This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
public:faq [2018/07/13 12:34] admin |
public:faq [2019/10/25 08:30] admin [Technical] |
||
---|---|---|---|
Line 7: | Line 7: | ||
A: Contact < | A: Contact < | ||
- | The {{ :public:171005_gov011_govroam_full_boarding_form_v2.0.docx |Full Boarding | + | The {{ :public:20180815_full_boarding_v3.0_gov011.docx |full boarding |
- | < | + | Once we have properly completed forms then we'll sort out the appropriate payments, shared secrets for RADIUS servers, access to the CAT, the Govroam App, subscribe you to the support mailing lists and add your support details to our Support Matrix. |
- | "Dear Sir/ | + | |
- | + | ||
- | Re: Govroam | + | |
- | + | ||
- | Please accept this letter as authority of behalf of <insert organisation here> for the provision of the Govroam service over our network infrastructure as a full member. | + | |
- | + | ||
- | Your faithfully, | + | |
- | + | ||
- | < | + | |
- | </ | + | |
- | + | ||
- | scan it to a PDF and send it to < | + | |
- | + | ||
- | Submit the form back to us, and then we'll sort out the appropriate payments, shared secrets for RADIUS servers, access to the CAT, the Govroam App, subscribe you to the support mailing lists and add your support details to our Support Matrix. | + | |
===Q: We're a public sector organisation and would like to join Govroam as a Visited Only site, what are the next steps?=== | ===Q: We're a public sector organisation and would like to join Govroam as a Visited Only site, what are the next steps?=== | ||
Line 29: | Line 15: | ||
A: Contact < | A: Contact < | ||
- | The {{ :public:170921_gov012_govroam_visited_only_form_v2.0.docx |Visited Only Boarding form}} needs filling out completely. It asks for contact information, | + | The {{ :public:20180820_visited_boarding_v3.0_gov012.docx |Visited Only Boarding form}} needs filling out completely. It asks for contact information, |
< | < | ||
Line 47: | Line 33: | ||
Submit the form back to us, and then we'll sort out the shared secrets for RADIUS servers, the Govroam App, subscribe you to the support mailing lists and add your support details to our Support Matrix. | Submit the form back to us, and then we'll sort out the shared secrets for RADIUS servers, the Govroam App, subscribe you to the support mailing lists and add your support details to our Support Matrix. | ||
- | ===Q: We're a University that wants to implement Govroam as a Visited Only service. What do we have to do?=== | + | ===Q: We're a University/Third Party that wants to implement Govroam as a Visited Only service. What do we have to do?=== |
A: There are three things to do: | A: There are three things to do: | ||
- Take your existing eduroam configuration, | - Take your existing eduroam configuration, | ||
- | - Download the {{ :public:170921_gov012_govroam_visited_only_form_v2.0.docx |Visited Only Boarding form}}, fill it out and send it back to < | + | - Download the {{ :public:20180820_visited_boarding_v3.0_gov012.docx |Visited Only Boarding form}}, fill it out and send it back to < |
- | - Have your Director of IT (or someone suitably senior) write a brief letter of authorisation along the lines of | + | - Have your Director of IT (or someone suitably senior) write a brief letter of authorisation, on corporate headed paper, |
< | < | ||
"Dear Sir/Madam, | "Dear Sir/Madam, | ||
Line 77: | Line 63: | ||
===Q: What's the relationship between Govroam and eduroam? Do I need one to have the other or do I have to have both?=== | ===Q: What's the relationship between Govroam and eduroam? Do I need one to have the other or do I have to have both?=== | ||
- | A: They' | + | A: They' |
Thus it's possible to have neither, either or both. | Thus it's possible to have neither, either or both. | ||
- | If you already run eduroam (i.e. a University) then adding Govroam is easy (and free). Essentially you need to duplicate your wireless and RADIUS configurations and request the shared secret details from JISC. | + | If you already run eduroam (i.e. a University) then adding Govroam is easy (and free). Essentially you need to duplicate your wireless and RADIUS configurations and request the shared secret details from JISC. This may require separate infrastructure (normally different RADIUS server VMs) or could be done on shared systems. |
+ | |||
+ | It's not possible for people with eduroam accounts to authenticate using Govroam, or vice versa. We encourage sites with eduroam to run Govroam Visited Only and Govroam sites to to eduroam Visited Only, for maximum coverage. | ||
===Q: Which should I have?=== | ===Q: Which should I have?=== | ||
Line 120: | Line 108: | ||
A: Following on from the above question: between zero and a lot. If you have a spare piece of hardware, or can create a VM at no cost then installing a linux variant and FreeRADIUS would cost nothing. As would adding the ORPS capability to an existing RADIUS configuration. If you have to buy hardware then £500-1000 should cover the cost of a suitable Dell server. If you want to purchase RADIUS software such as Clearpass then you'll have to talk to a reseller as the licences can be complex. Even a reasonably sized hospital ought to be able have something for under £5,000 though. The final costs with depend on a number of factors which are site specific. | A: Following on from the above question: between zero and a lot. If you have a spare piece of hardware, or can create a VM at no cost then installing a linux variant and FreeRADIUS would cost nothing. As would adding the ORPS capability to an existing RADIUS configuration. If you have to buy hardware then £500-1000 should cover the cost of a suitable Dell server. If you want to purchase RADIUS software such as Clearpass then you'll have to talk to a reseller as the licences can be complex. Even a reasonably sized hospital ought to be able have something for under £5,000 though. The final costs with depend on a number of factors which are site specific. | ||
- | ==Q: What do I do with users once they' | + | ===Q: What do I do with users once they' |
A: You can make this as simple or as complex as you wish. There is a minimum service level associated with govroam but it's not particularly restrictive. At the simplest level govroam Visitors to your site need a network segment separate from other users, a basic set of open ports (such as web and VPN) and some bandwidth. | A: You can make this as simple or as complex as you wish. There is a minimum service level associated with govroam but it's not particularly restrictive. At the simplest level govroam Visitors to your site need a network segment separate from other users, a basic set of open ports (such as web and VPN) and some bandwidth. | ||
Line 161: | Line 149: | ||
* Aruba Clearpass (commerical, | * Aruba Clearpass (commerical, | ||
radsecproxy is purely a proxy whereas the others can also integrate with data stores for authentication. Other RADIUS servers may also meet the requirements. | radsecproxy is purely a proxy whereas the others can also integrate with data stores for authentication. Other RADIUS servers may also meet the requirements. | ||
+ | |||
+ | ===Q: As a Federation what process should we follow when Onboarding sites?=== | ||
+ | |||
+ | A: | ||
+ | - For each site gather the details of their RADIUS server(s), realm(s) and a technical contact. This would include IP address(es)/ | ||
+ | - Configure your RRPS for the above, generating suitable shared secrets. The configuration should, obviously, include the client/ | ||
+ | - Share these shared secrets and the details of your RADIUS server with the site technical contact, securely. | ||
+ | - The site should then configure their end. | ||
+ | - RFO should then provide Jisc with the following information about the site (This is all put onto our wiki and made available to all sites for troubleshooting, | ||
+ | - Realm(s) | ||
+ | - Name and location of the site | ||
+ | - Name, position, email and phone number of the technical contact for the site | ||
+ | - Help desk (website, phone number, openings times) for the site. | ||
+ | - The site can then test outgoing connectivity either using credentials supplied by the Federation, or the ones provided by Jisc. Incoming connectivity can be tested using the website provided by Jisc with local site credentials. | ||
+ | - The site is provided with a login to Jisc's App site so that they can populate Govroam locations on a map. | ||
+ | |||
+ | This {{ : |