tf-mobility meeting
DESCRIPTION
TF-Mobility meeting. 6 June 2004. Agenda. TF-Mobility Meeting, June 6 2004 Welcome and Update on TF-Mobility to date Discussion on the draft Deliverable H Discussion on the draft Deliverable I Discussion on the draft Deliverable L Taskforce closure - items to be completed - PowerPoint PPT PresentationTRANSCRIPT
TF-Mobility meeting
6 June 2004
AgendaTF-Mobility Meeting, June 6 2004
• Welcome and Update on TF-Mobility to date • Discussion on the draft Deliverable H• Discussion on the draft Deliverable I • Discussion on the draft Deliverable L• Taskforce closure - items to be completed
– Remaining deliverables – End of taskforce Report– New Taskforce charter
• Update on NREN national roaming developments - contributions from group– UK Location Independent Networking Update - James Sankar– SURFnet Update - Klaas ?– DFN Update - Juergen ?– others
TF-Mobility Meeting
Deliverable H discussion and approval
– Draft version online in June 2004– Is the content written generally agreed by all? – Please confirm approval.
TF-Mobility Meeting
Deliverable I
– Draft version should be online shortly– Is the policy document generally agreed by all? – Please provide comments and confirm approval
by the mailing list
TF-Mobility Meeting
Deliverable L
– Draft version being written.– Please provide comments by the mailing list.
New TF-Mobility charter
Terms of Reference for TF-Mobility (v2).
• “to continue existing TF-Mobility work to develop roaming services for mobile devices using network access technologies already
deployed (or planned) in the national research and education networks (NRENs) involved in the task force in close cooperation with the
Géant2 joint research activity JRA5 (Ubiquity (Mobility) and Roaming Access to Services).”
Work will be undertaken to review work produced to date and to give consideration for new work areas as follows
(1) To extend roaming service access beyond NRENs to other networks;(2) To develop securer, more flexible and more accountable roaming
services by investigating and testing system integration with other Authentication, Authorisation and Accounting solutions.
New TF-Mobility charter• The Task Force will be open to any individual or representative of an organisation that
can offer appropriate expertise, manpower, equipment or services. Participation will be on a voluntary basis.
• The Task Force will operate with a 2 year mandate, starting 1 July 2004 . A report on
the progress of the Task Force and the results achieved will be made at the TERENA Networking Conference 2005.
• The mandate of the Task Force may be renewed by the TERENA Technical Committee (TTC). If the mandate is not renewed, the Task Force will be dissolved. The Task Force may also be dissolved if the TTC considers that it is making insufficient progress or that its activities are no longer useful or relevant, or if the Task Force co-chairs resign and no replacement can be found.
• The Task Force will meet approximately four times per year (although this may be via
telephone or videoconference). Physical meetings will be held at the TERENA Secretariat offices in Amsterdam or at other locations, taking care to reduce overall costs to participants.
New TF-Mobility charter
Focus • To gather input from the community at large on developing and scaling inter-NREN
roaming services to be fed into JRA5.• To disseminate JRA5 results with respect to inter-NREN roaming services to the
community at large.• To investigate and pilot new technologies for mobility that are (currently) beyond the
realm of JRA5.
Aims
• 2.1. ESTABLISH A FORUM:– Provide a forum for exchanging experiences and knowledge;– Make the results of the work of the Task Force and JRA5 available to the research networking
community;– Promote the benefits of the technology and assist in the roll out of national roaming
infrastructures.
New TF-Mobility charter
Aims (continued)
• 2.2 DEVELOP A TECHNICAL KNOWLEDGE BASE ON ROAMING:
– Continue the work of the TF-Mobility group to provide details of Wireless Access Points and Wireless Client performance and interoperability issues and consider other network access devices (e.g. PDAs) and wired network access;
– Use the mailing list as a means of keeping up to date on roaming technology developments, new standards, new issues;
– Gather information from two above items to produce an approved source of information on the market, products, standards and issues similar to a market/technology appraisal.
New TF-Mobility charter
Aims (continued)
• CONTINUE WORK ON THE CURRENT INTER-NREN ROAMING:
– Continue testing and scaling the current and emerging inter-NREN roaming architectures (RADIUS hierarchy & CASG);
– Review and update the current and emerging national roaming solutions (e.g. Web-based, RADIUS+802.1x, VPN) taking place in NRENs across Europe both in and outside JRA5 and elsewhere;
– Revise and update the elements for an inter-NREN WLAN architecture based on current national roaming solutions and emerging roaming developments (2.3.2);
– Amend and test (as necessary) on the existing inter-NREN test bed architecture amongst the participant NRENs, consider technical support services and changes to existing policies.
• CONSIDER THE IMPACT OF FUTURE DEVELOPMENTS ON ROAMING
– Identify the determine impact of new and emerging standards such as MobileIP, IPv6 and QoS on roaming;
– Consider the impact of QoS and new applications on roaming services;– Investigate and survey the needs of roaming users and participating NRENs and their
institutions on future roaming needs;– Undertake a risk analysis of the impact of future developments on roaming.
New TF-Mobility charter
Deliverables
– D1. An knowledge base of information that relates to network access, roaming and security issues. A summary report of discussions should be produced every six months listed issues raised, those resolved and those outstanding and reasons why it is so.
– D2. Scale and where necessary upgrade / integrate the current roaming infrastructures with reports on progress.
– D3. Create a service support area for the current roaming services that contains the following
• D3.1 - Current Roaming policies.• D3.2 - Current best practice• D3.3 - An online map of participating NRENs and their institutions with
details of each institution's campuses that support roaming with details of their network access methods, SSID, Local AUP (ideally each NREN should be responsible for their own area).
New TF-Mobility charter
Deliverables
– D4 - Create an online form for roaming users to provide feedback on their experiences of roaming at other institutions so that this information can be automatically passed on to the relevant NREN and institution.
– D5 - Details of how to get access to technical support at each NREN for institutions and at TERENA / SURFNET for NRENs.
– D6 - Produce a forward look document that outlines a way forward to develop roaming over the next 1-2 years, this will include the updated requirements coming from JRA5, lessons learnt from the current development work, a SWOT analysis and a risk analysis based on current and future needs and advances in new technologies, protocols and standards.
– New deliverables may be added as the Taskforce sees fit.
TF-Mobility End of taskforce report
• Draft version in progress• Welcome contributions from NRENs on national
roaming developments• Initial review by TERENA and Co-chairs• Circulation to mailing list• Final version submitted to TERENA
Update on roaming in the UK
The Location Independent Networking
infrastructure
Recommended Technical Solution:
National Proxy RADIUS Hierarchy
To support a wired and wireless (web, 802.1X, Roamnode) network access solutions
JANET Co-location
JANET Co location
Organisational RADIUS Server
B
Organisational RADIUS Server
B
Organisational RADIUS Server
A
Organisational RADIUS Server
A
Organisational RADIUS Server
D
Organisational RADIUS Server
D
Organisational RADIUS Server
C
Organisational RADIUS Server
C
National RADIUS
Proxy Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
National RADIUS
Proxy ServerLogical Connections
Technical information• Top Tier (Provided by UKERNA)
– Two RADIUS servers for resilience at JANET co-locations.– These national servers will be connected to the European RADIUS servers for “inter-
NREN” roaming prior to the trial.– RADIATOR RADIUS server software has been chosen.– Each National RADIUS server and organisational RADIUS server to be connected with a
separate shared secret.
• Lower Tier (Provided by JANET organisations)
– Each participating organisation requires a RADIUS server but is no mandated to use specific hardware or software.
– Case studies and sample RADIUS configurations will be made available to trial participants.
– Participants will use either wired, or wireless (web, 802.1X, Roamnode) network access methods.
– RADIUS user Credentials based on “username@realm” and a password.
Organisational RADIUS ServerOrganisational RADIUS Server
Top-level RADIUS
Proxy Server
Top-level RADIUS
Proxy Server
Organisational RADIUS ServerOrganisational RADIUS Server
Organisational RADIUS ServerOrganisational RADIUS Server
Organisational RADIUS ServerOrganisational RADIUS Server
Organisational RADIUS ServerOrganisational RADIUS Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
University of Southampton
Currently hosted at SURFnet
Currently linked to FCCN, Portugal
Currently linked to CARNET, Croatia
BackupTop-level RADIUS
Proxy Server
BackupTop-level RADIUS
Proxy Server
etlr1.radius.terena.nl (192.87.36.6)
etlr2.radius.terena.nl (195.169.131.2)Organisational RADIUS ServerOrganisational RADIUS Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
Organisational RADIUS ServerOrganisational RADIUS Server
Currently linked to SURFnet, Netherlands
National RADIUS
Proxy Server
National RADIUS
Proxy Server
Organisational RADIUS ServerOrganisational RADIUS Server
Organisational RADIUS ServerOrganisational RADIUS Server
Currently linked to FUNET, Finland
RADIUS proxy hierarchy established to date
National RADIUS
Proxy Server
National RADIUS
Proxy Server
Organisational RADIUS ServerOrganisational RADIUS Server
FOKUS (Berlin)
National RADIUS
Proxy Server
National RADIUS
Proxy Server
Currently linked to DFN, Germany
1 site
199 sites
20 sites
1 site
Sites currently connected
Organisational RADIUS Servers
Organisational RADIUS Servers
Top-level RADIUS
Proxy Server
Top-level RADIUS
Proxy Server
Organisational RADIUS ServerOrganisational RADIUS Server
Organisational RADIUS ServerOrganisational RADIUS Server
Organisational RADIUS ServerOrganisational RADIUS Server
Organisational RADIUS ServerOrganisational RADIUS Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
Currently hosted at SURFnet
Currently linked to FCCN, Portugal
Currently linked to CARNET, Croatia
BackupTop-level RADIUS
Proxy Server
BackupTop-level RADIUS
Proxy Server
etlr1.radius.terena.nl (192.87.36.6)
etlr2.radius.terena.nl (195.169.131.2)Organisational RADIUS ServerOrganisational RADIUS Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
Organisational RADIUS ServerOrganisational RADIUS Server
Currently linked to SURFnet, Netherlands
National RADIUS
Proxy Server
National RADIUS
Proxy Server
Organisational RADIUS ServerOrganisational RADIUS Server
Organisational RADIUS ServerOrganisational RADIUS Server
Currently linked to FUNET, Finland
RADIUS proxy hierarchy once the LIN trial is established…
National RADIUS
Proxy Server
National RADIUS
Proxy Server
Organisational RADIUS ServerOrganisational RADIUS Server
FOKUS (Berlin)
National RADIUS
Proxy Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
Organisational RADIUS Servers
Organisational RADIUS Servers
Organisational RADIUS Servers
Organisational RADIUS Servers
Organisational RADIUS Servers
Organisational RADIUS Servers
Currently linked to DFN, Germany
Currently linked to FUNET, Finland
etlr1.radius.terena.nl (192.87.36.6)
etlr2.radius.terena.nl (195.169.131.2)
Organisational RADIUS Servers
Organisational RADIUS Servers
Top-level RADIUS
Proxy Server
Top-level RADIUS
Proxy Server
Organisational RADIUS ServerOrganisational RADIUS Server
Organisational RADIUS ServerOrganisational RADIUS Server
Organisational RADIUS ServerOrganisational RADIUS Server
Organisational RADIUS ServerOrganisational RADIUS Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
Currently hosted at SURFnet
Currently linked to FCCN, Portugal
Currently linked to CARNET, Croatia
BackupTop-level RADIUS
Proxy Server
BackupTop-level RADIUS
Proxy Server
Organisational RADIUS ServerOrganisational RADIUS Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
Organisational RADIUS ServerOrganisational RADIUS Server
Currently linked to SURFnet, Netherlands
National RADIUS
Proxy Server
National RADIUS
Proxy Server
Organisational RADIUS ServerOrganisational RADIUS Server
Organisational RADIUS ServerOrganisational RADIUS Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
Organisational RADIUS ServerOrganisational RADIUS Server
FOKUS (Berlin)
National RADIUS
Proxy Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
National RADIUS
Proxy Server
Organisational RADIUS Servers
Organisational RADIUS Servers
Organisational RADIUS Servers
Organisational RADIUS Servers
Organisational RADIUS Servers
Organisational RADIUS Servers
RADIUS proxy hierarchy once the LIN trial is established…
Currently linked to DFN, Germany
LIN Policies
Policy• Policy is essential to establish a “network of trust”• Policy is being drafted for the trial, key items agreed include
– The guest user must abide by their home organisation AUP and respect the visited organisation AUP.
– The home organisation is responsible for educating its users on the LIN trial service (e.g. process for acquiring technical support) and their own users actions at visited organisations.
– The visited organisation must advertise services that support LIN and the level of security supported and ideally details of the local AUP.
– The visited organisation can enforce their own local site policies.– The “technical support” organisation will act as a single point of contact to
manage operational issues such as queries, faults, security issues etc.
• European Policy is currently being drafted for participation to the European RADIUS hierarchy, national policy is being drafted to comply with this.
Project Progress Update
Technical Support services
• Dedicated website– Info about the trial– Password area for
participants• Status of national
servers• Sample RADIUS
configurations• Case studies from proof
of concept triallists• Technical support info• (tel. email etc.)
• Dedicated telephone support– In operation during
normal business hours.– Answer phone for out
of hours.
• Email– Email address– Restricted mailing list
for participants
Handling queries from site contacts, not end users.
Project Milestones
Milestones Status
Finalise LIN Architecture document
(includes LIN infrastructure & policy)
June 2004
Agree contracts and distribute funds June 2004
Procure equipment and build RADIUS servers June/July 2004
Complete proof of concept tests September 2004
Issue Call for participation September 2004
Select participants and distribute funds Oct 2004
National Trial - Go Live Jan 2005