240 likes | 378 Views
TF-Mobility meeting. 6 June 2004. Agenda. TF-Mobility Meeting, June 6 2004 Welcome and Update on TF-Mobility to date Discussion on the draft Deliverable H Discussion on the draft Deliverable I Discussion on the draft Deliverable L Taskforce closure - items to be completed
E N D
TF-Mobility meeting 6 June 2004 TF-Mobility meeting
Agenda TF-Mobility Meeting, June 6 2004 • Welcome and Update on TF-Mobility to date • Discussion on the draft Deliverable H • Discussion on the draft Deliverable I • Discussion on the draft Deliverable L • Taskforce closure - items to be completed • Remaining deliverables • End of taskforce Report • New Taskforce charter • Update on NREN national roaming developments - contributions from group • UK Location Independent Networking Update - James Sankar • SURFnet Update - Klaas ? • DFN Update - Juergen ? • others TF-Mobility meeting
TF-Mobility Meeting Deliverable H discussion and approval • Draft version online in June 2004 • Is the content written generally agreed by all? • Please confirm approval. TF-Mobility meeting
TF-Mobility Meeting Deliverable I • Draft version should be online shortly • Is the policy document generally agreed by all? • Please provide comments and confirm approval by the mailing list TF-Mobility meeting
TF-Mobility Meeting Deliverable L • Draft version being written. • Please provide comments by the mailing list. TF-Mobility meeting
New TF-Mobility charter Terms of Reference for TF-Mobility (v2). • “to continue existing TF-Mobility work to develop roaming services for mobile devices using network access technologies already deployed (or planned) in the national research and education networks (NRENs) involved in the task force in close cooperation with the Géant2 joint research activity JRA5 (Ubiquity (Mobility) and Roaming Access to Services).” Work will be undertaken to review work produced to date and to give consideration for new work areas as follows (1) To extend roaming service access beyond NRENs to other networks; (2) To develop securer, more flexible and more accountable roaming services by investigating and testing system integration with other Authentication, Authorisation and Accounting solutions. TF-Mobility meeting
New TF-Mobility charter • The Task Force will be open to any individual or representative of an organisation that can offer appropriate expertise, manpower, equipment or services. Participation will be on a voluntary basis. • The Task Force will operate with a 2 year mandate, starting 1 July 2004 . A report on the progress of the Task Force and the results achieved will be made at the TERENA Networking Conference 2005. • The mandate of the Task Force may be renewed by the TERENA Technical Committee (TTC). If the mandate is not renewed, the Task Force will be dissolved. The Task Force may also be dissolved if the TTC considers that it is making insufficient progress or that its activities are no longer useful or relevant, or if the Task Force co-chairs resign and no replacement can be found. • The Task Force will meet approximately four times per year (although this may be via telephone or videoconference). Physical meetings will be held at the TERENA Secretariat offices in Amsterdam or at other locations, taking care to reduce overall costs to participants. TF-Mobility meeting
New TF-Mobility charter Focus • To gather input from the community at large on developing and scaling inter-NREN roaming services to be fed into JRA5. • To disseminate JRA5 results with respect to inter-NREN roaming services to the community at large. • To investigate and pilot new technologies for mobility that are (currently) beyond the realm of JRA5. Aims • 2.1. ESTABLISH A FORUM: • Provide a forum for exchanging experiences and knowledge; • Make the results of the work of the Task Force and JRA5 available to the research networking community; • Promote the benefits of the technology and assist in the roll out of national roaming infrastructures. TF-Mobility meeting
New TF-Mobility charter Aims (continued) • 2.2 DEVELOP A TECHNICAL KNOWLEDGE BASE ON ROAMING: • Continue the work of the TF-Mobility group to provide details of Wireless Access Points and Wireless Client performance and interoperability issues and consider other network access devices (e.g. PDAs) and wired network access; • Use the mailing list as a means of keeping up to date on roaming technology developments, new standards, new issues; • Gather information from two above items to produce an approved source of information on the market, products, standards and issues similar to a market/technology appraisal. TF-Mobility meeting
New TF-Mobility charter Aims (continued) • CONTINUE WORK ON THE CURRENT INTER-NREN ROAMING: • Continue testing and scaling the current and emerging inter-NREN roaming architectures (RADIUS hierarchy & CASG); • Review and update the current and emerging national roaming solutions (e.g. Web-based, RADIUS+802.1x, VPN) taking place in NRENs across Europe both in and outside JRA5 and elsewhere; • Revise and update the elements for an inter-NREN WLAN architecture based on current national roaming solutions and emerging roaming developments (2.3.2); • Amend and test (as necessary) on the existing inter-NREN test bed architecture amongst the participant NRENs, consider technical support services and changes to existing policies. • CONSIDER THE IMPACT OF FUTURE DEVELOPMENTS ON ROAMING • Identify the determine impact of new and emerging standards such as MobileIP, IPv6 and QoS on roaming; • Consider the impact of QoS and new applications on roaming services; • Investigate and survey the needs of roaming users and participating NRENs and their institutions on future roaming needs; • Undertake a risk analysis of the impact of future developments on roaming. TF-Mobility meeting
New TF-Mobility charter Deliverables • D1. An knowledge base of information that relates to network access, roaming and security issues. A summary report of discussions should be produced every six months listed issues raised, those resolved and those outstanding and reasons why it is so. • D2. Scale and where necessary upgrade / integrate the current roaming infrastructures with reports on progress. • D3. Create a service support area for the current roaming services that contains the following • D3.1 - Current Roaming policies. • D3.2 - Current best practice • D3.3 - An online map of participating NRENs and their institutions with details of each institution's campuses that support roaming with details of their network access methods, SSID, Local AUP (ideally each NREN should be responsible for their own area). TF-Mobility meeting
New TF-Mobility charter Deliverables • D4 - Create an online form for roaming users to provide feedback on their experiences of roaming at other institutions so that this information can be automatically passed on to the relevant NREN and institution. • D5 - Details of how to get access to technical support at each NREN for institutions and at TERENA / SURFNET for NRENs. • D6 - Produce a forward look document that outlines a way forward to develop roaming over the next 1-2 years, this will include the updated requirements coming from JRA5, lessons learnt from the current development work, a SWOT analysis and a risk analysis based on current and future needs and advances in new technologies, protocols and standards. • New deliverables may be added as the Taskforce sees fit. TF-Mobility meeting
TF-Mobility End of taskforce report • Draft version in progress • Welcome contributions from NRENs on national roaming developments • Initial review by TERENA and Co-chairs • Circulation to mailing list • Final version submitted to TERENA TF-Mobility meeting
Update on roaming in the UKThe Location Independent Networking infrastructure TF-Mobility meeting
Recommended Technical Solution: National Proxy RADIUS Hierarchy To support a wired and wireless (web, 802.1X, Roamnode) network access solutions JANET Co location JANET Co-location National RADIUS Proxy Server National RADIUS Proxy Server Logical Connections Organisational RADIUS Server A Organisational RADIUS Server B Organisational RADIUS Server C Organisational RADIUS Server D TF-Mobility meeting
Technical information • Top Tier (Provided by UKERNA) • Two RADIUS servers for resilience at JANET co-locations. • These national servers will be connected to the European RADIUS servers for “inter-NREN” roaming prior to the trial. • RADIATOR RADIUS server software has been chosen. • Each National RADIUS server and organisational RADIUS server to be connected with a separate shared secret. • Lower Tier (Provided by JANET organisations) • Each participating organisation requires a RADIUS server but is no mandated to use specific hardware or software. • Case studies and sample RADIUS configurations will be made available to trial participants. • Participants will use either wired, or wireless (web, 802.1X, Roamnode) network access methods. • RADIUS user Credentials based on “username@realm” and a password. TF-Mobility meeting
RADIUS proxy hierarchy established to date Sites currently connected 199 sites Organisational RADIUS Server Organisational RADIUS Server Organisational RADIUS Server Organisational RADIUS Server FOKUS (Berlin) Organisational RADIUS Server Currently linked to FCCN, Portugal Currently linked to CARNET, Croatia Organisational RADIUS Server National RADIUS Proxy Server National RADIUS Proxy Server 1 site Currently linked to DFN, Germany National RADIUS Proxy Server Top-level RADIUS Proxy Server National RADIUS Proxy Server Organisational RADIUS Server Backup Top-level RADIUS Proxy Server Currently linked to SURFnet, Netherlands Currently hosted at SURFnet Currently linked to FUNET, Finland National RADIUS Proxy Server National RADIUS Proxy Server etlr1.radius.terena.nl (192.87.36.6) etlr2.radius.terena.nl (195.169.131.2) Organisational RADIUS Server Organisational RADIUS Server Organisational RADIUS Server 20 sites University of Southampton TF-Mobility meeting 1 site
RADIUS proxy hierarchy once the LIN trial is established… Organisational RADIUS Server Organisational RADIUS Server Organisational RADIUS Server Organisational RADIUS Server FOKUS (Berlin) Organisational RADIUS Server Currently linked to FCCN, Portugal Currently linked to CARNET, Croatia Organisational RADIUS Server National RADIUS Proxy Server National RADIUS Proxy Server Currently linked to DFN, Germany National RADIUS Proxy Server Top-level RADIUS Proxy Server National RADIUS Proxy Server Organisational RADIUS Server Backup Top-level RADIUS Proxy Server Currently linked to SURFnet, Netherlands Currently hosted at SURFnet Currently linked to FUNET, Finland National RADIUS Proxy Server etlr1.radius.terena.nl (192.87.36.6) etlr2.radius.terena.nl (195.169.131.2) Organisational RADIUS Server Organisational RADIUS Server National RADIUS Proxy Server National RADIUS Proxy Server Organisational RADIUS Servers Organisational RADIUS Servers Organisational RADIUS Servers Organisational RADIUS Servers TF-Mobility meeting
RADIUS proxy hierarchy once the LIN trial is established… Organisational RADIUS Server Organisational RADIUS Server Organisational RADIUS Server Organisational RADIUS Server FOKUS (Berlin) Organisational RADIUS Server Currently linked to FCCN, Portugal Currently linked to CARNET, Croatia Organisational RADIUS Server National RADIUS Proxy Server National RADIUS Proxy Server Currently linked to DFN, Germany National RADIUS Proxy Server Top-level RADIUS Proxy Server National RADIUS Proxy Server Organisational RADIUS Server Backup Top-level RADIUS Proxy Server Currently linked to SURFnet, Netherlands Currently hosted at SURFnet Currently linked to FUNET, Finland National RADIUS Proxy Server etlr1.radius.terena.nl (192.87.36.6) etlr2.radius.terena.nl (195.169.131.2) Organisational RADIUS Server Organisational RADIUS Server National RADIUS Proxy Server National RADIUS Proxy Server Organisational RADIUS Servers Organisational RADIUS Servers Organisational RADIUS Servers Organisational RADIUS Servers TF-Mobility meeting
LIN Policies TF-Mobility meeting
Policy • Policy is essential to establish a “network of trust” • Policy is being drafted for the trial, key items agreed include • The guest user must abide by their home organisation AUP and respect the visited organisation AUP. • The home organisation is responsible for educating its users on the LIN trial service (e.g. process for acquiring technical support) and their own users actions at visited organisations. • The visited organisation must advertise services that support LIN and the level of security supported and ideally details of the local AUP. • The visited organisation can enforce their own local site policies. • The “technical support” organisation will act as a single point of contact to manage operational issues such as queries, faults, security issues etc. • European Policy is currently being drafted for participation to the European RADIUS hierarchy, national policy is being drafted to comply with this. TF-Mobility meeting
Project Progress Update TF-Mobility meeting
Dedicated website Info about the trial Password area for participants Status of national servers Sample RADIUS configurations Case studies from proof of concept triallists Technical support info (tel. email etc.) Dedicated telephone support In operation during normal business hours. Answer phone for out of hours. Email Email address Restricted mailing list for participants Technical Support services Handling queries from site contacts, not end users. TF-Mobility meeting
Project Milestones TF-Mobility meeting