLAN Roaming based on Distributed Authentication Mechanism Project Members: Yung-Chi Yang Ko-Chung Tang Wei-Hung Huang Wei-Wen Chen

11 Roaming Platform Participants
(Updated at ) National Taiwan University National Cheng-chi University National Chiao-Tung University National Tsing-Hua University National Central University National Cheng-Kung University National Chi-Nan University National Chung-Hsing University National Dong Hwa University National Taipei University National Yang-Ming University National Taiwan Normal University National Chung-Cheng University National Taiwan Ocean University National United University National Hsinchu University of Education National University of Tainan National University of Kaohsiung National Ilan University National Taitung University National Taiwan University of Science and Technology National Yunlin University of Science and Technology National Kaohsiung First University of Science and Technology Northern Taiwan Institute of Science and Technology Taipei Medical University Tamkang University Feng Chia University I-Shou University Soochou University Wufeng Institute of Technology Vanung University Huafan University Kaohsiung Medical University Ming Chuan University Providence University Da-Yeh University Shih Hsin University Yuan Ze University Chung Hua University Chinese Culture University Hsiuping Institute of Technology Ling Tung University Lunghwa University of Science and Technology Takming College Jin Wen Institute of Technology Fooyin University Tatung University Mingdao University St. John’s University Yuanpei Institute of Science and Technology Tunghai University Can roaming between 51 universities in Taiwan. And over 500,000 user accounts are being served.

12 WLAN Roaming Architecture

13 Roaming Server – Software Architecture
RADIUS Server (in campus) VPN TUNNEL Roaming Center (NCHC) Roaming Server (Linux Red Hat/Fedora) Firewall OpenVPND RADIUS Server with Proxy ( FreeRadius, SNMP enabled ) The “FreeRADIUS” implements the RADIUS protocol and uses the RADIUS-Proxy to communication with Roaming Center. The “Firewall” controls the access right to Roaming Server. The “OpenVPND” builds the secure tunnel between Roaming Server and Roaming Center. Roaming Center uses the “SNMP” to monitor the status of Roaming Server.

14 Eduroam in APAN Region Top Level servers Server 1 Server 2 Australia
coming on-line soon Server 2 Looking for a home.

15 Eduroam in APAN Region This will be run as a service. Which means
(in this region) Which means Security Education Monitoring Granular Control Policies Service Levels IPv6

16 What does Security mean?
Minimum standards 802.1x WPA TKIP on AP’s EAP TTLS Auth Why The security level of this service is only as strong as the weakest site. Wavers will be available for fixed times.

17 What does Security mean?
Future standards 802.11i WPA2 AES on AP’s EAP SAML ? The next wave of magic Integration with Shib A-Select Or Other

18 What does Security mean?
Why not web redirect We don’t share our password with others (Not Secure ) Why not VPN Which VPN ? ACL / XML lists of how long (1006 sites x 2 VPN x 16 firewall rules = lines) (not Scalable)

19 What does Security mean?
Why WPA TKIP Open all traffic is clear. WEP is hacked (all traffic is clear). WPA and TKIP is in most AP’s now a good level of security. Why EAP-TTLS Secure PAP password exchange Many supplicants are available. 802.1x is worth the pain.

20 What does Education mean?
Training Support Debugging Site Visits Skills can be imported

21 What does Monitoring mean?
Servers What’s up? What’s down? What’s the impact? Who to contact? (this is only half the story)

22 What does Monitoring mean?
Service Is Auth up? Is Auth down? (where) What’s the impact? Who to contact? Must be end to end. I like to know this before the clients

23 What does Granular Control mean?
How do we identify. How do we suspend access. How can a client obtain their roaming data. This will empower users and providers

24 What does Policies mean?
Policies support and protect. The service The provider The client The Australian Policy is complete. (Ratification is in its final stages) This work has been completed by James Sankar of AARNet

25 What does Service Levels mean?
As a service We need to define the service. We need to set response times. We need to supply a level of service to our clients.

26 What does IPv6 mean? IPv6 is fundamental in this region.
All eduroam type services need to work on v6. (not all sites but the service) We will be looking closely at v6 mobility. And also IPsec for secure roaming.

27 What You Need to play

28 International eduroam portals

29 Local NREN eduroam Portal.
Elements of a portal Local information Services Participants Policies Technology International links Information for roaming Mail lists How to contact Groups

30 Local NREN eduroam Portal.
Data Mining Who’s interested. Where are they from. Are you hitting your targets

31 Local NREN eduroam Portal.
Did any one read the news release Put links in your news release (this helps) How can I exploit this information

32 Local NREN eduroam Portal.
Feed Back and help. Feed back is important. for the program. for the NREN. for the Institute. For the user. Use detailed user guides on portal Put in links to the WIKI forum. The user that can help themselves don’t call.  WIKI forum page

33 Team Requirements Its not about the technology that’s easy.
What people are required for EduRoam The wireless people Basic wireless administration skills. The directory people Average Radius administrative skills. The security people. Average firewall/ACL skills The desktop support. Basic to Average skills Its not about the technology that’s easy.

34 Team Requirements Its all about the People.
What the people require from EduRoam Trust. Policy. Reactive, collaborative, community. For the NREN. See people Its all about the People.

35 Local Wireless Implementation
802.1x Tools SecureW2 Alfa & Ariss SecureW2 for Windows platforms is the cost effective and most robust client solution for deploying 802.1X networks. The SecureW2 Client enables EAP-TTLS using the standard Microsoft IEEE 802.1X Client currently available for Windows 2000, Windows XP and Pocket PC 2003. Now open source

36 Local Wireless Implementation
Cisco 1200 Series Access Point setup for EduRoam Under Security, Encryption Manager. Select VLAN in drop down box under Set Encryption Mode and Key for VLAN. Select Cipher in Encryption Modes. Select TKIP in Cipher drop down box. Clear Encryption keys. Select Encryption key 2.

37 Local Wireless Implementation
Under Security, SSID Manager. Select eduroam SSID. Under Authentication Settings, Methods Accepted. Select open Authentication with EAP in the drop box. Select Network EAP. Under Authentication Settings, Server Properties. Select Customize. Under Priority 1 select your RADIUS servers address.

38 Radius Implementation
Create National radius server. Federate to international server. Good service selling point. Create institutional Radius services. Create test accounts. On all sites Radius Tools Free RADIUS - A most excellent free radius server

39 Radius Implementation
Deliver cookie cuts. (AUS example) config for end user to connect to national server realm DEFAULT { type = radius authhost = :1812 accthost = :1813 secret = XXXXXXXXXXXX nostrip } client { shortname = national-au-eduroam1 secret = XXXXXXXXXX

40 Layer 8 Layer 8 Can be your friend. They want the service.
They can see the business drivers. Will divert resources to the project. Can be your enemy. They Can have unrealistic expectations. The work policy triggers lawyers. Lawyer means money and long documents.

41 Layer 8 Know your Landscape What is out there.
What does the community want. Can you meet there requirements. Can you control expectation. Can you deliver the service. Were can you go for help

42 eduroam Links eduroam AU Site http://www.eduroam.edu.au
APAN eduroam Site Eduroam Global Working Group Global working group list Enquiries

43 Joining eduroam Thankyou Please Join eduroam http://www.eduroam.org
Acknowledgments Surfnet, TF Mobility TERENA,UNI-C & AARNet TECH Policy

Download ppt "Wireless Roaming for Higher Education and Research"

Similar presentations

Inter WISP WLAN roaming

Inter WISP WLAN roaming
Joining eduroam Wireless Roaming for Education and Research.

Joining eduroam Wireless Roaming for Education and Research.
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
Terena Mobility Taskforce update Klaas Wierenga SURFnet.

Terena Mobility Taskforce update Klaas Wierenga SURFnet.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Www.sown.org.uk Southampton Open Wireless Network The Topology Talk.

Southampton Open Wireless Network The Topology Talk.
TF Mobility Group 22nd September 20031 A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
Philippe Hanset ANYROAM LLC

Philippe Hanset ANYROAM LLC
EduRoam ESA workshop 17 December 2004 Utrecht.

EduRoam ESA workshop 17 December 2004 Utrecht.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Connect communicate collaborate RADIUS and WLAN Infrastructure Monitoring Jovana Palibrk, AMRES NA3 T2, Sofia, 19.06.2014.

Connect communicate collaborate RADIUS and WLAN Infrastructure Monitoring Jovana Palibrk, AMRES NA3 T2, Sofia,
High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.
High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005

High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005
EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004

EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet.

Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols

Similar presentations

Ads by Google