Self-Service Diagnostics and eduroam as-a-service

Similar documents
eduroam Managed IdP Product Presentation

1.3 More information about eduroam is available at the relevant eduroam Service Provider (ESP) website detailed in Schedule 1 of this document.

EAPlab the ultimate EAP testing facility developed within the SENSE project

ilight/gigapop eduroam Discussion Campus Network Engineering

eduroam Web Interface User Guide

Introduction to eduroam

APAN 25 Middleware Session, Hawaii Jan.24, 2008 Japanese University PKI (UPKI) Update and Shibboleth using PKI authentication

Eduroam CAT. Stefan Winter, RESTENA TF-Mobility, Internetland, 30 june connect communicate collaborate

eduroam(uk) Service Provider Assurance Tool User Guide for Sys Admins Introduction Using the tool

Wi-Fi CPE Configuration Manual. indoor - WiFi WIXFBR-105 WIXFBR-105

Your wireless network

Guide to Configuring eduroam Using the Aruba Wireless Controller and ClearPass RADIUS

Introduction to eduroam

Support Device Access

How to connect your device using eduroam

Microsoft NPS Configuration Guide

CONFIGURATION MANUAL. English version

VOCOM II. WLAN Instructions. VOCOM II Tough

jamf Nation - London Roadshow

Cisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps

Wireless-N. User Guide. USB Network Adapter WUSB300N WIRELESS. Model No.

MCSA Office 365 Bootcamp

Integration Guide. Eduroam

Connect to eduroam WiFi

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Support Device Access

RUCKUS CLOUD WI-FI Cloud Managed Wi-Fi

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

MOC 6421B: Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure

IBM FlashSystem 720 & FlashSystem 820 Remote Support Overview

Diamond Moonshot Pilot Participation

Network Security: WLAN Mobility. Tuomas Aura CS-E4300 Network security Aalto University, Autumn 2017

cnpilot Indoor e400 Gigabit Wi-Fi: ac dual band 2x2 Indoor access point

Unleashed & Cloud Wi-Fi Updates

Vendor: Cisco. Exam Code: Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0. Version: Demo

Quick Setup Guide. for Standalone Omada Access Points. EAP110 / EAP115 / EAP225 / EAP245 / EAP320 / EAP330 / EAP115-Wall

What Is Wireless Setup

Sustainability in Federated Identity Services - Global and Local

Guest Access User Interface Reference

How to connect to Wi-Fi

The StrideLinx Remote Access Solution comprises the StrideLinx router, web-based platform, and VPN client.

Configuring FlexConnect Groups

TestsDumps. Latest Test Dumps for IT Exam Certification

VMware AirWatch tvos Platform Guide Deploying and managing tvos devices

Creating Wireless Networks

LANCOM Management Cloud

ipass Open Mobile for Mac User Guide

Policy Management and Inter-domain Mobility for eduroam through virtual Access Points (vaps)

CPE Configuration User Manual (Wi-Fi/ Indoor)

SUB-TITLE WLAN Management-as-a-Service

VMware Workspace ONE UEM Apple tvos Device Management. VMware Workspace ONE UEM 1811 VMware AirWatch

Forescout. eyeextend for MobileIron. Configuration Guide. Version 1.9

A company built on security

CUA-854 Wireless-G Long Range USB Adapter with Antenna. User s Guide

COPYRIGHTED MATERIAL. Index

Technical Training Guide for SimplicityTouch IFP Model Numbers Covered: 70 ST-700, Generation 2 (802.11ac)

Chapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]

1.0 Basic RF Characteristics (15%) 1.1 Describe RF signal characteristics Frequency Amplitude Phase 1.1.

System Requirements. Network Administrator Guide

ENHANCING PUBLIC WIFI SECURITY

Wireless-N Business Notebook Adapter

ipass Open Mobile 2.10.x for Android Quick Start Guide

GHz g. Wireless A+G. User Guide. Notebook Adapter. Dual-Band. Dual-Band WPC55AG a. A Division of Cisco Systems, Inc.

Forescout. eyeextend for VMware AirWatch. Configuration Guide. Version 1.9

August 2015 Aruba Central Getting Started Guide

Rhodes University Wireless Network

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

The Cosy 131 User Guide USER MANUAL

VMware AirWatch Integration with SecureAuth PKI Guide

DCCKI Interface Design Specification. and. DCCKI Repository Interface Design Specification

COPYRIGHTED MATERIAL. Contents

Cisco Universal Wi-Fi Solution 7.0

Extending Services with Federated Identity Management

Barracuda Firewall Release Notes 6.6.X

Wi-Fi Troubleshooting Guide

Troubleshooting Microsoft Windows XP-based Wireless Networks in the Small Office or Home Office

Eduroam wireless network - Mac OSX 10.5 Leopard

Securing Wireless LANs with Certificate Services

Networks & Data Centres

Cisco EXAM Implementing Cisco Unified Wireless Networking Essentials (IUWNE) Buy Full Product.

ipass Open Mobile 3.0.x for Android Quick Start Guide

ipass Open Mobile 3.1.x for Android Quick Start Guide

Wi-Fi Troubleshooting Student IT

ISE Primer.

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

AmbiCom WL11-SD Wireless LAN SD Card. User Manual

Configure Easy Wireless Setup ISE 2.2

CCIE Wireless v3 Lab Video Series 1 Table of Contents

Forescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2

New Windows build with WLAN access

Identity Based Network Access

Forescout. Configuration Guide. Version 4.4

Enabling and Managing Office 365

Integration Guide. SecureAuth

Network Administrator s Guide

Manually Enable Wireless Windows 7 Network Connection 2 Missing

Project Plan EZProxy

Course Outline. Enabling and Managing Office 365 Course 20347A: 5 days Instructor Led

PKI is Alive and Well: The Symantec Managed PKI Service

Transcription:

Self-Service Diagnostics and eduroam as-a-service To boldly roam how we never roamed before Stefan Winter <stefan.winter@restena.lu> Tomasz Wolniewicz <twoln@umk.pl>

Outline Background of eduroam supporting services User self-service support Admin self-service support eduroam-as-a-service 2

eduroam Operations Support Services - Background eduroam is what you define it to be a RADIUS backbone; for almost a decade, this was the canonical def if that one worked, eduroam was okay a consortium; true, but meaningless for the end user a service; but then just quietly running a RADIUS server is not enough! A franchise brand: whoa, this means you can permanently damage yourself by delivering sub-par performance 3

eduroam Operations Support Services eduroam Operations Support Services (OSS) augment the technical RADIUS core extend throughout the infrastructure reach out to all parties OSS currently provides Common authentication platform for web-based support services ( eduroam SP proxy ) Monitoring infrastructure Operations Database Usage statistics User Onboarding 4

eduroam Operations Support Services Missing Elements Brand damage may be prevented if Good explanation for any dis-service Quick remedy! Gaps still exist! OSS does not currently provide Troubleshooting capabilities Efficient communication channels Example at this TNC (int'l routing problem): User eduroam OT 24h; User SP 26h (OBE) 5

User self-service support Goal: one-stop shop to go to if things don't work Identify source of problem Suggest remedies Enable to get in touch with pertinent personnel (yes, out-of-band) User Support procedure in European service definition is a manual process Create an expert system: automate as much as possible, by using real-time operations data to assist in fault-finding As little and gentle interaction with user as possible 6

Just one question... What is your Identity Provider (realm/from list)? enough to conduct infrastructure reachability tests for that realm it's NRO top-level servers Augmented with monitoring information available at all times GeoIP info from user's request: enough to identify the country they are having problems in Remains only the last mile gap: in case of SP problems how to identify the SP? 7

The Diagnostic Philharmony (M) direct (M) direct (M) int'l check (C) eduroam CAT realm check (M) country-to-country check IdP IdP NRO ETLR SP NRO SP User Device (X) hotspot probes (X) 8

Diagnosis Deterministic answer for Problem location IdP IdP-NRO ETLR SP-NRO or further downstream Need two additional elements to provider better answers Hotspot probes to isolate SP-NRO vs. SP WIP User device info to isolate local Wi-Fi issues (e.g. no DHCP) later... 9

Admin self-service In large parts, by-product from fault-finding Relevant admins will always be notified by diagnostic expert system Additionally, create communication platform to assist resolving common issues: e.g. breach of AUPs: SP needs to contact IdP with outer ID, timestamp, MAC address of user, to request sanctions (we don't really know what else are common issues) web form for admins is probably a good start (recipient details hidden where indicated) 10

eduroam as-a-service Q: What if a person can not become an eduroam user in the first place, because IdP not capable to run RADIUS server? A: We should be their RADIUS server! 11

eduroam as-a-service Multi-tenant platform which outsources IdP/SP RADIUS operation to Operations Team/NRO Well-shepherded, implementing a role-model server with all bells and whistles from the eduroam spec Responsibility for account management stays within the organisation For small organisations only! Hard limit number of active user accounts (200?) Limits subject to discussion 12

The Silver Bullet IdP Passwords, passwords, passwords must be funny in a TLS world. (ABBA would be turning in their graves if they were dead) Dedicated CA for user accounts Issuing pseudonymous certificates RADIUS server for EAP-TLS Web UI for admin: add/delete/revoke Web UI for user: install eduroam settings (incl. cert) Issuance via invitation link and one-time activation code By integration into eduroam CAT, the fact that there is a certificate being installed becomes entirely transparent: no extra effort 13

Conclusions Two new elements that hopefully make eduroam even greater than it already is Coming soon to a reality near you Pilots scheduled for Jan 17 and Aug 17 respectively Open world-wide! Thank You! 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback