Presentation is loading. Please wait.

Presentation is loading. Please wait.

Education roaming Secure Wireless Service for Research and Education.

Published byEarl May Modified over 8 years ago

Similar presentations

Presentation on theme: "Education roaming Secure Wireless Service for Research and Education."— Presentation transcript:

1 education roaming Secure Wireless Service for Research and Education

2 What is eduroam? 2 eduroam is a global wireless roaming network, based on: – WPA2 & 802.1X (network access control) – RADIUS (infrastructure to transport credentials) – Trust fabric (RADIUS hierarchy and policy) – No web splash screen portal or shared passwords Started in the TERENA Task Force “Mobility” eduroam = education roaming

3 Two (2) options explored …and rejected 3 Open WiFi + VPN – Route traffic back to your home organisation via VPN Benefit that “internet” traffic was from the home institution – Access Control is problematic You don’t really know who is using it (just that they have a VPN) Web Redirect – Popular at airports, cafés and hotels – No “over the air” security

4 What is wrong with this page? 4 Airport Portal Pop-up – Who runs it? – Can you trust it? – What do they need (vs want) to know about you? Is this run by a 16 year old on her laptop?

5 The solution: eduroam 5 Trust based on national policy Security based on 802.1X/RADIUS VLAN assignment to separate users RADIUS server University ABC RADIUS server University 123 Roaming Operator Central RADIUS Proxy server WiFi Access Point User DB Visitor VLAN Student VLAN Employee VLAN user@uniabc.aq data signaling

6 Where is eduroam? 6 eduroam Pilot :-(

7 …in the Eastern Partnership region 7 eduroam Pilot :-( Deployments – Belarus – Moldova – Azerbaijan – Armenia Needed – Ukraine – Georgia

8 Continual growth… 8 69 territories – 45 territories in Europe (wanting 4 more) – 9 territories in Asia (5 pilots in progress) – 2 territories in North America – 4 territories in Africa (5 pilot planned) – 8 territories in Latin America (3 pilots planned) – 1 territory in the Gulf States (3 pilot, more planned) 5000 locations, >1000 institutions WigleNet Crowd Sourced Access Point Stats – May 2012#27 – 0.108% - 70,561 – Sept 2012#23 – 0.116% - 88,135 – Nov 2012#22 – 0.112% - 97,127 – April 2014 #19 – 0.157% - 206,122 – 4 th in list of operators behind BT, SFR and Ziggo

9 Growth requires Governance 9 Global eduroam Governance Committee – Created in 2011 to provide a “voice” for all regions World-wide representation – Europe (3), Asia (2), North America (2), Latin America (2), Africa (2) – Created the “Compliance Statement” Signatories – Europe (1), Asia (9), North America (2), Latin America (8), Africa (4), Gulf (1)

10 eduroam Benefits 10 Builds on your existing campus wifi – Not new equipment – just new configuration Use eduroam @ home – Only 1 campus wifi network for all! No guest accounts – Helpdesk + identity verification is expensive Improved support services in development – Global improvements benefit your campus

11 eduroam Deployment Anti-Patterns 11 I need to know who accesses my network – Causes Loss of Control Evil People Use eduroam – You can still monitor usage and block individuals Country X doesn’t have eduroam – 69 countries now – 16 pilots My staff and students don’t go anywhere – You’ll be surprised what your students get up to!

12

13

14 eduroam in the future… 14 Ready for Hotspot 2.0, Next Generation Hotspot (NGH) and Wi-Fi Passpoint™ – Ready since 2003! – Support a wider range of roaming partners – Nothing is simpler than doing nothing! Mobile/Cellular industry adopting this approach – Public/Private Partnership Opportunities for Research and Education.

15 eduroam Companion 15

16 eduroam Companion 16 Also on Android Additional features – Heat maps – Twitter/Facebook

17 Why a configuration assistant tool? 17 Solve the user confusion problem – Institutional flexibility causes a documentation problem… …installation is the hardest part.

18 Why a configuration assistant tool? 18 Available EAP-Types http://deployingradius.com/documents/protocols/com patibility.html

19 Why a configuration assistant tool? 19 Institution choose Authentication Type – PEAP-MSCHAPv2 popular for Microsoft Platforms – TTLS-PAP popular for sites with encrypted LDAP – TTLS-* is only supported in Wi-Fi Passpoint Multiple Device Platforms – MacOS X and iOS devices (iPod, iPhone, iPad) – Microsoft Windows – Android Phone and Tablets – Other laptops/phones/tablets less popular (but need support) and new devices appear…

20 How do I join eduroam? 20 Set up a RADIUS server at your campus that… – Authenticates your own users FreeRADIUS http://freeradius.org/ or Microsoft NPShttp://freeradius.org/ – Adds WPA2-Enterprise to your wireless network – Proxies guest users’ requests to your roaming operator (and on to international infrastructure) Connect to your federation RADIUS server managed by your Roaming Operator Promote eduroam to your users

21 eduroam & Eastern Partnership 21 Pilot – Server Infrastructure Supported by Cloud Hosting (or your own Roaming Operator) – Connected to the World Wide Roaming Infrastructure Interest – Who’s interested? Future – Precursor to future Federated Identity Systems

22 eduroam Infrastructure 22 WiFi Access Points, a RADIUS Server and a user database for sites. RADIUS proxy for Federation Level RADIUS RADIUS server University ABC RADIUS server University 123 Roaming Operator Central RADIUS Proxy server WiFi Access Point User DB Visitor VLAN Student VLAN Employee VLAN user@uniabc.aq

23 Brook Schofield schofield@terena.org

Download ppt "Education roaming Secure Wireless Service for Research and Education."

Similar presentations

Joining eduroam Wireless Roaming for Education and Research.

Joining eduroam Wireless Roaming for Education and Research.
Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,

Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,
Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.
Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,

Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,
Speaker Name, Title Windows 8 Pro: For Small Business.

Speaker Name, Title Windows 8 Pro: For Small Business.
McAfee One Time Password

McAfee One Time Password
Terena Mobility Taskforce update Klaas Wierenga SURFnet.

Terena Mobility Taskforce update Klaas Wierenga SURFnet.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
Building Mobile Apps in the Cloud – Comparing Approaches.

Building Mobile Apps in the Cloud – Comparing Approaches.
TF Mobility Group 22nd September 20031 A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
Europe Latin America Collaborative e ‑ Infrastructure for Research Activities A Model for Federated Services Brook Schofield, TERENA ● Sofia, Bulgaria.

Europe Latin America Collaborative e ‑ Infrastructure for Research Activities A Model for Federated Services Brook Schofield, TERENA ● Sofia, Bulgaria.
Philippe Hanset ANYROAM LLC

Philippe Hanset ANYROAM LLC
Www.ja.net/roaming Copyright JNT Association 2006 The JANET Roaming Service.

Copyright JNT Association 2006 The JANET Roaming Service.
Fòmasyon Itilizatè Ayiti Office 365 Fòmasyon. Why the Change? Partners in Health's new hosted Microsoft Office 365 solution allows users to access their.

Fòmasyon Itilizatè Ayiti Office 365 Fòmasyon. Why the Change? Partners in Health's new hosted Microsoft Office 365 solution allows users to access their.
Wireless and Switch Security NETS David Mitchell.

Wireless and Switch Security NETS David Mitchell.
EduRoam ESA workshop 17 December 2004 Utrecht.

EduRoam ESA workshop 17 December 2004 Utrecht.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.
High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005

High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005
Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet.

Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet.

Similar presentations

Ads by Google