SHORT DESRIPTION OF THE SERVICE
This service makes it easy to authenticate and admit guest users (of different institutions within the Eduroam community) to the University Network of the Erasmus University Rotterdam (EURnet) via the wireless and plug-in HotSpOts.
OVERVIEW OF PARTICIPATING INSTITUTIONS IN THE NETHERLANDS
This is done via 802.1x/EAP RADIUS requests, making use of the SURFnet RADIUS infrastructure and the joint RADIUS infrastructures of the institutions connected to Eduroam. The guest institution can provide services to the guest user following authentication, providing access to, for instance, the university transport infrastructure and the SURFnet/Internet.
Students and employees of other institutions that are not part of the EUR community are able to use the wireless and plug-in transport facility of the EUR for SURFnet/Internet access when they visit the EUR in the framework of study or work. The latter permits any parties involved to consult services on the Internet. If the home institution of the employee or student supports VPN access, they can approach specific services that only open the home institutions for employees and students. In addition to the basic transport infrastructure, the guest institution (in this case the EUR) can make supplementary services available to the guest users for which no specific authorisation is necessary. On the other hand, EUR students and employees on location at another institution that participates in Eduroam will themselves be able to gain access, as guests, to the wireless network of the host institution on the basis of their ERNA credentials.
HOW IT WORKS
The access authentication for Eduroam is made via a multi-stage model of RADIUS-servers, in which the guest user authenticates himself via an 802.1x/EAP RADIUS request. For authentication of guest users, the institution can forward the 802.1x/EAP RADIUS-requests via the local RADIUS infrastructure to the SURFnet Eduroam RADIUS- infrastructure for further processing. This infrastructure will put out the request to the RADIUS-server/proxy of the home institution of the relevant user. This is done on the basis of an institution-specific component in the name of the user. Therefore, the requirement for the user name format is that it ends with '@instelling.nl' (in which the institution is the home institution of the user), the so-called REALM (Note: the realm part will remain when the RADIUS-request is forwarded to the RADIUS-server/proxy of the institution).
A check is subsequently made at the RADIUS-server/proxy of the home institution to see whether the relevant person is authorised to use SURFnet. If this is the case, the RADIUS-server/proxy of the home institution will provide this information to the RADIUS-server/proxy of the guest institution (again via de SURFnet RADIUS-proxy). The guest institution can subsequently provide the user with access to the university transport infrastructure and the SURFnet/Internet.
VIRTUAL PRIVATE NETWERK (VPN)
De op de HotSpOt transportinfrastructuur van de instelling toegelaten gebruikers kunnen een Virtueel Private Netwerk (VPN) verbinding opzetten naar het IP-netwerk van hun eigen instelling. Virtueel wordt de PC van de gastgebruiker dan gekoppeld aan het instellingsnetwerk van de gastgebruiker. Dit betekent dat de gastgebruiker een IP-adres krijgt van de thuisinstelling en hij/zij de door de thuisinstelling geboden services en diensten kan benaderen. Voorwaarde is dat de thuisinstelling het opzetten van een VPN-verbinding technisch mogelijk heeft gemaakt
VIRTUAL PRIVATE NETWORK (VPN)
Users given access to the HotSpOt transport infrastructure of the institution can set up a Virtual Private Network (VPN) to connect with the IP network of their own institution. In that case, the PC of the guest user is linked to the network of the guest user’s institution. This means that the guest user is given an IP address of the home institution and that (s)he can contact the services and offices provided by the home institution under the condition that the home institution has made initiating a VPN link technically possible.
MORE INFORMATION ABOUT EDUROAM
The Eduroam initiative is growing nationally and internationally. The number of institutions connected to it continues to grow. More information about Eduroam on the national level can be found at http://www.eduroam.nl/ , http://www.surfkit.nl/ and the international branch at http://www.eduroam.org/