Enhanced eduGAIN Support Service
- Introduction and background
This document describes how the Enhanced eduGAIN Support service will work. It accompanies an updated CBA, PID, Roadmap and Process Flow that together recommend taking the Enhanced eduGAIN Support Service into production
1.1 What the service aims to solve
Users of federation and inter-federation services can experience performance-affecting issues with which they need expert technical assistance. Prior to the work on this service, queries were raised to diffuse groups or mailing lists, lacking co-ordination or centralised oversight. This service provides a single point of contact for technical queries regarding eduGAIN for IDPs and SPs, or federations acting on their behalf. A team of experts working on a rota provide direct technical assistance, and where multiple parties are concerned, co-ordination between them.
1.2 The Design phase
An analysis of existing support organisations for similar services was undertaken in order to identify requirements of providing a helpdesk function; tools, procedures and organisational structures. A pilot design was created and presented to the GEANT PLM with the recommendation to enter into a pilot phase, which was approved on 1 st March 2017.
1.3 The Pilot phase
The pilot began shortly after the GEANT PLM gate approval. During this phase the service model was tested, along with the GEANT OTRS ticketing system. Results of the pilot are detailed in the CBA and support the recommendation to proceed to production service.
- Description of the Service
See section 2 of the CBA for details.
- Out of scope
- End user support. This is already provided by federations to campus’, and campus’ to end users.
- The helpdesk will not replace, but rather compliment, support provided by the eduGAIN Operational Team (OT) towards federations in exchanging their metadata.
- The helpdesk will not replace, but rather compliment, support provided by the federations towards SPs and IdPs registered in their federations.
- Proactively reaching out to communities who might benefit from eduGAIN but have not contacted anyone from eduGAIN. This is the responsibility of NA activities and/or eduGAIN product management.
- Inquiries whose solution would require major infrastructure changes will be registered and eventually be forwarded to business development at GEANT, but they won’t be realised as part of the Enhanced eduGAIN Support Service.
- Service Design principles
The aim of this service is to provide efficient support for eduGAIN related queries. A key design principle has been to build on existing federation and eduGAIN service models and enhance, rather than replace, existing support channels.
When asking basic questions, users will receive information about eduGAIN, links to existing documentation and tools. Questions involving different eduGAIN participants will be handled by supplying information to the participants about available tools and technologies to overcome the issues at hand. The helpdesk will take an end-to-end perspective trying to negotiate between different participants if necessary (e.g. attribute release at an IdP vs. attribute requirements of an SP) always involving the federations. The support aims at technical people with a good technical skills.
The helpdesk will maintain a list of supporting tools and services available to eduGAIN (current and prospective) participants. Queries from research communities, cloud providers, etc. about how to join eduGAIN will be followed up closely, in collaboration with eduGAIN Product Management, and these users will be supported through the whole process. Finally, queries concerning a particular entity only will be forwarded to the appropriate support desk, e.g. the relevant federation.
- Tools and staffing
A single email address for all queries ( firstname.lastname@example.org ) was established for the pilot and will continue to be used in production.
The main working tool for the Enhanced eduGAIN support team will be the GEANT OTRS ticketing system which carries zero cost. This was deployed during the pilot, tested and found fit-for-purpose. For further details, see section 2.1.3 of the CBA.
A slack channel was established during the pilot to share reminders of the support team rota and informal discussion amongst the support team to resolve queries quickly and efficiently. It is proposed to continue use of this tool in production.
To proactively identify and reduce eduGAIN metadata inconsistencies and problems, the team has been relying on the UK Access Management Federation (metadata) Import log  , which is public information. Its daily output is used to inform federation operators of affected entities about new issues and remind them to (often needs action from IdP/SP operators) correct existing issues.
During the pilot, a team of 5 experts worked on a weekly rotation. The amount of time spent on support was on average 2 hours per person per week. Various personnel changes have meant that three of these contributors are not available for the production service, however offers of cover have been received from experienced professionals. Moreover, the number of tickets received in the pilot was fewer than anticipated (see section 2.1.4 of the CBA), and in initial production is not expected to overload a smaller support team. The number of available experts at this time (3) to enter into a production service is therefore not an impediment.
The rota during the pilot was managed by the task’s Project Manager, Thomas Baerecke. It is proposed to continue with this model in the initial production service; Thomas being one of the experts on the rota, and then move to the rota being managed by the GEANT operators of the ticketing system.
Support will be available during normal European business hours.
- Handling of queries
Support will be divided into first and second level. First level provides fast replies to the most common issues with references to relevant documentation. Second level follows up on everything that is more complex and as a first step will use GEANT tools to analyse issues. As a last resort the second level support may contact volunteer federation operators from the GEANT community to provide wider knowledge and experience to resolve issues. Additionally, the federation community at-large may be addressed via the REFEDS and FOG mailing lists.
For a visualisation, see the Enhanced eduGAIN Support customer query process flow.
- SLA and OLA
The Service Level Agreement and Operational Level Agreement will be determined in full during the transition to production phase following the passing of the GEANT PLM production gate. SA2 will be closely involved in this, and it is proposed to use the eduroam SLA and OLA as guidance.
An indicative target is queries raised will be automatically recognised by the ticketing system immediately when the ticket is created. Assigning a ticket owner and providing 1 st level assistance will follow within 1 business day; 2 nd level queries that can be solved by the core team alone within 5 business days. Tickets that require the involvement of the wider community of federation operators should usually take no more than 10 business days to be resolved, however will not be subject to a formal SLA as these voluntary contributors cannot be beholden to an OLA.
- IPR and Data Protection considerations
There are no IPR/software implications in this service.
Data protection considerations are restricted to contact details of those making requests and can be managed by SA3’s systems logging.