About JANET Roaming | Maps of where you can use JRS eduroam

Using JRS | Documentation | Technology/FAQs | Technical Support | How to Join

The JANET Roaming service provides eduroam in the UK which enables network logon anywhere using own username and password regardless of location (at participating organisations from guest workstations or wirelessly in areas covered by WLAN). The fully supported service is free of charge (*).

The JANET Roaming service now comprises 86 registered organisations enabling the service to be offered at locations across the whole of the UK and through our membership of the international eduroam federation in many countries around the world. JRS provides the solution for JANET sites wanting to offer high quality network services for visitors by facilitating authenticated logon without IT Support workload. Visitors to JANET sites can experience quick, simply authenticated and secure access to full JANET-connected network services, enabling access to the Internet, home organisation networks via VPN, and permitted areas and services on the visited site network.

Why implement JANET Roaming - is it for my organisation?

 

Just published: IEEE 802.1X Implementation at JANET-Connected Organisations Inter-NREN Roaming Infrastructure & Service Support Cookbook 2nd Edition (pdf) Produced and published by GEANT2   Recommended reading: JANET Roaming User Guide (pdf) JANET Roaming Management Briefing and Business Case (pdf) JANET Roaming Deployment Guide (pdf) A Case Study in Complying with the JRS Technical Specification at Bristol University (pdf) JANET Roaming Technical Specification (doc) (pdf) Roaming - what does it really mean and how can you use it? Proceedings of the one day event held at Trinity House 15/11/20006 For further documents see Documentation page   News: Update on the 802.1x supplicant GUI development The Open1X group is pleased to announce the release of XSupplicant 2.0.0 version (14/12/2007). The 2.0.0 release marks the point that it is considered stable for use by the test group, but it can not yet be considered ready for general release. JANET(UK) is collaborating with the OpenSEA Alliance on an initiative to deliver an open-source IEEE cross-platform 802.1x supplicant. The aim is to produce an open source supplicant to resolve the issue of the lack of a comprehensive supplicant, particularly for Windows operating systems. With release of XSupplicant 2.0.0, development on the "SeaAnt" branch has been frozen and all new development will now be taking place on the next release with it's code named "SeaMonkey". Additional versions of 2.0 are expected, but they will only be bug fix releases, there will be no additional functionality added to 2.0. That said, there were a couple of new features added between the 1.9.8 release and the 2.0 release. They were generally small additions that addressed usability and clarity issues. Some of these additions include a plug-in that can be used to gather data to help us solve problems that people may have. By right-clicking the tray icon, you can now select "Create Trouble Ticket". This will create a zip file that contains information that you should attach to any bugs that get filed. Another addition is the ability to import trusted root certificates in to the proper certificate store, and some fixes to how certificate chains are handled. A significant number of wireless utilities have also been added. The 1.9.7 development release was placed on sourceforge at the end of November with 1.9.8 available in December. Along with the usual set of small bug fixes, there are a couple of new things worth pointing out. First, the supplicant runs properly on Windows XP Home now. Second, the supplicant handles hidden networks better now. (Specifically, hidden networks using WPA and WPA2). Last, but not least, there have been some changes to the way that logging is handled. The UI now has a limit to the number of lines that it keeps in memory. For disk based logs you can set a size cap on them. When they reach that cap, they will be rolled. The number of rolled logs to keep on the system can also be controlled now. Version 1.9.8 marked the significant development hereby you can use ANY root CA certificate now - even if it doesn't have the special attributes that the Microsoft supplicant requires. The on-line help file has also been finished. The previous development release, 1.9.6, introduced the capability of authenticating against the Windows 2003 IAS. XSupplicant version 2.0.1 was released on 5/02/2008. This release fixes bugs that have been found since the 2.0.0 release. It does not contain any new features.  Up to date info on the progress and development of the GUI will be available through the DOT1X jiscmail list and any input is greatly valued. Further information. XSuppliance 2.0.1 is available foc here: http://open1x.sourceforge.net/

 

On this page:

• Just published / news box
• Enquiries
• Background
• What is JANET Roaming and what does it provide
• The business case for implementing JANET Roaming
• What's involved
• Who is JANET Roaming for
• The difference between JANET Roaming and Shibboleth
• Where is JANET Roaming available
• Joining
• Associate JANET web pages
• Announcements and discussion list
• How do individuals get to use JANET Roaming / Using JANET Roaming
• Development of the OpenSEA 802.1x supplicant
• Further information

 

Enquiries

General enquires about the service - features and benefits, service details; please contact JANET Service Desk e-mail:service@ja.net or e-mail the service manager directly:jrs@ja.net

 

JANET Roaming - The Need

• Visitors to JANET sites want authenticated, secure AND easy access to full network connection - home networks, Internet and permitted areas of host network
• JANET sites want to provide visitor access logon without IT Support workload

The Solution

• JANET Roaming - enables logon using own username and password regardless of location

Background

As demand for visitor network access at JANET connected organisations has increased and will continue to do so, the need has grown for an infrastructure to reduce the administrative burden faced by local IT staff in setting up guest accounts and to provide hassle free guest access for visitors. The solution is the JANET Roaming Service which provides this facility and which will in turn help effective collaboration on research and academic projects.

 

What is JANET Roaming and what does it provide

Benefits for the user:

• Network access at all participating organisations - worldwide
• No need to get a guest account set up at every organisation visited
• Same username and password regardless of location
• Guaranteed access to broad set of services (Internet, e-mail, VPN protocols)*
• Free at point of use
• Info:
  • Getting to use JANET Roaming
  • Where JANET Roaming is available

Benefits for the network manager:

• Facilitates setup of JANET-compliant network facilities for visitors
• Removal of administrative burden of guest account setup
• Sets common security standards and enables traceability
• Fully supported JANET service

JANET Roaming developed from the Location Independent Networking (LIN) concept for providing simple authenticated independent network access for visitors to JANET connected organisations. It comprises an infrastructure to enable guest users to use their own home network registered user credentials (eg. username@foo.ac.uk and home password) to gain authenticated independent network access at participating organisations, without any administrative burden or added complexities - both for the user and the local IT staff.

(*) Since the service guarantees the availability of a wide range of protocols, the guest user can use whatever remote access facilities are provided by their own organisation and whatever facilities are offered by the visited organisation.

Why authenticate guest users onto the network (pdf)

 

Why not implement JANET Roaming - since 802.1x may well be part of your security strategy

The utilisation of 802.1x is in many cases the sensible solution when enhancing security on a network and in many cases will be a cornerstone of a secure wireless network. Having installed a RADIUS server for this purpose, most of the work will have been done on the path to implementing JANET Roaming. Introduction of JRS is then a small step and will provide a valuable service to users and visitors.

With support for 802.1x reaching ubiquity among networking equipment manufacturers, the standard is now gaining widespread acceptance - giving cautious IT departments hope that a workable solution for locking down ports through dynamic access control may finally be a reality. The last remaining barrier to adoption for many organisations is simply overcoming the 802.1x learning curve. There is much material on this web site that should help with this.

 

The business case for JANET Roaming

JRS Management Briefing and Business Case (pdf) - an overview of the JANET Roaming Service for IT managers at JANET connected organisations together with the business case for implementation.

 

What's involved

The service is free at the point of use; participating organisations have to provide and set up a RADIUS server which references the JRS National RADIUS Proxy Server network.Visitor user setup involves a one-off configuration of their laptop and input of host network SSID in order to achieve independent JANET network access from the visited organisation and (depending upon home network remote access systems) access to their home networks. All this is achieved without any administrative burden or added complexities for either the guest user or the local host network IT staff, once the system has been implemented.

It is recommended that the remainder of the information on this introductory page should be assimilated, however to jump to the in-depth implementation guide - click here and for joining instructions - click here.

 

Who is the JRS service for

JANET Roaming is available for any JANET customer organisation and their registered users - universities and colleges as well as research organisations and other academic bodies. The organisations which will benefit the most are those with a large base of users who roam to other academic locations or those organisations which are frequently engaged in providing guest network access to large numbers of visitors. The range of organisations to which the service can be provided is not technically limited to academia/research and may be extended in the future.

 

The difference between JANET Roaming and Shibboleth

JANET Roaming and Shibboleth are complementary technologies that provide solutions to two different objectives. Roaming provides network access via single username and password. Once network access has been achieved, Shibboleth provides controlled access to restricted online resources (such as journals and media content) through a central authentication and authorisation infrastructure.

 

Where is JRS available

JANET Roaming is part of the eduroam federation (www.eduroam.org) in which the UK, 22 other European countries, Australia and Taiwan have collaborated to provide international peered RADIUS proxy authentication facilities.

UK organisations currently participating in the service:

• England
• Scotland
• Wales
• Northern Ireland

 

Joining

To underpin the service and to support organisations joining and participating in the scheme, a comprehensive, fully resourced support structure has been put in place which provides:

• Pre-deployment support – planning and selection of RADIUS server hardware and software and supplicant systems
• Technical support during implementation
• Post-implementation support on technical issues
• Dedicated JRS-support web site for participants only
• Dedicated e-mailing list for technical and service announcements
• A chargeable consultancy service
• Comprehensive technical and promotional documentation
• JANET Roaming availability map showing where and how JRS can be used

Promotional material is available to help with the following:

• Assistance of organisations in general advertisement of the service at their campuses
• Advertisement of the specific locations at which JRS service is available on their networks
• Education of staff and student userbase about the benefits and usage of the service

Organisation Application to Join JANET Roaming

 

JANET Roaming technical issues and service discussion e-mail list

• A JISCmail JANET-Roaming mail list has been set up which all interested parties are invited to join

 

How do individuals get to use JANET Roaming

Your organisation must be a participant in JANET Roaming or eduroam. If this is not the case why not ask your IT department about joining? Registered users with network logon accounts at participating organisations should visit the JANET Roaming service web pages at their home organisation - details of which can be found by hovering over the city blobs on the Participating Organisations Map. Users should also consult their home IT Support department for one-off setup of their laptops prior to travelling to Visited sites supporting the JANET Roaming service. They will also be able to learn what facilities at the Home Organisation site are offered for remote access from Visited Organisations, (eg. e-mail, VPN). Using JRS more..

 

Development of new cross-platform GUI 802.1x supplicant

JANET(UK) is collaborating on a new initiative to deliver an open-source IEEE 802.1X supplicant. The initiative builds on JANET(UK)'s technology partnership with the OpenSEA Alliance, formed by leading networking and security companies including Extreme Networks, Identity Engines, Infoblox, Symantec Corporation, TippingPoint, and Trapeze Networks. Aruba Networks and Hewlett-Packard have now joined as promoter members. For details, please see the full press release.

This initiative follows the debate that took place at Networkshop34. The bof session at Networkshop34 proved to be very popular - JANET(UK) has been considering an open source approach to resolving the problem which relates particularly to the lack of a comprehensive supplicant for Windows operating systems.

For those who did not attend, the three options were: to develop wpa_supplicant, enhance secureW2, or go with an Open Source option with the OpenSEA foundation formed by a US company, idEngines, who are porting the xsupplicant code base to a Windows platform. The latter was considered to be the best of the three options. A demo release was available May/June 2007 which was followed by ongoing development. after a number of releases and version updates, with the release of XSupplicant 2.0.0 the product can now be considered sufficiently stable for use. Development on the "SeaAnt" branch of the supplicant has been frozen and all new development will now be taking place on the next release with it's code named "SeaMonkey".

Shortly after the start of the project there was a call for volunteers to trial the supplicant once this became available in the beta phase. Loughborough, Bristol, Oxford Brookes, Swansea, Liverpool, Southampton and Edinburgh universities and STFC Daresbury Laboratory applied and are trialing the XSupplicant. Interest from further organisations wishing to participate is welcomed: please contact the JANET Roaming service manager jrs@ja.net.

All the development requests for the GUI have been recorded and considered.Up to date info on the progress and development of the GUI will be available through the DOT1X jiscmail list and any input is greatly valued.

Further information is available is available on the JANET Development pages.

 

For in-depth information on JANET Roaming see:

About JANET Roaming

 

External Links - associated topics

• AARNET (Australia) eduroam website
• UNINETT (Norway) eduroam website

• JISC LICHEN Project: JRS - Shibbolith
• Geant2 unified Single Sign-On (uSSO)
• GEANT2 Roaming and Authorisation

Any problems, comments or suggestions regarding this page, please e-mail the JRS service manager jrs@ja.net