You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

This page contains service description outlining how and where service should be used, targeted users, service delivery model and service elements and topology.

RESPONSIBLE: Information provided in this page is initially populated by the development team (during the transition phase), and revised based on the need or in a yearly service check by service_name Service Manager, with exception of CBA which remains the responsibility of business development team.

Service description

The purpose of eduroam (education roaming) is to provide secure, worldwide roaming access service for the international research and education community.

The eduroam service allows students, researchers and staff from participating institutions to obtain Internet connectivity on their mobile devices across their campuses and when visiting other participating institutions. The architecture that enables this is based on a number of technologies and agreements, which together provide the essential eduroam user experience: “open your laptop and be online”. 

The basic principle underpinning the security of eduroam is that the authentication of a user is carried out at his/her home institution using the institution’s specific authentication method. The authorisation required to allow access to local network resources is carried out by the visited network.

GÉANT operates the confederation-level service for members of the European eduroam Confederation, which is formed of autonomous roaming services who agree to a set of defined organisational and technical requirements by signing and following the eduroam policy declaration  is based on the eduroam service definition. The confederation’s goal is to provide a secure, consistent and uniform network access service to its users.


Users

eduroam users are National Roaming operators, that are responsible to operate eduroam service on a National level for their country. Up to date list of eduroam users is available at eduroam monitor site.

Contacts

 

Service ManagerDeputy Service ManagerL1 supportL2 supportL3 support
 Miroslav Milinovic  help@eduroam.org eduroam-ot@lists.geant.org eduroam-ot@lists.geant.org

Service delivery model

The European eduroam service is built hierarchically. At the top level sits the confederation-level service, which provides the confederation infrastructure required to grant network access to all participating members of the eduroam service together with a set of supporting services. This confederation service is built upon the national roaming services, operated by the national roaming operators (NROs – in most cases, NRENs). National roaming services make use of other entities, for example, campuses and regional facilities. eduroam service delivery model is presented in the following picture. 


The European service is governed by the eduroam Steering Group (SG), while day-to-day operations are carried out by the eduroam Operations Team (OT).

In addition to operating the service’s basic technical infrastructure, the GÉANT eduroam team also delivers a supporting services suite to facilitate the widespread deployment of eduroam. This suite includes a central database (eduroam db) with information about participating institutions, monitoring & metering tools (f-ticks) and a Configuration Assistant Tool (CAT) for end users and campus administrators.


Service Elements

Service Elements, with brief description and links to products, resource instances and software stack of the service, indicating the software components types - if they are internally (in-house) developed, OSS or commercial off-the-shelf softwareService elements can be grouped in two following categories:

Technology infrastructure

The confederation infrastructure relies on a distributed set of AAA servers. The current configuration uses RADIUS as the AAA protocol. There are various transport protocols to carry RADIUS payloads, as of May 2012, the following protocols exist: RADIUS/UDP, RADIUS/TCP, RADIUS/DTLS and RADIUS/TLS. eduroam supports transport over RADIUS/UDP and RADIUS/TLS, and recommends the use of RADIUS/TLS. Routing of RADIUS messages, independently of the transport used, is implemented in two ways: a baseline routing model, based on a hierarchy of RADIUS servers, and a dynamic-routing model, based on DNS service discovery. The dynamic-routing model is only supported over RADIUS/TLS.

Full explanation of technology infrastructure is provided at in eduroam Service Definition.

European Top-level RADIUS Servers (ETLRS) for the European Confederation are operated by SURFnet (Netherlands) and DeIC (Denmark). Top-level RADIUS Servers are deployed using Radiator software.


Supporting infrastructure
Each server has a list of connected, federation top-level domains (.nl, .dk, .hr, .de etc.) serving the appropriate NRENs. The servers also maintain exception rules for domains whose federation membership is not immediately identifiable in the realm (typically gTLD realms such as ’.edu’, ‘.eu’, ‘.net’, etc.). The servers accept requests for the federation domains they are responsible for, and subsequently forward them to the associated RADIUS server for that federation, and transport the response (i.e. result of the authentication request) back. Requests for the federation domains that the servers are not responsible for are forwarded to the proper federation TLRS. 

Monitoring, Diagnostics and Metering

The basic purpose of the eduroam monitoring, diagnostics and metering service is:  

  • to test the functionality of the FLRSs, TLRSs and the whole confederation infrastructure.
  • to collect information about the authentication traffic from the FLRSs.

Information is provided via the monitoring website  that is operated by SRCE (Croatia). Monitoring website is an in-house development for GEANT project, developed and maintained by SRCE. Source code is available at ?

The eduroam monitoring and diagnostics element reports the results of the tests, both as a colour-coded map and as graphs showing the response-time behaviour. An alert system is also implemented in order to inform OT and NRO responsible stuff about any malfunctions in the service as soon as they occur.

The metering element relies on the F-Ticks tool that is also part of monitoring website, f-ticks sectionF-ticks tool is an in-house development for GEANT project, developed and maintained by SRCE. Source code is available at ?

Some of those are public, while others are restricted to predefined user groups. The decision on the availability of the information lies with the eduroam Steering Group (SG). The eduroam monitoring, diagnostics and metering service is run and maintained by the Operations Team (OT).

eduroam Database

eduroam database stores information about eduroam service such as:

  • NRO representatives and respective contacts.
  • eduroam SP and IdP official contacts.
  • Information about eduroam Service Providers (SP location, technical info).
  • Monitoring information.
  • Information about the usage of the service.

It is the obligation of the NROs to provide the above mentioned information.

Information about the eduroam database design and data collection practice is available via the monitoring website, database section. eduroam database is an in-house development for GEANT project, developed and maintained by SRCE. Source code is available at ?

A web interface to the database is implemented, and it allows various views of the database content. Some of these are public, while others are restricted to predefined user groups. The decision on the availability of the information lies with the eduroam SG. Data exchange with other applications related to the eduroam service is subject to prior approval by the eduroam SG. The eduroam database and its web interface is run and maintained by the OT.

Trouble Ticketing System (TTS)

First level support uses Trouble Ticketing System (TTS) to recive and process user requests. TTS system used is based on Request Tracker software and is provided by GEANT association. The support is available at help@eduroam.org  

eduroam Website

The eduroam website is run and maintained by the OT. It is the central information point for eduroam users at the same time providing information and links for all user groups (see Section 3, Users).


eduroam CAT

The eduroam Configuration Assistant Tool (CAT) has been developed to help organisations offering their users eduroam access.  The tool builds customised installers for a range of popular PC and smartphone platforms and enhances the security for the end user.
The tool ensures that users are protected against rogue wi-fi hotspots accessing usernames and passwords.

The tool builds a specific  configuration for each participating organisation and so users should ensure they are downloading the correct installer.  If your organisation is not listed on the CAT website then please contact your institutions IT department for advice.

Cost Benefit Analysis

Provide URL to last valid CBA


  • No labels