Terena Mobility Taskforce update Klaas Wierenga SURFnet.

Slides:

Advertisements

Similar presentations

Inter WISP WLAN roaming

Advertisements

HOlistic Platform Design for Smart Buildings

1 European Research Networking Development Activities Karel Vietsch TERENA

Joining eduroam Wireless Roaming for Education and Research.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Lousy Introduction into SWITCHaai

Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,

Encrypting Wireless Data with VPN Techniques

Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,

Unisys Mobile CommHub – Inventing the Future Presented by: Edward Minyard, ITIL Partner Global Infrastructure Services.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.

URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.

IPv6 TF-NGN 8 Berlin, 2 nd July Agenda Review GTPv6 status D9.6 GEANT deliverable Presentations from participants –JOIN, RENATER, POZNAN 6NET –Outputs,

Southampton Open Wireless Network The Topology Talk.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

10 October 2003 Internet2 members meeting 1 An update on the work of JANET Wireless Advisory Group & The Terena Mobility Taskforce James Sankar UKERNA.

Copyright JNT Association 2006 The JANET Roaming Service.

The Nomadic Network Providing Secure, Scalable and Manageable Roaming, Remote and Wireless Data Services Josh Howlett & Nick Skelton Information Services,

5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.

EduRoam ESA workshop 17 December 2004 Utrecht.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.

Network Access and 802.1X Klaas Wierenga SURFnet

High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

WLAN Roaming for the European Scientific Community: Lessons Learned , June 9 th, 2004 Carsten Bormann Niels Pollem reporting on the work of TERENA.

TNC 2003 Wireless Campus project Coletta Elisa Marchioro -

High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005

Wbone: WLAN Roaming Based on Deep Security Zagreb, May 22 nd, 2003 Carsten Bormann Niels Pollem with a lot of help from TERENA TF Mobility.

EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004

WLAN Roaming for the European Scientific Community: Lessons Learned , June 9 th, 2004 Carsten Bormann Niels Pollem reporting on the work of TERENA.

Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet.

Flexible Network Access Overview. Flexible Access an Integral part of Universal Access Policy Universal Access to Campus IT Resources Managed LAN portsFlexible.

1 Terena Networking Conference 2003 Applying Radius-based Public Access Roaming in the Finnish University Network (FUNET) Sami Keski-Kasari Karri Huhtanen.

What about 802.1X? An overview of possibilities for safe access to fixed and wireless networks Amsterdam, October Erik Dobbelsteijn.

2007 © SWITCH TNC2007 Extending SWITCH Public Wireless LAN with EAP-SIM Kurt Baumann SWITCHmobile Project Leader

Wireless ambitions Frans Panken I2 Spring meeting 24 april 2012.

Connect communicate collaborate Campus Best Practices Gunnar Bøe, Section Manager, Campus Networks and Systems, UNINETT Skopje, 15 Sept

EduRoam Australia Project Experience in location independent wireless networking with international collaboration with TERENA EduRoam Project 19 th APAN.

AARNet Copyright 2010 Network Operations The eduroam project group

COMP 6005 An Introduction To Computing Session Four: Internetworking and the World Wide Web.

Altai Certification Training Backend Network Planning

Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.

Education roaming Secure Wireless Service for Research and Education.

VoIP in Disaster & Emergency Response Voice over IP in Disaster and Emergency Response Team Members: Muhammad Ali Mansoor A. Siddiqui Carlos Loarca de.

RIPE69 – MAT-WG – Wednesday, 5 November 2014 Brook Schofield, GÉANT Association eduroam: The Value of WLAN measurements for the R&E.

High-quality Internet for higher education and research Paul Dekkers April 4th, Turkey.

Michal Procházka, Jan Oppolzer CESNET.

A Practical Guide for Joining EduRoam EuroCAMP Torino A Practical Guide for Joining EduRoam 4 March 2005 Version 1.6.

Claudio Allocchio - VP Technical Programme TERENA GA - Zagreb May The TERENA 3-years strategy David Willians President Claudio Allocchio VP.

High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005

802.1X in SURFnet 22 May 2003.

TERENA TF-Mobility: Roaming for WLANs Tim Chown University of Southampton TF-Mobility WG & UKERNA Wireless Advisory Group.

EDUROAM Michael Helm ESnet/LBL 26 Mar EduroamTAGPMA 27 Mar What Is Eduroam? The Roaming Scholar vs the Restricted Wireless Network –I am in.

輔大資工所在職研一報告人：林煥銘學號： Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein, Junbiao.

Global Roaming in Next-Generation Networks Theodore B. Zahariadis, Konstantinos G. Vaxevanakis, Christos P. Tsantilas, and Nikolaos A. Zervos Ellemedia.

Doc.: IEEE /209r0 Submission 1 March GPP SA2Slide 1 3GPP System – WLAN Interworking Principles and Status From 3GPP SA2 Presented.

Connect. Communicate. Collaborate TERENA Networking Conference, 7 june 2005 Eduroam: past, present, and future.

Security for (Wireless) LANs 802.1X workshop 30 & 31 March 2004 Amsterdam.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.

6 June 2004TF-Mobility meeting 6 June TF-Mobility meeting Agenda TF-Mobility Meeting, June Welcome and Update on TF-Mobility to date Discussion.

Deploying Authorization Mechanisms for Federated Services in eduroam Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007.

19 May 2003 © The JNT Association Terena Technical Advisory Council Terena Mobility Task Force

6/12/2016 AEB/Yleisesittely WLAN roaming experiences using Shibboleth TNC 2004, Rhodes 7th of June, 2004 Mikael Linden, Viljo Viitanen,

10 Years of eduroam (from an idea to a product)

Welcome To : Group 1 VC Presentation

TF-Mobility update TF-EMC2, Barcelona 9 September 2005.

GN2 JRA5 Roaming and Authorisation Jürgen Rauschenbach, DFN-Verein

Presentation transcript:

Terena Mobility Taskforce update Klaas Wierenga SURFnet

2 Contents Page Background Current status Future plans Discussion

3 Background TF Mobility (Taskforce) officially began on January –The group has an 18 month lifetime. Aim: ”coordinating research and testing in Europe regarding real usage and scalability of mobility solutions inside the academic community”. Mobility solutions are defined as –a way to transfer authentication information between organisations so that a user from different organisation may gain wired or wireless access to 1) the visiting organisation’s network or 2) the visitor’s home network for home authentication and network access. Work Areas –Identify inter-NREN roaming requirements. –Evaluate current national roaming solutions. –Select inter-NREN solution and test. –Evaluate mobile equipment, technology and next generation mobile technology for handover and roaming (mobile IPv4 & v6).

4 Requirements definition Enable NREN users to use the Internet (WLAN and wired) everywhere in Europe with: –Minimal administrative overhead (per roaming user) –Good usability –Maintaining required security for all partners. –Scalable!

5 Web-based with RADIUS Internet Docking Network Access Control Device AAA Server WWW-browser RADIUS based Web interface authentication at the University of Tampere The Finnish are scaling their solution by using a hierarchy of RADIUS proxy servers for their national infrastructure

6 Intranet X Docking network Campus Network G-WiN VPN-Gateways DHCP, DNS, free Web Intranet X Docking network Campus Network G-WiN VPN-Gateways DHCP, DNS, free Web VPN SWITCHmobile – VPN solution deployed at 7 universities across Switzerland. Wbone – VPN roaming solution to 4 universities / colleges in state of Bremen. A "virtual campus" initiative in Lisbon, and been testing and developing a VPN & PKI infrastructure. PPPoE – University of Bristol

7 Cross-domain 802.1X with VLAN assignment RADIUS server Institution B RADIUS server Institution A Internet Central RADIUS Proxy server Authenticator (AP or switch) User DB Supplicant Guest Student VLAN Guest VLAN Employee VLAN Authentication at home institution, 802.1X, TTLS (SecureW2), (proxy) RADIUS. One time passwords are also transmitted via SMS to guest users. A RADIUS Hierarchy is proposed to scale this to a European wide solution.

8 Current status Documentation of national WLAN roaming solutions – complete Characteristics identified as –802.1X - “The future”, easy to scale, secure but cutting edge, thus expensive. –VPN - Widely available, expensive, secure & hard to scale. –Web based – cheap, widely available, easy to scale, but not secure. WLAN Product testing matrix – 1st draft completed Preliminary selection for inter-NREN roaming – in draft, conclusions are –No national solution meets all the requirements. –The group has chosen not to consider the following –Local VPN access. –PKI –An architecture that supports the various national solutions is needed, a three stream approach is recommended…

9 Future plans Resolve scaling and interoperability issues for 802.1x, VPN, web- based redirect, PPPoE) Consolidate findings into a trial report Build and scale a RADIUS proxy hierarchy for non-VPN AAA Conduct feasibility tests on creating an scalable VPN solution Subject to feasibility, build the proposed CASG solution Extend to VPN in parallel Work on software changes to PPPoE to facilitate roaming The testing of inter-NREN roaming solutions has already started !

10 Controlled Address Space for VPN Gateways Design and work plan documentation underway. Interoperability tests of VPN to RADIUS proxy hierarchy agreed. Further work to follow.

11 FCCN RADIUS Proxy servers connecting to a European level RADIUS proxy server University of Southampton Participation guidelines are being drafted Aim is to increase membership. Spain, Norway, Slovenia, Czech Republic & Greece have indicated their willingness to join. SURFnet FUNET (DFN) CARnet Radius proxy hierarchy

12 Thank you for your time Any questions ? Klaas Wierenga