Service Description

eduroam Managed SP enables eligible institutions to outsource the technical setup of the roaming uplink functions in an eduroam SP to the eduroam Operations Team. eduroam SP administrators use the service instead of a local RADIUS infrastructure. A unique selling point of this service is that the typical limitation of being required to have a static IP address is waived - eduroam SP Wi-Fi infrastructure can be managed by the system even on IP connectivity with changing IP addresses (e.g. DSL, mobile networks).

The service includes:

  • web-based user management interface where eduroam SP deployment details can be created and deleted;
  • web-based institution management interface where institutions are enabled or disabled to use the service;
  • technical infrastructure ("RADIUS") which accepts RADIUS/UDP requests independently of client IP addresses, processes them according to eduroam Service Definition best practices, and forwards them to eduroam IdPs via the established eduroam roaming infrastructure.

The aspects of eduroam SP operation beyond the RADIUS uplink remain in the responsibility of the eduroam SP administrator, and are subject to the eduroam Service Definition as usual. This includes (but is not limited to) local logging of IP leases to MAC addresses in the Enterprise Wi-Fi session, having sufficient Wi-Fi coverage, and making sure the IP uplink works within expected parameters.

Users

eduroam Managed SP is a multi-level multi-tenant system with several stakeholder groups:

eduroam National Roaming Operator (NRO) administrators

eduroam NRO administrators recruit R&E institutions in their NRO region. They offer eduroam Managed SP to these institutions, and enable them to use the service using the NRO's web-based institution management interface. The service offers multi-tenancy on this level, meaning that each NRO has its own compartment in the system - an NRO administrator only sees his own institutions, and can manage his own NRO's properties and subscription. The number of NRO-level tenants is limited by the number of DNS country-code top-level domains on the planet. I.e. there is no discrimination between GEANT partner NRENs and other NROs.

eduroam institution administrators (SPs)

eduroam SPs, once invited by their NRO, enroll to the service to provision, modify and remove their Wi-Fi deployments from eduroam. They do this on a non-technical level using a web interface. At the end of the process, they receive an IP address, port number and shared secret to connect to with their local Wi-Fi infrastructure.

The service also provides multi-tenancy on this level, here meaning that the SP admin has an own compartment for the organisation in the system - only the own institution is seen and can be managed.

Contacts


Paul Dekkers Stefan Winter

eduroam NROs are providing the L1 support to the eduroam SPs.

NROs participating in eduroam Managed IdP are encouraged to subscribe to cat-users@lists.geant.org as a more direct channel to the development team. help@eduroam.org is first level contact provided by GEANT, and primarily targeting eduroam SPs who did not find a solution with their NRO.

In case of technical problems with the service itself, a "Message of the Day" (MOTD) is displayed on the web interface front page, immediately visible to both NROs and eduroam  SP administrators.

 eduroam-ot@lists.geant.orgeduroam OT has direct links to development team

Service Delivery Model

The service is delivered as a multi-level, multi-tenancy service as described above in "Users". It consists of a web service with ancillary systems in the background as described in the beginning of this page.

Service Elements

Service elements are described on the Operational Requirements page. All technology and software is developed in-house.

Cost Benefit Analysis (CBA)

Provide URL to the last valid CBA.

  • No labels