Parallel session c:Mobility

Chair: Mark O'Leary

SPONSORED BY

Please switch your mobile phones to silent

17:30 - 19:00

No fire alarms scheduled. In the event of an alarm, please follow directions of NCC staffExhibitor showcase and drinks reception

18:00 - 19:00

Birds of a feather sessions

govroamDavid Hayling, University of Kent

The UK’s European university

govroam

David Hayling

• Location Independent Networking (LIN)

govroam | David Hayling

• early life eduroam

govroam | David Hayling

• eduroam widespread adoption

govroam | David Hayling

• eduroam – the trusted service

govroam | David Hayling

• establishing trust

govroam | David Hayling

• trust - the shared service enabler

govroam | David Hayling

• educating GDS to the merits of eduroam

govroam | David Hayling

• XXXroam

govroam | David Hayling

• KPSNroam

govroam | David Hayling

• psnroam

govroam | David Hayling

• govroam

govroam | David Hayling

• trust, collaborate, …

govroam | David Hayling

• trust, collaborate, … roam

govroam | David Hayling

www.kent.ac.uk

jisc.ac.uk

David HaylingUniversity of Kentd.hayling@kent.ac.uk

From a Reactive to Planned

Wi-Fi Service Improvement

Jamie Lee, Goldsmiths

02/05/2023

Themes

»Where the Goldsmiths Journey Started?»The First Wave»A Second Wave and the Reactive Sprawl»Service Improvement»Planning for Capacity and Growth»Benefits and What Next?

From a Reactive to Planned Wi-Fi Service Improvement

02/05/2023

Where the Goldsmiths Journey started

»25 Cisco 1200 series placed in “key” areas of the campus

»Individually managed»Hot spots map published

»A poor roaming experience

»Support overheads»Low visibility of the

serviceFrom a Reactive to Planned Wi-Fi Service Improvement

The result was

02/05/2023

The First Wave

»Single Master Controller»64 AP licenses increasing to 128»FreeRadius 2.1.x integrated with Open LDAP »Provides some NAC capability»Use of Wi-Fi increasing as are demands»Cisco AP’s coexist increasing complexity

Aruba 3600 Wi-Fi Controller with Freeradius Servers

From a Reactive to Planned Wi-Fi Service Improvement

02/05/2023

A Second Wave and the Reactive Sprawl

»Implemented ClearPass 2.2 and integrate with AD

»Introduced two local controllers and 200 additional AP’s

»Stabilised core network across campus

»AP licenses converted to pool

Networks Overhaul begins »ClearPass servers soon

reach capacity»Wi-Fi in halls decision

made after the overhaul»Access points deployed

ad-hoc upon request»Incidents on the help

desk continue to increase

The Growing Pains continue

From a Reactive to Planned Wi-Fi Service Improvement

02/05/2023

Commitment to Aruba - HPE

»Gartner clients report a high degree of satisfaction with Aruba's ClearPass, which provides guest access, device profiling, posture assessment, onboarding and more. »HPE offers free technical support in business hours for three years on most Aruba switches (24/7 for 90 days).

The Gartner Magic Quadrant

From a Reactive to Planned Wi-Fi Service Improvement

Source: Gartner 2016

02/05/2023

Service Improvement

»Procured campus wide passive and predictive survey that:› Identified areas of channel overlap and poor coverage

› Identified high density areas and coverage shortfall

›Located and recorded 3rd party Wi-Fi networks»The survey was used in procurement for the next phase

»Replaced controllers with wave 2 capable versions

»Introduced Aruba ClearPass to replace Freeradius

How we approached the Wi-Fi service improvement

From a Reactive to Planned Wi-Fi Service Improvement

02/05/2023

Planning for Capacity and Growth

»Approach new and refurbished locations with a Wi-Fi first view

»Separate security zones for roles so access is managed securely.

From a Reactive to Planned Wi-Fi Service Improvement

02/05/2023

Realising the Benefits

»686 Access Points now installed

»86% less help desk calls comparing period before and after the latest improvements.

»Secure yet flexible mobility

»An improved student and staff experience

»A solid platform for future growth

The Results

From a Reactive to Planned Wi-Fi Service Improvement

02/05/2023

Lessons Learned and Next Steps

»Active survey might have realised further benefits

»No management tool to measure the effectiveness of the service improvements

»eduroam Template in ClearPass needs improving

»Audit Apps that use the Wi-Fi

Lessons Learned»Implement Airwave to

make further service improvements

»Contain 3rd party Wi-Fi»VoIP over Wi-Fi, IPv6»Full 802.11ac rollout»Feasibility for tools such

as beacon and Skyfii for analytics

Next Phases

From a Reactive to Planned Wi-Fi Service Improvement

02/05/2023

Sources and links

»https://www.gartner.com/document/3426431?ref=ddisp&refval=3439518

»http://www.arubanetworks.com/products/networking/

»http://skyfii.io/vertical/education/

From a Reactive to Planned Wi-Fi Service Improvement

02/05/2023

Thank you for listening

From a Reactive to Planned Wi-Fi Service Improvement

02/05/2023

Questions?

From a Reactive to Planned Wi-Fi Service Improvement

jisc.ac.uk

02/05/2023

My Details

Jamie Lee

IT Infrastructure Managerj.lee@gold.ac.uk, @JamieLee_Gold

From a Reactive to Planned Wi-Fi Service Improvement

Goldsmiths, University of London

eduroam support portal changes V2

Edward Wincott, JiscNitev Mitev, eduroam UK technical support, Jisc

pre-NWS44 eduroam seminar 2016

»Replacement of Roaming2»Proactive contact with members to address issues

»Revision of technical specification»Development and deployment of Service Provider Assurance Tool

»Replacement of support server – new platform new features

02/05/2023 eduroam support portal changes V2

Achievements 2016 - today

» Replacement of Roaming2› New R93o dual function server

deployed VM machine for Roamingo and New Support

› RedHat 7.3; marked performance improvement. Baseline response time from European monitor reduced from 1.4sec to 1.1sec

› Roaming2 will be replaced 3 and 4th May (Decommission Old Solaris VM in Manchester Replacement R2 deployment in Slough data centre

02/05/2023 eduroam support portal changes V2

02/05/2023

Achievements 2016 - today

» Proactive contact with members to address issues› Ongoing…regular e-mails

» Revision of Technical Specification› Version 1.4 released 14 July 2016

» Development + deployment of Service Provider Assurance Tool› Version2 now being rolled out to

community – BoF session at 18:00 theatre 3

» Replacement of Support server› New platform new features› Now in beta

eduroam support portal changes V2

jisc.ac.uk

Except where otherwise noted, this work is licensed under CC-BY-NC-ND

Edward Wincott

eduroam (UK) service manageredward.wincott@jisc.ac.uk01235 822378

eduroam support server v2

Nik Mitev, eduroam UK Technical Support, Jisc

02/05/2023

A year of intensive coding

»First presented at last year’s NWS › ideas and static pictures

»One year later, we have a working site › with beta test users

› An outline of the most important changes

and improvements followseduroam support server v2

02/05/2023

Layout overview

»Three categories of content› Status overview› Configure› Troubleshoot

»User menu»Card specific help»Pending change

notification»Service request form»Links to policy

documentseduroam support server v2

02/05/2023eduroam support server v2

Monitoring – active tests» EAP authentication tests

› All realms› All servers› All authentication methods› IPv4 and IPv6› Support for blank username› CUI reply

» DNS (A, AAAA)» ICMP» Status-Server

» DNS (NAPTR)» SMTP» eduroam service page

Every 30 min – weighted severity

Every 24 hours

02/05/2023

Passive monitoring

» Logs are now parsed in real time» Error detection

› Loop detection› Invalid shared secrets› CSI› Operator-Name› Timeouts› Leaked VSAs› ICMP DU/TE

» Graphing

eduroam support server v2

02/05/2023eduroam support server v2

Monitoring – presentation

»RADIUS servers card› ORPS related issues

»Status summary card› All detected issues› Available to the public

(only Err & Warn)› More summarisation is

on the ToDo list

02/05/2023

Configuration» ORPS

› Copy shared secrets between ORPS› Status-Server setting verification› Instant DNS check

» Organisation settings› Simplified service configuration› Multiple auth methods› Instant eduroam URL check

» Realms› Per-realm test account

» Accounts› Individual accounts› Read only accounts

» Pending change notification

eduroam support server v2

02/05/2023

Troubleshooting» Testing

› Tests run directly on NRPS› Target specific ORPS› IPv6 support› Multiple realms› CUI requests

» Quick reference› Filtered by ORPS platform

» Logs› Parsed in real time› Search› Download› 30 days history› Admin (configuration) logs

eduroam support server v2

02/05/2023

Beta testing

»Existing credentials work»Feel free to use › (Changes have no effect on your eduroam service)

»Built-in help available»Suggestions welcome

eduroam support server v2

02/05/2023

The road ahead

»Hope to bring into live service soon› Migration code and procedure› Bug fixes› Roaming2 upgrade

»Further development› Great flexibility› Open source (hopefully)› Written in perl (Dancer2, Template Toolkit)› Localisation and wider adoption

eduroam support server v2

jisc.ac.uk

02/05/2023

Nik Mitev

eduroam UK Technical Supportkeybase ID: nikmitnik.mitev@jisc.ac.uk

eduroam support server v2