About JANET Roaming | Maps of where you can use JRS eduroam

Using JRS | Documentation | Technology/FAQs | Technical Support | How to Join

The JANET Roaming service provides eduroam in the UK which enables network logon anywhere using own username and password regardless of location without the need for guest account set up (at participating organisations from guest workstations or wirelessly in areas covered by WLAN). The fully supported service is free of charge (*).

The JANET Roaming service now comprises 97 registered organisations enabling the service to be offered at locations across the whole of the UK and through our membership of the international eduroam federation in many countries around the world. JANET Roaming provides the solution for JANET organisations wanting to offer high quality network services for visitors by facilitating authenticated guest logon without IT Support workload. Visitors to JANET-connected sites can experience quick, simply authenticated and secure access to full JANET network services, enabling access to the Internet, home organisation networks via VPN, web mail etc., and permitted resources on the visited site network.

Why implement JANET Roaming - is it for my organisation?

 

JRS News - October 2008: News - End user interest: The JRS location maps have been upgraded - now with place names! Follow the link at the top of this page. We have also introduced new maps for Edinburgh, Greater London and Cental London as a result of the high density of JRS sites in these areas. News - JRS IT administrator interest: IPv6 on the NRPS and JRS Support servers - whilst the essential JRS infrastructure continues to operate on IPv4, connection to JRS is now possible using IPv6. If you are interested in this please contact JSD to make an enquiry. New index and entries in the Technology/FAQs section - an index has been introduced into the Technology/FAQs page to help guide readers to the required content. Recent additions to the page include JRS usage figures, ORPS RADIUS platform stats and guidelines on upgrading FreeRADIUS to v 2.0.x. Follow the link at the top of this page. New Simulated Visitor Test on JRS Support Server - this new test has been added to the JRS Support site. By using a test user with the format [your realm]@eduroam.ac.uk and the password of your JRS test account you can check that authentication requests are properly proxied to remote visitors' organisations via the JRS infrastructure. Update on Xsupplicant Development OpenSea has released a new update of XSupplicant 2.1.X development version - 2.1.5 now available (11/11/2008) more. Just published - for JRS IT administrators: Using Certificates Issued by the JANET SCS with MS IAS (Word) pdf version FreeRADIUS v2.0.2 Implementation to support JANET Roaming service at the University of Sussex IEEE 802.1X Implementation at JANET-Connected Organisations Inter-NREN Roaming Infrastructure & Service Support Cookbook 2nd Edition (pdf) Produced and published by GEANT2   Recommended reading: For end users: JANET Roaming User Guide (pdf) For IT managers: JANET Roaming Management Briefing and Business Case (pdf) For JRS IT administrators: Roaming - what does it really mean and how can you use it? Proceedings of the one day event held at Trinity House 15/11/20006 JANET Roaming Deployment Guide (pdf) A Case Study in Complying with the JRS Technical Specification at Bristol University (pdf) JANET Roaming Technical Specification (doc) (pdf) For further documents see Documentation page   Update on the 802.1x supplicant GUI development The Open1X group is pleased to announce the release of Xsupplicant 2.1.5 development version (11/11/2008) which follows the previous version released on 16/10/2008. This update includes fixes for various bugs and adds a new feature of EAP-FAST support, adding to the support for EAP-SIM and EAP-AKA included in 2.1.4.  Please see the release notes and change log on the OpenSEA website for more information.  JANET(UK) is collaborating with the OpenSEA Alliance on an initiative to deliver an open-source IEEE cross-platform 802.1x supplicant. The aim is to produce an open source supplicant to resolve the issue of the lack of a comprehensive supplicant, particularly for Windows operating systems. 2.1.3, released 30/06/08 built on the advances made in the previous 2.1.1 development version which included some major new features, a better user interface and some of the underlying engine was changed to allow better operation of the software across a range of machines. 2.1.3 included an almost complete redesign of the user interface which provided a lot of features that made the supplicant easier to use. Among them was a configuration wizard, an "at-a-glance" list of available SSIDs, and a quick connect option from the tray icon. With version 2.1.1 included a number of significant new features. Firstly, support for EAP-GTC has been added - in the test environment, success has been achieved with PEAP-GTC authentication using RSA SecurID tokens. Secondly, network prioritisation has been included - the supplicant will now try to automatically connect to the best network that is currently available. Thirdly, the ability to have the supplicant disconnect the sessions when the user logs off is now available. Fourthly, opportunisitic key caching has been introduced. (This is sometimes also called Proactive Key Caching). This will allow the supplicant to roam to new access points in a shorter amount of time, since a reauthentication may not be needed. And last, but certainly not least, is removal of the reliance on WMI. This last feature is something that most people won't notice, but, if you had problems running the older supplicant versions, this change will probably resolve those problems. With release of XSupplicant 2.0.0, development on the "SeaAnt" branch was frozen and all new development is now taking place on the next release with its code named "SeaBadger". Additional versions of 2.0 are expected, but they will only be bug fix releases, there will be no additional functionality added to 2.0. In June 2008, 2.0.x was updated to v 2.0.1 with some bug fixes. This version is considered stable for use by the test group, but it can not yet be considered ready for general release. Going back in time, there were a couple of new features added between the 1.9.8 release and the 2.0 release. They were generally small additions that addressed usability and clarity issues. Some of these additions include a plug-in that can be used to gather data to help OpenSEA solve problems that people may have. By right-clicking the tray icon, you can now select "Create Trouble Ticket". This will create a zip file that contains information that you should attach to any bugs that get filed. Another addition is the ability to import trusted root certificates in to the proper certificate store, and some fixes to how certificate chains are handled. A significant number of wireless utilities have also been added.   Up to date info on the progress and development of the GUI will be available through the DOT1X jiscmail list and any input is greatly valued. Further information. XSuppliance 2.0.1 is available foc here: http://open1x.sourceforge.net/

 

On this page:

• Just published / news box
• Enquiries
• Background
• What is JANET Roaming and what does it provide
• The business case for implementing JANET Roaming
• What's involved
• Who is JANET Roaming for
• The difference between JANET Roaming and Shibboleth
• Where is JANET Roaming available
• Joining
• E-mail discussion list for technical and service issues
• How do individuals get to use JANET Roaming / Using JANET Roaming
• Development of the OpenSEA 802.1x supplicant
• Further information
• Associate JANET web pages

 

Enquiries

General enquires about the service - features and benefits, service details; please contact JANET Service Desk e-mail:service @ja.net or e-mail the service manager directly.

 

JANET Roaming - The Need

• Visitors to JANET sites want authenticated, secure AND easy access to full network connection - home networks, Internet and permitted areas of host network
• JANET sites want to provide visitor access logon without IT Support workload

The Solution

• JANET Roaming - enables logon using own username and password regardless of location

Background

As demand for visitor network access at JANET connected organisations has increased and will continue to do so, the need has grown for an infrastructure to reduce the administrative burden faced by local IT staff in setting up guest accounts and to provide hassle free guest access for visitors. The solution is the JANET Roaming Service which provides this facility and which will in turn help effective collaboration on research and academic projects.

 

What is JANET Roaming and what does it provide

Benefits for the user:

• Network access at all participating organisations - worldwide
• No need to get a guest account set up at every organisation visited
• Same username and password regardless of location
• Guaranteed access to broad set of services (Internet, e-mail, VPN protocols)*
• Free at point of use
• Info:
  • Getting to use JANET Roaming
  • Where JANET Roaming is available

Benefits for the network manager:

• Facilitates setup of JANET-compliant network facilities for visitors
• Removal of administrative burden of guest account setup
• Sets common security standards and enables traceability
• Fully supported JANET service

JANET Roaming developed from the Location Independent Networking (LIN) concept for providing simple authenticated independent network access for visitors to JANET connected organisations. It comprises an infrastructure to enable guest users to use their own home network registered user credentials (eg. username@foo.ac.uk and home password) to gain authenticated independent network access at participating organisations, without any administrative burden or added complexities - both for the user and the local IT staff.

(*) Since the service guarantees the availability of a wide range of protocols, the guest user can use whatever remote access facilities are provided by their own organisation and whatever facilities are offered by the visited organisation.

Why authenticate guest users onto the network (pdf)

 

Why not implement JANET Roaming - since 802.1x may well be part of your security strategy

The utilisation of 802.1x is in many cases the sensible solution when enhancing security on a network and in many cases will be a cornerstone of a secure wireless network. Having installed a RADIUS server for this purpose, most of the work will have been done on the path to implementing JANET Roaming. Introduction of JANET Roaming is then a small step and will provide a valuable service to users and visitors.

With support for 802.1x reaching ubiquity among networking equipment manufacturers, the standard is now gaining widespread acceptance - giving cautious IT departments hope that a workable solution for locking down ports through dynamic access control may finally be a reality. The last remaining barrier to adoption for many organisations is simply overcoming the 802.1x learning curve. There is much material on this web site that should help with this.

 

The business case for JANET Roaming

JRS Management Briefing and Business Case (pdf) - an overview of the JANET Roaming Service for IT managers at JANET connected organisations together with the business case for implementation.

 

What's involved

The service is free at the point of use; participating organisations have to provide and set up a RADIUS server which references the JRS National RADIUS Proxy Server network.Visitor user setup involves a one-off configuration of their laptop and input of host network SSID in order to achieve independent JANET network access from the visited organisation and (depending upon home network remote access systems) access to their home networks. All this is achieved without any administrative burden or added complexities for either the guest user or the local host network IT staff, once the system has been implemented.

It is recommended that the remainder of the information on this introductory page should be assimilated, however to jump to the in-depth implementation guide - click here and for joining instructions - click here.

 

Who is the JANET Roaming service for

JANET Roaming is available for any JANET customer organisation and their registered users - universities and colleges as well as research organisations and other academic bodies. The organisations which will benefit the most are those with a large base of users who roam to other academic locations or those organisations which are frequently engaged in providing guest network access to large numbers of visitors. The range of organisations to which the service can be provided is not technically limited to academia/research and may be extended in the future.

 

The difference between JANET Roaming and Shibboleth

JANET Roaming and Shibboleth are complementary technologies that provide solutions to two different objectives. Roaming provides network access via single username and password. Once network access has been achieved, Shibboleth provides controlled access to restricted online resources (such as journals and media content) through a central authentication and authorisation infrastructure.

 

Where is JANET Roaming available

JANET Roaming is part of the eduroam federation (www.eduroam.org) in which the UK, 22 other European countries, Australia and Taiwan have collaborated to provide international peered RADIUS proxy authentication facilities.

UK organisations currently participating in the service:

• England
• Scotland
• Wales
• Northern Ireland

 

Joining

To underpin the service and to support organisations joining and participating in the scheme, a comprehensive, fully resourced support structure has been put in place which provides:

• Pre-deployment support – planning and selection of RADIUS server hardware and software and supplicant systems
• Technical support during implementation
• Post-implementation support on technical issues
• Dedicated JANET Roaming support web site for participants only
• Dedicated e-mailing list for technical and service announcements
• A chargeable consultancy service
• Comprehensive technical and promotional documentation
• JANET Roaming availability map showing where and how JANET Roaming can be used

Promotional material is available to help with the following:

• Assistance of organisations in general advertisement of the service at their campuses
• Advertisement of the specific locations at which JANET Roaming is available on their networks
• Education of staff and student userbase about the benefits and usage of the service

Organisation Application to Join JANET Roaming

 

JANET Roaming technical issues and service discussion e-mail list

• A JISCmail JANET-Roaming mail list has been set up which all interested parties are invited to join

 

How do individuals get to use JANET Roaming

Your organisation must be a participant in JANET Roaming or eduroam. If this is not the case why not ask your IT department about joining? Registered users with network logon accounts at participating organisations should visit the JANET Roaming service web pages at their home organisation - details of which can be found by hovering over the city blobs on the Participating Organisations Map. Users should also consult their home IT Support department for one-off setup of their laptops prior to travelling to Visited sites supporting the JANET Roaming service. They will also be able to learn what facilities at the Home Organisation site are offered for remote access from Visited Organisations, (eg. e-mail, VPN). Using JANET Roaming more..

 

Development of new cross-platform GUI 802.1x supplicant

JANET(UK) is collaborating on a new initiative to deliver an open-source IEEE 802.1X supplicant. The initiative builds on JANET(UK)'s technology partnership with the OpenSEA Alliance, formed by leading networking and security companies including Extreme Networks, Identity Engines, Infoblox, Symantec Corporation, TippingPoint, and Trapeze Networks. Aruba Networks and Hewlett-Packard have now joined as promoter members. For details, please see the full press release.

This initiative follows the debate that took place at Networkshop34. The bof session at Networkshop34 proved to be very popular - JANET(UK) has been considering an open source approach to resolving the problem which relates particularly to the lack of a comprehensive supplicant for Windows operating systems.

For those who did not attend, the three options were: to develop wpa_supplicant, enhance secureW2, or go with an Open Source option with the OpenSEA foundation formed by a US company, idEngines, who are porting the xsupplicant code base to a Windows platform. The latter was considered to be the best of the three options. A demo release was available May/June 2007 which was followed by ongoing development. after a number of releases and version updates, with the release of XSupplicant 2.0.0 the product can now be considered sufficiently stable for use. Development on the "SeaAnt" branch of the supplicant has been frozen and all new development will now be taking place on the next release with it's code named "SeaMonkey".

Shortly after the start of the project there was a call for volunteers to trial the supplicant once this became available in the beta phase. Loughborough, Bristol, Oxford Brookes, Swansea, Liverpool, Southampton and Edinburgh universities and STFC Daresbury Laboratory applied and are trialing the XSupplicant. Interest from further organisations wishing to participate is welcomed: please contact the JANET Roaming service manager jrs@ja.net.

All the development requests for the GUI have been recorded and considered.Up to date info on the progress and development of the GUI will be available through the DOT1X jiscmail list and any input is greatly valued.

Development news archive:

The 1.9.7 development release was placed on sourceforge at the end of November 2007 with 1.9.8 available in December. Along with the usual set of small bug fixes, there are a couple of new things worth pointing out. First, the supplicant runs properly on Windows XP Home now. Second, the supplicant handles hidden networks better now. (Specifically, hidden networks using WPA and WPA2). Last, but not least, there have been some changes to the way that logging is handled. The UI now has a limit to the number of lines that it keeps in memory. For disk based logs you can set a size cap on them. When they reach that cap, they will be rolled. The number of rolled logs to keep on the system can also be controlled now. Version 1.9.8 marked the significant development hereby you can use ANY root CA certificate now - even if it doesn't have the special attributes that the Microsoft supplicant requires. The on-line help file has also been finished.

The previous development release, 1.9.6, introduced the capability of authenticating against the Windows 2003 IAS.

XSupplicant version 2.0.1 was released on 5/02/2008. This release fixes bugs that have been found since the 2.0.0 release. It does not contain any new features. 

More archive info at: http://open1x.sourceforge.net/

Further information is also available on the JANET Development pages.

 

For in-depth information on JANET Roaming see:

About JANET Roaming

 

External Links - associated topics

• AARNET (Australia) eduroam website
• UNINETT (Norway) eduroam website

• JISC LICHEN Project: JRS - Shibbolith
• Geant2 unified Single Sign-On (uSSO)
• GEANT2 Roaming and Authorisation

Any problems, comments or suggestions regarding this page, please e-mail the JANET Roaming service manager.