The development of managed eduroam SP started in January 2019 under GN4-3 project, by eduroam development team in WP5. During the course of the project, the eduroam development team was working closely with NRO community and has developed the service prototype. By the end of 2020, it is planned to prepare for running service pilot and completing the PLM gate to transition to pilot. The information in this page is meant to capture all aspects of preparing for the pilot and needed for making the decision.
What kind of pilot are we running:
It will be limited audience - up to 10 participants that we will invite and manage.
Technically we need to run this on stabile IP address. Two locations in Europe would be preffered. - for HA of the service. We can ask for 2 locations from GEANT IT
Logging usage information: we will now how many institutions are using, we cannot know who much wifi hotspots are connected. There is possibility to collect stats for number of auths.
We want to have it as "at no additional cost" service, and NROs that want to rely on it at a greater scale and have tighter control can deploy national solutions.
Think about global model - operators at regional level. - think about this for production.
The transition of the service to pilot generally consist of the subset of the following areas of work (the full list here is relating to production operations):
- Documentation preparation and signoff
- Test and Validation
- GDPR compliance checking
- IPR compliance checking
- Operational team establishment
- Operational team training
- Support team establishment
- Support team training
- Operational deployment
- Service promotion
Teams/people:
- T&I service portfolio guardians: Maarten Kremers Marina Adomeit
- Service owner: Paul Dekkers
- Development team: Stefan Winter
- IPR and GDPR accountable: GEANT DPO gdpr@geant.org
NOT RELEVANT FOR PILOT
IN PROGRESS
DONE
No | Work item | Responsible | Comment | Status | Start date | End date |
---|---|---|---|---|---|---|
1 | Preparation of documentation | |||||
Service Description | -Development team prepares -SO signs off | Need to prepare high level service description | DONE Stefan Winter to review documentation from the pilot and update if needed - SW: Updated | |||
Service policy (Terms of use, SLA) | -Development team prepares -SO signs off | Write at the UI that this is pilot and there is no SLA guaranteed. | do we promise something for production? | |||
Branding and Visibility | -Development team prepares -SO signs off | we want to co brand it to eduroam hosted services | need to go through the branding and sites to make the changes | |||
Operational Requirements | -Development team prepares -SO signs off | We should document what are ops requirements for running pilot (see eduroam managed SP Operational Requirements) | Paul Dekkers Stefan Winter to update - SW: Updated | |||
OLA | -Development team prepares -SO and GEANT T&I operation support/Core team sign off | not relevant for pilot (example for production later eduroam Managed IdP OLA) | Paul Dekkers Stefan Winter have a look to existing one and try to make it eduroam Hosted services. | |||
Operational documentation | -Development team prepares -SM signs off, test team can validate | Tomasz and Maja through eduroam-OT are the ops team. Documentation not relevant for pilot ( example for production later Dev team prepared this in the corresponding Wiki page) | ||||
Operational processes | -Development team prepares -SM signs off, test team can validate | not relevant Service order is done through the UI Service support is the same like for eduroam supporting services. | ||||
User documentation | -Development team prepares -SM signs off, test team can validate | DONE Stefan Winter to update - SW: Updated | ||||
User support | -Development team prepares -SM signs off, test team can validate | We dont need anything special for pilot as we will work with a defined group of pilot participants directly | ||||
GDPR - data inventory, privacy notice, DPA | -Development team prepares -SO and T&I service portfolio reviews -GDPR accountable signs off | eduroam privacy notice was updated to reflect the changes of eduroam managed SP, and was approved by GEANT DPO eduroam Privacy Notice - Changes for Managed SP | | |||
2 | Test and validation | |||||
Make a test plan | Development team and Test team prepares | We dont need to do code review for the pilot, but it is a good idea to do test the code during the pilot, as preparation for production Stefan Winter initiated the scans with Marcin Wolski . It was agreed to do the code scan in second half of 2021 | DONE | |||
3 | IPR compliance checking | |||||
IPR compliance | IPR accountable Route the request through GEANT T&I operation support/Core team | White source review was done by the WP9 team Results are available to WP9 team, WP5 lead and eduroam team and to GEANT IPR person https://app-eu.whitesourcesoftware.com/Wss/WSS.html#!product;id=78288 Based on the results, GEANT IPR has signed off the IPR compliance check. | DONE | |||
4 | GDPR compliance checking | GDPR accountable | ||||
Data inventory and mapping | Data inventory and mapping were updated | was done for the pilot, check the policy. same considerations as for the radius proxies Marina Adomeit | ||||
Update the privacy notice and DPA | eduroam privacy notice was updated to reflect the changes of eduroam managed SP, and was approved by GEANT DPO eduroam Privacy Notice - Changes for Managed SP | DONE - check it but it shoudl have been done Marina Adomeit | ||||
5 | Operational team establishment | |||||
Appoint service manager | Operations accountable | It comes under the eduroam service family and existing service owner. Paul Dekkers | DONE | |||
Define roles, skills, manpower needed | Development team | production will be supported by the eduroam-OT and dev team | DONE | |||
Appoint operational team members | SM | Maja and Tomasz. Paul will check if they want to continue. Srce maintains the Ops system | ||||
6 | Operational team training | |||||
Training the operational team | Development team prepares eduroam-OT is trained | Not needed. | NOT RELEVANT FOR PILOT | |||
7 | Support team establishment | |||||
Establish the support team | Pilot doesn't need dedicated support team - dev team will work with limited pilot participants | |||||
8 | Support team training | |||||
Training of the support team | Development team prepares eduroam-OT is trained | Not needed. | ||||
9 | Deployment in production | |||||
Monitoring set up | eduroam-OT | Done by SRCE. There is one monitoring port that is set up. | double check with dragan if it is in place | |||
Back-up and restore | eduroam-OT | done with the same tools like for cat, encrypts and sends to AWS | double check with dragan if it is in place | |||
VM provision | GEANT T&I operation support/Core team | Production - GEANT VM is not the most reliable. We need to add another at another place Amazon or an NREN such as SURF to be determined. | ||||
Installation of the components | eduroam-OT | Stefan, Tomasz, Maja Radius servers will need to be deployed in the second location. | ||||
10 | Service Promotion | |||||
Web site update | Need to change the branding to the eduroam hosted service. Add it under eduroam tools remove the page https://eduroam.org/eduroam-managed-idp/ and adapt it to hosted tools | TO DO | ||||
Add the service to the partner services portfolio | check if we need this kind of granularity | |||||
Contact the people/NRENs who took part in the infoshare to update them on service availability | ||||||
Update eduroam flyer with the managed service element | ||||||
Slide deck for Partner Relations | SO | |||||
Article for CONNECT | ||||||
Launch announcement in Tryfon's weekly email when reached | SO/Development team | |||||
Write géant blog | SO/Development team | |||||
Webinar / infoshare | ||||||
Promotion via the eduroam-SG, by the service manager | SO | |||||
11 | PLM Documentation | |||||
CBA | Development team and T&I service portfolio guardians | Marina Adomeit to check if there is template | Marina Adomeit to update for production |