Last updated: 
2 weeks 4 days ago
Group Manager
A place to share information on all aspects of eduroam in the UK. Follow us on Twitter @eduroamuk - for news, interest, information, photos and fun. Contents Click on item and scroll down to the selected content at the bottom of the page. Guidance document - Cost of Implementing eduroam eduroam(UK) Technical Specification Summary of Recommendations Checklist eduroam(UK) Technical Specification Summary of Requirements Checklist eduroam(UK) Technical Specification NHS and eduroam/shared use of wireless/govroam ORPS in Azure - alternatives to the use of ICMP Sending Operator Name with Cisco ISE 2.0 eduroam in Public Buildings and Spaces in City Centres TLS 1.2 and updated RADIUS requirements FreeRADIUS Packet Handling - examining the flow FreeRADIUS Best Current Practice Configuration for eduroam  Performance tweaks for RADIUS and backend authentication systems eduroam(UK) Microsoft NPS Configuration Guide v0.1 eduroam(UK) Service Provider Assurance Tool User Guide eduroam(UK) Service Provider Assurance Tool Phase2 Field Trial Feedback Improving the Reliability of NPS as an Authenticator in eduroam Advisory: Using Status Server Advisory: Use of MD5 Certificates Deprecated in Favour of SHA-1 for RADIUS servers Advisory: Windows Mobile 8 and Certificate Verification NWS41 eduroam Forum presentations - TKIP, CUI, NAPTR, QoS Probe NWS40 FreeRADIUS Demystified seminar presentation Geant Funding available Janet Lumen House eduroam Service Information UK eduroam Usage Feb 2013 EAP-pwd Moving Towards a Deployable Standard Site Finder and Service Information Directory eduroam(UK) Technical Specification 1.3 (archived) - superseded by 1.4 eduroam User Troubleshooting Flowchart for IT Support Staff eduroam Administrators Troubleshooting Flowchart NAPTR Record Creation Using Microsoft Windows 2008 R2 DNS Server eduroam Best Practice Pointers FreeRADIUS 2 eduroam Deployment at University of Sussex

Group administrators:

eduroam in Public Buildings and Spaces in City Centres

29 June 2017 at 5:28pm

Not Final

The expansion of the eduroam Wi-Fi service footprint in city centre areas both in public buildings and in public spaces is one of the major objectives of eduroam(UK). Within the current service delivery model for eduroam in the UK this however can only really be achieved with the active support and collaboration of the local government authority. With the government's Superconnected Cities programme now resulting in live public Wi-Fi services in downtown areas, public funding is enabling the dream to become a reality in many cities. To enable eduroam which of course benefits only a subset of the public, to be provided over the new infrastructure, only a small additional financial outlay is required. But to drive the initiative to successful conclusion the key element in many cases will be the involvement of the local university.  

In many Superconnected Cities programmes, local authorities have been awarded DFCMS funding to provide free/low cost public Wi-Fi rather than a 'special Wi-Fi' service for education. Nevertheless eduroam, which benefits a significant proportion of the city's population, can be provided in parallel with free public Wi-Fi at very little cost. And with local university collaboration this cost can be kept to an absolute minimum, not least because the univerity will have the eduroam expertise necessary. The university may even be able to provide the RADIUS coupling/peering for the Wi-Fi contractor’s wireless service AP controllers, although of course this depends on local circumstances.

There are a number of issues that need to be decided and agreement reached on (which are not dissimilar to the issues presented to the provision of eduroam in NHS hospitals):

Who will be funding the Wi-Fi infrastructure?

Who will be responsible for delivering and supporting the infrastructure?

How will power to the APs be provided (and who will be picking up the electricity bill)

How will RADIUS for the eduroam service be provided, who will pay for the kit, who will set them up and who will be responsible for operating the servers?

Internet backhaul

Two important issues to be considered are the connection to the Internet and the IP address space:

Regarding bandwidth, it can be argued that without an eduroam city service, students and researchers would use the city Wi-Fi bandwidth, so the same users connecting to an eduroam city service instead would use similar bandwidth but on the eduroam VLAN. Therefore there is a good case for the eduroam internet feed to go through the city connection. (Normal eduroam Tech Spec constraints apply to this of course). If the local authority is not happy with this, the only alternative is for the traffic to go via the university partner. In these circumstances if local factors dictate that the university is unable to carry the eduroam network traffic this may be a show stopper.

IP space may also be a problematic issue for some universities. If IPv4 space is limited, network address translation is permissible on eduroam network services, but this adds complications and issues may arise at the gateway. Provision of eduroam in public spaces makes for a perfectly justifiable case for the allocation of a larger IP space and this will be supported by eduroam(UK). Alternatively IPv6 addresses may be employed.

RADIUS server provision needs to be decided. As with eduroam in the NHS (although without the complication of the N3 network thankfully) there are two options:

i) The local authority (or it's WISP associate, acting under contract or providing the service as a public sector benefit/differentiating USP) partners with the local university such that the university provides the RADIUS service which then forwards authentication traffic to the eduroam(UK) national RADIUS proxy servers (NRPSs). In this scenario the LA is not required to join eduroam(UK) and the city eduroam service is effectively an extension of the university eduroam service with data traffic from the eduroam VLAN either being directed through the city Internet feed or passed through the university.

ii) The local authority (or it's WISP associate, acting under contract or providing the service as a public sector benefit/differentiating USP) participates directly in eduroam(UK) as a full member and operates its own RADIUS server(s) which handle authentication traffic. These are peered with the eduroam(UK) national RADIUS proxy servers (NRPSs)'s to forward onwards for user authentication. If a WISP is contracted by to provide a Visited Service in a particular town/city where there is only one local university, we would seek to apply the conditions attaching to 'managed (accommodation) service providers' detailed in the Technical Specification. Although the contractual relationship would be with the local authority (although it could be with the local university) the recommendation is for the service provider to form a RADIUS peering relationship with the local university. The aim of this is to reduce essentailly local authentication. 

The scenario (ii) option has the advantage that eligible members of the authority's own staff can make use of eduroam. NB There is nothing to exclude the local university from acting as the issuer of the contract with the WISP. (This may need the agreement of the street furniture/infrastructure of the local authority is utilised).

City Superconnected? Wi-Fi/WISP Public Wi-Fi SSID Buildings, Streets or both Free or charged for Local uni-LA partnership Public internet backhaul SSID Public & eduroam? RADIUS provider eduroam internet backhaul
Aberdeen Yes Pinacl Solutions Aberdeen-city-connect Both Free Yes ? Yes    
Aberystwyth (1) No - town council n/a ?   n/a No   eduroam Ab town council ?
St Andrews No BT WiFi BTWiFi Both Charged Yes BT WiFi   St Andrews St Andrews - Janet
Belfast Yes BT WiFi BefastWiFi Buildings Free No BT WiFi No eduroam    
Birmingham Yes                  
Bristol Yes                  
Brighton and Hove Yes                  
Cambridge Yes but not funding Wi-Fi Cambridge Uni _TheCloud Streets Free Co-operating The Cloud via Janet Yes Cambridge Uni Cambridge Uni - Janet
Cardiff Yes                  
Coventry Yes                  
Derby Yes                  
Derry/Londonderry Yes                  
Edinburgh Yes                  
Glasgow No BT Wifi GlasgowCC WiFi Both Free No BT WiFi No eduroam n/a Captive portal n/a
Hull No KCOM ?    

Not yet

       
Leeds and Bradford Yes aql       Not yet        
London Yes                  
London Borough of Kensington and Chelsea No Khipu ? Buildings ? No ? Coming soon    
Manchester Yes Arquiva _freebee / _busybee Both 30 mins free - Arquiva No n/a Captive portal n/a
Newcastle Yes                  
Newport Yes                  
Oxford Yes BTWiFi Oxford Free Wi-Fi Buildings Free - BTWiFi No n/a Captive portal n/a
Perth Yes                  
Portsmouth Yes Khipu My City WiFi Buildings   Yes   Yes Portsmouth Uni Portsmouth Uni - Janet
Salford Yes                  
York Yes Pinnacl Solutions CityWiFi Both? Free Yes Pinnacl Yes York Uni York Uni - Janet
                     

(1) Aberystwyth Town Council was the first local authority in the UK to become a full member of eduroam(UK). Their eduroam service is at present limited to public buildings although there is the possibility of future provision in public spaces.

 

Comments

Interestingly enough we have been working with Aberdeen City and have deployed Eduroam in several city locations:

http://www.aberdeencity.gov.uk/council_government/shaping_aberdeen/Wi-Fi...

The majority of the funding came from the "Accelerate Aberdeen Super Connected Cities program", with the contract looking after the physical infrastructure in Council areas.

We piggy back on this infrastructure, providing backhaul, radius and IP addresses for the Eduroam users in an Identical model to the way we work with NHSGrampian.