Janet Network Connection Policy
Janet Network Connection Policy
Title: |
Janet Network Connection Policy |
Reference: |
MF-POL-053 |
Issue: |
2.2 |
Document owner: |
John Chapman, Director information security policy and governance |
Authorised by: |
Neil Shewry, Director of networks |
Date: |
2 March 2023 |
Last Reviewed: | 3 April 2024 |
Document control
1. Superseded documents: MF-POL-053 issue 2.1, dated 27 June 2022
2. Changes made: March 2023 minor edits for readability
3. Changes forecast: None
Background
- The Janet Network (“Janet”) is the communications network operated by Jisc Services Ltd (Jisc) to serve UK education, research and other public sector purposes. Its primary purpose is to enable organisations in these communities to fulfil their missions of providing education, research, of supporting innovation, and of civic engagement more widely.
-
This Janet “Connection Policy” defines the conditions under which all such organisations are eligible to connect to Janet, and to use Janet services. It covers two broad categories of organisation: those connecting directly to Janet in their own right (“Connected Organisation”); and those connecting indirectly, as a partner to the directly-connected organisation and with the connection made through the latter organisation’s own connection(s) to Janet (“Partner Organisation”). It also covers the granting of access to Janet to guests visiting an organisation with a Janet connection.
-
This Connection Policy does not address the question of any charges for services that may be levied by Jisc, as the provider of Janet. For further information on these, or advice on the interpretation of this policy, please contact the Jisc Service Desk by email on help@jisc.ac.uk.
-
The Connection Policy does not address the question of the use which may be made of Janet services once organisations are connected to Janet. The following documents referenced by this policy do this and they can be found at ji.sc/policies.
MF-POL-006 – Janet Acceptable Use Policy (Janet AUP)
MF-POL-007 – Janet Security Policy (Security Policy)
Policies superseded by the Connection Policy
-
This Connection Policy supersedes the Janet Eligibility Policy (version 4, April 2016)
Principles underlying the Connection Policy
- Jisc has as its primary purpose the support of the UK’s education and research communities in delivering world-leading education, research and innovation in all its aspects, including the contributions these make to the UK economy and to society more generally. As a consequence, all use of Janet is and will continue to be managed and regulated by Jisc to promote and to safeguard this primary purpose.
- Subject to section 6, and to payment of any applicable charges, any organisation with a physical presence in the UK may in principle connect to and use Janet for any legal purpose, other than where this would be incompatible with Janet’s regulatory status as a private rather than public network (see section 27- 30). Janet is also to a large part publicly funded, so use also needs to be compliant with relevant competition law and state aid regulations (see section 31).
- Once connected, for the purposes of this Connection Policy the organisation concerned is referred to as a “Connected Organisation”.
- A Connected Organisation may subsequently grant access to the Janet IP Connection Service (see Note 1) to another organisation, where to do so falls within the mission of the Connected Organisation. Any organisation granted access in this manner is referred to as a “Partner Organisation”.
- Janet is part of the global internet and as such is interconnected to many other networks for the purpose of communication between users of Janet and users of those other networks, as well as for the consumption of resources located either on Janet or one of the other networks. The interconnection of such a third-party network to Janet is made and maintained free of commercial settlement between Jisc and the operator of the other network. It is an interconnection of peer networks, normally referred to as a peering (see Note 2).
- Peering with a network of this type, and where appropriate, is managed through Jisc’s peering processes, rather than by this Connection Policy. Jisc will at its sole discretion determine whether any request to interconnect a third-party network to Janet is to be classed as a peering and treated accordingly. Where this is not the case, the connection will be governed under the terms of this Connection Policy.
Categories of organisation connected to the Janet Network
- In order to implement the principles, set out in sections 6 - 11 above, any organisation proposing to connect to Janet, whether directly or as a Partner Organisation, is categorised as follows:
12.1 Category 1: Any organisation whose primary purpose is the delivery of state regulated education and/or state regulated research (whether publicly or privately funded); and where its regulation derives from one or more of the Jisc core funding bodies (see Note 3). This category includes, but is not limited to:
- universities and colleges of higher or further education, including all providers of higher education registered with the Office for Students;
- the establishments, laboratories and institutes of UK Research and Innovation and its constituent Research Councils;
- those bodies, statutory or otherwise, involved in the state regulation of education and/or research;
- any organisation which is formally a member of Jisc as defined in Jisc’s articles of association, irrespective of whether that organisation would in any case be included by virtue of its primary purpose.
12.2 Category 2: Any organisation whose primary purpose in connecting to Janet is the delivery of commercial services to others connected to Janet.
12.3 Category 3: Any other organisation, whatever its primary purpose, provided that its connection to and use of Janet is compatible with the principles and constraints set out in section 6 above. This includes, but is not limited to:
- schools, academies, museums, learned societies, charities and other organisations involved in education or research that do not by their regulatory status fall into Category 1;
- local, central and devolved government and their delivery partners utilising Janet in their delivery of public services and their other activities for the public good;
- health and social care organisations;
- Any organisation that a Connected Organisation requires to connect to support civic engagement (see Note 4).
- Jisc itself, and any of its wholly or partially-owned subsidiaries, may also use Janet for the delivery of services to its membership and to others, and for any other mission or business purpose approved by its trustees.
Becoming a Connected Organisation
- Permission to connect to and use Janet as a Connected Organisation is granted by Jisc and is in principle available to all categories of organisation as set out in sections 12 and 13 above.
- The process for connection will depend upon whether there is a grant-funded or other collective arrangement in place with Jisc for this purpose (as is the case for organisations in Category 1); or whether it is being provided on an individual, tariffed basis between Jisc and the organisation requesting a connection. This latter is normally the case for an organisation in either Category 2 or Category 3. The Jisc Service Desk can advise on the appropriate route. Please contact them via email at help@jisc.ac.uk, explaining in brief the rationale for eligibility of your organisation and the category in which your organisation sits.
Connecting a Partner Organisation to the Janet Network
- When considering whether to grant a potential Partner Organisation access to Janet, the Connected Organisation should first conduct its own assessment of the status of the partner, using the categorisation set out in section 12.
- If the Connected Organisation’s assessment is that the potential Partner Organisation falls into Category 1 (section 12.1) or Category 2 (section 12.2), then it is not permissible to grant access in this way. If the organisation concerned nevertheless wishes to be provided with a connection to Janet it should do so by applying directly to Jisc.
- If the Connected Organisation’s assessment is that the potential Partner Organisation falls into Category 3 (section 12.3), then it is free to do so, subject to considerations of appropriateness and capacity. If for any reason the Connected Organisation is uncertain of its assessment, the Jisc Service Desk can advise as necessary. Please contact them via email at help@jisc.ac.uk.
- Before proceeding with connection of an eligible potential Partner Organisation, the Connected Organisation should also assess carefully whether providing this access is more generally appropriate to its own mission and reputation; whether the onward connection can be adequately resourced and supported; and whether any risks involved can be managed appropriately (see Note 5).
- By granting a Partner Organisation access to Janet, the Connected Organisation is also granting part of the capacity (bandwidth) of its own connection, the current capacity of which will have been determined based on its own activities. The potential implications of this should also be assessed carefully (see Note 6).
- Jisc recognises that it is not feasible in this Connection Policy to cover all possible circumstances under which a Connected Organisation might wish to grant access to another organisation. For this reason, it may from time to time agree with a Connected Organisation an individual exception based on a particular circumstance, provided that this agreement is made prior to access being granted to the Partner Organisation.
Managing a Partner Organisation’s connection to the Janet Network
- All access by Partner Organisations to the Janet IP Connection Service must be provided via the Connected Organisation’s own Janet IP Connection(s) to Janet. Similarly, all support must be provided via the Connected Organisation’s own support services, as the Jisc Service Desk and other support services are not available directly to the Partner Organisation. Other than with the prior agreement of Jisc, a Connected Organisation may only provide a Partner Organisation with access to the Janet IP Connection Service.
- The Connected Organisation also becomes responsible for compliance of its Partner Organisation with the Janet Acceptable Use and Janet Security Policies. Should there be a persistent breach of either or both of these policies which is not resolved in a timely manner by the Connected Organisation, Jisc may either suspend or withdraw the Connected Organisation’s access to the Janet IP Connection Service.
- A Partner Organisation receiving access to the Janet IP Connection Service may not itself provide onward access to other organisations. It is the Connecting Organisation’s responsibility to ensure that this condition is passed onto the Partner Organisation, and subsequently enforced if necessary.
Providing guests with access to the Janet Network
- A Connected Organisation or any of its Partner Organisation(s) may choose to provide access to Janet services to guests from other education, research or public-service organisations using either or both of the eduroam or Govroam services, where the Connected Organisation or Partner Organisation is a member of one or both of these roaming federations. The rules and procedures of the relevant federation will then apply.
- Otherwise, a Connected Organisation or any of its Partner Organisation(s) may provide access to Janet to any of their guests visiting for purposes associated with the mission or business purposes of the relevant organisation. The Connected Organisation will be responsible for compliance with the Janet Acceptable Use and Janet Security Policies by its or its Partner Organisation’s guests’ use of Janet, irrespective of their organisational affiliation or status.
Private network status and responsibility for regulatory compliance
- Janet is regulated as a private network in terms of the Communications Act 2003, on the basis that it does not provide communications services to members of the public. This means that it is not available to individual users other than via permission given by the Connected Organisation or one of its Partner Organisation(s) and based upon the individual’s formal status within that organisation. Status will normally be based on either employment or enrolment, or on standing as a recognised guest as set out in sections 25 and 26 above[1].
- Where the individual does not demonstrably have that standing, their use of Janet would appear to be as a member of the public, and therefore potentially leading to a question of Janet’s status as a private network. For this reason, all use of Janet by such individuals must be managed in a manner as to ensure that any regulatory challenge of this nature can be defended if necessary. This will require the Connected Organisation (and any Partner Organisation involved) to maintain appropriate technical and operational arrangements; and if necessary, to be able to demonstrate to Jisc that these are in place (see Note 7).
- Janet is also not available for any use by any organisation in any other manner that could lead to it being classed by Ofcom or another UK regulator as a public internet service provider.
- Should the activities of a Connected Organisation or any of its Partner Organisations result in its own network being classed as a public network by Ofcom or another UK regulator, the Connected Organisation will then become responsible for ensuring that no additional regulatory requirements fall upon Janet. Failure to do so could constitute a breach by the Connected Organisation of the Janet Acceptable Use Policy.
Public funding and state aid considerations
- Janet is a publicly funded network and many Connected Organisations are also publicly funded in whole or large part. There is therefore a risk that a Connected Organisation in providing the Janet IP Connection Service to a Partner Organisation might contravene state aid regulations, particularly where either or both are considered to be acting as an “economic undertaking”. Each Connected Organisation is responsible for its own compliance with these regulations and owns the risks associated with non-compliance.
[1] Where either eduroam or govroam is being used to provide a guest with access to the Janet Network, the authentication mechanisms of these federations will ensure this status without specific action by the hosting organisation.
Explanatory notes
Note 1: The Janet IP Connection Service allows a Connected Organisation to connect to any other organisation connected to Janet; to organisations connected to other national research and education networks across the world; and to the global internet more generally. It is the principal but not the only connectivity service provided by Janet. See the connectivity services section of the Jisc website for details of the Janet IP Connection Service and other connectivity services that are available: www.jisc.ac.uk/connectivity.
Note 2: The term ‘peering’ implies that each of the parties involved has determined that there is sufficient mutual benefit in interconnection of their networks, without the need for a commercial settlement of any charges that would otherwise be applied for the carrying of one party’s traffic on the other party’s network. This reduces administration and therefore cost and is a widely-adopted model within the internet industry.
Broadly, a peering in the UK will be between networks of similar reach and size of user base. For example, Janet peers bilaterally with the UK-scale public internet service providers and content providers; and with the UK presences of the large multi-international cloud service providers, content providers and content-delivery networks. It maintains sufficient capacity and resilience on the interconnections involved to ensure that users of Janet can rely upon these for business-critical activities. Janet also peers at public internet exchanges in London, Manchester and elsewhere. In these cases, no special attention is given to capacity and reliability above reasonable endeavours. More information on peering can be found on the Jisc website: www.jisc.ac.uk/janet
Note 3: The Jisc core funding bodies at the date of issue of this Connection Policy are: the Office for Students; UKRI (through Research England); the Department for Education (England); the Scottish Funding Council; the Higher Education Funding Council for Wales; the Welsh Government; and the Department for the Economy (Northern Ireland). More information can be found on the corporate governance section of the Jisc website: www.jisc.ac.uk/about/corporate/structure-and-governance
Note 4: Jisc has a long history of supporting Connected Organisations in their strategic management of relationships with commercial, public sector, cultural, social and civic organisations, in order to deliver services which benefit the economy and society. Previously known as business and community engagement, but now more commonly referred to as civic engagement, Jisc permits a Connected Organisation to share some of their Janet network connection bandwidth with an eligible Partner Organisation. This permission is subject to the terms described within this Connection Policy. The eligibility of a Partner Organisation to be connected in this way must be reviewed on an annual basis or when there is a change in the relationship between the Connected Organisation and the Partner Organisation to ensure the ongoing appropriateness of the agreement. If, upon review, the Partner Organisation is no longer eligible as set out in sections 12-13, then connection to the Partner Organisation must be terminated.
Note 5: There are three main considerations as to what might constitute an “appropriate” partner organisation to which to provide the Janet IP Connection Service. The first concerns behaviour and consequently reputational risk. Any organisation using Janet must do so within the terms of the Janet Acceptable Use Policy and the Janet Security Policy. These policies are designed to protect Janet and its user base from operational, reputational or possibly legal disruption or damage.
It will be incumbent upon the Connected Organisation to ensure that all of its partners to whom it has provided a connection to Janet do act within these policies, as any breach would be treated in the same way as a breach by one of the Connected Organisation’s own members. This is best provided for via a legal agreement between the Connected Organisation and its Partner Organisation and which sets out what will happen should the Partner Organisation be in breach of these policies.
The second consideration is whether the Connected Organisation would wish to provide Janet services to the partner in the first place i.e. is it consistent with the mission and reputation of the Connected Organisation? The test for this might be whether, if Janet was not available for the purpose, would the Connected Organisation nevertheless provide the services using a commercial network provider instead? If the answer is “yes”, then it should be possible to do so using Janet, subject to the regulatory and state aid constraints outlined in sections 27 through to 31.
The third and final consideration is whether the Connected Organisation has the resources to provide and support the Partner Organisation’s use of Janet. This applies not only to the support effort involved (e.g. through the Connected Organisation’s IT services help desk and its network security team), but also in terms of the Janet bandwidth likely to be consumed by the Partner Organisation.
Note 6: Potential use of the Connected Organisation’s Janet bandwidth is of particular relevance for an organisation which receives its Janet connection via subscription to Jisc, rather than via a charge (tariff) that is proportional to the amount of bandwidth provided. A subscription entitles the Connected Organisation to as much Janet bandwidth as it reasonably needs to fulfil its mission, irrespective of subscription paid. Jisc is responsible for deciding this level of bandwidth, which it does by assessing both current consumption and likely future need. Jisc reserves the right to request details of their Partner Organisation(s) and for the Connected Organisation to disclose the proportion of its overall Janet usage that is accounted for by the activities of its Partner Organisation(s). Jisc needs to maintain fairness to all subscribers as to access to the extensive but ultimately finite bandwidth resources of Janet. If it concludes that use of a Connected Organisation’s bandwidth by its Partner Organisation(s) is disproportionately high compared to other subscribers’ behaviours, it may either decline to upgrade the Connected Organisation’s bandwidth where it might otherwise do so; or it may levy a charge for the proportion of the bandwidth it determines is being used to support Partner Organisations. For this reason, a Connected Organisation should consider providing Janet access only to those Partner Organisations who have relatively modest bandwidth demands, as well as fitting the other criteria above. If a potential partner requires high-capacity access to the Janet IP Connection Service, it would be best served by an individual connection provided directly by Jisc.
Note 7: Typical examples of individuals who could be regarded as members of the public include those using wifi access to a Connected Organisation’s campus network from a public venue or public event organised on the campus; or those provided with similar access as part of a purely commercial arrangement such as the letting of rooms in student halls of residence outside term time or the hire of conference facilities for events not otherwise associated with the Connected Organisation’s business.
Providing internet access to members of the public involves a number of formal regulatory requirements which might be considered good practice on a private network but are not mandatory. Such requirements may include authenticating users and keeping records of their activity in accordance with the Data Retention and Acquisition Regulations 2018 as well as protecting the privacy of users in accordance with the Investigatory Powers Act 2016 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. Breach of these requirements on a public network may constitute a criminal offence.
Ensuring that Janet is not subject to these requirements will require either that the traffic from members of the public is directed to a public internet service provider (ISP) network rather than to Janet or, if it is carried over Janet, that it is segregated from other Janet traffic when in transit between the Connected Organisation’s public network and the public internet. The agreement between the connected organisation and the public ISP must ensure the following technical measures for routing traffic are in place:
- All members of the public are authenticated either by the Connected Organisation or the public ISP;
- All traffic from members of the public is carried through an encrypted tunnel across Janet to the public ISP;
- All traffic from members of the public is identified as originating from the public ISP, not from Janet, Jisc or the Connected Organisation. The Jisc Guest and Public Network Access factsheet provides further advice on this; and
- The Connected Organisation and public ISP, not Jisc, are responsible for compliance with laws applicable to public access.