Page tree
Skip to end of metadata
Go to start of metadata

Purpose

Following agreement between NRO and institution regarding eligibility, institutional understanding of roles and responsibilities (in particular the effort that institutions are required to devote initially and on an on-going basis), institutions commence their deployment.

The NRO configures the national RADIUS Server such that the authentication requests are proxied to/from only the NRO Test and Monitoring Server.

Summary

The Planning and Preparation stage involves:

  • Entering deployment data into the AdminTool
  • Configuring Wireless Infrastructure
  • Configuring RADIUS Servers
  • Providing network access
  • Creating an eduroam informational webpage
  • Training local IT Support staff on eduroam
  • Planning to use eduroam Ancillary Services (Monitoring, Metrics, Configuration Assistant Tool)
  • Readiness to undergo institutional eduroam auditing

Details

National eduroam AdminTool

During Step1, you learnt that it is your responsibility to maintain accurate information concerning your eduroam deployment via the eduroam AU AdminTool.

As you plan, prepare and deploy your eduroam infrastructure, you will be required to enter data into the eduroam AU AdminTool.

AARNet will use the data to configure your use of monitoring, metrics and device configuration services.

Your institutional participation summary information will be available via a public interface to the AdminTool. During your joining process, you will be clearly marked on that page as "Joining".

Basic Information to be populated into AdminTool:

  • Institutional
  • Contacts (technical, security, management)
  • Mail-list subscription
  • Campus locations (campuses where eduroam will be provided)

Having satisfied the prerequisites to participate in eduroam, and provided link to your AUP, existing wireless coverage, you will be required to configure your Wireless Infrastructure, RADIUS Server, and Network Service which delivers the eduroam service functionality of remote authentication of your traveling users and visitor access to your network by virtue of their remote authentication with their home institutions.

Institutional Wireless Infrastructure

Vendor/Name/Version

SSID: "eduroam"

Encryption: WPA2-Enterprise (IEEE 802.1x, AES)

eduroam hot spot overlap with other institution

Decision items: Coverage/campuses

Each campus will have different entry in AdminTool

AP's or WLANC (AP/WLANC addresses and secrets not shared via AdminTool, internal matter)

Institutional eduroam Coverage Map

You will be required to publish an eduroam Coverage Map on your institutional eduroam webpage

Local Realms

For each local realm:

  • Realm Name
  • Identity store realm users are authenticated against
  • Test account details

Institutional RADIUS Server(s)

For each hosted RADIUS Server

  • Vendor/Name/Version
  • Domain name
  • IP address
  • Ports for RADIUS authentication and accounting
  • NRS Secret
  • Friendly name (default, for NRO config)
  • Status-Server enabled
  • Logging performed
  • NRO TMS Trust configuration
  • For IdP role
    • Realms handled
  • For SP role
    • SP order/index (ordering in NRS config)
  • Monitored (this will happen anyway, no need to record?)
  • Black-listed realm rejection
  • Invalid username rejection
  • Accounting non-proxying configured
  • Attribute release
    • eduroam Technical Requirement compliant filtering (release only Required attributes)
    • release Chargeable-User-Identity (CUI)
    • release Operator-Name (ON)

Institutional Network Access

Information on network access provided to eduroam visitors

  • ISP
  • Protocols/fire-walling (see list of recommended protocols)
  • Application Proxy/Filtering
  • Capacity Restriction (rate-limiting, data quotas)
  • VLAN (separation from local corporate networks)
  • IP address allocation (number of addresses available)
  • DHCP & NAT
  • Logging of IP Address allocation against MAC address

Institutional eduroam Webpage

Refer to Website content checklist

Institutional IT Support Training

The NRO will confirm the following regarding local eduroam support:

  • eduroam support workflow advised to local IT support staff
  • eduroam training of local IT Support staff
  • training of institutional eduroam admin

Institutional use of eduroam Ancillary Services

The NRO will confirm institutional configuration and access ancillary services:

  • Monitoring
  • Metrics
  • Client device Configuration Assistant Tool

Institutional readiness for eduroam auditing

Following completion of above eduroam deployment items, advise the NRO via email of the institution's readiness for eduroam operability auditing.

 

  • No labels