eduroam deployment in Portugal Lus GuidoLino Santos Euro

eduroam deployment in Portugal Luís Guido/Lino Santos Euro. CAMP – Porto 9/Nov/2005 lguido@fccn. pt lino@fccn. pt

Agenda 4 4 4 Motivation Trial and studies Testbed Mobility service Timeline

Agenda Motivation 4 4 4 Motivation Trial and studies Testbed Mobility service Timeline

E-U Virtual Campus 4 Governmental program co-founded by EU 4 The e-U (Electronic University) project is based on a network of virtual campus, designed for the creation of online university services, the production and sharing of academic contents and the setting up of university communities http: //www. e-u. pt/

Context 4 e-Europe 2005 (Sevilha) § On-line learning services § Broadband connections to schools § Virtual Campus to all EU students § Requalification of knowledge society 4 Portuguese Information Society strategy § Ratio computers/students above EU average § Development of knowledge networks based on the Internet, in association with universities, laboratories, and technology companies § Deployment of an on-line scientific library (b-ON)

Action plan 4 Higher education institution applies for founding § § § Wireless networks E-Learning platforms Webization of administrative procedures 4 FCCN designated technical partner § Specify requirements § Identify one or more solutions to meet these requirements § Collaboration with vendors § Technical support § Installation compliance

Agenda Trial and studies 4 4 4 Motivation Trial and studies Testbed Mobility service Timeline

8 trial institutions 4 University of Aveiro 4 University of Oporto 4 Technical University of Lisbon 4 University of Coimbra 4 Catholic University 4 Polytechnic Institute of Portalegre 4 University of Minho 4 University of Trás-os-montes

Tests 4 Access points features 4 Web based login solution 4 802. 1 x (TLS, PEAP, TTLS) 4 Certificate based VPN access (thanks to UTL) 4 1 X Client testing 4 RADIUS proxying 4 Big decision – go for. 1 X

Collaboration 4 Attended meeting of TF- Mobility at Zagreb TNC 4 Joined 4 UTL ETLR in June 2003 publishes paper on VPN access plus PKI infrastructure solution

Oct/2003 RADIUS Proxy servers connecting to a European level RADIUS proxy server FUNET SURFnet University of Southampton Findings so far (1) A standard is required for username@realm (2) Clear text of authentication details between RADIUS servers can be overcome by using IPSec FCCN CARnet (DFN) • Participation guidelines are being drafted • Aim is to increase membership. Norway, Slovenia, Czech Republic & Greece have indicated their willingness to join. Credits: James Sankar

The e-U hotspot 4 Broadcasted SSID: guest-e-U § open / no authentication – works as an electronic flyer to provide information on how to connect § No access to the Internet 4 Roaming SSID: e-U § May not be broadcasted § 802. 1 X+WEP § Integrated with national / European authentication Infrastructure § Internet access

Agenda Testbed 4 4 4 Motivation Trial and studies Testbed Mobility service Timeline

Objectives 4 Assure interoperability 4 Meet technical requirements 4 Meet contractual requirements 4 Testbed description 4 Vendor applies 4 Test matrix 4 Cookbook published

Access Points 4 Cookbook available 4 Unsuccessful tests 4 3 COM Alcatel Cisco Enterasys HP 4 SMC PROXIM Colubris Gemtek Nortel 4 4 4 4

Authentication servers 4 Free. Radius 4 RADIATOR 4 IAS for W 2003 (thanks to U. Aveiro) 4 Cisco ACS

Other cookbooks 4 Roaming architecture 4 Guest network box § DHCP server, DNS server, Web server 4 Deployment best practices § Radio channels § IP address assignment § SSID definition § EAP flavours

Agenda Mobility service 4 4 4 Motivation Trial and studies Testbed Mobility service Timeline

4 Contract roamers § defined full internet access for Perception, better service 4 Security § NAT as a security service § Auditing 4 VPN access trough § L 2 TP, IPSec, PPTP 4 Infected devices § SMTP auth + SPF NAT boxes spreading SPAM

41 § § year of hard work! The rights and obligations for users, institutions and NREN The accounting and auditing model The NREN’s authority for the NTLR The minimum set of networking services for roamers 4 Every higher education institution had to sign an acceptable user policy § prior to compliance tests

Agenda Timeline 4 4 4 Motivation Trial and studies Testbed Mobility service Timeline

(1) 4 November and December 2002 § § 4 January, 28 th 2003 § § § 4 "Virtual Campus" public presentation Launch of the first experimental project Partnership protocol agreement February, 14 th 2003 § 4 First contacts with notebook's brands; ISP's; banks and IT companies Experimental projects chosen International Conference about WLAN's and Virtual Campus From March 2003 § Study of the possible standards to allow contents interchange between universities

(2) 4 April, 15 th 2003 § 4 April, 30 th 2003 § 4 § Study of technical solution for inter-campus mobility of users. National authentication platform Connected to ETLR (June) May thru September 2003 § 4 Deadline of applications to POSI (Information Society Operational Program) May thru August 2003 § 4 e-U marketing campaign presentation Applications evaluation August 2003 § Installation of testbed wireless to support project development

(3) 4 November 2003 § § Founding contract signed Starting of deployment 4 June 2004 § First hotspot 4 December 2004 § 4 March 2005 § 4 Establishment of content interoperability working groups (SCORM, platform evaluation, best practices for creating e-Learning content, copyright issues) e-U Acceptable user policy Since July § § Compliance tests 180 hotspots

Next steps 4 Security upgrade § WPA + TKIP/AES? 4 Update the e-U SSID configuration in all hotspots § Not all equipment have the possibility for 802. 1 X/WEP and WPA on the same SSID 4 Deploy the eduroam SSID § Wherever possible - some equipments allow a maximum of 2 SSID’s (already in use)

References 4 e-U main site http: //www. e-u. pt/ 4 FCCN e-U site http: //www. fccn. pt/index. php? module=pagemaste r&PAGE_user_op=view_page&PAGE_id=114&MM N_position=90: 4 4 eduroam sites http: //www. eduroam. org/ http: //www. eduroam. pt/ 4 TF-Mobility http: //www. terena. nl/tech/mobility/