Philippe Hanset ANYROAM LLC [email protected] Great Plains Network8/23/13.

Great Plains Network

Philippe HansetANYROAM LLC

[email protected]

8/23/13


eduroam is a NET+ Service

www.internet2.edu/netplus/eduroam/

www.eduroam.us

This work has received support from 8/23/13

http://www.internet2.edu/netplus/eduroam/




eduroam is provided by

8/23/13


eduroam is

• The ease of use of cellular for Wi-Fi(even internationally, users are not

charged)

• A bungee cord for WPA-2 enterprise

• An automatic guest-access provisioning tool

8/23/13


eduroam is not

• A replacement for your existing guest access– It is a complement to what you already have to

make your infrastructure compatible with others

• Your users can join eduroam when traveling

• You can welcome eduroam users on your campus

• A VPN to your home institution

8/23/13


Technology Overview

• eduroam is EAP insensitive (but requires a tunneled EAP-method like PEAP or EAP-TTLS

• Encryption– Initial authentication between device and home RADIUS– traffic between device and WLAN

• Great service for Identity Based Networking• Reminder: WPA-2 enterprise (AKA 802.1X) is a Layer

2 protocol

8/23/13


eduroam in the US

8/23/13


Let’s not forget

8/23/13


Growth in one year

8/23/13


eduroam Worldwide

8/23/13


Time consuming ?

• Connect your RADIUS to the eduroam federation– Shared Secret and IP address exchange– Create RADIUS rules– Exchange test credentials– Check Firewall(s)

• Create an SSID and assign a network (even your existing guest network)

• Inform your community about eduroam• Very little load on Help Desk8/23/13


How to join?

• www.eduroam.us, click on “Join eduroam-US” (left side bar)

• Welcome message– a more formal NET+ agreement is in the works

• Peering Process (to VA and to KS)

8/23/13

http://www.eduroam.us/


Policies

• No Web portal between authentication and Internet

• Users always contact Home Helpdesk first• 6 Months RADIUS logs retention• Handling of abuse– Block users (MAC, REALM, CUI)– DMCA complaints

8/23/13


Business Model

• Included in Membership fee for Internet2 members

• $500 initial setup coming soon (when NSF funding dries out)

• Yearly fee for non-members– ~10 cents per student per year– Large entities (school systems) model being discussed

8/23/13


Free eduroam tools

• eduroam companion for iOS and Android• eduroam CAT (802.1X installer)– http://cat.eduroam.org

• Coming up: As part of InCommon Certificate Service: InCert (www.internet2.edu/incert)

8/23/13

http://cat.eduroam.org/


eduroam Companion

8/23/13


eduroam Companion (cont.)

8/23/13


eduroam only (native) …

• Less Network Name (SSID) confusion• VLAN assignment done based on REALM

(e.g. @local.edu ≠ @remote.edu)• CAT tool for all of campus– Saves on Help Desk– Saves on existing installer cost

• Branding ? – 802.11u will make SSIDs irrelevant in a few years

8/23/13


Resources

• Administrator Guide at eduroam.us and also eduroam.org

• Internet2 discussion list for eduroam administrators: https://lists.internet2.edu/sympa/info/netplus-eduroam-admins

• TF-MNM (a TERENA resource)

• Our team will help you from A to Z8/23/13

https://lists.internet2.edu/sympa/info/netplus-eduroam-admins




Contact us…

[email protected]

8/23/13

Philippe Hanset ANYROAM LLC [email protected] Great Plains Network8/23/13.

Documents

great plains network

eduroam users

eduroam administrators

wlan great service

android eduroam cat

technology overview

join eduroamus left

existing guest network