1 / 12

Terena Mobility Taskforce update

Terena Mobility Taskforce update. Klaas Wierenga SURFnet <Klaas.Wierenga@SURFnet.nl>. Contents Page. Background Current status Future plans Discussion. Background. TF Mobility (Taskforce) officially began on January 1 2003. The group has an 18 month lifetime.

moshe
Download Presentation

Terena Mobility Taskforce update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Terena Mobility Taskforce update Klaas Wierenga SURFnet <Klaas.Wierenga@SURFnet.nl>

  2. Contents Page • Background • Current status • Future plans • Discussion

  3. Background • TF Mobility (Taskforce) officially began on January 1 2003. • The group has an 18 month lifetime. • Aim: ”coordinating research and testing in Europe regarding real usage and scalability of mobility solutions inside the academic community”. • Mobility solutions are defined as • a way to transfer authentication information between organisations so that a user from different organisation may gain wired or wireless access to 1) the visiting organisation’s network or 2) the visitor’s home network for home authentication and network access. • Work Areas • Identify inter-NREN roaming requirements. • Evaluate current national roaming solutions. • Select inter-NREN solution and test. • Evaluate mobile equipment, technology and next generation mobile technology for handover and roaming (mobile IPv4 & v6).

  4. Requirements definition • Enable NREN users to use the Internet (WLAN and wired) everywhere in Europe with: • Minimal administrative overhead (per roaming user) • Good usability • Maintaining required security for all partners. • Scalable!

  5. AAA Server Access Control Device Internet 4. 3. 5. 1. Docking Network 2. WWW-browser Web-based with RADIUS • RADIUS based Web interface authentication at the University of Tampere The Finnish are scaling their solution by using a hierarchy of RADIUS proxy servers for their national infrastructure

  6. Dockingnetwork Dockingnetwork VPN-Gateways VPN-Gateways Campus Network Campus Network G-WiN G-WiN Intranet X Intranet X DHCP, DNS, free Web DHCP, DNS, free Web • Wbone – VPN roaming solution to 4 universities / colleges in state of Bremen. VPN • SWITCHmobile – VPN solution deployed at 7 universities across Switzerland. • A "virtual campus" initiative in Lisbon, and been testing and developing a VPN & PKI infrastructure. PPPoE – University of Bristol

  7. Cross-domain 802.1X with VLAN assignment Supplicant Authenticator (AP or switch) RADIUS server Institution A RADIUS server Institution B User DB User DB Guest piet@institution_b.nl Internet Guest VLAN Employee VLAN Central RADIUS Proxy server Student VLAN Authentication at home institution, 802.1X , TTLS (SecureW2), (proxy) RADIUS. One time passwords are also transmitted via SMS to guest users. A RADIUS Hierarchy is proposed to scale this to a European wide solution.

  8. Current status • Documentation of national WLAN roaming solutions – complete • Characteristics identified as • 802.1X - “The future”, easy to scale, secure but cutting edge, thus expensive. • VPN - Widely available, expensive, secure & hard to scale. • Web based – cheap, widely available, easy to scale, but not secure. • WLAN Product testing matrix – 1st draft completed • Preliminary selection for inter-NREN roaming – in draft, conclusions are • No national solution meets all the requirements. • The group has chosen not to consider the following • Local VPN access. • PKI • An architecture that supports the various national solutions is needed, a three stream approach is recommended…

  9. Future plans Subject to feasibility, build the proposed CASG solution • Conduct feasibility tests on creating an scalable VPN solution • Resolve scaling and interoperability issues for 802.1x, VPN, web-based redirect, PPPoE) Extend to VPN in parallel Build and scale a RADIUS proxy hierarchy for non-VPN AAA • Consolidate findings into a trial report Work on software changes to PPPoE to facilitate roaming The testing of inter-NREN roaming solutions has already started !

  10. Controlled Address Space for VPN Gateways • Design and work plan documentation underway. • Interoperability tests of VPN to RADIUS proxy hierarchy agreed. • Further work to follow.

  11. FUNET SURFnet (DFN) CARnet Radius proxy hierarchy • Participation guidelines are being drafted • Aim is to increase membership. Spain, Norway, Slovenia, Czech Republic & Greece have indicated their willingness to join. University of Southampton FCCN RADIUS Proxy servers connecting to a European level RADIUS proxy server

  12. Thank you for your time Any questions ? Klaas Wierenga +31 30 2 305 305 Klaas.Wierenga@SURFnet.nl

More Related