parallel session: mobility
TRANSCRIPT
![Page 1: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/1.jpg)
Parallel session c:Mobility
Chair: Mark O'Leary
SPONSORED BY
![Page 2: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/2.jpg)
Please switch your mobile phones to silent
17:30 - 19:00
No fire alarms scheduled. In the event of an alarm, please follow directions of NCC staffExhibitor showcase and drinks reception
18:00 - 19:00
Birds of a feather sessions
![Page 3: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/3.jpg)
govroamDavid Hayling, University of Kent
![Page 4: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/4.jpg)
The UK’s European university
govroam
David Hayling
![Page 5: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/5.jpg)
• Location Independent Networking (LIN)
govroam | David Hayling
![Page 6: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/6.jpg)
• early life eduroam
govroam | David Hayling
![Page 7: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/7.jpg)
• eduroam widespread adoption
govroam | David Hayling
![Page 8: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/8.jpg)
• eduroam – the trusted service
govroam | David Hayling
![Page 9: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/9.jpg)
• establishing trust
govroam | David Hayling
![Page 10: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/10.jpg)
• trust - the shared service enabler
govroam | David Hayling
![Page 11: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/11.jpg)
• educating GDS to the merits of eduroam
govroam | David Hayling
![Page 12: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/12.jpg)
• XXXroam
govroam | David Hayling
![Page 13: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/13.jpg)
• KPSNroam
govroam | David Hayling
![Page 14: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/14.jpg)
• psnroam
govroam | David Hayling
![Page 15: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/15.jpg)
• govroam
govroam | David Hayling
![Page 16: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/16.jpg)
• trust, collaborate, …
govroam | David Hayling
![Page 17: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/17.jpg)
• trust, collaborate, … roam
govroam | David Hayling
![Page 18: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/18.jpg)
www.kent.ac.uk
![Page 19: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/19.jpg)
![Page 21: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/21.jpg)
From a Reactive to Planned
Wi-Fi Service Improvement
Jamie Lee, Goldsmiths
![Page 22: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/22.jpg)
02/05/2023
Themes
»Where the Goldsmiths Journey Started?»The First Wave»A Second Wave and the Reactive Sprawl»Service Improvement»Planning for Capacity and Growth»Benefits and What Next?
From a Reactive to Planned Wi-Fi Service Improvement
![Page 23: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/23.jpg)
02/05/2023
Where the Goldsmiths Journey started
»25 Cisco 1200 series placed in “key” areas of the campus
»Individually managed»Hot spots map published
»A poor roaming experience
»Support overheads»Low visibility of the
serviceFrom a Reactive to Planned Wi-Fi Service Improvement
The result was
![Page 24: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/24.jpg)
02/05/2023
The First Wave
»Single Master Controller»64 AP licenses increasing to 128»FreeRadius 2.1.x integrated with Open LDAP »Provides some NAC capability»Use of Wi-Fi increasing as are demands»Cisco AP’s coexist increasing complexity
Aruba 3600 Wi-Fi Controller with Freeradius Servers
From a Reactive to Planned Wi-Fi Service Improvement
![Page 25: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/25.jpg)
02/05/2023
A Second Wave and the Reactive Sprawl
»Implemented ClearPass 2.2 and integrate with AD
»Introduced two local controllers and 200 additional AP’s
»Stabilised core network across campus
»AP licenses converted to pool
Networks Overhaul begins »ClearPass servers soon
reach capacity»Wi-Fi in halls decision
made after the overhaul»Access points deployed
ad-hoc upon request»Incidents on the help
desk continue to increase
The Growing Pains continue
From a Reactive to Planned Wi-Fi Service Improvement
![Page 26: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/26.jpg)
02/05/2023
Commitment to Aruba - HPE
»Gartner clients report a high degree of satisfaction with Aruba's ClearPass, which provides guest access, device profiling, posture assessment, onboarding and more. »HPE offers free technical support in business hours for three years on most Aruba switches (24/7 for 90 days).
The Gartner Magic Quadrant
From a Reactive to Planned Wi-Fi Service Improvement
Source: Gartner 2016
![Page 27: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/27.jpg)
02/05/2023
Service Improvement
»Procured campus wide passive and predictive survey that:› Identified areas of channel overlap and poor coverage
› Identified high density areas and coverage shortfall
›Located and recorded 3rd party Wi-Fi networks»The survey was used in procurement for the next phase
»Replaced controllers with wave 2 capable versions
»Introduced Aruba ClearPass to replace Freeradius
How we approached the Wi-Fi service improvement
From a Reactive to Planned Wi-Fi Service Improvement
![Page 28: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/28.jpg)
02/05/2023
Planning for Capacity and Growth
»Approach new and refurbished locations with a Wi-Fi first view
»Separate security zones for roles so access is managed securely.
From a Reactive to Planned Wi-Fi Service Improvement
![Page 29: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/29.jpg)
02/05/2023
Realising the Benefits
»686 Access Points now installed
»86% less help desk calls comparing period before and after the latest improvements.
»Secure yet flexible mobility
»An improved student and staff experience
»A solid platform for future growth
The Results
From a Reactive to Planned Wi-Fi Service Improvement
![Page 30: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/30.jpg)
02/05/2023
Lessons Learned and Next Steps
»Active survey might have realised further benefits
»No management tool to measure the effectiveness of the service improvements
»eduroam Template in ClearPass needs improving
»Audit Apps that use the Wi-Fi
Lessons Learned»Implement Airwave to
make further service improvements
»Contain 3rd party Wi-Fi»VoIP over Wi-Fi, IPv6»Full 802.11ac rollout»Feasibility for tools such
as beacon and Skyfii for analytics
Next Phases
From a Reactive to Planned Wi-Fi Service Improvement
![Page 31: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/31.jpg)
02/05/2023
Sources and links
»https://www.gartner.com/document/3426431?ref=ddisp&refval=3439518
»http://www.arubanetworks.com/products/networking/
»http://skyfii.io/vertical/education/
From a Reactive to Planned Wi-Fi Service Improvement
![Page 32: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/32.jpg)
02/05/2023
Thank you for listening
From a Reactive to Planned Wi-Fi Service Improvement
![Page 33: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/33.jpg)
02/05/2023
Questions?
From a Reactive to Planned Wi-Fi Service Improvement
![Page 34: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/34.jpg)
jisc.ac.uk
02/05/2023
My Details
Jamie Lee
IT Infrastructure [email protected], @JamieLee_Gold
From a Reactive to Planned Wi-Fi Service Improvement
Goldsmiths, University of London
![Page 35: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/35.jpg)
eduroam support portal changes V2
Edward Wincott, JiscNitev Mitev, eduroam UK technical support, Jisc
![Page 36: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/36.jpg)
pre-NWS44 eduroam seminar 2016
»Replacement of Roaming2»Proactive contact with members to address issues
»Revision of technical specification»Development and deployment of Service Provider Assurance Tool
»Replacement of support server – new platform new features
02/05/2023 eduroam support portal changes V2
![Page 37: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/37.jpg)
Achievements 2016 - today
» Replacement of Roaming2› New R93o dual function server
deployed VM machine for Roamingo and New Support
› RedHat 7.3; marked performance improvement. Baseline response time from European monitor reduced from 1.4sec to 1.1sec
› Roaming2 will be replaced 3 and 4th May (Decommission Old Solaris VM in Manchester Replacement R2 deployment in Slough data centre
02/05/2023 eduroam support portal changes V2
![Page 38: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/38.jpg)
02/05/2023
Achievements 2016 - today
» Proactive contact with members to address issues› Ongoing…regular e-mails
» Revision of Technical Specification› Version 1.4 released 14 July 2016
» Development + deployment of Service Provider Assurance Tool› Version2 now being rolled out to
community – BoF session at 18:00 theatre 3
» Replacement of Support server› New platform new features› Now in beta
eduroam support portal changes V2
![Page 39: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/39.jpg)
jisc.ac.uk
Except where otherwise noted, this work is licensed under CC-BY-NC-ND
Edward Wincott
eduroam (UK) service [email protected] 822378
![Page 40: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/40.jpg)
eduroam support server v2
Nik Mitev, eduroam UK Technical Support, Jisc
![Page 41: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/41.jpg)
02/05/2023
A year of intensive coding
»First presented at last year’s NWS › ideas and static pictures
»One year later, we have a working site › with beta test users
› An outline of the most important changes
and improvements followseduroam support server v2
![Page 42: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/42.jpg)
02/05/2023
Layout overview
»Three categories of content› Status overview› Configure› Troubleshoot
»User menu»Card specific help»Pending change
notification»Service request form»Links to policy
documentseduroam support server v2
![Page 43: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/43.jpg)
02/05/2023eduroam support server v2
Monitoring – active tests» EAP authentication tests
› All realms› All servers› All authentication methods› IPv4 and IPv6› Support for blank username› CUI reply
» DNS (A, AAAA)» ICMP» Status-Server
» DNS (NAPTR)» SMTP» eduroam service page
Every 30 min – weighted severity
Every 24 hours
![Page 44: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/44.jpg)
02/05/2023
Passive monitoring
» Logs are now parsed in real time» Error detection
› Loop detection› Invalid shared secrets› CSI› Operator-Name› Timeouts› Leaked VSAs› ICMP DU/TE
» Graphing
eduroam support server v2
![Page 45: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/45.jpg)
02/05/2023eduroam support server v2
Monitoring – presentation
»RADIUS servers card› ORPS related issues
»Status summary card› All detected issues› Available to the public
(only Err & Warn)› More summarisation is
on the ToDo list
![Page 46: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/46.jpg)
02/05/2023
Configuration» ORPS
› Copy shared secrets between ORPS› Status-Server setting verification› Instant DNS check
» Organisation settings› Simplified service configuration› Multiple auth methods› Instant eduroam URL check
» Realms› Per-realm test account
» Accounts› Individual accounts› Read only accounts
» Pending change notification
eduroam support server v2
![Page 47: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/47.jpg)
02/05/2023
Troubleshooting» Testing
› Tests run directly on NRPS› Target specific ORPS› IPv6 support› Multiple realms› CUI requests
» Quick reference› Filtered by ORPS platform
» Logs› Parsed in real time› Search› Download› 30 days history› Admin (configuration) logs
eduroam support server v2
![Page 48: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/48.jpg)
02/05/2023
Beta testing
»Existing credentials work»Feel free to use › (Changes have no effect on your eduroam service)
»Built-in help available»Suggestions welcome
eduroam support server v2
![Page 49: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/49.jpg)
02/05/2023
The road ahead
»Hope to bring into live service soon› Migration code and procedure› Bug fixes› Roaming2 upgrade
»Further development› Great flexibility› Open source (hopefully)› Written in perl (Dancer2, Template Toolkit)› Localisation and wider adoption
eduroam support server v2
![Page 50: Parallel session: mobility](https://reader036.vdocument.in/reader036/viewer/2022062503/58ee034e1a28ab14558b472b/html5/thumbnails/50.jpg)
jisc.ac.uk
02/05/2023
Nik Mitev
eduroam UK Technical Supportkeybase ID: [email protected]
eduroam support server v2