Govroam

The Roaming solution for the public sector

User Tools

Site Tools

You are here: start » jisc » fourth_nrps
jisc:fourth_nrps

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
jisc:fourth_nrps [2018/05/17 08:29] adminjisc:fourth_nrps [2018/07/10 07:25] (current) – [Home (fully boarded) sites:] admin
Line 3: Line 3:
 ======Fourth NRPS - Go-Live 9am on 10th July 2018====== ======Fourth NRPS - Go-Live 9am on 10th July 2018======
 ====Summary==== ====Summary====
-In an effort to provide better resilience Jisc are adding a fourth RADIUS server to act as a National RADIUS Proxy Server (NRPS). This will be located at our Leeds data centre along side the third NRPS. In event of a data centre failure there will be at least two NRPS still available.  +In an effort to provide better resilience Jisc are adding a fourth RADIUS server to act as a National RADIUS Proxy Server (NRPS). This will be located at our Leeds data centre along side the third NRPS. In event of a data centre failure there will be at least two NRPS still available, which is still resilient because only one NRPS is required to handle to load
-[{{:jisc:fourthnrps.png?400|Caption}}] +[{{:jisc:fourthnrps.png?400|New Topology. Green lines indicate new relationships}}] 
-====Requirements====+==== Home (fully boarded) sites:==== 
 +===Requirements=== 
 Each of the NRPS is entirely independent and each has all sites configured as clients and proxies. If a NRPS was missing the configuration for a site then it would not be able to proxy authentication requests from, or to, that site.  Each of the NRPS is entirely independent and each has all sites configured as clients and proxies. If a NRPS was missing the configuration for a site then it would not be able to proxy authentication requests from, or to, that site. 
 The same will apply to the fourth NRPS in that before any site can use it, all sites must be configured on it. The implication is that the fourth NRPS will not be ready to use until ALL sites have it configured and if any sites tries using it prematurely then authentication requests will fail if sent to that NRPS. The same will apply to the fourth NRPS in that before any site can use it, all sites must be configured on it. The implication is that the fourth NRPS will not be ready to use until ALL sites have it configured and if any sites tries using it prematurely then authentication requests will fail if sent to that NRPS.
-Note: Only RADIUS servers (RRPS if you're a Federations, ORPS is connecting individually) directly connected to Jisc are affected by this change. + 
-====Plan==== +**Note: Only RADIUS servers (RRPS if you're a Federations, ORPS is connecting individually) directly connected to Jisc are affected by this change.** 
-It is expected that the connected sites add th new configuration on, or before the Go-Live date. Depending on the site, their software and their policy each site will decide whether to configure the new NRPS in advance of the date or on the date i.e. if it's not feasible to add the configuration in such a way that it's resident but inactive then configuring on the day is the alternative. +===Plan=== 
-====Method====+It is expected that the connected sites add their new configuration on, or before the Go-Live date. Depending on the site, their software and their policy each site will decide whether to configure the new NRPS in advance of the date or on the date i.e. if it's not feasible to add the configuration in such a way that it's resident but inactive then configuring on the day is the alternative. 
 +===Method====
 Jisc will communicate with each connected site (RFO or individually connected organisation) and supply them with the appropriate details (additional shared secrets and the address of the fourth NRPS) to be added to their RRPS or ORPS.  Jisc will communicate with each connected site (RFO or individually connected organisation) and supply them with the appropriate details (additional shared secrets and the address of the fourth NRPS) to be added to their RRPS or ORPS. 
-Sites can then choose to add the configuration in a dormant state or to wait until the go-live date and do it then.+Sites can then choose to  
 + 
 +a) add the configuration in a dormant state and activate at the Go-Live date and time OR, 
 + 
 +b) to wait until the Go-Live date and time and do it then. 
 + 
 +The Fourth NRPS will be live for the duration so that sites can test their configuration, set up any monitoring etc. but, and this point can not be over-stressed, **any live authentication requests to that NRPS before the Go-Live date are likely to return a Reject**, rendering the user unable to connect.  
 + 
 +Testing of your local accounts can be done through [[https://utilities.govroam.uk/cgi-bin/radius_test.pl|RADIUS EAP Tester]] 
 +==== Visited Only sites:==== 
 + 
 +Because Visited Only sites are only sending authentication requests to the NRPS you should wait until after the Go-Live date, when all the receiving (Home) sites are live, before applying your new configuration.  
 + 
 +====Questions?====
  
-The Fourth NRPS will be live for the duration so that sites can test their configuration, set up any monitoring etcbut, and this point can not be over-stressed, any live authentication requests to that NRPS before the Go-Live date are likely to return a Reject, rendering the user unable to connect+Please contact <govroam@jisc.ac.uk> if you have any questions.
jisc/fourth_nrps.1526545781.txt.gz · Last modified: 2018/05/17 08:29 by admin